It depends. How is the code injected?
I learning things like how to determine the method of injection. Do you have a process
such as 'check A, check B, check C, etc.'?
I'm trying to put it together from bits and pieces from books and internet searches.
Thanks for any assist in this area.
Is there a way
to dump threads?
You mean like the threads command?
No. I don't see any option to dump the thread with 'threads' or
'thrdscan'.
I was looking for something like memdump for threads. threaddump???
Thanks for all of your help.
Mike
> Date: Sun, 24 Jun 2012 16:54:27 -0400
> Subject: Re: [Vol-users] Option 2 for injected malware extraction
> From: michael.hale(a)gmail.com
> To: dragonforen(a)hotmail.com
> CC: vol-users(a)volatilityfoundation.org
>
> On Sun, Jun 24, 2012 at 4:46 PM, Mike Lambert <dragonforen(a)hotmail.com> wrote:
> > I am looking at a sample of the Pilleuz worm that infects USB.
> >
> > I ran malfind and was not successful extracting a sample
> >
> > Is there another option for extracting injected code?
>
It depends. How is the code injected?
>
Is there a way
to dump threads?
You mean like the threads command?
>
> > Thanks,
> > Mike
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users(a)volatilityfoundation.org
> >
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >