Malware Development: Processes, Threads, and Handles
#Malware #Development #redteam
Welcome to Malware Development Fundamentals! This is the first part in a series where we explore common techniques, tools, and procedures (TTPs) used in the context of malware development. I will be adapting all of my blog posts on the subject of what I've learned so far in regard to this subfield of hacking, therefore, if you'd like to get a step ahead, before everyone else, consider reading more on my blog! crows-nest.gitbook.io/
Thank you, guys, SO MUCH for bearing with the time that it took to get this video out, during the recording/editing of this video, my AIO cooler actually broke so I had to risk my CPU's health (pretty sure it's irrevocably destroyed at this point but, the show must go on) to get this video out. Also, thank you guys so much for getting the channel to 1,000+ subscribers! That's just horrifying (and insanely exciting) to me, and I'm currently working on a Q&A special for it! Stay tuned :"D
I love you guys, enjoy.
⚠️ Disclaimer:
The information presented in this video is for educational purposes only. It is not intended to be used for illegal or malicious activities. The creator and any individuals involved in the production of this video are not responsible for any misuse of the information provided. It is the responsibility of the viewer to ensure that they comply with all relevant laws and regulations in their jurisdiction.
🔖 My Socials:
avatar/mascot made with picrew: picrew.me/en/image_maker/1108773
- full credits to the artist: / mimisentakosen
- visit her shop: coconala.com/services/1871766...
official discord server: dsc.gg/crow-academy
crows-nest.gitbook.io/
github.com/cr-0w
/ cr0ww_
💖 Support My Work
/ cr0w
ko-fi.com/cr0ww
www.buymeacoffee.com/cr0w
Join this channel to get access to perks:
/ @crr0ww
📹 Videos/Channels Featured:
/ @x0reaxeax
/ @peppidesu
• Writing process memory...
• Windows backwards comp...
• I Wrote A Program To O...
❤️ Websites Featured:
crows-nest.gitbook.io/crows-n...
learn.microsoft.com/en-us/win...
cocomelonc.github.io/
blog.xpnsec.com/
www.ired.team/
mohamed-fakroud.gitbook.io/
The images and music used in this video are used under the principle of fair use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. I do not claim ownership of any of the images/music and they are used solely for the purpose of enhancing the content of the video. I respect the rights of the creators and owners of these images and will remove any image upon request by the rightful owner.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing.
🕰️ Timestamps:
00:00 - Intro
00:43 - Malware Development Series
01:24 - Prerequisites
02:43 - Processes
08:09 - Threads
10:12 - Handles
11:39 - Windows API
13:39 - Windows API: MessageBox
22:33 - Windows API: CreateProcess
30:30 - Homework
31:02 - Outro
*CORRECTIONS/UPDATES/ETC.* THEME: Mayukai Reversal FONT: Iosevka (not in the video, but I'm using it now, and trust me, you'll love it) TYPING EFFECTS/ANIMATIONS: "Power Mode" from Visual Studio Marketplace 16:12 - I misspoke here, didn't mean to say "scripts." I meant "programs." Sorry about that! My brain was going through a segfault while making this video, so please pardon me if I say something stupid (still learning here as well :')). 20:34 - Once again, I misspoke here, I meant to say "L prefix" instead of "L macro", since "a character literal that begins with the L prefix is a wide-character literal". 21:19 - So, the MessageBox macro itself is set to MessageBoxW in the Win API, and it doesn't matter which compiler/ide you are using. When you use the MessageBox macro, the preprocessor will use either MessageBoxW or MessageBoxA, depending on the presence/absence of the *UNICODE/_UNICODE* preprocessor symbols. By default, in Visual Studio, new projects have UNICODE/_UNICODE defined so the MessageBox macro expands out to the MessageBoxW example we saw in the video. Thanks, @proferk! :) 25:42 - While this was true for Windows 10, in Windows 11, "MSPaint" has become a "Universal Windows Platform (UWP) app" and so, the location of this file is different. However, you could get the classic paint back with some tinkering, if you search for it. Thank you once again, @proferk! I'll be sure to add more as I come across them, thank you guys for bearing with me!
pin this comment
I've been getting more into programming lately and while I have no interest in malware, it's still fascinating to learn how things work in more detail. The way you explain things, keeping a good solid pace with no downtime, mixed with a good amount of humour and fun simple edits to keep the viewer engaged, I think you deserve a lot more attention! I had this video open from within a day of you posting it but just got around to finishing it now. Pleased to see you already made about 5k subscribers in that time, and I hope that incline keeps up.
@@darius_defiant thank you so much. seriously. comments like this make all of this all so worth it. i appreciate you taking the time to write out this message. it means so much to me
"My brain was going through a segfault", I feel you buddy
what you use for creatinfg video and effects. really loved it .
This windows malware development tutorial was approved by the Linux Community! Keep it up!
True Linux enthusiast, writes Windows with a small 'w'.
@@janoslaszlovasik9161 and Linux correctly ^^
A man of culture 😂
"The Linux Community" = probably runs some hipster flavor of Linux that doesn't last 3-5 years
@@BangBangBang. old = good
I remember getting into C/C++ development and struggling with how complicated the windows API is. Glad to see nothing has changed.
I was shaking and crying in the shower while trying to learn it but I find comfort in that I am not alone in this journey.
you get the constant inner voice: I could learn quantum physics instead and it would feel like an accomplishment compared to know the obscurity of some OS
@@opus_X take a fucking OS course, it's not that hard.
You should have seen it when it wasn't properly documented and you had to find your hooks the hardway. I have trust issues because of it.
@@xrunner55 gosh
as a new computer science college student with past experience with programming and cybersec, I am thrilled to see this developed into a full series, it's really inspirational for me right now
I like bugs
I like your profile picture! ^-^
5:50 Hi, uni kiddo here. Your CPU can only do up to number of things at once. To give the illusion it can do more than that, it has what is called a "scheduler", which keeps track of the gazillion things your cpu should take care of and puts them in a nice ordered queue. *If you assign a higher priority to a process, the scheduler will allow that process to skip the queue and be executed sooner when other processes take too long* . Edit: i didn't expect you to go more in-depth on this specific topic, good job.
Boring shut up nerd (jkjk great pointpepsi)
@*S U C T I O N* how about you talk better smart ass
Correct explanation but there's one thing: core count does not equal the amount of threads. It differs from cpu to cpu and nowadays most cpu's support 2 threads per core
lil bro forgot about hyperthreading and pipelining.
.. you're making video about developing malware... .. yet you can't even define super basic things like API ... Is this coding comedy channel ?
Thank you yt algorithm for working properly for once and showing me this channel
The amount of work that is being put into these videos is unbelievable. The explanations and overall script of the video is super fun and engaging!!
This is some S Tier cybersecurity content you have! There aren't much channels out there to learn the craft but yours made it quickly to the top off my list
This is one of the best video tutorials on this subject that I've seen so far. It's good, concise, goes to the point, entertaining and actually a break from the more motonous security focused tutorials. Keep up the good work, waiting for the next video.
This is such an awesome introduction! The formatting makes it so easy to understand what would otherwise be boring and complex topics, looking forward to the next one! 💜
:'(
Just started doing cybersecurity at university but it doesn't involve actual malware development, just theory. So glad I found this channel, full of great content.
I'm so glad I bumped into this video after having learned concurrent systems and microprocessor programming at college, so I can actually understand everything you are teaching us here. Keep this up! The blog is also extremely well written!
thank you so much! :D im so glad you liked it (and the blog too :p) i appreciate it
This is stuff that I already knew, but this video delivers the knowledge way faster that the few weeks it took me to learn this on my own. Very interested in what is to come.
aw man that’s so great to hear! yeah, this video was intended for all levels; trying to make this as clear as i can for everyone :D thank you so much for the nice comment!
