Foundational Static Analysis: API Analysis

Question

Hi all,&nbsp;I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function.Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code.Also tried to look for references to GetProcAddress or LoadLibrary and nothing.Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?.Is the only question from this part remaining...Thanks and regards.

netcat · Answer

The ansi version is not used, however there are two more similar APIs with extendend unicode and unicode support. Dig into these.

Forum Discussion

Foundational Static Analysis: API Analysis

1 Reply

Recent Discussions

Windows Basics: Ep.3 – Registry Roadblock

Weaponization: Payloads – Obfuscation Using PowerShell

Discovery: Enumeration Scripts – Part 1

Windows Hardening: Ep.6 – Pivoting

DDOS Analysis: UDP Flood (Question 8)