Update re102_section5.md

2025-12-18 14:44:23 +01:00 · 2017-08-10 22:56:23 -07:00
parent 937a9d7e19
commit 13c0c915f3
1 changed files with 2 additions and 2 deletions
--- a/RE102/re102_section5.md
+++ b/RE102/re102_section5.md
@@ -25,7 +25,7 @@ There are no strings for us to investigate and there are no functions parsed by

 ## String Obfuscation ##

-The first function call sub_404C1E doesn’t look like something interesting, so move on to the next function call to `sub_402B1C`. This function is a jump-wrapper for the function `sub_4059A3`.
+The first function call `sub_404C1E` doesn’t look like something interesting, so move on to the next function call to `sub_402B1C`. This function is a jump-wrapper for the function `sub_4059A3`.

 Notice anything strange about the immediate values being placed onto the stack? These are actually strings. Breaking up strings and  pushing them onto the stack is a common of hiding strings from malware analysts. Go ahead right-click these numbers and convert it to a string (R).

@@ -99,4 +99,4 @@ After `jz loc_405272` there is a call to [esp+1Ch] this is actually calling a Wi

 The next page will go over debugging the decrypted_shellcode.exe with x32dbg.

-[Section 4.3 <- Back](https://securedorg.github.io/RE102/section4.3) | [Next -> Section 5.1](https://securedorg.github.io/RE102/section5.1)
+[Section 4.3 <- Back](https://securedorg.github.io/RE102/section4.3) | [Next -> Section 5.1](https://securedorg.github.io/RE102/section5.1)