when calling API with RET it triggers  LoadLibraryA with an api-name in the argument.

It's weird, some packer do an api-call with a ret, for any reason the api-gateway  launch LoadLibraryA("api-name")  it's not a lib name it's an api name, prolly should call GetProcAddress.


<img width="1244" height="551" alt="Image" src="https://github.com/user-attachments/assets/da9bb305-c401-4672-aad4-dfa6f212a4fb" />

```
=>mn
address=>0x7ff0001f8000
map: kernel32.pe 0x7ff0001f8000-0x7ff0001f8400 (1024)
=>iatx
api addr=>0x7ff0001f8000
api addr not found
=>
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

when calling API with RET it triggers LoadLibraryA with an api-name in the argument. #112

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

when calling API with RET it triggers LoadLibraryA with an api-name in the argument. #112

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions