Uninformed: Informative Information for the Uninformed

Current v9 v8 v7 v6 v5 v4 v3 v2 v1 All About
Vol 4» 2006.Jun


Next: The Signature Up: GREPEXEC: Grepping Executive Objects Previous: Miscellaneous   Contents


GrepExec: The Tool

Included with this paper is a proof-of-concept tool complete with source which demonstrates scanning the pool for signatures to detect executable objects. Objects detected are DRIVER_OBJECT, DEVICE_OBJECT, EPROCESS, and ETHREAD. The tool does nothing to determine if an object has been attempted to be hidden in any way. Instead, it simply displays found objects to standard output. At this time the author has no plans to continue work with this specific tool, however, there are plans to integrate the memory scanning technique into another project. The source code for the tool can be easily modified to detect other signatures and/or other objects.


Subsections