Gargoyle and Memory Forensics

Gargoyle is a way of hiding all the executable program code in non-executable memory. It is implemented only for 32-bit Windows (64-bit Windows on Windows, excellent). Performing live memory analysis can be a very expensive operation, if you use Defender Windows. Gargoyles shows that the method to reduce the computational load is a limit on the analysis of only the executable code pages, it is a risky the approach. Through the use of the Windows, asynchronous procedure calls, read / write memory can only be used as an executable memory to perform certain tasks.

In the post, Josh Lospinoso delves into all the rough details of how the method is implemented evasion memory scanning.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

News

Gargoyle and Memory Forensics

Read Next

USA Passes Take It Down Act: Fighting NCII at the Federal Level

Operation Artemis: FBI Arrests 22 in International Sextortion Crackdown

Digital Forensics Corp. Launches Pro Bono Initiative to Combat Sextortion Targeting Minors

Digital Forensics Corp. Launches 2025 Sextortion Study to Uncover the True Scope of a Growing Cybercrime