Task:
My brother has taught me the Windows kernel programming, but I always asked him to help me with debugging. He was pissed off after a while. So he created kernel dump analysis task for me. I can't find answer. Please help me to find key and I will give you N points. I know that he modified my keylogger somehow, and I'm sure that driver already unloaded in virtual PC.
P.S. I already get a few tips:
- key is SHA256 or decoded string
- My brother always make "Burp" and likes tea.
Here you can find a dump.
https://docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE
Here is a short how to...
First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView
Read more...
My brother has taught me the Windows kernel programming, but I always asked him to help me with debugging. He was pissed off after a while. So he created kernel dump analysis task for me. I can't find answer. Please help me to find key and I will give you N points. I know that he modified my keylogger somehow, and I'm sure that driver already unloaded in virtual PC.
P.S. I already get a few tips:
- key is SHA256 or decoded string
- My brother always make "Burp" and likes tea.
Here you can find a dump.
https://docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE
Here is a short how to...
First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView
Or just using search in WinDbg
Next start to analyze pool shown in log
Take a look inside.
Executable code found. Let's execute them. First we save memory.
To execute I will use Windbg. Load notepad in windbg, Readmem and set eip.
Here is a key:
