티스토리 뷰
[Reversing] API 동적 로딩 기법, PEB의 LDR 이용
참조
> https://5kyc1ad.tistory.com/328
> https://sanseolab.tistory.com/47
TEB
0x30 : PEB
PEB
0x0C : PEB_LDR_DATA
PEB_LDR_DATA
0x0C : ( InLoadOrderModuleList )
0x14 : ( InMemoryOrderModuleList )
0x1C : LDR_MODULE ( InInitializationOrderModuleList )
( InLoadOrderModuleList )
( 바이너리 -> ntdll.dll -> kernel32.dll -> kernelbase.dll )
0x00 : Next Module
0x04 : Previous Module
0x18 : ImgBase
0x1C : EP
0x20 : Size of Img
0x30 : Name
( InMemoryOrderModuleList )
( 바이너리 -> ntdll.dll -> kernel32.dll -> kernelbase.dll )
0x00 : Next Module
0x04 : Previous Module
0x10 : ImgBase
0x14 : EP
0x18 : Size of Img
0x20 : Path
LDR_MODULE ( InInitializationOrderModuleList )
( ntdll.dll -> kernelbase.dll -> kernel32.dll )
0x00 : Next Module
0x04 : Previous Module
0x08 : ImgBase
0x0C : EP
0x10 : Size of Img
0x20 : Name
분석할 때 알게 된 DLL, API 동적 로딩 기법을 이용한 부분 메모
'Reversing > ETC' 카테고리의 다른 글
| [Reversing] RTF, OLE, Open XML (0) | 2019.12.20 |
|---|---|
| [Reversing] CSIDL Values (0) | 2019.11.28 |
| [Reversing] PEB Structure (0) | 2019.10.31 |
| [Reversing] RaiseException dwExceptionCode_SEH (0) | 2019.10.21 |
| [Reversing] 패킹(Compressor, Protector), Packer, Crypter (0) | 2019.07.20 |
- Total
- Today