Skip to content

Instantly share code, notes, and snippets.

@hatRiot

hatRiot/gist:b42a33ad1310226bb1466e34f2e9d50c

Created June 11, 2019 18:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hatRiot/b42a33ad1310226bb1466e34f2e9d50c to your computer and use it in GitHub Desktop.
Save hatRiot/b42a33ad1310226bb1466e34f2e9d50c to your computer and use it in GitHub Desktop.
Download ZIP
WoW64 kernel32 IAT
Raw
gistfile1.txt
0:023:x86> dt _IMAGE_IMPORT_DESCRIPTOR 0x40000+0x91d0+0n40
ole32!_IMAGE_IMPORT_DESCRIPTOR
+0x000 Characteristics : 0x9290
+0x000 OriginalFirstThunk : 0x9290
+0x004 TimeDateStamp : 0
+0x008 ForwarderChain : 0
+0x00c Name : 0x99be
+0x010 FirstThunk : 0x900c
0:023:x86> da 0x40000+0x99be
000499be "KERNEL32.dll"
0:023:x86> dps 0x40000+0x900c l5
0004900c 7780d6e0 ntdll_777b0000!RtlDeleteCriticalSection
00049010 77325880 KERNEL32!LocalFreeStub
00049014 7737f6a0 KERNEL32!CreateMutexExW
00049018 77324e10 KERNEL32!GetModuleHandleWStub
0004901c 77324490 KERNEL32!DebugBreakStub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment