Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Reflective PE Unloading

via YouTube

Start learning Write review
Simplilearn Ad

Build with Azure OpenAI, Copilot Studio & Agentic Frameworks — Microsoft Certified

Learn More → Boot.dev Ad

Stuck in Tutorial Hell? Learn Backend Dev the Right Way

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore reflective PE unloading techniques in this 48-minute conference talk from BSides Cleveland 2018. Delve into the intricacies of reflective DLL injection, understand the importance of reflective unloaders, and learn how they function. Examine image inspection, writable section management, and the reflective transformer process. Gain insights into adapting techniques, handling header fields, entry point resolution, and practical usage notes. Compare methodologies using IDA Pro diffing and PE Bear, and conclude with a closer examination of release notes and implementation details.

Syllabus

Intro
Overview
Reflective DLL Injection
Scenario Time
The Reflective Unloader
Why We Care
How It Works
Inspecting The Image
Dealing with Writable Sections
Reflective Unloader Release Notes the thing that does the things
Reflective Transformer
Adaptation Is Key
Header Fields
The Entry Point
Multiple Entry Points
Entry Point Resolution
Putting It Together
Notes On Usage
IDA Pro Diffing
PE Bear Comparison
Closer Examination
More Release Notes
Thank you for your time!

Reviews

Start your review of Reflective PE Unloading

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.