INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS
Come Join Us!
Are you a
Computer / IT professional?
Join Tek-Tips now!
- Talk With Other Members
- Be Notified Of Responses
To Your Posts
- Keyword Search
- One-Click Access To Your
Favorite Forums
- Automated Signatures
On Your Posts
- Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.
Partner With Us!
"Best Of Breed" Forums Add Stickiness To Your Site
(Download This Button Today!)
Feedback
"...I have answered some questions and have gotten answers for my questions. Anywhere you can do this on one page helps tremendously..."
Geography
Where in the world do Tek-Tips members come from?
|
"inserting code into a dll"
|
|
|
ADoozer (Programmer) |
24 Apr 06 11:44 |
im not realy sure if this should be posted in visual c++ or here, but this is the scenario. (note: i am no assembly programmer, i just understand the basics) i have a project which loads a DLL (win32). this dll manages connections to a server. anyway. i dont have access to the code of this dll, only the compiled release. what i want to do is insert a simple ip check into the DLL because some nice people on the internet are filling the server with "fake players". i have read articles on code injection (such as http://www.codeproject.com/threads/winspy.asp) but was wondering if there was a simpler way to "patch" the dll itself. ie can i simply write some code to check the ip and insert it into the dll and modify a few calls? i can post the function if it would help the understanding of my question but in a pseudo code way. CODEvoid somefunction(..some params)
{
len=recvfrom(..some params)
if(len && len!=ERROR)
if(buff[0]=0x00)
//before i process the requested feature
//i want to check ip address for being banned
//if so i want to return
if(buff[1]=0x01)
else(buff[1]=0x03)
else()
else
//not interested in this section
return
} hope that makes sense. if any more info is needed to post an answer ask away :D thnx in advance If somethings hard to do, its not worth doing - Homer Simpson |
|
Since a DLL is just a Library, you could extract the object
you wanted to change, write your one, and insert that
in the DLL.
For all those people that ask this question in this forum
I will once tell what DLL stands for.
DLL == Dynamic Link Library,
It can be build by almost anly linker that handles 32 bit
code and the linker is included with your assembly
program.
So there is one for MASM, NASM, TASM, etc
Tessa
|
|
|
ADoozer (Programmer) |
25 Apr 06 9:37 |
im not sure i follow you. Quote:you could extract the object
you wanted to change, write your one, and insert that
in the DLL.
since the additional code would be larger than the original i simply cannot just insert it? or can i? (im not actualy trying to change anything. i want to add to the existing code) i dont know if this will help but ill post the code (apologies.. this next section is long) CODE/* This file was automatically created by
* Reverse Engineering Compiler 2.0 (C) Giampiero Caprino (Sep 19 2005)
* Input file: 'T:\REC\ServerDLL\server.dll'
*/
/* Procedure: 0x1004270C - 0x10042819
* Argument size: 4
* Local size: 0
* Save regs size: 0
*/
L1004270c(A4, A8, A10)
/* unknown */ void A4;
/* unknown */ void A8;
/* unknown */ void A10;
{
(save)ebp;
ebp = esp;
esp = esp - 0x10;
(save)esi;
(save)edi;
edi = ecx;
edx = *(edi + 0x90);
if(edx != 0) {
esi = *(ebp + 8);
(save)ebx;
ebx = ebp - 0x10;
eax = *(esi + 0x58);
