remove fake plt/got in windows PE files #65

gogo2464 · 2023-10-01T21:29:25Z

Using masm, we could frmove the fake plt/got in windows pe files. Let's just find and add some dependencies:

An example of masm32 output:

.model flat, stdcall
option casemap:none

      include \masm32\include\windows.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc

      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib

.code

start:
    call    CreateFileA

THis could be a good improvment. I need more experience specific to ddisam programming in order to specifically be assigned to this issue.

The text was updated successfully, but these errors were encountered:

aeflores · 2023-10-05T13:05:02Z

I am not sure what you mean, PE programs don't have PLT or GOT sections, they have an import table (IAT). Are you thinking about removing the EXTERN declarations that we have in PE asm listings?

gogo2464 · 2023-10-05T13:07:28Z

I was thinking about the .text disassembled section that contains relocation yes.

gogo2464 added the binary fails DDisasm fails to correctly disassemble a binary label Oct 1, 2023

gogo2464 assigned aeflores Oct 1, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

remove fake plt/got in windows PE files #65

remove fake plt/got in windows PE files #65

gogo2464 commented Oct 1, 2023

aeflores commented Oct 5, 2023

gogo2464 commented Oct 5, 2023

remove fake plt/got in windows PE files #65

remove fake plt/got in windows PE files #65

Comments

gogo2464 commented Oct 1, 2023

aeflores commented Oct 5, 2023

gogo2464 commented Oct 5, 2023