just write whatever you want
Armagedon
Posts: 14 Joined: Tue May 27, 2008 4:30 am
Post
by Armagedon » Sat Nov 08, 2008 2:37 pm
hi
I want to find iat of another process.
i need source code(without madcollection).
can you help me?
thanks.
iconic
Site Admin
Posts: 1065 Joined: Wed Jun 08, 2005 5:08 am
Post
by iconic » Sat Nov 08, 2008 5:30 pm
Finding IAT of a module in another process is easy. You should study the PE format and then look into ReadProcessMemory. All you need is the module's size and the HMODULE (image base).
--Iconic
Armagedon
Posts: 14 Joined: Tue May 27, 2008 4:30 am
Post
by Armagedon » Sun Nov 09, 2008 1:06 pm
can you give me a source code?
i want get all iat's(hooked & unhooked)
thanks
iconic
Site Admin
Posts: 1065 Joined: Wed Jun 08, 2005 5:08 am
Post
by iconic » Wed Nov 12, 2008 3:30 am
You might look at this example located
here . I'm sure you can modify it to scan all processes to fit your needs.
--Iconic
Armagedon
Posts: 14 Joined: Tue May 27, 2008 4:30 am
Post
by Armagedon » Wed Nov 12, 2008 7:11 am
thanks.
but i want delphi code