documentation update

docs/02_description.markdown

@@ -13,6 +13,7 @@ redirect_from:
 The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of malicious .NET packed samples in order to provide a mitigation. 
 This tool uses the [Frida instrumentation toolkit](https://frida.re/) to inject scripts into [the CLR](https://en.wikipedia.org/wiki/Common_Language_Runtime) and manipulate the behavior of the .NET executable to retrieve the original code.
 More precisely, this tool intercepts the communication between the CLR components in order retrieve the original IL code of a packed assembly.
+To stay under the radar, the tool doesn't use the prepareMethod function. Therefore, only methods that compiled during execution will be recovered.
 
 If you liked this software, please, add a GitHub star ⭐️, thank you !
 
@@ -23,4 +24,8 @@ We assume here that the packer saves encrypted the orginal IL code of the applic
 The unpacker runs the sample and uses Frida to place hooks and intercept the components of the CLR (Method compilation, Token resolution, ...), at a lower level than the packer. Moreover, it uses a stealthy approach by placing hooks not at the start or end of functions for example, but uses a smart hooking strategy to evade potential detection by the packer. 
 
 # Smart Hooking Strategy
-The program uses Frida to disassemble CLR functions and place hooks as far as possible from packer monitoring points (start address of the function for example) while still collecting their input.
+The program uses Frida to disassemble CLR functions and place hooks as far as possible from packer monitoring points (start address of the function for example) while still collecting their input.
+
+# Acknowledgement
+We gratefully acknowledge the contributions of the teams responsible for the development of dnSpy, CFF Explorer, JITM, JitHook, Frida, pefile and dotnetfile. These tools / projects have been very helpful to our work.
+

docs/04_disclaimer.markdown

@@ -9,8 +9,8 @@ order: 4
 ## Disclaimer:
 1. This tool should be used solely for legal and ethical purposes.
 2. Malware protection and unpacking is a cat and mouse game. Imperva is not responsible in case the unpacking process failed.
-3. It's obviously recommended to run any analysis in a dedicated VM for malware analysis. Imperva is not responsible for any consequence of the usage of the tool. 
+
 
 ## Warning
 1. Frida is often flagged wrongly by anti-viruses. 
-2. It's obviously recommended to run any analysis in a dedicated VM for malware analysis. 
+2. It's obviously recommended to run any analysis in a dedicated VM for malware analysis. Imperva is not responsible for any consequence of the usage of the tool.  

docs/_site/about/index.html

@@ -47,9 +47,8 @@ <h1 class="post-title">About</h1>
 
 <p>You can find more about Imperva :</p>
 
-<p><a href="https://imperva.com/">Imperva</a></p>
-
-<p><a href="https://github.com/imperva/">Imperva-Github</a></p>
+<p><a href="https://imperva.com/">Imperva</a>
+<a href="https://github.com/imperva/">Imperva-Github</a></p>
 
   </div>
 

docs/_site/contribution/index.html

@@ -53,7 +53,7 @@ <h1 id="feature-requests">Feature requests:</h1>
 <p>If you have ideas for new features or improvements, please use GitHub Discussions to share them with the community. This allows us to collaborate on the idea and assess its feasibility.</p>
 
 <h1 id="documentation">Documentation:</h1>
-<p>If you see an area that needs improvement or have suggestions for new content, please let us know or contribute directly by editing the documentation.</p>
+<p>If you see an area that needs improvement or have suggestions for new content, please let us know.</p>
 
   </div>
 

docs/_site/description/index.html

@@ -48,7 +48,8 @@ <h2 id="frida-jit-unpacker">Frida-Jit-unPacker</h2>
 <h1 id="general-description">General Description</h1>
 <p>The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of malicious .NET packed samples in order to provide a mitigation. 
 This tool uses the <a href="https://frida.re/">Frida instrumentation toolkit</a> to inject scripts into <a href="https://en.wikipedia.org/wiki/Common_Language_Runtime">the CLR</a> and manipulate the behavior of the .NET executable to retrieve the original code.
-More precisely, this tool intercepts the communication between the CLR components in order retrieve the original IL code of a packed assembly.</p>
+More precisely, this tool intercepts the communication between the CLR components in order retrieve the original IL code of a packed assembly.
+To stay under the radar, the tool doesn’t use the prepareMethod function. Therefore, only methods that compiled during execution will be recovered.</p>
 
 <p>If you liked this software, please, add a GitHub star ⭐️, thank you !</p>
 
@@ -61,6 +62,10 @@ <h1 id="principle">Principle</h1>
 <h1 id="smart-hooking-strategy">Smart Hooking Strategy</h1>
 <p>The program uses Frida to disassemble CLR functions and place hooks as far as possible from packer monitoring points (start address of the function for example) while still collecting their input.</p>
 
+<h1 id="acknowledgement">Acknowledgement</h1>
+<p>We gratefully acknowledge the contributions of the teams responsible for the development of dnSpy, CFF Explorer, JITM, JitHook, Frida, pefile and dotnetfile. These tools / projects have been very helpful to our work.</p>
+
+
   </div>
 
 </article>

docs/_site/disclaimer/index.html

@@ -47,13 +47,12 @@ <h2 id="disclaimer">Disclaimer:</h2>
 <ol>
   <li>This tool should be used solely for legal and ethical purposes.</li>
   <li>Malware protection and unpacking is a cat and mouse game. Imperva is not responsible in case the unpacking process failed.</li>
-  <li>It’s obviously recommended to run any analysis in a dedicated VM for malware analysis. Imperva is not responsible for any consequence of the usage of the tool.</li>
 </ol>
 
 <h2 id="warning">Warning</h2>
 <ol>
   <li>Frida is often flagged wrongly by anti-viruses.</li>
-  <li>It’s obviously recommended to run any analysis in a dedicated VM for malware analysis.</li>
+  <li>It’s obviously recommended to run any analysis in a dedicated VM for malware analysis. Imperva is not responsible for any consequence of the usage of the tool.</li>
 </ol>
 
   </div>

docs/_site/feed.xml

@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.9.5">Jekyll</generator><link href="http://localhost:4000/feed.xml" rel="self" type="application/atom+xml" /><link href="http://localhost:4000/" rel="alternate" type="text/html" /><updated>2024-04-02T14:17:49+03:00</updated><id>http://localhost:4000/feed.xml</id><title type="html">Frida-Jit-Unpacker</title><subtitle>The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.</subtitle></feed>
+<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.9.5">Jekyll</generator><link href="http://localhost:4000/feed.xml" rel="self" type="application/atom+xml" /><link href="http://localhost:4000/" rel="alternate" type="text/html" /><updated>2024-04-15T09:23:27+03:00</updated><id>http://localhost:4000/feed.xml</id><title type="html">Frida-Jit-Unpacker</title><subtitle>The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.</subtitle></feed>