- 博客(8)
- 收藏
- 关注
RSS订阅原创 使用windbg分析PE导入表(INT IAT)
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86Copyright (c) Microsoft Corporation. All rights reserved.CommandLine: C:\Windows\SysWOW64\notepad.exe************* Path validation summary ...
2020-03-04 21:08:57
1192
原创 PE File Buffer and Memory Buffer
// FileMemBufferTest.cpp : This file contains the 'main' function. Program execution begins and ends there.//#include <iostream>#include <Windows.h>/** 获取文件路径*/void GetFile(TCHAR*...
2020-03-03 23:43:46
121
原创 PE练习
// ReadFile.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。//#include "pch.h"#include <iostream>#include <Windows.h>DWORD RVAToFOA(PIMAGE_SECTION_HEADER pSectionHeader, DWORD addr){ PIMAG...
2020-02-29 23:21:25
225
1
原创 PE目录项-导出表(二)以USER32.dll为例
USER32.dll IMAGE_EXPORT_DIRECTORY0:001> lmDvmUSER32Browse full module liststart end module name77970000 77ab7000 USER32 (deferred)Image path: X:\windows\SysWOW64\USER32.dllIma...
2020-02-14 20:48:00
477
原创 使用Windbg认识Windows PE结构
0:000> !dh -f notepadFile Type: EXECUTABLE IMAGEFILE HEADER VALUES14C machine (i386)4 number of sections559EA6FF time date stamp Fri Jul 10 00:53:19 2015 0 file pointer to symbol table 0...
2020-02-12 10:22:36
304
转载 Debugging Managed Code Using the Windows Debugger
You can use the Windows debuggers (WinDbg, CDB, and NTSD) to debug target applications that contain managed code. To debug managed code, you must load the SOS debugging extension (sos.dll) and a data ...
2020-02-11 17:30:25
186
原创 windbg dt命令显示PE相关数据结构
0:001> dt ntdll!*IMAGE_* ntdll!_IMAGE_NT_HEADERS ntdll!_IMAGE_DOS_HEADER ntdll!_IMAGE_FILE_HEADER ntdll!_IMAGE_OPTIONAL_HEADER ntdll!_IMAGE_DATA_DI...
2020-02-11 17:24:46
333
原创 windbg .Net managed code debug
open executable…0:000> sxe ld clr0:000> g0:000> .loadby sos clr0:000> !help bpmd!BPMD [-nofuturemodule] []!BPMD :!BPMD -md !BPMD -list!BPMD -clear !BPMD -clearall!BPMD provide...
2020-02-11 16:09:54
259
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人