Hook Code!!!!
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2 [ntoskrnl.exe]
ntoskrnl.exe+0x00013166, Type: Inline - RelativeJump 0x804EA166 [dump_wmimmc.sys]
ntoskrnl.exe+0x000131F5, Type: Inline - RelativeJump 0x804EA1F5 [dump_wmimmc.sys]
ntoskrnl.exe-->KeAttachProcess, Type: Inline - RelativeJump 0x804EA2C4 [dump_wmimmc.sys]
ntoskrnl.exe-->KeStackAttachProcess, Type: Inline - RelativeJump 0x804F15A3 [dump_wmimmc.sys]
ntoskrnl.exe-->NtOpenSection, Type: Inline - RelativeJump 0x80570FD7 [dump_wmimmc.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805717C7 [dump_wmimmc.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x80571CB1 [dump_wmimmc.sys]
ntoskrnl.exe-->NtWriteFile, Type: Inline - RelativeJump 0x80574BF5 [dump_wmimmc.sys]
ntoskrnl.exe-->NtReadVirtualMemory, Type: Inline - RelativeJump 0x8057E2CE [dump_wmimmc.sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x8057E420 [dump_wmimmc.sys]
ntoskrnl.exe-->NtDeviceIoControlFile, Type: Inline - RelativeJump 0x8058EFAD [dump_wmimmc.sys]
[1088]csrss.exe-->ntdll.dll-->NtDeviceIoControlFile, Type: Inline - RelativeJump 0x7C91D260 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C91D450 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - RelativeJump 0x7C91D5E0 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C91D6D0 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtQuerySystemInformation, Type: Inline - RelativeJump 0x7C91D910 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtReadVirtualMemory, Type: Inline - RelativeJump 0x7C91D9E0 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump 0x7C91DE10 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtSuspendThread, Type: Inline - RelativeJump 0x7C91DE20 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7C91DE50 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtTerminateThread, Type: Inline - RelativeJump 0x7C91DE60 [npggNT.des]
[1088]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C91DF90 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->ReadProcessMemory, Type: Inline - RelativeJump 0x7C8021D0 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE30 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->MapViewOfFileEx, Type: Inline - RelativeJump 0x7C80B926 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->MapViewOfFile, Type: Inline - RelativeJump 0x7C80B995 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C81979C [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821249 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309D1 [npggNT.des]
[1088]csrss.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump 0x7C85B02B [npggNT.des]
[1088]csrss.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump 0x77DE5FD5 [npggNT.des]
...................................................
download complete report..
lunes, 13 de octubre de 2008
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario