SlideShare a Scribd company logo

Reversing & malware analysis training part 2 introduction to windows internals

Download as PPTX, PDF
securityxploded
securityxploded

This presentation is part of our Reverse Engineering & Malware Analysis Training program. For more details refer our Security Training page http://securityxploded.com/security-training.php

Technology
1 of 21
www.SecurityXploded.com
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working. However in no circumstances neither the trainer nor SecurityXploded is responsible for any damage or loss caused due to use or misuse of the information presented here. www.SecurityXploded.com
Acknowledgement  Special thanks to null & Garage4Hackers community for their extended support and cooperation.  Thanks to all the trainers who have devoted their precious time and countless hours to make it happen. www.SecurityXploded.com
Reversing & Malware Analysis Training This presentation is part of our Reverse Engineering & Malware Analysis Training program. Currently it is delivered only during our local meet for FREE of cost. For complete details of this course, visit our Security Training page. www.SecurityXploded.com
Who am I #1 Amit Malik (sometimes DouBle_Zer0,DZZ)  Member SecurityXploded & Garage4Hackers  Security Researcher  RE, Exploit Analysis/Development, Malware Analysis  Email: m.amit30@gmail.com www.SecurityXploded.com
Who am I #2 Swapnil Pathak  Member SecurityXploded  Security Researcher  RE, Malware Analysis, Network Security  Email: swapnilpathak101@gmail.com www.SecurityXploded.com
Windows Architecture www.SecurityXploded.com
Memory Management  Virtual Memory - An invisible layer between a software and physical memory - Every process first get loaded into its virtual memory address space - Small units called “pages” are used to do mapping between physical memory and virtual memory.  Paging - Memory management scheme that stores and retrieves data from secondary storage for use in main memory - Uses same size blocks called pages - Page table is used to translate virtual addresses in physical memory addresses www.SecurityXploded.com
Memory Management Cont.  User Address Space - Allocated for user mode applications. - All processes execute in their own virtual space. - Use operating system dlls to interact with kernel  Kernel Address Space - Strictly reserved for kernel, device drivers and operating system executive. - No user mode application can directly interact with the kernel. www.SecurityXploded.com
Kernel & User Address Space www.SecurityXploded.com
Process and Thread  Process - Executing instance of an application. - Isolated address space - PEB data structure store information about process - PEB is an user space data structure  Threads - Multiple threads share the same address space in the process. - Each process has at least a single executing thread. - TEB data structure store information about thread www.SecurityXploded.com
PEB (Process Environment Block) An opaque data structure that store information about process in user space www.SecurityXploded.com
PEB Cont. www.SecurityXploded.com
TEB (Thread Environment Block) TEB is a data structure that store information about thread www.SecurityXploded.com
Application Programming Interface  API - Includes functions, classes, data structures and variables - Interface between various software components to communicate with each other. - Windows APIs are used to interact with kernel or other modules.  MSDN - Provides documentation for various API functions.  System Dlls - ntdll.dll, kernel32.dll, user32.dll, advapi32.dll, hal.dll etc www.SecurityXploded.com
System Service Dispatching www.SecurityXploded.com
System Service Dispatching Cont. www.SecurityXploded.com
Important API  File and Directories - CreateFile, GetSystemDirectory, ReadFile, WriteFile etc  Network - socket, send, recv, URLDownloadToFile etc  Registry - RegOpenKey, RegSetValue, RegQueryValue etc www.SecurityXploded.com
Important API Cont.  Processes, Threads, Synchronization using mutex, semaphore. - CreateProcess, ReadProcessMemory, WriteProcessMemory,CreateRemoteThread, CreateMutex etc  Memory - VirtualAlloc, VirtualProtect ,HeapAlloc, LocalAlloc etc www.SecurityXploded.com
Reference  Complete Reference Guide for Reversing & Malware Analysis Training www.SecurityXploded.com
Thank You ! http://SecurityXploded.com

