API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 22nd, 2017
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.84 KB | None | 0 0
raw download clone embed print report
  1. set_pglocale_pgservice(argv[0], "pgscripts");
  2. 00007FF6E4B39C85 mov eax,8
  3. 00007FF6E4B39C8A imul rax,rax,0
  4. 00007FF6E4B39C8E lea rdx,[default_options+120h (07FF6E4B43B10h)]
  5. 00007FF6E4B39C95 mov rcx,qword ptr [argv]
  6. 00007FF6E4B39C9A mov rcx,qword ptr [rcx+rax]
  7. 00007FF6E4B39C9E call qword ptr [__imp_set_pglocale_pgservice (07FF6E4B40520h)]
  8.  
  9. 0x00007FF6E4B40520 00000001403e1da0 .>@....
  10. 0x00007FF6E4B40528 0000000000000000 ........
  11. 0x00007FF6E4B40530 0000000000000000 ........
  12. 0x00007FF6E4B40538 00007ff6e4b35348 HS.äö...
  13.  
  14. 00000001403E1DA0 mov qword ptr [rsp+18h],rbx
  15. 00000001403E1DA5 push rdi
  16. 00000001403E1DA6 sub rsp,0C40h
  17. 00000001403E1DAD mov rax,qword ptr [1405F8C60h]
  18. 00000001403E1DB4 xor rax,rsp
  19. 00000001403E1DB7 mov qword ptr [rsp+0C30h],rax
  20. 00000001403E1DBF mov rbx,rdx
  21. 00000001403E1DC2 mov rdi,rcx
  22. 00000001403E1DC5 lea rdx,[140430540h]
  23. 00000001403E1DCC mov rcx,rbx
  24. 00000001403E1DCF call 00000001403F67FA
  25.  
  26. 00000001403F67FA jmp qword ptr [1403F8998h]
  27.  
  28. 0x00000001403F8998 00007ffe87a5cc60 `Ì¥.þ...
  29. 0x00000001403F89A0 00007ffe87a47060 `p¤.þ...
  30. 0x00000001403F89A8 00007ffe87a5f8a4 ¤ø¥.þ...
  31.  
  32. 00007FFE87A5CC60 sub rdx,rcx
  33. 00007FFE87A5CC63 test cl,7
  34. 00007FFE87A5CC66 je 00007FFE87A5CC7C
  35.  
  36. set_pglocale_pgservice(argv[0], "pgscripts");
  37. 00007FF7E9879C85 mov eax,8
  38. 00007FF7E9879C8A imul rax,rax,0
  39. 00007FF7E9879C8E lea rdx,[default_options+120h (07FF7E9883B10h)]
  40. 00007FF7E9879C95 mov rcx,qword ptr [argv]
  41. 00007FF7E9879C9A mov rcx,qword ptr [rcx+rax]
  42. 00007FF7E9879C9E call qword ptr [__imp_set_pglocale_pgservice (07FF7E9880520h)]
  43.  
  44. 0x00007FF7E9880520 00000001403e1da0 .>@....
  45. 0x00007FF7E9880528 0000000000000000 ........
  46. 0x00007FF7E9880530 0000000000000000 ........
  47. 0x00007FF7E9880538 00007ff7e9875348 HS.é÷...
  48.  
  49. 00000001403E1DA0 mov qword ptr [rsp+18h],rbx
  50. 00000001403E1DA5 push rdi
  51. 00000001403E1DA6 sub rsp,0C40h
  52. 00000001403E1DAD mov rax,qword ptr [1405F8C60h]
  53. 00000001403E1DB4 xor rax,rsp
  54. 00000001403E1DB7 mov qword ptr [rsp+0C30h],rax
  55. 00000001403E1DBF mov rbx,rdx
  56. 00000001403E1DC2 mov rdi,rcx
  57. 00000001403E1DC5 lea rdx,[140430540h]
  58. 00000001403E1DCC mov rcx,rbx
  59. 00000001403E1DCF call 00000001403F67FA
  60.  
  61. 00000001403F67FA jmp qword ptr [1403F8998h] (should call C@_04FHBLDJDJ@?1bin?$AA@ libpgport:path.obj [postgres redistributable, which is linked statically]))
  62.  
