Explain in detail (line-by-line) what each line accomplished and what is the cod

Question

Explain in detail (line-by-line) what each line accomplished and what is the code segments used for? Listing 12-1 hVictimProcess = OpcnProcess(PROCESS_ALL_ACCESS, 0 victimProcesslD); pNameInVierimProcess = VirtualAllocEx(hVictimProcess, ...sizeof(maliciousLibraryName), ...)WriteProcessMcmory(hVictimProccss, ..., maliciousLibraryName, sizeof (maliciousLibraryName), ...)GelModuleHandle("Kemcl32.dll"): GetProcAddiess(...."LoadLibraiyA") CrcateReinoteThread(hVietimProcess, ..., ..., LoadLibraryAddress, pNameVictimProcess, ..., ...); CreateProcess(..., "svchost.exc" CREATE SUSPEND....); ZwUmnapViewOfSection(...); VirtualAllocEx(..., ImageBase.SizcOflmage, ...); WriteProcessMemory(..., headers, ...); for (i=0; i

Explanation / Answer

Listing 12-1:
hVictimProcess=OpenProcess(...)
   opens an existing local process with desired access.

VirtualAllocEx:
   Modifies virtual address space of the process and initializes with 0

WriteProcessMemory:
   Overwrites the victim process address space by with malicious linrary name

GetModuleHandle:
   Fetches the kernel module of an OS

getProcAddress:
   returns the Proc address of a mibrary

CreateRemoteThread:
Execute the thread in other process virtual address space

   basically here the code is performing to execute in "LoadLibraryAddress" space to perform malicious actions.

Listing 12-3:

This program is also trying to modify the virtual address space of headers. Refere MSDN guide for more help of these functions.

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.