Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Question About Packing And The Iat

Featured Replies

Posted

So if you have a file, and you pack it, obviously you lose all the information in the Import Address Table, well maybe not lose it, but it's useless because its never intialized since at the time the PE loader loaded the file, it would have never been set to the function addresses. So then how does the stub make it so that the orignal code is able to use the program correctly, does the packer run over the Import Name Table, find everything it is trying to import, and then build a new import address table once the file is loaded up using LoadLibrary?So you have something likeCALL DWORD PTR DS:[1063060]And then that stores an address to the beginning of the function (TlsSetValue) inside of kernel32 at 760D1462.10636060 -> 760D1462 (kernel32)But that's in a exe that wasn't packed, so the question is, if it loads it up?Maybe in the packer source code it has an array of all the modules that an exe will require to load up, and then it has some sort of code that fire LoadLibrary inside of the stub? And then GetProcAddress?
Then it recreates the import address table?Now another question is, if it does this, then what about all the code within the program that relies on CALL DWORD PTR[iMAGEBASE+RVA] <-- A call to the orignal IATI am confused on how it handles this, would the crypter run over that code and replace it with the new IAT location? Or would it..?

Check out lena's tutorials, around 20-25.


  • Author

Thanks guys ;)


Check out lena's tutorials* recommend.


Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.