Topic created on: January 8, 2013 02:10 CST by legola .
Hi, i'm analyzing a malware that call CreateProcess (CREATE_SUSPENDED) function to create a new iexplore.exe process, use VirtualAllocEx, WriteProcess Memory and CreateRemoteThread to inject its code in it. I'm trying to attach the suspended process to windbg before CreateRemoteThread is call but i have problems. WinDBG say me that the process is invalid, or something like this.Is there someone can help me ? Thank you