Feature Request - Support for Delegate Functions

Question

Feature Request - Support for Delegate Functions

su1s opened this issue 2 years ago · 2 comments

Delegate functions are not currently picked up by Codeception, would be useful from an opsec and anti analysis point of view if they were obfuscated in line with the rest of Codeceptions actions. In the below example CreateFiber and SwitchToFiber are not obsfucated by Codeception thus end up as strings in the compiled binary giving a pretty clear indication of what the malware is doing.

[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate IntPtr CreateFiber(uint dwStackSize, IntPtr lpStartAddress, uint lpParameter);

[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate IntPtr SwitchToFiber(IntPtr fiberAddress);

Answer 1 · 2022-11-23T12:34:22.000Z

Is this from a public project you can link to? Only asking cause sometimes how renames are handled are depended on the entire solution.

Answer 2 · 2022-11-26T09:32:58.000Z

Just pushed v1.0.3 and fixing the delegate functions.

If it's still not working please re-open this issue.