Jump to content
Nytro

Deep Dive into OS Internals with Windbg

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Deep Dive into OS Internals

with Windbg

Malware and OS Internals

An approach towards reversing malwares, shellcodes and other malicious codes

to understand the ways in which they use the OS Internals for their

functionality.

Preface ............................................................................................................................................................................3Reversing Windows Internals..........................................................................................................................................4
Portable Executable Anatomy.........................................................................................................................................5
Data Directories of Interest.............................................................................................................................................7
Import Directory..............................................................................................................................................................8
Import Address Table....................................................................................................................................................12
Export Directory ............................................................................................................................................................13
Manual Walkthrough of Export Directory.....................................................................................................................14
Process Environment Block...........................................................................................................................................17
Different methods to locate the PEB ............................................................................................................................18
Understanding an Example Shellcode...........................................................................................................................20
Using _PEB_LDR_DATA .................................................................................................................................................20
Using _LDR_DATA_TABLE_ENTRY.................................................................................................................................23
Practical Example with Rustock.B Rootkit.....................................................................................................................25
Conclusion.....................................................................................................................................................................32
References.....................................................................................................................................................................33

Download:

http://www.exploit-db.com/wp-content/themes/exploit/docs/18576.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...