Thread: Get real address of api not nt version
View Single Post
  #2  
Old 05-20-2018, 16:13
dosprog dosprog is offline
Friend
  
Join Date: Feb 2018
Posts: 114
Rept. Given: 0
Rept. Rcvd 17 Times in 16 Posts
Thanks Given: 33
Thanks Rcvd at 147 Times in 74 Posts
dosprog Reputation: 17
Even earlier they began to do this by redirecting kernel32.dll functions to ntdll.dll
This is done by the PE loader
[imho] There is no way to fix this automatically. [/imho]
In a disassembled text this is done by hand.
Last edited by dosprog; 05-20-2018 at 16:19.
Reply With Quote