Your Ad Here

Poll: Does Sony Have the Right to Put a Rootkit on your PS3?

CLICK HERE TO VOTE NOW

• Yes, definitely.
• NO! that's insane.
• Don't know. Don't care.
• What PS3 rootkit?!


Over 51,000 visitors on JAILBREAKSCENE.COM have seen this news and now we want to know what you think, by voting!

Extract processes from Hypervisor dumps using IDC script

ImageShack, share photos, pictures, free image hosting, free video hosting, image hosting, video hosting, photo image hosting site, video hosting site

Forum member Jack Chen, from psx-scene, has released an IDC script which will help in the extraction of processes from hypervisor dumps. See below for more of what he had to say about this script.
"I originally posted this IDC file I made in Xorloser's Blog. But I think not everyone goes there in a frequent manner. Here is a IDC script I made for those interested in extracting the processes from HV dump, and by the way my name is Jack Chen[...]"

"For those who are new to HV reversing like I am. Here I made a quick IDC script for those interested in tracing the process protection pages to realize the VA and RA address mapping being used by the process.

You must execute the HV_DUMP.IDC from xorloser first, then apply this IDC later because it requires a opd_table to be defined first. and it’s for 3.15 HV only because that’s the only HV dump I have. process 0 is not extractable. there seems some data missing in the process object of process 0.

I am working on a different IDC script to extract the pages to a new file in order to get a file which RA=VA so I can analyze the code more easily."
"Here is the output for process 6 extraction from the dump I have:

]opd_addr = 003214d0
rtoc_addr = 00350470
process_table_addr = 0035e850
process_obj_addr = 00368cf0
process_protection_domain_addr = 0036a960
protection_page_addr = 0036ab00, RA=000f4000, VA=80000000, next page addr = 0036ab30
protection_page_addr = 0036ab30, RA=000f5000, VA=80001000, next page addr = 0036ab60
protection_page_addr = 0036ab60, RA=000f6000, VA=80002000, next page addr = 0036ab90
protection_page_addr = 0036ab90, RA=000f7000, VA=80003000, next page addr = 0036abc0
protection_page_addr = 0036abc0, RA=000f8000, VA=80004000, next page addr = 0036abf0
protection_page_addr = 0036abf0, RA=000f9000, VA=80005000, next page addr = 0036ac20
protection_page_addr = 0036ac20, RA=000fa000, VA=80006000, next page addr = 0036ac50
protection_page_addr = 0036ac50, RA=000fb000, VA=80007000, next page addr = 0036ac80
protection_page_addr = 0036ac80, RA=000fc000, VA=80008000, next page addr = 0036acb0
protection_page_addr = 0036acb0, RA=000fd000, VA=80009000, next page addr = 0036ace0
protection_page_addr = 0036ace0, RA=000fe000, VA=8000a000, next page addr = 0036ad10
protection_page_addr = 0036ad10, RA=000ff000, VA=8000b000, next page addr = 0036ad40
protection_page_addr = 0036ad40, RA=00700000, VA=8000c000, next page addr = 0036ad70
protection_page_addr = 0036ad70, RA=00701000, VA=8000d000, next page addr = 0036ada0
protection_page_addr = 0036ada0, RA=00702000, VA=8000e000, next page addr = 0036add0
protection_page_addr = 0036add0, RA=00703000, VA=8000f000, next page addr = 0036ae00
protection_page_addr = 0036ae00, RA=00704000, VA=80010000, next page addr = 0036ae30
protection_page_addr = 0036ae30, RA=00705000, VA=80011000, next page addr = 0036ae60
protection_page_addr = 0036ae60, RA=00706000, VA=80012000, next page addr = 0036ae90
protection_page_addr = 0036ae90, RA=00707000, VA=80013000, next page addr = 0036aec0
protection_page_addr = 0036aec0, RA=00708000, VA=80014000, next page addr = 0036aef0
protection_page_addr = 0036aef0, RA=00709000, VA=80015000, next page addr = 0036af20
protection_page_addr = 0036af20, RA=0070a000, VA=80016000, next page addr = 0036af50
protection_page_addr = 0036af50, RA=0070b000, VA=80017000, next page addr = 0036af80
protection_page_addr = 0036af80, RA=0070c000, VA=80018000, next page addr = 0036afb0
protection_page_addr = 0036afb0, RA=0070d000, VA=80019000, next page addr = 0036afe0
protection_page_addr = 0036afe0, RA=0070e000, VA=8001a000, next page addr = 0036b010
protection_page_addr = 0036b010, RA=0070f000, VA=8001b000, next page addr = 0036b040
protection_page_addr = 0036b040, RA=00710000, VA=8001c000, next page addr = 0036b070
protection_page_addr = 0036b070, RA=00711000, VA=8001d000, next page addr = 0036b0a0
protection_page_addr = 0036b0a0, RA=00712000, VA=8001e000, next page addr = 0036b0d0
protection_page_addr = 0036b0d0, RA=00713000, VA=8001f000, next page addr = 0036b100
protection_page_addr = 0036b100, RA=00714000, VA=80020000, next page addr = 0036b130
protection_page_addr = 0036b130, RA=00715000, VA=80021000, next page addr = 0036b160
protection_page_addr = 0036b160, RA=00716000, VA=80022000, next page addr = 0036b190
protection_page_addr = 0036b190, RA=00717000, VA=80023000, next page addr = 0036b1c0
protection_page_addr = 0036b1c0, RA=00718000, VA=80024000, next page addr = 0036b1f0
protection_page_addr = 0036b1f0, RA=00719000, VA=80025000, next page addr = 0036b220
protection_page_addr = 0036b220, RA=0071a000, VA=80026000, next page addr = 0036b250
protection_page_addr = 0036b250, RA=0071b000, VA=80027000, next page addr = 0036b280
protection_page_addr = 0036b280, RA=0071c000, VA=80028000, next page addr = 0036b2b0
protection_page_addr = 0036b2b0, RA=0071d000, VA=80029000, next page addr = 0036b2e0
protection_page_addr = 0036b2e0, RA=0071e000, VA=8002a000, next page addr = 0036b310
protection_page_addr = 0036b310, RA=0071f000, VA=8002b000, next page addr = 0036b340
protection_page_addr = 0036b340, RA=00720000, VA=8002c000, next page addr = 0036b370
protection_page_addr = 0036b370, RA=00721000, VA=8002d000, next page addr = 0036b3a0
protection_page_addr = 0036b3a0, RA=00722000, VA=8002e000, next page addr = 0036b3d0
protection_page_addr = 0036b3d0, RA=00723000, VA=8002f000, next page addr = 0036b400
protection_page_addr = 0036b400, RA=00724000, VA=80030000, next page addr = 0036b430
protection_page_addr = 0036b430, RA=00725000, VA=80031000, next page addr = 0036b460
protection_page_addr = 0036b460, RA=00726000, VA=80032000, next page addr = 0036b490
protection_page_addr = 0036b490, RA=00727000, VA=80033000, next page addr = 0036b4c0
protection_page_addr = 0036b4c0, RA=00728000, VA=80034000, next page addr = 0036b4f0
protection_page_addr = 0036b4f0, RA=00729000, VA=80035000, next page addr = 0036b520
protection_page_addr = 0036b520, RA=0072a000, VA=80036000, next page addr = 0036b550
protection_page_addr = 0036b550, RA=0072b000, VA=80037000, next page addr = 0036b580
protection_page_addr = 0036b580, RA=0072c000, VA=80038000, next page addr = 0036b5b0
protection_page_addr = 0036b5b0, RA=0072d000, VA=80039000, next page addr = 0036b5e0
protection_page_addr = 0036b5e0, RA=0072e000, VA=8003a000, next page addr = 0036b610
protection_page_addr = 0036b610, RA=0072f000, VA=8003b000, next page addr = 0036b640
protection_page_addr = 0036b640, RA=00730000, VA=8003c000, next page addr = 0036b670
protection_page_addr = 0036b670, RA=00731000, VA=8003d000, next page addr = 0036b6a0
protection_page_addr = 0036b6a0, RA=00732000, VA=8003e000, next page addr = 0036b6d0
protection_page_addr = 0036b6d0, RA=00733000, VA=8003f000, next page addr = 0036b700
protection_page_addr = 0036b700, RA=00734000, VA=80040000, next page addr = 0036b730
protection_page_addr = 0036b730, RA=00735000, VA=80041000, next page addr = 0036b760
protection_page_addr = 0036b760, RA=00736000, VA=80042000, next page addr = 0036b790
protection_page_addr = 0036b790, RA=00737000, VA=80043000, next page addr = 0036b7c0
protection_page_addr = 0036b7c0, RA=00738000, VA=80044000, next page addr = 0036b7f0
protection_page_addr = 0036b7f0, RA=00739000, VA=80045000, next page addr = 0036b820
protection_page_addr = 0036b820, RA=0073a000, VA=80046000, next page addr = 0036b850
protection_page_addr = 0036b850, RA=0073b000, VA=80047000, next page addr = 0036b880
protection_page_addr = 0036b880, RA=0073c000, VA=80048000, next page addr = 0036b8b0
protection_page_addr = 0036b8b0, RA=0073d000, VA=80049000, next page addr = 0036b8e0
protection_page_addr = 0036b8e0, RA=0073e000, VA=8004a000, next page addr = 0036b910
protection_page_addr = 0036b910, RA=0073f000, VA=8004b000, next page addr = 0036b940
protection_page_addr = 0036b940, RA=00740000, VA=8004c000, next page addr = 0036b970
protection_page_addr = 0036b970, RA=00741000, VA=8004d000, next page addr = 0036b9a0
protection_page_addr = 0036b9a0, RA=00742000, VA=8004e000, next page addr = 0036b9d0
protection_page_addr = 0036b9d0, RA=00743000, VA=8004f000, next page addr = 0036ba00
protection_page_addr = 0036ba00, RA=00744000, VA=80050000, next page addr = 0036ba30
protection_page_addr = 0036ba30, RA=00745000, VA=80051000, next page addr = 0036ba60
protection_page_addr = 0036ba60, RA=00746000, VA=80052000, next page addr = 0036ba90
protection_page_addr = 0036ba90, RA=00747000, VA=80053000, next page addr = 0036bac0
protection_page_addr = 0036bac0, RA=00748000, VA=80054000, next page addr = 0036baf0
protection_page_addr = 0036baf0, RA=00749000, VA=80055000, next page addr = 0036bb20
protection_page_addr = 0036bb20, RA=0074a000, VA=80056000, next page addr = 0036bb50
protection_page_addr = 0036bb50, RA=0074b000, VA=80057000, next page addr = 00127900
protection_page_addr = 00127900, RA=0075d000, VA=a0000000, next page addr = 00369e20
protection_page_addr = 00369e20, RA=0015d000, VA=a0002000, next page addr = 0036bb80
protection_page_addr = 0036bb80, RA=0074c000, VA=c0000000, next page addr = 0036bbd0
protection_page_addr = 0036bbd0, RA=0074d000, VA=c0001000, next page addr = 0036bc00
protection_page_addr = 0036bc00, RA=0074e000, VA=c0002000, next page addr = 0036bc30
protection_page_addr = 0036bc30, RA=0074f000, VA=c0003000, next page addr = 0036bc60
protection_page_addr = 0036bc60, RA=00750000, VA=c0004000, next page addr = 0036bc90
protection_page_addr = 0036bc90, RA=00751000, VA=c0005000, next page addr = 0036bcc0
protection_page_addr = 0036bcc0, RA=00752000, VA=c0006000, next page addr = 0036bcf0
protection_page_addr = 0036bcf0, RA=00753000, VA=c0007000, next page addr = 0036bd20
protection_page_addr = 0036bd20, RA=00754000, VA=c0008000, next page addr = 0036bd50
protection_page_addr = 0036bd50, RA=00755000, VA=c0009000, next page addr = 0036bd80
protection_page_addr = 0036bd80, RA=00756000, VA=c000a000, next page addr = 0036bdb0
protection_page_addr = 0036bdb0, RA=00757000, VA=c000b000, next page addr = 0036bde0
protection_page_addr = 0036bde0, RA=00758000, VA=c000c000, next page addr = 0036be10
protection_page_addr = 0036be10, RA=00759000, VA=c000d000, next page addr = 0036be40
protection_page_addr = 0036be40, RA=0075a000, VA=c000e000, next page addr = 0036be70
protection_page_addr = 0036be70, RA=0075b000, VA=c000f000, next page addr = 0036bea0
protection_page_addr = 0036bea0, RA=0075c000, VA=c0010000, next page addr = 0012fc40
protection_page_addr = 0012fc40, RA=00768000, VA=ffffd000, next page addr = 00169e90
protection_page_addr = 00169e90, RA=00769000, VA=ffffe000, next page addr = 00169ec0
protection_page_addr = 00169ec0, RA=0076a000, VA=fffff000, next page addr = 0036a988
protection_page_addr = 0036a988, RA=ffffffffffffffff, VA=ffffffff, next page addr = 0036ab00"

[FileFactory]: DOWNLOAD HERE


Join FileFactory Today!

source
at 12/01/2010

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Your Ad Here