Recommended

Advanced Malware Analysis Training Session 5 - Reversing Automation
Advanced Malware Analysis Training Session 5 - Reversing AutomationAdvanced Malware Analysis Training Session 5 - Reversing Automation
Advanced Malware Analysis Training Session 5 - Reversing Automationsecurityxploded
 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicssecurityxploded
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
 

Recommended

Advanced Malware Analysis Training Session 5 - Reversing Automation
Advanced Malware Analysis Training Session 5 - Reversing AutomationAdvanced Malware Analysis Training Session 5 - Reversing Automation
Advanced Malware Analysis Training Session 5 - Reversing Automationsecurityxploded
 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicssecurityxploded
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasuresn|u - The Open Security Community
 
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis TechniquesAdvanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniquessecurityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kitssecurityxploded
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future RoadmapReversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future Roadmapsecurityxploded
 
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming BasicsReversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basicssecurityxploded
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsCysinfo Cyber Security Community
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)securityxploded
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...securityxploded
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationCysinfo Cyber Security Community
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memorysecurityxploded
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingCysinfo Cyber Security Community
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedCysinfo Cyber Security Community
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsCysinfo Cyber Security Community
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysissecurityxploded
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisCysinfo Cyber Security Community
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxCysinfo Cyber Security Community
 
Reversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internalsReversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internalsAbdulrahman Bassam
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsCysinfo Cyber Security Community
 

More Related Content

What's hot

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis TechniquesAdvanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniquessecurityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future RoadmapReversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future Roadmapsecurityxploded
 
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming BasicsReversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basicssecurityxploded
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsCysinfo Cyber Security Community
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)securityxploded
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...securityxploded
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationCysinfo Cyber Security Community
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memorysecurityxploded
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingCysinfo Cyber Security Community
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedCysinfo Cyber Security Community
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsCysinfo Cyber Security Community
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysissecurityxploded
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisCysinfo Cyber Security Community
 

What's hot (20)

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis TechniquesAdvanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kits
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future RoadmapReversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future Roadmap
 
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming BasicsReversing & Malware Analysis Training Part 4 - Assembly Programming Basics
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensics
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
 
Advanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automationAdvanced malware analysis training session5 reversing automation
Advanced malware analysis training session5 reversing automation
 
Hunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of MemoryHunting Rootkit From the Dark Corners Of Memory
Hunting Rootkit From the Dark Corners Of Memory
 
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversingReversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
 
Reversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasicsReversing malware analysis training part3 windows pefile formatbasics
Reversing malware analysis training part3 windows pefile formatbasics
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
 

Similar to Reversing & malware analysis training part 2 introduction to windows internals

Reversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internalsReversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internalsAbdulrahman Bassam
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsCysinfo Cyber Security Community
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsAbdulrahman Bassam
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Design Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureDesign Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureTiffany Graham
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
 
CS9222 Advanced Operating System
CS9222 Advanced Operating SystemCS9222 Advanced Operating System
CS9222 Advanced Operating SystemKathirvel Ayyaswamy
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Abdulrahman Bassam
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
My first Operating System Presentation
My first Operating System PresentationMy first Operating System Presentation
My first Operating System PresentationRida Bilgrami
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam
 
amrapali builders@@@@hacking windows internals.pdf
amrapali builders@@@@hacking windows internals.pdfamrapali builders@@@@hacking windows internals.pdf
amrapali builders@@@@hacking windows internals.pdfamrapalibuildersreviews
 
Developing Plug-Ins for NetBeans
Developing Plug-Ins for NetBeansDeveloping Plug-Ins for NetBeans
Developing Plug-Ins for NetBeanselliando dias
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
Top 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersTop 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersw3asp dotnet
 

Similar to Reversing & malware analysis training part 2 introduction to windows internals (20)

Reversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internalsReversing & malware analysis training part 2 introduction to windows internals
Reversing & malware analysis training part 2 introduction to windows internals
 
Reversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internalsReversing malware analysis training part2 introduction to windows internals
Reversing malware analysis training part2 introduction to windows internals
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
 
Design Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureDesign Decisions For Understanding Software Architecture
Design Decisions For Understanding Software Architecture
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
 
CS9222 Advanced Operating System
CS9222 Advanced Operating SystemCS9222 Advanced Operating System
CS9222 Advanced Operating System
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics Reversing & malware analysis training part 5 reverse engineering tools basics
Reversing & malware analysis training part 5 reverse engineering tools basics
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014
 
My first Operating System Presentation
My first Operating System PresentationMy first Operating System Presentation
My first Operating System Presentation
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basics
 
amrapali builders@@@@hacking windows internals.pdf
amrapali builders@@@@hacking windows internals.pdfamrapali builders@@@@hacking windows internals.pdf
amrapali builders@@@@hacking windows internals.pdf
 
Developing Plug-Ins for NetBeans
Developing Plug-Ins for NetBeansDeveloping Plug-Ins for NetBeans
Developing Plug-Ins for NetBeans
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
Top 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersTop 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answers
 

More from securityxploded

Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutionssecurityxploded
 
Hollow Process Injection - Reversing and Investigating Malware Evasive Tactics
Hollow Process Injection - Reversing and Investigating Malware Evasive TacticsHollow Process Injection - Reversing and Investigating Malware Evasive Tactics
Hollow Process Injection - Reversing and Investigating Malware Evasive Tacticssecurityxploded
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learningsecurityxploded
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Linux Malware Analysis using Limon Sandbox
Linux Malware Analysis using Limon SandboxLinux Malware Analysis using Limon Sandbox
Linux Malware Analysis using Limon Sandboxsecurityxploded
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malwaresecurityxploded
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
Return Address – The Silver Bullet
Return Address – The Silver BulletReturn Address – The Silver Bullet
Return Address – The Silver Bulletsecurityxploded
 
Defeating public exploit protections (EMET v5.2 and more)
Defeating public exploit protections (EMET v5.2 and more)Defeating public exploit protections (EMET v5.2 and more)
Defeating public exploit protections (EMET v5.2 and more)securityxploded
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensicssecurityxploded
 
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine LearningMalicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learningsecurityxploded
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)securityxploded
 

More from securityxploded (20)

Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Hollow Process Injection - Reversing and Investigating Malware Evasive Tactics
Hollow Process Injection - Reversing and Investigating Malware Evasive TacticsHollow Process Injection - Reversing and Investigating Malware Evasive Tactics
Hollow Process Injection - Reversing and Investigating Malware Evasive Tactics
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Linux Malware Analysis using Limon Sandbox
Linux Malware Analysis using Limon SandboxLinux Malware Analysis using Limon Sandbox
Linux Malware Analysis using Limon Sandbox
 
Introduction to SMPC
Introduction to SMPCIntroduction to SMPC
Introduction to SMPC
 
Breaking into hospitals
Breaking into hospitalsBreaking into hospitals
Breaking into hospitals
 
Bluetooth [in]security
Bluetooth [in]securityBluetooth [in]security
Bluetooth [in]security
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attack
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
 
Return Address – The Silver Bullet
Return Address – The Silver BulletReturn Address – The Silver Bullet
Return Address – The Silver Bullet
 
Defeating public exploit protections (EMET v5.2 and more)
Defeating public exploit protections (EMET v5.2 and more)Defeating public exploit protections (EMET v5.2 and more)
Defeating public exploit protections (EMET v5.2 and more)
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
 
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine LearningMalicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learning
 
MalwareNet Project
MalwareNet ProjectMalwareNet Project
MalwareNet Project
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)
 
Dissecting BetaBot
Dissecting BetaBotDissecting BetaBot
Dissecting BetaBot
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Reversing & malware analysis training part 2 introduction to windows internals

