API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 1st, 2015
160
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.66 KB | None | 0 0
raw download clone embed print report
  1. alessandro at fuchikoma in ~
  2. $ create /xxx/testDocument.adis /xxx/yyy.exe portableexecutable
  3.  
  4. alessandro at fuchikoma in untitled_document
  5. $ set document_name testDocument
  6.  
  7. alessandro at fuchikoma in testDocument
  8. $ get public_function_list
  9. 00406694 EntryPoint start
  10. 0040e038 Import kernel32.dll_GetFileSize
  11. 0040e03c Import kernel32.dll_FindClose
  12. 0040e040 Import kernel32.dll_FindNextFileA
  13. 0040e044 Import kernel32.dll_lstrcmpiA
  14. 0040e048 Import kernel32.dll_FindFirstFileA
  15. 0040e04c Import kernel32.dll_GetFileAttributesA
  16. 0040e050 Import kernel32.dll_GetModuleFileNameA
  17. 0040e054 Import kernel32.dll_GetModuleHandleA
  18. 0040e058 Import kernel32.dll_GetLocalTime
  19. 0040e05c Import kernel32.dll_FormatMessageA
  20. 0040e060 Import kernel32.dll_CreateFileMappingA
  21. 0040e064 Import kernel32.dll_lstrlenA
  22. 0040e068 Import kernel32.dll_SetFilePointer
  23. 0040e06c Import kernel32.dll_GetACP
  24. 0040e070 Import kernel32.dll_GetLocaleInfoA
  25. 0040e074 Import kernel32.dll_GetVersionExA
  26. 0040e078 Import kernel32.dll_GetSystemInfo
  27. 0040e07c Import kernel32.dll_VirtualProtect
  28. 0040e080 Import kernel32.dll_MapViewOfFile
  29. 0040e084 Import kernel32.dll_UnmapViewOfFile
  30. 0040e088 Import kernel32.dll_ReadFile
  31. 0040e08c Import kernel32.dll_GetLastError
  32. 0040e090 Import kernel32.dll_GetCurrentDirectoryA
  33. 0040e094 Import kernel32.dll_InterlockedDecrement
  34. 0040e098 Import kernel32.dll_InterlockedIncrement
  35. 0040e09c Import kernel32.dll_LocalAlloc
  36. 0040e0a0 Import kernel32.dll_CreateFileA
  37. 0040e0a4 Import kernel32.dll_WriteFile
  38. 0040e0a8 Import kernel32.dll_CloseHandle
  39. 0040e0ac Import kernel32.dll_WideCharToMultiByte
  40. 0040e0b0 Import kernel32.dll_LocalFree
  41. 0040e0b4 Import kernel32.dll_SetStdHandle
  42. 0040e0b8 Import kernel32.dll_LCMapStringW
  43. 0040e0bc Import kernel32.dll_LCMapStringA
  44. 0040e0c0 Import kernel32.dll_FlushFileBuffers
  45. 0040e0c4 Import kernel32.dll_VirtualQuery
  46. 0040e0c8 Import kernel32.dll_GetCPInfo
  47. 0040e0cc Import kernel32.dll_GetOEMCP
  48. 0040e0d0 Import kernel32.dll_GetStringTypeW
  49. 0040e0d4 Import kernel32.dll_GetStringTypeA
  50. 0040e0d8 Import kernel32.dll_IsBadCodePtr
  51. 0040e0dc Import kernel32.dll_IsBadReadPtr
  52. 0040e0e0 Import kernel32.dll_LoadLibraryA
  53. 0040e0e4 Import kernel32.dll_MultiByteToWideChar
  54. 0040e0e8 Import kernel32.dll_ExitProcess
  55. 0040e0ec Import kernel32.dll_RtlUnwind
  56. 0040e0f0 Import kernel32.dll_RaiseException
  57. 0040e0f4 Import kernel32.dll_GetCommandLineA
