Hay, ich bin derzeit dabei eine dll zu debuggen. Ich habe 0 ahnung und habe bis jetzt nur das hier:
Code:
.idata:102C90C4 .idata:102C90C4 ; Segment type: Externs .idata:102C90C4 ; _idata .idata:102C90C4 ; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress,DWORD dwSize,DWORD flAllocationType,DWORD flProtect) .idata:102C90C4 extrn VirtualAlloc:dword .idata:102C90C8 ; BOOL __stdcall VirtualFree(LPVOID lpAddress,DWORD dwSize,DWORD dwFreeType) .idata:102C90C8 extrn VirtualFree:dword .idata:102C90CC ; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName) .idata:102C90CC extrn GetModuleHandleA:dword .idata:102C90D0 ; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName) .idata:102C90D0 extrn GetProcAddress:dword .idata:102C90D4 ; void __stdcall ExitProcess(UINT uExitCode) .idata:102C90D4 extrn ExitProcess:dword .idata:102C90D8 ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName) .idata:102C90D8 extrn LoadLibraryA:dword .idata:102C90DC .idata:102C90E0 ; .idata:102C90E0 ; Imports from user32.dll .idata:102C90E0 ; .idata:102C90E0 ; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType) .idata:102C90E0 extrn MessageBoxA:dword .idata:102C90E4 .idata:102C90E8 ; .idata:102C90E8 ; Imports from advapi32.dll .idata:102C90E8 ; .idata:102C90E8 ; LONG __stdcall RegCloseKey(HKEY hKey) .idata:102C90E8 extrn RegCloseKey:dword .idata:102C90EC .idata:102C90F0 ; .idata:102C90F0 ; Imports from oleaut32.dll .idata:102C90F0 ; .idata:102C90F0 ; void __stdcall SysFreeString(BSTR) .idata:102C90F0 extrn SysFreeString:dword .idata:102C90F4 .idata:102C90F8 ; .idata:102C90F8 ; Imports from gdi32.dll .idata:102C90F8 ; .idata:102C90F8 ; HFONT __stdcall CreateFontA(int,int,int,int,int,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,LPCSTR) .idata:102C90F8 extrn CreateFontA:dword .idata:102C90FC .idata:102C9100 ; .idata:102C9100 ; Imports from shell32.dll .idata:102C9100 ; .idata:102C9100 ; HINSTANCE __stdcall ShellExecuteA(HWND hwnd,LPCSTR lpOperation,LPCSTR lpFile,LPCSTR lpParameters,LPCSTR lpDirectory,INT nShowCmd) .idata:102C9100 extrn ShellExecuteA:dword ; Opens or prints a specified file .idata:102C9104 .idata:102C9108 ; .idata:102C9108 ; Imports from version.dll .idata:102C9108 ; .idata:102C9108 ; BOOL __stdcall GetFileVersionInfoA(LPSTR lptstrFilename,DWORD dwHandle,DWORD dwLen,LPVOID lpData) .idata:102C9108 extrn GetFileVersionInfoA:dword ; Get version information about a specified file .idata:102C910C .idata:102C9110 ; .idata:102C9110 ; Imports from msvcr100.dll .idata:102C9110 ; .idata:102C9110 extrn _except_handler4_common:dword .idata:102C9114 .idata:102C9114
Code:
0000:1035F980 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved) 0000:1035F980 public DllEntryPoint 0000:1035F980 DllEntryPoint: 0000:1035F980 pusha 0000:1035F981 call $+5 0000:1035F986 pop ebp 0000:1035F987 sub ebp, 6 0000:1035F98D sub ebp, 35F980h 0000:1035F993 jmp loc_1035F9E4 0000:1035F993 ; --------------------------------------------------------------------------- 0000:1035F998 dd 47494E45h, 3203414Dh, 307DDh, 12001Bh, 200024h, 98B11DBBh 0000:1035F998 dd 0D3A0F2CCh, 392E37D0h, 0EDF6947Dh, 995AA335h, 2, 0DC867DB4h 0000:1035F998 dd 46824FEEh, 5ACBD5B0h, 7A84036Fh, 0E8D37ECEh, 0D8380D7Ah 0000:1035F998 dd 0AF52C21h, 16D0F540h 0000:1035F9E4 ; --------------------------------------------------------------------------- 0000:1035F9E4 0000:1035F9E4 loc_1035F9E4: ; CODE XREF: .data:1035F993j 0000:1035F9E4 mov al, [esp+28h] 0000:1035F9EB cmp al, 1 0000:1035F9EE jz loc_1035F9FB 0000:1035F9F4 popa 0000:1035F9F5 xor eax, eax 0000:1035F9F7 inc eax 0000:1035F9F8 retn 0Ch 0000:1035F9FB ; --------------------------------------------------------------------------- 0000:1035F9FB 0000:1035F9FB loc_1035F9FB: ; CODE XREF: .data:1035F9EEj 0000:1035F9FB jmp loc_1035FA04 0000:1035F9FB ; --------------------------------------------------------------------------- 0000:1035FA00 dd 0F9A8699h 0000:1035FA04 ; --------------------------------------------------------------------------- 0000:1035FA04 0000:1035FA04 loc_1035FA04: ; CODE XREF: .data:loc_1035F9FBj 0000:1035FA04 mov eax, 35F980h 0000:1035FA09 add eax, ebp 0000:1035FA0B add eax, 0AAh 0000:1035FA11 mov ecx, 63Ch 0000:1035FA16 mov edx, 55E9B90Fh 0000:1035FA1B 0000:1035FA1B loc_1035FA1B: ; CODE XREF: .data:1035FA1Fj 0000:1035FA1B xor [eax], dl 0000:1035FA1D inc eax 0000:1035FA1E dec ecx 0000:1035FA1F jnz loc_1035FA1B 0000:1035FA25 jmp loc_1035FA2E 0000:1035FA25 ; --------------------------------------------------------------------------- 0000:1035FA2A dw 60Dh 0000:1035FA2C ; --------------------------------------------------------------------------- 0000:1035FA2C xor ecx, [edi] 0000:1035FA2E 0000:1035FA2E loc_1035FA2E: ; CODE XREF: .data:1035FA25j 0000:1035FA2E db 65h 0000:1035FA2E dec edi
kann irgendjemand damit etwas anfangen?
