adplus-dvertising
frame-decoration

Question

How can you locate relevant functions in NTDLL.DLL?

a.

Look through the list of exported symbols in NTDLL.DLL

b.

Search the Windows Registry

c.

Look through the list of installed Windows updates

d.

Look through the list of installed programs

Posted under Reverse Engineering

Answer: (a).Look through the list of exported symbols in NTDLL.DLL Explanation:To locate relevant functions in NTDLL.DLL, you can look through the list of exported symbols in NTDLL.DLL.

Engage with the Community - Add Your Comment

Confused About the Answer? Ask for Details Here.

Know the Explanation? Add it Here.

Q. How can you locate relevant functions in NTDLL.DLL?

Similar Questions

Discover Related MCQs

Q. What are some of the functions in the RTL group of APIs?

Q. What is the purpose of searching for binaries that use an undocumented API?

Q. How can a kernel-mode debugger help in locating code that uses a specific function systemwide?

Q. Which group of functions does the generic table API belong to?

Q. What is the function of RtlInitializeGenericTable?

Q. What is the purpose of the program GenericTable.EXE?

Q. What is RtlInitializeGenericTable?

Q. What is the purpose of RtlInitializeGenericTable?

Q. What is a calling convention?

Q. What is the default calling convention used in Windows?

Q. How does a RET instruction with a numeric operand provide information about a function's calling convention?

Q. Why is the function not a _fastcall calling convention?

Q. Why is the function not a C++ member function?

Q. What is the LEA instruction used for?

Q. What is the purpose of the RtlNumberGenericTableElements function?

Q. What does the RtlNumberGenericTableElements function return?

Q. What is the purpose of RtlIsGenericTableEmpty?

Q. What is the parameter that RtlIsGenericTableEmpty takes?

Q. How does RtlIsGenericTableEmpty determine if a data structure is empty?

Q. What does the SETE instruction do?