scdbg ordinal lookup


Author: David Zimmer
Date: 06.07.11 - 6:44am



Couple weeks ago I went through and redid all the export tables to fully support ordinal lookups for every api. Wasnt sure how many shellcodes would utilize it, but just found another..

4012f9  GetProcAddress(kernel32.0x245) - LoadLibraryA by ordinal
401691  LoadLibraryA(kernel32)
4012f9  GetProcAddress(kernel32.0x50) - CreateFileA by ordinal
4012f9  GetProcAddress(kernel32.0x391) - WriteFile by ordinal
4012f9  GetProcAddress(kernel32.0x2a7) - ReadFile by ordinal
4012f9  GetProcAddress(kernel32.0x15c) - GetFileSize by ordinal
4012f9  GetProcAddress(kernel32.0x32) - CloseHandle by ordinal
4012f9  GetProcAddress(kernel32.0x385) - WinExec by ordinal
4012f9  GetProcAddress(kernel32.0x1cc) - GetTempPathA by ordinal
4012f9  GetProcAddress(kernel32.0x30a) - SetFilePointer by ordinal
4012f9  GetProcAddress(kernel32.0x10a) - GetCommandLineA by ordinal
4012f9  GetProcAddress(kernel32.0xb7) - ExitProcess by ordinal
401691  LoadLibraryA(shell32)
4012f9  GetProcAddress(shell32.0x167) - ShellExecuteA by ordinal
401709  GetCommandLineA() = 2531d0
40142e  GetTempPath(len=104, buf=12f858) = 8
...





Comments: (0)

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 33 + 33 = ? followed by the letter: G 



Twitter
RSS
About Me
More Blogs
Main Site
Posts: (All)
2020 ( 6 )
2019 ( 12 )
2017 ( 5 )
2016 ( 4 )
2015 ( 6 )
2014 ( 5 )
2013 ( 9 )
2012 ( 13 )
2011 (19)
     Graphing ideas
     .Net Hacking
     Old iDefense Releases
     BootLoaders
     hll shellcode
     ActionScript Tips
     -patch fu
     scdbg ordinal lookup
     scdbg -api mode
     Peb Module Lists
     scdbg vrs Process Injection
     GetProcAddress Scanner
     scdbg fopen mode
     scdbg findsc mode
     scdbg MemMonitor
     demo shellcodes
     scdbg download
     api hashs redux
     Api hash gen
2010 ( 11 )
2009 ( 1 )