I was reversing a cryptowall sample.
while debuggig the child process, I hit this, and exit (The instruction at 0x7C918FEA referenced memory at 0x10. The memory could not be written -)
ntdll.dll:7C90EAD0 ntdll_KiUserCallbackDispatcher:
ntdll.dll:7C90EAD0 add esp, 4
ntdll.dll:7C90EAD3 pop edx
ntdll.dll:7C90EAD4 mov eax, large fs:18h
ntdll.dll:7C90EADA mov eax, [eax+30h]
ntdll.dll:7C90EADD mov eax, [eax+2Ch]
ntdll.dll:7C90EAE0 call dword ptr [eax+edx*4]
ntdll.dll:7C90EAE3 xor ecx, ecx
ntdll.dll:7C90EAE5 xor edx, edx
I have patched byte to 0 at offset, but still doesn't work. Appreciate if you could assist.:D
while debuggig the child process, I hit this, and exit (The instruction at 0x7C918FEA referenced memory at 0x10. The memory could not be written -)
ntdll.dll:7C90EAD0 ntdll_KiUserCallbackDispatcher:
ntdll.dll:7C90EAD0 add esp, 4
ntdll.dll:7C90EAD3 pop edx
ntdll.dll:7C90EAD4 mov eax, large fs:18h
ntdll.dll:7C90EADA mov eax, [eax+30h]
ntdll.dll:7C90EADD mov eax, [eax+2Ch]
ntdll.dll:7C90EAE0 call dword ptr [eax+edx*4]
ntdll.dll:7C90EAE3 xor ecx, ecx
ntdll.dll:7C90EAE5 xor edx, edx
I have patched byte to 0 at offset, but still doesn't work. Appreciate if you could assist.:D
Attachments
pwd: infected
(95.5 KiB) Downloaded 71 times
(95.5 KiB) Downloaded 71 times
