mancini
July 3rd, 2002, 13:39
hello guys
i would like to share with you and ask help on this asm disasembly created with win32dasm
at the end you will see how far i got with it
but sadly i got stuck
i would apreciate it if someone would make some sugestions or corect my errors if you see any im my judgement
(if you want a word .doc format of the code so the asm code is not mixed toghether with the adress so you can red it better download wordweb_asm.doc.zip wich i atached)
if you fell i mst explain more about it just say so and i will try
i would like to share with you and ask help on this asm disasembly created with win32dasm
at the end you will see how far i got with it
but sadly i got stuck
i would apreciate it if someone would make some sugestions or corect my errors if you see any im my judgement
(if you want a word .doc format of the code so the asm code is not mixed toghether with the adress so you can red it better download wordweb_asm.doc.zip wich i atached)
if you fell i mst explain more about it just say so and i will try
Code:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:40077747(C)
:400777BC 53 push ebx
:400777BD 56 push esi
:400777BE 8BF0 mov esi, eax
:400777C0 B301 mov bl, 01
:400777C2 8B866C030000 mov eax, dword ptr [esi+0000036C]
:400777C8 E827C6F8FF call 40003DF4
:400777CD 48 dec eax
:400777CE 7E0B jle 400777DB--------------------------first jump
:400777D0 8B866C030000 mov eax, dword ptr [esi+0000036C]
:400777D6 803821 cmp byte ptr [eax], 21
:400777D9 7455 je 40077830--------------------------second jump
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:400777CE(C)
:400777DB 8B966C030000 mov edx, dword ptr [esi+0000036C]
:400777E1 B02A mov al, 2A
:400777E3 E86CE2F9FF call 40015A54
:400777E8 85C0 test eax, eax
:400777EA 7544 jne 40077830--------------------------third jump
:400777EC 8B966C030000 mov edx, dword ptr [esi+0000036C]
:400777F2 B03F mov al, 3F
:400777F4 E85BE2F9FF call 40015A54
:400777F9 85C0 test eax, eax
:400777FB 7533 jne 40077830--------------------------forth jump
:400777FD 8B966C030000 mov edx, dword ptr [esi+0000036C]
:40077803 B023 mov al, 23
:40077805 E84AE2F9FF call 40015A54
:4007780A 85C0 test eax, eax
:4007780C 7522 jne 40077830--------------------------fiveth jump
:4007780E 8B966C030000 mov edx, dword ptr [esi+0000036C]
:40077814 B040 mov al, 40
:40077816 E839E2F9FF call 40015A54
:4007781B 85C0 test eax, eax
:4007781D 7511 jne 40077830--------------------------sixth jump
:4007781F 8B966C030000 mov edx, dword ptr [esi+0000036C]
:40077825 B05B mov al, 5B
:40077827 E828E2F9FF call 40015A54
:4007782C 85C0 test eax, eax
:4007782E 747D je 400778AD--------------------------big jump
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:|:400777D9(C),
:400777EA(C), :400777FB(C), :4007780C(C), :4007781D(C)
:40077830 C6864804000001 mov byte ptr [esi+00000448], 01
:40077837 8BC6 mov eax, esi
:40077839 E83216FFFF call 40068E70
:4007783E 8B86F8020000 mov eax, dword ptr [esi+000002F8]
:40077844 8B8010020000 mov eax, dword ptr [eax+00000210]
:4007784A 8B10 mov edx, dword ptr [eax]
:4007784C FF5240 call [edx+40]
:4007784F 8B86FC020000 mov eax, dword ptr [esi+000002FC]
:40077855 E89A26FBFF call 40029EF4
:4007785A 33D2 xor edx, edx
:4007785C 8BC6 mov eax, esi
:4007785E E89D17FFFF call 40069000
:40077863 33D2 xor edx, edx
:40077865 8B8610030000 mov eax, dword ptr [esi+00000310]
:4007786B 8B08 mov ecx, dword ptr [eax]
:4007786D FF515C call [ecx+5C]
:40077870 33D2 xor edx, edx
:40077872 8B86EC020000 mov eax, dword ptr [esi+000002EC]
:40077878 8B08 mov ecx, dword ptr [eax]
:4007787A FF515C call [ecx+5C]
:4007787D 33C0 xor eax, eax
:4007787F 898674030000 mov dword ptr [esi+00000374], eax
:40077885 33C0 xor eax, eax
:40077887 898678030000 mov dword ptr [esi+00000378], eax
:4007788D 8B8618030000 mov eax, dword ptr [esi+00000318]
:40077893 E8A00BFBFF call 40028438
:40077898 8BC6 mov eax, esi
:4007789A E8591DFFFF call 400695F8
* Possible StringData Ref from Code Obj ->"No pattern matching in this free "
->"version"
:4007789F BACC780740 mov edx, 400778CC
:400778A4 8BC6 mov eax, esi
:400778A6 E8D126FFFF call 40069F7C
:400778AB EB10 jmp 400778BD--------------------------small jump
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:4007782E(C)
:400778AD C6864804000000 mov byte ptr [esi+00000448], 00
:400778B4 8BC6 mov eax, esi
:400778B6 E81DC8FFFF call 400740D8
:400778BB 8BD8 mov ebx, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:400778AB(U)
:400778BD 8BC3 mov eax, ebx
:400778BF 5E pop esi
:400778C0 5B pop ebx
:400778C1 C3 ret
Anexes :
:40015A54 B901000000 mov ecx, 00000001
:40015A59 E802000000 call 40015A60
:40015A5E C3 ret
:40015A60 53 push ebx
* Possible StringData Ref from Code Obj ->"Word not found: "
:4006A0FE BA3CA10640 mov edx, 4006A13C
:4006A103 E8389DF9FF call 40003E40
:4006A108 8B55FC mov edx, dword ptr [ebp-04]
:4006A10B 8BC3 mov eax, ebx
:4006A10D E86AFEFFFF call 40069F7C
:4006A112 33C0 xor eax, eax
:4006A114 5A pop edx
:4006A115 59 pop ecx
:4006A116 59 pop ecx
:4006A117 648910 mov dword ptr fs:[eax], edx
BIG JUMP
Address : 76C2Eh Orriginal value : je
big jump tries
jmp = something ( makes all searches give the nag)
jg = something ( makes all searches give the nag)
jl = something ( makes all searches give the nag)
jnz = something ( makes all searches give the nag)
jn = something ( makes all searches give the nag)
SMALL JUMP
Address : 76CABh Orriginal value : jmp
small jump tries
jne = nothing
je = something (it disabled the nag mesage and proceded but broke the searching process)
nop = error
jbe = error
JE + JA = (it disabled the nag mesage and proceded but broke the searching process)
JE + JN = (it disabled the nag mesage and proceded but broke the searching process)
conclusion 1 : if big jump does not happen prog will allways give the nag
conclusion 2 : turning the small jump from a direct one to a if equal one removes the nag