A user of Youtube called Black Hat shared short video ‘Preview: A Practical Approach to Malware Analysis and Memory Forensics’.
Gargoyle is a way of hiding all the executable program code in non-executable memory. It is implemented only for 32-bit Windows (64-bit Windows on Windows, excellent). Performing live memory analysis can be a very expensive operation, if you use Defender Windows. Gargoyles shows that the method to reduce the computational load is a limit on the analysis of only the executable code pages, it is a risky the approach. Through the use of the Windows, asynchronous procedure calls, read / write memory can only be used as an executable memory to perform certain tasks.
Today we will talk about memory analysis with the help of plugins from the Vshot script. SAMUEL ALONSO gives a list of plugins: