- 博客(8)
- 收藏
- 关注
RSS订阅原创 使用windbg分析PE导入表(INT IAT)
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: C:\Windows\SysWOW64\notepad.exe ************* Path validation summary ...
2020-03-04 21:08:57
1367
原创 PE File Buffer and Memory Buffer
// FileMemBufferTest.cpp : This file contains the 'main' function. Program execution begins and ends there. // #include <iostream> #include <Windows.h> /* * 获取文件路径 */ void GetFile(TCHAR*...
2020-03-03 23:43:46
181
原创 PE练习
// ReadFile.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 // #include "pch.h" #include <iostream> #include <Windows.h> DWORD RVAToFOA(PIMAGE_SECTION_HEADER pSectionHeader, DWORD addr) { PIMAG...
2020-02-29 23:21:25
285
1
原创 PE目录项-导出表(二)以USER32.dll为例
USER32.dll IMAGE_EXPORT_DIRECTORY 0:001> lmDvmUSER32 Browse full module list start end module name 77970000 77ab7000 USER32 (deferred) Image path: X:\windows\SysWOW64\USER32.dll Ima...
2020-02-14 20:48:00
653
原创 使用Windbg认识Windows PE结构
0:000> !dh -f notepad File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (i386) 4 number of sections 559EA6FF time date stamp Fri Jul 10 00:53:19 2015 0 file pointer to symbol table 0...
2020-02-12 10:22:36
359
转载 Debugging Managed Code Using the Windows Debugger
You can use the Windows debuggers (WinDbg, CDB, and NTSD) to debug target applications that contain managed code. To debug managed code, you must load the SOS debugging extension (sos.dll) and a data ...
2020-02-11 17:30:25
246
原创 windbg dt命令显示PE相关数据结构
0:001> dt ntdll!*IMAGE_* ntdll!_IMAGE_NT_HEADERS ntdll!_IMAGE_DOS_HEADER ntdll!_IMAGE_FILE_HEADER ntdll!_IMAGE_OPTIONAL_HEADER ntdll!_IMAGE_DATA_DI...
2020-02-11 17:24:46
443
原创 windbg .Net managed code debug
open executable… 0:000> sxe ld clr 0:000> g 0:000> .loadby sos clr 0:000> !help bpmd !BPMD [-nofuturemodule] [] !BPMD : !BPMD -md !BPMD -list !BPMD -clear !BPMD -clearall !BPMD provide...
2020-02-11 16:09:54
316
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人