All Questions
6
questions
1
vote
1
answer
820
views
Disassembly call function offset from RIP
I am writing a program where I map an .exe PE file in memory and I "dissect" it.
I am disassembling the .text section of the target executable, using the distorm disassembler.
CALL ...
2
votes
1
answer
266
views
Garbage Assembly Code Generationat at random offsets
Recently I've been working on a project. The main purpose of the project is to generated statically undetectable PE samples. Where each time one generates a PE sample, each generated sample is going ...
2
votes
2
answers
3k
views
.00cfg section in the PE file
What's that .00cfg section that is being added by Visual Studio 2017
to PE32+ binary files (for x64 builds)? I'm assuming it stands for
"Control Flow Guard" section. It is relatively small and mostly ...
2
votes
1
answer
223
views
How are __argc and __wargv globals exported from a 64-bit PE file compiled with Visual Studio?
I need to inject my code into a 64-bit process. I'm wondering, how can I access __argc and __wargv global variables once in the injected process?
Are they always present at a static/preset address?
0
votes
1
answer
891
views
IDA Pro 64bit offset and opcode issue
I'm looking at a 64bit PE file in IDA. The instructions below access unknown data at offset 20030. Usually when I look at 32bit PE files, the offset is also listed next to the opcodes on the left. So ...
2
votes
5
answers
13k
views
Run PE File - (Executable) From Memory
Would be grateful for your suggestion.Trying to run a 32/64bit on (Windows 10- 64 bit /Visual studio) program which tries to run an executable from memory.This is for my learning purpose.
#include &...