charlie
March 15th, 2012, 10:43
Hi guys,
I was analysing a worm which injects into legit processes like explorer.exe,svchost.exe etc. I can find out to which process it injected by using tool like prohack. I wanted to know if there is a way to find out which exe(full path of the injected exe) injected into the process by examining the memory. I tried to attach the injected process to the debugger and examine , but i'm not sure where to set the breakpoint and find the right path to the injected exe.
Is any one aware of doing it or done something like this before. Please advise
Thanks in advance.
charlie
I was analysing a worm which injects into legit processes like explorer.exe,svchost.exe etc. I can find out to which process it injected by using tool like prohack. I wanted to know if there is a way to find out which exe(full path of the injected exe) injected into the process by examining the memory. I tried to attach the injected process to the debugger and examine , but i'm not sure where to set the breakpoint and find the right path to the injected exe.
Is any one aware of doing it or done something like this before. Please advise
Thanks in advance.
charlie