07 - Creating Trampolines and Re-Obfuscating Function Pointers
Part 7 finally shows the full runtime linking technique by investigating how the trampolines are created, how the function pointer is resolved and then obfuscated again, and an example function call. You'll also see how they check the heap memory for debugging with the pattern 0xABABABAB.
Join this channel to get access to perks:
/ @jstrosch
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com
1:03 Starting with the function that creates the trampolines
1:45 Location of the new import table
2:00 Concerning precomputed values
3:05 Typing arguments
5:45 Loading the required DLLs
7:37 Debugging
9:30 Preparing to store function pointers
12:00 Getting the desired function pointer
13:20 Allocating new memory
14:12 Checking memory for padding bytes 0xABABABAB
16:30 Basis for the trampoline
17:05 Generating random numbers
21:00 Adding code to the trampoline
26:21 Example function call
27:43 Wrapping up and recap
Смотрите видео 07 - Creating Trampolines and Re-Obfuscating Function Pointers онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Dr Josh Stroschein - The Cyber Yeti 23 Октябрь 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 57 раз и оно понравилось 2 людям.