.idata:00401000 ; Input MD5 : D3D1F910763E1D654DFD4AFF381AF18B .idata:00401000 ; Input CRC32 : A6D5D2CB .idata:00401000 .idata:00401000 ; File Name : C:\Users\user\Documents\Visual Studio 2010\Projects\entrypoint\Release\entrypoint.exe .idata:00401000 ; Format : Portable executable for 80386 (PE) .idata:00401000 ; Imagebase : 400000 .idata:00401000 ; Section 1. (virtual address 00001000) .idata:00401000 ; Virtual size : 000001B6 ( 438.) .idata:00401000 ; Section size in file : 00000200 ( 512.) .idata:00401000 ; Offset to raw data for section: 00000200 .idata:00401000 ; Flags C0000040: Data Readable Writable .idata:00401000 ; Alignment : default .idata:00401000 ; .idata:00401000 ; Imports from ADVAPI32.dll .idata:00401000 ; .idata:00401000 .idata:00401000 .686p .idata:00401000 .mmx .idata:00401000 .model flat .idata:00401000 .idata:00401000 ; =========================================================================== .idata:00401000 .idata:00401000 ; Segment type: Externs .idata:00401000 ; _idata .idata:00401000 ; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer) .idata:00401000 extrn GetUserNameA:dword ; CODE XREF: start+15p .idata:00401000 ; DATA XREF: start+15r ... .idata:00401004 .idata:00401008 ; .idata:00401008 ; Imports from KERNEL32.dll .idata:00401008 ; .idata:00401008 ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped) .idata:00401008 extrn WriteFile:dword ; CODE XREF: printf+44p .idata:00401008 ; DATA XREF: printf+44r ... .idata:0040100C ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle) .idata:0040100C extrn GetStdHandle:dword ; CODE XREF: start+38p .idata:0040100C ; printf+3Dp .idata:0040100C ; DATA XREF: ... .idata:00401010 ; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) .idata:00401010 extrn ReadFile:dword ; CODE XREF: start+3Fp .idata:00401010 ; DATA XREF: start+3Fr .idata:00401014 .idata:00401018 ; .idata:00401018 ; Imports from USER32.dll .idata:00401018 ; .idata:00401018 ; int __stdcall wvsprintfA(LPSTR, LPCSTR, va_list arglist) .idata:00401018 extrn wvsprintfA:dword ; CODE XREF: printf+22p .idata:00401018 ; DATA XREF: printf+22r ... .idata:0040101C .idata:0040101C .data:00401020 ; =========================================================================== .data:00401020 .data:00401020 ; Segment type: Pure code .data:00401020 ; Segment permissions: Read/Write .data:00401020 _data segment para public 'DATA' use32 .data:00401020 assume cs:_data .data:00401020 ;org 401020h .data:00401020 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .data:00401020 dword_401020 dd 0BB40E64Eh ; DATA XREF: printf+9r .data:00401024 ; char dword_401024[] .data:00401024 dword_401024 dd 20617363h, 0A7325h, 0 ; DATA XREF: start+1Fo .data:00401030 assume fs:nothing, gs:nothing .data:00401030 .data:00401030 ; =============== S U B R O U T I N E ======================================= .data:00401030 .data:00401030 ; Attributes: bp-based frame .data:00401030 .data:00401030 public start .data:00401030 start proc near .data:00401030 .data:00401030 arglist = byte ptr -28h .data:00401030 var_8 = byte ptr -8 .data:00401030 pcbBuffer = dword ptr -4 .data:00401030 .data:00401030 push ebp .data:00401031 mov ebp, esp .data:00401033 sub esp, 28h .data:00401036 lea eax, [ebp+pcbBuffer] .data:00401039 push eax ; pcbBuffer .data:0040103A lea ecx, [ebp+arglist] .data:0040103D push ecx ; lpBuffer .data:0040103E mov [ebp+pcbBuffer], 20h .data:00401045 call GetUserNameA .data:0040104B lea edx, [ebp+arglist] .data:0040104E push edx ; arglist .data:0040104F push offset dword_401024 ; LPCSTR .data:00401054 call printf .data:00401059 add esp, 8 .data:0040105C push 0 ; lpOverlapped .data:0040105E push 0 ; lpNumberOfBytesRead .data:00401060 push 1 ; nNumberOfBytesToRead .data:00401062 lea eax, [ebp+var_8] .data:00401065 push eax ; lpBuffer .data:00401066 push 0FFFFFFF6h ; nStdHandle .data:00401068 call GetStdHandle .data:0040106E push eax ; hFile .data:0040106F call ReadFile .data:00401075 xor eax, eax .data:00401077 mov esp, ebp .data:00401079 pop ebp .data:0040107A retn .data:0040107A start endp .data:0040107A .data:0040107B .data:0040107B ; =============== S U B R