Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Malware Analysis > 64 Bit Malware Codes > Flashcards

64 Bit Malware Codes Flashcards

1
Q

Majority of malware codes today are 32 bit. True or False ?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which are most common families of malware for 64 bit code?

A
  1. Browser Helper Objects (BHO)

2. Device Drivers (Rootkits)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where does 32 bit program run on 64 bit systems?

A

Windows On Windows 64 sub system (WoW64 sub system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where does the 32 bit registry copy is located in 64 bit systems?

A

WoW6432Node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name few key differences in 32 bit and 64 bit malware code analysis?

A
  1. All general purpose register have size of 64 bit
  2. New Eight registers introduced r8-r15
  3. RSP is use to access variable and arguments instead of EBP
  4. New addressing mode called as “RIP-relative addressing”
  5. Several instruction have letter ‘q’ appended (‘q’ for quadword)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Write Access method for r8 for 8 bit, 16 bit, 32 bit, 64 bit?

A
  • > 8 bit : R8B
  • > 16 bit : R8W
  • > 32 bit : R8W
  • > 64 bit : R8
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In 64 Bit version of code arguments are saved in registers and stack, which calling convention it implies to ?

A

Fast Call

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Malware Analysis (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions