Great video Pavel. Brilliant step by step explanation as with all your videos. Thank you for the content.
@micronn
6 ай бұрын
Nice explanation. The Quick Assembler tool looks great too. By the way, this shellcode does not seem to make sure that the stack is properly aligned.
@zodiacon
6 ай бұрын
You're partially right about the alignment - there is a single push, so it's aligned. I could have added support for alignment guarantee, but wanted to keep things simple.
@amirmahdavi8005
2 ай бұрын
Thanks.
@andrey344
6 ай бұрын
What a helpful channel
@EnLopXf
5 ай бұрын
I hope you create another great videos
@zodiacon
5 ай бұрын
Expect a new video tomorrow!
@dadogwitdabignose
5 ай бұрын
you're a life saver man thank you so much
@Hallilo
6 ай бұрын
Hi Pavel, i would love if you could make some videos about kernel mode programming like drivers with the windows driver kit :) or other low level windows programming concepts / tutorials
At 19:00 the ASLR address of loadlibrary in the target process is USALLY the same as in the program doing the injecting, ie common for the state of the system since the last reboot, but not guaranteed for certain dll's?
@zodiacon
5 ай бұрын
Guaranteed
@stephencole9289
5 ай бұрын
Setting the memory as executable later (and as read,executable) (ie not at the same time as setting it RW) to try to avoid things noticing, was clever. Worth noting you have to be admin (or have debug privileges?) to do this injection etc
@zodiacon
5 ай бұрын
No need for admin rights or debug privilege. It depends on your target process.
@stephencole9289
5 ай бұрын
Ah yes, if the target process was started by (running in the context of) the current user doing the injecting, then its ok. Which is also why a normal user can debugg their own running apps. The comment was more to highlight the fact that cant inject into system processes etc without the necessary rights.
@cra0kalo
6 ай бұрын
When will you release your Tool Quick Assembler?
@zodiacon
6 ай бұрын
Probably at the end of the month, when the "x64 Architecture and Programming" live training course would have been completed.
@cra0kalo
6 ай бұрын
That would be awesome. Love your work!@@zodiacon
@stephencole9289
5 ай бұрын
Using 1
@zodiacon
5 ай бұрын
Not sure why it's funny :) it's easier especially for larger values.
@stephencole9289
5 ай бұрын
Amusing would be a better comment (I would have just bunged in 4096)
Пікірлер: 21