API tools faq
paste
Advertisement
Guest User

WindowsDebugEngine-description

a guest
May 11th, 2015
305
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.68 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ************* Symbol Path validation summary **************
  3. Response Time (ms) Location
  4. Deferred SRV*http://msdl.microsoft.com/download/symbols
  5.  
  6. Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
  7. Copyright (c) Microsoft Corporation. All rights reserved.
  8.  
  9. CommandLine: C:\\Users\\David\\Downloads\\xmplay37\\xmplay.exe fuzzed.wav
  10.  
  11. ************* Symbol Path validation summary **************
  12. Response Time (ms) Location
  13. Deferred SRV*http://msdl.microsoft.com/download/symbols
  14. Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
  15. Executable search path is:
  16. ModLoad: 00000000`00400000 00000000`00566000 image00000000`00400000
  17. ModLoad: 00007fff`73d80000 00007fff`73f2c000 ntdll.dll
  18. ModLoad: 00000000`77c40000 00000000`77dae000 ntdll.dll
  19. ModLoad: 00000000`001c0000 00000000`0022c000 C:\Windows\system32\verifier.dll
  20. Page heap: pid 0x128C: page heap enabled with flags 0x3.
  21. ModLoad: 00000000`77bf0000 00000000`77c3b000 C:\Windows\SYSTEM32\wow64.dll
  22. ModLoad: 00000000`77b70000 00000000`77bd8000 C:\Windows\system32\wow64win.dll
  23. ModLoad: 00000000`77be0000 00000000`77be9000 C:\Windows\system32\wow64cpu.dll
  24. ModLoad: 00000000`03d70000 00000000`03eae000 WOW64_IMAGE_SECTION
  25. ModLoad: 00000000`76ac0000 00000000`76c00000 WOW64_IMAGE_SECTION
  26. ModLoad: 00000000`03d70000 00000000`03eae000 NOT_AN_IMAGE
  27. ModLoad: 00000000`03d70000 00000000`03ee7000 NOT_AN_IMAGE
  28. ModLoad: 00000000`5c260000 00000000`5c2c0000 C:\Windows\syswow64\verifier.dll
  29. Page heap: pid 0x128C: page heap enabled with flags 0x3.
  30. ModLoad: 00000000`76ac0000 00000000`76c00000 C:\Windows\SysWOW64\KERNEL32.DLL
  31. ModLoad: 00000000`77a00000 00000000`77ad7000 C:\Windows\SysWOW64\KERNELBASE.dll
  32. ModLoad: 00000000`75540000 00000000`75693000 C:\Windows\SysWOW64\USER32.dll
  33. ModLoad: 00000000`72420000 00000000`72443000 C:\Windows\SysWOW64\WINMM.dll
  34. ModLoad: 00000000`772a0000 00000000`773ae000 C:\Windows\SysWOW64\GDI32.dll
  35. ModLoad: 00000000`76fc0000 00000000`7705b000 C:\Windows\SysWOW64\comdlg32.dll
  36. ModLoad: 00000000`756a0000 00000000`7571c000 C:\Windows\SysWOW64\ADVAPI32.dll
  37. ModLoad: 00000000`75760000 00000000`76a0c000 C:\Windows\SysWOW64\SHELL32.dll
  38. ModLoad: 00000000`773d0000 00000000`774f8000 C:\Windows\SysWOW64\ole32.dll
  39. ModLoad: 00000000`72240000 00000000`72415000 C:\Windows\SysWOW64\WININET.dll
  40. ModLoad: 00000000`66550000 00000000`66567000 C:\Windows\SysWOW64\MSACM32.dll
  41. ModLoad: 00000000`77650000 00000000`77713000 C:\Windows\SysWOW64\MSVCRT.dll
  42. ModLoad: 00000000`71f80000 00000000`71fa3000 C:\Windows\SysWOW64\WINMMBASE.dll
  43. ModLoad: 00000000`76a70000 00000000`76ab5000 C:\Windows\SysWOW64\SHLWAPI.dll
  44. ModLoad: 00000000`71680000 00000000`71886000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1\COMCTL32.dll
  45. ModLoad: 00000000`754b0000 00000000`754f1000 C:\Windows\SysWOW64\sechost.dll
  46. ModLoad: 00000000`76f00000 00000000`76fba000 C:\Windows\SysWOW64\RPCRT4.dll
  47. ModLoad: 00000000`76c00000 00000000`76d7d000 C:\Windows\SysWOW64\combase.dll
  48. ModLoad: 00000000`71d40000 00000000`71f72000 C:\Windows\SysWOW64\iertutil.dll