Extra fun fact, the guy that originally made the task manager has a KZhead channel called "Dave's Garage", that also has lots of interesting stuff to learn
:O i’ll def give him a look, i’ve heard of dave’s garage a couple of times; had no idea that he freaking made the task manager tho that’s insane! tysm for commenting :D
@@crr0ww no problem :D
What seriously? When the guy said he could probably make a windows app in just machine language I thought he was a big shot.
I'm really looking forward to the series! Already loved the in-depth explanation here even though I already knew most of things.
I just accidentally stumbled across this channel. Thanks to the algorithm gods. And by God this is the longest I have been indulged So much in a video. The way you simplified things for a beginner like me made me so much more interested that I also went to read more about the process and threads. Thanks man.❤
thank you so so so much for the super kind words, i appreciate it so much! i’m glad you found some use out of this video :D
Yes, same here and the way he explains things ♥️, thanks crow
My god finally a good explanation of processes, handles and threads, I knew most of it but missed so many tiny information and that changes everything. Keep up the good work my friend you're a really good teacher
wow, finally a video that doesn't stop at the surface level definitions and goes into some depth with witty commentary. love it!
This is so freaking cool, I've waited waaay too long for a channel who does content like this and shows it in an entertaining way, peace my dude
aw thank you so much! that means so much to me :’D
@@crr0ww I'm also working on an irc botnet example in python (very impractical but I probably can do way more in it than in any other language) probably gonna take a lot of inspiration from the video series
I love your editing style - made the content so easy to consume
Beta consoooomer vs alpha programmer
I disagree, I feel the opposite. The content is jumpy and all over the place, and really could be condensed into a blog post
You sir, have a gift. I have never seen someone explain these concepts in such an entertaining way. Brilliant video
Yesterday i started malware dev. Today i logged in to an account i hadnt used in months and opened youtube. I see this on my home feed. Illuminati confirmed
GET THE TINFOIL HATS; aluminum naughty is everywhere 😰
Seems like the algorithm wants to bless you my guy.
never have i subbed sooner. i rarely feel like i’ll love a YTers content by the first 30 seconds but i am instantly loving it. your vibes, you’re funny, the topic is extremely fun to learn about (i’m a software dev). keep it up!! i love this
one of the best tech related videos ive ever seen, the pace, editing, and content places me exactly in a cutting edge subject and keeps me engaged. other creators would be wise to take note
KZhead recommendations actually giving me good videos! Glad that I could find this since WinAPI was one of those subjects that no one really talked about, but can be so powerful (for both good and bad, so maybe a bit of a taboo topic too haha). Sticking around to hopefully see more come out of this series!
Dude you really deserve more subscribers. Your content is great as hell.
Although I understand all the concepts, I really enjoyed the way you described everything and with detail. Please continue ✅
This is one of the best CS videos I’ve seen. Super engaging and very informative.
Man you're brilliant, I remember when I started learning reverse engineering and all I had were those mumbling alien-like books that were torture to read, you're a rescue from heavens for anyone starting, I wish you existed earlier
Keep going with this series please! Really enjoyed it and it’s breeze to watch! Well done
I really enjoyed this, some really great insight. You are a good teacher! I hope you will continue this series, great work and keep it up!
this is by far the most absorbable learning i've ever experienced in my life... damn dude you are an amazing teacher, i was engaged the entire time. most IT-field-ish videos consist of some white dude staring into a camera speaking for half an hour in the most monotone voice and just makes you want to end it all lmfao
this is huuuge , many many years of experience dumped into a informative and funny video - great work !
11:25 crow you know we want an alphabet with crow video now
🚨NEW SERIES ALERT 🚨
This is the next big thing on KZhead.. you are soo good at explaining these complex ideas. Keep em coming
Kids don't wanna learn that they wanna learn Python. It brings a tear to my eye seeing you do this I'm so proud.
Crow the editing is so good 😭😭😭 Video's fire like always 🔥🔥🔥🔥
thank you so much, jessi
This is some entertaining and useful information. You make this stuff super fun! Keep this stuff up dude, it's good content!
