Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question #16

BlueSkeye · 2021-03-27T09:35:34Z

I don't understand what you mean by "cave between sections". As I understand, the PE loader allocates a memory block for each section. However these blocks are disjoint and it seems memory areas between sections are undefined. Am I missing something ?

hasherezade · 2021-03-28T19:04:04Z

I redone the slides about PE, and included information about caves there:
https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module1/Module1_2_pe.pdf - please let me know if it clarifies this concept.

BlueSkeye · 2021-03-30T05:14:41Z

Mod1.2PE refactoring and enhancement makes it much more readable. Good job.
S15 (section caves) is very clear for me.
So I suggest to rephrase in Mod1.3Shellcodes/S3
"cave between sections" --> "section caves"

[module1][lesson5] Rephrased a sentence (Issue hasherezade#16)

hasherezade added a commit that referenced this issue Mar 30, 2021

[module1][lesson5] Rephrased a sentence (Issue #16)

ce15524

fengjixuchui added a commit to fengjixuchui/malware_training_vol1 that referenced this issue Apr 3, 2021

Merge pull request #2 from hasherezade/main

506adc3

[module1][lesson5] Rephrased a sentence (Issue hasherezade#16)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question #16

Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question #16

BlueSkeye commented Mar 27, 2021

hasherezade commented Mar 28, 2021

BlueSkeye commented Mar 30, 2021 •

edited

Loading

Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question #16

Vol1-Mod1.5Shellcode-Slide3 - "caves between sections" question #16

Comments

BlueSkeye commented Mar 27, 2021

hasherezade commented Mar 28, 2021

BlueSkeye commented Mar 30, 2021 • edited Loading

BlueSkeye commented Mar 30, 2021 •

edited

Loading