Full Disclosure mailing list archives
RE: MyDoom download info
From: "first last" <randnut () hotmail com>
Date: Sat, 31 Jan 2004 00:28:44 +0000
> to successfully unpack the program. All they really needed to > do was dump it from memory while it was running and they could've analyzed > it immediately with any disassembler. Forgive me, I am no assembly hacker nor much of a programmer, but would it be possible for a program to 'react' in some way were one to try to dump it from memory?
The program would have to use a device driver to protect itself from not being dumped from memory to disk. But there are ways around that as well.
_________________________________________________________________Get a FREE online virus check for your PC here, from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: MyDoom download info, (continued)
- Re: MyDoom download info Oliver Schneider (Jan 31)
- Re: MyDoom download info Roland Dobbins (Jan 31)
- mydoom.exe decyphering? Danny (Jan 31)
- Re: [Full-Disc]: mydoom.exe decyphering? Anders (Jan 31)
- RE: MyDoom download info first last (Jan 30)
- RE: MyDoom download info Steve Wray (Jan 30)
- Re: MyDoom download info Valdis . Kletnieks (Jan 31)
- Re: MyDoom download info Paul Schmehl (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 31)
- RE: MyDoom download info Bojan Zdrnja (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 30)
- Re: MyDoom download info Puneet Arora (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 30)