Wednesday, September 28, 2011

VB6 Anti Dump


'—————————————————————————————
' Module    : modErasePEHeaderFromMemory
' Author    : Mr52 / 7
' Now$      : 25/08/2009  17:03
' Used for : Clearing PE Header Info From Memory
'—————————————————————————————
Public Declare Function VirtualProtect Lib "kernel32" (lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Sub ZeroMemory Lib "kernel32.dll" Alias "RtlZeroMemory" (Destination As Integer, ByVal Length As Integer)
Sub ErasePEHeaderFromMemory()
Dim OldProtect As Long
Dim pBaseAddr
OldProtect = 0
pBaseAddr = GetModuleHandle("")
VirtualProtect pBaseAddr, 4096, PAGE_READWRITE, OldProtect
Call ZeroMemory(pBaseAddr, 4096)
End Sub

2 comments for "VB6 Anti Dump"

  1. Most memory dumpers out there have an option to paste header from file on disk. An easy way to bypass this trick.

    ReplyDelete
  2. Just one of the Anti Dump there's nothing like security in this world

    ReplyDelete

background