|
|
|
|
#1
10-19-2015, 19:45
|
||||
|
||||
|
Yes, it's more safe to use Win/Native Api to get Base Address than using hard coded offsets (can be altered or modified between os version) especially if you plane to use it in production tools, MS recommendations.
__________________
Computer Forensics 
|
|
#2
10-19-2015, 23:55
|
|||
|
|||
|
Hi Insid3Code,
IMHO, your source code is very useful to find the image base address and the image entrypoint, but I really do not understand the use of patching one byte inside NTDLL.DLL, at EntryPoint+64/7E! In my Window7-64, for a 32bit application, EntryPoint is at start of RtlUserThreadStart() (inside SysWOW64\ntdll.dll), and EntryPoint+0x64/0x7E are inside the exports table! Best regards, bilbo
|
| The Following User Says Thank You to bilbo For This Useful Post: | ||
niculaita (10-20-2015) | ||
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Delphi] Check if ASLR is enabled | Agmcz | Source Code | 15 | 06-11-2018 09:09 |
| How to deal with threads ? | bcl25 | General Discussion | 4 | 03-29-2003 06:22 |
Hybrid Mode
