Attach to hidden process

Author: David Zimmer
Date: 10.05.10 - 5:06pm

there is probably a way to do this with an olly plugin, but here is a native way..if you have a process which hides itself (i am assuming userland rootkit in this case) you can use ollys "just in time debugging" command line support to attach to it even though its not visible in the process list.

first you have to get its pid though. I used my gdiprocs from the malcode analyst pack. then you can goto a command line and

ollydbg -AEDEBUG [decimal pid] 1

Note this even works if you are dealing with a process created in a suspended state and being injected into. In this state olly will not show it in the attach to menu, but you can attach to it using this technique.

Comments: (0)

Leave Comment:
Email: (not shown)
Message: (Required)

About Me
More Blogs
Main Site
VB6 Reversing
IDA python over IPC
dns wildcard blocking
64bit IDA Plugins
anterior lines
misc news/updates
Decoders again
CDO.Message Breakpoints
SysAnalyzer Updates
SysAnalyzer and Site Updates
crazy decoder
ida js w/dbg
flash patching #2
JS Graphing
packet reassembly
Delphi IDA Plugin
scdbg IDA integration
API Hash Database
Winmerge plugin
IDACompare Updates
Guest Post @ hexblog
TCP Stream Reassembly
SysAnalyzer Updates
Apilogger Video
Shellcode2Exe trainer
scdbg updates
IDA Javascript w/IDE
Rop Analysis II
scdbg vrs ROP
flash patching
x64 Hooks
micro hook
jmp api+5 *2
SysAnalyzer Updates
InjDll runtime config
C# Asm/Dsm Library
Shellcode Hook Detection
Updates II
Java Hacking
Windows 8
Win7 x64
Graphing ideas
.Net Hacking
Old iDefense Releases
hll shellcode
ActionScript Tips
-patch fu
scdbg ordinal lookup
scdbg -api mode
Peb Module Lists
scdbg vrs Process Injection
GetProcAddress Scanner
scdbg fopen mode
scdbg findsc mode
scdbg MemMonitor
demo shellcodes
scdbg download
api hashs redux
Api hash gen
Retro XSS Chat Codes
Exe as DLL
Olly Plugins
Debugging Explorer
Attach to hidden process
JS Refactoring
Asm and Shellcode in CSharp
Fancy Return Address
PDF Stream Dumper
Malcode Call API by Hash
WinDbg Cheat Sheet
GPG Automation