Programming Windows with C Petzold.
NET Components Lowy. Applied Microsoft. Note: I like programming books focused on common problems or those that present short programs for a specific task. These kinds of books are more useful for my daily job than books about architecture, framework programming, etc….
JReFrameworker - Practical Managed Code Rootkits for Java
Buffer Overflows Foster. Rootkits Greg Hoglund, James Butler. Practical Malware Analysis Sikorski, Honig. I love books related to security! Moreover, these books talk about reverse engineering at some level. Bugs and Software Problems. Find The Bug Adam Barr. NET Gotchas Subramaniam. Code Complete 2 nd Edition McConnell.
If you need to choose just one, pick up Code Complete 2 nd edition. Specifically for. Windows Internals Russinovich, Salomon. The Old New Thing Chen. Multithreading Applications in Win32 Beveridge Wiener.
NET Framework Rootkits: Backdoors inside your Framework
Debugging by Thinking Metzger. Debugging ASP.
The Science of Debugging Telles, Hsieh. Software Exorcism Blunden. Debugging Applications for. NET and Windows Robbins.
Bestselling in Malware
Net 2. Advanced Windows Debugging Hewardt, Pravat.
Some of the books above talk only about the mindset you need to be a good debugger, others are more focused on code and others talk about both. Certification Central. Digital Music. Graphic Design. Home Computing. Operating Systems. Project Management. And as we discussed in this chapter, there are many reasons MCRs are attractive to attackers, as they provide attackers with an alternative malware- based approach to implement malicious activity on a system. Endnotes 1.
Cappelli DM, Moore A. Shimeall T, Rogers S. Insider threat study: computer system sabotage in critical infrastructure sectors. Software Engineering Institute and U. Secret Service, Carnegie Mellon University, www. NET, etc. Chapter 4 will cover how to use the tools to manipulate the framework core.
A just-in-time JIT compiler then translates the bytecode into machine instructions at runtime, and applies optimizations to the generated code. Each runtime has its own compiler that knows how to transform code written in that language to the bytecode specific to that mntime VM. NET Framework comes with three command-line-based compilers for each high-level language supported by default: C , VB. The compiler for C is called csc. NET the compiler is vbc. NET compilers are included in the. For example, csc. Figure 3.
For example, to compile a C source code file called app. The Java compiler, javac, does pretty much the same thing, taking Java source code and converting it into Java bytecode stored in a class file. The default is anyepu. You can display the list of possible arguments using javac -help see Figure 3. To compile the Java file app. The DEX compiler comes with a batch file called dx, which is an easy-to-use wrapper see Figure 3. If you take the output of the javac compiler, the app. You can use the compiler at the MCR development stage, while generating a payload that will be injected into the framework.
Instead of writing the payload at a lower-level IL, which is quite cumbersome, it is possible to write the payload in a higher-level language such as C or Java and compile it using the relevant compiler. Then, the IL bytecode can be extracted from the generated executable to be used as a payload.
We will discuss this technique in more detail in Chapter 5. Output nane nust end with one of:.
Dump classfiles. By knowing the relationship between the high-level code and its corresponding IL bytecode, a decompiler can identify and convert the IL instructions into their high-level equivalent. Although some operations are composed from a few low-level pieces of code, many perform a one-to-one transformation.
IT Security and Hacking knowledge base - SecDocs
The metadata includes a complete description of methods, the return type, and all the method parameters. Having all that information in one place makes the decompilation process much easier and more accurate. The Decompiler In terms of decompilers, for the.
NET runtime the most useful tool by far is. So now by navigating inside the content of that DLL, we can see all the namespaces it contains, the classes, their code, and other useful information. TIP You can use.
Related Managed Code Rootkits: Hooking into Runtime Environments
Copyright 2019 - All Right Reserved