Sure it is necessary to obtain this address.Īll of the executable files have special headers that contain information, including an EP address.įor example, by entering a a shellcode that uses SEH, it runs the code.
There are techniques of overwriting, which are very effective, because the change is permanent, and the file is corruptedĪny executable, when it is memory-mapped, has an EP (Entry Point) from which the execution begins, then it is possible to overwrite the one that is there, to the EP address. Well, there are several ways of infection, by including the overwriting of the code, replacing the files, adding code and breaking the code.
Why is it so easy to infect a portable app.exe?
0 kommentar(er)
