Winim added support for interacting with .NET & the CLR directly.... it even supports loading assemblies from memory! Straight 🔥
Thanks to 3xpl01tc0d3r for the heads up. Nim + .NET = <3
khchen.github.io/winim/clr.h…
Anyone know why calling NtUnmapViewOfSection to unmap the base image during process hollowing would fail with an NTSTATUS value of (0xC0000019) STATUS_NOT_MAPPED_VIEW? I can see the address I am specifying is definitely correct.
For anyone to watching at home, I still don't know WHY this happened, but using UnmapViewOfFile2 or NtUnmapViewOfSectionEx instead works fine. No change in the data passed, but it unmaps the file. 🤷♂️🤦♂️
Dis/mis information has reached the point where the Turing test seems satisfied. Not because the bots have become so much smarter at impersonating humans, but because online human discourse has degraded to that of bots. I now ask myself if the humans can pass the test.
My recent contribution to Process Hacker:
PH now has "Image Coherency" checks to highlight Herpaderped, Doppelganged, or Hollowed processes.
github.com/processhacker/pro…