Hexo

Home Archives
2019-12-26
reverse

Malware Analyse 4 --- stack trace

Sample:

同前文一样,修改了LoadLibrary后的返回地址,在技术上使用栈回溯,无需调用VirtualProtect

首先获取LoadLibrary的下一条指令的地址,然后通过栈回溯查找返回地址,如果匹配则修改为劫持函数的地址

Share
  • reverse
Older
Malware Analyse 3 --- bdreninit dll hijacking

Categories

  • note
  • reverse

Tags

  • note
  • reverse

Tag Cloud

note reverse

Archives

  • December 2019
  • November 2019
  • October 2019
  • July 2019

Recent Posts

  • Malware Analyse 4 --- stack trace
  • Malware Analyse 3 --- bdreninit dll hijacking
  • Malware Analyse 2 --- mpsvc
  • python
  • WinPcap的IP报文分片/重组问题
© 2019 John Doe
Powered by Hexo
Home Archives