Originally Posted by
xalcon
As long as you dont do any special counter measures, all of your listed win32 api calls are easily detected.
* OpenHandle: You can easily get a list of open handles to a process. While this is not an immediate give-away (a lot of services open handles to other processes), its a starting point for blizzard.
* Read/WriteProcessMemory: Not as easy to detect, but not really hard either. Still a candidate for False-Positives since genuine apps might use this to inject their payload into running processes.