Reverse Engineering Asked on March 2, 2021
I asked the question a while ago but found no answer so I’m trying my luck again
the only solution is this :
Finding all API calls in a function
but it doesn’t work when the library call is a .NET library call, and it seems like it doesn’t include calling to recognized staticley linked library calls that were recognized by flirt
basically i just want to check if a call instruction is a API/Library call or just a local function call
I already tried to use the GetOpType function but didnt work, both of the "local" calls and library calls will return 10 :
void [mscorlib]System.Threading.Thread::Sleep(int32)
10
unsigned int8[] Loader.Nyan::AES_Decrypt(unsigned int8[] bytesToBeDecrypted)
10 (LOCAL function)
Currently I’m using regex as a dirty workaround to find library calls only if there is a [*] in the operand but there has to be a better way..
as another work around I’m checking to see if the last byte of call is 0x0A or not, based on experience all the library calls have this byte at the end, not sure if its gonna work for all the calls or not
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP