Great post! You need to also make sure that you fix the relocations for DLL code section that you copy from disk to the base address of already imported DLL. Ntdll.dll may work fine without it, since every exported function is just a syscall stub.
-
-
-
BitDefender also hooks functions in user32.dll and for these, you must fix the relocations, otherwise the process will surely crash. Also it may be a bit cleaner to just replace 16 bytes of the beginning of each exported function, but I guess the outcome will be the same.
- Još 2 druga odgovora
Novi razgovor -
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.