You'll need to kill it and then reopen it from within ollydbg.
You can also debug iexplore.exe if you're interested. It is probably reasonable to create a dummy process (I often use calc.exe) you created debugged, let the malware inject into that process instead of original target, then BP the injected code and let it run. Redirecting it to the same process might work, but it may also cause issues. Make sure you redirect both the memory writes/injections and the code execution. Therefore, you can easily breakpoint on the injection procedure and redirect it to another process. Most of the times when a malware does something like that it's simply to make debugging it harder.
0 kommentar(er)
