malware_training_vol1
malware_training_vol1 copied to clipboard
hasherezade
Materials for Windows Malware Analysis training (volume 1)
The DUMPBIN & EDITBIN command line tools (available with all editions of Visual Studio when VC++ workload is installed) might be interesting references. The tools allows extensive dump/modification of many...
I don't understand what you mean by "cave between sections". As I understand, the PE loader allocates a memory block for each section. However these blocks are disjoint and it...
When you say "Create a Section" I assume you mean invoking Zw/NtCreateSection. This might be confusing for readers because the section concept has been introduced in module 1.2 as a...
It might be usefull for people not familiar with /Fa flag to clarify that it generates a listing of the assembly code default named .asm, otherwise readers may wonder where...
AFAIU WoW64 is an emulator not a subsystem. Microsoft itself defines WoW64 as an emulator : https://docs.microsoft.com/en-us/windows/win32/winprog64/wow64-implementation-details ... while it advertises WSL as a subsystem : https://docs.microsoft.com/en-us/windows/wsl/
At point 6 you states BaseProcessStart invokes EntryPoint which is right. However this might not be the very first user provided code that is executed. One of the well known...
Exercises code contains some error checking and leave aside a couple of cases. I understand we are in a lab and not seeking for bullet proof and "production ready" code...
I feel "decompiled code is identical to the assembly code that you wrote" is sligthly misleading. Both MASM and YASM support macros and equates that are inlined during compilation. Thus,...
On slide 6 additional startup location can be listed: - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
Hello dear miss hasherezade how are you ? dear Miss please continue the training [malware_training_vol1](https://github.com/hasherezade/malware_training_vol1) specially Module 1 and Module 3, please i am very eager to see this training...
Metadata
Owner
Metadata
Materials for Windows Malware Analysis training (volume 1)