eax = L10041450(edi, edx, *(esi + 0x54), eax, ebx);
for((restore)ebx; eax != -1 && eax != 0; eax = L10041450(edi, *(edi + 0x90), ecx, eax, ebp - 0x10)) {
*(esi + 0x34) = ax;
eax = *(esi + 0x54);
ecx = edi;
(save)ebp - 0x10;
if(*eax != 0) {
eax = L1004171C();
if(eax != 0) {
goto L100427dc;
}
if(*( *(edi + 0x48) + 0xb4) != 0) {
(save) *(ebp - 0xe);
*(ebp + 8) = *(ebp - 0xc);
*(ebp + 9) = *(ebp - 0xb);
*(ebp + 0xa) = *(ebp - 0xa);
*(ebp + 0xb) = *(ebp - 9);
ecx = *(edi + 0x48);
(save) *L100691bc();
eax = ebp + 8;
(save)eax;
(save)esi;
*( *( *(ecx + 0xb4)) + 0xc)();
}
} else {
//this is the bit we are interested in//
(save)esi;
L100422FA();
}
eax = *(esi + 0x58);
ecx = *(esi + 0x54);
}
}
eax = 0;
L100427d6:
(restore)edi;
(restore)esi;
esp = ebp;
(restore)ebp;
return;
L100427dc:
*(esi + 0x3c) = eax;
eax = 1;
goto L100427d6;
eax = A10;
if(eax != 0) {
edx = *(ecx + 0x90);
if(edx == 0 || *(eax + 0xdc) == 0) {
goto L10042815;
}
eax = L100416BC(edx, A4, A8, eax + 0xbc);
} else {
L10042815:
eax = 0;
}
}
Address Mnemonic SP In SP Out SP offs Intermediate Representation
1004270c: push ebp 0 28 0 (save)ebp
1004270d: mov ebp,esp 4 ebp = esp
1004270f: sub esp,+0x10 4 esp = esp - 0x10
10042712: push esi 20 (save)esi
10042713: push edi 24 (save)edi
10042714: mov edi,ecx 28 edi = ecx
10042716: mov edx,[edi+0x90] 28 edx = *(edi + 0x90)
1004271c: test edx,edx 28 edx :: 0
1004271e: jz 0x100427d4 28 == ? L100427d4 :
10042724: mov esi,[ebp+0x8] 28 28 28 esi = *(ebp + 8)
10042727: push ebx 28 (save)ebx
10042728: lea ebx,[ebp-0x10] 32 ebx = ebp - 0x10
1004272b: mov eax,[esi+0x58] 32 eax = *(esi + 0x58)
1004272e: mov ecx,[esi+0x54] 32 ecx = *(esi + 0x54)
10042731: push ebx 32 (save)ebx
10042732: push eax 36 (save)eax
10042733: push ecx 40 (save)ecx
10042734: push edx 44 (save)edx
10042735: push edi 48 (save)edi
10042736: call 0x10041450 52 eax = L10041450()
1004273b: add esp,+0x14 52 esp = esp + 0x14
1004273e: pop ebx 32 (restore)ebx
1004273f: jmp 0x100427cb 28 goto L100427cb
10042744: test eax,eax 28 28 28 eax :: 0
10042746: jz 0x100427d4 28 == ? L100427d4 :
1004274c: mov [esi+0x34],ax 0 4 0 *(esi + 0x34) = ax
10042750: mov eax,[esi+0x54] 0 eax = *(esi + 0x54)
10042753: mov ecx,edi 0 ecx = edi
10042755: cmp byte [eax],0x0 0 *eax :: 0
10042758: lea eax,[ebp-0x10] 0 eax = ebp - 0x10
1004275b: push eax 0 (save)eax
1004275c: jnz 0x10042766 4 != ? 0x10042766 :
1004275e: push esi 4 28 4 (save)esi
1004275f: call 0x100422fa 8 eax = L100422FA()
10042764: jmp short 0x100427b0 28 goto L100427b0
10042766: call 0x1004171c 4 0 4 eax = L1004171C()
1004276b: test eax,eax 0 eax :: 0
1004276d: jnz 0x100427dc 0 != ? 0x100427dc :
1004276f: mov eax,[edi+0x48] 0 0 0 eax = *(edi + 0x48)
10042772: cmp dword [eax+0xb4],+0x0 0 *(eax + 0xb4) :: 0
10042779: jz 0x100427b0 0 == ? L100427b0 :
1004277b: mov al,[ebp-0xc] 0 16 0 al = *(ebp - 0xc)
1004277e: push dword [ebp-0xe] 0 (save) *(ebp - 0xe)
10042781: mov [ebp+0x8],al 4 *(ebp + 8) = al
10042784: mov al,[ebp-0xb] 4 al = *(ebp - 0xb)
10042787: mov [ebp+0x9],al 4 *(ebp + 9) = al
1004278a: mov al,[ebp-0xa] 4 al = *(ebp - 0xa)
1004278d: mov [ebp+0xa],al 4 *(ebp + 0xa) = al
10042790: mov al,[ebp-0x9] 4 al = *(ebp - 9)
10042793: mov [ebp+0xb],al 4 *(ebp + 0xb) = al
10042796: call [0x100691bc] 4 eax = *L100691bc()
1004279c: mov ecx,[edi+0x48] 4 ecx = *(edi + 0x48)
1004279f: push eax 4 (save)eax
100427a0: lea eax,[ebp+0x8] 8 eax = ebp + 8
100427a3: mov ecx,[ecx+0xb4] 8 ecx = *(ecx + 0xb4)
