I am working on Lab11-03 in "Practical Malware Analysis" book.
The malware I am analyzing trojanized the file cisvc.exe which is the indexing service in Windows XP.
After that the malware start the service by running the command net start cisvc.
I put a breakpoint before it starts the service:
I want to debug the service (cisvc.exe).
I opened it in another instance of OllyDbg but I received an exception:
There is an option to attach processes but the serivce it currently stopped.
I need some way to put a breakpoint in the very beginning of it.
Any idea how can I do it ?
