disasm(1)


E:\!\!\WIN.exe (hex) (dec)

.EXE size (bytes) 490 1168
Minimum load size (bytes) 450 1104
Overlay number 0 0
Initial CS:IP 0000:0000
Initial SS:SP 0000:00B8 184
Minimum allocation (para) 0 0
Maximum allocation (para) FFFF 65535
Header size (para) 4 4
Relocation table offset 40 64
Relocation entries 0 0

Portable Executable starts at c0
Signature 00004550 (PE)
Machine 014C (Intel 386)
Sections 0003
Time Date Stamp 47EA4C7A Wed Mar 26 14:15:38 2008
Symbol Table 00000000
Number of Symbols 00000000
Optional header size 00E0
Characteristics 010F
Relocation information stripped
Executable Image
Line numbers stripped
Local symbols stripped
32 bit word machine
Magic 010B
Linker Version 5.12
Size of Code 00000200
Size of Initialized Data 00000400
Size of Uninitialized Data 00000000
Address of Entry Point 00001000
Base of Code 00001000
Base of Data 00002000
Image Base 00400000
Section Alignment 00001000
File Alignment 00000200
Operating System Version 4.00
Image Version 0.00
Subsystem Version 4.00
reserved 00000000
Image Size 00004000
Header Size 00000400
Checksum 00000000
Subsystem 0002 (Windows)
DLL Characteristics 0000
Size Of Stack Reserve 00100000
Size Of Stack Commit 00001000
Size Of Heap Reserve 00100000
Size Of Heap Commit 00001000
Loader Flags 00000000
Number of Directories 00000010

Directory Name VirtAddr VirtSize
-------------------------------------- -------- --------
Export 00000000 00000000
Import 00002040 0000003C
Resource 00000000 00000000
Exception 00000000 00000000
Security 00000000 00000000
Base Relocation 00000000 00000000
Debug 00000000 00000000
Decription/Architecture 00000000 00000000
Machine Value (MIPS GP) 00000000 00000000
Thread Storage 00000000 00000000
Load Configuration 00000000 00000000
Bound Import 00000000 00000000
Import Address Table 00002000 00000040
Delay Import 00000000 00000000
COM Runtime Descriptor 00000000 00000000
(reserved) 00000000 00000000

Section Table
-------------
01 .text Virtual Address 00001000
Virtual Size 0000019A
Raw Data Offset 00000400
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics 60000020
Code
Executable
Readable

02 .rdata Virtual Address 00002000
Virtual Size 000001C2
Raw Data Offset 00000600
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics 40000040
Initialized Data
Readable

03 .data Virtual Address 00003000
Virtual Size 0000002C
Raw Data Offset 00000800
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics C0000040
Initialized Data
Readable
Writeable


Imp Addr Hint Import Name from user32.dll - Not Bound
-------- ---- ---------------------------------------------------------------
00002010 184 LoadIconA
00002014 1BF PostQuitMessage
00002018 119 GetMessageA
0000201C 8C DispatchMessageA
00002020 242 TranslateMessage
00002024 24E UpdateWindow
00002028 180 LoadCursorA
0000202C 7E DefWindowProcA
00002030 54 CreateWindowExA
00002034 1C8 RegisterClassExA
00002038 22D ShowWindow

Imp Addr Hint Import Name from kernel32.dll - Not Bound
-------- ---- ---------------------------------------------------------------
00002000 109 GetModuleHandleA
00002004 C8 GetCommandLineA
00002008 80 ExitProcess

IAT Entry

00000000: 000021A0 0000218E - 00002180 00000000 - 00002110 0000211C
00000018: 000020F4 000020E0 - 00002150 00002164 - 00002102 000020CE
00000030: 000020BC 0000212E - 00002142 00000000

Disassembly

00401000 start:
00401000 6A00 push 0
00401002 E88D010000 call fn_00401194
00401007 A324304000 mov [403024h],eax
0040100C E87D010000 call fn_0040118E
00401011 A328304000 mov [403028h],eax
00401016 6A0A push 0Ah
00401018 FF3528304000 push dword ptr [403028h]
0040101E 6A00 push 0
00401020 FF3524304000 push dword ptr [403024h]
00401026 E806000000 call fn_00401031
0040102B 50 push eax
0040102C E857010000 call fn_00401188
00401031 fn_00401031:
00401031 55 push ebp
00401032 8BEC mov ebp,esp
00401034 83C4B0 add esp,0FFFFFFB0h
00401037 C745D030000000 mov dword ptr [ebp-30h],30h
0040103E C745D403000000 mov dword ptr [ebp-2Ch],3
00401045 C745D819114000 mov dword ptr [ebp-28h],401119h
0040104C C745DC00000000 mov dword ptr [ebp-24h],0
00401053 C745E000000000 mov dword ptr [ebp-20h],0
0040105A FF3524304000 push dword ptr [403024h]
00401060 8F45E4 pop [ebp-1Ch]
00401063 C745F006000000 mov dword ptr [ebp-10h],6
0040106A C745F400000000 mov dword ptr [ebp-0Ch],0
00401071 C745F800304000 mov dword ptr [ebp-8],403000h
00401078 68007F0000 push 7F00h
0040107D 6A00 push 0
0040107F E8E0000000 call fn_00401164
00401084 8945E8 mov [ebp-18h],eax
00401087 8945FC mov [ebp-4],eax
0040108A 68007F0000 push 7F00h
0040108F 6A00 push 0
00401091 E8C8000000 call fn_0040115E
00401096 8945EC mov [ebp-14h],eax
00401099 8D45D0 lea eax,[ebp-30h]
0040109C 50 push eax
0040109D E8CE000000 call fn_00401170
004010A2 6A00 push 0
004010A4 FF7508 push dword ptr [ebp+8]
004010A7 6A00 push 0
004010A9 6A00 push 0
004010AB 6800000080 push 80000000h
004010B0 6800000080 push 80000000h
004010B5 6800000080 push 80000000h
004010BA 6800000080 push 80000000h
004010BF 680000CF00 push 0CF0000h
004010C4 680F304000 push 40300Fh
004010C9 6800304000 push 403000h
004010CE 6A00 push 0
004010D0 E871000000 call fn_00401146
004010D5 8945B0 mov [ebp-50h],eax
004010D8 FF7514 push dword ptr [ebp+14h]
004010DB FF75B0 push dword ptr [ebp-50h]
004010DE E893000000 call fn_00401176
004010E3 FF75B0 push dword ptr [ebp-50h]
004010E6 E897000000 call fn_00401182
004010EB loc_004010EB:
004010EB 6A00 push 0
004010ED 6A00 push 0
004010EF 6A00 push 0
004010F1 8D45B4 lea eax,[ebp-4Ch]
004010F4 50 push eax
004010F5 E85E000000 call fn_00401158
004010FA 0BC0 or eax,eax
004010FC 7414 jz loc_00401112
004010FE 8D45B4 lea eax,[ebp-4Ch]
00401101 50 push eax
00401102 E875000000 call fn_0040117C
00401107 8D45B4 lea eax,[ebp-4Ch]
0040110A 50 push eax
0040110B E842000000 call fn_00401152
00401110 EBD9 jmp loc_004010EB
00401112 loc_00401112:
00401112 8B45BC mov eax,[ebp-44h]
00401115 C9 leave
00401116 C21000 ret 10h
00401119 55 push ebp
0040111A 8BEC mov ebp,esp
0040111C 837D0C02 cmp dword ptr [ebp+0Ch],2
00401120 7509 jnz loc_0040112B
00401122 6A00 push 0
00401124 E841000000 call fn_0040116A
00401129 EB15 jmp loc_00401140
0040112B loc_0040112B:
0040112B FF7514 push dword ptr [ebp+14h]
0040112E FF7510 push dword ptr [ebp+10h]
00401131 FF750C push dword ptr [ebp+0Ch]
00401134 FF7508 push dword ptr [ebp+8]
00401137 E810000000 call fn_0040114C
0040113C C9 leave
0040113D C21000 ret 10h
00401140 loc_00401140:
00401140 33C0 xor eax,eax
00401142 C9 leave
00401143 C21000 ret 10h
00401146 fn_00401146:
00401146 FF2530204000 jmp dword ptr [CreateWindowExA]
0040114C fn_0040114C:
0040114C FF252C204000 jmp dword ptr [DefWindowProcA]
00401152 fn_00401152:
00401152 FF251C204000 jmp dword ptr [DispatchMessageA]
00401158 fn_00401158:
00401158 FF2518204000 jmp dword ptr [GetMessageA]
0040115E fn_0040115E:
0040115E FF2528204000 jmp dword ptr [LoadCursorA]
00401164 fn_00401164:
00401164 FF2510204000 jmp dword ptr [LoadIconA]
0040116A fn_0040116A:
0040116A FF2514204000 jmp dword ptr [PostQuitMessage]
00401170 fn_00401170:
00401170 FF2534204000 jmp dword ptr [RegisterClassExA]
00401176 fn_00401176:
00401176 FF2538204000 jmp dword ptr [ShowWindow]
0040117C fn_0040117C:
0040117C FF2520204000 jmp dword ptr [TranslateMessage]
00401182 fn_00401182:
00401182 FF2524204000 jmp dword ptr [UpdateWindow]
00401188 fn_00401188:
00401188 FF2508204000 jmp dword ptr [ExitProcess]
0040118E fn_0040118E:
0040118E FF2504204000 jmp dword ptr [GetCommandLineA]
00401194 fn_00401194:
00401194 FF2500204000 jmp dword ptr [GetModuleHandleA]



Wyszukiwarka

Podobne podstrony:
disasm
disasm

więcej podobnych podstron