In assembly if you see pseudo code in windows similar to this
top:
call GetMessageW
test eax, eax
jg listenForMore
call DoActionAfterTerminated
exit
listenForMore:
call ds:TranslateMessage
call ds:DispatchMessageW
jmp top
exit:
Then it's listening for a message from a window.
GetMessageW returns 0 with the program gets shutdown
So as soon as the program is shut down it's going to perform whatever is at DoActionAfterTerminated
------
FYI this just me learning and documenting from the great Malware Hunter and his youtube video , none of this is my own
https://www.youtube.com/watch?v=b0WQwCQGjv4
No comments:
Post a Comment