2006 年 4月 16 日随笔档案 - 比尔盖房

2006年4月16日 #

API hooking

摘要： 1. TipsAt runtime, the IAT(RVA obtained by IMAGE_THUNK_DATA->FirstThunk) is modified by OS loader and points to the real API addresses, so we should use IMAGE_THUNK_DATA->OriginalFirstThunk to refer t... 阅读全文

posted @ 2006-04-16 21:28 比尔盖房阅读(266) 评论(0) 推荐(0) 编辑

Linker and Loader

摘要： P1. When will link take place?It can take action in 3 different places: 1. compile-time2. load-time3. run-time.P2. To create executable file, the compiler must complete 2 tasks:1. Symbol Resolution: a... 阅读全文

posted @ 2006-04-16 21:22 比尔盖房阅读(1005) 评论(1) 推荐(0) 编辑

Jeffrey&Lynny

导航

公告

API hooking

Linker and Loader