About windows manual loader

서우혁·2020년 7월 8일
0

Contents

  1. PE FILE headers
  2. Virtual DLL

PE FILE headers

First of the PE FILE, exist the 'IMAGE_DOS_HEADER' structure

'IMAGE_DOS_HEADER' structure pointing the 'IMAGE_NT_HEADERS' structure

'IMAGE_NT_HEADERS' structure is describe the PE FILE spec

  1. property of the PE FILE
  2. Image size of the PE FILE
  3. number of the section

Virtual memory

  1. Read PE FILE (*.DLL) data
  2. Allocate virtual memory as much as size of image
  3. Write section data to virtual memory with referenced by section header
profile
서우혁
reverser
이전 포스트

NtProtectVirtualMemory document

다음 포스트

Tasklist process list manipulation!

0개의 댓글

관련 채용 정보