Scribd Logo
Upload

Welcome to Scribd!

  • Coba 3

    Uploaded by

    ayatkasih
    18 views2 pages

    Original Title

    coba3

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views2 pages

    Coba 3

    Uploaded by

    ayatkasih

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    EBP+0x8 0x004011C8

    EBP-0x4 0x00000000
    EBP-0x10 0xFFFFFFFF
    EBP-0x18 0x0012FFC8
    EBP-0x1C 0x8054A29A
    EBP-0x30 0x00401398
    EBP-0x60 0x00000000
    EBP-0x64 0xE13BF408
    ; Section: .text
    ;= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
    ; EXP: ThunRTMain (100)
    0x7342DE3E: 55 PUSH EBP
    0x7342DE3F: 8BEC MOV EBP,ESP
    0x7342DE41: 6AFF PUSH 0xFF
    0x7342DE43: 68809D4373 PUSH 0x73439D80
    0x7342DE48: 6834FD5073 PUSH 0x7350FD34
    0x7342DE4D: 64A100000000 MOV EAX,DWORD PTR FS:[0x0]
    0x7342DE53: 50 PUSH EAX
    0x7342DE54: 64892500000000 MOV DWORD PTR FS:[0x0],ESP
    0x7342DE5B: 51 PUSH ECX
    0x7342DE5C: 51 PUSH ECX
    0x7342DE5D: 83EC4C SUB ESP,0x4C
    0x7342DE60: 53 PUSH EBX
    0x7342DE61: 56 PUSH ESI
    0x7342DE62: 57 PUSH EDI
    0x7342DE63: 8965E8 MOV DWORD PTR [EBP-0x18],ESP
    0x7342DE66: 8B7508 MOV ESI,DWORD PTR [EBP+0x8]
    0x7342DE69: 8935DC075373 MOV DWORD PTR [0x735307DC],ESI
    0x7342DE6F: 8365FC00 AND DWORD PTR [EBP-0x4],0x0
    0x7342DE73: 8D45A0 LEA EAX,[EBP-0x60]
    0x7342DE76: 50 PUSH EAX
    0x7342DE77: FF1518114273 CALL DWORD PTR [KERNEL32.DLL!GetStartu
    pInfoA]; (0x73421118)
    0x7342DE7D: 0FB745D0 MOVZX EAX,WORD PTR [EBP-0x30]
    0x7342DE81: A3D8075373 MOV DWORD PTR [0x735307D8],EAX
    0x7342DE86: FF35D4065373 PUSH DWORD PTR [0x735306D4]
    0x7342DE8C: 56 PUSH ESI
    0x7342DE8D: BE70045373 MOV ESI,0x73530470
    0x7342DE92: 8BCE MOV ECX,ESI
    0x7342DE94: E860000000 CALL 0x7342DEF9
    0x7342DE99: 8945E4 MOV DWORD PTR [EBP-0x1C],EAX
    0x7342DE9C: 85C0 TEST EAX,EAX
    0x7342DE9E: 7C51 JL 0x7342DEF1 ; (*+0x53)
    0x7342DEA0: 6A00 PUSH 0x0
    0x7342DEA2: 6A00 PUSH 0x0
    0x7342DEA4: 6869100000 PUSH 0x1069
    0x7342DEA9: FF15C8104273 CALL DWORD PTR [KERNEL32.DLL!GetCurren
    tThreadId]; (0x734210C8)
    0x7342DEAF: 50 PUSH EAX
    0x7342DEB0: FF1528164273 CALL DWORD PTR [USER32.DLL!PostThreadM
    essageA]; (0x73421628)
    0x7342DEB6: 8D459C LEA EAX,[EBP-0x64]
    0x7342DEB9: 50 PUSH EAX
    0x7342DEBA: 8BCE MOV ECX,ESI
    0x7342DEBC: E86159FFFF CALL 0x73423822
    0x7342DEC1: 85C0 TEST EAX,EAX
    0x7342DEC3: 7414 JZ 0x7342DED9 ; (*+0x16)
    0x7342DEC5: 8B459C MOV EAX,DWORD PTR [EBP-0x64]
    0x7342DEC8: 8B8820050000 MOV ECX,DWORD PTR [EAX+0x520]
    0x7342DECE: 85C9 TEST ECX,ECX
    0x7342DED0: 7407 JZ 0x7342DED9 ; (*+0x9)
    0x7342DED2: 6AFF PUSH 0xFF
    0x7342DED4: E8366C0000 CALL 0x73434B0F
    0x7342DED9: 8BCE MOV ECX,ESI ; <==0x7342DEC3(
    *-0x16), 0x7342DED0(*-0x9)
    0x7342DEDB: E8F2DA0000 CALL 0x7343B9D2
    0x7342DEE0: 834DFCFF OR DWORD PTR [EBP-0x4],0xFF; <==0x73
    42DEF7(*+0x17)
    0x7342DEE4: 6A00 PUSH 0x0
    0x7342DEE6: FF1520114273 CALL DWORD PTR [KERNEL32.DLL!ExitProce
    ss]; (0x73421120)
    0x7342DEEC: E901340300 JMP 0x734612F2 ; (*+0x33406)
    ;

    0x7342DEF1: 50 PUSH EAX ; <==0x7342DE9E(


    *-0x53)
    0x7342DEF2: E83E110200 CALL 0x7344F035
    0x7342DEF7: EBE7 JMP 0x7342DEE0 ; (*-0x17)
    ;
    ;*******************************************************************************
    *
    ; Section: .text
    0x734612F2: 8B4DF0 MOV ECX,DWORD PTR [EBP-0x10]; <==0x73
    42DEEC(*-0x33406)
    0x734612F5: 64890D00000000 MOV DWORD PTR FS:[0x0],ECX
    0x734612FC: 5F POP EDI
    0x734612FD: 5E POP ESI
    0x734612FE: 5B POP EBX
    0x734612FF: C9 LEAVE
    0x73461300: C3 RET

    You might also like