[DiscordArchive] you ever dump warden module PE?
[DiscordArchive] you ever dump warden module PE?
Original source
you ever dump warden module PE?
rektbyfaith
06-27-2025, 11:37 AM #1Archived author: Deleted User • Posted: 2025-06-27T11:37:35.529000+00:00
Original source
you ever dump warden module PE?
Original source
Warden PE is just a truncated dll file signed with RSA
rektbyfaith
06-27-2025, 11:38 AM #2Archived author: Deamon • Posted: 2025-06-27T11:38:44.013000+00:00
Original source
Warden PE is just a truncated dll file signed with RSA
Original source
i was able to dump a proper PE, and im able to inject this module into with CE
![[Image: image.png?ex=690c8910&is=690b3790&hm=5c4...8f43c57c4&]](https://cdn.discordapp.com/attachments/1086807686571642900/1388121690197852190/image.png?ex=690c8910&is=690b3790&hm=5c459ea5f10b801615a38943adbb326e3db00631634b6f3d6d5f03a8f43c57c4&)
rektbyfaith
06-27-2025, 11:40 AM #3Archived author: Deleted User • Posted: 2025-06-27T11:40:01.058000+00:00
Original source
i was able to dump a proper PE, and im able to inject this module into with CE
Original source
yes, this has the sections for .text, .data, .rdata, imports etc
rektbyfaith
06-27-2025, 11:42 AM #4Archived author: Deleted User • Posted: 2025-06-27T11:42:42.248000+00:00
Original source
yes, this has the sections for .text, .data, .rdata, imports etc
Original source
It's just when I looked at Warden last time it was about 17 years ago and I didn't use the hexrays decompiler back then
rektbyfaith
06-27-2025, 11:42 AM #5Archived author: Deamon • Posted: 2025-06-27T11:42:46.892000+00:00
Original source
It's just when I looked at Warden last time it was about 17 years ago and I didn't use the hexrays decompiler back then
Original source
you have to dump it by using WardenLoadModule
rektbyfaith
06-27-2025, 11:43 AM #6Archived author: Deleted User • Posted: 2025-06-27T11:43:05.761000+00:00
Original source
you have to dump it by using WardenLoadModule
Original source
I was dumping it directly from sniff back then
rektbyfaith
06-27-2025, 11:43 AM #7Archived author: Deamon • Posted: 2025-06-27T11:43:34.843000+00:00
Original source
I was dumping it directly from sniff back then
Original source
packet sniffing? you get the raw packed code,
rektbyfaith
06-27-2025, 11:43 AM #8Archived author: Deleted User • Posted: 2025-06-27T11:43:58.653000+00:00
Original source
packet sniffing? you get the raw packed code,
Original source
yeah...
rektbyfaith
06-27-2025, 11:46 AM #9Archived author: Deamon • Posted: 2025-06-27T11:46:26.489000+00:00
Original source
yeah...
Original source
you need to decrypt it and than unzip it
rektbyfaith
06-27-2025, 11:46 AM #10Archived author: Deamon • Posted: 2025-06-27T11:46:44.873000+00:00
Original source
you need to decrypt it and than unzip it
1 Guest(s)
1 Guest(s)