Untitled

From eeew, 11 Years ago, written in x86 Assembler, viewed 1'734 times.

URL https://paste.godclan.hu/view/gAQjbeIk Embed

Download Paste or View Raw

.idata:00401000 ; Input MD5   : D3D1F910763E1D654DFD4AFF381AF18B
.idata:00401000 ; Input CRC32 : A6D5D2CB
.idata:00401000
.idata:00401000 ; File Name   : C:\Users\user\Documents\Visual Studio 2010\Projects\entrypoint\Release\entrypoint.exe
.idata:00401000 ; Format      : Portable executable for 80386 (PE)
.idata:00401000 ; Imagebase   : 400000
.idata:00401000 ; Section 1. (virtual address 00001000)
.idata:00401000 ; Virtual size                  : 000001B6 (    438.)
.idata:00401000 ; Section size in file          : 00000200 (    512.)
.idata:00401000 ; Offset to raw data for section: 00000200
.idata:00401000 ; Flags C0000040: Data Readable Writable
.idata:00401000 ; Alignment     : default
.idata:00401000 ;
.idata:00401000 ; Imports from ADVAPI32.dll
.idata:00401000 ;
.idata:00401000
.idata:00401000                 .686p
.idata:00401000                 .mmx
.idata:00401000                 .model flat
.idata:00401000
.idata:00401000 ; ===========================================================================
.idata:00401000
.idata:00401000 ; Segment type: Externs
.idata:00401000 ; _idata
.idata:00401000 ; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer)
.idata:00401000                 extrn GetUserNameA:dword ; CODE XREF: start+15p
.idata:00401000                                         ; DATA XREF: start+15r ...
.idata:00401004
.idata:00401008 ;
.idata:00401008 ; Imports from KERNEL32.dll
.idata:00401008 ;
.idata:00401008 ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
.idata:00401008                 extrn WriteFile:dword   ; CODE XREF: printf+44p
.idata:00401008                                         ; DATA XREF: printf+44r ...
.idata:0040100C ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
.idata:0040100C                 extrn GetStdHandle:dword ; CODE XREF: start+38p
.idata:0040100C                                         ; printf+3Dp
.idata:0040100C                                         ; DATA XREF: ...
.idata:00401010 ; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
.idata:00401010                 extrn ReadFile:dword    ; CODE XREF: start+3Fp
.idata:00401010                                         ; DATA XREF: start+3Fr
.idata:00401014
.idata:00401018 ;
.idata:00401018 ; Imports from USER32.dll
.idata:00401018 ;
.idata:00401018 ; int __stdcall wvsprintfA(LPSTR, LPCSTR, va_list arglist)
.idata:00401018                 extrn wvsprintfA:dword  ; CODE XREF: printf+22p
.idata:00401018                                         ; DATA XREF: printf+22r ...
.idata:0040101C
.idata:0040101C
.data:00401020 ; ===========================================================================
.data:00401020
.data:00401020 ; Segment type: Pure code
.data:00401020 ; Segment permissions: Read/Write
.data:00401020 _data           segment para public 'DATA' use32
.data:00401020                 assume cs:_data
.data:00401020                 ;org 401020h
.data:00401020                 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.data:00401020 dword_401020    dd 0BB40E64Eh           ; DATA XREF: printf+9r
.data:00401024 ; char dword_401024[]
.data:00401024 dword_401024    dd 20617363h, 0A7325h, 0 ; DATA XREF: start+1Fo
.data:00401030                 assume fs:nothing, gs:nothing
.data:00401030
.data:00401030 ; =============== S U B R O U T I N E =======================================
.data:00401030
.data:00401030 ; Attributes: bp-based frame
.data:00401030
.data:00401030                 public start
.data:00401030 start           proc near
.data:00401030
.data:00401030 arglist         = byte ptr -28h
.data:00401030 var_8           = byte ptr -8
.data:00401030 pcbBuffer       = dword ptr -4
.data:00401030
.data:00401030                 push    ebp
.data:00401031                 mov     ebp, esp
.data:00401033                 sub     esp, 28h
.data:00401036                 lea     eax, [ebp+pcbBuffer]
.data:00401039                 push    eax             ; pcbBuffer
.data:0040103A                 lea     ecx, [ebp+arglist]
.data:0040103D                 push    ecx             ; lpBuffer
.data:0040103E                 mov     [ebp+pcbBuffer], 20h
.data:00401045                 call    GetUserNameA
.data:0040104B                 lea     edx, [ebp+arglist]
.data:0040104E                 push    edx             ; arglist
.data:0040104F                 push    offset dword_401024 ; LPCSTR
.data:00401054                 call    printf
.data:00401059                 add     esp, 8
.data:0040105C                 push    0               ; lpOverlapped
.data:0040105E                 push    0               ; lpNumberOfBytesRead
.data:00401060                 push    1               ; nNumberOfBytesToRead
.data:00401062                 lea     eax, [ebp+var_8]
.data:00401065                 push    eax             ; lpBuffer
.data:00401066                 push    0FFFFFFF6h      ; nStdHandle
.data:00401068                 call    GetStdHandle
.data:0040106E                 push    eax             ; hFile
.data:0040106F                 call    ReadFile
.data:00401075                 xor     eax, eax
.data:00401077                 mov     esp, ebp
.data:00401079                 pop     ebp
.data:0040107A                 retn
.data:0040107A start           endp
.data:0040107A
.data:0040107B
.data:0040107B ; =============== S U B R O U T I N E =======================================
.data:0040107B
.data:0040107B ; Attributes: bp-based frame
.data:0040107B
.data:0040107B ; int __cdecl printf(LPCSTR, char arglist)
.data:0040107B printf          proc near               ; CODE XREF: start+24p
.data:0040107B
.data:0040107B NumberOfBytesWritten= dword ptr -408h
.data:0040107B Buffer          = byte ptr -404h
.data:0040107B var_4           = dword ptr -4
.data:0040107B arg_0           = dword ptr  8
.data:0040107B arglist         = byte ptr  0Ch
.data:0040107B
.data:0040107B                 push    ebp
.data:0040107C                 mov     ebp, esp
.data:0040107E                 sub     esp, 408h
.data:00401084                 mov     eax, dword_401020
.data:00401089                 xor     eax, ebp
.data:0040108B                 mov     [ebp+var_4], eax
.data:0040108E                 push    esi
.data:0040108F                 lea     eax, [ebp+arglist]
.data:00401092                 push    eax             ; arglist
.data:00401093                 push    [ebp+arg_0]     ; LPCSTR
.data:00401096                 lea     eax, [ebp+Buffer]
.data:0040109C                 push    eax             ; LPSTR
.data:0040109D                 call    wvsprintfA
.data:004010A3                 mov     esi, eax
.data:004010A5                 push    0               ; lpOverlapped
.data:004010A7                 lea     eax, [ebp+NumberOfBytesWritten]
.data:004010AD                 push    eax             ; lpNumberOfBytesWritten
.data:004010AE                 push    esi             ; nNumberOfBytesToWrite
.data:004010AF                 lea     eax, [ebp+Buffer]
.data:004010B5                 push    eax             ; lpBuffer
.data:004010B6                 push    0FFFFFFF5h      ; nStdHandle
.data:004010B8                 call    GetStdHandle
.data:004010BE                 push    eax             ; hFile
.data:004010BF                 call    WriteFile
.data:004010C5                 mov     ecx, [ebp+var_4]
.data:004010C8                 mov     eax, esi
.data:004010CA                 xor     ecx, ebp
.data:004010CC                 pop     esi
.data:004010CD                 call    nullsub_1
.data:004010D2                 leave
.data:004010D3                 retn
.data:004010D3 printf          endp
.data:004010D3
.data:004010D4 ; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
.data:004010D5                 align 4
.data:004010D8 __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_401130 ; Import Name Table
.data:004010DC                 dd 0                    ; Time stamp
.data:004010E0                 dd 0                    ; Forwarder Chain
.data:004010E4                 dd rva aKernel32_dll    ; DLL Name
.data:004010E8                 dd rva WriteFile        ; Import Address Table
.data:004010EC __IMPORT_DESCRIPTOR_USER32 dd rva off_401140 ; Import Name Table
.data:004010F0                 dd 0                    ; Time stamp
.data:004010F4                 dd 0                    ; Forwarder Chain
.data:004010F8                 dd rva aUser32_dll      ; DLL Name
.data:004010FC                 dd rva wvsprintfA       ; Import Address Table
.data:00401100 __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_401128 ; Import Name Table
.data:00401104                 dd 0                    ; Time stamp
.data:00401108                 dd 0                    ; Forwarder Chain
.data:0040110C                 dd rva aAdvapi32_dll    ; DLL Name
.data:00401110                 dd rva GetUserNameA     ; Import Address Table
.data:00401114                 dd 5 dup(0)
.data:00401128 ;
.data:00401128 ; Import names for ADVAPI32.dll
.data:00401128 ;
.data:00401128 off_401128      dd rva word_401198      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_ADVAPI32o
.data:0040112C                 dd 0
.data:00401130 ;
.data:00401130 ; Import names for KERNEL32.dll
.data:00401130 ;
.data:00401130 off_401130      dd rva word_401164      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_KERNEL32o
.data:00401134                 dd rva word_401154
.data:00401138                 dd rva word_401148
.data:0040113C                 dd 0
.data:00401140 ;
.data:00401140 ; Import names for USER32.dll
.data:00401140 ;
.data:00401140 off_401140      dd rva word_40117E      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_USER32o
.data:00401144                 dd 0
.data:00401148 word_401148     dw 3C0h                 ; DATA XREF: .data:00401138o
.data:0040114A                 db 'ReadFile',0
.data:00401153                 align 4
.data:00401154 word_401154     dw 264h                 ; DATA XREF: .data:00401134o
.data:00401156                 db 'GetStdHandle',0
.data:00401163                 align 4
.data:00401164 word_401164     dw 525h                 ; DATA XREF: .data:off_401130o
.data:00401166                 db 'WriteFile',0
.data:00401170 aKernel32_dll   db 'KERNEL32.dll',0     ; DATA XREF: .data:004010E4o
.data:0040117D                 align 2
.data:0040117E word_40117E     dw 334h                 ; DATA XREF: .data:off_401140o
.data:00401180                 db 'wvsprintfA',0
.data:0040118B                 align 4
.data:0040118C aUser32_dll     db 'USER32.dll',0       ; DATA XREF: .data:004010F8o
.data:00401197                 align 4
.data:00401198 word_401198     dw 164h                 ; DATA XREF: .data:off_401128o
.data:0040119A                 db 'GetUserNameA',0
.data:004011A7                 align 4
.data:004011A8 aAdvapi32_dll   db 'ADVAPI32.dll',0     ; DATA XREF: .data:0040110Co
.data:004011B5                 align 4
.data:004011B8                 dd 12h dup(0)
.data:00401200                 dd 380h dup(?)
.data:00401200 _data           ends
.data:00401200
.data:00401200
.data:00401200                 end start

Reply to "Untitled"

Here you can reply to the paste above

Author What's your name?

Title Give your paste a title.

Language What language is your paste written in?

Your paste Paste your paste here

.idata:00401000 ; Input MD5   : D3D1F910763E1D654DFD4AFF381AF18B
.idata:00401000 ; Input CRC32 : A6D5D2CB
.idata:00401000
.idata:00401000 ; File Name   : C:\Users\user\Documents\Visual Studio 2010\Projects\entrypoint\Release\entrypoint.exe
.idata:00401000 ; Format      : Portable executable for 80386 (PE)
.idata:00401000 ; Imagebase   : 400000
.idata:00401000 ; Section 1. (virtual address 00001000)
.idata:00401000 ; Virtual size                  : 000001B6 (    438.)
.idata:00401000 ; Section size in file          : 00000200 (    512.)
.idata:00401000 ; Offset to raw data for section: 00000200
.idata:00401000 ; Flags C0000040: Data Readable Writable
.idata:00401000 ; Alignment     : default
.idata:00401000 ;
.idata:00401000 ; Imports from ADVAPI32.dll
.idata:00401000 ;
.idata:00401000
.idata:00401000                 .686p
.idata:00401000                 .mmx
.idata:00401000                 .model flat
.idata:00401000
.idata:00401000 ; ===========================================================================
.idata:00401000
.idata:00401000 ; Segment type: Externs
.idata:00401000 ; _idata
.idata:00401000 ; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer)
.idata:00401000                 extrn GetUserNameA:dword ; CODE XREF: start+15p
.idata:00401000                                         ; DATA XREF: start+15r ...
.idata:00401004
.idata:00401008 ;
.idata:00401008 ; Imports from KERNEL32.dll
.idata:00401008 ;
.idata:00401008 ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
.idata:00401008                 extrn WriteFile:dword   ; CODE XREF: printf+44p
.idata:00401008                                         ; DATA XREF: printf+44r ...
.idata:0040100C ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
.idata:0040100C                 extrn GetStdHandle:dword ; CODE XREF: start+38p
.idata:0040100C                                         ; printf+3Dp
.idata:0040100C                                         ; DATA XREF: ...
.idata:00401010 ; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
.idata:00401010                 extrn ReadFile:dword    ; CODE XREF: start+3Fp
.idata:00401010                                         ; DATA XREF: start+3Fr
.idata:00401014
.idata:00401018 ;
.idata:00401018 ; Imports from USER32.dll
.idata:00401018 ;
.idata:00401018 ; int __stdcall wvsprintfA(LPSTR, LPCSTR, va_list arglist)
.idata:00401018                 extrn wvsprintfA:dword  ; CODE XREF: printf+22p
.idata:00401018                                         ; DATA XREF: printf+22r ...
.idata:0040101C
.idata:0040101C
.data:00401020 ; ===========================================================================
.data:00401020
.data:00401020 ; Segment type: Pure code
.data:00401020 ; Segment permissions: Read/Write
.data:00401020 _data           segment para public 'DATA' use32
.data:00401020                 assume cs:_data
.data:00401020                 ;org 401020h
.data:00401020                 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.data:00401020 dword_401020    dd 0BB40E64Eh           ; DATA XREF: printf+9r
.data:00401024 ; char dword_401024[]
.data:00401024 dword_401024    dd 20617363h, 0A7325h, 0 ; DATA XREF: start+1Fo
.data:00401030                 assume fs:nothing, gs:nothing
.data:00401030
.data:00401030 ; =============== S U B R O U T I N E =======================================
.data:00401030
.data:00401030 ; Attributes: bp-based frame
.data:00401030
.data:00401030                 public start
.data:00401030 start           proc near
.data:00401030
.data:00401030 arglist         = byte ptr -28h
.data:00401030 var_8           = byte ptr -8
.data:00401030 pcbBuffer       = dword ptr -4
