Thread: What do I do when Windows XP ends?
View Single Post
Old 11-05-2014, 23:18   #16
Ignitionnet
Inactive
 
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 47
Posts: 13,995
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Re: What do I do when Windows XP ends?
Quote:
Originally Posted by heero_yuy View Post
Nothing like checking on running tasks and also who has hooked what API is there.
What exactly do you use to show you what is playing with APIs?

It sounds impressive but I'm not entirely sure how software running in ring 3 would be able to monitor the actions of software running in ring 0, or what process monitor is going to tell you beyond that a system call was made, it will report back what the rootkit is providing.

AVG and other things use the same system calls the rootkit has hooked and will have the exact same issues.

I'm actually asking the question as I genuinely have no idea how you would be able to detect rerouted system calls from user space, or what use looking at running tasks would be.
Ignitionnet is offline   Reply With Quote