Debugging Explorer


Author: David Zimmer
Date: 10.15.10 - 3:58pm



I dont know why i never thought of this before..

So often you get a little nasty which injects code into explorer.exe Debugging explorer can be annoying because it will freeze the desktop when you might want to do something on it like open a file or browse a directory or whatever.

Usually i have to ctrl alt delete to bring up the task manager to use its run command to launch notepad for notes, or use alt tab to bring up the switch process dialog.

so today I am working on one which has a userland rootkit, so I let it install under a guest account so I am free to hose with it from the admin desktop without any rootkit stuff to bog me down. (this is a nice trick in itself) then i have ot take a look at the guests explorer.exe and I realize this trick also works great for this circumstance too.

one little note worth mentioning though..if you have to go over to the infected guest account to do some interaction to try to trigger an action, and you hit a breakpoint from olly on the admin desktop..you can ctrl alt delete to bring up the task manager, and then choose switch user from the shutdown menu.

that makes life a little bit nicer




Comments: (0)

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 8 + 68 = ? followed by the letter: E 



Twitter
RSS
About Me
More Blogs
Main Site
Posts: (All)
2020 ( 7 )
2019 ( 12 )
2017 ( 5 )
2016 ( 4 )
2015 ( 6 )
2014 ( 5 )
2013 ( 9 )
2012 ( 13 )
2011 ( 19 )
2010 (11)
     Retro XSS Chat Codes
     Exe as DLL
     Olly Plugins
     Debugging Explorer
     Attach to hidden process
     JS Refactoring
     Asm and Shellcode in CSharp
     Fancy Return Address
     PDF Stream Dumper
     Malcode Call API by Hash
     WinDbg Cheat Sheet
2009 (1)
     GPG Automation