📌 Use code "CROW10" for 10% off your order when you checkout at Maldev Academy or use this link: maldevacademy.com/?ref=crow Font: Terminess Nerd Font Mono Colourscheme: Zero (Dark Theme) I sincerely hope you enjoyed watching this installment of our ongoing malware development series. I know the kernel debugging portion was a bit rushed, and for that, I apologize. I had an entire segment dedicated to kernel debugging, the intricacies of MSRs as well as the incredible CPUID instruction, and all of that planned out for this video but as you could imagine, had I included that, the video would be a month-long. So instead, I'm working on a blog post that will take you into harrowing depths of that entire process, so make sure you look out for it here: www.crow.rip/ ERRATA: - I just realized after rewatching this that I was doing "CONST LPCSTR" when that's not necessary at all since LPCSTR is literally: "typedef const char* LPCSTR;" HAHAHAH LOSING MY MIND tysm for watching, nerds. luv u all terribly
I'm currently making an os and it's great to see the point of view of the userland people on the other side =) + I've learned some stuff, it's grealty explained, continue like that !
just came across your page by pure chance and watched your processes, handles, and threads video. headed over to your website and your statement in the faq section was very wholesome and encouraging. thank you for documenting your journey and having a positive outlook for newcomers :) deff earned my sub and a bookmark to your blog.
Man!!! Finally a new video :D Didn't still watched it entirely but it's obviously gonna be fantastic. Ik doing this videos takes time and commitment but please do them more often ahah!
@@crr0ww yeah, he is! But ever since he started using his face on camera his videos seem too "formal" or professional. More like John Hammond, but if he was German I guess...
variables go into .data section. if we specify to allocate in .text section then contents of our variable can be executed because .text section is executable by default
Thanks for the reply. But if I define the shellcode variable inside main(), it will be located in .TEXT and not .DATA. And after your logic, it would mean that shellcodes defined in the global section of the program (not within main) cannot be executed. I'm probably missing something here...
hey!! thank you so much for commenting, brother! i LOVE your videos as well, such a unique style! keep up the GREAT work, you'll get really far I can already tell
a more in-depth video on indirect syscalls would be great, im not sure everything was covered, noob here. i can only cross check with the maldevs module. PS. i came with the power of thousand suns, you should get exclusive rights for maldev sponsoring, why watch boring jurassic park man when crow videos exist? lmfao please mr. d0x do this, the world will be a better place if crow becomes THE teacher. me not knowing C and low level programming well had some difficulties understanding the material but now so much has gotten clearer it's not even funny. ILY Crow
I'm not gonna lie, i didn't understand almost anything from the video, this "layer" of execution in assembly code and things written in hexadecimal gave me a headache, great video anyway!
I don't understand what you're trying to achieve. You can't do "useful" functions such as virtualalloc or openprocess to modify processes' memory without admin access. Inline assembly works in VS2022 just fine. I was thinking rax is the GetProcAddress but its a special number. That makes using syscall even more pointless. unsigned long long count = 9; __asm { mov rax, 31H lea r10, count xor edx,edx xor r8d, r8d xor r9d, r9d sub rsp,40 syscall add rsp,40 } std::cout
📌 Use code "CROW10" for 10% off your order when you checkout at Maldev Academy or use this link: maldevacademy.com/?ref=crow
Font: Terminess Nerd Font Mono
Colourscheme: Zero (Dark Theme)
I sincerely hope you enjoyed watching this installment of our ongoing malware development series. I know the kernel debugging portion was a bit rushed, and for that, I apologize. I had an entire segment dedicated to kernel debugging, the intricacies of MSRs as well as the incredible CPUID instruction, and all of that planned out for this video but as you could imagine, had I included that, the video would be a month-long. So instead, I'm working on a blog post that will take you into harrowing depths of that entire process, so make sure you look out for it here: www.crow.rip/
ERRATA:
- I just realized after rewatching this that I was doing "CONST LPCSTR" when that's not necessary at all since LPCSTR is literally: "typedef const char* LPCSTR;" HAHAHAH LOSING MY MIND
tysm for watching, nerds. luv u all terribly
Oh mom look i made it into a crow video.
Yeah as expected 😅
:blushing_emoji:
Ohh look it is spider
Aren’t you one of the contributors to Maldev Academy?
Have not even made it this far in the series, but I had to show support. Keep it up, we appreciate you.
i really appreciate that! thank you so much
I am a web developer, i don't understand anything, but i love these videos, keep it up!
aw thank you
I literally just finished watching your Native API video and now you upload this, - literally GOD.
omg you gave me a hart attack with the fear and hunger sound 1:25
XDD
I'm currently making an os and it's great to see the point of view of the userland people on the other side =)
+ I've learned some stuff, it's grealty explained, continue like that !
thank you so much! :)
Hell yes another crow video! Still need to go back and catch up on the previous vid but it's great seeing more stuff from you!
babe wake up crow just uploaded a new malware video
WAKE BABE UP, WE HAVE MALWARE TO MAKE
just came across your page by pure chance and watched your processes, handles, and threads video. headed over to your website and your statement in the faq section was very wholesome and encouraging. thank you for documenting your journey and having a positive outlook for newcomers :) deff earned my sub and a bookmark to your blog.
Man!!! Finally a new video :D Didn't still watched it entirely but it's obviously gonna be fantastic. Ik doing this videos takes time and commitment but please do them more often ahah!
thank you so much!! yeah it's a ton of work but your response(s) make all of the grey hairs super worth it :)
Literally the Dale Philip of the hacking world
"If your prefrontal cortex misses a QuickTime event" 😂😂😂 you have to be the funniest cybersec youtuber
Your videos are so good, my tiny brain can finally understand all this stuff. Keep it up!
This is why we need syscall kernel interception like we do in Linux with SECCOMP.
Great video by the way!
Man you gotta make more videos, you're the new liveoverflow but more funny and less serious.
thank you so much for your comment; I really appreciate that! liveoverflow's the GOAT tho :')
@@crr0ww yeah, he is!
But ever since he started using his face on camera his videos seem too "formal" or professional. More like John Hammond, but if he was German I guess...
He's finally back after his hibernation
what is the fond and IDE that you are using?
I love watching these even though I don't understand any of the shit that is going on lmaooo
Nice vid as always crow, thanks
thank you so much! i'm really happy you liked it :)
I've just discovered your channel and OMG keep it up man, you're a GEMMMM
I just finished my os class. Really love it haha
Inspiring next generation of Greybeards ⚡⚡
Thank you. Prob going to watch this at least 100 times.
i appreciate you, brother! thank you so so much
@@crr0ww 19:01 that API hooking/unhooking video tho... 🙏
This editing is awesome
Your LOCO❤😂 4:16 Love the content; keep up the incredible work!
Awesome ❤ Thanks!What a theme name in visual studio bro?
NEW CROW VID?? LETS GOOO
Great vid as always. What font is that ?
MORE TUTORIALLS WE SHALL SEE
Operation Tux continues 😅
CROW WHERE HAVE YOU BEEN
I MISS YOU LOVE
_
HAHAHAHA LETS GOOOOO i wrote it down on some sticky notes so I don't forget it again :')
@@crr0ww 😂♥
What's the music at 11:50? Starts a little earlier then that but Shazam as failing me cause it's copyright free music :(
this video taught me a lot, love it :)
ah, great!! that means i've done my job haha thank you so much for commenting
Crow why did you just ignore us and drop this new video asdjasdhakjdadasda ily always
touching everything
😭
A video about antivirus intrusion would be nice.
Used your promo for the maldev academy baby!
LESS FUCKING GOOOOOOOOO, new crow vid
@crr0ww do you have a discord server or something similar?
Aren't all variables saved in the .TEXT section either way? Why did he manually added that code at 29:00?
variables go into .data section.
if we specify to allocate in .text section then contents of our variable can be executed because .text section is executable by default
Thanks for the reply. But if I define the shellcode variable inside main(), it will be located in .TEXT and not .DATA. And after your logic, it would mean that shellcodes defined in the global section of the program (not within main) cannot be executed.
I'm probably missing something here...
CROW CROW CROW
does anyone know what font he uses?
CROW SIR SIR CROW YESSSSSSSSSSSSSS
He’s back!
hey!! thank you so much for commenting, brother! i LOVE your videos as well, such a unique style! keep up the GREAT work, you'll get really far I can already tell
@@crr0ww 🖤
Quality! Your channel is going to blow up.
FINALLY A VIDEO
i would like to inject my malware into crow :3
BAHAHAHAHAHA
a more in-depth video on indirect syscalls would be great, im not sure everything was covered, noob here. i can only cross check with the maldevs module.
PS. i came with the power of thousand suns, you should get exclusive rights for maldev sponsoring, why watch boring jurassic park man when crow videos exist?
lmfao please mr. d0x do this, the world will be a better place if crow becomes THE teacher. me not knowing C and low level programming well had some difficulties understanding the material but now so much has gotten clearer it's not even funny. ILY Crow
thanks crow
it's my pleasure
All of this just serves my point. The NT Kernel f***ing sucks balls.
mr crow i love you
Yow the legend is back!!
Imagine calling pantaloons trousers LuL
finally
whats your font in vs?
+1
mom, look! cr0w uploaded!
MOB PSYCHO 100!
What do you mean ?
@@fodk7021 its anime.
@@hell0kitje yes but where is it in the video.
@@fodk7021 its in thumbail
@@hell0kitje I thought it was midoriya from my hero academia
Sos un capo cuervito. Excelente contenido ✨
HES BACKKKKK !!!!! 🎉🎉🎉🎉
Lmao just thought about you yesterday
YAYAYAYAYAYA MY GOAT UPLOADED
how to modify exploit code
Nice
Hey crow whats up man ✋
hey!! how are you :P
Welcome back ❤
Can anyone link the equivalent of this but on Mac plz 🤗
Let’s GOOOOOO 🎉🎉🎉🎉🎉🎉
all your syscalls are belong to us
finally bro
that's my goat right there
I'm not gonna lie, i didn't understand almost anything from the video, this "layer" of execution in assembly code and things written in hexadecimal gave me a headache, great video anyway!
Bro!!!
yo man nice nickname
thank you RAVEN, nice nickname as well, RAVEN :>
Lmao. Urien spotted.
bro.. iam from bangldesh ..plzz make more video
WTF 9:56 😂😂😂😂😂😂😂😂
heyyo you're alive ?
YESSIR!!! :)
hot
a group of crows are called a murder... are we, as your fan base... murderers?
ah yes here i am again
and i'm so happy u are
Thats cool but how do I get free robux
YOU THINK I'M AT *THAT* LEVEL, MIKA? THAT'S TOO ADVANCED FOR ME!1:$!$:
I don't understand what you're trying to achieve. You can't do "useful" functions such as virtualalloc or openprocess to modify processes' memory without admin access.
Inline assembly works in VS2022 just fine.
I was thinking rax is the GetProcAddress but its a special number. That makes using syscall even more pointless.
unsigned long long count = 9;
__asm {
mov rax, 31H
lea r10, count
xor edx,edx
xor r8d, r8d
xor r9d, r9d
sub rsp,40
syscall
add rsp,40
}
std::cout
ur the best
psst hey kid, wanna buy some skooma?
crow is so sexy
do you have a job?
what is it?
Holy shit! I thought yt assasinated him!
THEY GOT REALLY *REALLY* close 😓 still have more videos to make, can't stop now :')