top | item 46170517 (no title) kaszanka | 2 months ago > no winhttp.dll, wininet.dll, or ws2_32.dll. offline validation only. all crypto is local, so theoretically extractable.You can't possibly know that by the mere lack of these DLLs from the import directory. discuss order hn newest muststopmyths|2 months ago TFA is checking those via imports, not copied DLLs.I suppose they could LoadLibrary/GetProcAddress at runtime, but that'd be a lot of effort for obfuscation.
muststopmyths|2 months ago TFA is checking those via imports, not copied DLLs.I suppose they could LoadLibrary/GetProcAddress at runtime, but that'd be a lot of effort for obfuscation.
muststopmyths|2 months ago
I suppose they could LoadLibrary/GetProcAddress at runtime, but that'd be a lot of effort for obfuscation.