When each dll is loaded new entry is created in PEB_LDR_DATA to describe state of .dll and also newly inserted data will be used later on to access .dll via GetModuleHandle and LoadLibrary.
This is advantage for us because we can load our .dll with faked export table and all calls to APIs will go trough our .dll and end up in real .dll.
Recommended Comments
Create an account or sign in to comment