Skip to main content
Cybersecurity
Fig. 1 | Cybersecurity

Fig. 1

From: Hypervisor-assisted dynamic malware analysis

Fig. 1

NtOpenFile third parameter information hierarchy in a x86 Windows system. The ObjectAttributes parameter points to an OBJECT_ATTRIBUTES structure. A field named ObjectName is located at an offset of 8 bytes in the OBJECT_ATTRIBUTES structure. This field points to a UNICODE_STRING structure. A field named Buffer is located at an offset of 4 bytes in the UNICODE_STRING structure. This field points to the unicode string “C:\Windows\Notepad.exe”

Back to article page