100427a9: push eax 8 (save)eax
100427aa: push esi 12 (save)esi
100427ab: mov edx,[ecx] 16 edx = *ecx
100427ad: call [edx+0xc] 16 eax = *(edx + 0xc)()
100427b0: mov eax,[esi+0x58] 28 28 28 eax = *(esi + 0x58)
100427b3: mov ecx,[esi+0x54] 28 ecx = *(esi + 0x54)
100427b6: lea edx,[ebp-0x10] 28 edx = ebp - 0x10
100427b9: push edx 28 (save)edx
100427ba: push eax 32 (save)eax
100427bb: push ecx 36 (save)ecx
100427bc: push dword [edi+0x90] 40 (save) *(edi + 0x90)
100427c2: push edi 44 (save)edi
100427c3: call 0x10041450 48 eax = L10041450()
100427c8: add esp,+0x14 48 esp = esp + 0x14
100427cb: cmp eax,-0x1 28 28 28 eax :: 0 - 1
100427ce: jnz 0x10042744 28 != ? 0x10042744 :
100427d4: xor eax,eax 28 28 28 eax = eax ^ eax
100427d6: pop edi 28 0 28 (restore)edi
100427d7: pop esi 24 (restore)esi
100427d8: leave -8 esp = ebp
100427d9: ret 0x4 0 return
100427dc: mov [esi+0x3c],eax 0 0 0 *(esi + 0x3c) = eax
100427df: xor eax,eax 0 eax = eax ^ eax
100427e1: inc eax 0 eax = eax + 1
100427e2: jmp short 0x100427d6 0 goto L100427d6
100427e4: mov eax,[esp+0x10] 0 0 0 eax = *(esp + 0x10)
100427e8: test eax,eax 0 eax :: 0
100427ea: jz 0x10042815 0 == ? L10042815 :
100427ec: mov edx,[ecx+0x90] 0 0 0 edx = *(ecx + 0x90)
100427f2: test edx,edx 0 edx :: 0
100427f4: jz 0x10042815 0 == ? L10042815 :
100427f6: cmp dword [eax+0xdc],+0x0 0 0 0 *(eax + 0xdc) :: 0
100427fd: jz 0x10042815 0 == ? L10042815 :
100427ff: add eax,0xbc 0 0 0 eax = eax + 0xbc
10042804: push eax 0 (save)eax
10042805: push dword [esp+0xc] 4 (save) *(esp + 0xc)
10042809: push dword [esp+0xc] 8 (save) *(esp + 0xc)
1004280d: push edx 12 (save)edx
1004280e: call 0x100416bc 16 eax = L100416BC()
10042813: jmp short 0x10042817 0 goto L10042817
10042815: xor eax,eax 0 0 0 eax = eax ^ eax
10042817: ret 0x10 0 0 0 return
/* Procedure: 0x100422FA - 0x100426C2
* Argument size: -48
* Local size: 28
* Save regs size: 0
* Called by:
* L1004270C()
*/
L100422fa(A8, Ab, Ac)
/* unknown */ void A8;
/* unknown */ void Ab;
/* unknown */ void Ac;
{
/* unknown */ void Vffffffe4;
/* unknown */ void Vfffffff4;
/* unknown */ void Vfffffff8;
/* unknown */ void Vfffffffc;
Vfffffffc = 0;
(save)ebx;
(save)esi;
(save)edi;
edi = A8;
ebx = ecx;
ecx = edi;
*(edi + 0x38) = 1;
Ab = L10017F65(0); <<--read next byte
if(!( *(edi + 0x40) & 2)) {
esi = Ac;
if(*(ebx + 0x7c) == 0) {
goto L10042622;
}
(save)esi;
eax = L100426C3(ebx); <<--is this checking the guiid??
(restore)ecx;
if(eax == 0) {
if(Ab != 1) { <<--this is the query 0x01 (\x00\x01 + {guiid} 19 bytes total)
goto L1004243c;
}
ecx = edi;
L1002EA1E( & Vffffffe4, 0x10); <<--no idea?!
eax = L10059860( & Vffffffe4, *(ebx + 0x48) + 0xf0, 0x10);
if(eax == 0) {
//this is where i want to check the IP
if(M1007f6a8 != eax) { <<--frig this code so we get the debug (offset 00042382: change 74 to 75)
(save) *(esi + 2);
*L100691bc();
(save)ax & 65535;
(save) *(esi + 7) & 0xff;
(save) *(esi + 6) & 0xff;
(save) *(esi + 5) & 0xff;
(save) *(esi + 4) & 0xff;
(save)"IP: Received query from %d.%d.%d.%d:%d, sending response";
L10011A1F();
}
ecx = edi;
L10017F65(0); <<--read next byte?
A8 = al;
ecx = & Vfffffffc;
L100121DE(L1002E963( & Ac, 0x44c, 0x44c));
ecx = Ac;
if(ecx != 0) {
*( *ecx + 8)();
}
*( *(Vfffffffc + 0x54)) = 0;
ecx = Vfffffffc;
L10017FCD(2);
eax = *(ebx + 0x98);
if(eax == 0) {
eax = 0x1007b534;
}
ecx = Vfffffffc;
L1002EA7C(eax);
ecx = Vfffffffc;
L10017FCD(A8); <<--check if packet too long?
