Forum for analysis and discussion about malware.
Post Reply
Posts: 19
Joined: Tue Mar 01, 2016 11:04 pm


Post by heart888 » Wed Mar 16, 2016 5:36 am

I was reversing a cryptowall sample.
while debuggig the child process, I hit this, and exit (The instruction at 0x7C918FEA referenced memory at 0x10. The memory could not be written -)
ntdll.dll:7C90EAD0 ntdll_KiUserCallbackDispatcher:
ntdll.dll:7C90EAD0 add esp, 4
ntdll.dll:7C90EAD3 pop edx
ntdll.dll:7C90EAD4 mov eax, large fs:18h
ntdll.dll:7C90EADA mov eax, [eax+30h]
ntdll.dll:7C90EADD mov eax, [eax+2Ch]
ntdll.dll:7C90EAE0 call dword ptr [eax+edx*4]
ntdll.dll:7C90EAE3 xor ecx, ecx
ntdll.dll:7C90EAE5 xor edx, edx

I have patched byte to 0 at offset, but still doesn't work. Appreciate if you could assist.:D
You do not have the required permissions to view the files attached to this post.

Post Reply