I love your style! And your introductory explanation of RSA math was perfect. I will be around for the series 🤝🏻
thank you so much! that’s so kind of you :D
this is the new way that education should/will be done. it's impossible to sit through 20-30 minutes of dry educational video but stuff like this and what patrick collins does is great
0 attention span zoomer moment
@@AnotherVGP i can't help if something doesn't interest me, and whatever's going on in my mind is more interesting instead
the plastic water bottle is my favorite character of this series. can't wait for season 2
the main antagonist of my videos XD thank you so much for commenting! :)
You sir are a genius. Used to toy with these Win32 API documentations when I was younger and had pretty much forgotten most of it - when I came across your video. That was nearly two decades ago and seeing your video brings back some fond memories. Thank you! AND YOU EXPLAINED IT MAGNIFICENTLY. Haven't seen anyone doing it better. If only we had KZhead and people like you to teach us back in the days rather than the CHM and books that we dug through ...
He is a genius, he explained what we used 20 years ago. You guys....
It crazy how such a seemingly thorough, well made, and high effort video like this didn’t pop off. Keep up the good work!
??? 130k views is pretty popped off
Just found you and boy you are a legend. I'm not even bored watching a system development video
Such a great video! Can't wait to see the next episodes! Really useful to grasp windows internals :)
Thank you for the opportunity
You are witty in a nerdy way. Liked the line: Ram be gone I mean chrome.
Exciting af, proud sub!
Cant wait to use this newfound knowledge for educational purposes only
dude, if there's something I hate in Infosec - it's memory and all that hangs around it... allocation, winlocation, heap-location, trepidation .. even boob-location - but I like your style and heck, let's give it another go... excellent style of content creation.. everybody who wants to dwell into processes and threads should go to your school of "present with humor or ... ***& *** ... go to web exploits". keep 'em coming
Damn did I just found a coding youtuber that goes into depth and explains things throughly? AND FUNNY ASWELL??? Subbed. Looking forward to the next video! Now I'll go and binge watch all of your previous videos :)
AAAA MY HEART, thank you so much :’)
Ok now this is epic
Looks like you've not checked many channels but this fella is nice nonetheless
Same thing here. I haven't clicked the subscribe button so quickly in a long time.
You know what's best? no Indian accent.
Just found this channel, seems like a hidden gem!
This is amazing bro! Keep it going, looking forward for next part
Learned a lot but most importantly, kept smiling the entire time. Please don't stop making these. :)
❤️🥹
Great video! really looking forward to part 2
I'm watching this so that I can defend myself against malware and for no other reason, thank you.
Dude this is exactly my internship subject 🎉🎉🎉🎉 ( already did most of the work but it is nice to see the algorithm finally suggesting something i will TRULY APPRECIATE) (BZ SUCH VIDEOS ARE A SIGN OF A MAN WHO UNDERSTOOD HIS SHIT COMPLETELY AND NOT JUST READ ABT IT AND APPLIED IT ) NOICEEE
Bro you don’t have to apologize. Unfinished side projects and unfinished curations is part of this lifestyle m. Ya heard!
This is both incredibly entertaining and educational. I was chuckling all the way through taking notes lol
I think this is the very first time i will actually SMASH that like button, comment and sub! For sure sharing your videos to others that are in the industry as well. Great work man!
i appreciate you!! thank you so much! :D ❤
Very informative and presented in a way that isn't hard to digest. Very good video, keep it up !
KZhead recommendations, thank you. I don't comment much on vidoes, but I had to on this one. The editing is splendid and very much attended to detail. Only 3:47min in and I'm already hooked even when I wasn't gonna watch this. Keep up the good work. Hopefully this video blows up more and you'll get a bigger audience, you deserve it.
thank you so much for commenting, epi. you just made my entire day. i appreciate it so much ❤️🥹
Damn, i wish my lectures explained the way you explained 😢...
One of the best engaging content for malware devlopment series. Keep going and keep helping ❤
Your videos are nothing but amazing. So fun to watch and very informative. Thanks for doing this, please, keep it going!
