Overview
Explore the intricacies of the AddressOfEntryPoint field in PE file formats and learn effective techniques for locating the main function in this 13-minute video. Dive into sample binaries, compiling processes, and the use of 010 Editor to find the AddressOfEntryPoint. Examine the 32-bit PE file layout and discover valuable tips for identifying the main function. Investigate arguments for main in x64 binaries and analyze the start point in a packed binary, using Lockbit 3.0 as an example. Gain insights into cybersecurity, reverse engineering, and malware analysis through this informative tutorial by Dr. Josh Stroschein.
Syllabus
Sample Binaries
Compiling
Finding AddressOfEntryPoint in 010 Editor
32-Bit PE file layout
Tips for Finding Main
Arguments for main in x64 binary
Start in a packed binary Lockbit 3.0
Taught by
Dr Josh Stroschein