  49. ModLoad: 00000000`72ac0000 00000000`72adb000 C:\Windows\SysWOW64\USERENV.dll
  50. ModLoad: 00000000`75720000 00000000`7575c000 C:\Windows\SysWOW64\cfgmgr32.dll
  51. ModLoad: 00000000`72ca0000 00000000`72cc1000 C:\Windows\SysWOW64\DEVOBJ.dll
  52. ModLoad: 00000000`75440000 00000000`7545e000 C:\Windows\SysWOW64\SspiCli.dll
  53. ModLoad: 00000000`72b30000 00000000`72b3f000 C:\Windows\SysWOW64\profapi.dll
  54. ModLoad: 00000000`72b40000 00000000`72bcb000 C:\Windows\SysWOW64\SHCORE.DLL
  55. ModLoad: 00000000`75430000 00000000`7543a000 C:\Windows\SysWOW64\CRYPTBASE.dll
  56. ModLoad: 00000000`753d0000 00000000`75424000 C:\Windows\SysWOW64\bcryptPrimitives.dll
  57. ModLoad: 75480000 754a7000 C:\Windows\SysWOW64\IMM32.DLL
  58. ModLoad: 00000000`77720000 00000000`77832000 C:\Windows\SysWOW64\MSCTF.dll
  59. ModLoad: 00000000`75310000 00000000`75319000 C:\Windows\SysWOW64\kernel.appcore.dll
  60. ModLoad: 00000000`71200000 00000000`712ed000 C:\Windows\SysWOW64\uxtheme.dll
  61. ModLoad: 00000000`775b0000 00000000`77645000 C:\Windows\SysWOW64\OLEAUT32.dll
  62. ModLoad: 00000000`77840000 00000000`779f1000 C:\Windows\SysWOW64\SETUPAPI.dll
  63. ModLoad: 00000000`77200000 00000000`7728d000 C:\Windows\SysWOW64\clbcatq.dll
  64. ModLoad: 00000000`6e950000 00000000`6ea8a000 C:\Windows\SysWOW64\propsys.dll
  65. ModLoad: 00000000`10000000 00000000`1000a000 C:\Users\David\Downloads\xmplay37\xmp-cd.dll
  66. ModLoad: 00000000`04e70000 00000000`04e77000 C:\Users\David\Downloads\xmplay37\xmp-wadsp.dll
  67. ModLoad: 00000000`04ed0000 00000000`04ed8000 C:\Users\David\Downloads\xmplay37\xmp-wma.dll
  68. ModLoad: 00000000`739f0000 00000000`73a09000 C:\Windows\SysWOW64\CRYPTSP.dll
  69. ModLoad: 00000000`739c0000 00000000`739f0000 C:\Windows\SysWOW64\rsaenh.dll
  70. ModLoad: 00000000`739a0000 00000000`739be000 C:\Windows\SysWOW64\bcrypt.dll
  71. ModLoad: 00000000`6eb70000 00000000`6eb8a000 C:\Windows\SysWOW64\dwmapi.dll
  72. ModLoad: 00000000`636f0000 00000000`636f8000 C:\Windows\SysWOW64\msg711.acm
  73. (128c.df4): Access violation - code c0000005 (first chance)
  74. r
  75. *** WARNING: Unable to verify checksum for image00000000`00400000
  76. *** ERROR: Module load completed but symbols could not be loaded for image00000000`00400000
  77. eax=00000118 ebx=085eaee0 ecx=00000036 edx=00000000 esi=056ac000 edi=085eaf20
  78. eip=0040127b esp=099bfe54 ebp=099bfe60 iopl=0 nv up ei pl nz na po nc
  79. cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
  80. image00000000_00400000+0x127b:
  81. 0040127b f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
  82. rF
  83. fpcw=027F: rn 53 puozdi fpsw=4020: top=0 cc=1000 --p----- fptw=0000
  84. fopcode=0000 fpip=0000:7766c0b9 fpdp=0000:099bfebc
  85. st0= 0.000000000000000000000e+0000 st1= 0.000000000000000000000e+0000
  86. st2= 0.000000000000000000000e+0000 st3= 0.000000000000000000000e+0000
  87. st4= 0.000000000000000000000e+0000 st5= 1.600000000000000000000e+0001
  88. st6= 2.348800000000000000000e+0004 st7= 2.348800000000000000000e+0004
  89. image00000000_00400000+0x127b:
  90. 0040127b f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
  91. rX
  92. xmm0=0 0 0 0
  93. xmm1=0 0 0 0
  94. xmm2=0 0 0 0
  95. xmm3=0 0 0 0
  96. xmm4=0 0 0 0
  97. xmm5=0 0 0 0
  98. xmm6=5.05463e-036 1.75594e+033 3.75203e-033 8.20009e-009
  99. xmm7=7.42911e-034 4.41104e+021 5.31636e-008 1.75593e+033
  100. image00000000_00400000+0x127b:
  101. 0040127b f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
  102.  
