In the next lesson of this series, we move from simple extraction to understanding the physical structure of the binary. We explore how strings aren’t just ‘there’βthey are stored in specific data sections and accessed via pointers in the code. Understanding this relationship is critical for moving into advanced reverse engineering.
In this lesson, we cover:
– Raw File Anatomy: Looking at a PE file in a hex editor to see how bytes are arranged for the operating system.
– The Role of Pointers: Why strings in disassembly are actually addresses (pointers) to a different section of the file.
– Compiler Alignment: Understanding why ‘noise’ or extra null bytes appear between strings due to memory alignment and performance.
– Finding ‘Main’: A practical walkthrough in Malcat showing how to find the author’s unique code among the compiler’s runtime noise.
— Recap: Why the presence (or lack) of these artifacts dictates your next steps in malware triage.
Join this channel to get access to perks:
https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
π Courses on Pluralsight ππ» https://www.pluralsight.com/authors/josh-stroschein
πΆοΈ YouTube ππ» Like, Comment & Subscribe!
ππ» Support my work ππ» https://patreon.com/JoshStroschein
π Follow me ππ» https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/
βοΈ Tinker with me on Github ππ» https://github.com/jstrosch
π€ Join the Discord community and more ππ» https://www.thecyberyeti.com