Windows Imports Searcher
Support Windows OS Reversing by searching easily for references to functions across many DLLs
Support Windows OS Reversing by searching easily for references to functions across many DLLs
Iβve always wondered how .NET executables are loaded..
In the windows kernel, each kernel object has a Query/SetInformation functions which can be used to manipulate the kernel objects members from user/kernel mode. These functions receive an βINFOCLASSβ which is basically the member we want to modify/query.
In this article I will explain how the x64 calling convention looks like in Windows and weβll dive into how it influences reverse engineering.
The entry point of an executable is normally the runtime initialization code - so how can you easily find main()?