Uninformed: Informative Information for the Uninformed

Vol 4» 2006.Jun

GrepExec: The Tool

Included with this paper is a proof-of-concept tool complete with source which demonstrates scanning the pool for signatures to detect executable objects. Objects detected are DRIVER_OBJECT, DEVICE_OBJECT, EPROCESS, and ETHREAD. The tool does nothing to determine if an object has been attempted to be hidden in any way. Instead, it simply displays found objects to standard output. At this time the author has no plans to continue work with this specific tool, however, there are plans to integrate the memory scanning technique into another project. The source code for the tool can be easily modified to detect other signatures and/or other objects.