aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-20 15:34:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

updating mistakes

Browse Source
This commit is contained in:
Amanda Rousseau
2017-03-27 11:30:36 -07:00
parent c65fa18f16
commit 245c9cf968
5 changed files with 6 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ReportForm.html
View File

@@ -9,18 +9,6 @@
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script language="JavaScript"> <script language="JavaScript">
$("#btnPrint").live("click", function () {
var divContents = $("#display").html();
var printWindow = window.open('', '', 'height=400,width=800');
printWindow.document.write('<html><head><title>Malware Analysis Report</title>');
printWindow.document.write('</head><body >');
printWindow.document.write(divContents);
printWindow.document.write('</body></html>');
printWindow.document.close();
printWindow.print();
});
function showInput() { function showInput() {
document.getElementById('display').innerHTML = document.getElementById('display').innerHTML =
@@ -127,7 +115,7 @@ IP address</small></p>
<p><label>Your Report: </label></p> <p><label>Your Report: </label></p>
<hr> <hr>
<p><span id='display'></span></p> <p><span id='display'></span></p>
<p><input type="button" value="Print PDF Report" id="btnPrint" /></p>
</script> </script>

4
fundamentals2.md
View File

@@ -34,7 +34,7 @@ This diagram shows the relationship of application components for user-mode and
## PE Header ## ## PE Header ##
The PE header provides the information to operating system on how to map the file into memory. The PE header provides information to operating system on how to map the file into memory.
The executable code has designated regions that require a different memory protection (RWX) The executable code has designated regions that require a different memory protection (RWX)
- Read - Read
- Write - Write
@@ -69,7 +69,7 @@ This diagram illustrates how the PE is placed into memory.
## The Stack ## ## The Stack ##
- Data is either pushed onto or pop off of the stack data structure - Data is either pushed onto or popped off of the stack data structure
- **EBP** - Base Pointer is the register that used to store the references in the stack frame - **EBP** - Base Pointer is the register that used to store the references in the stack frame
This diagram represents a typical stack frame. This diagram represents a typical stack frame.

2
fundamentals3.md
View File

@@ -41,7 +41,7 @@ Common Instructions
* **jmp, jne, jnz, jnb** (Control Flow) * **jmp, jne, jnz, jnb** (Control Flow)
* **push, pop, call, leave, enter, ret** (Control Flow) * **push, pop, call, leave, enter, ret** (Control Flow)
Example below is moving value 0xaaaaaaaa into ecx. Example below is moving value at 0xaaaaaaaa into ecx.
| Instruction | Opcode | | Instruction | Opcode |
| --- | --- | | --- | --- |

2
intro.md
View File

@@ -11,7 +11,7 @@ title: Intro
# Reverse Engineering # # Reverse Engineering #
"is the processes of extracting knowledge or design information from anything man-made and re-producing it or re-producing anything based on the extracted information" "is the processes of extracting knowledge or design information from anything man-made and re-producing it or re-producing anything based on the extracted information"[1](https://en.wikipedia.org/wiki/Reverse_engineering)
## What does it mean to be a reverse engineer? ## ## What does it mean to be a reverse engineer? ##

2
triage.md
View File

@@ -57,7 +57,7 @@ Questions to ask:
### Collect Strings ### Collect Strings
* using the string command in linux or BinText tool, extract the strings to find any clues * Using the string command in linux or BinText tool, extract the strings to find any clues
### Check AV vendors ### Check AV vendors