📌 Use code "CROW10" for 10% off your order when you checkout at Maldev Academy or use this link: maldevacademy.com/?ref=crow Font: Terminess Nerd Font Mono Colourscheme: Zero (Dark Theme) I sincerely hope you enjoyed watching this installment of our ongoing malware development series. I know the kernel debugging portion was a bit rushed, and for that, I apologize. I had an entire segment dedicated to kernel debugging, the intricacies of MSRs as well as the incredible CPUID instruction, and all of that planned out for this video but as you could imagine, had I included that, the video would be a month-long. So instead, I'm working on a blog post that will take you into harrowing depths of that entire process, so make sure you look out for it here: www.crow.rip/ ERRATA: - I just realized after rewatching this that I was doing "CONST LPCSTR" when that's not necessary at all since LPCSTR is literally: "typedef const char* LPCSTR;" HAHAHAH LOSING MY MIND tysm for watching, nerds. luv u all terribly
I'm currently making an os and it's great to see the point of view of the userland people on the other side =) + I've learned some stuff, it's grealty explained, continue like that !
Man!!! Finally a new video :D Didn't still watched it entirely but it's obviously gonna be fantastic. Ik doing this videos takes time and commitment but please do them more often ahah!
just came across your page by pure chance and watched your processes, handles, and threads video. headed over to your website and your statement in the faq section was very wholesome and encouraging. thank you for documenting your journey and having a positive outlook for newcomers :) deff earned my sub and a bookmark to your blog.
@@crr0ww yeah, he is! But ever since he started using his face on camera his videos seem too "formal" or professional. More like John Hammond, but if he was German I guess...
hey!! thank you so much for commenting, brother! i LOVE your videos as well, such a unique style! keep up the GREAT work, you'll get really far I can already tell
a more in-depth video on indirect syscalls would be great, im not sure everything was covered, noob here. i can only cross check with the maldevs module. PS. i came with the power of thousand suns, you should get exclusive rights for maldev sponsoring, why watch boring jurassic park man when crow videos exist? lmfao please mr. d0x do this, the world will be a better place if crow becomes THE teacher. me not knowing C and low level programming well had some difficulties understanding the material but now so much has gotten clearer it's not even funny. ILY Crow
variables go into .data section. if we specify to allocate in .text section then contents of our variable can be executed because .text section is executable by default
Thanks for the reply. But if I define the shellcode variable inside main(), it will be located in .TEXT and not .DATA. And after your logic, it would mean that shellcodes defined in the global section of the program (not within main) cannot be executed. I'm probably missing something here...
I'm not gonna lie, i didn't understand almost anything from the video, this "layer" of execution in assembly code and things written in hexadecimal gave me a headache, great video anyway!
I don't understand what you're trying to achieve. You can't do "useful" functions such as virtualalloc or openprocess to modify processes' memory without admin access. Inline assembly works in VS2022 just fine. I was thinking rax is the GetProcAddress but its a special number. That makes using syscall even more pointless. unsigned long long count = 9; __asm { mov rax, 31H lea r10, count xor edx,edx xor r8d, r8d xor r9d, r9d sub rsp,40 syscall add rsp,40 } std::cout
📌 Use code "CROW10" for 10% off your order when you checkout at Maldev Academy or use this link: maldevacademy.com/?ref=crow
Font: Terminess Nerd Font Mono
Colourscheme: Zero (Dark Theme)
I sincerely hope you enjoyed watching this installment of our ongoing malware development series. I know the kernel debugging portion was a bit rushed, and for that, I apologize. I had an entire segment dedicated to kernel debugging, the intricacies of MSRs as well as the incredible CPUID instruction, and all of that planned out for this video but as you could imagine, had I included that, the video would be a month-long. So instead, I'm working on a blog post that will take you into harrowing depths of that entire process, so make sure you look out for it here: www.crow.rip/
ERRATA:
- I just realized after rewatching this that I was doing "CONST LPCSTR" when that's not necessary at all since LPCSTR is literally: "typedef const char* LPCSTR;" HAHAHAH LOSING MY MIND
tysm for watching, nerds. luv u all terribly
Oh mom look i made it into a crow video.
