Month: February 2018

Locating DLL Name from the Process Environment Block (PEB)

I often encounter software, especially when performing malware analysis, that dynamically constructs it’s own import table. This can be done for a variety of reasons and in a variety of ways. In this article, we’ll explore one method I recently encountered. I typically become suspicious of this activity when I see the following assembly instructions: […]

February 25, 2018

Locating DLL Name from the Process Environment Block (PEB)