malformed JMPs) are usually caught by the Data Execution Prevention in recent operating systems. The most common exception is, like in this example, 0xc0000005 (EXCEPTION_ACCESS_VIOLATION), which means, that the client attempted to read from, write to or execute an invalid memory position (for example accessing members of a NULL pointer) or a memory location, which is not enabled for such access (for example writing in executable-only memory). This line indicates, what actually went wrong with the client. Exception Type Exception Type: 0xc0000005 Note, that the time stamp can be easily changed, so do not depend on it too much, when the executable is encrypted or otherwise protected. To see the time-stamp you have to load the client into a PE editor/analyser LordPE and PEiD are capable of displaying those for example. Since there are sometimes multiple clients with the same date, you have to check the exact time-stamp of the client. In this case, it indicates the use of RagexeRE client. The first part (0x4ad4401b) is the raw representation of the time-stamp in seconds since 00:00:00 UTC (Unix time-stamp), the second part (Tue Oct 13 10:53:47 2009) is the human-readable representation of the time-stamp. This information is hard-coded into the client and helps to find out, what client version this is supposed to be. It is not the last modification or creation date of the client. This line represents the time and date, when the client was built (linked). It can also give you certain clue, if the client was renamed for whatever reason. It aids finding the issue, because certain paths can have restrictions on certain operating systems. This line shows you, where the affected client is located and how it is called. Job : Novice Module Name Module Name: C:\PATH\TO\YOUR\RO\091013RE.EXE Sample Exception Module Name: C:\PATH\TO\YOUR\RO\091013RE.EXE If you post it in a board, put it into tags, because they make it more readable. ![]() ![]() When you work with RO exceptions, it is the best, to view them with a fixed-width font, inside a text editor. If you find a mistake or have a suggestion, please post it in the bbs. Before you continue reading, read the disclaimer first. You should have some knowledge of the structure and terms related to the Portable Executable format. You are required to have certain knowledge of the Assembly language and be able to work with a debugger (for example OllyDbg, which will be used in this overview). This small overview describes reading of unhandled RO client exceptions (also known as 'Gravity Error').
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |