Attach to hidden process
Author: David Zimmer
Date: 10.05.10 - 5:06pm
there is probably a way to do this with an olly plugin, but here is a native way..if you have a process which hides itself (i am assuming userland rootkit in this case) you can use ollys "just in time debugging" command line support to attach to it even though its not visible in the process list.
first you have to get its pid though. I used my gdiprocs from the malcode analyst pack. then you can goto a command line and
ollydbg -AEDEBUG [decimal pid] 1
and crack that puppy open..