Thread: hmmm...
View Single Post
  #6  
Old 08-10-2008, 00:30
D-Jester's Avatar
D-Jester D-Jester is offline
VIP
  
Join Date: Nov 2003
Location: Ohio, USA
Posts: 269
Rept. Given: 39
Rept. Rcvd 61 Times in 41 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
D-Jester Reputation: 61
Armadillo 6.04 Public

My Observations so far:
JMP <ModuleEntrypoint> patch (EB FE) doesn't make it to the child process from the first WriteProcessMemory call.

My custom spin on the DebugActiveProcessStop patch now causes a crash

Code:
PUSH %PID%
CALL DEBUGACTIVEPROCESSSTOP
JMP EIP <-- CAUSES WINDOWS TO DUMP ARMADILLO MEMORY VIA WATSON
Haven't actually made it into the child process yet, back to the tutorials.
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
Reply With Quote