Someone is hooking me?

-4

I have some ticket on customer site I'm dealing with. My application uses 3rd party app (written in Python & c++) which I don't have the code - and in my code is always failing on one server, and always succeed in another.

We try to compare all application installed on two servers, but until we get any permission to do anything (like uninstall apps and all) - is there a way to know my process was hooked up? or got some code injection, memory intervention or something? I'm not into windbg stuff and all, just want to know if there is an easy way to track those issues...

user1025852

Posted 2013-12-18T16:00:30.737

Reputation: 117

Question was closed 2013-12-19T01:28:17.530

Answers

4

If you can run Microsoft/SysInternals Process Explorer you can select the process and see all of the DLLs that have been loaded into the process's memory. That could at least give you a starting point to see what different things have been loaded.

heavyd

Posted 2013-12-18T16:00:30.737

Reputation: 54 755

I guess you mean procmon.. will try that thanks! the thing is that I had other ticket that all the DLLS were familiar or could be explained and only when we removed some 3rd party software everything started to work, so it there was some suspicious regarding code injection and all.. – user1025852 – 2013-12-18T16:07:24.437

No, I mean Process Explorer. In explorer you can select a process then choose View -> Lower Pane View -> DLLs to see the DLLs loaded into a process. – heavyd – 2013-12-18T16:12:54.013

1Both process explorer and procmon can be very valuable for this kind of troubleshooting, as is filemon. – Frank Thomas – 2013-12-18T16:37:55.257

Asked: 2013-12-18T16:00:30.737

Viewed: 81 times

Active: 2013-12-18T16:03:47.490