This project was inspired due to the lack of documentation around this subject. As an aspiring malware analyst, it hurt my ego that everytime I booted IDA or Ghidra and saw mov eax, fs[0x30] ... mov esi, [eax+0x3c] I had no idea how they implemented it. Of course I could implement it in MASM, since the source code is literally right there, but I also wanted to do it in C/C++, because why not?
I'll document my learning process from simply accessing the PEB, to dynamically solving the IAT (a common technique used by malware authors).
The project has reached it's intended goal, which was to simulate a dynamic construction of the Import Address Table. But I'm still not satisfied, this is not enough. The next goals will be to transform this piece of code into a packer/dropper. And I will implement even more evasion techniques, namely, the easiest that comes to mind is process Injection, since there's tons of ways one could do it. I will keep updating with new ideas. But eventually I would love to be able to implement control-flow flattening.
