#31
|
|||
|
|||
Release 0.2.6 (2021-11-08):
Homepage # Changelog # PEAnatomist 0.2.6 |
The Following 3 Users Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
The Following 8 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (11-09-2021), besoeso (11-10-2021), kienmanowar (11-09-2021), niculaita (11-09-2021), uranus64 (11-09-2021), WildGoblin (11-23-2021), wilson bibe (11-09-2021), zeuscane (04-18-2022) |
#32
|
||||
|
||||
Excellent work.
Respect+ |
The Following User Says Thank You to Kurapica For This Useful Post: | ||
RamMerLabs (11-20-2021) |
#33
|
|||
|
|||
Release 0.2.7 (2022-01-03):
Homepage # Changelog # PEAnatomist 0.2.7 |
The Following 3 Users Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
#34
|
|||
|
|||
Release 0.2.8 Final (2022-03-05):
Homepage # Changelog # PEAnatomist 0.2.8 |
The Following 2 Users Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (03-06-2022), tonyweb (03-13-2022) |
The Following 9 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (03-06-2022), besoeso (03-06-2022), carlitos (03-07-2022), DavidXanatos (03-07-2022), ionioni (03-14-2022), niculaita (03-06-2022), wilson bibe (03-06-2022), WRP (03-08-2022), zeuscane (03-07-2022) |
#35
|
|||
|
|||
RamMerLabs, if you are in one of the countries involved in the current conflict, I wish that you and your family are safe and well. Same goes for any other members of this forum.
Sorry to contact you like this in a public forum, but i have no pm privileges, and no other means of reaching you. Be safe. |
The Following User Gave Reputation+1 to Abaddon For This Useful Post: | ||
WRP (03-08-2022) |
The Following 7 Users Say Thank You to Abaddon For This Useful Post: | ||
binarylaw (03-13-2022), RamMerLabs (03-07-2022), tonyweb (03-13-2022), TQN (03-08-2022), WildGoblin (06-07-2022), WRP (03-08-2022), yoza (03-14-2022) |
#36
|
|||
|
|||
I think the loading of exports for arm 32 bit is not quite right:
for my win 11 test machine \SysArm32\ntdll.dll's LdrLoadDll has according tho the PEAnatomist the RVA or 0x2F9F1 and the image base is 0x4B280000, however when stepping through a arm32 project LdrLoadDll is in my instance at 0x7723F9F0 with base at 0x77210000 so the RVA seams to be 0x2F9F0, 1 less than what PEAnatomist shows, also checking with IDA it says the address of that function is 0x4B2AF9F0, that minus the base address gives also 0x2F9F0 as the correct RVA. Now that Said the peview of process hacker makes the same mistake :/ its strange that the values in the file are all off by exactly 1, its teh same for all functions I checked. Cheep fix add -1 to the RVA if its an arm image, but I woudl preffer to understand why its so ans have a proper fix. |
#37
|
|||
|
|||
The reason is that Windows runs ARM7 in a Thumb instructions set mode. And "1" in every RVA of executive code is an indicator of this: 1 - Thumb, no 1 - no Thumb. There is no mistake, it's native.
ARM7 has 2 or 4 bytes instructions length, so this 1 in RVA doesn't affect real addresses. BTW, it's right to apply (AND (NOT 0x1)) instead of substraction. Last edited by RamMerLabs; 03-13-2022 at 23:43. |
The Following 4 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (03-15-2022), DavidXanatos (03-13-2022), ionioni (03-14-2022), tonyweb (07-23-2022) |
#38
|
|||
|
|||
Release 0.2.9 Final Fix1 (2022-03-15):
Homepage # Changelog # PEAnatomist 0.2.9 |
The Following 5 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (03-16-2022), besoeso (03-16-2022), CRC32 (03-17-2022), MarcElBichon (03-16-2022), wilson bibe (03-16-2022) |
#39
|
|||
|
|||
Release 0.2.10 Final Fix2 (2022-04-16):
Homepage # Changelog # PEAnatomist 0.2.10 |
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (04-17-2022) |
#40
|
|||
|
|||
Release 0.2.11 Final Fix3 (2022-05-18):
Homepage # Changelog # PEAnatomist 0.2.11 |
The Following 2 Users Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
Fyyre (05-19-2022), MarcElBichon (05-18-2022) |
The Following 6 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (05-19-2022), besoeso (05-19-2022), ionioni (05-27-2022), WildGoblin (06-07-2022), wilson bibe (05-18-2022), WRP (05-18-2022) |
#41
|
|||
|
|||
Update 0.2.10712.2124 (2022-07-12):
Homepage # Changelog # PEAnatomist 0.2 |
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (07-13-2022) |
#42
|
|||
|
|||
Update 0.2.10913.2121 (2022-09-13):
Homepage # Changelog # PEAnatomist 0.2 |
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (09-14-2022) |
The Following 5 Users Say Thank You to RamMerLabs For This Useful Post: | ||
besoeso (09-16-2022), binarylaw (09-16-2022), LordGarfio (09-17-2022), user_hidden (09-14-2022), wilson bibe (09-14-2022) |
#43
|
|||
|
|||
Update 0.2.11108.2330 (2022-11-08):
Homepage # Changelog # PEAnatomist 0.2 |
#44
|
|||
|
|||
Update 0.2.11302.1901 (2023-01-02):
Homepage # Changelog # PEAnatomist 0.2 |
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (01-03-2023) |
The Following 8 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (01-03-2023), Doit (01-03-2023), niculaita (01-03-2023), nulli (01-03-2023), TQN (01-03-2023), user_hidden (01-03-2023), wilson bibe (01-03-2023), WRP (01-03-2023) |
#45
|
|||
|
|||
Update 0.2.11320.1732 (2023-01-20):
Homepage # Changelog # PEAnatomist 0.2 |
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post: | ||
MarcElBichon (01-21-2023) |
The Following 8 Users Say Thank You to RamMerLabs For This Useful Post: | ||
Abaddon (01-24-2023), alekine322 (01-22-2023), ionioni (01-21-2023), niculaita (01-21-2023), TQN (01-21-2023), user_hidden (01-21-2023), wilson bibe (01-21-2023), WRP (01-21-2023) |
Tags |
coff, ms pdb, pe32 |
Thread Tools | |
Display Modes | |
|
|