Last week, I posted regarding a script I'd put up on my web site called procdmp.pl. I've now posted the file as a standalone EXE, with a GUI for selecting the files. Go to http://patriot.net/~carvdawg/perl.html Under the description of procdmp.pl, there is a link to "pdg.zip"...this is the zipped archive containing all the files you need. Unzip these into the same directory, and run pd.exe. This assumes that you've already run the tools (handle, pslist, listdlls, fport, and 'netstat -an') and saved the output to files. In the GUI, first choose File->Save As... and give the name of the file you want to save the output as...the output will be an HTML file (see http://patriot.net/~carvdawg/pd.html for an example). Then, click each button, choosing the appropriate file in turn (typing in the path works, too). Click "Go" once all files have been selected. Once the process has completed, open the resulting HTML file. The example has a couple of surprises...such as a "trojan" executable, as well as one launched from an ADS... Thoughts and comments are appreciated. Flames are piped to /dev/null. Carv __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 08:26:44 PDT