RivaTesu / ZTAntiDump

.NET Table zeroing anti-dump

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ZTAntiDump

Zero Table Anti Dump is a C# application that prevents memory dumping of the process. It utilizes various techniques to protect the process from being dumped, making it more difficult for attackers to analyze or tamper with sensitive information.

Features

  • Protection against memory dumping.
  • Supports for x86 and x64.

How It Works

This application leverages memory manipulation techniques to modify the Portable Executable (PE) header and metadata directory of the process. By altering these memory regions, the application aims to hinder memory dumping and make it harder for attackers to extract sensitive data.

The following steps outline the process employed by anti-dump:

  1. Get the base address of the process.
  2. Retrieve the address of the PE header by parsing the necessary offsets.
  3. Obtain the number of sections and the size of the optional header from the PE header.
  4. Change the protection of memory region to read-write using the VirtualProtect function.
  5. Zero out the address of the metadata directory and its associated metadata header.
  6. Iterate over each section and overwrite their contents with empty bytes.

Directly affecting the way like dump tools and code decompilers interpret the file.

Usage

To use anti-dump in your own application:

  1. Clone this repository or download the source code.
  2. Open the solution in your preferred IDE.
  3. Incorporate the anti-dump code into your application's codebase.
  4. Execute the anti-dump code at an appropriate time during your application's runtime to enable the anti-dumping protection.

Please note that integrating anti-dumping techniques alone may not provide foolproof protection against memory dumping or reverse engineering. It's important to employ multiple security measures and adopt a holistic approach to safeguarding your application's sensitive data.

Disclaimer

This anti-dump application is provided as-is without any warranties or guarantees. While it aims to enhance the security of your application, it may not be effective in all scenarios. Use it at your own risk and always conduct thorough security assessments and tests for your specific use case.

Contributors

Essentially, me.

This code is a refactoring of an old anti-dump that I made 4-5 years ago, now improved and with explanatory comments. I must emphasize that it was inspired by ConfuserEx's anti-dump, so I mention and express my gratitude to Ki.

License

ZTAntiDump is released under the MIT License.

About

.NET Table zeroing anti-dump

License:Other


Languages

Language:C# 100.0%