Log data

Address Message
Immunity Debugger 1.85.0.0 : R'lyeh
Need support? visit http://forum.immunityinc.com/
Error accesing memory
File 'C:\Users\IEUser\Desktop\vulnserver-master\vulnserver.exe'
[21:33:41] New process with ID 00000B3C created
Main thread with ID 00000A24 created
775BF27A New thread with ID 00000BA4 created
00400000 Modules C:\Users\IEUser\Desktop\vulnserver-master\vulnserver.exe
62500000 Modules C:\Users\IEUser\Desktop\vulnserver-master\essfunc.dll
74C70000 Modules C:\Windows\system32\mswsock.dll
74FA0000 Modules C:\Windows\System32\wshtcpip.dll
75010000 Modules C:\Windows\syswow64\CRYPTBASE.dll
75020000 Modules C:\Windows\syswow64\SspiCli.dll
75430000 Modules C:\Windows\syswow64\ADVAPI32.dll
75690000 Modules C:\Windows\syswow64\msvcrt.dll
75930000 Modules C:\Windows\syswow64\USP10.dll
759D0000 Modules C:\Windows\syswow64\NSI.dll
75B30000 Modules C:\Windows\syswow64\LPK.dll
75B40000 Modules C:\Windows\syswow64\MSCTF.dll
75D80000 Modules C:\Windows\syswow64\kernel32.dll
75F20000 Modules C:\Windows\syswow64\RPCRT4.dll
76DC0000 Modules C:\Windows\SysWOW64\sechost.dll
76DE0000 Modules C:\Windows\syswow64\user32.dll
76F90000 Modules C:\Windows\syswow64\GDI32.dll
77020000 Modules C:\Windows\syswow64\KERNELBASE.dll
77070000 Modules C:\Windows\syswow64\WS2_32.DLL
770D0000 Modules C:\Windows\system32\IMM32.DLL
77520000 Modules C:\Windows\SysWOW64\ntdll.dll
7753000C [21:33:41] Attached process paused at ntdll.DbgBreakPoint
[21:33:51] Thread 00000BA4 terminated, exit code 0
00401848 New thread with ID 00000BA4 created
756A8DD2 [21:36:08] Access violation when writing to [02240000]
0BADF00D [+] Command used:
0BADF00D !mona findmsp
0BADF00D [+] Looking for cyclic pattern in memory
0BADF00D Cyclic pattern (normal) found at 0x00363602 (length 4086 bytes)
0BADF00D Cyclic pattern (normal) found at 0x0223f20a (length 3572 bytes)
0BADF00D - Stack pivot between 34 & 3606 bytes needed to land in this
pattern
0BADF00D [+] Examining registers
0BADF00D EBP (0x0223f9d8) points at offset 1998 in normal pattern (length
1576)
0BADF00D EDX contains normal pattern : 0x70453170 (offset 3574)
0BADF00D ECX (0x003643fc) points at offset 3578 in normal pattern (length
508)
0BADF00D [+] Examining SEH chain
0BADF00D SEH record (nseh field) at 0x0223ffc4 overwritten with normal
pattern : 0x6e45316e (offset 3514), followed by 52 bytes of cyclic data after the
handler
0BADF00D [+] Examining stack (entire stack) - looking for cyclic pattern
0BADF00D Walking stack from 0x0223f000 to 0x0223fffc (0x00000ffc bytes)
0BADF00D 0x0223f20c : Contains normal cyclic pattern at ESP+0x24 (+36) :
offset 2, length 3572 (-> 0x0223ffff : ESP+0xe18)
0BADF00D [+] Examining stack (entire stack) - looking for pointers to cyclic
pattern
0BADF00D Walking stack from 0x0223f000 to 0x0223fffc (0x00000ffc bytes)
0BADF00D 0x0223f164 : Pointer into normal cyclic pattern at ESP-0x84 (-132) :
0x0223fc60 : offset 2646, length 928
0BADF00D 0x0223f168 : Pointer into normal cyclic pattern at ESP-0x80 (-128) :
0x0223f7a0 : offset 1430, length 2144
0BADF00D [+] Preparing output file 'findmsp.txt'
0BADF00D - Creating working folder c:\monalogs\vulnserver_2876
0BADF00D - Folder created
0BADF00D - (Re)setting logfile c:\monalogs\vulnserver_2876\findmsp.txt
0BADF00D [+] Generating module info table, hang on...
0BADF00D - Processing modules
0BADF00D - Done. Let's rock 'n roll.
0BADF00D
0BADF00D [+] This mona.py action took 0:00:01.891000