I was only tangentially interested in this video because of the big M word. I'm not new to many of the concepts you described, but definitely my IT profession is not in M word analysis, reversing, design, programming in C, or working with Windows' API. I even procrastinated watching this because of the 30 minute runtime. This was the most interesting and engaging informational video I have ever enjoyed.
i really REALLY appreciate that, Ghoul. thank you so much, comments like these make all of this so so so worth it. i’m glad you enjoyed it :) ❤️
Hardcore programmer here :D --- I approved your tutorial so useful information
This was a great video. Good balance of derp and knowledge. I look forward to watching more! Btw, nice thumbnail too.
hehe thank you so much! :)
Just got recommended this, really cool video. This channel has so much potential! Also your voice is very soothing :)
aw thank you so much! that makes me really happy to hear :) thanks for watching and commenting!!
please continue with this series!
Best youtube video I`ve seen in a while. Lots of information and supper funny
Saving this to my watch later in case I need this information later
I have been looking EVERYWHERE for this type of content :D
well done buddy keep it up, can't wait for the next one
I was just studying Win32 apps this semester and i stumble upon this... Pure joy
This is a great video! Both very educational and entertaining.
Awesome video! Love to see some new creators, especially in the malware field!🔥👀
: O IT’S YOU! I LOVE YOUR VIDEOS ❤️❤️ (and thank you so much! :))
New subscriber. You earned it. Keep up the witty content, crisp editing and educational content. I especially like how you are not afraid to give provocative opinions. Most tech content creators are.
My favorite crow and rat. Top notch content
aw thank you so much!! :D
Windows API is very well documented! Mad respect for Microsoft because of it.
This is definitely an underrated channel. Subbed. Edit: bruh, screw working right now, gonna binge out on this 🍿
You’re like the meme version of Ben Eater. Great video Crow, I throughly enjoyed your explanations. Subscribed!
that's literally the best compliment i've ever received in my life. thank you so much
well put,
great video, im looking forward to the next ones!
You should upload more videos based on your knowledge this is amazing !
imagin in the next outro you can say close to 10'000 subs KEKW Nice video btw can't wait for the next one
Great video. It's nice to see something unique in CS content :)
Good lord this channel is going to blow and i am happy to find it at it's early age new SUB!!!
it is going to puff up a lot due to the quality, yet I think blow up could only be used in channels related to the mainstream, more peaople are going to look for tik tok dances instead of valuable knowledge, sadly.
So good!! I also appreicate the humor as it's right up my ally. So excited to see your next video!
From 1000 to 25000 subs in 12 days 😮 amazing man! keep it up
wow truly amazing
crazy, crazy the MIT Quantum mechanics course only gets about 50k views, this must be very valuable knowledge 0-0
Underrated channel.. pretty funny...makes boring shit less boring
that’s the plan ;) tysm for commenting! ❤️ :D
Wow, this is very nice. Awesome video, awesome explanation, thank you for this great intro to malware development, I can't even imagine the amount of OSCE's that will arise from this sort of videos. One more sub
You're literally best teacher I'd ever seen, I was watching this tutorial while my online class was going on and you know what I forgot about my class and was absent at the time of attendance. Lol : ) Loved this amazing tutorial............Let's focus on the assignment know : ) Subscribed !
I'm glad KZhead recommended your video
This is a very good refresher for Operating Systems concepts and principles. I checkout your channel and I see that you have very high quality videos, instant subscribe.
Thanx, crow. This is a good channel that im glad to have found.
How in the hell do you only have 3k Subscribers? I guarantee you you´ll blow up this year
This is also a really nice video on just processes, threads, etc.
i've been working with application security and pentesting and for some time I wanted to learn some malware dev, this video was the perfect start for it. it was really well done, thanks
Could you tell me which skills i have to get to become app security!?please
Could you tell me which skills i have to get to become app security!?please
I like all these new bird channels my yt is recommending me now