O U T I N E ======================================= .data:0040107B .data:0040107B ; Attributes: bp-based frame .data:0040107B .data:0040107B ; int __cdecl printf(LPCSTR, char arglist) .data:0040107B printf proc near ; CODE XREF: start+24p .data:0040107B .data:0040107B NumberOfBytesWritten= dword ptr -408h .data:0040107B Buffer = byte ptr -404h .data:0040107B var_4 = dword ptr -4 .data:0040107B arg_0 = dword ptr 8 .data:0040107B arglist = byte ptr 0Ch .data:0040107B .data:0040107B push ebp .data:0040107C mov ebp, esp .data:0040107E sub esp, 408h .data:00401084 mov eax, dword_401020 .data:00401089 xor eax, ebp .data:0040108B mov [ebp+var_4], eax .data:0040108E push esi .data:0040108F lea eax, [ebp+arglist] .data:00401092 push eax ; arglist .data:00401093 push [ebp+arg_0] ; LPCSTR .data:00401096 lea eax, [ebp+Buffer] .data:0040109C push eax ; LPSTR .data:0040109D call wvsprintfA .data:004010A3 mov esi, eax .data:004010A5 push 0 ; lpOverlapped .data:004010A7 lea eax, [ebp+NumberOfBytesWritten] .data:004010AD push eax ; lpNumberOfBytesWritten .data:004010AE push esi ; nNumberOfBytesToWrite .data:004010AF lea eax, [ebp+Buffer] .data:004010B5 push eax ; lpBuffer .data:004010B6 push 0FFFFFFF5h ; nStdHandle .data:004010B8 call GetStdHandle .data:004010BE push eax ; hFile .data:004010BF call WriteFile .data:004010C5 mov ecx, [ebp+var_4] .data:004010C8 mov eax, esi .data:004010CA xor ecx, ebp .data:004010CC pop esi .data:004010CD call nullsub_1 .data:004010D2 leave .data:004010D3 retn .data:004010D3 printf endp .data:004010D3 .data:004010D4 ; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND] .data:004010D5 align 4 .data:004010D8 __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_401130 ; Import Name Table .data:004010DC dd 0 ; Time stamp .data:004010E0 dd 0 ; Forwarder Chain .data:004010E4 dd rva aKernel32_dll ; DLL Name .data:004010E8 dd rva WriteFile ; Import Address Table .data:004010EC __IMPORT_DESCRIPTOR_USER32 dd rva off_401140 ; Import Name Table .data:004010F0 dd 0 ; Time stamp .data:004010F4 dd 0 ; Forwarder Chain .data:004010F8 dd rva aUser32_dll ; DLL Name .data:004010FC dd rva wvsprintfA ; Import Address Table .data:00401100 __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_401128 ; Import Name Table .data:00401104 dd 0 ; Time stamp .data:00401108 dd 0 ; Forwarder Chain .data:0040110C dd rva aAdvapi32_dll ; DLL Name .data:00401110 dd rva GetUserNameA ; Import Address Table .data:00401114 dd 5 dup(0) .data:00401128 ; .data:00401128 ; Import names for ADVAPI32.dll .data:00401128 ; .data:00401128 off_401128 dd rva word_401198 ; DATA XREF: .data:__IMPORT_DESCRIPTOR_ADVAPI32o .data:0040112C dd 0 .data:00401130 ; .data:00401130 ; Import names for KERNEL32.dll .data:00401130 ; .data:00401130 off_401130 dd rva word_401164 ; DATA XREF: .data:__IMPORT_DESCRIPTOR_KERNEL32o .data:00401134 dd rva word_401154 .data:00401138 dd rva word_401148 .data:0040113C dd 0 .data:00401140 ; .data:00401140 ; Import names for USER32.dll .data:00401140 ; .data:00401140 off_401140 dd rva word_40117E ; DATA XREF: .data:__IMPORT_DESCRIPTOR_USER32o .data:00401144 dd 0 .data:00401148 word_401148 dw 3C0h ; DATA XREF: .data:00401138o .data:0040114A db 'ReadFile',0 .data:00401153 align 4 .data:00401154 word_401154 dw 264h ; DATA XREF: .data:00401134o .data:00401156 db 'GetStdHandle',0 .data:00401163 align 4 .data:00401164 word_401164 dw 525h ; DATA XREF: .data:off_401130o .data:00401166 db 'WriteFile',0 .data:00401170 aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: .data:004010E4o .data:0040117D align 2 .data:0040117E word_40117E dw 334h ; DATA XREF: .data:off_401140o .data:00401180 db 'wvsprintfA',0 .data:0040118B align 4 .data:0040118C aUser32_dll db 'USER32.dll',0 ; DATA XREF: .data:004010F8o .data:00401197 align 4 .data:00401198 word_401198 dw 164h ; DATA XREF: .data:off_401128o .data:0040119A db 'GetUserNameA',0 .data:004011A7 align 4 .data:004011A8 aAdvapi32_dll db 'ADVAPI32.dll',0 ; DATA XREF: .data:0040110Co .data:004011B5 align 4 .data:004011B8 dd 12h dup(0) .data:00401200 dd 380h dup(?) .data:00401200 _data ends .data:00401200 .data:00401200 .data:00401200 end start