📄 disasm.txt
字号:
H:\asm2\fileio\append\append.exe (hex) (dec)
.EXE size (bytes) 490 1168
Minimum load size (bytes) 450 1104
Overlay number 0 0
Initial CS:IP 0000:0000
Initial SS:SP 0000:00B8 184
Minimum allocation (para) 0 0
Maximum allocation (para) FFFF 65535
Header size (para) 4 4
Relocation table offset 40 64
Relocation entries 0 0
Portable Executable starts at b0
Signature 00004550 (PE)
Machine 014C (Intel 386)
Sections 0003
Time Date Stamp 42EF3F51 Tue Aug 2 20:39:29 2005
Symbol Table 00000000
Number of Symbols 00000000
Optional header size 00E0
Characteristics 010F
Relocation information stripped
Executable Image
Line numbers stripped
Local symbols stripped
32 bit word machine
Magic 010B
Linker Version 5.12
Size of Code 00000200
Size of Initialized Data 00000400
Size of Uninitialized Data 00000000
Address of Entry Point 00001000
Base of Code 00001000
Base of Data 00002000
Image Base 00400000
Section Alignment 00001000
File Alignment 00000200
Operating System Version 4.00
Image Version 0.00
Subsystem Version 4.00
reserved 00000000
Image Size 00004000
Header Size 00000400
Checksum 00000000
Subsystem 0003 (Console)
DLL Characteristics 0000
Size Of Stack Reserve 00100000
Size Of Stack Commit 00001000
Size Of Heap Reserve 00100000
Size Of Heap Commit 00001000
Loader Flags 00000000
Number of Directories 00000010
Directory Name VirtAddr VirtSize
-------------------------------------- -------- --------
Export 00000000 00000000
Import 00002020 00000028
Resource 00000000 00000000
Exception 00000000 00000000
Security 00000000 00000000
Base Relocation 00000000 00000000
Debug 00000000 00000000
Decription/Architecture 00000000 00000000
Machine Value (MIPS GP) 00000000 00000000
Thread Storage 00000000 00000000
Load Configuration 00000000 00000000
Bound Import 00000000 00000000
Import Address Table 00002000 00000020
Delay Import 00000000 00000000
COM Runtime Descriptor 00000000 00000000
(reserved) 00000000 00000000
Section Table
-------------
01 .text Virtual Address 00001000
Virtual Size 0000017E
Raw Data Offset 00000400
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics 60000020
Code
Executable
Readable
02 .rdata Virtual Address 00002000
Virtual Size 000000DC
Raw Data Offset 00000600
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics 40000040
Initialized Data
Readable
03 .data Virtual Address 00003000
Virtual Size 00000024
Raw Data Offset 00000800
Raw Data Size 00000200
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics C0000040
Initialized Data
Readable
Writeable
Imp Addr Hint Import Name from kernel32.dll - Not Bound
-------- ---- ---------------------------------------------------------------
00002000 30 CreateFileA
00002004 80 ExitProcess
00002008 236 SetFilePointer
0000200C 29E WriteFile
00002010 8F FindClose
00002014 93 FindFirstFileA
00002018 1A CloseHandle
IAT Entry
00000000: 00002076 00002084 - 00002092 000020A4 - 000020B0 000020BC
00000018: 00002068 00000000
Disassembly
00401000 start:
00401000 E807000000 call fn_0040100C
00401005 6A00 push 0
00401007 E854010000 call fn_00401160
0040100C fn_0040100C:
0040100C 55 push ebp
0040100D 8BEC mov ebp,esp
0040100F 83C4EC add esp,0FFFFFFECh
00401012 C745F400304000 mov dword ptr [ebp-0Ch],403000h
00401019 C745F00C304000 mov dword ptr [ebp-10h],40300Ch
00401020 90 nop
00401021 90 nop
00401022 90 nop
00401023 813C0618304000 cmp dword ptr [esi+eax],403018h
0040102A 33C0 xor eax,eax
0040102C 390406 cmp [esi+eax],eax
0040102F 833C0600 cmp dword ptr [esi+eax],0
00401033 90 nop
00401034 90 nop
00401035 90 nop
00401036 56 push esi
00401037 BE32000000 mov esi,32h
0040103C FF75F4 push dword ptr [ebp-0Ch]
0040103F E8DC000000 call fn_00401120
