Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to Analyze a BHO?

pichoo
pichoo
in Malware Reverse Engineering

Featured Replies

Posted

Can anyone point me to any resource that talks about analyzing an Internet Explorer Browser Helper Object?

I am semi competent in analyzing typical executables, however I don't really know where to start with a BHO dll other than looking at the strings, since it doesn't look like it executes like an exe.

Any help would be appreciated, I'm really just looking for a starting point.

Can anyone point me to any resource that talks about analyzing an Internet Explorer Browser Helper Object?

I am semi competent in analyzing typical executables, however I don't really know where to start with a BHO dll other than looking at the strings, since it doesn't look like it executes like an exe.

Any help would be appreciated, I'm really just looking for a starting point.

Hi pichoo,

You can attach to iexplore.exe process with a debugger and set your breakpoints. Hope that helps.

  • Author
Can anyone point me to any resource that talks about analyzing an Internet Explorer Browser Helper Object?

I am semi competent in analyzing typical executables, however I don't really know where to start with a BHO dll other than looking at the strings, since it doesn't look like it executes like an exe.

Any help would be appreciated, I'm really just looking for a starting point.

Hi pichoo,

You can attach to iexplore.exe process with a debugger and set your breakpoints. Hope that helps.

Thank you D1N. Is there an easy way to set a breakpoint where iexplore accesses the BHO dll?

Can anyone point me to any resource that talks about analyzing an Internet Explorer Browser Helper Object?

I am semi competent in analyzing typical executables, however I don't really know where to start with a BHO dll other than looking at the strings, since it doesn't look like it executes like an exe.

Any help would be appreciated, I'm really just looking for a starting point.

Hi pichoo,

You can attach to iexplore.exe process with a debugger and set your breakpoints. Hope that helps.

Thank you D1N. Is there an easy way to set a breakpoint where iexplore accesses the BHO dll?

yes brother setting breakpoints are simple. Take a look at this article //www.openrce.org/articles/full_view/17 he talks about Submithook trojan BHO dll. I would run iexplore.exe inside of olly and trace into until BHO is run then dump a snapshot of the memory. If the BHO is using sockets to communicate there is a socket plugin which can be downloaded on the main page You can use it to sniff data. I would also use an api plugin and set bp on the ones of interest API Finder 0.3 by ap0x is what I use. You can grab virtually everything you need here. Olly Plugins!

The memory snapshots should tell you everything you need to know about the BHO. ;-)

Good Luck!

Edited by D1N

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.