O'Reilly logo

Practical Malware Analysis by Andrew Honig, Michael Sikorski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Lab 6-4 Solutions

Short Answers

  1. The function at 0x401000 is the check Internet connection method, 0x401040 is the parse HTML method, 0x4012B5 is printf, and 0x401150 is the switch statement.

  2. A for loop has been added to the main method.

  3. The function at 0x401040 now takes a parameter and calls sprintf with the format string Internet Explorer 7.50/pma%d. It builds a User-Agent for use during HTTP communication using the argument passed in.

  4. This program will run for 1440 minutes (24 hours).

  5. Yes, a new User-Agent is used. It takes the form Internet Explorer 7.50/pma%d, where %d is the number of minutes the program has been running.

  6. First, the program checks for an active Internet connection. If none is found, the program terminates. Otherwise, the program ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required