Support Windows OS Reversing by searching easily for references to functions across many DLLs
I’ve always wondered how .NET executables are loaded..
In the windows kernel, each kernel object has a Query/SetInformation functions which can be used to manipulate the kernel objects members from user/kernel mode. These functions receive an “INFOCLASS” which is basically the member we want to modify/query.
In this article I will explain how the x64 calling convention looks like in Windows and we’ll dive into how it influences reverse engineering.
The entry point of an executable is normally the runtime initialization code - so how can you easily find main()?