all InfoSec news
Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example
Malware Analysis, News and Indicators - Latest topics malware.news
﷽
Hello, cybersecurity enthusiasts and white hackers!
Today, I just want to focus my research on another malware development trick: enum processes and find PID via WTSEnumerateProcesses
. It is a common technique that can be used by malware for AV evasion also.
WTSEnumerateProcessesA win api
The WTSEnumerateProcessesA
function is a Windows API function that retrieves information about the active processes on a specified terminal server:
BOOL WTSEnumerateProcessesA(
WTS_CURRENT_SERVER_HANDLE hServer,
DWORD Reserved,
DWORD Version,
PWTS_PROCESS_INFOA *ppProcessInfo,
DWORD *pdwCount
);
WTSEnumerateProcessesA …
api av evasion cybersecurity development evasion find focus hackers hello malware malware analysis malware development processes research simple