Đang chuẩn bị liên kết để tải về tài liệu:
reversing secrets of reverse engineering phần 6
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Một lựa chọn có thể thử và hạn chế các điểm dừng ReadFile cho các cuộc gọi được thực hiện trên các tập tin lưu trữ. Bạn có thể làm điều này bằng cách đầu tiên đặt một điểm dừng trên các cuộc gọi API sẽ mở ra hoặc tạo ra các kho lưu trữ (điều này có lẽ sẽ là một cuộc gọi đến các API CreateFile), | Reversing Malware 281 crafted malicious program running on many systems he or she can start utilizing these systems for extra computing power or extra network bandwidth. Information Theft Finally malicious programs can easily be used for information theft. Once a malicious program penetrates into a host it becomes exceedingly easy to steal files and personal information from that system. If you are wondering where a malicious program would send such valuable information without immediately exposing the attacker the answer is that it would usually send it to another infected machine from which the attacker could retrieve it without leaving any trace. Malware Vulnerability Malware suffers from the same basic problem as copy protection technologies they run on untrusted platforms and are therefore vulnerable to reversing. The logic and functionality that resides in a malicious program are essentially exposed for all to see. No encryption-based approach can address this problem because it is always going to have to remain possible for the system s CPU to decrypt and access any code or data in the program. Once the code is decrypted it is going to be possible for malware researchers to analyze its code and behav-ior there is no easy way to get around this problem. There are many ways to hide malicious software some aimed at hiding it from end users while others aim at hindering the process of reversing the program so that it survives longer in the wild. Hiding the program can be as simple as naming it in a way that would make end users think it is benign or even embedding it in some operating system component so that it becomes completely invisible to the end user. Once the existence of a malicious program is detected malware researchers are going to start analyzing and dissecting it. Most of this work revolves around conventional code reversing but it also frequently relies on system tools such as network- and file-monitoring programs that expose the program s .