.data:00401030
.data:00401030                 push    ebp
.data:00401031                 mov     ebp, esp
.data:00401033                 sub     esp, 28h
.data:00401036                 lea     eax, [ebp+pcbBuffer]
.data:00401039                 push    eax             ; pcbBuffer
.data:0040103A                 lea     ecx, [ebp+arglist]
.data:0040103D                 push    ecx             ; lpBuffer
.data:0040103E                 mov     [ebp+pcbBuffer], 20h
.data:00401045                 call    GetUserNameA
.data:0040104B                 lea     edx, [ebp+arglist]
.data:0040104E                 push    edx             ; arglist
.data:0040104F                 push    offset dword_401024 ; LPCSTR
.data:00401054                 call    printf
.data:00401059                 add     esp, 8
.data:0040105C                 push    0               ; lpOverlapped
.data:0040105E                 push    0               ; lpNumberOfBytesRead
.data:00401060                 push    1               ; nNumberOfBytesToRead
.data:00401062                 lea     eax, [ebp+var_8]
.data:00401065                 push    eax             ; lpBuffer
.data:00401066                 push    0FFFFFFF6h      ; nStdHandle
.data:00401068                 call    GetStdHandle
.data:0040106E                 push    eax             ; hFile
.data:0040106F                 call    ReadFile
.data:00401075                 xor     eax, eax
.data:00401077                 mov     esp, ebp
.data:00401079                 pop     ebp
.data:0040107A                 retn
.data:0040107A start           endp
.data:0040107A
.data:0040107B
.data:0040107B ; =============== S U B R O U T I N E =======================================
.data:0040107B
.data:0040107B ; Attributes: bp-based frame
.data:0040107B
.data:0040107B ; int __cdecl printf(LPCSTR, char arglist)
.data:0040107B printf          proc near               ; CODE XREF: start+24p
.data:0040107B
.data:0040107B NumberOfBytesWritten= dword ptr -408h
.data:0040107B Buffer          = byte ptr -404h
.data:0040107B var_4           = dword ptr -4
.data:0040107B arg_0           = dword ptr  8
.data:0040107B arglist         = byte ptr  0Ch
.data:0040107B
.data:0040107B                 push    ebp
.data:0040107C                 mov     ebp, esp
.data:0040107E                 sub     esp, 408h
.data:00401084                 mov     eax, dword_401020
.data:00401089                 xor     eax, ebp
.data:0040108B                 mov     [ebp+var_4], eax
.data:0040108E                 push    esi
.data:0040108F                 lea     eax, [ebp+arglist]
.data:00401092                 push    eax             ; arglist
.data:00401093                 push    [ebp+arg_0]     ; LPCSTR
.data:00401096                 lea     eax, [ebp+Buffer]
.data:0040109C                 push    eax             ; LPSTR
.data:0040109D                 call    wvsprintfA
.data:004010A3                 mov     esi, eax
.data:004010A5                 push    0               ; lpOverlapped
.data:004010A7                 lea     eax, [ebp+NumberOfBytesWritten]
.data:004010AD                 push    eax             ; lpNumberOfBytesWritten
.data:004010AE                 push    esi             ; nNumberOfBytesToWrite
.data:004010AF                 lea     eax, [ebp+Buffer]
.data:004010B5                 push    eax             ; lpBuffer
.data:004010B6                 push    0FFFFFFF5h      ; nStdHandle
.data:004010B8                 call    GetStdHandle
.data:004010BE                 push    eax             ; hFile
.data:004010BF                 call    WriteFile
.data:004010C5                 mov     ecx, [ebp+var_4]
.data:004010C8                 mov     eax, esi
.data:004010CA                 xor     ecx, ebp
.data:004010CC                 pop     esi
.data:004010CD                 call    nullsub_1
