• XSS.stack #1 – первый литературный журнал от юзеров форума

Статья Как правильно изучать malware-кодинг под Windows

Отслеживать
Последнее редактирование:
Yuji0x01 сказал(а):
what do you mean exactly? can you explain more...?
You can check api that hooked "sentinel one" as example, and you can see heap api hooked.
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
Whisper сказал(а):
Он не просто хучит хип апи для красоты
Так какие именно "хип апи"? Нужно понимать, что в Венде процентов 90 всех возможных аллокаций так или иначе идут через "хип апи": new/delete, malloc/free, LocalAlloc/LocalFree, куча COM апишек. Они ебануться это все анализировать.
 
DildoFagins сказал(а):
Так какие именно "хип апи"? Нужно понимать, что в Венде процентов 90 всех возможных аллокаций так или иначе идут через "хип апи": new/delete, malloc/free, LocalAlloc/LocalFree, куча COM апишек. Они ебануться это все анализировать.
Хуки на хип апи из нтдлл.
Видимо хип было проще и быстрее анализировать чем морфленный код.
 
DildoFagins сказал(а):
So what exactly are "hip-api"? You need to understand that in Venda, 90 percent of all possible allocations in one way or another go through "hip-up": new/delete, malloc/free, LocalAlloc/LocalFree, a bunch of COM apis. They're analyzing it all.
do u have any contact method please '-' i couldn't text you here '-'
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Yuji0x01 сказал(а):
do you think about malware dev now
Если кратко - мне добавить нечего. Фундаментальные основы не изменились.
 
Quake3 сказал(а):
In short, I have nothing to add. The fundamentals have not changed.
'wow... that really cool... thanks... but... if i asked you as i've 17 years old... and i'm more interesting in ransomwares... do you think that doing this is really worth for ransomwares? i mean... to be able to make your own ransomware... and actually... i'm doing some of that things you said... i'm start learning C... (i've knwoldege in other languages such C#) and i got a book for that... called "C prime Plus" from a guy called "Stephen Prata".. it's the fifth editon by the way...
tell me more about this... i'm really interesting...
thank you ^_^
 
DildoFagins сказал(а):
Так какие именно "хип апи"? Нужно понимать, что в Венде процентов 90 всех возможных аллокаций так или иначе идут через "хип апи": new/delete, malloc/free, LocalAlloc/LocalFree, куча COM апишек. Они ебануться это все анализировать.
Слушай но ты же понимаешь что не обзязательно все и во всех процессах и тредах, и не обязятельно всегда, что то тригерит и идет проверка.
Ты вроде бы должен такое понимать, странный короче у тебя пост.
 
Руссинович.. наверное одна из важнейших книг для пост-новичков! Очень хорошо расписано, к тому же добавлю, что после своих велосипедов стоит посмотреть и чужой код, дабы понять, что упущено, а что лучше.
 
whiterbin88 сказал(а):
Руссинович.. наверное одна из важнейших книг для пост-новичков! Очень хорошо расписано, к тому же добавлю, что после своих велосипедов стоит посмотреть и чужой код, дабы понять, что упущено, а что лучше.
does this book has a copy with english? and what does it contain exactly?...
 
please...can you send me the this book :Finogenov K.G. "Win32. Programming...? I really tried a lot to find that book and specially to learn about WinApi in youtube and anyware...and thank god that i find this post...the problem is that...i don't really understand russian language ( i'm trying to learn it since 2weeks '-' )
and as you mentioned in the post i'm trying to learn malware devloppemnt too...but it's becomes defficult now when i tried to learn about winapi...do you think that even now...i can use that book? can you give me more resources if it's useless now ( i mean the book)....?
_thank you ^_^
 
Yuji0x01 сказал(а):
please...can you send me the this book :Finogenov K.G. "Win32. Programming...? I really tried a lot to find that book and specially to learn about WinApi in youtube and anyware...and thank god that i find this post...the problem is that...i don't really understand russian language ( i'm trying to learn it since 2weeks '-' )
and as you mentioned in the post i'm trying to learn malware devloppemnt too...but it's becomes defficult now when i tried to learn about winapi...do you think that even now...i can use that book? can you give me more resources if it's useless now ( i mean the book)....?
_thank you ^_^
Always check on annas-archives:

Win32. Основы программирования - Anna’s Archive

К. Г. Финогенов Книга является простым и доступным для широкого круга читателей пособием по разработке 32-разрядных Диалог-МИФИ
annas-archive.org

WIN 32. основы программирования - Anna’s Archive

К. Г. Финогенов Kniga yavlyaetsya prostym i dostupnym dlya shirokogo kruga chitatelej posobiem po razrabotke 32-razr Диалог-МИФИ
annas-archive.org

Edit: As a small note, you don't need a entire book to learn how to use WinAPI, if you already know the basics of C/C++ you can use WinAPI by just reading Microsoft documentation itself, just search the name of function + msdn in any search engine and you will be fine.
 
el84 сказал(а):
Always check on annas-archives:

Win32. Основы программирования - Anna’s Archive

К. Г. Финогенов Книга является простым и доступным для широкого круга читателей пособием по разработке 32-разрядных Диалог-МИФИ
annas-archive.org

WIN 32. основы программирования - Anna’s Archive

К. Г. Финогенов Kniga yavlyaetsya prostym i dostupnym dlya shirokogo kruga chitatelej posobiem po razrabotke 32-razr Диалог-МИФИ
annas-archive.org

Edit: As a small note, you don't need a entire book to learn how to use WinAPI, if you already know the basics of C/C++ you can use WinAPI by just reading Microsoft documentation itself, just search the name of function + msdn in any search engine and you will be fine.
wooow!! thank you sooo much!! i really appreciete your help! i was searching until now and i didn't find anything speical...thank you...
about what you said...i downloaded a book of Maldev Academy...and it was hard to follow...since i didn't have a lot of knowledge about C/C++...to be honest...i do all that just to be able to understand malwares such as ransomwares,rootkits...ext, and i'm just a begineer with a low experience...in malware dev..but i've knowledge in such other things...like network hacking...bug bounty,other languages such as C#,python,php...and some of java cz it's like C# '-'....but...do you think that i should follow that spets including to your words? i mean...you say i don't really need that book...so...what do you purpose to me...? give a good path for a begineer in malware devloppment
thanks again for your help ^_^
 
Yuji0x01 сказал(а):
wooow!! thank you sooo much!! i really appreciete your help! i was searching until now and i didn't find anything speical...thank you...
about what you said...i downloaded a book of Maldev Academy...and it was hard to follow...since i didn't have a lot of knowledge about C/C++...to be honest...i do all that just to be able to understand malwares such as ransomwares,rootkits...ext, and i'm just a begineer with a low experience...in malware dev..but i've knowledge in such other things...like network hacking...bug bounty,other languages such as C#,python,php...and some of java cz it's like C# '-'....but...do you think that i should follow that spets including to your words? i mean...you say i don't really need that book...so...what do you purpose to me...? give a good path for a begineer in malware devloppment
thanks again for your help ^_^
Just to clarify I have nothing against those books (I don't read those to have a opinion). But since your goal for now is to learn how to use WinAPI an then use it in your malwares, start by learning a bit on C/C++ untill you understand how function calls work in those languages. Its the basic prerequisite you will need to use WinAPI which in fact is a C API, if you know how the types works, how to pass the parameters correctly and a few details, you just need to read documentation of functions and you will be able to use any for those.

In fact there is a lot of non documented things because Microsoft always liked to hide things, but even in those cases you can search on some search engine and for almost all cases someone will have produced a non official documentation which enable you to use the API.
 
el84 сказал(а):
Just to clarify I have nothing against those books (I don't read those to have a opinion). But since your goal for now is to learn how to use WinAPI an then use it in your malwares, start by learning a bit on C/C++ untill you understand how function calls work in those languages. Its the basic prerequisite you will need to use WinAPI which in fact is a C API, if you know how the types works, how to pass the parameters correctly and a few details, you just need to read documentation of functions and you will be able to use any for those.

In fact there is a lot of non documented things because Microsoft always liked to hide things, but even in those cases you can search on some search engine and for almost all cases someone will have produced a non official documentation which enable you to use the API.
ok thanks for the advices ^_^ , and what you are working about? you're interesting too in malware devloppment? or somthing else?
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх