微点交流论坛 - 主动防御 - 这样的机器狗早就出来了，真搞不懂Shadow Defender弄什么动态转储

» 游客: 注册 | 登录 | 帮助

微点交流论坛 » 主动防御 » 这样的机器狗早就出来了，真搞不懂Shadow Defender弄什么动态转储

点饭的百度空间
银牌会员

积分 2315
发帖 2236
注册 2007-11-30

#1 这样的机器狗早就出来了，真搞不懂Shadow Defender弄什么动态转储

横七竖八顺序凌乱，缺胳膊少腿，免得便宜了有心人，不过已经有有心人利用了，就当跟病毒了，搞不懂做这个动态转储做什么，这不明摆这让人bp DeviceIoControl么？不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊

01AFE554 /CALL 到 DeviceIoControl 来自 kernel32.7C831C0C
01AFE558 |hDevice = 00000144
01AFE55C |IoControlCode = FSCTL_GET_REPARSE_POINT
01AFE560 |InBuffer = NULL
01AFE564 |InBufferSize = 0
01AFE568 |OutBuffer = 001C6020
01AFE56C |OutBufferSize = 4000 (16384.)
01AFE570 |pBytesReturned = 01AFE590
01AFE574 \pOverlapped = NULL
01AFEA10 /CALL 到 DeviceIoControl 来自 kernel32.7C820921
01AFEA14 |hDevice = 00000144
01AFEA18 |IoControlCode = 4D0008
01AFEA1C |InBuffer = NULL
01AFEA20 |InBufferSize = 0
01AFEA24 |OutBuffer = 01AFEA7C
01AFEA28 |OutBufferSize = 208 (520.)
01AFEA2C |pBytesReturned = 01AFEA74
01AFEA30 \pOverlapped = NULL
01AFEC50 /CALL 到 DeviceIoControl 来自 kernel32.7C831C0C
01AFEC54 |hDevice = 00000144
01AFEC58 |IoControlCode = FSCTL_GET_REPARSE_POINT
01AFEC5C |InBuffer = NULL
01AFEC60 |InBufferSize = 0
01AFEC64 |OutBuffer = 001C6020
01AFEC68 |OutBufferSize = 4000 (16384.)
01AFEC6C |pBytesReturned = 01AFEC8C
01AFEC70 \pOverlapped = NULL
01AFEA0C /CALL 到 DeviceIoControl 来自 kernel32.7C820AC7
01AFEA10 |hDevice = 00000144
01AFEA14 |IoControlCode = 6D0008
01AFEA18 |InBuffer = 001C1BD0
01AFEA1C |InBufferSize = 46 (70.)
01AFEA20 |OutBuffer = 001B6D00
01AFEA24 |OutBufferSize = EE (238.)
01AFEA28 |pBytesReturned = 01AFEA74
01AFEA2C \pOverlapped = NULL
019FFEA4 /CALL 到 DeviceIoControl 来自 Defender.00412508
019FFEA8 |hDevice = 00000154 (window)
019FFEAC |IoControlCode = 800025E4
019FFEB0 |InBuffer = 019FFEE0
019FFEB4 |InBufferSize = 88 (136.)
019FFEB8 |OutBuffer = 019FFEE0
019FFEBC |OutBufferSize = 88 (136.)
019FFEC0 |pBytesReturned = 019FFECC
019FFEC4 \pOverlapped = NULL
0012D144 /CALL 到 DeviceIoControl 来自 Defender.00412508
0012D148 |hDevice = 000002A8 (window)
0012D14C |IoControlCode = 800025E4
0012D150 |InBuffer = 0012D180
0012D154 |InBufferSize = 88 (136.)
0012D158 |OutBuffer = 0012D180
0012D15C |OutBufferSize = 88 (136.)
0012D160 |pBytesReturned = 0012D16C
0012D164 \pOverlapped = NULL
01CFFEA4 /CALL 到 DeviceIoControl 来自 Defender.00412508
01CFFEA8 |hDevice = 00000124 (window)
01CFFEAC |IoControlCode = 800025E4
01CFFEB0 |InBuffer = 01CFFEE0
01CFFEB4 |InBufferSize = 88 (136.)
01CFFEB8 |OutBuffer = 01CFFEE0
01CFFEBC |OutBufferSize = 88 (136.)
01CFFEC0 |pBytesReturned = 01CFFECC
01CFFEC4 \pOverlapped = NULL

这影子有问题，重启打算跟一下真正转储是什么样子，直接天蓝蓝了，最后一次正确配置搞定，直接卸载了

BY:unknown tycoon

还原系统严重bug被病毒恶意利用，造成杀软杀毒后重启病毒依然存在
http://bbs.micropoint.com.cn/sho ... 9%B6%C8%BF%D5%BC%E4

※ ※ ※ 本文纯属【点饭的百度空间】个人意见，与【微点交流论坛】立场无关※ ※ ※

你的微笑 is 微点的骄傲！
http://hi.baidu.com/new/micropoint

2008-4-12 14:20

论坛跳转:

可打印版本 | 推荐 | 订阅 | 收藏

[ 联系我们 - 东方微点 ] 北京东方微点信息技术有限责任公司福建东方微点信息安全有限责任公司闽ICP备05030815号