  103.  
  104. kb
  105. ChildEBP RetAddr Args to Child
  106. WARNING: Stack unwind information not available. Following frames may be wrong.
  107. 099bfe60 0041b770 056abfc0 00000118 099bfee4 image00000000_00400000+0x127b
  108. 099bfea4 0041b872 099bff04 00410667 099bfee4 image00000000_00400000+0x1b770
  109. 099bff10 00424593 7768f4a0 004242e5 00000000 image00000000_00400000+0x1b872
  110. 099bff3c 7768f510 085dbff8 32aa8c9f 7768f4a0 image00000000_00400000+0x24593
  111. 099bff78 7768f4e5 099bff94 76ad7c04 085ddde8 MSVCRT!_callthreadstart+0x25
  112. 099bff80 76ad7c04 085ddde8 76ad7be0 33647015 MSVCRT!_threadstart+0x61
  113. 099bff94 77c9ad1f 085ddde8 320cc5b4 00000000 KERNEL32!BaseThreadInitThunk+0x24
  114. 099bffdc 77c9acea ffffffff 77c80238 00000000 ntdll_77c40000!__RtlUserThreadStart+0x2f
  115. 099bffec 00000000 7768f4a0 085ddde8 00000000 ntdll_77c40000!_RtlUserThreadStart+0x1b
  116.  
  117.  
  118. .load C:\Users\David\Downloads\peach-3.0.202-win-x64-release\Debuggers\DebugEngine\msec64.dll
  119. !exploitable -m
  120. IDENTITY:HostMachine\HostUser
  121. PROCESSOR:X86
  122. CLASS:USER
  123. QUALIFIER:USER_PROCESS
  124. EVENT:DEBUG_EVENT_EXCEPTION
  125. EXCEPTION_FAULTING_ADDRESS:0x56ac000
  126. EXCEPTION_CODE:0xC0000005
  127. EXCEPTION_LEVEL:FIRST_CHANCE
  128. EXCEPTION_TYPE:STATUS_ACCESS_VIOLATION
  129. EXCEPTION_SUBTYPE:READ
  130. FAULTING_INSTRUCTION:0040127b rep movs dword ptr es:[edi],dword ptr [esi]
  131. MAJOR_HASH:0x414e1808
  132. MINOR_HASH:0x01377b0e
  133. STACK_DEPTH:9
  134. STACK_FRAME:image00000000_00400000+0x127b
  135. STACK_FRAME:image00000000_00400000+0x1b770
  136. STACK_FRAME:image00000000_00400000+0x1b872
  137. STACK_FRAME:image00000000_00400000+0x24593
  138. STACK_FRAME:MSVCRT!_callthreadstart+0x25
  139. STACK_FRAME:MSVCRT!_threadstart+0x61
  140. STACK_FRAME:KERNEL32!BaseThreadInitThunk+0x24
  141. STACK_FRAME:ntdll_77c40000!__RtlUserThreadStart+0x2f
  142. STACK_FRAME:ntdll_77c40000!_RtlUserThreadStart+0x1b
  143. INSTRUCTION_ADDRESS:0x000000000040127b
  144. INVOKING_STACK_FRAME:0
  145. DESCRIPTION:Read Access Violation on Block Data Move
  146. SHORT_DESCRIPTION:ReadAVonBlockMove
  147. CLASSIFICATION:PROBABLY_EXPLOITABLE
  148. BUG_TITLE:Probably Exploitable - Read Access Violation on Block Data Move starting at image00000000_00400000+0x000000000000127b (Hash=0x414e1808.0x01377b0e)
  149. EXPLANATION:This is a read access violation in a block data move, and is therefore classified as probably exploitable.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!