oh great rootkit -.- how come my process aint hidden? i've done all the steps.. and my process name changed to __asdad__.exe still show up on my process list
tibbar
Oct 12 2004, 07:25 AM
redcod is a weak rootkit as it is only protecting against imported functions - if i use FARPROC pFindNextFileW = GetProcAddress(LoadLibrary("kernel32.dll"), "FindNextFileW");
then i can see the true picture...
it's a good code example though to learn from.
ivanchin99
Oct 12 2004, 10:41 AM
it works?? how y cant i get it working?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
