Author Topic: SysAnalyzer (Read 348 times)

llAmElliK · « **on:** August 20, 2006, 10:39:53 PM »

Velmi povedenej nastroj - monitoring spustene apzz sned ve vsech smerech - jen pro zajimavost sem tady vytahl kus vypisu z Dark Lady Cme - vcetne adres "packlyho"programu...........

Kernel31 Api Log

--------------------------------------------------
***** Installing Hooks *****
71a94401     RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\WinSock2\Parameters)
71a94c59     RegOpenKeyExA (Protocol_Catalog9)
71a9457f     RegOpenKeyExA (00000016)
71a94650     RegOpenKeyExA (Catalog_Entries)
71a94952     RegOpenKeyExA (000000000001)
71a94952     RegOpenKeyExA (000000000002)
71a94952     RegOpenKeyExA (000000000003)
71a94952     RegOpenKeyExA (000000000004)
71a94952     RegOpenKeyExA (000000000005)
71a94952     RegOpenKeyExA (000000000006)
71a94952     RegOpenKeyExA (000000000007)
71a94952     RegOpenKeyExA (000000000008)
71a94952     RegOpenKeyExA (000000000009)
71a94952     RegOpenKeyExA (000000000010)
71a94952     RegOpenKeyExA (000000000011)
71a94952     RegOpenKeyExA (000000000012)
71a94952     RegOpenKeyExA (000000000013)
71a94952     RegOpenKeyExA (000000000014)
71a94952     RegOpenKeyExA (000000000015)
71a94952     RegOpenKeyExA (000000000016)
71a94952     RegOpenKeyExA (000000000017)
71a94952     RegOpenKeyExA (000000000018)
71a94952     RegOpenKeyExA (000000000019)
71a94952     RegOpenKeyExA (000000000020)
71a94952     RegOpenKeyExA (000000000021)
71a94952     RegOpenKeyExA (000000000022)
71a94952     RegOpenKeyExA (000000000023)
71a94952     RegOpenKeyExA (000000000024)
71a91779     WaitForSingleObject(7a0,0)
71a94e6d     RegOpenKeyExA (NameSpace_Catalog5)
71a9457f     RegOpenKeyExA (00000003)
71a94797     RegOpenKeyExA (Catalog_Entries)
71a94efa     RegOpenKeyExA (000000000001)
71a94efa     RegOpenKeyExA (000000000002)
71a91779     WaitForSingleObject(798,0)
71a816bd     RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters)
71a8157c     GlobalAlloc()
77e802f3     ExitThread()
406370     GetCommandLineA()
405983     RegOpenKeyExA (HKCU\Software\Borland\Locales)
40c53b     GetVersionExA()
44213e     GetCurrentProcessId()=964
746f1a28     GetVersionExA()
746f1a8f     GetCommandLineA()
746f24c6     GetVersionExA()
746f262c     RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\CTF\Compatibility\DarkLady.exe)
746f19a8     CreateMutex(MSUIM.GlobalLangBarEventSink.Mutex)
746f19a8     CreateMutex(MSUIM.GlobalCompartment.Mutex)
746f19a8     CreateMutex(MSUIM.Assembly.Mutex)
746f19a8     CreateMutex(MSUIM.Layouts.Mutex)
746f26a8     CreateMutex(MSUIM.MarshalInterfaceMutex.TMD)
746f18be     RegOpenKeyExA (HKCU\Keyboard Layout\Toggle)
746f1ef9     RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\CTF\)
74702d81     GetCurrentProcessId()=964
746f19a8     CreateMutex(MSCTF.TimListMUTEX.)
746f46e6     WaitForSingleObject(770,1388)
74702e54     GetCurrentProcessId()=964
ac2870     GetVersionExA()
ac13fa     GetCommandLineA()
46ac9b     CreateFileA(\\.\SICE)
46acd7     CreateFileA(\\.\NTICE)
402c91     CreateFileA(C:\Autoexec.bat)
402b7b     ReadFile()
46de9c     GetVersionExA()
46c431     LoadLibraryA(PSAPI.dll)=76be0000
46ddf5     OpenProcess(pid=0)
46ddf5     OpenProcess(pid=4)
76be1c74     ReadProcessMemory(h=764)
76be1720     ReadProcessMemory(h=764)
46ddf5     OpenProcess(pid=352)
76be1c92     ReadProcessMemory(h=764)
76be1cbe     ReadProcessMemory(h=764)
76be173f     ReadProcessMemory(h=764)
76be175d     ReadProcessMemory(h=764)
76be16af     ReadProcessMemory(h=764)
46ddf5     OpenProcess(pid=408)
46ddf5     OpenProcess(pid=440)
46ddf5     OpenProcess(pid=484)
46ddf5     OpenProcess(pid=496)
46ddf5     OpenProcess(pid=648)
46ddf5     OpenProcess(pid=684)
46ddf5     OpenProcess(pid=748)
46ddf5     OpenProcess(pid=872)
46ddf5     OpenProcess(pid=936)
46ddf5     OpenProcess(pid=968)
46ddf5     OpenProcess(pid=1072)
46ddf5     OpenProcess(pid=1284)
46ddf5     OpenProcess(pid=1448)
46ddf5     OpenProcess(pid=1480)
46ddf5     OpenProcess(pid=1496)
46ddf5     OpenProcess(pid=1536)
46ddf5     OpenProcess(pid=1544)
46ddf5     OpenProcess(pid=1552)
46ddf5     OpenProcess(pid=1568)
46ddf5     OpenProcess(pid=1576)
46ddf5     OpenProcess(pid=1584)
46ddf5     OpenProcess(pid=1596)
46ddf5     OpenProcess(pid=1608)
46ddf5     OpenProcess(pid=1616)
46ddf5     OpenProcess(pid=1624)
46ddf5     OpenProcess(pid=1632)
46ddf5     OpenProcess(pid=1964)
46ddf5     OpenProcess(pid=1976)
46ddf5     OpenProcess(pid=2004)
46ddf5     OpenProcess(pid=2028)
46ddf5     OpenProcess(pid=172)
46ddf5     OpenProcess(pid=960)
46ddf5     OpenProcess(pid=1724)
46ddf5     OpenProcess(pid=1192)
46ddf5     OpenProcess(pid=2068)
46ddf5     OpenProcess(pid=2860)
46ddf5     OpenProcess(pid=3208)
46ddf5     OpenProcess(pid=964)
46ddf5     OpenProcess(pid=3276)
42b4f3     RegOpenKeyExA (HKLM\Software\Temp)
42b4f3     RegOpenKeyExA (HKLM\Software\DL)
46d586     CreateFileA(D:\Cracking\Crackmes\DarkLady.CME[t4C]\DarkLady.exe)
407063     GlobalAlloc()
5b258000     GetCurrentProcessId()=964
42676b     LoadLibraryA(uxtheme.dll)=5b250000
77331dbc     GetCurrentProcessId()=964
77dcad96     LoadLibraryA(Secur32.dll)=76f80000
402a5f     GetCommandLineA()
433ab7     GetCurrentProcessId()=964
40462f     ExitProcess()
746f3a08     GetCurrentProcessId()=964
746f3905     GetCurrentProcessId()=964
***** Injected Process Terminated *****

ftp / TOOLs / analyzer

DARKER · « **Reply #1 on:** August 21, 2006, 08:16:28 AM »

A je tu aj video tutorial ako tento tool pouzivat ak by to niekoho zaujimalo ...
http://labs.idefense.com/doDownload.php?downloadID=19

Domaca stranka nastroja:
http://labs.idefense.com/labs-software.php?show=15

RE FORUM

News:

Author Topic: SysAnalyzer (Read 348 times)

llAmElliK

SysAnalyzer

DARKER

Re: SysAnalyzer