Josh StroscheinFeb 105 minLocating DLL Name from the Process Environment Block (PEB)I often encounter software, especially when performing malware analysis, that dynamically constructs it’s own import table. This can be...
Josh StroscheinFeb 101 minExploring the Process Environment Block (PEB) with WinDbgThe source code for this example can be found here. The assembly is: mov ebx, fs:[ 0x30 ] ; // get a pointer to the PEB mov ebx, [ ebx +...