Thread: Ehsvc Dump !

Results 1 to 1 of 1
  1. 03-09-2011 #1
    otocu
    otocu is offline
    Leecher
    otocu's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    vdsdvsdsv
    Posts
    6
    Reputation
    10
    Thanks
    1
    My Mood
    Aggressive
    Send a message via Birdie™ to otocu

    Ehsvc Dump !

    I made today an iat tracer and tested it on current ehsvc for warrock international or PBlackout.exe
    so enjoy, howewer some are badly resolved

    Code:
    [IatTrace]: PROTECTOR=Themida
[IatTrace]: MOD_NAME=EHSVC.DLL
[IatTrace]: MOD_BASE=10000000
[IatTrace]: IAT_START=100c1000

100c1000: ADVAPI32.dll->RegEnumValueA
100c1004: ADVAPI32.dll->InitializeSecurityDescriptor
100c1008: ADVAPI32.dll->RegCloseKey
100c100c: ADVAPI32.dll->RegOpenKeyExA
100c1010: ADVAPI32.dll->GetKernelObjectSecurity
100c1014: ADVAPI32.dll->RegSetValueExW
100c1018: ADVAPI32.dll->UnregisterTraceGuids
100c101c: ADVAPI32.dll->CloseServiceHandle
100c1020: ADVAPI32.dll->CreateServiceA
100c1024: ADVAPI32.dll->OpenSCManagerA
100c1028: ADVAPI32.dll->DeleteService
100c102c: ADVAPI32.dll->OpenServiceA
100c1030: ADVAPI32.dll->ChangeServiceConfigA
100c1034: ADVAPI32.dll->StartServiceA
100c1038: ADVAPI32.dll->ControlService
100c103c: ADVAPI32.dll->QueryServiceStatus
100c1040: ADVAPI32.dll->UnregisterTraceGuids
100c1044: ADVAPI32.dll->OpenProcessToken
100c1048: ADVAPI32.dll->IsValidSid
100c104c: ADVAPI32.dll->GetExplicitEntriesFromAclA
100c1050: ADVAPI32.dll->EqualSid
100c1054: ADVAPI32.dll->GetTokenInformation
100c1058: ADVAPI32.dll->RegOpenKeyA
100c105c: ADVAPI32.dll->RegDeleteValueA
100c1060: ADVAPI32.dll->SetSecurityDescriptorDacl
100c1064: ADVAPI32.dll->OpenThreadToken
100c1068: ADVAPI32.dll->LookupPrivilegeValueW
100c106c: ADVAPI32.dll->AdjustTokenPrivileges
100c1070: ADVAPI32.dll->RegQueryInfoKeyA
100c1074: ADVAPI32.dll->RegEnumKeyExA
100c1078: ADVAPI32.dll->LookupAccountNameA
100c107c: ADVAPI32.dll->SetEntriesInAuditListA
100c1080: ADVAPI32.dll->GetAclInformation
100c1084: ADVAPI32.dll->GetLengthSid
100c1088: ADVAPI32.dll->InitializeAcl
100c108c: ADVAPI32.dll->AddAce
100c1090: ADVAPI32.dll->GetAce
100c1094: ADVAPI32.dll->CopySid
100c1098: ADVAPI32.dll->SetEntriesInAuditListA
100c109c: ADVAPI32.dll->RegCreateKeyExA
100c10a0: ADVAPI32.dll->RegSetValueExA
100c10a4: ADVAPI32.dll->RegQueryValueExA
100c10a8: ADVAPI32.dll->AllocateAndInitializeSid
100c10ac: ADVAPI32.dll->LookupAccountSidA
100c10b0: ADVAPI32.dll->FreeSid
100c10b8: GDI32.dll->GetDeviceCaps
100c10bc: GDI32.dll->CreateCompatibleBitmap
100c10c0: GDI32.dll->DeleteDC
100c10c4: GDI32.dll->CreateDCA
100c10c8: GDI32.dll->CreateFontA
100c10cc: GDI32.dll->SetTextColor
100c10d0: GDI32.dll->SetBkMode
100c10d4: GDI32.dll->GetStockObject
100c10d8: GDI32.dll->StretchBlt
100c10dc: GDI32.dll->BitBlt
100c10e0: GDI32.dll->GetObjectA
100c10e4: GDI32.dll->CreateCompatibleDC
100c10e8: GDI32.dll->DeleteObject
100c10ec: GDI32.dll->SelectObject
100c10f0: GDI32.dll->GetBitmapBits
100c10f8: kernel32.dll->GetFileTime
100c10fc: kernel32.dll->GetLocalTime
100c1100: kernel32.dll->LocalFree
100c1104: kernel32.dll->HeapFree
100c1108: kernel32.dll->LocalAlloc
100c110c: kernel32.dll->DeleteFileA
100c1110: kernel32.dll->OutputDebugStringA
100c1114: kernel32.dll->lstrlen
100c1118: kernel32.dll->WideCharToMultiByte
100c111c: kernel32.dll->FormatMessageA
100c1120: kernel32.dll->GetExitCodeThread
100c1124: kernel32.dll->SetThreadPriority
100c1128: kernel32.dll->QueryPerformanceCounter
100c112c: kernel32.dll->QueryPerformanceFrequency
100c1130: kernel32.dll->ResetEvent
100c1134: kernel32.dll->OpenEventA
100c1138: kernel32.dll->WriteFile
100c113c: kernel32.dll->MoveFileWithProgressA
100c1140: kernel32.dll->MoveFileWithProgressA
100c1144: kernel32.dll->GetFileAttributesA
100c1148: kernel32.dll->SetFileAttributesA
100c114c: kernel32.dll->FindClose
100c1150: kernel32.dll->FindFirstFileA
100c1154: kernel32.dll->InitializeCriticalSectionEx
100c1158: kernel32.dll->LockResource
100c115c: kernel32.dll->SizeofResource
100c1160: kernel32.dll->LoadResource
100c1164: kernel32.dll->FindResourceExA
100c1168: kernel32.dll->CreateProcessInternalA
100c116c: kernel32.dll->FreeLibrary
100c1170: kernel32.dll->CreateThread
100c1174: kernel32.dll->lstrlenW
100c1178: kernel32.dll->TlsAlloc
100c117c: kernel32.dll->TlsSetValue
100c1180: kernel32.dll->TlsGetValue
100c1184: kernel32.dll->GetProcAddress
100c1188: kernel32.dll->GetWindowsDirectoryA
100c118c: kernel32.dll->CreateEventW
100c1190: kernel32.dll->OpenProcess
100c1194: kernel32.dll->lstrcmp
100c1198: kernel32.dll->Module32NextW
100c119c: kernel32.dll->Module32FirstW
100c11a0: kernel32.dll->HeapFree
100c11a4: kernel32.dll->TerminateThread
100c11a8: kernel32.dll->HeapFree
100c11ac: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c11b0: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c11b4: kernel32.dll->TerminateProcess
100c11b8: kernel32.dll->SetEndOfFile
100c11bc: kernel32.dll->WideCharToMultiByte
100c11c0: kernel32.dll->CreateDirectoryA
100c11c4: kernel32.dll->RemoveDirectoryA
100c11c8: kernel32.dll->HeapFree
100c11cc: kernel32.dll->InitializeCriticalSectionAndSpinCount
100c11d0: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c11d4: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c11d8: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c11dc: kernel32.dll->OpenProcess
100c11e0: kernel32.dll->Process32NextW
100c11e4: kernel32.dll->Process32FirstW
100c11e8: kernel32.dll->GetCurrentThread
100c11ec: kernel32.dll->FileTimeToLocalFileTime
100c11f0: Failed To Resolve!