  58. 0040e0f8 Import kernel32.dll_HeapFree
  59. 0040e0fc Import kernel32.dll_HeapAlloc
  60. 0040e100 Import kernel32.dll_QueryPerformanceCounter
  61. 0040e104 Import kernel32.dll_GetTickCount
  62. 0040e108 Import kernel32.dll_GetCurrentThreadId
  63. 0040e10c Import kernel32.dll_GetCurrentProcessId
  64. 0040e110 Import kernel32.dll_GetSystemTimeAsFileTime
  65. 0040e114 Import kernel32.dll_SetUnhandledExceptionFilter
  66. 0040e118 Import kernel32.dll_HeapReAlloc
  67. 0040e11c Import kernel32.dll_GetProcAddress
  68. 0040e120 Import kernel32.dll_TerminateProcess
  69. 0040e124 Import kernel32.dll_GetCurrentProcess
  70. 0040e128 Import kernel32.dll_HeapSize
  71. 0040e12c Import kernel32.dll_GetStdHandle
  72. 0040e130 Import kernel32.dll_UnhandledExceptionFilter
  73. 0040e134 Import kernel32.dll_FreeEnvironmentStringsA
  74. 0040e138 Import kernel32.dll_GetEnvironmentStrings
  75. 0040e13c Import kernel32.dll_FreeEnvironmentStringsW
  76. 0040e140 Import kernel32.dll_GetEnvironmentStringsW
  77. 0040e144 Import kernel32.dll_SetHandleCount
  78. 0040e148 Import kernel32.dll_GetFileType
  79. 0040e14c Import kernel32.dll_GetStartupInfoA
  80. 0040e150 Import kernel32.dll_HeapDestroy
  81. 0040e154 Import kernel32.dll_HeapCreate
  82. 0040e158 Import kernel32.dll_VirtualFree
  83. 0040e15c Import kernel32.dll_VirtualAlloc
  84. 0040e160 Import kernel32.dll_IsBadWritePtr
  85. 0040e190 Import user32.dll_wsprintfA
  86. 0040e004 Import advapi32.dll_ReportEventA
  87. 0040e008 Import advapi32.dll_DeregisterEventSource
  88. 0040e00c Import advapi32.dll_RegCreateKeyA
  89. 0040e010 Import advapi32.dll_RegSetValueExA
  90. 0040e014 Import advapi32.dll_RegCloseKey
  91. 0040e018 Import advapi32.dll_CryptCreateHash
  92. 0040e01c Import advapi32.dll_CryptHashData
  93. 0040e020 Import advapi32.dll_CryptGetHashParam
  94. 0040e024 Import advapi32.dll_CryptDestroyHash
  95. 0040e028 Import advapi32.dll_CryptReleaseContext
  96. 0040e02c Import advapi32.dll_CryptAcquireContextA
  97. 0040e030 Import advapi32.dll_RegisterEventSourceA
  98. 0040e198 Import ole32.dll_CoUninitialize
  99. 0040e19c Import ole32.dll_OleRun
  100. 0040e1a0 Import ole32.dll_CoCreateInstance
  101. 0040e1a4 Import ole32.dll_CoInitialize
  102.  
  103. alessandro at fuchikoma in testDocument
  104. $ render 0040e038
  105. .rdata:0040e038
  106. .rdata:0040e038 kernel32.dll_GetFileSize:
  107. .rdata:0040e038 db d8
  108. .rdata:0040e039 db 04
  109. .rdata:0040e03a db 01
  110. .rdata:0040e03b db 00
  111. .rdata:0040e03c
  112. .rdata:0040e03c kernel32.dll_FindClose:
  113. .rdata:0040e03c db e4
  114. .rdata:0040e03d db 04
  115. .rdata:0040e03e db 01
  116. .rdata:0040e03f db 00
  117. .rdata:0040e040
  118. .rdata:0040e040 kernel32.dll_FindNextFileA:
  119. .rdata:0040e040 db f4
  120. .rdata:0040e041 db 04
  121.  
