Du bist nicht angemeldet.
Samstag, 25. September 2004, 02:13
Zitat
--------------------------------------------------------------------------------
Process32Next - kernel32.dll , hndl: 77E70000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! DC40C00 patching...
pagetable patched!
77E70000 size: 1000 IsBadWritePtr: 0
77E71000 size: 5E000 IsBadWritePtr: 0
77ECF000 size: 2000 IsBadWritePtr: 0
77ED1000 size: 62000 IsBadWritePtr: 1
fnc addr: 77EABCD3 IsBadWritePtr: 0
Searching block of zeroes in vmem (77E70000-77F33000)
found zeroes! 77E7028B
disasm func & copy instructions to ipz:
instructions lengths: 1 2 6
IsBadReadPtr: 77E78277
GetCurrentProcessId: 77E77DD2
FindWindowA: 77E0C7EB
SendMessageA: 77E072B7
stealthcode: 199 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
--------------------------------------------------------------------------------
NtQuerySystemInformation - ntdll.dll , hndl: 77880000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! D773400 patching...
pagetable patched!
77880000 size: 1000 IsBadWritePtr: 0
77881000 size: 4E000 IsBadWritePtr: 0
778CF000 size: 2000 IsBadWritePtr: 0
778D1000 size: 1000 IsBadWritePtr: 0
778D2000 size: 2F000 IsBadWritePtr: 1
fnc addr: 77883B3F IsBadWritePtr: 0
Searching block of zeroes in vmem (77880000-77901000)
found zeroes! 778802C2
disasm func & copy instructions to ipz:
instructions lengths: 5
FindWindowA: 77E0C7EB
SendMessageA: 77E072B7
stealthcode: 207 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
--------------------------------------------------------------------------------
GetTcpTable - iphlpapi.dll , hndl: 77310000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! E110C00 patching...
pagetable patched!
77310000 size: 1000 IsBadWritePtr: 0
77311000 size: E000 IsBadWritePtr: 0
7731F000 size: 1000 IsBadWritePtr: 0
77320000 size: 3000 IsBadWritePtr: 1
fnc addr: 77316208 IsBadWritePtr: 0
Searching block of zeroes in vmem (77310000-77323000)
found zeroes! 7731035E
disasm func & copy instructions to ipz:
instructions lengths: 1 2 3
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
stealthcode: 273 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
--------------------------------------------------------------------------------
GetTcpTableFromStack - iphlpapi.dll , hndl: 77310000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! E110C00 patching...
pagetable patched!
77310000 size: 1000 IsBadWritePtr: 0
77311000 size: E000 IsBadWritePtr: 0
7731F000 size: 1000 IsBadWritePtr: 0
77320000 size: 3000 IsBadWritePtr: 1
fnc addr: 77318F49 IsBadWritePtr: 0
Searching block of zeroes in vmem (77310000-77323000)
found zeroes! 77310483
disasm func & copy instructions to ipz:
instructions lengths: 1 2 3
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
stealthcode: 273 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
--------------------------------------------------------------------------------
SnmpExtensionQuery - inetmib1.dll , hndl: 6E1E0000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! DDC1800 patching...
pagetable patched!
6E1E0000 size: 1000 IsBadWritePtr: 0
6E1E1000 size: 5000 IsBadWritePtr: 0
6E1E6000 size: 1000 IsBadWritePtr: 0
6E1E7000 size: 2000 IsBadWritePtr: 0
6E1E9000 size: 2000 IsBadWritePtr: 1
fnc addr: 6E1E19D4 IsBadWritePtr: 0
Searching block of zeroes in vmem (6E1E0000-6E1EB000)
found zeroes! 6E1E0320
disasm func & copy instructions to ipz:
instructions lengths: 4 4
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
htons: 74FA15C7
GlobalFindAtomA: 77E7E893
stealthcode: 159 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
--------------------------------------------------------------------------------
FindNextFileW - kernel32.dll , hndl: 77E70000
physmem: 144
SCANNING pmem (0-FF7C000), mapped on virt, for pagetables
FOUND PAGETABLE! DC40C00 patching...
pagetable patched!
77E70000 size: 1000 IsBadWritePtr: 0
77E71000 size: 5E000 IsBadWritePtr: 0
77ECF000 size: 2000 IsBadWritePtr: 0
77ED1000 size: 62000 IsBadWritePtr: 1
fnc addr: 77E7F7C6 IsBadWritePtr: 0
Searching block of zeroes in vmem (77E70000-77F33000)
found zeroes! 77E70369
disasm func & copy instructions to ipz:
instructions lengths: 1 2 2
GlobalFindAtomW: 77E7C220
stealthcode: 74 bytes
restoring pagetable...
restored!
NO MORE PAGETABLES!
Samstag, 25. September 2004, 13:20
Donnerstag, 24. Mai 2012, 01:23
Zum Seitenanfang
