Posts tagged with: malware

MP3 File Structure

File structure is something that make up a file. File is the smaller form of a filesystem. A file can’t be called “file” when it is not structured. Structure of a file is important to make that file readable because when it is not properly structurized I bet the system won’t be able to read it. And I think there’s also a standarization of a file structure, so a pdf file named A will have the same structure as the B,C,D or the other pdf files. The file structure of each filetype is also different. An .avi files will have different file structure with a .doc file.
In this post I’ll try to explain about the structure of an mp3 file.   🙂

Continue Reading

The Magic Number

Hoho, In this post I’ll explain a thing called “Magic Number”. Can you guess already what it is? Some kind of number that have a magical spell in it? some kind of magic trick that use numbers as its media? or the others?

Unfortunately, “magic number” in this post is not a thing related to magic itself literally. This magic number is a thing related about a file format. Originally, this kind of term was used for a specific set of 2-byte identifiers at the beginning of a file, but since any undecoded binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. Identify what? to identify a file format of course. Continue Reading

Buffer Overflow : Direct Return & SEH Based

At my other post we’ve known a little thing about buffer overflow. Now we will talk two cases that happened when we do a Buffer Overflow that is Direct Return Exploit and SEH Based Exploit and whats the difference between those two.

– Direct Return Exploit
Direct return exploit happened to a program that can’t handle an exception. A condition where an application trying to execute a code outside its normal work cycle. As the results, when an application that can’t handle an exeption buffer overflowed, the EIP registered in the buffer memory will directly overwritten by the rest of the data that we use to overflow the application.

– SEH Based Exploit Continue Reading

Introduction to “CPU Register”

If we want to master the Buffer Overflow technique, first we must have a knowledge in CPU Register. Register is the part of the processor’s memory that can be accessed with a high speed and always used by microprocessor as the medium to do its work.

An x86 based CPU used 8 register : EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP. Each of them designed for a specific job that make the CPU process the information eficiently.

1. EAX Register
Used to perform calculations and store the value returned from the function call. Basic operations such ass add, subtract, and compare is optimized in EAX Register. Special operations such as multiplication and divide are done by EAX Register. Continue Reading

“Buffer Overflow” at Glance

Buffer overflow is one of hacking technique to gain root/adminstrator privileges access by exploiting the weak application vulnerabilities installed/running in a system. How can this be done? The hacker make an application/program that will make the buffer memories provided by the system for the target application will overload and then overwrite the other buffer.

Continue Reading