Advanced Process Manipulation

  • Thread starter Thread starter MintCookie
  • Start date Start date
M

MintCookie

DiamondCS APM is an advanced process/module viewer and manipulation
utility that allows unique control over target processes by becoming a
part of them.

Take control of a process by becoming a part of it
Unlike conventional process viewers, DiamondCS APM doesn't control
processes by remotely sending them instructions. Instead, APM safely
attaches a part of itself to the target process, essentially becoming
a part of that process. Once 'inside', APM is free to perform actions
on behalf of the target process. For example, if it calls the
ExitProcess API call, the target process terminates.

Control processes in ways that aren't conventionally possible
Because of this 'insider' nature, APM is able to do some remarkable
things that aren't otherwise possible. For example, it can determine
the commandline of any process by making it call the GetCommandLine
API function. It can use FreeLibrary and LoadLibrary to unload and
load DLLs into the process (allowing you to make plugins for virtually
any program!). It can even determine which ports the target process is
using! APM has even been used here in our lab to disinfect an
explorer.exe-infecting rootkit-style trojan from a test machine,
making it an excellent anti-trojan tool.

http://www.diamondcs.com.au/index.php?page=apm
 
DiamondCS APM is an advanced process/module viewer and manipulation
utility that allows unique control over target processes by becoming a
part of them.

Take control of a process by becoming a part of it
Unlike conventional process viewers, DiamondCS APM doesn't control
processes by remotely sending them instructions. Instead, APM safely
attaches a part of itself to the target process, essentially becoming
a part of that process. Once 'inside', APM is free to perform actions
on behalf of the target process. For example, if it calls the
ExitProcess API call, the target process terminates.

Control processes in ways that aren't conventionally possible
Because of this 'insider' nature, APM is able to do some remarkable
things that aren't otherwise possible. For example, it can determine
the commandline of any process by making it call the GetCommandLine
API function. It can use FreeLibrary and LoadLibrary to unload and
load DLLs into the process (allowing you to make plugins for virtually
any program!). It can even determine which ports the target process is
using! APM has even been used here in our lab to disinfect an
explorer.exe-infecting rootkit-style trojan from a test machine,
making it an excellent anti-trojan tool.

http://www.diamondcs.com.au/index.php?page=apm
Click to expand...

Interesting. Basically this thing is a non-replicating virus which
also has trojan capabilities, adapted to act as a process controller.

Assuming it was developed for legitimate purposes, this does show the
usefulness of the "virus model" for other things than malware.
 
Back
Top