This post is by a banned member (tomi243) - Unhide
OP 28 March, 2022 - 05:17 PM
Reply
Hidden Content
You must
register or
login to view this content.
How to use this
How to use thisInject the dumper into the loader ( x86 ).
- Let the loader try to inject (manual map) the binary into the target process.
- Watch how the binary is being exported.
Configuration
Variables ( dllmain.cpp - DllMain ).
- bool
- bConsole
- true - shows you the debug console
- false - hides the debug console
- bLogConsole
- true - log the debug output to a file and not to the comnsole
- false - don't log anything and let everything be as it was
Tip
The second VirtualAllocEx (and the next WriteProcessMemory after it) is/are called just for loader' stub, it/they isn't/aren't useful on its/their own at all.
These last 2 files are not part of the binary as they are loader' stub!!!
![[Image: 144725498-c79a2d9e-da6e-44ba-911f-94105af5d449.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fuser-images.githubusercontent.com%2F68382500%2F144725498-c79a2d9e-da6e-44ba-911f-94105af5d449.png)
Screenshots
Show ContentSpoiler:
![[Image: 144724541-0b7221b4-a81f-45d1-b94f-a9cae82d8d89.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fuser-images.githubusercontent.com%2F68382500%2F144724541-0b7221b4-a81f-45d1-b94f-a9cae82d8d89.png)
Dump process:
![[Image: 144724914-d5e379b3-7196-47a4-8c2a-e95ed38c61f1.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fuser-images.githubusercontent.com%2F68382500%2F144724914-d5e379b3-7196-47a4-8c2a-e95ed38c61f1.png)
File output:
![[Image: 144724941-ec1111b5-83a8-4fcb-9869-8e0f98fc188a.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fuser-images.githubusercontent.com%2F68382500%2F144724941-ec1111b5-83a8-4fcb-9869-8e0f98fc188a.png)
LEAVE A LIKE PLEASEEEE
Stay Hyped!!!
This post is by a banned member (dmc_sys) - Unhide
29 March, 2022 - 09:29 PM
Reply
This post is by a banned member (Protoliumo) - Unhide
05 April, 2022 - 02:15 AM
Reply
nice one! Cant wait to try this one out
This post is by a banned member (Petra123) - Unhide
06 April, 2022 - 02:23 AM
Reply
This post is by a banned member (Alexchoo14) - Unhide
06 April, 2022 - 12:05 PM
Reply
(28 March, 2022 - 05:17 PM)tomi243 Wrote: Show MoreHow to use this
How to use thisInject the dumper into the loader ( x86 ).
- Let the loader try to inject (manual map) the binary into the target process.
- Watch how the binary is being exported.
Configuration
Variables ( dllmain.cpp - DllMain ).
- bool
- bConsole
- true - shows you the debug console
- false - hides the debug console
- bLogConsole
- true - log the debug output to a file and not to the comnsole
- false - don't log anything and let everything be as it was
Tip
The second VirtualAllocEx (and the next WriteProcessMemory after it) is/are called just for loader' stub, it/they isn't/aren't useful on its/their own at all.
These last 2 files are not part of the binary as they are loader' stub!!!
Screenshots
Show ContentSpoiler:
Dump process:
File output:
LEAVE A LIKE PLEASEEEE
Stay Hyped!!!
ty
This post is by a banned member (osuruk2) - Unhide
26 April, 2022 - 02:19 AM
Reply
This post is by a banned member (xIamGODx) - Unhide
06 May, 2022 - 01:20 PM
Reply
(28 March, 2022 - 05:17 PM)tomi243 Wrote: Show MoreHow to use this
How to use thisInject the dumper into the loader ( x86 ).
- Let the loader try to inject (manual map) the binary into the target process.
- Watch how the binary is being exported.
Configuration
Variables ( dllmain.cpp - DllMain ).
- bool
- bConsole
- true - shows you the debug console
- false - hides the debug console
- bLogConsole
- true - log the debug output to a file and not to the comnsole
- false - don't log anything and let everything be as it was
Tip
The second VirtualAllocEx (and the next WriteProcessMemory after it) is/are called just for loader' stub, it/they isn't/aren't useful on its/their own at all.
These last 2 files are not part of the binary as they are loader' stub!!!
Screenshots
Show ContentSpoiler:
Dump process:
File output:
LEAVE A LIKE PLEASEEEE
Stay Hyped!!!
thanksss <33
This post is by a banned member (Alowo69) - Unhide
07 May, 2022 - 11:15 PM
Reply
