Attach to hidden processAuthor: David Zimmer Date: 10.05.10 - 5:06pm there is probably a way to do this with an olly plugin, but here is a native way..if you have a process which hides itself (i am assuming userland rootkit in this case) you can use ollys "just in time debugging" command line support to attach to it even though its not visible in the process list. first you have to get its pid though. I used my gdiprocs from the malcode analyst pack. then you can goto a command line and ollydbg -AEDEBUG [decimal pid] 1 Note this even works if you are dealing with a process created in a suspended state and being injected into. In this state olly will not show it in the attach to menu, but you can attach to it using this technique. Comments: (0) |
About Me More Blogs Main Site
|
|||||||||||||||||||||||||||