Quartz 4

Notes and code following [Maldev Academy](https://maldevacademy.com)

4 min read

Notes Maldev Academy

Status

Left off at:

Union

Description

Below you will be able to find notes and code (snippets, links to repos, etc.) as I restart my journey through the Maldev Academy-modules of ‘Malware Development Course’. To prevent any copyright infringement, expect any text to be my own paraphrasing of content. Code will be cited/sourced as much as possible.

Module 2 - Introduction to Malware Development

Windows malware development currently focused on evading host-based security solutions (antivirus (AV) and endpoint detection and response (EDR)). It will be important to learn ‘evasive’ malware capabilities and the importance of (non-)opsec.

Malware development lifecycle (MDLC):

  • Development
  • Testing to uncover any bugs
  • Offline AV/EDR testing (f.e. by disabling automatic sample submissions & cloud-delivered protection in Defender)
  • Online AV/EDR testing (cloud engines, security products with internet connectivity)
  • Indicators of compromise (#IoC) extraction to detect and/or signature malware
  • Rinse & repeat 🔁

Module 3 - Required tools

Needed tools:

  • Visual Studio
  • x64dbg
  • PE-Bear
  • Process Hacker
  • Msfvenom

Pre-built virtual machines:

  • [/] VirtualBox OVA VM
    • Note: Defender has a pre-configured exclusion for the C:\Users\MALDEV01\Desktop\Maldev-code-folder
    • Note: Ensure the VM has 3D accelerated graphics disabled
    • Note: Reinstall code snippets from modules below:
      • 2024 December
        • Module 19 - Payload Encryption: AES Encryption
        • Module 81 - Bypassing AVs
      • 2025 September
        • Module 21 - Payload Obfuscation - IPv4/IPv6Fuscation
        • Module 22 - Payload Obfuscation - MACFuscation
        • Module 23 - Payload Obfuscation - UUIDFuscation
        • Module 24 - Maldev Academy Tool - HellShell
        • Module 72 - Anti-Debugging - Self-Deletion

Module 4 - Coding basics

Structs

Structures or are user-defined data types that group related data items of different data types. These related data items are called ‘members’ or ‘elements’.

example:

typedef struct
tag THREADENTRY32 {
  DWORD dwSize;
  DWORD cntUsage;
  DWORD th32ThreadID;
  DWORD th32OwnerProcessID;
  LONG tpBasePri;
  LONG tpDeltaPri;
  DWORD dwFlags;
} THREADENTRY32;

Code in this course gives structs an alias like so:

typedef struct _STRUCTURE_NAME {
 
  // structure elements
 
} STRUCTURE_NAME, *PSTRUCTURE_NAME;

How to initialize a struct directly:

typedef struct _STRUCTURE_NAME {
  int ID;
  int Age;
} STRUCTURE_NAME, *PSTRUCTURE_NAME;
 
STRUCTURE_NAME struct1 = { 0 }; // initialize all elements of struct1 to zero
struct1.ID   = 1470;   // initialize the ID element
struct1.Age  = 34;     // initialize the Age element

How to initialize a struct indirectly:

typedef struct _STRUCTURE_NAME {
  int ID;
  int Age;
} STRUCTURE_NAME, *PSTRUCTURE_NAME;
 
STRUCTURE_NAME struct1 = { .ID   = 1470,  .Age  = 34};
 
PSTRUCTURE_NAME structpointer = &struct1; // structpointer is a pointer to the 'struct1' structure
 
// Updating the ID member
structpointer->ID = 8765;
printf("The structure's ID member is now : %d \n", structpointer->ID);

Converting the arrow operator into dot-format:

 
structpointer->ID 
// Is equivalent to:
(*structpointer).ID

Enumeration

The enum or enumeration data type is used to define a set of named constants.

characteristics:

  • compiler automatically assigns values to constants (0, 1, etc.)
  • represent state of specific data, error codes or return values in this course

example:

enum Weekdays {
  Monday,         // 0
  Tuesday,        // 1
  Wednesday,      // 2
  Thursday,       // 3
  Friday,         // 4
  Saturday,       // 5
  Sunday          // 6
};
 
// Defining a "Weekdays" enum variable 
enum Weekdays EnumName = Friday;       // 4
 
// Check the value of "EnumName"
switch (EnumName){
    case Monday:
      printf("Today Is Monday !\n");
      break;
    case Tuesday:
      printf("Today Is Tuesday !\n");
      break;
    case Wednesday:
      printf("Today Is Wednesday !\n");
      break;
    case Thursday:
      printf("Today Is Thursday !\n");
      break;
    case Friday:
      printf("Today Is Friday !\n");
      break;
    case Saturday:
      printf("Today Is Saturday !\n");
      break;
    case Sunday:
      printf("Today Is Sunday !\n");
      break;
    default:
      break;
}

Union

A union is a data type that allows storing different data types in the same memory location.

example:

union ExampleUnion {
   int    IntegerVar;
   char   CharVar;
   float  FloatVar;
};

note:

  • assigning a new value to any member changes the value of all other members
  • the memory allocated for a union is equal to it’s largest members size

Graph View