average admins

Mark Russinovich, the genious behind Sysinternals, posted a small blurb about doing some very basic analysis of a device driver he found. While the article isn’t very technical, it does show off some of the capabilities of one of Sysinternals tools, Process Explorer. I’ve used Process Explorer lots of tmies, but I wasn’t aware that it could do a strings dump or a Google search.

Anyway, this is how Mark researches unknown processes on his system.

http://www.sysinternals.com/blog/2006/03/case-of-mysterious-driver.html

For those that don’t know, Mark is the man behind a lot of the in-depth technical reviews of the Sony DRM rootkit. He’s also THE go to guy for any type of rootkit research. In fact, Mark is the person that Jamie Butler and Greg Hoglund sent their rootkit book, Rootkits : Subverting the Windows Kernel to for a technical review.

This entry was posted on Tuesday, March 28th, 2006 at 4:49 pm and is filed under How To, Microsoft, Security, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.