Skip to content
/ IAT-Obfuscation Public

IAT-Obfuscation to make static analysis of executable harder.

License

MIT license
41 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MahmoudZohdy/IAT-Obfuscation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
IAT-Obfuscation
IAT-Obfuscation
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TLS.h
TLS.h
 
 

Repository files navigation

IAT-Obfuscation

This Project is for IAT Obfuscation to make static analysis of a program harder, and to make it harder for recognize and extract the sequence of API for malicious activity staticly.

How To Use:

1- Include the TLS.h header file in your project then compile it (this will add TLS section in the executable that will fix IAT before your main function)
2- execute IAT-Obfuscation.exe <Executable from step 1> <Output File Name>

How it work

this obfuscation technique work by replacing every two api in the same DLL with each other

Demo

this is the output of simple injection technique to Load Dll in Remote Process (OpenProcess, VirtualAllocEx, WriteProcessMemory, CreateRemoteThread)

UnObfuscated Version Clean

Obfuscated Version Obfuscated

About

IAT-Obfuscation to make static analysis of executable harder.

Topics

obfuscation iat iat-obfuscation

Resources

Readme

License

MIT license
Activity

Stars

41 stars

Watchers

4 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages