Managed Code Rootkits by Metula Erez

Author:Metula, Erez [Metula, Erez]
Language: eng
Format: epub, pdf
ISBN: 978-1-59749-575-2
Publisher: Elsevier Science
Published: 2011-02-26T16:00:00+00:00

Tip

It is very easy to create the byte array representing the file; simply use a hex editor tool such as HexEdit. It is also possible to create the byte array programmatically by calling the ReadAllBytes(filename) method from the File class.

The preceding code first defines three local variables to be used as a string, a byte array, and a binary file writer. It loads the name of the file (CreatedFile.txt) to thestack as the value for the newly created file along with its content saved as a byte array inside a private class called WrappedData (we will discuss this in more detail in the next paragraph). This class calls the Open method from the File runtime class that creates the file, saves the byte array as its content using the Write method from the BinaryWriter runtime class, then cleans up afterward.

WrappedData is a private class used as a wrapper for the byte array representing the file contents. It is used as a container class for the content that encapsulates the actual bytes of the file and the proper initialization code. Wrapping the byte array as a class provides a separation between the file content and its usage.

The content of the file (in our case, the string “hello”) is saved as an internal class member variable called byteArray, containing the hex values of 68 65 6C 6C 6F in this example. Those values can be the content of any file, including binary executable files, since it is legitimate content of an ordinary byte array.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.