-----Original Message-----
From: Hodgson, Charles [mailto:charles.hodgson@luton.gov.uk]
When running pwdump3e the server restarts with the following message:
Comment: The system process 'C:\WINDOWS\system32\lsass.exe'
terminated unexpectedly with status code -2147483645. The
system will now shut down and restart.
It might be coiincidental that the machine rebooted when I
used pwdump3e, but Id like to work out all possible solutions.
This is due to Hardware based DEP. Allocated memory not flagged as
executable which DEP doesn't like.
See this link. http://lists.virus.org/pen-test-0509/msg00232.html
Using pwdump3 I have been able to obtain hash files from W2k
DCs without any issues in the past, but switched to 3e for
the W2k3 DCs.
That's because Hardware based DEP wasn't present.
On the homepage for pwdump6 and fgdump
(http://www.foofus.net/fizzgig/fgdump/) it mentions crashes
caused by lsass, but nothing more then that. I have yet to
try fgdump or pwdump6 so again, any feedback would be much
appreciated.
Eventually I'm to test this version on the newer hardware to verify it
works correctly but it should since the patches are present.
Thanks,
Brett Simpson
HSN Security Operations
CCSE Plus, RHCT
(727) 872-7212
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