eax = Vfffffffc;
ecx = ebx;
eax = L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, esi); <<--leads to wsock32.sendto
goto L100426b0;
L1004243c:
if(Ab != 3) { <<--this is the join 0x03 (\x00\x03\x00 + {guiid} 19 bytes total)
goto L10042622;
}
//this is where i want to check the IP
if(M1007f6a8 != 0) { <<--frig this code so we get the debug (offset 0004244D: change 74 to 75)
(save) *(esi + 2);
*L100691bc();
(save)ax & 65535;
(save) *(esi + 7) & 0xff;
(save) *(esi + 6) & 0xff;
(save) *(esi + 5) & 0xff;
(save) *(esi + 4) & 0xff;
(save)"IP: Received conn request from %d.%d.%d.%d:%d, sending response";
L10011A1F();
}
ecx = edi;
L10017F65(0);
ecx = edi;
eax = L1002EA1E( & Vffffffe4, 0x10);
if(!( *(edi + 0x40) & 2)) {
Vfffffff4 = 0;
if(L10059860( *(ebx + 0x48) + 0xf0, & Vffffffe4, 0x10) != 0) {
Vfffffff4 = 1;
} else {
if(*(ebx + 0x9c) < *(ebx + 0x94)) {
edi = L1003150D(0xe0);
if(edi != 0) {
ecx = edi;
L1002908D();
*(edi + 0xd8) = 0;
eax = edi;
Vfffffff8 = eax;
} else {
Vfffffff8 = 0;
eax = Vfffffff8;
}
edi = eax + 0xbc;
*edi = *esi;
edi = edi + 4;
esi = esi + 4;
*edi = *esi;
edi = edi + 4;
esi = esi + 4;
*edi = *esi;
edi = edi + 4;
esi = esi + 4;
*edi = *esi;
edi = edi + 4;
esi = esi + 4;
*(eax + 0xdc) = 0;
*(eax + 0x30) = ebx;
ecx = *(ebx + 0x48);
if(L1002AB44(eax) != 0) {
esi = Vfffffff8;
ecx = ebx + 0x9c;
L10043463(esi, esi + 0xcc);
ecx = & Vfffffffc;
L100121DE(L1002E963( & A8, 0x44c, 0x44c));
ecx = A8;
if(ecx != 0) {
*( *ecx + 8)();
}
edi = 5; <<--the 0x05 reply
*( *(Vfffffffc + 0x54)) = 0;
ecx = Vfffffffc;
L10017FCD(5);
do {
eax = Vfffffffc;
ecx = ebx;
L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, Ac); <<--leads to wsock32.sendto
} while(edi = edi - 1);
*(esi + 0xdc) = 1;
ecx = *(ebx + 0x48);
eax = L1002A9B7(esi);
goto L100426b0;
}
ecx = Vfffffff8;
L100421C2(1);
esi = Ac;
}
}
ecx = & Vfffffffc;
L100121DE(L1002E963( & Ac, 0x44c, 0x44c));
ecx = Ac;
if(ecx != 0) {
*( *ecx + 8)();
}
*( *(Vfffffffc + 0x54)) = 0;
ecx = Vfffffffc;
if(Vfffffff4 != 0) {
(save)7;
} else {
(save)6;
}
L10017FCD();
eax = Vfffffffc;
ecx = ebx;
eax = L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, esi);
L10042622:
if(Ab == 0) {
ecx = ebx;
eax = L1004171C(esi);
edi = eax;
if(edi != 0) {
if(M1007f6a8 != 0) {
(save) *(esi + 2);
*L100691bc();
(save)ax & 65535;
(save) *(esi + 7) & 0xff;
(save) *(esi + 6) & 0xff;
(save) *(esi + 5) & 0xff;
(save) *(esi + 4) & 0xff;
(save)"Got TCPSUB_DISCONNECT from %d.%d.%d.%d:%d";
L10011A1F();
}
ecx = *( *(ebx + 0x48) + 0xb4);
if(ecx != 0) {
(save)0x1007b534;
(save)4;
*( *ecx + 0x10)();
}
ecx = *(ebx + 0x48);
L1002AC2E(edi);
eax = edi + 0xcc;
ecx = ebx + 0x9c;
L100434A5(eax);
ecx = edi;
eax = L100421C2(1);
}
}
}
}
}
}
L100426b0:
ecx = Vfffffffc;
if(ecx != 0) {
eax = *( *ecx + 8)();
}
(restore)edi;
(restore)esi;
(restore)ebx;
}
Address Mnemonic SP In SP Out SP offs Intermediate Representation
100422fa: push ebp 0 44 0 (save)ebp
100422fb: mov ebp,esp 4 ebp = esp
100422fd: sub esp,+0x1c 4 esp = esp - 0x1c
10042300: and dword [ebp-0x4],+0x0 32 *(ebp - 4) = *(ebp - 4) & 0
10042304: push ebx 32 (save)ebx
10042305: push esi 36 (save)esi
10042306: push edi 40 (save)edi
10042307: mov edi,[ebp+0x8] 44 edi = *(ebp + 8)
1004230a: mov ebx,ecx 44 ebx = ecx
1004230c: push +0x0 44 (save)0
1004230e: mov ecx,edi 48 ecx = edi
10042310: mov word [edi+0x38],0x1 48 *(edi + 0x38) = 1
10042316: call 0x10017f65 48 eax = L10017F65()
1004231b: test byte [edi+0x40],0x2 44 *(edi + 0x40) & 2
1004231f: mov [ebp+0xb],al 44 *(ebp + 0xb) = al
10042322: jnz 0x100426b0 44 != ? 0x100426b0 :
