You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this page, it is stated that relocations may need to be fixed, and ntdll does not have any relocations to fix. However, ntdll does indeed have relocations (in fact, my version holds 7577 relocations), as can be seen if you open it in CFF Explorer. Indeed, this is because CreateFileMapping and MapViewOfFile already does the relocations for you. As such, no matter what DLL you use, this method should work to map it into memory without needing to solve for relocations (even the more complex ones such as kernel32.dll). In fact, if you implement your own mapping function (using things such as fopen), you will see that the ImageBase observed is completely different from the ImageBase you get after using CreateFileMapping and MapViewOfFile
The text was updated successfully, but these errors were encountered:
In this page, it is stated that relocations may need to be fixed, and ntdll does not have any relocations to fix. However, ntdll does indeed have relocations (in fact, my version holds 7577 relocations), as can be seen if you open it in CFF Explorer. Indeed, this is because CreateFileMapping and MapViewOfFile already does the relocations for you. As such, no matter what DLL you use, this method should work to map it into memory without needing to solve for relocations (even the more complex ones such as kernel32.dll). In fact, if you implement your own mapping function (using things such as
fopen), you will see that the ImageBase observed is completely different from the ImageBase you get after using CreateFileMapping and MapViewOfFileThe text was updated successfully, but these errors were encountered: