Search found 20 matches

by Mut4nt
Sat Dec 29, 2012 6:58 am
Forum: Malware
Topic: Bootkit: Win32/Gapz
Replies: 23
Views: 27728

Re: Bootkit: Win32/Gapz

This crap looks like that was made by skiddies
by Mut4nt
Tue Dec 18, 2012 1:53 am
Forum: Completed Malware Requests
Topic: Tigger/Sizor samples
Replies: 1
Views: 1614

Tigger/Sizor samples

Hello,
I'm looking for Tigger/Sizor samples
http://www.techrepublic.com/blog/securi ... rokers/960

Could anyone share few samples/versions please?
I didn't found any sample in here
by Mut4nt
Tue Dec 04, 2012 7:58 am
Forum: General Discussion
Topic: [Poll] Size of malware collection
Replies: 23
Views: 64379

Re: [Poll] Size of malware collection

70 GB of malware including ms-dos viruses, even it's too small :P
by Mut4nt
Tue Nov 27, 2012 8:09 pm
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Re: Monitoring Processes on Windows NT from Usermode (x86 &

The another one is hook up the CsrCreateProcess from windows Subsystem ( The most of us we know it maintains a structure with information pe each process running on the user account ) how about stop lame hooking? :mrgreen: some more reliable solution? sure, this one: Process thread creation notific...
by Mut4nt
Sat Nov 24, 2012 9:03 pm
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Re: Monitoring Processes on Windows NT from Usermode (x86 &

EP_X0FF wrote:
Mut4nt wrote:On Windows 8, it's created the most in usermode ( on XP from kernel mode ) by the way.
Who?
Nervermind, sorry I'm talking about some function from windows subsystem.
by Mut4nt
Fri Nov 23, 2012 10:15 pm
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Re: Monitoring Processes on Windows NT from Usermode (x86 &

The another one is hook up the CsrCreateProcess from windows Subsystem ( The most of us we know it maintains a structure with information pe each process running on the user account )

On Windows 8, it's created the most in usermode ( on XP from kernel mode ) by the way.
by Mut4nt
Sun Nov 11, 2012 5:13 pm
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Re: Monitoring Processes on Windows NT from Usermode (x86 &

its good doing something mutant, thanks.. but how to say... no offense... if it were posted 10-12 years ago then something like it would be worth.. somehow. But in 2012 year post about inline hook? Well as we know on Windows NT there is no callback function ( From user mode ) to do this task thats ...
by Mut4nt
Sun Nov 11, 2012 8:22 am
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Re: Monitoring Processes on Windows NT from Usermode (x86 &

Hi EP_X0FF, I don't know if you read my post,well, I quote itselft: that is responsible for many tasks including the initiation of all programs the user requests (not processes created by other programs, services, drivers), assigning a token, priority and so on. Of course that any program can to cre...
by Mut4nt
Sat Nov 10, 2012 6:01 pm
Forum: User-Mode Development
Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64)
Replies: 19
Views: 39909

Monitoring Processes on Windows NT from Usermode (x86 & x64)

Well as we know on Windows NT there is no callback function ( From user mode ) to do this task, although there are implementations that can do it. For example, we can use the callback that Windows OS provides us to monitor all the windows that are created then obtain their handles, get the process I...