in reply to win32-process-hide infected with mal/packer?
Read the description of what the module does. Then ask what would any antivirus maker do?
edit: after more research the problem is the injected DLL is included as a binary blob, GCC compiled, but that DLL was packed (why???). Ask the author why the DLL isn't built at perl compile/install time. The DLL is intended I guess for injecting into non perl processes, so an XS DLL wouldn't work to inject into a process without an interp.
edit: it appears not all the code in the DLL is in the included main.c file
edit: after more research the problem is the injected DLL is included as a binary blob, GCC compiled, but that DLL was packed (why???). Ask the author why the DLL isn't built at perl compile/install time. The DLL is intended I guess for injecting into non perl processes, so an XS DLL wouldn't work to inject into a process without an interp.
edit: it appears not all the code in the DLL is in the included main.c file
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: win32-process-hide infected with mal/packer?
by LanX (Saint) on Feb 02, 2013 at 20:31 UTC |
In Section
Seekers of Perl Wisdom