Vitali Kremez
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum

Reverse engineering Malware

String Obfuscation via MOV Instructions

5/30/2016

0 Comments

 
mov ecx, 0x400000
mov [ecx], 0x53 // 'S'
inc ecx
mov [ecx], 0x54 // 'T'
inc ecx
mov [ecx], 0x52 // 'R'
inc ecx
mov [ecx], 0x00

This sequence would put the ASCII string “STR” at the memory location 0x400000.

A variant of this is to construct the string via one or more PUSH instructions:
  • PUSH 0x00525453
0 Comments



Leave a Reply.

    Author

    Vitali Kremez

    Archives

    August 2016
    June 2016
    May 2016
    April 2016

    Categories

    All

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum