Writing A (covert) Dynamic Loader in x86-64 MASM [0x00]

Posted Jun 28, 2022 Updated Jul 1, 2022

By GRX78FL

1 min read

[0x00] - Introduction

Assumptions about the reader’s knowledge:

Understanding of C code (pointers, structs, control flow …);
Some Python3 experience (basic operations);
Some Assembly experience (g.p. registers, stack layout, control flow …);
Basic computer usage knowledge.

Goals of this series:

Get a working POC that when inspected statically gives nothing away;
Avoid AV flagging;
Get more comfortable in writing x86-64 Assembly code;
Call Kernel32!Beep without importing it directly;
Having fun, otherwise what’s the point?

Tools used in this series:

Operating System: Windows 11;
Code Editor: Visual Studio Code;
VS Code extension: x86-64 ASM Syntax Highlighting;
Assembler: MASM;
Scripting/Automation: Python3;
Debugger: WinDbg;
Disassembler/Decompiler: IDA Freeware;
and of course: Just a little Patience.

Inspiration, techniques and external resources:

Architecture 1001: x86-64 Assembly by (@XenoKovah);
Undocumented Windows Structs (by RevJay and SergiusTheBest);
PEB Walking (by @christophetd);
API Hashing (by @spotheplanet);
Malware Development (by 0xPat).

PROGRAMMING, ASSEMBLY

windows masm x86-64

This post is licensed under CC BY 4.0 by the author.

Recently Updated

Trending Tags

windows x86-64 masm windbg

Contents

Trending Tags

windows x86-64 masm windbg

A new version of content is available.