I've been looking into 'live' forensics issues on NT/2K, and one thing I'm not having any luck with is how to flush DLLs from memory. Looking at Rob Lee's page, he's working on statically-linked binaries for the *nix platforms. This is an interesting issue, but perhaps not as simple for NT/2K. I know how to check for which DLLs a particular program depends on, and I know that the program and it's DLLs can be loaded onto a CD...the program can be run from a command prompt after supplying 'PATH="."'. However, how does one flush the currently loaded DLLs from memory such that only the 'known good' DLLs from the CD are used? Thanks, Carv __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Oct 21 2001 - 18:28:18 PDT