https://atakinjector.github.io/Personal research, experiments and notes 2026-04-13T21:37:58+02:00 Atakilti Tigabu https://atakinjector.github.io/ Jekyll © 2026 Atakilti Tigabu /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-04-07T18:00:00+02:00 2026-04-07T18:00:00+02:00 https://atakinjector.github.io/posts/peb-module-enumeration/ Atakilti Tigabu

Introduction Generally, programs resolve specific module addresses (such as kernel32.dll) by calling windows api like GetModuleHandle() or through native api like NtQuerySystemInformation. However, this leaves alot of traces and can be easily detected by EDRs or by simplying analysing the Import Address Table (IAT) in the PE strucuture of the binary program. To stay stealthy, malware devs resol...