chapter09 - stub.asm 的一处问题

https://github.com/aaaddress1/Windows-APT-Warfare/blob/main/source/chapter%2308/stub.asm

chapter09 - stub.asm 的一处问题
```nasm
fix_iat:
    lea ecx, [ebx + IMAGE_DIRECTORY_ENTRY_IMPORT]
    mov ecx, dword [ecx]
    add ecx, [ebp + 20]; ecx point to the current IMAGE_IMPORT_DESCRIPTOR 

import_dll:
    mov eax, dword [ecx + _IMAGE_IMPORT_DESCRIPTOR.idName]
    test eax, eax
    jz iatfix_done
    add eax, [ebp + 20]; eax point to the imported API name (char array)
    push ecx  ; 这里应该保存一下寄存器 ecx （IMAGE_IMPORT_DESCRIPTOR），因后面的调用会影响到寄存器 ecx
    push eax
    call dword [ebp + 0x08]; LoadLibraryA
    mov ebx, eax; let ebx keep the imageBase of the imported dll
    pop ecx  ; 恢复寄存器 ecx，后续要用到
    mov edi, dword [ecx + _IMAGE_IMPORT_DESCRIPTOR.idFirstThunk]
    add edi, dword [ebp + 20] ; set destination point to IMAGE_THUNK_DATA array
    mov esi, edi
    nop
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chapter09 - stub.asm 的一处问题 #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

chapter09 - stub.asm 的一处问题 #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions