Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski & Andrew Honig

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski & Andrew Honig

Author:Michael Sikorski & Andrew Honig [Michael Sikorski]
Language: eng
Format: epub, pdf
Tags: COMPUTERS / Security / General
ISBN: 9781593274306
Publisher: No Starch Press
Published: 2012-02-26T16:00:00+00:00


Using Hashed Exported Names

The algorithm just discussed has a weakness: It performs a strcmp against each export name until it finds the correct one. This requires that the full name of each API function the shellcode uses be included as an ASCII string. When the size of the shellcode is constrained, these strings could push the size of the shellcode over the limit.

A common way to address this problem is to calculate a hash of each symbol string and compare the result with a precomputed value stored in the shellcode. The hash function does not need to be sophisticated; it only needs to guarantee that within each DLL used by the shellcode, the hashes that the shellcode uses are unique. Hash collisions between symbols in different DLLs and between symbols the shellcode does not use are fine.

The most common hash function is the 32-bit rotate-right-additive hash, as shown in Example 20-5.

Example 20-5. hashString implementation

; __stdcall DWORD hashString(char* symbol); hashString: push esi push edi mov esi, dword [esp+0x0c] ; load function argument in esi .calc_hash: xor edi, edi 1 cld .hash_iter: xor eax, eax lodsb 2 ; load next byte of input string cmp al, ah je .hash_done ; check if at end of symbol ror edi, 0x0d 3 ; rotate right 13 (0x0d) add edi, eax jmp near .hash_iter .hash_done: mov eax, edi pop edi pop esi retn 4



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Popular ebooks
Deep Learning with Python by François Chollet(12577)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7782)
Grails in Action by Glen Smith Peter Ledbrook(7697)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6419)
Kotlin in Action by Dmitry Jemerov(5066)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3806)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3330)
Learning React: Functional Web Development with React and Redux by Banks Alex & Porcello Eve(3088)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2868)
The Art Of Deception by Kevin Mitnick(2606)
Drugs Unlimited by Mike Power(2467)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2314)
The Innovators: How a Group of Hackers, Geniuses, and Geeks Created the Digital Revolution by Walter Isaacson(2306)
Writing for the Web: Creating Compelling Web Content Using Words, Pictures and Sound (Eva Spring's Library) by Lynda Felder(2263)
SEO 2018: Learn search engine optimization with smart internet marketing strategies by Adam Clarke(2194)
A Blueprint for Production-Ready Web Applications: Leverage industry best practices to create complete web apps with Python, TypeScript, and AWS by Dr. Philip Jones(2186)
JavaScript by Example by S Dani Akash(2138)
DarkMarket by Misha Glenny(2083)
Wireless Hacking 101 by Karina Astudillo(2078)
Full-Stack React Projects by Shama Hoque(1990)