100c11f4: kernel32.dll->Thread32First
100c11f8: kernel32.dll->lstrcpynW
100c11fc: kernel32.dll->VirtualFreeEx
100c1200: kernel32.dll->GetLongPathNameA
100c1204: ntdll.dll->RtlReAllocateHeap
100c1208: kernel32.dll->ReleaseMutex
100c120c: kernel32.dll->CreateMutexA
100c1210: kernel32.dll->GetComputerNameW
100c1214: kernel32.dll->GetDiskFreeSpaceA
100c1218: kernel32.dll->HeapFree
100c121c: kernel32.dll->GetDriveTypeA
100c1220: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c1224: kernel32.dll->GlobalFindAtomW
100c1228: kernel32.dll->BaseDllReadWriteIniFile
100c122c: kernel32.dll->GetLocaleInfoW
100c1230: kernel32.dll->GetTimeZoneInformation
100c1234: kernel32.dll->QueryActCtxSettingsW
100c1238: kernel32.dll->GetUserDefaultLCID
100c123c: kernel32.dll->EnumSystemLocalesA
100c1240: kernel32.dll->IsValidCodePage
100c1244: kernel32.dll->IsValidLocale
100c1248: kernel32.dll->SetStdHandle
100c124c: kernel32.dll->GetStringTypeW
100c1250: kernel32.dll->GetStringTypeA
100c1254: kernel32.dll->IsBadReadPtr
100c1258: kernel32.dll->GetEnvironmentStringsW
100c125c: kernel32.dll->GetEnvironmentStrings
100c1260: kernel32.dll->FreeEnvironmentStringsW
100c1264: kernel32.dll->FreeEnvironmentStringsA
100c1268: kernel32.dll->GetFileType
100c126c: Failed To Resolve!
100c1270: kernel32.dll->RtlUnwind
100c1274: kernel32.dll->SetUnhandledExceptionFilter
100c1278: kernel32.dll->LCMapStringW
100c127c: kernel32.dll->LCMapStringA
100c1280: kernel32.dll->GetOEMCP
100c1284: kernel32.dll->SetEnvironmentVariableA
100c1288: kernel32.dll->GetACP
100c128c: kernel32.dll->GetCPInfo
100c1290: Failed To Resolve!
100c1294: kernel32.dll->FatalAppExitA
100c1298: kernel32.dll->GetEnvironmentVariableA
100c129c: ntdll.dll->NtQueryInformationThread
100c12a0: kernel32.dll->CreateEventW
100c12a4: kernel32.dll->CreateFileW
100c12a8: kernel32.dll->CreateFileMappingW
100c12ac: kernel32.dll->CreateMutexW
100c12b0: kernel32.dll->CreatePipe
100c12b4: kernel32.dll->CreateProcessInternalW
100c12b8: kernel32.dll->DeleteFileW
100c12bc: kernel32.dll->GetCurrentDirectoryA
100c12c0: kernel32.dll->GetCurrentDirectoryW
100c12c4: kernel32.dll->GetFileAttributesW
100c12c8: kernel32.dll->GetTempFileNameW
100c12cc: kernel32.dll->BaseFormatObjectAttributes
100c12d0: kernel32.dll->OpenEventW
100c12d4: kernel32.dll->OpenFileMappingW
100c12d8: kernel32.dll->FileTimeToSystemTime
100c12dc: kernel32.dll->GetSystemInfo
100c12e0: kernel32.dll->BaseSetLastNTError
100c12e4: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c12e8: kernel32.dll->MapViewOfFile
100c12ec: kernel32.dll->lstrcpyn
100c12f0: kernel32.dll->HeapFree
100c12f4: kernel32.dll->GetCurrentProcessId
100c12f8: kernel32.dll->HeapDestroy
100c12fc: kernel32.dll->HeapCreate
100c1300: kernel32.dll->GetSystemTimeAsFileTime
100c1304: kernel32.dll->GetModuleFileNameA
100c1308: kernel32.dll->GetModuleFileNameA
100c130c: kernel32.dll->MultiByteToWideChar
100c1310: kernel32.dll->SetEvent
100c1314: kernel32.dll->CreateEventA
100c1318: kernel32.dll->VirtualQuery
100c131c: kernel32.dll->SuspendThread
100c1320: Failed To Resolve!
