使用windbg分析PE导入表(INT IAT)


Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: C:\Windows\SysWOW64\notepad.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
ModLoad: 00dd0000 00dfb000   notepad.exe
ModLoad: 778a0000 77a3a000   ntdll.dll
ModLoad: 75be0000 75cc0000   C:\WINDOWS\SysWOW64\KERNEL32.DLL
ModLoad: 76b20000 76d1d000   C:\WINDOWS\SysWOW64\KERNELBASE.dll
ModLoad: 773a0000 773c1000   C:\WINDOWS\SysWOW64\GDI32.dll
ModLoad: 77350000 77367000   C:\WINDOWS\SysWOW64\win32u.dll
ModLoad: 75d30000 75e8a000   C:\WINDOWS\SysWOW64\gdi32full.dll
ModLoad: 75910000 7598c000   C:\WINDOWS\SysWOW64\msvcp_win.dll
ModLoad: 77010000 7712f000   C:\WINDOWS\SysWOW64\ucrtbase.dll
ModLoad: 77130000 772c7000   C:\WINDOWS\SysWOW64\USER32.dll
ModLoad: 76f50000 7700f000   C:\WINDOWS\SysWOW64\msvcrt.dll
ModLoad: 77440000 776b5000   C:\WINDOWS\SysWOW64\combase.dll
ModLoad: 759a0000 75a5b000   C:\WINDOWS\SysWOW64\RPCRT4.dll
ModLoad: 75070000 75090000   C:\WINDOWS\SysWOW64\SspiCli.dll
ModLoad: 75060000 7506a000   C:\WINDOWS\SysWOW64\CRYPTBASE.dll
ModLoad: 773d0000 7742f000   C:\WINDOWS\SysWOW64\bcryptPrimitives.dll
ModLoad: 75b60000 75bd6000   C:\WINDOWS\SysWOW64\sechost.dll
ModLoad: 75280000 75304000   C:\WINDOWS\SysWOW64\shcore.dll
ModLoad: 772d0000 77349000   C:\WINDOWS\SysWOW64\advapi32.dll
ModLoad: 66dc0000 66fcf000   C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.657_none_2e72ec50278a619e\COMCTL32.dll
(26b0.3fec): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00543000 ecx=daed0000 edx=00000000 esi=008e2540 edi=778a688c
eip=7794e9e2 esp=0030f4bc ebp=0030f4e8 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrInitShimEngineDynamic+0x6e2:
7794e9e2 cc              int     3
0:000> 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值