Advice Request VoodooShield and parent process

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Interesting, for what I remember of my (old) studies :D
Usually both processes share the same code but they run in competition with each other, with the rest of the job processed on the system in question. Normally parent and child are running different instructions.
The child process open files from parent process. These can constitute a means of interaction between the 2 processes.
Otherwise the data (program variables), the stack and the environment of the parent process are duplicated for the new process and put into an area of memory reserved to it and not visible to other processes, parent inclusive.
Normally, the parent process executes the instructions of the program to meet the call to fork() and at this point, the parent process spawns a new process.

By this time the 2 processes have independent life, and the result returned from the fork() is different for each process and it is normal that the 2 processes run different paths within the same program.
 
  • Like
Reactions: _CyberGhosT_
TheMalwareMaster

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Do email clients, such as Microsoft outlook and mozilla thunderbird create child processes to open email attachments?
 
  • Like
Reactions: _CyberGhosT_
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
question?
Is your first post (this thread)...didn't you ask about "allow by parent process" feature?
 

Attachments

  • Clipboard01.jpg
    Clipboard01.jpg
    325 KB · Views: 478
  • Like
Reactions: TheMalwareMaster and Wave
W

Wave

Also, if a developer is going to not sign their work, utilize hacker tools, obfuscate and encrypt the heck out of their binaries, etc... then their software does not deserve to run on your system.
Click to expand...
Absolute nonsense. If only he didn't add that into his post I would have Liked it if Wilders Security had such functionality.
 
  • Like
Reactions: DardiM
TheMalwareMaster

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Av Gurus said:
question?
Is your first post (this thread)...didn't you ask about "allow by parent process" feature?
Click to expand...
I probably misunderstood the meaning. I thought he wanted to ask me a question. EDIT: yes, now I understood the real "address" word meaning
 
  • Like
Reactions: DardiM and Wave
Status
Not open for further replies.

Similar threads

danb
    • Like
    • +Reputation
Serious Discussion WDAC vs Kernel Mode Drivers
Replies
19
Views
1,039
General Security Discussions
danb
danb
Jack
    • Like
    • Applause
    • +Reputation
  • Locked
  • thread_type.competition
MalwareTips Giveaway VoodooShield CyberLock Pro Giveaway: Protect Your Computer with a Computer Lock
Replies
34
Views
5,723
MalwareTips Giveaways
Viking
Viking
silversurfer
    • Like
    • +Reputation
New Update Process Monitor - Sysinternals
Replies
3
Views
780
System utilities
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top