here is another one of my bad tools a full confuserex unpacker versions 0.5.0 above
had a dynamic one sitting in my github as a personal tool for ages
decided to release it but i know many users have a shit fit about tools that invoke so i decided to add a static mode quickly
code is bad throughout copied code from many different projects i have and put it all into one
i was just going to fix nofuserex on codeshark github but since it needed a big overhaul for many features i decided to just put it into a new tool
has a static and a dynamic mode
static is better but less reliable
dynamic more reliable but uses invoke potentially bad for malware
this should work for VANILLA confuserex files i can't stress that enough
if your file fails in either mode send me the file i
if its not vanilla confuserex i wont even attempt to fix your file
basically i couldn't care less about a modified file that doesnt work
could potentially be a bug with static strings havent come across a file with it yet but by just looking at my code i can almost guarentee there is
Author/Credits :
SHADOW - PCRET for his anti tamper code and his static packer decryption routine was clever reliable and saved me coming up with my own
Proxy - control flow - helped me lots on this as stated in my confuserex control flow tool
0xd4d - dnlib de4dot obviously
Codeshark for his isantitampered and ispacked( yet again i know copy and pasting code my bad)
发表于 2017-6-13 15:24
