|
stolen bytes
here are the stolen bytes
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 421D08
PUSH 41B640
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0],ESP
SUB ESP,68
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR SS:[EBP-18],ESP
XOR EBX,EBX
MOV DWORD PTR SS:[EBP-4],EBX
PUSH 2
just do a trace from the last exception when eip is in the code section. If you look in your trace log you'll see the above stolen bytes
Regards lownoise
|