Flushing DLLs from memory
From: H C (keydet89@yahoo.com)Date: 10/20/01
- Previous message: Phil Pinder: "RE: Can Kerberos be cracked??"
- Next in thread: Free, Bob: "RE: Flushing DLLs from memory"
- Reply: Free, Bob: "RE: Flushing DLLs from memory"
- Reply: Robert Collins: "Re: Flushing DLLs from memory"
- Reply: Kinsey, Robert: "RE: Flushing DLLs from memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011020003118.17824.qmail@web20510.mail.yahoo.com> Date: Fri, 19 Oct 2001 17:31:18 -0700 (PDT) From: H C <keydet89@yahoo.com> Subject: Flushing DLLs from memory To: forensics@securityfocus.com, focus-ms@securityfocus.com
I've been looking into 'live' forensics issues on
NT/2K, and one thing I'm not having any luck with is
how to flush DLLs from memory.
Looking at Rob Lee's page, he's working on
statically-linked binaries for the *nix platforms.
This is an interesting issue, but perhaps not as
simple for NT/2K. I know how to check for which DLLs
a particular program depends on, and I know that the
program and it's DLLs can be loaded onto a CD...the
program can be run from a command prompt after
supplying 'PATH="."'. However, how does one flush the
currently loaded DLLs from memory such that only the
'known good' DLLs from the CD are used?
Thanks,
Carv
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
- Previous message: Phil Pinder: "RE: Can Kerberos be cracked??"
- Next in thread: Free, Bob: "RE: Flushing DLLs from memory"
- Reply: Free, Bob: "RE: Flushing DLLs from memory"
- Reply: Robert Collins: "Re: Flushing DLLs from memory"
- Reply: Kinsey, Robert: "RE: Flushing DLLs from memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
