forked from helviojunior/hookchain
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheckpoint.txt
165 lines (135 loc) · 5.71 KB
/
checkpoint.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
[+] Listing ntdll Nt/Zw functions
------------------------------------------
NtAdjustPrivilegesToken is hooked
NtAllocateVirtualMemory is hooked
NtCreateEvent is hooked
NtCreateMutant is hooked
NtCreateSemaphore is hooked
NtCreateThread is hooked
NtCreateThreadEx is hooked
NtDuplicateObject is hooked
NtDuplicateToken is hooked
NtFreeVirtualMemory is hooked
NtMapViewOfSection is hooked
NtOpenEvent is hooked
NtOpenMutant is hooked
NtOpenProcessToken is hooked
NtOpenSemaphore is hooked
NtProtectVirtualMemory is hooked
NtQuerySystemInformation is hooked
NtQuerySystemInformationEx is hooked
NtQuerySystemTime is hooked
NtQueueApcThread is hooked
NtQueueApcThreadEx is hooked
NtReadVirtualMemory is hooked
NtResumeProcess is hooked
NtResumeThread is hooked
NtSetContextThread is hooked
NtSetInformationProcess is hooked
NtSetInformationThread is hooked
NtSuspendProcess is hooked
NtSuspendThread is hooked
NtTerminateProcess is hooked
NtTerminateThread is hooked
NtUnmapViewOfSection is hooked
NtWriteVirtualMemory is hooked
Mapped 476 functions
[+] Listing loaded modules
------------------------------------------
C:\Users\M4v3r1ck\Desktop\hook\hookchain_finder64.exe is loaded at 0x00007ff6aa0d0000.
C:\Windows\SYSTEM32\ntdll.dll is loaded at 0x00007ffaad0d0000.
C:\Windows\System32\KERNEL32.DLL is loaded at 0x00007ffaac5f0000.
C:\Windows\System32\KERNELBASE.dll is loaded at 0x00007ffaaa9b0000.
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\SBA_ISWWH.dll is loaded at 0x0000000078c90000.
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cphnt64.dll is loaded at 0x00007ffa56f10000.
C:\Windows\SYSTEM32\apphelp.dll is loaded at 0x00007ffaa7820000.
C:\Windows\System32\msvcrt.dll is loaded at 0x00007ffaac7f0000.
C:\Program Files\NDDigital\nddPrint\Agent\nddPrint.Agent.SpoolMonitor64.dll is loaded at 0x00007ffa9f1d0000.
C:\Windows\System32\WS2_32.dll is loaded at 0x00007ffaabdf0000.
C:\Windows\System32\RPCRT4.dll is loaded at 0x00007ffaacb10000.
C:\Windows\System32\USER32.dll is loaded at 0x00007ffaac390000.
C:\Windows\System32\win32u.dll is loaded at 0x00007ffaaa950000.
C:\Windows\System32\GDI32.dll is loaded at 0x0000018f838c0000.
C:\Windows\System32\gdi32full.dll is loaded at 0x00007ffaaa7b0000.
C:\Windows\System32\msvcp_win.dll is loaded at 0x00007ffaaafe0000.
C:\Windows\System32\ucrtbase.dll is loaded at 0x00007ffaaaee0000.
C:\Windows\System32\ADVAPI32.dll is loaded at 0x00007ffaac6b0000.
C:\Windows\System32\sechost.dll is loaded at 0x00007ffaac970000.
C:\Windows\System32\SHELL32.dll is loaded at 0x00007ffaab110000.
C:\Windows\SYSTEM32\Secur32.dll is loaded at 0x00007ffaa2640000.
C:\Windows\SYSTEM32\nddigital.log4cxx.dll is loaded at 0x0000000180000000.
C:\Windows\SYSTEM32\WINSPOOL.DRV is loaded at 0x00007ffa98e80000.
C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_08e1c10da83fbc83\MSVCP90.dll is loaded at 0x0000000050bb0000.
C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_08e1c10da83fbc83\MSVCR90.dll is loaded at 0x0000000050b00000.
C:\Windows\SYSTEM32\ODBC32.dll is loaded at 0x00007ffa991a0000.
C:\Windows\System32\CRYPT32.dll is loaded at 0x00007ffaaac80000.
C:\Windows\SYSTEM32\SSPICLI.DLL is loaded at 0x00007ffaaa670000.
C:\Windows\SYSTEM32\DPAPI.DLL is loaded at 0x00007ffaaa4e0000.
C:\Windows\System32\IMM32.DLL is loaded at 0x00007ffaab0e0000.
C:\Windows\SYSTEM32\windows.storage.dll is loaded at 0x00007ffaa8780000.
C:\Windows\System32\combase.dll is loaded at 0x00007ffaab910000.
C:\Windows\SYSTEM32\Wldp.dll is loaded at 0x00007ffaaa130000.
C:\Windows\System32\SHCORE.dll is loaded at 0x00007ffaabe60000.
C:\Windows\System32\shlwapi.dll is loaded at 0x00007ffaaca90000.
C:\Windows\SYSTEM32\ntmarta.dll is loaded at 0x00007ffaa9030000.
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cphusr64.dll is loaded at 0x00007ffa88520000.
[+] Listing hooked modules
------------------------------------------
Checking ntdll.dll at KERNEL32.DLL IAT
+-- 0 hooked functions.
Checking ntdll.dll at KERNELBASE.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at SBA_ISWWH.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at cphnt64.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at apphelp.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at msvcrt.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at WS2_32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at RPCRT4.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at USER32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at GDI32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at gdi32full.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at ADVAPI32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at sechost.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at SHELL32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at Secur32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at WINSPOOL.DRV IAT
+-- 0 hooked functions.
Checking ntdll.dll at ODBC32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at CRYPT32.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at SSPICLI.DLL IAT
+-- 0 hooked functions.
Checking ntdll.dll at DPAPI.DLL IAT
+-- 0 hooked functions.
Checking ntdll.dll at IMM32.DLL IAT
+-- 0 hooked functions.
Checking ntdll.dll at windows.storage.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at combase.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at Wldp.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at SHCORE.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at shlwapi.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at ntmarta.dll IAT
+-- 0 hooked functions.
Checking ntdll.dll at cphusr64.dll IAT
+-- 0 hooked functions.
------------------------------------------
Completed