Confuser.Protections.HoLLy
Confuser.Protections.HoLLy copied to clipboard
holly-hacker
Extra protection modules for ConfuserEx
I've seen this in practice before. Hollowing an external or the own process would be a neat packer. For more see [this](http://www.autosectools.com/Process-Hollowing.pdf). **EDIT:** This seems to be called RunPE.
``` [ERROR] Unknown error occurred. Exception: System.NullReferenceException: Object reference not set to an instance of an object. at Confuser.Protections.HoLLy.AntiMemoryEditing.MemoryEditInjectPhase.Execute(ConfuserContext context, ProtectionParameters parameters) in C:\Users\Ro\Visual Studio 2017\Projects12\AntiMemoryEditingPlugin\AntiMemoryEditingPlugin\AntiMemoryEditingPlugin\MemoryEditInjectPhase.cs:line 43 at Confuser.Core.ProtectionPipeline.ExecuteStage(PipelineStage stage,...
Right now MemoryProtection uses [implicit operators](https://github.com/HoLLy-HaCKeR/Confuser.Protections.HoLLy/blob/master/Confuser.Protections.HoLLy.Runtime/AntiMemoryEditing/ObfuscatedValue.cs#L20) to normal values to obfuscated values. Using methods instead of implicit operators adds an additional bit of obfuscation.
Calling name.Analyze on one of the types returned from the type injection results in a null reference exception somewhere in VTable analyzer code.
Fix typo: Change Fake Obfsucator: > ### Fake Obfsucator to "Fake Obfuscator": > ### Fake Obfuscator
