Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: UNC imports in PE files
From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 8 Nov 2006 13:57:16 +0000
On Tuesday 07 November 2006 10:59, Solar Eclipse wrote:
<snip>

What you probably don't know is that you can use a full UNC path instead of
a DLL name in the import section of a PE file. When the file is executed,
the loader will try to access the imported DLL using the UNC path and the
WebDAV redirector will download the DLL from the Internet.



Whilst using this technique to decrease PE size is quite interesting, I'd be 
willing to bet most here would already be aware of the redirector 
functionality when loading DLLs, as it was pointed out by Dave Litchfield 
over a year ago.

www.ngssoftware.com/papers/xpms.pdf

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

              - http://reboot-robot.net -

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

Attachment: smime.p7s
Description: 

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]