Техника сетевых атак

Касперски Крис

· *--» Сведения «--*

·

· Command line: F:\TPNA\SRC\BUFFDE~1.EXE

·

· Trap 0e 0000 - Недопустимая страница

· eax=00000000 ebx=00530000 ecx=00406050 edx=0063fdd8 esi=817d3fd4 edi=00000000

· eip= 5a5a5a5a esp= 0063fdf8 ebp=5a5a5a5a - - - nv up EI pl ZR na PE nc

· cs=015f ss=0167 ds=0167 es=0167 fs=41a7 gs=0000

·»015f:5a5a5a5a page not present

· sel type base lim/bot

· ____________________ -- ____________________ ____________________

· cs 015f r-x- 00000000 ffffffff

· ss 0167 rw-e 00000000 0000ffff

· ds 0167 rw-e 00000000 0000ffff

· es 0167 rw-e 00000000 0000ffff

· fs 41a7 rw- 817d23fc 00000037

· gs 0000 --

·

· stack base: 00540000

· TIB limits: 0063e000 - 00640000

·

· - exception record -

·

· Exception Code: c0000005 (нарушение доступа)

· Exception Address: 5a5a5a5a

· Exception Info: 00000000

· 5a5a5a5a

·

·»015f:5a5a5a5a page not present

·

·

· - stack summary -

·

· 0167:5a5a5a5a 015f:5a5a5a5a 015f:5a5a5a5a

·

· - stack trace -

·

· 0167:5a5a5a5a 015f:5a5a5a5a 015f:5a5a5a5a

·

· - stack dump -

·

· 0063fdf8 00005a5a

· 0063fdfc 00401262 = BUFF.DEMO.EXE:.text+0x262

·

· ____________________

· 015f:00401231 00a330694000 add byte ptr [ebx+00406930],ah

· 015f:00401237 e83f0e0000 call 0040207b = BUFF.DEMO.EXE:.text+0x107b

· 015f:0040123c e8810d0000 call 00401fc2 = BUFF.DEMO.EXE:.text+0xfc2

· 015f:00401241 e8f60a0000 call 00401d3c = BUFF.DEMO.EXE:.text+0xd3c

· 015f:00401246 a170694000 mov eax,dword ptr [00406970]

· 015f:0040124b a374694000 mov dword ptr [00406974],eax

· 015f:00401250 50 push eax

· 015f:00401251 ff3568694000 push dword ptr [00406968]

· 015f:00401257 ff3564694000 push dword ptr [00406964]

· 015f:0040125d e80afeffff call 0040106c = BUFF.DEMO.EXE:.text+0x6c

· BUFF.DEMO.EXE:.text+0x262:

· *015f:00401262 83c40c add esp,+0c

· 015f:00401265 8945e4 mov dword ptr [ebp-1c],eax

· 015f:00401268 50 push eax

· 015f:00401269 e8fb0a0000 call 00401d69 = BUFF.DEMO.EXE:.text+0xd69

· 015f:0040126e 8b45ec mov eax,dword ptr [ebp-14]

· 015f:00401271 8b08 mov ecx,dword ptr [eax]

· 015f:00401273 8b09 mov ecx,dword ptr [ecx]

· 015f:00401275 894de0 mov dword ptr [ebp-20],ecx

· 015f:00401278 50 push eax

· 015f:00401279 51 push ecx

· 015f:0040127a e8bf0b0000 call 00401e3e = BUFF.DEMO.EXE:.text+0xe3e

·

· ____________________

·

·

· 0063fe00 00000001

· 0063fe04 00760b70 -» 78 0b 76 00 00 00 00 00 46 3a 5c 54 50 4e 41 5c x.v…F:\TPNA\

· 0063fe08 00760b20 -» 00 0b 76 00 e0 0a 76 00 c0 0a 76 00 a0 0a 76 00…v…v…v…v.

· 0063fe0c 00000000

· 0063fe10 817d3fd4 -» 06 00 05 00 50 e9 52 c1 00 00 00 00 00 00 00 00…P.R…

· 0063fe14 00530000

· 0063fe18 c0000005

· 0063fe1c 0063ff68 -» ff ff ff ff 14 fe fb bf 38 91 f7 bf 00 00 00 00…8…

· 0063fe20 0063fe0c -» 00 00 00 00 d4 3f 7d 81 00 00 53 00 05 00 00 c0…?}…S…

· 0063fe24 0063fc28 -» 00 fd 63 00 1c fd 63 00 54 fc 63 00 4d 68 f7 bf…c…c.T.c.Mh…

· 0063fe28 0063ff68 -» ff ff ff ff 14 fe fb bf 38 91 f7 bf 00 00 00 00…8…

· 0063fe2c 004026dc = BUFF.DEMO.EXE:.text+0x16dc

· -» 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U…SVWU…]…E

· 0063fe30 004050a8 = BUFF.DEMO.EXE:.rdata+0xa8

· -» ff ff ff ff 6e 12 40 00 82 12 40 00 06 00 00 06…n.@…@…

· 0063fe34 00000000

· 0063fe38 0063ff78 -» f4 ff 63 00 e9 b3 f8 bf f4 23 7d 81 d4 3f 7d 81…c…#}…?}.

· 0063fe3c bff8b537 = KERNEL32!ApplicationStartup

·

· ____________________