You're reading from Windows APT Warfare Identify and prevent Windows APT attacks effectively

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781804618110

Length 258 pages

Edition 1st Edition

Languages

C++

Tools

MiniGW

Concepts

Cybersecurity

Author (1):

Sheng-Hao Ma

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1 – Modern Windows Compiler

2. Chapter 1: From Source to Binaries – The Journey of a C Program FREE CHAPTER

3. Chapter 2: Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing

4. Chapter 3: Dynamic API Calling – Thread, Process, and Environment Information

5. Part 2 – Windows Process Internals

6. Chapter 4: Shellcode Technique – Exported Function Parsing

7. Chapter 5: Application Loader Design

8. Chapter 6: PE Module Relocation

9. Part 3 – Abuse System Design and Red Team Tips

10. Chapter 7: PE to Shellcode – Transforming PE Files into Shellcode

11. Chapter 8: Software Packer Design

12. Chapter 9: Digital Signature – Authenticode Verification

13. Chapter 10: Reversing User Account Control and Bypassing Tricks

14. Index

Why subscribe?

15. Other Books You May Enjoy

Appendix – NTFS, Paths, and Symbols

Win32 and NT path specification

Stub – the main program of an unpacker

So far, we have learned how to develop packer programs. In the previous section, we used an external stub.bin file to generate the master program of the packer stub. In this section, we will describe how to develop the stub in x86.

The following samples are stub.asm source code from the Chapter#8 folder of the GitHub project. To save space, this book only contains highlights of the code. Please refer to the full project for the complete source code.

Figure 8.9 shows the entry point of the hand-written x86 main point of the stub:

Figure 8.9 – The main part of the stub

The main task is split into three parts:

call decompress_image: This is used to decompress the compressed file-mapping contents of the payload, to fill the text_rwx section to complete the task of restoring the original file-mapping contents, and to act as an application loader to help correct the import table.
call recover_ntHdr...

The rest of the chapter is locked

You're reading from Windows APT Warfare Identify and prevent Windows APT attacks effectively

Table of Contents (17) Chapters

Stub – the main program of an unpacker

Authors (1)

Personalised recommendations for you

You're reading from Windows APT Warfare Identify and prevent Windows APT attacks effectively

Table of Contents (17) Chapters

Stub – the main program of an unpacker

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you