Thursday, March 29, 2018

api monitor places to capture unpacked buffer

ntdll.RtlDecompressBuffer (breakpoint AFTER)
_Out_ PUCHAR UncompressedBuffer,

 kernel32.WriteProcessMemory (breakpoint BEFORE)
_In_  LPCVOID lpBuffer,
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)