Search the Community
Showing results for tags 'pezor:'.
-
The phases of the development that will be described in detail are: set up the development environment with Mingw-w64 and LLVM shellcode injection with syscall inlining via NTDLL in-memory scraping (x86-64 only) user-land hooks removal from in-memory NTDLL to retrieve correct syscall numbers upgrade the shellcode injector to a full PE packer with Donut ensure the produced shellcode is always different at each build with sgn ensure the compiled loader is always different at each build with LLVM obfuscation implement some simple anti-debug tricks for the initial loader For the details of the techniques, please read the blog. [hide][Hidden Content]]