tag:blogger.com,1999:blog-34943364.post8833412647165749048..comments2014-08-16T06:38:50.315+01:00Comments on c..k..i: Sail to the edge and I'd be thereAnge Albertinihttp://www.blogger.com/profile/17423188298352515655noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-34943364.post-26843093013726407192010-01-22T20:39:27.786+00:002010-01-22T20:39:27.786+00:00Nice. Will give it a try.Nice. Will give it a try.Ange Albertinihttps://www.blogger.com/profile/17423188298352515655noreply@blogger.comtag:blogger.com,1999:blog-34943364.post-27729354587394703082010-01-22T20:30:39.236+00:002010-01-22T20:30:39.236+00:00There's another trick (in my Anti-Unpacking pa...There's another trick (in my Anti-Unpacking paper) where the TLS contains the import table. Then you have a table of RVAs which Windows converts to VAs at runtime, but which a scanner probably won't resolve correctly. If you import something like WinExec, you also get a "free" parameter on the stack, which points to the image header. Place a filename in there, and Windows will run the file for you.Peter Ferriehttp://pferrie.tripod.comnoreply@blogger.com