阅读:1033回复:0
Anti-API Hook and App can access > 2GB address?
1.Anti-API Hook.
1.1.CreateRemoteThread I can chk the thread numbers and TLS Value. 1.2.IAT redirect on-the-fly. I can compare my IAT with function address using dynamic load. 1.3.DLL Injection.(It\'s global way.) Inject the \"int 3\" or \"jxx mem.\". I don\'t know how to detect it,can anyone give me the concepts? 2.The PE Header have the flags that is \"access > 2GB address\",can app set the flag to do it? Thx a lot. |
|
|