Can someone Explainme this ?

07/11/2012 08:27 sheik_gray#1

please someone good at asembler help me to understand better this ...
just some explanation will helpme ... i just know this part load the driver... and the other function check if is loaded... but first i need to understand this...

Code:

unpacked:007DC7BD                 push    offset aHshieldEhsvc_d ; "\\HShield\\EhSvc.dll"
unpacked:007DC7C2                 rep stosd
unpacked:007DC7C4                 mov     edi, offset unk_174C054
unpacked:007DC7C9                 or      ecx, 0FFFFFFFFh
unpacked:007DC7CC                 repne scasb
unpacked:007DC7CE                 not     ecx
unpacked:007DC7D0                 sub     edi, ecx
unpacked:007DC7D2                 mov     eax, ecx
unpacked:007DC7D4                 mov     esi, edi
unpacked:007DC7D6                 mov     edi, edx
unpacked:007DC7D8                 shr     ecx, 2
unpacked:007DC7DB                 rep movsd
unpacked:007DC7DD                 mov     ecx, eax
unpacked:007DC7DF                 and     ecx, 3
unpacked:007DC7E2                 rep movsb
unpacked:007DC7E4                 lea     ecx, [esp+214h+var_104]
unpacked:007DC7EB                 push    ecx
unpacked:007DC7EC                 call    ds:dword_87B170
unpacked:007DC7F2                 push    4
unpacked:007DC7F4                 push    2883DBEh
unpacked:007DC7F9                 push    offset aE6e29374943cf6 ; "E6E29374943CF660DBEC8E62"
unpacked:007DC7FE                 push    17B1h
unpacked:007DC803                 lea     edx, [esp+220h+var_104]
unpacked:007DC80A                 push    offset sub_7DCC10
unpacked:007DC80F                 push    edx
unpacked:007DC810                 call    sub_859C92
unpacked:007DC815                 push    offset unk_8CC4A0
unpacked:007DC81A                 mov     esi, eax
unpacked:007DC81C                 call    sub_7ACAA0
unpacked:007DC821                 add     esp, 4
unpacked:007DC824                 test    esi, esi
unpacked:007DC826                 jz      loc_7DC93B
unpacked:007DC82C                 cmp     esi, 103h
unpacked:007DC832                 jg      short loc_7DC8A2
unpacked:007DC834                 jz      short loc_7DC891
unpacked:007DC836                 cmp     esi, 100h
unpacked:007DC83C                 jg      short loc_7DC882
unpacked:007DC83E                 jz      short loc_7DC86E
unpacked:007DC840                 mov     eax, esi
unpacked:007DC842                 sub     eax, 2
unpacked:007DC845                 jz      short loc_7DC85A
unpacked:007DC847                 sub     eax, 2
unpacked:007DC84A                 jnz     loc_7DC8E9
unpacked:007DC850                 push    offset unk_8CC478
unpacked:007DC855                 jmp     loc_7DC909

07/11/2012 10:02 adek1994#2

[Only registered and activated users can see links. Click Here To Register...]

07/11/2012 11:39 [Zyklon]#3

Quote:

Originally Posted by bla-bla-bla

Well to unpack it's literally simply it's harder to understand what it's writing there.

[Only registered and activated users can see links. Click Here To Register...]

Are you trying to live up to your name?

Maybe OP should post where he got this from

Also the viet/chink chick in your picture:

[Only registered and activated users can see links. Click Here To Register...]=[Only registered and activated users can see links. Click Here To Register...]

07/11/2012 23:53 sheik_gray#4

i have umpacked the game, then i just open with " IDA" and serch for the string " HShield" then i find Ref, and found this, here i need just NOP something but the problem is, when i have study was with old version of HS and now looks too diferent like before... so i need some help of someone who uderstand ASM, i dont need a exactly explanation, i need just something in his own words... to compare with asm reference on internet...