00401044 0BC0 or eax,eax
00401046 741F jz loc_00401067
00401048 6A00 push 0
0040104A 6880000000 push 80h
0040104F 6A03 push 3
00401051 6A00 push 0
00401053 6A00 push 0
00401055 68000000C0 push 0C0000000h
0040105A FF75F4 push dword ptr [ebp-0Ch]
0040105D E8F8000000 call fn_0040115A
00401062 8945EC mov [ebp-14h],eax
00401065 EB1D jmp loc_00401084
00401067 loc_00401067:
00401067 6A00 push 0
00401069 6880000000 push 80h
0040106E 6A02 push 2
00401070 6A00 push 0
00401072 6A00 push 0
00401074 68000000C0 push 0C0000000h
00401079 FF75F4 push dword ptr [ebp-0Ch]
0040107C E8D9000000 call fn_0040115A
00401081 8945EC mov [ebp-14h],eax
00401084 loc_00401084:
00401084 6A02 push 2
00401086 6A00 push 0
00401088 6A00 push 0
0040108A FF75EC push dword ptr [ebp-14h]
0040108D E8D4000000 call fn_00401166
00401092 8945FC mov [ebp-4],eax
00401095 loc_00401095:
00401095 FF75F0 push dword ptr [ebp-10h]
00401098 E833000000 call fn_004010D0
0040109D 6A00 push 0
0040109F 6820304000 push 403020h
004010A4 50 push eax
004010A5 8D45F0 lea eax,[ebp-10h]
004010A8 50 push eax
004010A9 FF75EC push dword ptr [ebp-14h]
004010AC E8BB000000 call fn_0040116C
004010B1 A120304000 mov eax,[403020h]
004010B6 8945F8 mov [ebp-8],eax
004010B9 83EE01 sub esi,1
004010BC 75D7 jnz loc_00401095
004010BE FF75EC push dword ptr [ebp-14h]
004010C1 E88E000000 call fn_00401154
004010C6 C9 leave
004010C7 C3 ret
004010C8 CC int 3
004010C9 CC int 3
004010CA CC int 3
004010CB CC int 3
004010CC CC int 3
004010CD CC int 3
004010CE CC int 3
004010CF CC int 3
004010D0 fn_004010D0:
004010D0 55 push ebp
004010D1 8BEC mov ebp,esp
004010D3 8B4508 mov eax,[ebp+8]
004010D6 83E804 sub eax,4
004010D9 loc_004010D9:
004010D9 83C004 add eax,4
004010DC 803800 cmp byte ptr [eax],0
004010DF 7430 jz loc_00401111
004010E1 80780100 cmp byte ptr [eax+1],0
004010E5 7420 jz loc_00401107
004010E7 80780200 cmp byte ptr [eax+2],0
004010EB 7410 jz loc_004010FD
004010ED 80780300 cmp byte ptr [eax+3],0
004010F1 75E6 jnz loc_004010D9
004010F3 2B4508 sub eax,[ebp+8]
004010F6 83C003 add eax,3
004010F9 C9 leave
004010FA C20400 ret 4
004010FD loc_004010FD:
004010FD 2B4508 sub eax,[ebp+8]
00401100 83C002 add eax,2
00401103 C9 leave
00401104 C20400 ret 4
00401107 loc_00401107:
00401107 2B4508 sub eax,[ebp+8]
0040110A 83C001 add eax,1
0040110D C9 leave
0040110E C20400 ret 4
00401111 loc_00401111:
00401111 2B4508 sub eax,[ebp+8]
00401114 C9 leave
00401115 C20400 ret 4
00401118 CC int 3
00401119 CC int 3
0040111A CC int 3
0040111B CC int 3
0040111C CC int 3
0040111D CC int 3
0040111E CC int 3
0040111F CC int 3
00401120 fn_00401120:
00401120 55 push ebp
00401121 8BEC mov ebp,esp
00401123 81C4C0FEFFFF add esp,0FFFFFEC0h
00401129 8D85C2FEFFFF lea eax,[ebp-13Eh]
0040112F 50 push eax
00401130 FF7508 push dword ptr [ebp+8]
00401133 E840000000 call fn_00401178
00401138 83F8FF cmp eax,0FFFFFFFFh
0040113B 7507 jnz loc_00401144
0040113D B800000000 mov eax,0
00401142 EB0B jmp loc_0040114F
00401144 loc_00401144:
00401144 50 push eax
00401145 E828000000 call fn_00401172
0040114A B801000000 mov eax,1
0040114F loc_0040114F:
0040114F C9 leave
00401150 C20400 ret 4
00401153 CC int 3
00401154 fn_00401154:
00401154 FF2518204000 jmp dword ptr [CloseHandle]
0040115A fn_0040115A:
0040115A FF2500204000 jmp dword ptr [CreateFileA]
00401160 fn_00401160:
00401160 FF2504204000 jmp dword ptr [ExitProcess]
00401166 fn_00401166:
00401166 FF2508204000 jmp dword ptr [SetFilePointer]
0040116C fn_0040116C:
0040116C FF250C204000 jmp dword ptr [WriteFile]
00401172 fn_00401172:
00401172 FF2510204000 jmp dword ptr [FindClose]
00401178 fn_00401178:
00401178 FF2514204000 jmp dword ptr [FindFirstFileA]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -