.PaiMei crash with an Access Violation when debugging IE. I have only added mshtm.dll pida module. When pstalker is loading mshtmled.dll it crash with the following error:
[*] Loading 0x76200000 \WINDOWS\SYSTEM32\mshtmled.dll
[*] 0x7f5c131f Unable to disassemble at 7f5c131f from thread 5116 caused access violation
when attempting to read from 0x7f5c131f
CONTEXT DUMP
EIP: 7f5c131f Unable to disassemble at 7f5c131f
EAX: 00000002 ( 2) -> N/A
EBX: 7ffd4000 (2147303424) -> N/A
ECX: 7e9012e2 (2123371234) -> N/A
EDX: 80084004 (2148024324) -> N/A
EDI: 00000000 ( 0) -> N/A
ESI: 00000001 ( 1) -> N/A
EBP: 04ccfc0c ( 80542732) -> N/A
ESP: 04ccfbf8 ( 80542712) -> ~~ ,|~@xJ$e|~~@@~xJ$D|||,, (stack)
+00: 7e901311 (2123371281) -> N/A
+04: 7e830000 (2122514432) -> N/A
+08: 00000002 ( 2) -> N/A
+0c: 00000000 ( 0) -> N/A
+10: 04ccfc20 ( 80542752) -> @xJ$e|~~@@~xJ$D|||,,||| (stack)
+14: 04ccfc2c ( 80542764) -> e|~~@@~xJ$D|||,,|||,| (stack)
disasm around:
0x7f5c131f Unable to disassemble
stack unwind:
7c9111a7
7c928f65
7c928dde
7c91eac7
SEH unwind:
04ccfd08 -> 7c91ee18: push ebp
ffffffff -> 7c91ee18: push ebp
What is the problem? Shall i have to load mshtmled pida module too?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}