aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-19 07:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update re102_section6.md

Browse Source
This commit is contained in:
SECURED.ORG
2017-08-10 16:21:00 -07:00
committed by GitHub
parent 1341d60beb
commit 3adf1614d3
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
RE102/re102_section6.md
View File

@@ -111,7 +111,8 @@ Notice that the output looks like the header of a PE executable. The only differ
Step through the rest until you reach a call to `sub_4031A9` at `00404C81`. You will find that it uses CreateProcess to spawn a new process of the newly created PE without dropping it to disk. After you step over the call to CreateProcess, you can open Process Explorer to view the newly created child process.
![alt text](https://securedorg.github.io/RE102/images/Section6_createprocess.png "Section6_createprocess")
*Click to Enlarge*
[![alt text](https://securedorg.github.io/RE102/images/Section6_createprocess.png "Section6_createprocess")](https://securedorg.github.io/RE102/images/Section6_createprocess.png)
Now that you know the algorithm, you can create a unpacking script for the resource. The next page will go over the script.