17/09/2023
I would like to share a widely used technique in the area of
Malware Analysis. You really need to know this technique
Code injection debug technique is widely used in Malware Analysis. To bypass
anti-debugging and anti-reversing techniques, we inject our debug code into
the running malware process. This can be achieved through APIs like
CreateRemoteThread or by writing and direct injecting a DLL into the
malware process. This allows us to facilitate analysīs by outlining protections
implemented by malware.
So we can add resources ike:
- Hooks to monitor important API calls.
-Inclusion of code to capture memory information during breakpoints.
- Implementation of logic of undetectable purge by malware.
- Insert shellcode to perform analysis tasks.
This methodology requires a deep understanding of reverse engineering, but it
enables the analysis of highly complex malwares.
It is important to realize that the basis of this technique is similar to the one
Used in the injection of DLLs (as in internal cheats) and Function Hooking. As I
often mention, Game Hacking is a way to explore knowledge at Lower Level.
Acquired skills can be applied in different fields, while maintaining the same
underlying foundation.
By having a Solid Base at Low-Level, you will gain the ability to apply this
knowledge to a wide range of scenarios in the area of Information Security.
Understanding fundamental concepts enables you to adapt them to specific
needs. If there was any uncertainty about the value of learning the Low
Level, I am sure those doubts are now cleared!