Stealthy Profiling and Debugging of Malware
 Jason Raber (jraber) <jnraber yahoo com> |
Thursday, August 18 2011 10:01.06 CDT |
Here is a Windows driver I developed that I presented at Blackhat this year. Enjoy
Hades is a tool for dynamic application analysis on Microsoft Windows-based systems. It has function hooking capabilities similar to those of Microsoft Detours and WinAPIOverride (WAO), and it can also function as a debugger. It was developed to allow analysis of malware binaries that were able to detect Detours and WAO.
https://github.com/jnraber/Hades
Comments
 ROH |
Posted: Thursday, August 25 2011 16:26.20 CDT |
| Does it work with Windows 7? | |
 jraber |
Posted: Wednesday, August 31 2011 08:39.43 CDT |
|
I haven't had a chance to test that yet. Most of the time I am looking at malware on XP, however, in the next couple of weeks I will be looking at some on 7. As long as DEP is turned off it should work. Will let you know in a few weeks for sure Jason Raber |
|