  • 2. Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working. However in no circumstances neither the trainer nor SecurityXploded is responsible for any damage or loss caused due to use or misuse of the information presented here. www.SecurityXploded.com
  • 3. Acknowledgement  Special thanks to null & Garage4Hackers community for their extended support and cooperation.  Thanks to all the trainers who have devoted their precious time and countless hours to make it happen. www.SecurityXploded.com
  • 4. Reversing & Malware Analysis Training This presentation is part of our Reverse Engineering & Malware Analysis Training program. Currently it is delivered only during our local meet for FREE of cost. For complete details of this course, visit our Security Training page. www.SecurityXploded.com
  • 5. Who am I #1 Amit Malik (sometimes DouBle_Zer0,DZZ)  Member SecurityXploded & Garage4Hackers  Security Researcher  RE, Exploit Analysis/Development, Malware Analysis  Email: m.amit30@gmail.com www.SecurityXploded.com
  • 6. Who am I #2 Swapnil Pathak  Member SecurityXploded  Security Researcher  RE, Malware Analysis, Network Security  Email: swapnilpathak101@gmail.com www.SecurityXploded.com
  • 7. Windows Architecture www.SecurityXploded.com
  • 8. Memory Management  Virtual Memory - An invisible layer between a software and physical memory - Every process first get loaded into its virtual memory address space - Small units called “pages” are used to do mapping between physical memory and virtual memory.  Paging - Memory management scheme that stores and retrieves data from secondary storage for use in main memory - Uses same size blocks called pages - Page table is used to translate virtual addresses in physical memory addresses www.SecurityXploded.com
  • 9. Memory Management Cont.  User Address Space - Allocated for user mode applications. - All processes execute in their own virtual space. - Use operating system dlls to interact with kernel  Kernel Address Space - Strictly reserved for kernel, device drivers and operating system executive. - No user mode application can directly interact with the kernel. www.SecurityXploded.com
  • 10. Kernel & User Address Space www.SecurityXploded.com
  • 11. Process and Thread  Process - Executing instance of an application. - Isolated address space - PEB data structure store information about process - PEB is an user space data structure  Threads - Multiple threads share the same address space in the process. - Each process has at least a single executing thread. - TEB data structure store information about thread www.SecurityXploded.com
  • 12. PEB (Process Environment Block) An opaque data structure that store information about process in user space www.SecurityXploded.com
  • 13. PEB Cont. www.SecurityXploded.com
  • 14. TEB (Thread Environment Block) TEB is a data structure that store information about thread www.SecurityXploded.com
  • 15. Application Programming Interface  API - Includes functions, classes, data structures and variables - Interface between various software components to communicate with each other. - Windows APIs are used to interact with kernel or other modules.  MSDN - Provides documentation for various API functions.  System Dlls - ntdll.dll, kernel32.dll, user32.dll, advapi32.dll, hal.dll etc www.SecurityXploded.com
  • 16. System Service Dispatching www.SecurityXploded.com
  • 17. System Service Dispatching Cont. www.SecurityXploded.com
  • 18. Important API  File and Directories - CreateFile, GetSystemDirectory, ReadFile, WriteFile etc  Network - socket, send, recv, URLDownloadToFile etc  Registry - RegOpenKey, RegSetValue, RegQueryValue etc www.SecurityXploded.com
  • 19. Important API Cont.  Processes, Threads, Synchronization using mutex, semaphore. - CreateProcess, ReadProcessMemory, WriteProcessMemory,CreateRemoteThread, CreateMutex etc  Memory - VirtualAlloc, VirtualProtect ,HeapAlloc, LocalAlloc etc www.SecurityXploded.com
  • 20. Reference  Complete Reference Guide for Reversing & Malware Analysis Training www.SecurityXploded.com

Editor's Notes

  1. Picture is taken from : rootkit arsenal
  2. Picture is taken from : RootKit Arsenal (An awesome book)
  3. Picture source: http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png