malware_training_vol1 icon indicating copy to clipboard operation
malware_training_vol1 copied to clipboard

Published 20 hours ago verified publisher icon hasherezade

Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question

Open BlueSkeye opened this issue 3 years ago • 2 comments

I don't understand what you mean by "cave between sections". As I understand, the PE loader allocates a memory block for each section. However these blocks are disjoint and it seems memory areas between sections are undefined. Am I missing something ?

BlueSkeye avatar Mar 27 '21 09:03 BlueSkeye

I redone the slides about PE, and included information about caves there: https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module1/Module1_2_pe.pdf - please let me know if it clarifies this concept.

hasherezade avatar Mar 28 '21 19:03 hasherezade

Mod1.2PE refactoring and enhancement makes it much more readable. Good job. S15 (section caves) is very clear for me. So I suggest to rephrase in Mod1.3Shellcodes/S3 "cave between sections" --> "section caves"

BlueSkeye avatar Mar 30 '21 05:03 BlueSkeye