Re: [Vol-users] Finding injected code

Well the "--------" in the Hnds column of the pslist output means the handle table is invalid (probably because the process has exited). Thus there will be no handles.  Regarding the desire to see injected code, you had the resources in front of you but perhaps didnt know it. With each of the possibly suspect memory ranges, malfind prints a disassembly and hex dump of the data. You excluded that data from your email, but should have seen it on your screen.  MHL