Kindly response ?
Hey @marc-ochsenmeier . Thank you for posting about PE Studio! It has been my foundational PE parsing tool at work for a long time! Indeed, it is a great tool for initial assessment.
I think you can basically implement your own version using WriteFile but you still need to call the WriteFile SSDT entry… You would need to write to the proper output “file.”
@ntopcode oh i like it, so basically like a FLIRT signature?
You would just write some code to scan the address space for those bytes and work from there…
good info thanx
Looks like your connection to Malware Analysis Forums was lost, please wait while we try to reconnect.