If I have some information like:
AppName: myapp.exe
AppVer: x.x.x.x
ModName: kernel32.dll
ModVer: 5.1.2600.3541
Offset: 00012a6b
Is it possible for me to determine what function exists at offset 00012a6b in kernel32.dll?
views:
375answers:
2
+1
A:
they're called dll viewer programs. this is just one example from a quick websearch. but yes they exist
ThePosey
2009-08-03 13:16:11
That works; now is there a place where I can download that specific version of kernel32.dll?
Nick
2009-08-03 13:53:22
no idea about that one dude. i'd imagine that would be pretty hard to find without microsoft contacts
ThePosey
2009-08-04 15:24:09
A:
start windbg, load your app and execute
ln address
in the debugger and it will print the closest symbol.
steve
2009-08-11 21:52:10