Board logo

标题: 这样的机器狗早就出来了,真搞不懂Shadow Defender弄什么动态转储 [打印本页]
作者: 点饭的百度空间     时间: 2008-4-12 14:20    标题: 这样的机器狗早就出来了,真搞不懂Shadow Defender弄什么动态转储





横七竖八顺序凌乱,缺胳膊少腿,免得便宜了有心人,不过已经有有心人利用了,就当跟病毒了,搞不懂做这个动态转储做什么,这不明摆这让人bp DeviceIoControl么?不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂不懂啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊啊

01AFE554   /CALL 到 DeviceIoControl 来自 kernel32.7C831C0C
01AFE558   |hDevice = 00000144  
01AFE55C   |IoControlCode = FSCTL_GET_REPARSE_POINT
01AFE560   |InBuffer = NULL  
01AFE564   |InBufferSize = 0   
01AFE568   |OutBuffer = 001C6020
01AFE56C   |OutBufferSize = 4000 (16384.)
01AFE570   |pBytesReturned = 01AFE590  
01AFE574   \pOverlapped = NULL
01AFEA10   /CALL 到 DeviceIoControl 来自 kernel32.7C820921   
01AFEA14   |hDevice = 00000144
01AFEA18   |IoControlCode = 4D0008
01AFEA1C   |InBuffer = NULL
01AFEA20   |InBufferSize = 0
01AFEA24   |OutBuffer = 01AFEA7C   
01AFEA28   |OutBufferSize = 208 (520.)  
01AFEA2C   |pBytesReturned = 01AFEA74
01AFEA30   \pOverlapped = NULL   
01AFEC50   /CALL 到 DeviceIoControl 来自 kernel32.7C831C0C
01AFEC54   |hDevice = 00000144   
01AFEC58   |IoControlCode = FSCTL_GET_REPARSE_POINT  
01AFEC5C   |InBuffer = NULL   
01AFEC60   |InBufferSize = 0  
01AFEC64   |OutBuffer = 001C6020
01AFEC68   |OutBufferSize = 4000 (16384.)   
01AFEC6C   |pBytesReturned = 01AFEC8C
01AFEC70   \pOverlapped = NULL   
01AFEA0C   /CALL 到 DeviceIoControl 来自 kernel32.7C820AC7   
01AFEA10   |hDevice = 00000144
01AFEA14   |IoControlCode = 6D0008   
01AFEA18   |InBuffer = 001C1BD0  
01AFEA1C   |InBufferSize = 46 (70.)
01AFEA20   |OutBuffer = 001B6D00   
01AFEA24   |OutBufferSize = EE (238.)   
01AFEA28   |pBytesReturned = 01AFEA74
01AFEA2C   \pOverlapped = NULL
019FFEA4   /CALL 到 DeviceIoControl 来自 Defender.00412508   
019FFEA8   |hDevice = 00000154 (window)  
019FFEAC   |IoControlCode = 800025E4   
019FFEB0   |InBuffer = 019FFEE0
019FFEB4   |InBufferSize = 88 (136.)
019FFEB8   |OutBuffer = 019FFEE0
019FFEBC   |OutBufferSize = 88 (136.)   
019FFEC0   |pBytesReturned = 019FFECC
019FFEC4   \pOverlapped = NULL  
0012D144   /CALL 到 DeviceIoControl 来自 Defender.00412508
0012D148   |hDevice = 000002A8 (window)  
0012D14C   |IoControlCode = 800025E4   
0012D150   |InBuffer = 0012D180   
0012D154   |InBufferSize = 88 (136.)
0012D158   |OutBuffer = 0012D180  
0012D15C   |OutBufferSize = 88 (136.)
0012D160   |pBytesReturned = 0012D16C
0012D164   \pOverlapped = NULL 
01CFFEA4   /CALL 到 DeviceIoControl 来自 Defender.00412508
01CFFEA8   |hDevice = 00000124 (window)   
01CFFEAC   |IoControlCode = 800025E4  
01CFFEB0   |InBuffer = 01CFFEE0
01CFFEB4   |InBufferSize = 88 (136.)  
01CFFEB8   |OutBuffer = 01CFFEE0   
01CFFEBC   |OutBufferSize = 88 (136.)  
01CFFEC0   |pBytesReturned = 01CFFECC
01CFFEC4   \pOverlapped = NULL  

这影子有问题,重启打算跟一下真正转储是什么样子,直接天蓝蓝了,最后一次正确配置搞定,直接卸载了

BY:unknown tycoon



还原系统严重bug被病毒恶意利用,造成杀软杀毒后重启病毒依然存在
http://bbs.micropoint.com.cn/sho ... 9%B6%C8%BF%D5%BC%E4



欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/) bbs.micropoint.com.cn