This chapter is going to cover reversing parts of a real DLL. The DLL we're going to look at is NTDLL.dll. It's quite a big DLL so we won't reverse the whole thing. We'll focus on the Generic Table (GT) functions. I'm choosing the generic table functions because they are semi-documented (so we can check our work), there are multiple functions, and they cover a variety of concepts.
The generic table data structure is publicly documented, however, for the purpose of learning you should avoid the documentation.
<- Previous Lesson - WIP
Next Lesson ->
Eldad Eilam, and Elliot J Chikofsky. Reversing : Secrets of Reverse Engineering. Indianapolis, In, Wiley, 2005.