10042328: cmp dword [ebx+0x7c],+0x0 44 44 44 *(ebx + 0x7c) :: 0
1004232c: mov esi,[ebp+0xc] 44 esi = *(ebp + 0xc)
1004232f: jz 0x10042622 44 == ? L10042622 :
10042335: push esi 44 44 44 (save)esi
10042336: push ebx 48 (save)ebx
10042337: call 0x100426c3 52 eax = L100426C3()
1004233c: pop ecx 52 (restore)ecx
1004233d: test eax,eax 48 eax :: 0
1004233f: pop ecx 48 (restore)ecx
10042340: jnz 0x100426b0 44 != ? 0x100426b0 :
10042346: cmp byte [ebp+0xb],0x1 44 44 44 *(ebp + 0xb) :: 1
1004234a: jnz 0x1004243c 44 != ? 0x1004243c :
10042350: lea eax,[ebp-0x1c] 44 44 44 eax = ebp - 0x1c
10042353: push +0x10 44 (save)0x10
10042355: push eax 48 (save)eax
10042356: mov ecx,edi 52 ecx = edi
10042358: call 0x1002ea1e 52 eax = L1002EA1E()
1004235d: mov eax,[ebx+0x48] 44 eax = *(ebx + 0x48)
10042360: push +0x10 44 (save)0x10
10042362: add eax,0xf0 48 eax = eax + 0xf0
10042367: push eax 48 (save)eax
10042368: lea eax,[ebp-0x1c] 52 eax = ebp - 0x1c
1004236b: push eax 52 (save)eax
1004236c: call 0x10059860 56 eax = L10059860()
10042371: add esp,+0xc 56 esp = esp + 0xc
10042374: test eax,eax 44 eax :: 0
10042376: jnz 0x100426b0 44 != ? 0x100426b0 :
1004237c: cmp [0x1007f6a8],eax 44 44 44 M1007f6a8 :: eax
10042382: jz 0x100423b4 44 == ? L100423b4 :
10042384: mov ax,[esi+0x2] 44 48 44 ax = *(esi + 2)
10042388: push eax 44 (save)eax
10042389: call [0x100691bc] 48 eax = *L100691bc()
1004238f: movzx eax,ax 48 eax = ax & 65535
10042392: push eax 48 (save)eax
10042393: movzx eax,byte [esi+0x7] 52 eax = *(esi + 7) & 0xff
10042397: push eax 52 (save)eax
10042398: movzx eax,byte [esi+0x6] 56 eax = *(esi + 6) & 0xff
1004239c: push eax 56 (save)eax
1004239d: movzx eax,byte [esi+0x5] 60 eax = *(esi + 5) & 0xff
100423a1: push eax 60 (save)eax
100423a2: movzx eax,byte [esi+0x4] 64 eax = *(esi + 4) & 0xff
100423a6: push eax 64 (save)eax
100423a7: push dword 0x10074fb8 68 (save)"IP: Received query from %d.%d.%d.%d:%d, sending response"
100423ac: call 0x10011a1f 72 eax = L10011A1F()
100423b1: add esp,+0x18 72 esp = esp + 0x18
100423b4: push +0x0 44 44 44 (save)0
100423b6: mov ecx,edi 48 ecx = edi
100423b8: call 0x10017f65 48 eax = L10017F65()
100423bd: mov [ebp+0x8],al 44 *(ebp + 8) = al
100423c0: mov eax,0x44c 44 eax = 0x44c
100423c5: push eax 44 (save)eax
100423c6: push eax 48 (save)eax
100423c7: lea eax,[ebp+0xc] 52 eax = ebp + 0xc
100423ca: push eax 52 (save)eax
100423cb: call 0x1002e963 56 eax = L1002E963()
100423d0: add esp,+0xc 56 esp = esp + 0xc
100423d3: lea ecx,[ebp-0x4] 44 ecx = ebp - 4
100423d6: push eax 44 (save)eax
100423d7: call 0x100121de 48 eax = L100121DE()
100423dc: mov ecx,[ebp+0xc] 44 ecx = *(ebp + 0xc)
100423df: test ecx,ecx 44 ecx :: 0
100423e1: jz 0x100423e8 44 == ? L100423e8 :
100423e3: mov eax,[ecx] 44 44 44 eax = *ecx
100423e5: call [eax+0x8] 44 eax = *(eax + 8)()
100423e8: mov eax,[ebp-0x4] 44 44 44 eax = *(ebp - 4)
100423eb: push +0x2 44 (save)2
100423ed: mov eax,[eax+0x54] 48 eax = *(eax + 0x54)
100423f0: and byte [eax],0x0 48 *eax = *eax & 0
100423f3: mov ecx,[ebp-0x4] 48 ecx = *(ebp - 4)
100423f6: call 0x10017fcd 48 eax = L10017FCD()
100423fb: mov eax,[ebx+0x98] 44 eax = *(ebx + 0x98)
10042401: test eax,eax 44 eax :: 0
10042403: jnz 0x1004240a 44 != ? 0x1004240a :
10042405: mov eax,0x1007b534 44 44 44 eax = 0x1007b534
1004240a: mov ecx,[ebp-0x4] 44 44 44 ecx = *(ebp - 4)
1004240d: push eax 44 (save)eax
1004240e: call 0x1002ea7c 48 eax = L1002EA7C()
10042413: push dword [ebp+0x8] 44 (save) *(ebp + 8)
10042416: mov ecx,[ebp-0x4] 48 ecx = *(ebp - 4)
10042419: call 0x10017fcd 48 eax = L10017FCD()
1004241e: mov eax,[ebp-0x4] 44 eax = *(ebp - 4)
10042421: push esi 44 (save)esi
10042422: movzx ecx,word [eax+0x34] 48 ecx = *(eax + 0x34) & 65535
10042426: push ecx 48 (save)ecx
10042427: mov ecx,ebx 52 ecx = ebx
10042429: push dword [eax+0x54] 52 (save) *(eax + 0x54)
1004242c: push dword [ebx+0x90] 56 (save) *(ebx + 0x90)
10042432: call 0x100416bc 60 eax = L100416BC()
10042437: jmp 0x100426b0 44 goto L100426b0
1004243c: cmp byte [ebp+0xb],0x3 44 44 44 *(ebp + 0xb) :: 3
10042440: jnz 0x10042622 44 != ? 0x10042622 :
10042446: cmp dword [0x1007f6a8],+0x0 44 44 44 M1007f6a8 :: 0
1004244d: jz 0x1004247f 44 == ? L1004247f :
1004244f: mov ax,[esi+0x2] 44 48 44 ax = *(esi + 2)
10042453: push eax 44 (save)eax
10042454: call [0x100691bc] 48 eax = *L100691bc()
1004245a: movzx eax,ax 48 eax = ax & 65535
1004245d: push eax 48 (save)eax
1004245e: movzx eax,byte [esi+0x7] 52 eax = *(esi + 7) & 0xff
10042462: push eax 52 (save)eax
10042463: movzx eax,byte [esi+0x6] 56 eax = *(esi + 6) & 0xff
10042467: push eax 56 (save)eax
10042468: movzx eax,byte [esi+0x5] 60 eax = *(esi + 5) & 0xff
1004246c: push eax 60 (save)eax
1004246d: movzx eax,byte [esi+0x4] 64 eax = *(esi + 4) & 0xff
10042471: push eax 64 (save)eax
10042472: push dword 0x10074f78 68 (save)"IP: Received conn request from %d.%d.%d.%d:%d, sending response"
10042477: call 0x10011a1f 72 eax = L10011A1F()
1004247c: add esp,+0x18 72 esp = esp + 0x18
1004247f: push +0x0 44 44 44 (save)0
10042481: mov ecx,edi 48 ecx = edi
10042483: call 0x10017f65 48 eax = L10017F65()
10042488: lea eax,[ebp-0x1c] 44 eax = ebp - 0x1c
1004248b: push +0x10 44 (save)0x10
1004248d: push eax 48 (save)eax
1004248e: mov ecx,edi 52 ecx = edi
10042490: call 0x1002ea1e 52 eax = L1002EA1E()
10042495: test byte [edi+0x40],0x2 44 *(edi + 0x40) & 2
10042499: jnz 0x100426b0 44 != ? 0x100426b0 :
1004249f: and dword [ebp-0xc],+0x0 44 44 44 *(ebp - 0xc) = *(ebp - 0xc) & 0
100424a3: lea eax,[ebp-0x1c] 44 eax = ebp - 0x1c
100424a6: push +0x10 44 (save)0x10
100424a8: push eax 48 (save)eax
100424a9: mov eax,[ebx+0x48] 52 eax = *(ebx + 0x48)
100424ac: add eax,0xf0 52 eax = eax + 0xf0
100424b1: push eax 52 (save)eax
100424b2: call 0x10059860 56 eax = L10059860()
100424b7: add esp,+0xc 56 esp = esp + 0xc
100424ba: test eax,eax 44 eax :: 0
100424bc: jz 0x100424ca 44 == ? L100424ca :
100424be: mov dword [ebp-0xc],0x1 44 44 44 *(ebp - 0xc) = 1
100424c5: jmp 0x100425c4 44 goto L100425c4
100424ca: mov eax,[ebx+0x9c] 44 44 44 eax = *(ebx + 0x9c)
100424d0: cmp eax,[ebx+0x94] 44 eax :: *(ebx + 0x94)
100424d6: jnc 0x100425c4 44 >= ? L100425c4 :
100424dc: push dword 0xe0 44 44 44 (save)0xe0
100424e1: call 0x1003150d 48 eax = L1003150D()
100424e6: mov edi,eax 48 edi = eax
100424e8: pop ecx 48 (restore)ecx
100424e9: test edi,edi 44 edi :: 0
100424eb: jz 0x10042502 44 == ? L10042502 :
100424ed: mov ecx,edi 44 44 44 ecx = edi
100424ef: call 0x1002908d 44 eax = L1002908D()
100424f4: and dword [edi+0xd8],+0x0 44 *(edi + 0xd8) = *(edi + 0xd8) & 0
100424fb: mov eax,edi 44 eax = edi
100424fd: mov [ebp-0x8],eax 44 *(ebp - 8) = eax
10042500: jmp short 0x10042509 44 goto L10042509
10042502: and dword [ebp-0x8],+0x0 44 44 44 *(ebp - 8) = *(ebp - 8) & 0
10042506: mov eax,[ebp-0x8] 44 eax = *(ebp - 8)
10042509: lea edi,[eax+0xbc] 44 44 44 edi = eax + 0xbc
1004250f: push eax 44 (save)eax
10042510: movsd 48 *edi = *esi
10042511: movsd 48 *edi = *esi
10042512: movsd 48 *edi = *esi
10042513: movsd 48 *edi = *esi
10042514: and dword [eax+0xdc],+0x0 48 *(eax + 0xdc) = *(eax + 0xdc) & 0
