When you use OllyDbg to debug Lab09-03.exe, what is the assigned basedĪddress for: DLL1.dll, DLL2.dll, and DL元.dll?įrom figure 2, we can observe that the base address for DLL1.dll is DLL2.dll is and DL元.dll is When Lab09-03.exe calls an import function from DLL1.dll, what does Turns out that all 3 dlls requests for the same image base at address 0x10000000. Loading the dll in IDA Pro we can see the base address that each dll requests for. What is the base address requested by DLL1.dll, DLL2.dll, and DL元.dll? During runtime we can see more dlls being imported. importsįrom IDA Pro we can see that DLL1, Dll2, KERNE元2 and NETAPI32 is imported by the malware. What DLLs are imported by Lab09-03.exe? Figure 1. The purpose of this lab is to make you comfortable withįinding the correct location of code within IDA Pro when you are looking atġ. Viewing these DLLs in OllyDbg versus IDA Pro, code may appear at different That are all built to request the same memory load location. This malware loads three included DLLs (DLL1.dll, DLL2.dll, and DL元.dll) View report here(1) & here(2) & here(3) & here(4)Īnalyze the malware found in the file Lab09-03.exe using OllyDbg and IDA Pro.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |