1
RogueKiller / Re: Meaning of log file entry under Antirootkit
« on: October 06, 2015, 10:28:38 PM »
Curson, Thank you very much!
LearnerDriver
LearnerDriver
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
RogueKiller / Meaning of log file entry under Antirootkit
« on: October 06, 2015, 12:21:21 AM »
I've just started to dip my toe into the water. After running RogueKiller the log file lists results under Antirootkit like the following:
I'm trying to figure out what this means. Taking the first entry, does it mean something along the lines of the call to NtMapViewOfSection (which is in Kernel32.dll) is being redirected to 0x719f0022 in Unknown? And why is ntdll.dll also listed.
Sorry for looking dumb, but I'm a newbie just starting out on this adventure....
Thanks
Code: [Select]
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x719f0022 (jmp 0xfa470392|jmp dword [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ rooksbas.dll) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret|jmp dword [0x719b001e]|jmp 0x10)I'm trying to figure out what this means. Taking the first entry, does it mean something along the lines of the call to NtMapViewOfSection (which is in Kernel32.dll) is being redirected to 0x719f0022 in Unknown? And why is ntdll.dll also listed.
Sorry for looking dumb, but I'm a newbie just starting out on this adventure....
Thanks
Pages: [1]
