![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
by Joanna Rutkowska / Advanced Malware Labs
In a nutshell:
- Allocate lots of memory to cause unused drivers code to be paged
- Replace the paged out code (inside pagefile) with some shellcode
- Ask kernel to call the driver code which was just replaced
алсо, powerpoint presentation from microsoft на аналогичную тему.
In a nutshell:
- Allocate lots of memory to cause unused drivers code to be paged
- Replace the paged out code (inside pagefile) with some shellcode
- Ask kernel to call the driver code which was just replaced
алсо, powerpoint presentation from microsoft на аналогичную тему.
(no subject)
Date: 2009-09-03 11:39 pm (UTC)(no subject)
Date: 2009-09-03 11:45 pm (UTC)(no subject)
Date: 2009-09-03 11:45 pm (UTC)(no subject)
Date: 2009-09-03 11:49 pm (UTC)(no subject)
Date: 2009-10-08 08:30 am (UTC)(no subject)
Date: 2009-09-04 01:09 am (UTC)(no subject)
Date: 2009-09-04 01:28 am (UTC)или просто внимательно перечитай материал по ссылкам, которые я дал :)
(no subject)
Date: 2009-09-04 02:21 am (UTC)(no subject)
Date: 2009-09-04 06:29 pm (UTC)(no subject)
Date: 2009-09-04 05:46 am (UTC)