XP SP2 kernel32.LoadLibraryA F8 failed [Archive] - RCE Messageboard's Regroupment

View Full Version : XP SP2 kernel32.LoadLibraryA F8 failed

BetterWang

September 19th, 2004, 03:35

00401197 |. FF15 08304000 CALL DWORD PTR DS:[403008] ; kernel32.GetProcAddress
0040119D |. A3 0C304000 MOV DWORD PTR DS:[40300C],EAX ; kernel32.LoadLibraryA

here EAX = 7C882FC4, and

7C882FC0 0000 ADD BYTE PTR DS:[EAX],AL
7C882FC2 0000 ADD BYTE PTR DS:[EAX],AL
7C882FC4 >-E9 18C03276 JMP F2BAEFE1
7C882FC9 90 NOP
7C882FCA 90 NOP

if we press F8 at 7C882FC4 , we get EIP = F2BAEFE1, it fails to continue debug.

i think maybe this is a bug.

focht

September 20th, 2004, 12:10

Hi,

hard to say ...
Post a bigger snippet with arguments, that is the LoadLibrary() and GetProcAddress() calls.
Post list of loaded modules with base address, especially the one, where the jump is referring to (former 0x7C882FCx).
The jump is suspicious ... looks like trampoline jump/code injector stuff.

Regards