See Section 2 of Tutorial 20 for details. To do this, you have to modify the control flow of IMM so that it does not crash on. You don't really need to run the malware on this instance, but just to record all your observations using the. (1) You need a separate image named " Win_Notes" to record and comment the code. In the following we just remind you of several important steps in the configuration: In general we will use the instructions of Section 2 of Tutorial 20. We will also study how to use hardware data breakpoint to trace the use of data and kernel data structures. We reveal how Max++ performs another round of driver infection, and how it sets up and hides an infected driver. This tutorial continues the analysis presented in Tutorial 20. Understand how rootkits set up and hide a driver module.Apply the data tracing and hardware data breakpoint points for analyzing data flow.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |