Hi,

I know that i don’t publish a lot of content these days but i’m stuck with School exams. So I decided to make a short tutorials to show you how to dump strings which are not encrypted in memory. For Example, DnGuard is a strong protector, but sometimes, people doesn’t encrypt strings, so you can see them in memory 🙂

Target that we’ll use : http://ge.tt/7YbNhsk2

So first, we have to use sxe ld:mscorlib then press g

Then, load SOS extension by using .loadby SOS clr and press

Finally, here’s the final command that will show all strings :

.foreach (obj {!dumpheap -type System.String -short}) {.printf « \n%mu »,${obj}+c}

A bit explanation !

foreach is a loop, as in programming.

!dumpheap -type System.String -short will dump all strings adress and then store them in a variable called « obj » (you can call it as you want)

« \n%mu »,${obj}+c printf will print what we asked. And this is our strings !

 

I said in the title that it worked with dnguard but it also work with others protectors such as ConfuserEx, …

See you soon for better tutorials,

 

I hope that you enjoy my works,

MindSystem

 

 

Publicités