|
Over the years I have invested heavily in product R&D building a wide
assortment of new skills, and fostering a diverse background and understanding.
These are some of the papers I have developed along my journey that I make freely available to help others along. |
Sandsprite Papers
VB6 P-Code / Reversing
Reverse Engineering / Binary Analysis
Understanding the Import table
Understanding IAT Hooking
Understanding Peb Module Lists
Libemu Shim for Unicorn
Remote Symbol Resolution
Visual Basic 6
- Remote Symbol Resolution - FireEye 2017
One of my FireEye blog posts that covers a technique how to easily resolve API addresses for a remote process. Include a tool that can process dump files or handle network requests. This is used in the case where malware calculates API addresses on the fly from encoded data before jumping to them.
It includes support for single, bulk, and network lookups. A network client has also been integrated into IDAJScript for seamless integration with IDA scripting. (local copy, code samples)