  122. alessandro at fuchikoma in testDocument
  123. $ render 00406694
  124. .text:00406694
  125. .text:00406694 proc start
  126. .text:00406694 ; start of function chunk #0 for start
  127. .text:00406694 push 18
  128. .text:00406696 push 40f110
  129. .text:0040669b call sub_4072f3
  130. .text:004066a0 mov edi, 94
  131. .text:004066a5 mov eax, edi
  132. .text:004066a7 call sub_4064b0
  133. .text:004066ac mov dword ptr [ebp+ffffffe8], esp
  134. .text:004066af mov esi, esp
  135. .text:004066b1 mov dword ptr [esi], edi
  136. .text:004066b3 push esi
  137. .text:004066b4 call kernel32.dll_GetLocaleInfoA
  138. .text:004066ba mov ecx, dword ptr [esi+10]
  139. .text:004066bd mov dword ptr [411cf0], ecx
  140. .text:004066c3 mov eax, dword ptr [esi+4]
  141. .text:004066c6 mov dword ptr [411cfc], eax
  142. .text:004066cb mov edx, dword ptr [esi+8]
  143. .text:004066ce mov dword ptr [411d00], edx
  144. .text:004066d4 mov esi, dword ptr [esi+c]
  145. .text:004066d7 and esi, 7fff
  146. .text:004066dd mov dword ptr [411cf4], esi
  147. .text:004066e3 cmp ecx, 2
  148. .text:004066e6 je loc_4066f4
  149. .text:004066e8
  150. .text:004066e8 loc_4066e8:
  151. .text:004066e8 or esi, 8000
  152. .text:004066ee mov dword ptr [411cf4], esi
  153. .text:004066f4
  154. .text:004066f4 loc_4066f4:
  155. .text:004066f4 shl eax, 8
  156. .text:004066f7 add eax, edx
  157. .text:004066f9 mov dword ptr [411cf8], eax
  158. .text:004066fe xor edi, edi
  159. .text:00406700 push edi
  160. .text:00406701 call kernel32.dll_GetModuleFileNameA
  161. .text:00406707 cmp word ptr [eax], 5a4d
  162. .text:0040670c jne loc_40672d
  163. .text:0040670e
  164. .text:0040670e loc_40670e:
  165. .text:0040670e mov ecx, dword ptr [eax+3c]
  166. .text:00406711 add ecx, eax
  167. .text:00406713 cmp dword ptr [ecx], 4550
  168. .text:00406719 jne loc_40672d
  169. .text:0040671b
  170. .text:0040671b loc_40671b:
  171. .text:0040671b movzx eax, dword ptr [ecx+18]
  172. .text:0040671f cmp eax, 10b
  173. .text:00406724 je loc_406745
  174. .text:00406726
  175. .text:00406726 loc_406726:
  176. .text:00406726 cmp eax, 20b
  177. .text:0040672b je loc_406732
  178. .text:0040672d
  179. .text:0040672d loc_40672d:
  180. .text:0040672d mov dword ptr [ebp+ffffffe4], edi
  181. .text:00406730 jmp loc_406759
  182. .text:00406732
  183. .text:00406732 loc_406732:
  184. .text:00406732 cmp dword ptr [ecx+84], e
  185. .text:00406739 jbe loc_40672d
  186. .text:0040673b
  187. .text:0040673b loc_40673b:
  188. .text:0040673b xor eax, eax
  189. .text:0040673d cmp dword ptr [ecx+f8], edi
  190. .text:00406743 jmp loc_406753
  191. .text:00406745
  192. .text:00406745 loc_406745:
  193. .text:00406745 cmp dword ptr [ecx+74], e
  194. .text:00406749 jbe loc_40672d
  195. .text:0040674b
  196. .text:0040674b loc_40674b:
  197. .text:0040674b xor eax, eax
  198. .text:0040674d cmp dword ptr [ecx+e8], edi
  199. .text:00406753
  200. .text:00406753 loc_406753:
  201. .text:00406753 setne al
  202. .text:00406756 mov dword ptr [ebp+ffffffe4], eax
  203. .text:00406759
  204. .text:00406759 loc_406759:
  205. .text:00406759 push edi
  206. .text:0040675a call sub_408dd0
  207. .text:0040675f pop ecx
  208. .text:00406760 test eax, eax
  209. .text:00406762 jne loc_406785
  210. .text:00406764
  211. .text:00406764 loc_406764:
  212. .text:00406764 cmp dword ptr [411cbc], 2
  213. .text:0040676b je loc_406772
  214. .text:0040676d
  215. .text:0040676d loc_40676d:
  216. .text:0040676d call sub_4085e2
  217. .text:00406772
  218. .text:00406772 loc_406772:
  219. .text:00406772 push 1c
  220. .text:00406774 call sub_40846b
  221. .text:00406779 push ff
  222. .text:0040677e call sub_40811e
  223. .text:00406783 pop ecx
  224. .text:00406784 pop ecx
  225. .text:00406785
  226. .text:00406785 loc_406785:
  227. .text:00406785 call sub_408d2e
  228. .text:0040678a mov dword ptr [ebp+fffffffc], edi
  229. .text:0040678d call sub_408b83
  230. .text:00406792 test eax, eax
  231. .text:00406794 jge loc_40679e
