API tools faq
paste
Advertisement
leong124

hook.txt

leong124
Aug 21st, 2011
261
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.28 KB | None | 0 0
raw download clone embed print report
  1. [XueTr][0x81C25020-->Ring3 Hook]: 28
  2. Hooked Object Hook Address and Location Type Current Value Original Value
  3. [*]len(5) ntdll.dll->LdrLoadDll 0x7C93632D->0x10025680[C:\WINDOWS\system32\guard32.dll] inline E9 4E F3 6E 93 68 6C 02 00 00
  4. [*]len(5) ntdll.dll->LdrUnloadDll 0x7C9371CD->0x1001CF60[C:\WINDOWS\system32\guard32.dll] inline E9 8E 5D 6E 93 68 C4 00 00 00
  5. [*]len(5) ntdll.dll->NtClose 0x7C92CFEE->0x1001CE40[C:\WINDOWS\system32\guard32.dll] inline E9 4D FE 6E 93 B8 19 00 00 00
  6. [*]len(5) ntdll.dll->ZwClose 0x7C92CFEE->0x1001CE40[C:\WINDOWS\system32\guard32.dll] inline E9 4D FE 6E 93 B8 19 00 00 00
  7. [*]len(5) KERNEL32.dll->CreateProcessA 0x7C80236B->0x10023280[C:\WINDOWS\system32\guard32.dll] inline E9 10 0F 82 93 8B FF 55 8B EC
  8. [*]len(5) KERNEL32.dll->CreateProcessW 0x7C802336->0x100226F0[C:\WINDOWS\system32\guard32.dll] inline E9 B5 03 82 93 8B FF 55 8B EC
  9. [*]len(5) USER32.dll->EndTask 0x77D5A0A5->0x1002DF90[C:\WINDOWS\system32\guard32.dll] inline E9 E6 3E 2D 98 8B FF 55 8B EC
  10. len(5) ADVAPI32.dll->CreateProcessAsUserA 0x77DE0CE8->0x10021B50[C:\WINDOWS\system32\guard32.dll] inline E9 63 0E 24 98 8B FF 55 8B EC
  11. [*]len(5) ADVAPI32.dll->CreateProcessAsUserW 0x77DBA8A9->0x10021220[C:\WINDOWS\system32\guard32.dll] inline E9 72 69 26 98 8B FF 55 8B EC
  12. [*]len(5) fltlib.dll->FilterConnectCommunicationPort 0x4AAD135C->0x1001CEB0[C:\WINDOWS\system32\guard32.dll] inline E9 4F BB 54 C5 8B FF 55 8B EC
  13. [*]len(5) fltlib.dll->FilterSendMessage 0x4AAD23A4->0x1001CE70[C:\WINDOWS\system32\guard32.dll] inline E9 C7 AA 54 C5 8B FF 55 8B EC
  14. [*]len(4) mscorwks.dll 0x79E71FDC->_ inline CE 32 B3 34 00 00 00 00
  15. len(31) mscorwks.dll 0x79E72F40->_ inline 89 02 81 F8 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  16. len(31) mscorwks.dll 0x79E72F68->_ inline 89 1A 81 FB 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  17. len(31) mscorwks.dll 0x79E72F90->_ inline 89 0A 81 F9 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  18. len(31) mscorwks.dll 0x79E72FB8->_ inline 89 32 81 FE 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  19. len(31) mscorwks.dll 0x79E72FE0->_ inline 89 3A 81 FF 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  20. len(31) mscorwks.dll 0x79E73008->_ inline 89 2A 81 FD 30 D3 A1 01 72 0C C1 EA 0A 80 BA 20 AB D5 00 FF 75 01 C3 C6 82 20 AB D5 00 FF C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC
  21. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll Hijack on Module File
  22. [*]len(5) ole32.dll->CoCreateInstanceEx 0x769AF154->0x1002E410[C:\WINDOWS\system32\guard32.dll] inline E9 B7 F2 67 99 8B FF 55 8B EC
  23. [*]len(5) ole32.dll->CoGetClassObject 0x769C51F5->0x1002E1D0[C:\WINDOWS\system32\guard32.dll] inline E9 D6 8F 66 99 8B FF 55 8B EC
  24. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll Hijack on Module File
  25. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll Hijack on Module File
  26. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll Hijack on Module File
  27. D:\Program Files\osu\Microsoft.Xna.Framework.dll Hijack on Module File
  28. C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll Hijack on Module File
  29. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll Hijack on Module File
  30. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll Hijack on Module File
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!