|
|
#18
03-01-2011, 15:12
|
|||
|
|||
|
Some tips:
1) Don't forget about forwarded exports ( they point inside of export table ) 2) There may be more than one function with same RVA Examples: SetHandleCount = LockResource NtOpenFile = ZwOpenFile 3) Optimization, need to build lookup tables with name of functions and need to sort table with RVA then simply apply binary search by rva but be aware if you sort rva's standard CRT binary search won't return you pointer to the first function( in other words if you have 3 functions with same rva bsearch may return to you any 1 of 3) so you will need to find first and last by going backward and forward increasing pointer in table. Good luck. 
|
| The Following 2 Users Gave Reputation+1 to For This Useful Post: | ||
ahmadmansoor (03-01-2011), dila (03-02-2011) | ||
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| fake mac address | theGate | General Discussion | 16 | 08-13-2022 10:12 |
| Get real address of api not nt version | Mahmoudnia | General Discussion | 18 | 05-23-2018 00:44 |
| Finding API Address | britedream | General Discussion | 5 | 10-05-2006 21:28 |
| how to get the address of the entry point in an API | Warren | General Discussion | 6 | 08-30-2005 16:18 |
Threaded Mode