1004251b: mov [eax+0x30],ebx 48 *(eax + 0x30) = ebx
1004251e: mov ecx,[ebx+0x48] 48 ecx = *(ebx + 0x48)
10042521: call 0x1002ab44 48 eax = L1002AB44()
10042526: test eax,eax 44 eax :: 0
10042528: jz 0x100425b7 44 == ? L100425b7 :
1004252e: mov esi,[ebp-0x8] 44 44 44 esi = *(ebp - 8)
10042531: lea ecx,[ebx+0x9c] 44 ecx = ebx + 0x9c
10042537: lea eax,[esi+0xcc] 44 eax = esi + 0xcc
1004253d: push eax 44 (save)eax
1004253e: push esi 48 (save)esi
1004253f: call 0x10043463 52 eax = L10043463()
10042544: mov eax,0x44c 44 eax = 0x44c
10042549: push eax 44 (save)eax
1004254a: push eax 48 (save)eax
1004254b: lea eax,[ebp+0x8] 52 eax = ebp + 8
1004254e: push eax 52 (save)eax
1004254f: call 0x1002e963 56 eax = L1002E963()
10042554: add esp,+0xc 56 esp = esp + 0xc
10042557: lea ecx,[ebp-0x4] 44 ecx = ebp - 4
1004255a: push eax 44 (save)eax
1004255b: call 0x100121de 48 eax = L100121DE()
10042560: mov ecx,[ebp+0x8] 44 ecx = *(ebp + 8)
10042563: test ecx,ecx 44 ecx :: 0
10042565: jz 0x1004256c 44 == ? L1004256c :
10042567: mov eax,[ecx] 44 44 44 eax = *ecx
10042569: call [eax+0x8] 44 eax = *(eax + 8)()
1004256c: mov eax,[ebp-0x4] 44 44 44 eax = *(ebp - 4)
1004256f: push +0x5 44 (save)5
10042571: pop edi 48 (restore)edi
10042572: mov eax,[eax+0x54] 44 eax = *(eax + 0x54)
10042575: push edi 44 (save)edi
10042576: and byte [eax],0x0 48 *eax = *eax & 0
10042579: mov ecx,[ebp-0x4] 48 ecx = *(ebp - 4)
1004257c: call 0x10017fcd 48 eax = L10017FCD()
10042581: mov eax,[ebp-0x4] 44 44 44 eax = *(ebp - 4)
10042584: push dword [ebp+0xc] 44 (save) *(ebp + 0xc)
10042587: movzx ecx,word [eax+0x34] 48 ecx = *(eax + 0x34) & 65535
1004258b: push ecx 48 (save)ecx
1004258c: mov ecx,ebx 52 ecx = ebx
1004258e: push dword [eax+0x54] 52 (save) *(eax + 0x54)
10042591: push dword [ebx+0x90] 56 (save) *(ebx + 0x90)
10042597: call 0x100416bc 60 eax = L100416BC()
1004259c: dec edi 44 edi = edi - 1
1004259d: jnz 0x10042581 44 != ? 0x10042581 :
1004259f: mov dword [esi+0xdc],0x1 44 44 44 *(esi + 0xdc) = 1
100425a9: mov ecx,[ebx+0x48] 44 ecx = *(ebx + 0x48)
100425ac: push esi 44 (save)esi
100425ad: call 0x1002a9b7 48 eax = L1002A9B7()
100425b2: jmp 0x100426b0 44 goto L100426b0
100425b7: mov ecx,[ebp-0x8] 44 44 44 ecx = *(ebp - 8)
100425ba: push +0x1 44 (save)1
100425bc: call 0x100421c2 48 eax = L100421C2()
100425c1: mov esi,[ebp+0xc] 44 esi = *(ebp + 0xc)
100425c4: mov eax,0x44c 44 44 44 eax = 0x44c
100425c9: push eax 44 (save)eax
100425ca: push eax 48 (save)eax
100425cb: lea eax,[ebp+0xc] 52 eax = ebp + 0xc
100425ce: push eax 52 (save)eax
100425cf: call 0x1002e963 56 eax = L1002E963()
100425d4: add esp,+0xc 56 esp = esp + 0xc
100425d7: lea ecx,[ebp-0x4] 44 ecx = ebp - 4
100425da: push eax 44 (save)eax
100425db: call 0x100121de 48 eax = L100121DE()
100425e0: mov ecx,[ebp+0xc] 44 ecx = *(ebp + 0xc)
100425e3: test ecx,ecx 44 ecx :: 0
100425e5: jz 0x100425ec 44 == ? L100425ec :
100425e7: mov eax,[ecx] 44 44 44 eax = *ecx
100425e9: call [eax+0x8] 44 eax = *(eax + 8)()
100425ec: mov eax,[ebp-0x4] 44 44 44 eax = *(ebp - 4)
100425ef: mov eax,[eax+0x54] 44 eax = *(eax + 0x54)
100425f2: and byte [eax],0x0 44 *eax = *eax & 0
100425f5: cmp dword [ebp-0xc],+0x0 44 *(ebp - 0xc) :: 0
100425f9: mov ecx,[ebp-0x4] 44 ecx = *(ebp - 4)
100425fc: jz 0x10042602 44 == ? L10042602 :
100425fe: push +0x7 44 48 44 (save)7
10042600: jmp short 0x10042604 48 goto L10042604
10042602: push +0x6 44 48 44 (save)6
10042604: call 0x10017fcd 48 44 48 eax = L10017FCD()
10042609: mov eax,[ebp-0x4] 44 eax = *(ebp - 4)
