Full Disclosure mailing list archives

RE: MyDoom download info

From: "first last" <randnut () hotmail com>
Date: Sat, 31 Jan 2004 00:28:44 +0000

> to successfully unpack the program. All they really needed to
> do was dump it from memory while it was running and they could've
analyzed
> it immediately with any disassembler.

Forgive me, I am no assembly hacker nor much of a programmer,
but would it be possible for a program to 'react' in some way
were one to try to dump it from memory?

The program would have to use a device driver to protect itself from notbeing dumped from memory to disk. But there are ways around that as well.


_________________________________________________________________

Get a FREE online virus check for your PC here, from McAfee.http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: MyDoom download info, (continued)
- - - Re: MyDoom download info Oliver Schneider (Jan 31)
  - Re: MyDoom download info Roland Dobbins (Jan 31)
- mydoom.exe decyphering? Danny (Jan 31)
  - Re: [Full-Disc]: mydoom.exe decyphering? Anders (Jan 31)
- RE: MyDoom download info first last (Jan 30)
  - RE: MyDoom download info Steve Wray (Jan 30)
    - Re: MyDoom download info Valdis . Kletnieks (Jan 31)
    - Re: MyDoom download info Paul Schmehl (Jan 31)
    - RE: MyDoom download info Steve Wray (Jan 31)
    - RE: MyDoom download info Bojan Zdrnja (Jan 31)
- RE: MyDoom download info first last (Jan 30)
  - Re: MyDoom download info Puneet Arora (Jan 31)
- RE: MyDoom download info first last (Jan 30)
  - RE: MyDoom download info Steve Wray (Jan 30)