Not exactly sure how to answer question 2 of the Guided Exercise for the “Malware Analysis Basics” course. I tried the Hex values at the location, I tried converting values separated by null bytes into decimal values, etc. Any idea what is expected or how to arrive at the correct answer?
The question is asking for the memory address of the start of the killrbp function decompiled in Ghidra.
I have a problem looking for the first IP address in “Sample 1”, I have done all the procedures but I can’t see the sample in the list of each process. Can you help, I need badly help on this. Thank you
