It is showing a fake value of the computer name and IP address because crucial values are not disclosed due to a security point view.įigure 1.3: The Spyware GUI Victim binary analysis After compiling that code, it will look like as the following figure. It could be any EXE program which injects into a binary. We don’t need to go into details of the spyware code. The following spyware program typically shows the machine name and IP address of the computer where it runs and sends back such critical information to the hacker server. That is what we are trying to achieve in this paper. The moment when the user is confronted with the aforesaid Error message box, the spyware becomes executed. This Error message box would become the entry point of the malicious covert code. The key matter of interest for the reverse engineer is the subsequent Error box which typically appears when a serial key is not validated. We are in fact not provided with such sensitive information. It doesn’t matter what is the actual name and serial keys of that program. This EXE is chosen to be a victim infected with a covert spyware. The Game Registration typically requires serial keys to validate the authentic copy of this product and register or enable the full version as shown below. We shall deploy the spyware in a simple Game Registration executable to showcase the code injections mechanism. This operation lists the following tools of the trade as: The subsequent operation requires an exhaustive understanding of Hexadecimal Code and Assembly Programming.
0 kommentar(er)
