SHARE
TWEET

Untitled

a guest Apr 21st, 2017 43 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // === break on load module ===
  2. mov sApi, "ReadFile"
  3. mov sDLL, "kernel32"
  4. gpa sApi, sDLL
  5.  
  6. // store address
  7. mov handle, $RESULT
  8. log handle
  9.         cmp handle, 0
  10. je abort
  11.  
  12.  
  13.  
  14. lbl_bp:
  15. // run
  16. go handle
  17.  
  18.     mov adrRet, [esp]
  19.     mov hFile, [esp+4.]
  20.     mov InBuffer,  [esp+8.]
  21.     mov nNumberOfBytesToRead, [esp+12.]
  22.     mov lpNumberOfBytesRead, [esp+16.]
  23.     mov lpOverlapped, [esp+20.]
  24.  
  25.     log InBuffer
  26.     log hFile
  27.     log nNumberOfBytesToRead
  28.     log lpNumberOfBytesRead
  29.     log lpOverlapped
  30.  
  31.     cmp InBuffer,0
  32.     je noIn
  33.  
  34.     mov INN, [InBuffer], nNumberOfBytesToRead
  35.     log INN
  36.  
  37.  
  38.  
  39.     jmp lbl_bp
  40.  
  41.  noIn:  
  42.     jmp lbl_bp
  43.  
  44. abort:
RAW Paste Data
Top