📚
OpenRCE
is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.
About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
j00ru
's Blog
Created: Sunday, August 30 2009 07:19.09 CDT
Printer Friendly ...
TraceHook v0.0.1 release
Author:
j00ru
# Views:
5390
I have recently released a small project called TraceHook.
It is supposed to control the CreateProcess/TerminateProcess events and dump the desired processes if marked as malware, from kernel-mode.
There is still really much to do, but still I wanted to share the current piece of code - any comments are very welcome!
You can read more about it
on my blog
;>
Blog Comments
djnemo
Posted: Monday, August 31 2009 08:06.43 CDT
mybe its basic question but :-p
How to open .bin file ?
j00ru
Posted: Monday, August 31 2009 13:57.13 CDT
@djnemo - Double click and select your favourite hex editor ;>
No, seriously, the memory dumping mechanism is currently as straightfoward as it's only possible - no internal file format is implemented by now.
The dump contents are simply all the readable memory pages written down to a file, without any further processing. My plans include adding an option like MiniDumpWriteDump, but the original idea was to produce raw, complete dumps to perform some "behavioral" analysis on - i.e. ripping suspicious image files present in the malware memory etc.
Add New Comment
Comment:
There are
31,328
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}