Jump to content
Tuts 4 You

import address resolution through loadlibrary


abhijit mohanta

Recommended Posts

abhijit mohanta

Hi,

I am quite new to malware analysis.I want to know do we need to fix imports that that are resolved dynamically using loadLibary() and getProcAddress() as we do case of import Resolved by IAT

If so how to do it?

Link to comment

For the "how to do it" you need to do some reading about other protectors/malware. Not something that can really be covered easily in a post.

Be aware though that sometimes GetProcAddress is emulated i.e. the same functionality is achieved without calling the API itself. Just makes things a little trickier.

Link to comment
abhijit mohanta

thnks,

I know how to fix imports in case of API redirection .

I have idea on how address are resolved dynamically and I think we can know the dynamic calls though API spy which employ hooking mechanism.But can u please give me some more guidance or any references which can help me to proceed furthur.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...