TBone
May 27th, 2005, 13:23
I promised myself that eventually I would get around to writing some tutorials once I finally knew enough about something to write one 
This isn't really a tutorial in the sense of telling you how to do something step-by-step. Rather, it's more like a paper about the mechanisms of importing functions; the IDT, the IAT, intermodular calls, thunks, jump tables, etc. In the last section, it also goes into the subject of how (and why) packers and crypters can screw with these structures to make life hard for you. It also explains what "rebuilding the imports" actually entails, and gives a rough explanation of how programs like Imprec work.
As a word of warning, this is written by a newbie (well, I'd like to think that maybe I'm moving into "acolyte" territory by now, but you get the idea). I've tried to consciensciously check everything I've said for errors, but I might have missed something. I would greatly appreciate it if any of the advanced reversers around here would be willing to take the time to read it and fact check me.
This isn't really a tutorial in the sense of telling you how to do something step-by-step. Rather, it's more like a paper about the mechanisms of importing functions; the IDT, the IAT, intermodular calls, thunks, jump tables, etc. In the last section, it also goes into the subject of how (and why) packers and crypters can screw with these structures to make life hard for you. It also explains what "rebuilding the imports" actually entails, and gives a rough explanation of how programs like Imprec work.
As a word of warning, this is written by a newbie (well, I'd like to think that maybe I'm moving into "acolyte" territory by now, but you get the idea
). I've tried to consciensciously check everything I've said for errors, but I might have missed something. I would greatly appreciate it if any of the advanced reversers around here would be willing to take the time to read it and fact check me.