1004260c: push esi 44 (save)esi
1004260d: movzx ecx,word [eax+0x34] 48 ecx = *(eax + 0x34) & 65535
10042611: push ecx 48 (save)ecx
10042612: mov ecx,ebx 52 ecx = ebx
10042614: push dword [eax+0x54] 52 (save) *(eax + 0x54)
10042617: push dword [ebx+0x90] 56 (save) *(ebx + 0x90)
1004261d: call 0x100416bc 60 eax = L100416BC()
10042622: cmp byte [ebp+0xb],0x0 44 44 44 *(ebp + 0xb) :: 0
10042626: jnz 0x100426b0 44 != ? 0x100426b0 :
1004262c: push esi 44 44 44 (save)esi
1004262d: mov ecx,ebx 48 ecx = ebx
1004262f: call 0x1004171c 48 eax = L1004171C()
10042634: mov edi,eax 44 edi = eax
10042636: test edi,edi 44 edi :: 0
10042638: jz 0x100426b0 44 == ? L100426b0 :
1004263a: cmp dword [0x1007f6a8],+0x0 44 44 44 M1007f6a8 :: 0
10042641: jz 0x10042673 44 == ? L10042673 :
10042643: mov ax,[esi+0x2] 44 48 44 ax = *(esi + 2)
10042647: push eax 44 (save)eax
10042648: call [0x100691bc] 48 eax = *L100691bc()
1004264e: movzx eax,ax 48 eax = ax & 65535
10042651: push eax 48 (save)eax
10042652: movzx eax,byte [esi+0x7] 52 eax = *(esi + 7) & 0xff
10042656: push eax 52 (save)eax
10042657: movzx eax,byte [esi+0x6] 56 eax = *(esi + 6) & 0xff
1004265b: push eax 56 (save)eax
1004265c: movzx eax,byte [esi+0x5] 60 eax = *(esi + 5) & 0xff
10042660: push eax 60 (save)eax
10042661: movzx eax,byte [esi+0x4] 64 eax = *(esi + 4) & 0xff
10042665: push eax 64 (save)eax
10042666: push dword 0x10074f4c 68 (save)"Got TCPSUB_DISCONNECT from %d.%d.%d.%d:%d"
1004266b: call 0x10011a1f 72 eax = L10011A1F()
10042670: add esp,+0x18 72 esp = esp + 0x18
10042673: mov eax,[ebx+0x48] 44 44 44 eax = *(ebx + 0x48)
10042676: mov ecx,[eax+0xb4] 44 ecx = *(eax + 0xb4)
1004267c: test ecx,ecx 44 ecx :: 0
1004267e: jz 0x1004268c 44 == ? L1004268c :
10042680: mov eax,[ecx] 44 52 44 eax = *ecx
10042682: push dword 0x1007b534 44 (save)0x1007b534
10042687: push +0x4 48 (save)4
10042689: call [eax+0x10] 52 eax = *(eax + 0x10)()
1004268c: mov ecx,[ebx+0x48] 44 44 44 ecx = *(ebx + 0x48)
1004268f: push edi 44 (save)edi
10042690: call 0x1002ac2e 48 eax = L1002AC2E()
10042695: lea eax,[edi+0xcc] 44 eax = edi + 0xcc
1004269b: lea ecx,[ebx+0x9c] 44 ecx = ebx + 0x9c
100426a1: push eax 44 (save)eax
100426a2: call 0x100434a5 48 eax = L100434A5()
100426a7: push +0x1 44 (save)1
100426a9: mov ecx,edi 48 ecx = edi
100426ab: call 0x100421c2 48 eax = L100421C2()
100426b0: mov ecx,[ebp-0x4] 44 44 44 ecx = *(ebp - 4)
100426b3: test ecx,ecx 44 ecx :: 0
100426b5: jz 0x100426bc 44 == ? L100426bc :
100426b7: mov eax,[ecx] 44 44 44 eax = *ecx
100426b9: call [eax+0x8] 44 eax = *(eax + 8)()
100426bc: pop edi 44 0 44 (restore)edi
100426bd: pop esi 40 (restore)esi
100426be: pop ebx 36 (restore)ebx
100426bf: leave -12 esp = ebp
100426c0: ret 0x8 0 return If somethings hard to do, its not worth doing - Homer Simpson |
|
|
ADoozer (Programmer) |
25 Apr 06 9:43 |
hmm.. seem to have lost the end Full Listing If somethings hard to do, its not worth doing - Homer Simpson |
|
Like any library you can replace the existing object code in it with your own.
But be carefull that your code is errorless.
Assemble the source --> build an object file and
link it into the existing library.
If you don't know how check the manual that come's with your compiler/assembler.
Succes, Tessa |
|
|
ADoozer (Programmer) |
26 Apr 06 19:52 |
slightly more complex than i had hoped. for now ill go back to the code injection. thanx for the information :) If somethings hard to do, its not worth doing - Homer Simpson |
|
|
 |
|
Talk To Other Members
Read More Threads Like This One