Thread Rating:
- 0 Vote(s) - 0 Average
- 1
- 2
- 3
- 4
- 5
Share Post:
Anti-Reversing - Anti-Dump Trick "Header Erase"
|
Posts: 8,755
Threads: 4,248
Thanks Received: 11,373 in 4,808 posts
Thanks Given: 33,610
Joined: Jan 2016
Reputation:
196
Published on Jul 15, 2017
I showcase a minimal FASM sample that prevents memory dumping. It erases its own header in memory so that dumping tools don't see a valid PE image anymore.
Follow me on Twitter: @struppigel
headererase.asm: https://pastebin.com/qVZiCpHM
Compile it with FASM: https://flatassembler.net/download.php
headererase.exe: https://www.hybrid-analysis.com/sampl...
|
Possibly Related Threads… |
Thread |
Author |
Replies |
Views |
Last Post |
|
Reverse engineering PopUnder trick for Chrome 60 |
baziroll |
0 |
2,162 |
08-13-2017 , 12:51 AM
Last Post: baziroll
|
|
Malware Analysis - PortexAnalyzer Repair and Dump PE Files |
baziroll |
0 |
2,632 |
08-07-2017 , 11:51 AM
Last Post: baziroll
|
|
AppCheck Anti-Ransomware : FinalRansomware / GX40 Ransomware (.encrypted) |
baziroll |
0 |
2,209 |
05-15-2017 , 12:35 PM
Last Post: baziroll
|
|
Ashampoo Anti-Virus vs WannaCry ransomware |
baziroll |
0 |
1,846 |
04-16-2017 , 12:50 PM
Last Post: baziroll
|
|
Ashampoo Anti-Virus vs Mole ransomware |
baziroll |
0 |
1,961 |
04-16-2017 , 12:46 PM
Last Post: baziroll
|
Users browsing this thread: 1 Guest(s)