Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: win32-process-hide infected with mal/packer?

by bulk88 (Priest)
on Feb 02, 2013 at 20:24 UTC ( #1016749=note: print w/ replies, xml ) Need Help??


in reply to win32-process-hide infected with mal/packer?

Read the description of what the module does. Then ask what would any antivirus maker do?

edit: after more research the problem is the injected DLL is included as a binary blob, GCC compiled, but that DLL was packed (why???). Ask the author why the DLL isn't built at perl compile/install time. The DLL is intended I guess for injecting into non perl processes, so an XS DLL wouldn't work to inject into a process without an interp.

edit: it appears not all the code in the DLL is in the included main.c file


Comment on Re: win32-process-hide infected with mal/packer?
Re^2: win32-process-hide infected with mal/packer?
by LanX (Canon) on Feb 02, 2013 at 20:31 UTC
    > Read the description of what the module does.

    As mentioned I already did!

    But Mal-Packer seems to be another beast.

    Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1016749]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (9)
As of 2014-07-28 06:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (189 votes), past polls