top of page
Locating DLL Name from the Process Environment Block (PEB)
I often encounter software, especially when performing malware analysis, that dynamically constructs it’s own import table. This can be...
Josh Stroschein
Feb 10, 20245 min read
Â
Â
Exploring the Process Environment Block (PEB) with WinDbg
The source code for this example can be found here. The assembly is: mov ebx, fs:[ 0x30 ] ; // get a pointer to the PEB mov ebx, [ ebx +...
Josh Stroschein
Feb 10, 20241 min read
Â
Â
bottom of page