|
|
|
|
|
|
by interroboink
594 days ago
|
|
|
Could someone explain to me — it's not actually crashing on its first instruction, I take it? Why does it appear to be crashing on the first instruction? Did the malware mess with the main thread's code, so that the first instruction of the main thread was the invalid write instruction? But then the malware thread must have run first somehow, no? (since that thread is in the same process) I think I followed the article generally, but I don't understand what actual sequence of events might have taken place that resulted in this report of "crashed on first instruction." |
|
|
What you gain from it is another question. The injected code could do its malware thing first, then start the real program?
As the rootkit is on the internet, presumably you could read it. But I'm not going to touch it with a 10 meter pole.