You're reading from Mastering Malware Analysis A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks

Product type Paperback

Published in Sep 2022

Publisher Packt

ISBN-13 9781803240244

Length 572 pages

Edition 2nd Edition

Concepts

Malware Analysis

Authors (2):

Amr Thabet

Alexey Kleymenov

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1 Fundamental Theory

2. Chapter 1: Cybercrime, APT Attacks, and Research Strategies FREE CHAPTER

3. Chapter 2: A Crash Course in Assembly and Programming Basics

4. Part 2 Diving Deep into Windows Malware

5. Chapter 3: Basic Static and Dynamic Analysis for x86/x64

6. Chapter 4: Unpacking, Decryption, and Deobfuscation

7. Chapter 5: Inspecting Process Injection and API Hooking

8. Chapter 6: Bypassing Anti-Reverse Engineering Techniques

9. Chapter 7: Understanding Kernel-Mode Rootkits

10. Part 3 Examining Cross-Platform and Bytecode-Based Malware

11. Chapter 8: Handling Exploits and Shellcode

12. Chapter 9: Reversing Bytecode Languages – .NET, Java, and More

13. Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging

14. Part 4 Looking into IoT and Other Platforms

15. Chapter 11: Dissecting Linux and IoT Malware

16. Chapter 12: Introduction to macOS and iOS Threats

17. Chapter 13: Analyzing Android Malware Samples

18. Index

Why subscribe?

19. Other Books You May Enjoy

Packt is searching for authors like you

Debugging malicious services

While loading individual executables and DLLs for debugging is generally a pretty straightforward task, things get a little bit more complicated when we talk about debugging Windows services.

What is a service?

Services are tasks that are generally supposed to execute certain logic in the background, similar to daemons on Linux. So, it comes as no surprise that malware authors commonly use them to achieve reliable persistence.

Services are controlled by the Service Control Manager (SCM), which is implemented in %SystemRoot%\System32\services.exe. All services have the corresponding HKLM\SYSTEM\CurrentControlSet\services\<service_name> registry key. It contains multiple values that describe the service, including the following:

ImagePath: A file path to the corresponding executable with optional arguments.
Type: The REG_DWORD value specifies the type of the service. Let’s look at some examples of such supported values:
- 0x00000001...

The rest of the chapter is locked

You're reading from Mastering Malware Analysis A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks

Table of Contents (20) Chapters

Debugging malicious services

What is a service?

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you