About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
j00ru
's Blog
Created: Sunday, August 30 2009 07:19.09 CDT
Printer Friendly ...
TraceHook v0.0.1 release
Author:
j00ru
# Views:
3940
I have recently released a small project called TraceHook.
It is supposed to control the CreateProcess/TerminateProcess events and dump the desired processes if marked as malware, from kernel-mode.
There is still really much to do, but still I wanted to share the current piece of code - any comments are very welcome!
You can read more about it
on my blog
;>
Blog Comments
djnemo
Posted: Monday, August 31 2009 08:06.43 CDT
mybe its basic question but :-p
How to open .bin file ?
j00ru
Posted: Monday, August 31 2009 13:57.13 CDT
@djnemo - Double click and select your favourite hex editor ;>
No, seriously, the memory dumping mechanism is currently as straightfoward as it's only possible - no internal file format is implemented by now.
The dump contents are simply all the readable memory pages written down to a file, without any further processing. My plans include adding an option like MiniDumpWriteDump, but the original idea was to produce raw, complete dumps to perform some "behavioral" analysis on - i.e. ripping suspicious image files present in the malware memory etc.
Add New Comment
Comment:
Active in Last 5 Minutes
waleedassar
There are
28,220
total registered users.
Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17
Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr
Recent Blog Entries
waleedassar
Feb/06
OllyDbg v1.10 And Hardware ...
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
waleedassar
Jan/13
An OllyDbg Bug Disables Sof...
waleedassar
Jan/01
Another OllyDbg Anti-Debug ...
More ...
Recent Blog Comments
NirIzr
on:
Feb/05
Yet Another Anti-Debug Trick
trolotou
on:
Feb/05
Doudoune Moncler -Pennies F...
waleedassar
on:
Feb/01
Yet Another Anti-Debug Trick
NirIzr
on:
Jan/31
Yet Another Anti-Debug Trick
jackchen
on:
Jan/10
nike mercurial vapor iii
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}