
PE
PE
sankernel
这个作者很懒,什么都没留下…
展开
专栏收录文章
- 默认排序
- 最新发布
- 最早发布
- 最多阅读
- 最少阅读
-
使用windbg分析PE导入表(INT IAT)
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86Copyright (c) Microsoft Corporation. All rights reserved.CommandLine: C:\Windows\SysWOW64\notepad.exe************* Path validation summary ...原创 2020-03-04 21:08:57 · 1379 阅读 · 0 评论 -
PE File Buffer and Memory Buffer
// FileMemBufferTest.cpp : This file contains the 'main' function. Program execution begins and ends there.//#include <iostream>#include <Windows.h>/** 获取文件路径*/void GetFile(TCHAR*...原创 2020-03-03 23:43:46 · 184 阅读 · 0 评论 -
PE练习
// ReadFile.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。//#include "pch.h"#include <iostream>#include <Windows.h>DWORD RVAToFOA(PIMAGE_SECTION_HEADER pSectionHeader, DWORD addr){ PIMAG...原创 2020-02-29 23:21:25 · 290 阅读 · 1 评论 -
PE目录项-导出表(二)以USER32.dll为例
USER32.dll IMAGE_EXPORT_DIRECTORY0:001> lmDvmUSER32Browse full module liststart end module name77970000 77ab7000 USER32 (deferred)Image path: X:\windows\SysWOW64\USER32.dllIma...原创 2020-02-14 20:48:00 · 654 阅读 · 0 评论 -
windbg dt命令显示PE相关数据结构
0:001> dt ntdll!*IMAGE_* ntdll!_IMAGE_NT_HEADERS ntdll!_IMAGE_DOS_HEADER ntdll!_IMAGE_FILE_HEADER ntdll!_IMAGE_OPTIONAL_HEADER ntdll!_IMAGE_DATA_DI...原创 2020-02-11 17:24:46 · 451 阅读 · 0 评论 -
使用Windbg认识Windows PE结构
0:000> !dh -f notepadFile Type: EXECUTABLE IMAGEFILE HEADER VALUES14C machine (i386)4 number of sections559EA6FF time date stamp Fri Jul 10 00:53:19 2015 0 file pointer to symbol table 0...原创 2020-02-12 10:22:36 · 362 阅读 · 0 评论