----------------------------------------------------------------------------------------------------
Friday, January 29, 2010
pnx1005
----------------------------------------------------------------------------------------------------
How to handle the .cinit section
pCinit = &cinit
length = *(DWORD*)pCinit;
while(length){
pCinit = (char*)pCinit + 4;
dstAddress = *(DWORD*)pCinit;
srcAddress = (char*)pCinit + 4;
memcpy(dstAddress,srcAddress,length);
pCinit = (LPVOID)(((int)pCinit + length + 0x0b) & 0xfffffff8);
length = *(DWORD*)pCinit
}
The development of the IDA Module
1. Use the install_visual.txt under SDK, the key is stdcall,otherwise it could not been compiled。Do not foget /EXPORT:LPH.
2.Using SDK/bin/mkidp.exe handle the compiled Dll。The source code of mkidp.exe and manual can be found in SDK/etc,the argument of mkidp.exe must use double quotation marks e.g. "",otherwise IDA can no identify the module,and change the extension name of the module to w32。
Subscribe to:
Posts (Atom)