100c1324: kernel32.dll->ResumeThread
100c1328: kernel32.dll->GetCurrentThreadId
100c132c: kernel32.dll->WaitForSingleObjectEx
100c1330: kernel32.dll->VirtualAlloc
100c1334: kernel32.dll->InterlockedExchange
100c1338: kernel32.dll->VirtualFree
100c133c: kernel32.dll->GetTickCount
100c1340: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c1344: kernel32.dll->GetFileSize
100c1348: kernel32.dll->SetFilePointer
100c134c: kernel32.dll->HeapFree
100c1350: kernel32.dll->GetSystemDirectoryA
100c1354: kernel32.dll->MapViewOfFileEx
100c1358: kernel32.dll->GetProcessHeap
100c135c: ntdll.dll->RtlAllocateHeap
100c1360: Failed To Resolve!
100c1364: kernel32.dll->GetVersionExA
100c1368: kernel32.dll->GetSystemDirectoryW
100c136c: kernel32.dll->GetModuleFileNameW
100c1370: kernel32.dll->GetModuleHandleW
100c1374: kernel32.dll->UnmapViewOfFile
100c1378: kernel32.dll->LocalAlloc
100c137c: kernel32.dll->InterlockedIncrement
100c1380: kernel32.dll->InterlockedDecrement
100c1384: ntdll.dll->RtlEnterCriticalSection
100c1388: kernel32.dll->OpenMutexW
100c138c: kernel32.dll->VirtualProtectEx
100c1390: kernel32.dll->VirtualQueryEx
100c1394: kernel32.dll->WaitForMultipleObjectsEx
100c1398: kernel32.dll->HeapFree
100c139c: kernel32.dll->InterlockedCompareExchange
100c13a0: kernel32.dll->Sleep
100c13a4: kernel32.dll->GetModuleHandleA
100c13a8: ntdll.dll->RtlInitializeCriticalSectionEx
100c13ac: ntdll.dll->RtlEnterCriticalSection
100c13b0: ntdll.dll->RtlLeaveCriticalSection
100c13b4: kernel32.dll->GetCurrentProcess
100c13b8: Failed To Resolve!
100c13bc: kernel32.dll->GetLastError
100c13c0: kernel32.dll->VirtualProtect
100c13c4: kernel32.dll->CompareStringA
100c13c8: kernel32.dll->CompareStringW
100c13cc: kernel32.dll->GetFullPathNameA
100c13d0: kernel32.dll->lstrcmpi
100c13d4: kernel32.dll->SetCurrentDirectoryA
100c13d8: kernel32.dll->lstrcmpiW
100c13dc: kernel32.dll->HeapFree
100c13e0: kernel32.dll->TlsFree
100c13e4: kernel32.dll->LoadLibraryExA
100c13e8: kernel32.dll->CreateThread
100c13ec: kernel32.dll->WriteProcessMemory
100c13f0: kernel32.dll->ReadProcessMemory
100c13f4: kernel32.dll->FindNextFileA
100c13f8: kernel32.dll->Basep8BitStringToDynamicUnicodeString
100c13fc: Failed To Resolve!
100c1400: kernel32.dll->SetErrorMode
100c1404: kernel32.dll->GetExitCodeProcess
100c1408: kernel32.dll->SleepEx
100c140c: kernel32.dll->ReleaseSemaphore
100c1410: kernel32.dll->CreateSemaphoreExA
100c1414: kernel32.dll->GetVersion
100c1418: kernel32.dll->GetThreadLocale
100c141c: kernel32.dll->GlobalFindAtomW
100c1420: kernel32.dll->GetLocaleInfoA
100c1424: kernel32.dll->GetCommandLineA
100c1428: kernel32.dll->ExitProcess
100c142c: kernel32.dll->HeapFree
100c1430: kernel32.dll->RaiseException
100c1434: kernel32.dll->RaiseException
100c1438: kernel32.dll->GetStdHandle
100c1440: OLEAUT32.dll->SysReAllocStringLen
100c1444: OLEAUT32.dll->SysFreeString
100c1448: OLEAUT32.dll->OleLoadPicturePath
100c1450: SHELL32.dll->Shell_NotifyIcon
100c1454: SHELL32.dll->SHFileOperation
100c145c: Failed To Resolve!
