• Home
  • Search
  • Map
  • Scan
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • API
    • Unprotect API
    • API Documentation
  • Avatar Login

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Clear

Search Result

12 item(s) found so far for this keyword.

Change Module Name at Runtime Process Manipulating

It is possible to change the name of the current process or any of its modules at runtime. This is achieved by accessing the process PEB's member 'Ldr', in particular it has a member 'InOrderMemoryLinks' which we can iterate through to get a list of the process's modules.

On each iteration it gets a PLDR_DATA_TABLE_ENTRY structure to work with …

Change Module Base Address at Runtime Process Manipulating

It is possible to change the DllBase of a module at runtime. This can trick debugging and analysis tools such as IDA or Cheat Engine into thinking a module's base is actually at another address.

This is achieved by accessing the process PEB's member 'Ldr', in particular it has a member InOrderMemoryLinks which we can iterate through to get …

  • 1
  • 2

The #UnprotectProject is brought to you by 🇫🇷 DarkCoderSc and 🇫🇷 fr0gger_

Terms And Conditions | Cookie Policy | Cookies preferences | GDPR

Contribute Now