Search Evasion Techniques
Names, Techniques, Definitions, Keywords
1 item(s) found so far for this keyword.
It is possible to change the
DllBase of a module at runtime. This can trick debugging and analysis tools such as IDA or Cheat Engine into thinking a module's base is actually at another address.
This is achieved by accessing the process PEB's member 'Ldr', in particular it has a member
InOrderMemoryLinks which we can iterate through to get a …