malwarelab / malwarecookbook

Automatically exported from code.google.com/p/malwarecookbook
0 stars 0 forks source link

some kernel exceptions detected as apihooks #20

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
$ python vol.py -f ../VMwareShared/memory/rustock.vmem apihooks -K
Volatile Systems Volatility Framework 1.4_rc1
Name                             Type     Target                                
   Value
-                                inlinek  ntoskrnl.exe!ExRaiseAccessViolation   
   0x8060ab58 PUSH 0xc0000005; RET (UNKNOWN)
-                                inlinek  ntoskrnl.exe!IofCallDriver            
   0x804ee130 JMP [0x8054c280] =>> 0xb17a189d ('\\Driver\\pe386')
-                                inlinek  ntoskrnl.exe!_purecall                
   0x80534d1e PUSH 0xc0000002; RET (UNKNOWN)

Original issue reported on code.google.com by michael.hale@gmail.com on 1 Jun 2011 at 3:39

GoogleCodeExporter commented 9 years ago
Fixed for upcoming 2.1 alpha release

Original comment by michael.hale@gmail.com on 18 Oct 2011 at 9:46