Updated facility for TDS-4

Discussion in 'Trojan Defence Suite' started by mottramr, Oct 16, 2003.

Thread Status:
Not open for further replies.
  1. mottramr

    mottramr Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    7
    Recently, Symantec (system works update) has attached some hidden data streams to SVChost.exe (88 bytes of information) which appears to go out to the wild blue ether when svchost is activated by an application. In TDS-3 there is an option to list the info in a ADS file in "notepad" format - this usual gives a display of funny asci characters. I would like to see them in hex format....is this possible without writting to another file and using another program to display the binary data.
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    As TDS-3 is able to provide you with the full filename of the stream, you can then use that filename with just about any file editor/viewer (such as a hex editor which is ideal for viewing binary files). The only problem you might have is that some programs test to see if the file exists by doing a quick directory listing on that file, but that method fails to see streams so you may get the odd "File not found" error when using various programs to view streams.
     
  3. mottramr

    mottramr Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    7
    :doubt:
    Thanks for the response....Yup you are quite correct - some hex editores don't pick up the file. So the question still remains....can it be incorporated. It would be much easier to have it displayed within TDS-3 than having to go out and re-initialise another program!

    HMMMM! Value added serviceo_Oo_O
     
Thread Status:
Not open for further replies.