|PDF Title :
|Practical Malware Analysis
|Total Page :
|PDF Size :
|PDF Link :
Here on this page, we have provided the latest download link for Practical Malware Analysis PDF. Please feel free to download it on your computer/mobile. For further reference, you can go to nostarch.com
Practical Malware Analysis – Book
If you’re using the PhantOm plug-in, check the Load Driver and Hide OllyDbg Windows boxes to protect against this technique. Now load the program into OllyDbg, set a breakpoint at the strncmp call at 0x40123A, and add a command-line argument of abcd in OllyDbg before clicking the play button.
When you click play, the strncmp function appears to compare abcd to bzqrp@ss; however, strncmp checks only the first 4 bytes of the bzqrp@ss string. We conclude that the password must be bzqr, but if we try that password on the command line outside a debugger, we receive the incorrect password error message.
We dig deeper into the code to determine if something else is going on. We begin by properly labeling the encoded string in the listing. The second parameter passed on the stack to strncmp is byte_408030 (a global variable), which we know to be a byte array of size 4. We change this into a 4-byte array and rename it encoded_password.
Practical Malware Analysis PDF
Know more about our initiative