Suche

Volltextergebnisse:

Shellcode Injection Part 4

8 Treffer, Zuletzt geändert: vor 10 Monaten

, rax ; Adress_Table mov [rbp - 18h], rax ; Name_Ptr_Table mov [rbp - 20h], rax ; Ordinal_Table... ddress_Table RVA_Export_Table + 0x20 Bytes -> RVA_Name_Pointer_Table RVA_Export_Table + 0x24 Bytes -> RV... dress_Table -> Var mov ecx, [rax + 0x20] ; RVA_Name_Ptr_Table add rcx, rbx ; Name_Ptr_Table = kernel32.base + RVA_Name_Ptr_Table mov [rbp - 18h

Buffer overflow in the 64-bit stack - part 1

2 Treffer, Zuletzt geändert: vor 11 Monaten

"Usage: %s <environment variable> <target program name>\n", argv[0]); exit(0); } ptr = getenv(argv[1... v[0]) - strlen(argv[2]))*2; /* adjust for program name */ printf("%s will be at %p\n", argv[1], ptr); }

Obfuscation: polymorphic in-memory decoder

1 Treffer, Zuletzt geändert: vor 9 Monaten

, as only the corresponding registers had to be renamed. The decoder starts with this instruction: <cod

Shellcode Injection Part 2

1 Treffer, Zuletzt geändert: vor 11 Monaten

which is [[https://www.bordergate.co.uk/function-name-hashing/|in this interesting blog post]] is expla

Shellcode Injection Part 3

1 Treffer, Zuletzt geändert: vor 12 Monaten

s> ;Zeile 143 / +7 marks the beginning of the filename (WindowsAgent.py) lea edx, [esi + 7] ;Zeile 184