scdbg ordinal lookup Author: David Zimmer Date: 06.07.11 - 6:44am
Couple weeks ago I went through and redid all the export tables to fully support ordinal lookups for every api. Wasnt sure how many shellcodes would utilize it, but just found another..
4012f9 GetProcAddress(kernel32.0x245) - LoadLibraryA by ordinal
401691 LoadLibraryA(kernel32)
4012f9 GetProcAddress(kernel32.0x50) - CreateFileA by ordinal
4012f9 GetProcAddress(kernel32.0x391) - WriteFile by ordinal
4012f9 GetProcAddress(kernel32.0x2a7) - ReadFile by ordinal
4012f9 GetProcAddress(kernel32.0x15c) - GetFileSize by ordinal
4012f9 GetProcAddress(kernel32.0x32) - CloseHandle by ordinal
4012f9 GetProcAddress(kernel32.0x385) - WinExec by ordinal
4012f9 GetProcAddress(kernel32.0x1cc) - GetTempPathA by ordinal
4012f9 GetProcAddress(kernel32.0x30a) - SetFilePointer by ordinal
4012f9 GetProcAddress(kernel32.0x10a) - GetCommandLineA by ordinal
4012f9 GetProcAddress(kernel32.0xb7) - ExitProcess by ordinal
401691 LoadLibraryA(shell32)
4012f9 GetProcAddress(shell32.0x167) - ShellExecuteA by ordinal
401709 GetCommandLineA() = 2531d0
40142e GetTempPath(len=104, buf=12f858) = 8
...
Comments: (0)
|