Portable Executable o Windows n o o exe
Portable Executable o Windows の実行形式 n o o . exe, . dll, など おおもとは VAX/VMS の Common Object File Format (COFF) Portable ⇔ どのアーキテクチャ上でも n Alpha, Windows. CE, など 6
Portable Executable Format Unmapped Data. reloc section other sections. data section. text section Section Table PE Header DOS Header 7
Detours o o Win 32 API のフックが可能 Microsoft Research http: //www. research. microsoft. com/sn/detours/ o ソースコードも公開されている n 必死に解読中 9
Hacking & Virus on Windows o o まずは敵を知ることから 各種 exploit code や Virus code を 調査中 n Webページ上に“多く”あり 13
参考文献(1) o An In-Depth Look into the Win 32 Portable Executable File Format (Part 1 & 2) n n o Process-wide API spying n o http: //www. msdn. microsoft. com/msdnmag/issues/02/02/PE/default. aspx http: //www. msdn. microsoft. com/msdnmag/issues/02/03/PE 2/default. aspx http: //www. codeproject. com/system/api_spying_hack. asp API Spying Techniques n http: //www. internals. com/articles/apispy. htm 14
参考文献(2) o detours n o Phrack n o http: //www. packetstromsecurity. org/ New order n o http: //www. phrack. org/ packet storm n o http: //research. microsoft. com/sn/detours/ http: //neworder. box. sk/index. php VX heavens n http: //vx. netlux. org/ 15
- Slides: 15