  232. .text:00406796
  233. .text:00406796 loc_406796:
  234. .text:00406796 push 1b
  235. .text:00406798 call sub_40666f
  236. .text:0040679d pop ecx
  237. .text:0040679e
  238. .text:0040679e loc_40679e:
  239. .text:0040679e call kernel32.dll_RaiseException
  240. .text:004067a4 mov dword ptr [413294], eax
  241. .text:004067a9 call sub_408a61
  242. .text:004067ae mov dword ptr [411cb4], eax
  243. .text:004067b3 call sub_4089bf
  244. .text:004067b8 test eax, eax
  245. .text:004067ba jge loc_4067c4
  246. .text:004067bc
  247. .text:004067bc loc_4067bc:
  248. .text:004067bc push 8
  249. .text:004067be call sub_40666f
  250. .text:004067c3 pop ecx
  251. .text:004067c4
  252. .text:004067c4 loc_4067c4:
  253. .text:004067c4 call sub_40878c
  254. .text:004067c9 test eax, eax
  255. .text:004067cb jge loc_4067d5
  256. .text:004067cd
  257. .text:004067cd loc_4067cd:
  258. .text:004067cd push 9
  259. .text:004067cf call sub_40666f
  260. .text:004067d4 pop ecx
  261. .text:004067d5
  262. .text:004067d5 loc_4067d5:
  263. .text:004067d5 call sub_40811e
  264. .text:004067da mov dword ptr [ebp+ffffffe0], eax
  265. .text:004067dd cmp eax, edi
  266. .text:004067df je loc_4067e8
  267. .text:004067e1
  268. .text:004067e1 loc_4067e1:
  269. .text:004067e1 push eax
  270. .text:004067e2 call sub_40666f
  271. .text:004067e7 pop ecx
  272. .text:004067e8
  273. .text:004067e8 loc_4067e8:
  274. .text:004067e8 mov eax, dword ptr [411d10]
  275. .text:004067ed mov dword ptr [411d14], eax
  276. .text:004067f2 push eax
  277. .text:004067f3 push dword ptr [411d08]
  278. .text:004067f9 push dword ptr [411d04]
  279. .text:004067ff call sub_404c40
  280. .text:00406804 add esp, c
  281. .text:00406807 mov esi, eax
  282. .text:00406809 mov dword ptr [ebp+ffffffdc], esi
  283. .text:0040680c cmp dword ptr [ebp+ffffffe4], edi
  284. .text:0040680f jne loc_406817
  285. .text:00406811
  286. .text:00406811 loc_406811:
  287. .text:00406811 push esi
  288. .text:00406812 call sub_408275
  289. .text:00406817
  290. .text:00406817 loc_406817:
  291. .text:00406817 call sub_408297
  292. .text:0040681c jmp loc_406849
  293. .text:0040681e ; end of function chunk #0 for start
  294. .text:0040681e
  295. .text:0040681e db 8b
  296. .text:0040681f db 45
  297. .text:00406820 db ec
  298. .text:00406821 db 8b
  299. .text:00406822 db 08
  300. .text:00406823 db 8b
  301. .text:00406824 db 09
  302. .text:00406825 db 89
  303. .text:00406826 db 4d
  304. .text:00406827 db d8
  305. .text:00406828 db 50
  306. .text:00406829 db 51
  307. .text:0040682a db e8
  308. .text:0040682b db ec
  309. .text:0040682c db 1d
  310. .text:0040682d db 00
  311. .text:0040682e db 00
  312. .text:0040682f db 59
  313. .text:00406830 db 59
  314. .text:00406831 db c3
  315. .text:00406832 db 8b
  316. .text:00406833 db 65
  317. .text:00406834 db e8
  318. .text:00406835 db 8b
  319. .text:00406836 db 75
  320. .text:00406837 db d8
  321. .text:00406838 db 83
  322. .text:00406839 db 7d
  323. .text:0040683a db e4
  324. .text:0040683b db 00
  325. .text:0040683c db 75
  326. .text:0040683d db 06
  327. .text:0040683e db 56
  328. .text:0040683f db e8
  329. .text:00406840 db 42
  330. .text:00406841 db 1a
  331. .text:00406842 db 00
  332. .text:00406843 db 00
  333. .text:00406844 db e8
  334. .text:00406845 db 5d
  335. .text:00406846 db 1a
  336. .text:00406847 db 00
  337. .text:00406848 db 00
  338. .text:00406849
  339. .text:00406849 ; start of function chunk #1 for start
  340. .text:00406849
  341. .text:00406849 loc_406849:
  342. .text:00406849 or dword ptr [ebp+fffffffc], ffffffff
  343. .text:0040684d mov eax, esi
  344. .text:0040684f lea esp, dword ptr [ebp+ffffffcc]
  345. .text:00406852 call sub_40747b
  346. .text:00406857 ret
  347. .text:00406858 ; end of function chunk #1 for start
  348. .text:00406858
  349.  
  350. alessandro at fuchikoma in testDocument
  351. $ close
  352.  
  353. alessandro at fuchikoma in ~
  354. $ quit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!