// Token: 0x0600007F RID: 127 RVA: 0x00008714 File Offset: 0x00006914
private static void EraseSection(IntPtr address, int size)
{
IntPtr sz = (IntPtr)size;
IntPtr dwOld = 0;
AntiDumps.VirtualProtect(address, sz, (IntPtr)64, ref dwOld);
AntiDumps.ZeroMemory(address, sz);
IntPtr temp = 0;
AntiDumps.VirtualProtect(address, sz, dwOld, ref temp);
}
public static void Start()
{
try
{
WebClient wc = new WebClient();
wc.DownloadString("https://google.com");
}
catch
{
Error();
}
DBG();
Admin();
Misc();
CMD();
Detect();
DetectVM();
Outbuilt.FileDebug();
Outbuilt.DefaultDependencyAttribute();
Outbuilt.AssemblyHashAlgorithm();
AntiDebug();
AntiDumps.AntiDump();
}
// Token: 0x06000080 RID: 128 RVA: 0x0000875C File Offset: 0x0000695C
public static void AntiDump()
{
IntPtr base_address = Process.GetCurrentProcess().MainModule.BaseAddress;
int dwpeheader = Marshal.ReadInt32((IntPtr)(base_address.ToInt32() + 60));
short wnumberofsections = Marshal.ReadInt16((IntPtr)(base_address.ToInt32() + dwpeheader + 6));
AntiDumps.EraseSection(base_address, 30);
for (int i = 0; i < AntiDumps.peheaderdwords.Length; i++)
{
AntiDumps.EraseSection((IntPtr)(base_address.ToInt32() + dwpeheader + AntiDumps.peheaderdwords[i]), 4);
}
for (int j = 0; j < AntiDumps.peheaderwords.Length; j++)
{
AntiDumps.EraseSection((IntPtr)(base_address.ToInt32() + dwpeheader + AntiDumps.peheaderwords[j]), 2);
}
for (int k = 0; k < AntiDumps.peheaderbytes.Length; k++)
{
AntiDumps.EraseSection((IntPtr)(base_address.ToInt32() + dwpeheader + AntiDumps.peheaderbytes[k]), 1);
}
int x = 0;
int y = 0;
while (x <= (int)wnumberofsections)
{
if (y == 0)
{
AntiDumps.EraseSection((IntPtr)(base_address.ToInt32() + dwpeheader + 250 + 40 * x + 32), 2);
}
AntiDumps.EraseSection((IntPtr)(base_address.ToInt32() + dwpeheader + 250 + 40 * x + AntiDumps.sectiontabledwords[y]), 4);
y++;
if (y == AntiDumps.sectiontabledwords.Length)
{
x++;
y = 0;
}
}
}