scemu icon indicating copy to clipboard operation
scemu copied to clipboard
verified publisher icon sha0coder

when calling API with RET it triggers LoadLibraryA with an api-name in the argument.

Open sha0coder opened this issue 7 months ago • 0 comments

It's weird, some packer do an api-call with a ret, for any reason the api-gateway launch LoadLibraryA("api-name") it's not a lib name it's an api name, prolly should call GetProcAddress.

Image 
=>mn
address=>0x7ff0001f8000
map: kernel32.pe 0x7ff0001f8000-0x7ff0001f8400 (1024)
=>iatx
api addr=>0x7ff0001f8000
api addr not found
=>

sha0coder avatar Aug 04 '25 15:08 sha0coder