100c1460: USER32.dll->IsThreadDesktopComposited
100c1464: USER32.dll->CharPrevA
100c1468: USER32.dll->CheckDesktopByThreadId
100c146c: USER32.dll->IsThreadDesktopComposited
100c1470: USER32.dll->GetForegroundWindow
100c1474: USER32.dll->InSendMessageEx
100c1478: USER32.dll->CheckDesktopByThreadId
100c147c: USER32.dll->IsThreadDesktopComposited
100c1480: USER32.dll->MBToWCSEx
100c1484: USER32.dll->IsThreadDesktopComposited
100c1488: USER32.dll->GetForegroundWindow
100c148c: USER32.dll->IsThreadDesktopComposited
100c1490: USER32.dll->IsThreadDesktopComposited
100c1494: USER32.dll->IsThreadDesktopComposited
100c1498: USER32.dll->IsThreadDesktopComposited
100c149c: USER32.dll->IsThreadDesktopComposited
100c14a0: Failed To Resolve!
100c14a4: Failed To Resolve!
100c14a8: USER32.dll->GetWindowThreadProcessId
100c14ac: USER32.dll->TranslateMessageEx
100c14b0: USER32.dll->IsDialogMessage
100c14b4: USER32.dll->TranslateMessageEx
100c14b8: USER32.dll->IsThreadDesktopComposited
100c14bc: USER32.dll->IsThreadDesktopComposited
100c14c0: USER32.dll->IsThreadDesktopComposited
100c14c4: Failed To Resolve!
100c14c8: USER32.dll->IsThreadDesktopComposited
100c14cc: USER32.dll->IsThreadDesktopComposited
100c14d0: USER32.dll->RegisterClassA
100c14d4: USER32.dll->IsThreadDesktopComposited
100c14d8: USER32.dll->IsThreadDesktopComposited
100c14dc: Failed To Resolve!
100c14e0: Failed To Resolve!
100c14e4: Failed To Resolve!
100c14e8: USER32.dll->SfmDxSetSwapChainStats
100c14ec: USER32.dll->CopyImage
100c14f0: USER32.dll->LoadImageW
100c14f4: USER32.dll->MessageBoxExA
100c14f8: Failed To Resolve!
100c14fc: Failed To Resolve!
100c1500: Failed To Resolve!
100c1504: Failed To Resolve!
100c1508: Failed To Resolve!
100c150C: Failed To Resolve!
100c1510: Failed To Resolve!
100c1514: Failed To Resolve!
100c1518: Failed To Resolve!
100c151C: Failed To Resolve!
100c1520: Failed To Resolve!
100c1524: Failed To Resolve!
100c1528: Failed To Resolve!
100c152C: Failed To Resolve!
100C1534: VERSION.dll->VerQueryValueA
100C1538: VERSION.dll->GetFileVersionInfoSizeW
100C153C: VERSION.dll->GetFileVersionInfoW
100C1540: VERSION.dll->VerQueryValueW
100C1544: VERSION.dll->GetFileVersionInfoSizeA
100C1548: VERSION.dll->GetFileVersionInfoA
100C1550: WININET.dll->InternetConnectA
100C1554: WININET.dll->InternetSetStatusCallback
100C1558: WININET.dll->InternetOpenA
100C155C: WININET.dll->HttpSendRequestA
100C1560: WININET.dll->HttpOpenRequestA
100C1566: WININET.dll->InternetCloseHandle
100C156C: WINMM.dll->timeSetEvent
100C1570: WINMM.dll->timeKillEvent
100C1574: WINMM.dll->timeGetTime
100C157C: WS2_32.dll->inet_ntoa
100C1584: IMAGEHLP.dll->ImageGetCertificateHeader
100C1588: IMAGEHLP.dll->ImageEnumerateCertificates
100C1590: IPHLPAPI.dll->GetAdaptersInfo
    FUCK HS ! : :W

    Link :u l . t o/t0d3rv
    Last edited by otocu; 03-09-2011 at 09:56 AM.
« Previous Thread | Next Thread »