» Blog Archive » DWTF – DLL Watcher & Template Framework

Posted by Nagareshwar Talekar on December 17th, 2009

DWTF (DLL Watcher & Template Framework) is the simple engine designed by Dreg to create duplicate or fake DLL from the original DLL. It creates separate export section in the new fake DLL with each entry pointing to export section of original DLL.

In short this new fake DLL acts like interceptor and can be useful in tracking all the function calls made to the original DLL in any process. This can come in very handy while analyzing malicious process and its activities.

Here is the video demo which shows its usage….

Currently this framework is in its infancy and will grow up with time…!

This entry was posted on Thursday, December 17th, 2009 at 12:33 pm and is filed under Rootkit Analysis, Rootkit News, Rootkit Research, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “DWTF – DLL Watcher & Template Framework”

December 20th, 2009 at 9:07 pm
Rootkit Guy says:

Awesome tool for Rootkit DLL replication.
January 8th, 2010 at 7:52 am
Anonymous says:

Why is there no other update to your blog? Is this blog dead?
January 8th, 2010 at 10:53 am
Nagareshwar Talekar says:

We are just coming back to normal after Christmas party

Thanks for your interest and stay tuned…!

http://RootkitAnalytics.com

DWTF – DLL Watcher & Template Framework

3 Responses to “DWTF – DLL Watcher & Template Framework”

Leave a Reply

About

Recent Posts

Archives