A forum for reverse engineering, OS internals and malware analysis 

Search found 20 matches

 Go to advanced search

Re: Bootkit: Win32/Gapz

 by Mut4nt ¦  Sat Dec 29, 2012 6:58 am ¦  Forum: Malware ¦  Topic: Bootkit: Win32/Gapz ¦  Replies: 24 ¦  Views: 31238

This crap looks like that was made by skiddies

Tigger/Sizor samples

 by Mut4nt ¦  Tue Dec 18, 2012 1:53 am ¦  Forum: Completed Malware Requests ¦  Topic: Tigger/Sizor samples ¦  Replies: 1 ¦  Views: 1850

Hello,
I'm looking for Tigger/Sizor samples
http://www.techrepublic.com/blog/securi ... rokers/960

Could anyone share few samples/versions please?
I didn't found any sample in here

Re: [Poll] Size of malware collection

 by Mut4nt ¦  Tue Dec 04, 2012 7:58 am ¦  Forum: General Discussion ¦  Topic: [Poll] Size of malware collection ¦  Replies: 23 ¦  Views: 66181

70 GB of malware including ms-dos viruses, even it's too small :P

Re: Monitoring Processes on Windows NT from Usermode (x86 &

 by Mut4nt ¦  Tue Nov 27, 2012 8:09 pm ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

The another one is hook up the CsrCreateProcess from windows Subsystem ( The most of us we know it maintains a structure with information pe each process running on the user account ) how about stop lame hooking? :mrgreen: some more reliable solution? sure, this one: Process thread creation notific...

Re: Monitoring Processes on Windows NT from Usermode (x86 &

 by Mut4nt ¦  Sat Nov 24, 2012 9:03 pm ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

EP_X0FF wrote:
Mut4nt wrote:On Windows 8, it's created the most in usermode ( on XP from kernel mode ) by the way.
Who?
Nervermind, sorry I'm talking about some function from windows subsystem.

Re: Monitoring Processes on Windows NT from Usermode (x86 &

 by Mut4nt ¦  Fri Nov 23, 2012 10:15 pm ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

The another one is hook up the CsrCreateProcess from windows Subsystem ( The most of us we know it maintains a structure with information pe each process running on the user account )

On Windows 8, it's created the most in usermode ( on XP from kernel mode ) by the way.

Re: Monitoring Processes on Windows NT from Usermode (x86 &

 by Mut4nt ¦  Sun Nov 11, 2012 5:13 pm ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

its good doing something mutant, thanks.. but how to say... no offense... if it were posted 10-12 years ago then something like it would be worth.. somehow. But in 2012 year post about inline hook? Well as we know on Windows NT there is no callback function ( From user mode ) to do this task thats ...

Re: Monitoring Processes on Windows NT from Usermode (x86 &

 by Mut4nt ¦  Sun Nov 11, 2012 8:22 am ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

Hi EP_X0FF, I don't know if you read my post,well, I quote itselft: that is responsible for many tasks including the initiation of all programs the user requests (not processes created by other programs, services, drivers), assigning a token, priority and so on. Of course that any program can to cre...

Monitoring Processes on Windows NT from Usermode (x86 & x64)

 by Mut4nt ¦  Sat Nov 10, 2012 6:01 pm ¦  Forum: User-Mode Development ¦  Topic: Monitoring Processes on Windows NT from Usermode (x86 & x64) ¦  Replies: 19 ¦  Views: 48503

Well as we know on Windows NT there is no callback function ( From user mode ) to do this task, although there are implementations that can do it. For example, we can use the callback that Windows OS provides us to monitor all the windows that are created then obtain their handles, get the process I...

Re: Malware Requests, part 2

 by Mut4nt ¦  Wed Sep 05, 2012 5:45 am ¦  Forum: Completed Malware Requests ¦  Topic: Malware Requests, part 2 ¦  Replies: 145 ¦  Views: 119046