abhijit mohanta Posted September 22, 2009 Posted September 22, 2009 Hi,I am quite new to malware analysis.I want to know do we need to fix imports that that are resolved dynamically using loadLibary() and getProcAddress() as we do case of import Resolved by IATIf so how to do it?
Loki Posted September 22, 2009 Posted September 22, 2009 For the "how to do it" you need to do some reading about other protectors/malware. Not something that can really be covered easily in a post.Be aware though that sometimes GetProcAddress is emulated i.e. the same functionality is achieved without calling the API itself. Just makes things a little trickier.
abhijit mohanta Posted September 22, 2009 Author Posted September 22, 2009 thnks,I know how to fix imports in case of API redirection .I have idea on how address are resolved dynamically and I think we can know the dynamic calls though API spy which employ hooking mechanism.But can u please give me some more guidance or any references which can help me to proceed furthur.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now