I’m excited to announce that my first Pluralsight course Analyzing Malware for .NET and Java Binaries is now live! You can find the course at the following URL – http://www.pluralsight.com/courses/dotnet-java-binaries-analyzing-malware. The ability to quickly analyze software is a critical skill for anyone handling malware. This course will teach you techniques for reverse engineering Java and .NET binaries, how to generate[…]
Read moreTag: reversing
Exploring the Process Environment Block (PEB) with WinDbg
The source code for this example can be found here. The assembly is: mov ebx, fs:[ 0x30 ] ; // get a pointer to the PEB mov ebx, [ ebx + 0x0C ] ; // get PEB->Ldr mov ebx, [ ebx + 0x1C ] ;// PEB->Ldr.InInitializationOrderModuleList mov ebx, [ ebx + 0x08 ] ; // get the entries base address
Read more