scdbg ordinal lookupAuthor: David Zimmer Date: 06.07.11 - 6:44am Couple weeks ago I went through and redid all the export tables to fully support ordinal lookups for every api. Wasnt sure how many shellcodes would utilize it, but just found another.. 4012f9 GetProcAddress(kernel32.0x245) - LoadLibraryA by ordinal 401691 LoadLibraryA(kernel32) 4012f9 GetProcAddress(kernel32.0x50) - CreateFileA by ordinal 4012f9 GetProcAddress(kernel32.0x391) - WriteFile by ordinal 4012f9 GetProcAddress(kernel32.0x2a7) - ReadFile by ordinal 4012f9 GetProcAddress(kernel32.0x15c) - GetFileSize by ordinal 4012f9 GetProcAddress(kernel32.0x32) - CloseHandle by ordinal 4012f9 GetProcAddress(kernel32.0x385) - WinExec by ordinal 4012f9 GetProcAddress(kernel32.0x1cc) - GetTempPathA by ordinal 4012f9 GetProcAddress(kernel32.0x30a) - SetFilePointer by ordinal 4012f9 GetProcAddress(kernel32.0x10a) - GetCommandLineA by ordinal 4012f9 GetProcAddress(kernel32.0xb7) - ExitProcess by ordinal 401691 LoadLibraryA(shell32) 4012f9 GetProcAddress(shell32.0x167) - ShellExecuteA by ordinal 401709 GetCommandLineA() = 2531d0 40142e GetTempPath(len=104, buf=12f858) = 8 ... Comments: (0) |
About Me More Blogs Main Site
|
|||||||||||||||||||||||||||||||||