  63. 0x00000001403F8998 000000000059e6a2 ¢æY.....
  64. 0x00000001403F89A0 000000000059e6ac ¾Y.....
  65. 0x00000001403F89A8 000000000059e6b6 ¶æY.....
  66.  
  67. 00000001403F8998 mov byte ptr [AC000000000059E6h],al
  68. 00000001403F89A1 out 59h,al
  69. 00000001403F89A3 add byte ptr [rax],al
  70. ...
  71.  
  72. 000000000059E69F ?? ??
  73. 000000000059E6A0 ?? ??
  74. 000000000059E6A1 ?? ??
  75.  
  76. [...]
  77. "16:48:40,2946466","pg_repack.exe","7216","Load Image","C:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Image Base: 0x180000000, Image Size: 0x30000"
  78. [...]
  79.  
  80. [...]
  81. "11:52:20,6264717","pg_repack.exe","12464","QueryOpen","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","CreationTime: 21/08/2017 11:38:04, LastAccessTime: 21/08/2017 12:06:56, LastWriteTime: 09/05/2017 06:45:07, ChangeTime: 21/08/2017 18:04:09, AllocationSize: 184 320, EndOfFile: 183 296, FileAttributes: A"
  82. "11:52:20,6265789","pg_repack.exe","12464","CreateFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  83. "11:52:20,6266332","pg_repack.exe","12464","QuerySecurityFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Information: 0x20"
  84. "11:52:20,6266513","pg_repack.exe","12464","CreateFileMapping","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  85. "11:52:20,6266921","pg_repack.exe","12464","CreateFileMapping","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","SyncType: SyncTypeOther"
  86. "11:52:20,6267619","pg_repack.exe","12464","Load Image","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Image Base: 0x180000000, Image Size: 0x30000"
  87. "11:52:20,6274889","pg_repack.exe","12464","CreateFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  88. "11:52:20,6275293","pg_repack.exe","12464","QuerySecurityFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Information: 0x20"
  89. "11:52:20,6275471","pg_repack.exe","12464","QueryBasicInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","CreationTime: 21/08/2017 11:38:04, LastAccessTime: 21/08/2017 12:06:56, LastWriteTime: 09/05/2017 06:45:07, ChangeTime: 21/08/2017 18:04:09, FileAttributes: A"
  90. "11:52:20,6276255","pg_repack.exe","12464","CloseFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS",""
  91. "11:52:20,6291170","pg_repack.exe","12464","CloseFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS",""
  92. [...]
  93. "11:52:20,6539022","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Name: testF"
  94. "11:52:20,6539202","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Name: testF"
  95. "11:52:20,6539363","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Name: testF"
  96. "11:52:20,6539512","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Name: testF"
  97. "11:52:20,6539664","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Name: testF"
  98. "11:52:20,6603867","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Name: testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll"
  99. "11:52:20,6604319","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Name: testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll"
  100. "11:52:20,6604778","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Name: testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll"
  101. "11:52:20,6605211","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Name: testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll"
  102. "11:52:20,6605635","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","SUCCESS","Name: testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll"
  103. [...]
  104.  
  105. "11:52:20,6539022","pg_repack.exe","12464","QueryNameInformationFile","B:testFolderpg_repack-mastermsvcbinx64Debuglibpq.dll","BUFFER OVERFLOW","Length: 63".
  106.  
  107. #include <Netsh.h>
  108. #pragma comment(linker, "/defaultlib:Netsh.lib")
  109.  
  110. MatchToken(L"*", L"*");// crash here on win 10
  111.  
  112. if (HMODULE hmod = LoadLibraryW(L"wshelper.dll"))
  113. {
  114. DWORD (WINAPI * InitHelperDll)(_In_ DWORD dwNetshVersion, PVOID pReserved);
  115.  
  116. if (*(void**)&InitHelperDll = GetProcAddress(hmod, "InitHelperDll"))
  117. {
  118. InitHelperDll(1, 0);// crash here on win10 only
  119. }
  120. FreeLibrary(hmod);
  121. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!