[prev in list] [next in list] [prev in thread] [next in thread]
List: cuckoo
Subject: [cuckoo] cuckoo HookDetach bug
From: dariosfernandes () gmail ! com (Dario)
Date: 2012-01-16 10:49:41
Message-ID: 4F1400C5.1000106 () gmail ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fixed, just checkout the noew code on git.
It must be working perfectly!
On 01/12/2012 01:32 PM, liw8703 wrote:
> hi cuckoo i have a bug for cuckoo HookDetach when it is using hook
> NtResumeThread.
>
> before hook 7C92DB20 >/$ B8 CE000000 mov eax,0xCE 7C92DB25 |.
> BA 0003FE7F mov edx,0x7FFE0300 7C92DB2A |. FF12 call
> dword ptr ds:[edx] 7C92DB2C \. C2 0800 retn 0x8
>
> hook 7C92DB20 >/$ B8 E0E40010 mov eax,0x1000E4E0 7C92DB25 \.
> C3 retn 7C92DB26 90 nop 7C92DB27 90
> nop 7C92DB28 90 nop 7C92DB29 90
> nop 7C92DB2A . FF12 call dword ptr ds:[edx] 7C92DB2C
> . C2 0800 retn 0x8
>
> dehook 7C92DB20 > B8 CE000000 mov eax,0xCE 7C92DB25 BA
> 0003FE7F mov edx,0x7FFE0300 7C92DB2A - E9 33037D7C jmp
> F90FDE62 7C92DB2F 00B8 00000000 add byte ptr ds:[eax],bh
>
>
>
>
>
>
> _______________________________________________ Cuckoo mailing
> list Cuckoo at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/cuckoo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPFADFAAoJEONdQDIij8n9XPIIAIWoLdxKb6F8zgovYdP+3CXz
wULHrxm3yLXuEqQKaB/M6A95T8sViwIbUBN8QTW5mvEDJ7UHz/1SAJu1okxZ3/n2
Kw4XDHWSt4W6XWoZH+RNiIiabyDC0kS7X5yEizNMLEN0J7hJ8s4UPDPaz3SpWW6H
l3UFwI9XB4nOirwpKOhmEc3nAiWwWPJq4qBC6DeOJM5CiIM0fXaGwjPa8+GY436i
znZFmttJKxTU2+oPz4Tb+BldeyykCFneYjdj/WNY3lAPDD07yvKqX0wBODNPDV8Z
6W9m3JdKel/snD4tTGk85/Bi5LtTcOyn2bu6ylFMZpypfu3XJDHqdX2feeNSwmc=
=cP7r
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic