|
[求助]《寒江独钓》中网络传输层过滤获取地址出现蓝屏!
好的,一起交流一下!! |
|
[求助]《寒江独钓》中网络传输层过滤获取地址出现蓝屏!
dump文件的内容是这样的: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PFN_LIST_CORRUPT (4e) Typically caused by drivers passing bad memory descriptor lists (ie: calling MmUnlockPages twice with the same list, etc). If a kernel debugger is available get the stack trace. Arguments: Arg1: 00000007, A driver has unlocked a page more times than it locked it Arg2: 00002402, page frame number Arg3: 00000001, current share count Arg4: 00000000, 0 Debugging Details: ------------------ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\tcpip.sys\485B8A3657f80\tcpip.sys ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£ PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details BUGCHECK_STR: 0x4E_7 DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO PROCESS_NAME: telnet.exe LAST_CONTROL_TRANSFER: from 805259de to 8053456e STACK_TEXT: f6c7a99c 805259de 0000004e 00000007 00002402 nt!KeBugCheckEx+0x1b f6c7a9bc 804f1ea4 82807000 829fbac0 80562bc0 nt!MiDecrementReferenceCount+0x4e f6c7a9f0 8054a536 82afc6e0 829fbac0 80562bc0 nt!MiDeferredUnlockPages+0x13d f6c7aa1c 8054be0b 82807000 829fbac0 829fbac0 nt!MiFreePoolPages+0xac f6c7aa5c f748fad2 82807000 00000000 f6c7aa9c nt!ExFreePoolWithTag+0x1b7 f6c7aa6c f748fab8 829fbac0 82807000 00000000 tcpip!MdppFreePage+0x10 f6c7aa9c f748eb1b 80552500 00000000 f6c7aaf4 tcpip!MdppScavengePool+0xa9 f6c7aab8 f748ed36 829fba80 f6c7aaf4 828eb008 tcpip!MdpAllocateAtDpcLevel+0x5e f6c7aacc f7498902 f6c7aaf4 828c68a0 828eb008 tcpip!GetTCPHeaderAtDpcLevel+0x15 f6c7aafc f74986fc 828eb008 00000000 82953200 tcpip!SendSYN+0x1d f6c7ab40 f74988ca 00c7ab64 00000001 00000000 tcpip!TdiConnect+0x3ab f6c7ab7c f7491038 828abbf8 828abcb0 828abbf8 tcpip!TCPConnect+0xa8 f6c7ab98 804e47f7 82ad7368 828abbf8 828ce388 tcpip!TCPDispatchInternalDeviceControl+0x13f f6c7aba8 f7f005fb 828868f8 f6c7ac24 804e47f7 nt!IopfCallDriver+0x31 f6c7abb4 804e47f7 82886840 828abbf8 828f6f74 tdifilter!DispatchAny+0x3b [f:\tdifilter\tdifilter.c @ 96] f6c7abc4 f7423ec4 00012007 f7423c55 828abbf8 nt!IopfCallDriver+0x31 f6c7ac24 f742b257 828a4988 82a041f0 f6c7ac58 afd!AfdConnect+0x3a8 f6c7ac34 804e47f7 82a1f7e0 828abbf8 806ee070 afd!AfdDispatchDeviceControl+0x53 f6c7ac44 8056b1c8 828abcd4 829be4d0 828abbf8 nt!IopfCallDriver+0x31 f6c7ac58 8057bd83 82a1f7e0 828abbf8 829be4d0 nt!IopSynchronousServiceTail+0x60 f6c7ad00 8057e30b 0000071c 00000734 00000000 nt!IopXxxControlFile+0x611 f6c7ad34 804df7ec 0000071c 00000734 00000000 nt!NtDeviceIoControlFile+0x2a f6c7ad34 7c92eb94 0000071c 00000734 00000000 nt!KiFastCallEntry+0xf8 WARNING: Frame IP not in any known module. Following frames may be wrong. 0098ed40 00000000 00000000 00000000 00000000 0x7c92eb94 STACK_COMMAND: kb FOLLOWUP_IP: nt!MiDeferredUnlockPages+13d 804f1ea4 e9e9080000 jmp nt!MiDeferredUnlockPages+0x13d (804f2792) SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!MiDeferredUnlockPages+13d FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 48a4023c IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: 0x4E_7_nt!MiDeferredUnlockPages+13d BUCKET_ID: 0x4E_7_nt!MiDeferredUnlockPages+13d Followup: MachineOwner --------- |
|
[原创]ProbeBypass攻击技术
好文章!让我等小菜学习了一把。 |
|
[下载]《[专题四]Rootkit的学习与研究》文章整理下载
好人呐~~~~~~~~~~~~~~ |
|
[求助]如何成为病毒分析师?
这个要顶一下,看多少人和我一样不知道。 |
|
[讨论]看看有多少06年的ID 帖子数不满20的
也来报个道. |
|
[求助]请教《0 day》中第十章的问题
帮你顶一下吧。 |
|
|
|
[求助]目标---年底科锐学习去
哪些好的论坛?发出来共享一下。 |
|
|
|
|
|
[求助]int 21h中断40h号功能,那个bx的值不知是干什么的?
也就是文件句柄,读写文件的函数都需要该句柄对文件进行相应的操作。 |
|
[求助]菜鸟提问一下,算术右移
算术左移只是简单的将二进制数据向左移动一位,被移出的位放在CF中,用0填充低位.比如: 0x9A = 10011010(B) 算术左移1位的话,就变成 00110100(B) CF=1 算术右移是将二进制数据向右移动一位,被移出的位放在CF中,用符号位继续填充高位.比如: 0x9A = 10011010(B) 算术右移1位的话,就变成 11001101(B) CF=0 |
|
[求助]搞N天了,怎么逆向编写出应用了VC下SEH的程序结构?
谢谢你的回复,我找了很久没有找到,所以才来这上面提问题的. 我知道它的结构大致是: ;struct _EXCEPTION_REGISTRATION{ ; struct _EXCEPTION_REGISTRATION *prev; ; void (*handler)( PEXCEPTION_RECORD, ; PEXCEPTION_REGISTRATION, ; PCONTEXT, ; PEXCEPTION_RECORD); ; struct scopetable_entry *scopetable; ; int trylevel; ; int _ebp; ; PEXCEPTION_POINTERS xpointers; ;}; 而scopetable[trylevel]->lpfnFilter是过滤表达式的函数,scopetable[trylevel]->lpfnHandler是__except块中的代码.可是我在汇编中定位不到,不知道是怎么回事?scopetable的结构是这样的: typedef struct _SCOPETABLE { DWORD previousTryLevel; DWORD lpfnFilter; DWORD lpfnHandler; } SCOPETABLE, *PSCOPETABLE; 按上面汇编的分析scopetable=44BF19B0,trylevel = 0,然后scopetable[trylevel]->lpfnHandler呢?它的值该怎么算?即便算出来好象也是错误的. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值