mmn3mm
commented
4 years ago I opened this PR by mistake sorry, I am preparing a more detailed issue description regarding all the contributions I have done and will open a new one.
Closed mmn3mm closed 4 years ago
mmn3mm
commented
4 years ago I opened this PR by mistake sorry, I am preparing a more detailed issue description regarding all the contributions I have done and will open a new one.
Functions related to resource section(eg: LoadStringA) failed in binee when I set a partial hook, so when I looked into it I and started analyzing I found that for the functions to work, they require DllMain for dlls to be run, when I enabled the option in binee there is much more headache to deal with, that's because most of DllMains require fields from undocumented windows structures(PEB). I did some research but I found it will probably take lots of time to handle. I also thought parsing all resources might come in handy later upon analysis of parts in the binary or feature extraction. It wasn't a very easy process since its not really well documented, but I successfully parsed it and have an article explaining how I did it.
To reproduce the issue: I added a test binary in the tests folder to check the behavior.