Didier Stevens

Monday 21 October 2013

Update: Suspender V0.0.0.4

Filed under: Forensics,Malware,My Software,Update — Didier Stevens @ 10:19

Suspender is a DLL that suspends all threads of a process.

This new version adds an option to suspend a process when it exits. Rename the dll to suspenderx.dll to activate this option (x stands for eXit).

When DllMain is called with DLL_PROCESS_DETACH and the reserved argument is not NULL, the process is exiting. So that’s the trigger to suspend it.

20131021-121321

Suspender_V0_0_0_4.zip (https)
MD5: 629255337FE0CA9F631B1A7177D158F0
SHA256: 8E63152620541314926878D01469E2E922298C147740BDEAF7FC6B70EB9305EF

Blog at WordPress.com.