Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Lab 11-2 Solutions
Дальше: Lab 12-1 Solutions
..... shows the original cisvc.exe (named cisvc_original.exe) loaded into PEview, and the bottom part shows the trojanized cisvc.exe. At ❶ and ❷, we see that the entry point differs in the two binaries. If we load both binaries into IDA Pro, we see that the malware has performed entry-point redirection so that the shellcode runs before the original entry point any time that cisvc.exe is launched. shows a snippet of the shellcode in the trojanized version of cisvc.exe.
Назад: Lab 11-2 Solutions
Дальше: Lab 12-1 Solutions
Войти в систему
Войти с помощью соц. сетей:
.
.
.
shows the original cisvc.exe (named cisvc_original.exe) loaded into PEview, and the bottom part shows the trojanized cisvc.exe. At ❶ and ❷, we see that the entry point differs in the two binaries. If we load both binaries into IDA Pro, we see that the malware has performed entry-point redirection so that the shellcode runs before the original entry point any time that cisvc.exe is launched. shows a snippet of the shellcode in the trojanized version of cisvc.exe.
Назад: Lab 11-2 Solutions
Дальше: Lab 12-1 Solutions
Войти в систему
Войти с помощью соц. сетей: