![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
109by Joanna Rutkowska / Advanced Malware Labs
In a nutshell:
- Allocate lots of memory to cause unused drivers code to be paged
- Replace the paged out code (inside pagefile) with some shellcode
- Ask kernel to call the driver code which was just replaced
алсо, powerpoint presentation from microsoft на аналогичную тему.
In a nutshell:
- Allocate lots of memory to cause unused drivers code to be paged
- Replace the paged out code (inside pagefile) with some shellcode
- Ask kernel to call the driver code which was just replaced
алсо, powerpoint presentation from microsoft на аналогичную тему.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2009-09-04 02:21 am (UTC)(no subject)
Date: 2009-09-04 06:29 pm (UTC)