Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Protection is completely broken #498
The tool AMegaDumper from SND can drop any confuserex (even custom version of confuserex) protected assembly and the source code of the dropped (un)protected assembly is fully revealed.
The tool AMegaDumper is not protected. It starts by a readprocessmemory on the protected process and then drop all .NET modules including the fully unprotected original assembly. Any ideas for protection against this method?
It is not broken. All obfuscators and packers can be dumped all it does is make it more time consuming. It is a cat and mouse game before someone releases and automated dumper.
Confuserex is good for renaming and stripping meta data, the rest of the items are just a good way to get your program flagged as a virus and I would not use them.
Amegadumper or de4dot will not undo a rename operation as it is a lossy process. Hence protection is not completely broken.