Today we're going to be doing some rootkit debugging, specifically regarding runtime2, with a bit of a twist! I have a ton of rootkit debugging posts coming in the next few weeks, as I've decided to break them up rather than throwing them together in one giant mess of a post.
I've shown various scenarios in which I've debugged a rootkit before (0x7A, etc), but this time we're going to use various extensions to help us, other methods, and overall go a lot more in-depth.
more here............http://bsodanalysis.blogspot.com/2014/09/rootkit-debugging-runtime2-postmortem.html?spref=tw
I've shown various scenarios in which I've debugged a rootkit before (0x7A, etc), but this time we're going to use various extensions to help us, other methods, and overall go a lot more in-depth.
more here............http://bsodanalysis.blogspot.com/2014/09/rootkit-debugging-runtime2-postmortem.html?spref=tw