|
|
|
|
#1
05-20-2018, 20:20
|
|||
|
|||
|
Then, as I understand, your program is working fine
- it determines that the bytes of the actual function server do not match the bytes in the tracked DLL in the system32 directory ? .. You can previouosly import target function to your program and make alias-table like this: ;-------------------------------------------------------[ASM] ECU_TABLE_ITEM STRUC RealAddress dd ? ;;Real address TargetFunctionName db 30h dup (?), 0 ;;Function name ECU_TABLE_ITEM ENDS imp_equ_table: imp1 ECU_TABLE_ITEM <?, 'ShowWindow'> imp2 ECU_TABLE_ITEM <?, 'GetModuleHandle'> .....etc. ;-------------------------------------------------------[ASM] - Further work referring to this table. --add-- PE-loader at new versions of OS can emulate imported function without original dll (For example, kernel32.dll may be absent, but application with call of kernel32.GetModuleHandleA will work fine) Last edited by dosprog; 05-21-2018 at 01:28. 
|
| The Following User Says Thank You to dosprog For This Useful Post: | ||
p4r4d0x (05-20-2018) | ||
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| fake mac address | theGate | General Discussion | 16 | 08-13-2022 10:12 |
| How to identify the address where the test is done? | byvs | General Discussion | 13 | 10-25-2016 08:40 |
| Get APi from the address | ahmadmansoor | General Discussion | 21 | 03-03-2011 07:49 |
| Finding API Address | britedream | General Discussion | 5 | 10-05-2006 21:28 |
Hybrid Mode
