Index
> Windows > More Info Needed In Process Enumeration |
| Author |
|
|
revolution 04 May 2008, 18:41
shakuni wrote: Any ideas? |
|||
04 May 2008, 18:41 |
|
|
ic2 05 May 2008, 19:18
Quote: My first thought was that this tool monitors all the api calls of all the processes and then based on that info it determines the dangerous processes but this can't be true since system processes uses almost same apis that are used by dangerous processes (like accessing registries and files on disk etc.). Any ideas? I don't think any program can tell this unless it is a Trog^n, V<rus or S^yware written program. Quote: Use an anti-virus program.....consume 100% of your time for many years I agree, but I think these days programs has gotten so advance with today's modern technologies that comes out a cracker jack box. For example, in my case: Avira-AV has even attempted to take over my machine with the latest and greatest updates I accepted last week. Wonderful for a minute... Now I am in the processes at this very moment, of finding and deleting that annoying junk that had caused my machine an extra 2 ½ minutes to boot among other things. And to speak of taking over machines... I now see what you mean, totally in the old String & Proc thread, revolution. I thought AV's were to scan the PE header to extract needed information. Hell they hacked far ahead of all my first installed programs (with services by the (my) most respected drivers) and now AVIRA controls my FIREWALL and SYSTEM even at boot time. I even caught when it allow their packets to ride when RULES were SET that said "NO NO"... since accepting their new update... to date, I seen it ALL for over a week and have been keep track, seriously since I finally notice the change in boot time Like the average user/programmer, I blamed and tested everything else but AV update until yesterday. I'm getting ready to re-install Windows and do it all over again .... just to be sure... while most would never see or even listen until years later ... I seen it ALL. Bottom line at this point I would say, any program that goes beyond a PE header to extract information for information needed is a da^e Trogon itself. Anyway, I rather spend those years on how the OS handles those types of program, than go from there to learn quicker. This way you stay legit while figuring out how you want to do things... Not my way [unless]...for me it's delete delete practice. practice, remember... re-install re-install. I know no better and I don''t know how to seriously debugger such a thing and don't have to worry about it. I hate wasting time, but that's what I do since Win95 to keep my machine fit. I need no spyware or vir^us fighter programs who grows-up to be the spyware itself for whatever reason. Anyway, I only got it on my machine to tell me if my FASM will ride or not and that's IT. I still plan to buy it (if it come on CD) but I'm going to hack the rot-guts out of it so it remember that ic2, most beloved, paid in full, (King of Firewalls) comes FIRST. I'm new too and still learning but I think this should be explored by more experienced people who should want to know. If my english is not understood... don't worry about it |
|||
|
05 May 2008, 19:18 |
|
|
asmrox 06 May 2008, 15:12
dont waste ur time
|
|||
|
06 May 2008, 15:12 |
|
|
shakuni 06 May 2008, 16:49
Quote:
I am sorry but I have nothing else to do. My antivirus scanner written in pure asm and C will be out soon which has some process enumeration capabilities as well. |
|||
|
06 May 2008, 16:49 |
|
|
revolution 06 May 2008, 17:11
ic2 wrote: And to speak of taking over machines... I now see what you mean, totally in the old String & Proc thread, revolution. |
|||
|
06 May 2008, 17:11 |
|
|
asmrox 06 May 2008, 18:41
Quote: I am sorry but I have nothing else to do. Making such 'AVs' can be just a programming practise, nothing more. You would learn more writing viruses. Therre infinity ways to bypass it. Maybe changing smth in kernel mode would do some effects, but if user will run .exe as admin it has no sense. As more you code in KM you just make diffrent system, why not write one from 0? Its just a waste of time. Quote: My antivirus scanner written in pure asm and C will be out soon which has some process enumeration capabilities as well. nothing more than 'hello world', maybe just more advanced. |
|||
|
06 May 2008, 18:41 |
|
|
shakuni 06 May 2008, 19:46
Quote:
I just told you that I have a lot of free time so please lemme "waste" it. Quote:
OMG I thought that there are only assembly experts here, But no, I was wrong. People here have sixth sense who can see the code that I have'nt posted yet. Can you please help me by "seeing" the windows source code and helping me implementing custom subsystem in windows (see my other thread). Thanks in advance |
|||
|
06 May 2008, 19:46 |
|
< Last Thread | Next Thread > |
Forum Rules:
|