Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: win32-process-hide infected with mal/packer?

by bulk88 (Priest)
on Feb 02, 2013 at 20:24 UTC ( #1016749=note: print w/ replies, xml ) Need Help??


in reply to win32-process-hide infected with mal/packer?

Read the description of what the module does. Then ask what would any antivirus maker do?

edit: after more research the problem is the injected DLL is included as a binary blob, GCC compiled, but that DLL was packed (why???). Ask the author why the DLL isn't built at perl compile/install time. The DLL is intended I guess for injecting into non perl processes, so an XS DLL wouldn't work to inject into a process without an interp.

edit: it appears not all the code in the DLL is in the included main.c file


Comment on Re: win32-process-hide infected with mal/packer?
Re^2: win32-process-hide infected with mal/packer?
by LanX (Canon) on Feb 02, 2013 at 20:31 UTC
    > Read the description of what the module does.

    As mentioned I already did!

    But Mal-Packer seems to be another beast.

    Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1016749]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2015-07-03 21:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (56 votes), past polls