.data:004010D2                 leave
.data:004010D3                 retn
.data:004010D3 printf          endp
.data:004010D3
.data:004010D4 ; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
.data:004010D5                 align 4
.data:004010D8 __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_401130 ; Import Name Table
.data:004010DC                 dd 0                    ; Time stamp
.data:004010E0                 dd 0                    ; Forwarder Chain
.data:004010E4                 dd rva aKernel32_dll    ; DLL Name
.data:004010E8                 dd rva WriteFile        ; Import Address Table
.data:004010EC __IMPORT_DESCRIPTOR_USER32 dd rva off_401140 ; Import Name Table
.data:004010F0                 dd 0                    ; Time stamp
.data:004010F4                 dd 0                    ; Forwarder Chain
.data:004010F8                 dd rva aUser32_dll      ; DLL Name
.data:004010FC                 dd rva wvsprintfA       ; Import Address Table
.data:00401100 __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_401128 ; Import Name Table
.data:00401104                 dd 0                    ; Time stamp
.data:00401108                 dd 0                    ; Forwarder Chain
.data:0040110C                 dd rva aAdvapi32_dll    ; DLL Name
.data:00401110                 dd rva GetUserNameA     ; Import Address Table
.data:00401114                 dd 5 dup(0)
.data:00401128 ;
.data:00401128 ; Import names for ADVAPI32.dll
.data:00401128 ;
.data:00401128 off_401128      dd rva word_401198      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_ADVAPI32o
.data:0040112C                 dd 0
.data:00401130 ;
.data:00401130 ; Import names for KERNEL32.dll
.data:00401130 ;
.data:00401130 off_401130      dd rva word_401164      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_KERNEL32o
.data:00401134                 dd rva word_401154
.data:00401138                 dd rva word_401148
.data:0040113C                 dd 0
.data:00401140 ;
.data:00401140 ; Import names for USER32.dll
.data:00401140 ;
.data:00401140 off_401140      dd rva word_40117E      ; DATA XREF: .data:__IMPORT_DESCRIPTOR_USER32o
.data:00401144                 dd 0
.data:00401148 word_401148     dw 3C0h                 ; DATA XREF: .data:00401138o
.data:0040114A                 db 'ReadFile',0
.data:00401153                 align 4
.data:00401154 word_401154     dw 264h                 ; DATA XREF: .data:00401134o
.data:00401156                 db 'GetStdHandle',0
.data:00401163                 align 4
.data:00401164 word_401164     dw 525h                 ; DATA XREF: .data:off_401130o
.data:00401166                 db 'WriteFile',0
.data:00401170 aKernel32_dll   db 'KERNEL32.dll',0     ; DATA XREF: .data:004010E4o
.data:0040117D                 align 2
.data:0040117E word_40117E     dw 334h                 ; DATA XREF: .data:off_401140o
.data:00401180                 db 'wvsprintfA',0
.data:0040118B                 align 4
.data:0040118C aUser32_dll     db 'USER32.dll',0       ; DATA XREF: .data:004010F8o
.data:00401197                 align 4
.data:00401198 word_401198     dw 164h                 ; DATA XREF: .data:off_401128o
.data:0040119A                 db 'GetUserNameA',0
.data:004011A7                 align 4
.data:004011A8 aAdvapi32_dll   db 'ADVAPI32.dll',0     ; DATA XREF: .data:0040110Co
.data:004011B5                 align 4
.data:004011B8                 dd 12h dup(0)
.data:00401200                 dd 380h dup(?)
.data:00401200 _data           ends
.data:00401200
.data:00401200
.data:00401200                 end start

Create Shorturl Create a shorter url that redirects to your paste?

Private Private paste aren't shown in recent listings.

Delete After When should we delete your paste?

Spam protection Type in the letters

godclan.hu Pastebin

Untitled

Reply to "Untitled"