Kane49
July 27th, 2009, 10:02
Code:
.main
.text:0040123F push 3
.text:00401241 push offset return0
.text:00401246 mov eax, ds:aGetUserNameA
.text:0040124B push eax
.text:0040124C push 0E9h
.text:00401251 call UseOfVP
.useOfVP
.text:00401286 UseOfVP proc near
.text:00401286
.text:00401286 mov eax, esp
.text:00401288 push ebx
.text:00401289 push eax
.text:0040128A push eax
.text:0040128B push esp ;OldProtectionStatus (not relevant)
.text:0040128C push 40h ;NewProtectionStatus
.text:0040128E mov ecx, [eax+10h]
.text:00401291 add ecx, 5 ;SizeOfProtection
.text:00401294 push ecx
.text:00401295 push dword ptr [eax+8] ;StartingAddressOfProtection
.text:00401298 call ds:VirtualProtect_0
.text:004012C7 EndOfUseOfVP:
.Referenced Data
.idata:004030A2 aGetUserNameA dd 30AEh
.idata:004030A6 AGetUserNameW dd 30BEh
.idata:004030AA align 10h
.idata:004030B0 aGetusernamea db 'GetUserNameA',0
.idata:004030BD align 10h
.idata:004030C0 aGetusernamew db 'GetUserNameW',0
.idata:004030CD align 2
Virtual Protect http://msdn.microsoft.com/en-us/library/aa366898%28VS.85%29.aspx
This should be the relevant code for this purpose, i cut out non relevant stuff so dont worry when the Adresses are not coherent. Im pretty confused by the calculation he does to determine the Size and Address of the protection Area for VirtualProtect as i want to use the exact same call in my C++ Program.
My own thoughts, which are probably wrong, in the form of pseudocode !
eax = 004030A2
dwSize = [004030B2]+5
lpAddress = [004030AA] (32bit)
dwSize = t+5 ??
lpAddress = 10 GetUserNameA 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Since the t+5 part doesn't make any sense im stuck !
Anybody here willing to help a poor noob
