Results 1 to 4 of 4

Thread: pls assay this ASM code

  1. #1
    wonyg80
    Guest

    pls assay this ASM code

    00406488 53 PUSH EBX
    EBX=00000000
    Local call from 00404469
    ====================================================================================
    00406489 56 PUSH ESI
    ESI=00475C48 (mts.00475C48)
    ====================================================================================
    0040648A 8BF1 MOV ESI,ECX
    ECX=00475C48 (mts.00475C48)
    ESI=00475C48 (mts.00475C48)
    ===================================================================================
    0040648C 8B96 E80A0000 MOV EDX.DWORD PTR DS:[ESI+AE8]
    DS:[00476730]=00B53A89
    EDX=0012FB3C
    ====================================================================================
    00406492 8A1A MOV BL,BYTE PTR DS:[EDX]
    DS:[00B53A89]=01
    BL=00
    ====================================================================================
    00406494 8D86 E80A0000 LEA EAX,DWORD PTR DS:[ESI+AE8]
    Address=00476730
    EAX=0000000E
    ====================================================================================
    0040649A 42 IN EDX
    EDX=00B53A89
    ====================================================================================
    0040649B 8910 MOV DWORD PTR DS:[EAX],EDX
    EDX=00B53A8A
    DS:[00476730]=00B53A89
    ====================================================================================
    0040649D 66:8B0A MOV CX,WORD PTR DS:[EDX]
    DS:[00B53A8A]=0001
    CX=5C48
    ====================================================================================
    004064A0 83C2 02 ADD EDX,2
    EDX=00B53A8A
    ====================================================================================
    004064A3 66:81F9 C800 CMP CX,0C8
    CX=0001
    ====================================================================================
    004064A8 8910 MOV DWORD PTR DS:[EAX],EDX
    EDX=00B53A8C
    DS:[00476730]=00B53A8A
    ====================================================================================
    004064AA 730C JNB SHORT mts.=004064BB
    Jump is NOT taken
    004064B8=mts.004064B8
    ====================================================================================
    004064AC 33C0 XOR EAX,EAX
    EAX=00476730 (mts.00476730)
    ====================================================================================
    004064AE 66:8BC1 MOV AX,CX
    CX=0001
    AX=0000
    ====================================================================================
    004064B1 889C30 7E550100 MOV BYTE PTR DS:[EAX+ESI+1557E],BL
    BL=01
    DS:[0048B1C7]=00
    ====================================================================================
    004064B8 5E POP BSI
    Stack [0012FD30]=00475C48 (mts.00475C48)
    ESI=00475C48 (mts.00475C48)
    Jump from 004064AA
    ====================================================================================
    004064B9 5B POP EBX
    Stack [0012FD34]=00000000
    EBX=00000001
    ====================================================================================
    004064BA C3 RETN
    Return to 0040446E (mts.0040446E)
    ==========================================================

    pls help.. I don't know ASM well;;;
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    sage

    Quote Originally Posted by wonyg80 View Post
    I don't know ASM well;;;
    ...and whose problem is that? Not ours, YOURS. If YOU "don't know ASM well", then YOU should be the one to learn it. So why don't YOU do that! Help yourself!

    And one more thing, we have no idea what the hell you want. Did you not READ THE FRIGGIN' FAQ like it tells you in BIG RED LETTERS at the top of the page?

  3. #3
    What she said!



    Regards,
    JMI

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    if asm is hard try if you can understand this

    Code:
    assaywong:\>type assay.c
    #include <stdio.h>
    #include <windows.h>
    
    typedef struct _WONGBABY
    {
            BYTE    unknownwong[2790];
            DWORD   wongfoo;
    } WONGBABY, *PWONGBABY;
    
    
    
    int __cdecl thiswongisdamned(WONGBABY *pwb)
    {
            DWORD foo;
            BYTE blah;
            foo = (DWORD)pwb->wongfoo;
            blah = (BYTE)foo;
            printf("foo = %08x  blah = %08x\n",foo,blah);
            return 0;
    }
    
    
    int __cdecl main(void)
    {
            WONGBABY wb;
    
            printf("assaying wongy\n");
            wb.wongfoo = 0x12345678;
            thiswongisdamned(&wb);
            return 0;
    }
    assaywong:\>assay.exe
    assaying wongy
    foo = 12345678  blah = 00000078
    
    assaywong:\>"c:\Program Files\Debugging Tools for Windows\cdb.exe" assay.exe
    
    ntdll!DbgBreakPoint:
    77f767cd cc              int     3
    
    0:000> uf assay!thiswongisdamned
    assay!thiswongisdamned:
    00401c05 8bff            mov     edi,edi
    00401c07 55              push    ebp
    00401c08 8bec            mov     ebp,esp
    00401c0a 8b4508          mov     eax,dword ptr [ebp+8]
    00401c0d 8b80e80a0000    mov     eax,dword ptr [eax+0AE8h]
    00401c13 0fb6c8          movzx   ecx,al
    00401c16 51              push    ecx
    00401c17 50              push    eax
    00401c18 68fc104000      push    offset assay!`string' (004010fc)
    
    0:000> da 004010fc
    004010fc  "foo = %08x  blah = %08x."
    
    00401c1d e80d040000      call    assay!printf (0040202f)
    00401c22 83c40c          add     esp,0Ch
    00401c25 33c0            xor     eax,eax
    00401c27 5d              pop     ebp
    00401c28 c3              ret
    0:000> q
    quit:
    
    assaywong:\>

Similar Threads

  1. Different papers about SMC, polymorph code and anti trace code...
    By OHPen in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: March 29th, 2007, 15:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •