: WARNING - support of the decompiler is now VERY LIMITED. There are no active developers. This means waiting times in the issue tracker are very long and mostly depend on community. Sorry for the inconvenience.

List of issuesList of issues

#365 Search in memory: Filter fake SWFs
Author: user focus
Date created:
Type: feature
Visibility: Everybody
Assigned to: developer honfika
Labels: Tools
State: closed Help

Would be nice to have such functionality since many packers use fake SWFs tactics to prevent original SWF dumpink. Like in the attached SWF (packed with DoSWF).
developer
Filtering fake SWFs was improved. Now only those "files" are shown which has at least one non zero length tag from the following list: Define*, DoABCDefineTag, DoABCTag, DoActionTag, DoInitActionTag, ShowFrameTag Now your file returns "only" 43 results. Is this enough?
State: new→upgraded
Assigned:developer honfika
user
Yep, looks much better now!
user
Could you write an unpack for doswf so I can unpack the binary symbol then, pack back to swf?
developer
And write back to memory? I don't think that it is a good idea to write to another process's memory. If you want to save the swf to your hard drive, then you already can edit the doABC tags. (AVM2 instuctions)
user
FFDec already allows you to unpack doSWF - just dump both swfs (with code and library) from memory. Read more in my blog post: http://blog.codestage.ru/2013/05/06/decrypting-doswf/
developer
I'll close this due to inactivity. Feel free to create a new issue when you find any problem.
State: upgraded→closed
 
Google Translate: Translate to Czech Translate to Slovak Translate to Russian Translate to Hungarian Translate to Swedish Translate to French Translate to German Translate to Spanish Translate to Italian
Change style: oceanic classic