Yeah as expected 😅
:blushing_emoji:
Ohh look it is spider
Aren’t you one of the contributors to Maldev Academy?
I am a web developer, i don't understand anything, but i love these videos, keep it up!
aw thank you
I literally just finished watching your Native API video and now you upload this, - literally GOD.
Have not even made it this far in the series, but I had to show support. Keep it up, we appreciate you.
i really appreciate that! thank you so much
babe wake up crow just uploaded a new malware video
WAKE BABE UP, WE HAVE MALWARE TO MAKE
omg you gave me a hart attack with the fear and hunger sound 1:25
XDD
I'm currently making an os and it's great to see the point of view of the userland people on the other side =)
+ I've learned some stuff, it's grealty explained, continue like that !
thank you so much! :)
Man!!! Finally a new video :D Didn't still watched it entirely but it's obviously gonna be fantastic. Ik doing this videos takes time and commitment but please do them more often ahah!
thank you so much!! yeah it's a ton of work but your response(s) make all of the grey hairs super worth it :)
Hell yes another crow video! Still need to go back and catch up on the previous vid but it's great seeing more stuff from you!
just came across your page by pure chance and watched your processes, handles, and threads video. headed over to your website and your statement in the faq section was very wholesome and encouraging. thank you for documenting your journey and having a positive outlook for newcomers :) deff earned my sub and a bookmark to your blog.
Your videos are so good, my tiny brain can finally understand all this stuff. Keep it up!
Literally the Dale Philip of the hacking world
Man you gotta make more videos, you're the new liveoverflow but more funny and less serious.
thank you so much for your comment; I really appreciate that! liveoverflow's the GOAT tho :')
@@crr0ww yeah, he is!
But ever since he started using his face on camera his videos seem too "formal" or professional. More like John Hammond, but if he was German I guess...
He's finally back after his hibernation
This is why we need syscall kernel interception like we do in Linux with SECCOMP.
Great video by the way!
NEW CROW VID?? LETS GOOO
Inspiring next generation of Greybeards ⚡⚡
"If your prefrontal cortex misses a QuickTime event" 😂😂😂 you have to be the funniest cybersec youtuber
He’s back!
hey!! thank you so much for commenting, brother! i LOVE your videos as well, such a unique style! keep up the GREAT work, you'll get really far I can already tell
@@crr0ww 🖤
Quality! Your channel is going to blow up.
This editing is awesome
Nice vid as always crow, thanks
thank you so much! i'm really happy you liked it :)
Thank you. Prob going to watch this at least 100 times.
i appreciate you, brother! thank you so so much
@@crr0ww 19:01 that API hooking/unhooking video tho... 🙏
I've just discovered your channel and OMG keep it up man, you're a GEMMMM
Yow the legend is back!!
CROW SIR SIR CROW YESSSSSSSSSSSSSS
I just finished my os class. Really love it haha
CROW WHERE HAVE YOU BEEN
I MISS YOU LOVE
Your LOCO❤😂 4:16 Love the content; keep up the incredible work!
seeing him go from using vscode to neovim was better than watching my child grow up
Operation Tux continues 😅
FINALLY A VIDEO
HES BACKKKKK !!!!! 🎉🎉🎉🎉
I love watching these even though I don't understand any of the shit that is going on lmaooo
this video taught me a lot, love it :)
ah, great!! that means i've done my job haha thank you so much for commenting
Welcome back ❤
mr crow i love you
YAYAYAYAYAYA MY GOAT UPLOADED
CROW CROW CROW
_
HAHAHAHA LETS GOOOOO i wrote it down on some sticky notes so I don't forget it again :')
@@crr0ww 😂♥
Great vid as always. What font is that ?
i would like to inject my malware into crow :3
BAHAHAHAHAHA
what is the fond and IDE that you are using?
LESS FUCKING GOOOOOOOOO, new crow vid
@crr0ww do you have a discord server or something similar?
What's the music at 11:50? Starts a little earlier then that but Shazam as failing me cause it's copyright free music :(
mom, look! cr0w uploaded!
a more in-depth video on indirect syscalls would be great, im not sure everything was covered, noob here. i can only cross check with the maldevs module.
PS. i came with the power of thousand suns, you should get exclusive rights for maldev sponsoring, why watch boring jurassic park man when crow videos exist?
lmfao please mr. d0x do this, the world will be a better place if crow becomes THE teacher. me not knowing C and low level programming well had some difficulties understanding the material but now so much has gotten clearer it's not even funny. ILY Crow
Awesome ❤ Thanks!What a theme name in visual studio bro?
Used your promo for the maldev academy baby!
Crow why did you just ignore us and drop this new video asdjasdhakjdadasda ily always
Aren't all variables saved in the .TEXT section either way? Why did he manually added that code at 29:00?
variables go into .data section.
if we specify to allocate in .text section then contents of our variable can be executed because .text section is executable by default
Thanks for the reply. But if I define the shellcode variable inside main(), it will be located in .TEXT and not .DATA. And after your logic, it would mean that shellcodes defined in the global section of the program (not within main) cannot be executed.
I'm probably missing something here...
Sos un capo cuervito. Excelente contenido ✨
A video about antivirus intrusion would be nice.
Hey crow whats up man ✋
hey!! how are you :P
All of this just serves my point. The NT Kernel f***ing sucks balls.
touching everything
😭
does anyone know what font he uses?
Let’s GOOOOOO 🎉🎉🎉🎉🎉🎉
finally bro
MORE TUTORIALLS WE SHALL SEE
Imagine calling pantaloons trousers LuL
that's my goat right there
all your syscalls are belong to us
finally
Thats cool but how do I get free robux
YOU THINK I'M AT *THAT* LEVEL, MIKA? THAT'S TOO ADVANCED FOR ME!1:$!$:
how to modify exploit code
Can anyone link the equivalent of this but on Mac plz 🤗
thanks crow
it's my pleasure
whats your font in vs?
+1
heyyo you're alive ?
YESSIR!!! :)
yo man nice nickname
thank you RAVEN, nice nickname as well, RAVEN :>
MOB PSYCHO 100!
What do you mean ?
@@fodk7021 its anime.
@@hell0kitje yes but where is it in the video.
@@fodk7021 its in thumbail
@@hell0kitje I thought it was midoriya from my hero academia
Bro!!!
I'm not gonna lie, i didn't understand almost anything from the video, this "layer" of execution in assembly code and things written in hexadecimal gave me a headache, great video anyway!
Lmao just thought about you yesterday
hot
Nice
ur the best
bro.. iam from bangldesh ..plzz make more video
ah yes here i am again
and i'm so happy u are
crow is so sexy
a group of crows are called a murder... are we, as your fan base... murderers?
psst hey kid, wanna buy some skooma?
WTF 9:56 😂😂😂😂😂😂😂😂
Lmao. Urien spotted.
I don't understand what you're trying to achieve. You can't do "useful" functions such as virtualalloc or openprocess to modify processes' memory without admin access.
Inline assembly works in VS2022 just fine.
I was thinking rax is the GetProcAddress but its a special number. That makes using syscall even more pointless.
unsigned long long count = 9;
__asm {
mov rax, 31H
lea r10, count
xor edx,edx
xor r8d, r8d
xor r9d, r9d
sub rsp,40
syscall
add rsp,40
}
std::cout
do you have a job?
what is it?
Holy shit! I thought yt assasinated him!
THEY GOT REALLY *REALLY* close 😓 still have more videos to make, can't stop now :')