Results 1 to 5 of 5

Thread: Questions in kernel32.dll of Win98

  1. #1
    cloud_y
    Guest

    Questions in kernel32.dll of Win98

    I use w32dasm to disassemble the kernel32.dll of win98, and see this:

    Exported fn(): BackupRead - Ord:007Fh
    Exported fn(): BackupWrite - Ord:0081h
    Exported fn(): CallNamedPipeW - Ord:008Ah
    Exported fn(): CreateFileW - Ord:00BCh
    Exported fn(): CreateRemoteThread - Ord:00C8h
    Exported fn(): FormatMessageW - Ord:012Eh
    Exported fn(): GetNamedPipeHandleStateW - Ord:0190h
    :BFFA9B8D 33C0 xor eax, eax
    :BFFA9B8F B107 mov cl, 07
    * Reference To: KERNEL32.Ordinal:0011
    |
    :BFFA9B91 E98377FCFF jmp BFF71319

    I don't believe these export functions are the same, but why their address
    are all 0xBFFA9B8D?
    //thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, it could easily be an ugly hack. Note, that the function performs a jump, not a ret. Hence, it might later determine what function was actually called, without doing it straight away.
    Don't think that's the case, tho. If it's kernel32 from 98, it shouldn't be using the xxxW api's unless memory serves me wrong. If they are not implemented, pointing them to the same dummy api wouldn't be out of the ordinary. That might be the same case with the other api's.

    Fake

  3. #3
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    ye, that is our W9x.
    that all functions are grouped togather because of same count of stack-params.
    & that functions not works on w9x, so kernel32 will just restore stack
    & jump back to caller.(also SetError mode)

    but why i am all this writing
    & why you are not researching yourself
    & why not in newbie forum??

  4. #4
    >but why i am all this writing
    You want to help him
    esther


    Reverse the code,Reverse Your Minds First

  5. #5
    Now it's in the newbie forum.

    Regards,
    JMI

Similar Threads

  1. Combinations of Sice and Win98
    By naides in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: May 13th, 2003, 18:23
  2. SI DS2.6 and Win98, the oddest thing ever
    By Lord_Soth in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 16th, 2002, 03:59
  3. nugget under Win98?
    By nikolatesla20 in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 13th, 2002, 16:48
  4. RegOrganizer 1.3B4: Questions and More Questions (sv / +spl/\j guru!)
    By foxthree in forum Malware Analysis and Unpacking Forum
    Replies: 17
    Last Post: March 9th, 2002, 06:43
  5. hmemcpy does not break!! in Win98!!!
    By riPPadoGG in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 7th, 2001, 01:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •