Quote:
[Originally Posted by suryawomshi;79898]i have sent u mail
what is happing below can some one tell me
|
; This code just saves the stack pointer, and sets things up to get parameters that might have been passed to the function.
Code:
align 10h
push ebp
mov ebp, esp
sub esp, 74h
push esi
push ebx
; This opens the device "/dev/windrvr". This windrvr references WinDriver from jungo, and is a "Linux driver for dummies" suite. But it DOES tell us something. It's either talking to a PCI card, or something attached to the USB port.
Code:
push 2
push offset aDevWindrvr ; "/dev/windrvr"
call _open
; This code checks the return value from the call to open above, and verifies that it's not an error (-1). (It also puts the file handle in esi).
Code:
mov esi, eax
add esp, 8
cmp esi, 0FFFFFFFFh
jz short loc_80636FA
; This copies 38h bytes from the string shown, into a buffer pointed at by ebp-68h
Code:
push 38h
push offset a73e8466570a9e2 ; "73e8466570a9e2300eeff2.MicroComputers A"...
lea ebx, [ebp-68h]
push ebx
call _memcpy
add esp, 0Ch
; This monkeys around with some data
Code:
mov dword ptr [ebp-74h], 0A410B413h
mov [ebp-70h], ebx
mov dword ptr [ebp-6Ch], 68h
; This sends the above data, and a command of 9528244Bh to the driver through the IOCTL interface, using the handle it obtained from the open call above. (it's in esi)
Code:
lea eax, [ebp-74h]
push eax
push 9538244Bh
push esi
call _ioctl
add esp, 0Ch
; Using the handle in esi once again, it calls CLOSE to state that it's done with talking to the driver/
Code:
push esi
call _close
; This cleans up the stack, and returns to the caller.
Code:
loc_80636FA: ; CODE XREF: .text:080636BCj
lea esp, [ebp-7Ch]
pop ebx
pop esi
mov esp, ebp
pop ebp
retn
SO, basically, it's just sending a command to a device driver. What that command IS, is detailed above, what it DOES is an entirely different matter, and you'd need to disassemble the driver to find that out.