mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update malware-tech_ref_and_memo.md
This commit is contained in:
parent
ffa081c03b
commit
beb142ee69
@ -92,7 +92,18 @@ to do...
|
||||
[The 0x33 Segment Selector (Heavens Gate)](https://www.malwaretech.com/2014/02/the-0x33-segment-selector-heavens-gate.html)<br>
|
||||
|
||||
## API obfuscation
|
||||
[A Museum of API Obfuscation on Win32](http://eval.symantec.com/mktginfo/enterprise/media/security_response/whitepapers/a_museum_of_api_obfuscation_on_win32.pdf)<br>
|
||||
[A Museum of API Obfuscation on Win32](https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/a_museum_of_api_obfuscation_on_win32.pdf)<br>
|
||||
### Using GetProcAddress and GetModulehandleA
|
||||
- GetProcAddressを利用して呼び出したいAPIのアドレスを動的に解決する
|
||||
- GetProcAddressの引数は第一引数に対象dllのハンドルを指定(i.e. GetModuleHandleA("kernel32.dll"))し,第二引数にdllから呼び出したいAPI名を指定
|
||||
```
|
||||
FARPROC GetProcAddress(
|
||||
HMODULE hModule,
|
||||
LPCSTR lpProcName
|
||||
);
|
||||
```
|
||||
|
||||
|
||||
|
||||
## PowerShell Script obfuscation
|
||||
- 難読化ツール<br>
|
||||
|
Loading…
Reference in New Issue
Block a user