Skip to content

Fix a bug happened when fixing IAT via ordinal#10

Merged
aaaddress1 merged 1 commit intoaaaddress1:masterfrom
ph4ntonn:master
Mar 28, 2021
Merged

Fix a bug happened when fixing IAT via ordinal#10
aaaddress1 merged 1 commit intoaaaddress1:masterfrom
ph4ntonn:master

Conversation

@ph4ntonn
Copy link
Copy Markdown
Contributor

@ph4ntonn ph4ntonn commented Mar 26, 2021
edited
Loading

Hi~

#5 中,虽然在一定程度上修复了基于ordinal来查找函数导出地址的bug

但是,逻辑并不是很严密,因为原pr认为只要第一个函数是基于ordinal导出,那么此dll中所有导出函数应当全基于ordinal

实际上,这种情况并不具有普适性(可以看附图),并且根据IAT的加载方式,应当先查找orginThunk所指向的INT表来决定是基于name还是ordinal来导出函数至IAT表

所以这里对#5 中的patch进行了一些修改~

顺便感谢作者的项目,给了我一些工具上的思路~

image

@aaaddress1 aaaddress1 merged commit 9935018 into aaaddress1:master Mar 28, 2021
@aaaddress1
Copy link
Copy Markdown
Owner

aaaddress1 commented Mar 28, 2021

感謝XD 您提的這個我有注意到, 不過最近寫書正忙所以一直擺著就忘記這件事了 hahah.
最近應該會把整個架構再大修 多新增一些功能進來, 很感謝您的鼎力支持🙏

@ph4ntonn
Copy link
Copy Markdown
Contributor Author

ph4ntonn commented Mar 29, 2021

感謝XD 您提的這個我有注意到, 不過最近寫書正忙所以一直擺著就忘記這件事了 hahah.
最近應該會把整個架構再大修 多新增一些功能進來, 很感謝您的鼎力支持🙏

没事,小忙而已~
期待您的新功能~
(顺便求个书名hh 👻

@aaaddress1
Copy link
Copy Markdown
Owner

aaaddress1 commented Mar 29, 2021

預期書名會是 Windows APT Warfare《惡意程式前線戰術指南》約莫今年六月中會上實體通路 XD

@ph4ntonn
Copy link
Copy Markdown
Contributor Author

ph4ntonn commented Mar 31, 2021

預期書名會是 Windows APT Warfare《惡意程式前線戰術指南》約莫今年六月中會上實體通路 XD

坐等拜读了 XD

fengjixuchui added a commit to fengjixuchui/RunPE-In-Memory that referenced this pull request Sep 7, 2021
@fengjixuchui
Merge pull request #1 from aaaddress1/master
cdfe2a3 
Merge pull request aaaddress1#10 from ph4ntonn/master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ph4ntonn @aaaddress1