Skip to content
0xEvilC0de.com

0xEvilC0de.com

reversing and malware analysis

  • CTF
  • Video Series
  • Documentation
    • Features
    • Getting Started
    • Help & How-To
      • 01 – Registering Your Account
      • 02 – Joining A CTF
      • 03 – Creating a CTF Competition
    • Running a CTF
    • Challenge Creation
  • Popular Topics
    • malware
    • reversing
    • fuzzing

Category: malware

Exploring the Process Environment Block (PEB) with WinDbg

January 28, 2018 Josh Stroschein malware, reversing

The source code for this example can be found here. The assembly is: mov ebx, fs:[ 0x30 ] ; // get a pointer to the PEB mov ebx, [ ebx + 0x0C ] ; // get PEB->Ldr mov ebx, [ ebx + 0x1C ] ;// PEB->Ldr.InInitializationOrderModuleList mov ebx, [ ebx + 0x08 ] ; // get the entries base address

Read more

Posts navigation

«Previous Posts 1 2
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

Office Hours – Spring 2018

East Hall Room 7 - times are CST
  • T/TH: 9-9:30, 12:15-2pm
  • Wed: 9 - 1pm

Recent Posts

  • ToorCon XX
  • Features of 0xEvilC0de CTF Framework
  • First Pluralsight course now live!
  • Hack-in-the-Box Amsterdam 2018
  • Debugging a 64-bit DLL

Archives

  • September 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018

Resources

Reading List

DSU Recommended Reading

Powered by WordPress and Poseidon.