Hi,

Modified confuserex are more and more seen on the RE scene. People with 0 skills do little changes on confuserex and say after that it’s : XXX Protector. The worst are the people who only change mode in confuserex…

Sometimes, these confuserex are worse than Original confuserex… Appart if you make big big changes to confuserex (as in NetGuard), it’ll be easy to unpack your protected exe.

Here’s an example with Anti-Tamper. You can do what you want with Anti-Tamper, it could be removed by putting a breakpoint after call. That’s the same with packer.

For Constant, people are used to add an argument to counter public tools. Don’t forget that people who code tools won’t have any problem to deal with 1 or 2 arguments. And for sizeof, calculations, … There’re plenty of tools to deal with that also.

So please, if you really want to make a modded confuserex, do big changes. The aim is not to counter publics tools but also to counter good reversers.

Have a nice day

Publicités