Recent Posts

Pages: [1] 2 3 ... 10
The Orphanage / training big understanding will teach me large fs:0
« Last post by Дмитро on Today at 11:52:57 AM »
Greetings to all! Good wishes. I'm glad in the forum again!

What it is? At the beginning of this code. What's going on here?

How to understand this? I wanted to understand thoroughly.

Code: [Select]
                 assume ds:_data

 ; =============== S U B R O U T I N E =======================================

 ; Attributes: library function noreturn bp-based frame

                 public start
 start           proc near               ; DATA XREF: HEADER:00400120o

 var_74          = dword ptr -74h
 var_70          = byte ptr -70h
 var_6C          = dword ptr -6Ch
 var_68          = dword ptr -68h
 var_64          = byte ptr -64h
 var_60          = byte ptr -60h
 StartupInfo     = _STARTUPINFOA ptr -5Ch
 var_18          = dword ptr -18h
 var_4           = dword ptr -4

                 push    ebp
                 mov     ebp, esp
                 push    0FFFFFFFFh      ;
                 push    offset dword_41D650 ;
                 push    offset loc_418654 ;
                 mov     eax, large fs:0 ;
                 push    eax             ;
                 mov     large fs:0, esp ;
                 sub     esp, 68h
                 push    ebx
                 push    esi
                 push    edi
                 mov     [ebp+var_18], esp
                 xor     ebx, ebx
                 mov     [ebp+var_4], ebx
                 push    2
                 call    ds:__set_app_type
                 pop     ecx
                 or      dword_5F6A24, 0FFFFFFFFh
                 or      dword_5F6A28, 0FFFFFFFFh
                 call    ds:__p__fmode
                 mov     ecx, dword_5F6A18
                 mov     [eax], ecx
                 call    ds:__p__commode
                 mov     ecx, dword_5F6A14
                 mov     [eax], ecx
                 mov     eax, ds:_adjust_fdiv
                 mov     eax, [eax]
                 mov     dword_5F6A20, eax
                 call    nullsub_1
                 cmp     dword_5F3F80, ebx
                 jnz     short loc_418579
                 push    offset sub_418684
                 call    ds:__setusermatherr
                 pop     ecx

 loc_418579:                             ; CODE XREF: start+75j
                 call    __setdefaultprecision
                 push    offset dword_421040
                 push    offset dword_42103C
                 call    _initterm
                 mov     eax, dword_5F6A10
                 mov     [ebp+var_6C], eax
                 lea     eax, [ebp+var_6C]
                 push    eax
                 push    dword_5F6A0C
                 lea     eax, [ebp+var_64]
                 push    eax
                 lea     eax, [ebp+var_70]
                 push    eax
                 lea     eax, [ebp+var_60]
                 push    eax
                 call    ds:__getmainargs
                 push    offset dword_421038
                 push    offset dword_421000
                 call    _initterm
                 add     esp, 24h
                 mov     eax, ds:_acmdln
                 mov     esi, [eax]
                 mov     [ebp+var_74], esi
                 cmp     byte ptr [esi], 22h
                 jnz     short loc_41860C

 loc_4185D2:                             ; CODE XREF: start+E8j
                 inc     esi
                 mov     [ebp+var_74], esi
                 mov     al, [esi]
                 cmp     al, bl
                 jz      short loc_4185E0
                 cmp     al, 22h
                 jnz     short loc_4185D2

 loc_4185E0:                             ; CODE XREF: start+E4j
                 cmp     byte ptr [esi], 22h
                 jnz     short loc_4185E9

 loc_4185E5:                             ; CODE XREF: start+FBj
                 inc     esi
                 mov     [ebp+var_74], esi

 loc_4185E9:                             ; CODE XREF: start+EDj
                                         ; start+119j
                 mov     al, [esi]
                 cmp     al, bl
                 jz      short loc_4185F3
                 cmp     al, 20h
                 jbe     short loc_4185E5

 loc_4185F3:                             ; CODE XREF: start+F7j
                 mov     [ebp+StartupInfo.dwFlags], ebx
                 lea     eax, [ebp+StartupInfo]
                 push    eax             ; lpStartupInfo
                 call    ds:GetStartupInfoA
                 test    byte ptr [ebp+StartupInfo.dwFlags], 1
                 jz      short loc_418617
                 movzx   eax, [ebp+StartupInfo.wShowWindow]
                 jmp     short loc_41861A
 ; ---------------------------------------------------------------------------

 loc_41860C:                             ; CODE XREF: start+DAj
                                         ; start+11Fj
                 cmp     byte ptr [esi], 20h
                 jbe     short loc_4185E9
                 inc     esi
                 mov     [ebp+var_74], esi
                 jmp     short loc_41860C
 ; ---------------------------------------------------------------------------

 loc_418617:                             ; CODE XREF: start+10Ej
                 push    0Ah
                 pop     eax

 loc_41861A:                             ; CODE XREF: start+114j
                 push    eax             ; nShowCmd
                 push    esi             ; lpCmdLine
                 push    ebx             ; hPrevInstance
                 push    ebx             ; lpModuleName
                 call    ds:GetModuleHandleA
                 push    eax             ; hInstance
                 call    _WinMain@16     ; WinMain(x,x,x,x)
                 mov     [ebp+var_68], eax
                 push    eax             ; Code
                 call    ds:exit
 start           endp

 ; ---------------------------------------------------------------------------
                 mov     eax, [ebp-14h]
                 mov     ecx, [eax]
                 mov     ecx, [ecx]
                 mov     [ebp-78h], ecx
                 push    eax
                 push    ecx
                 call    _XcptFilter
                 pop     ecx
                 pop     ecx
 ; ---------------------------------------------------------------------------
                 mov     esp, [ebp-18h]
                 push    dword ptr [ebp-78h]
                 call    ds:_exit
 ; ---------------------------------------------------------------------------

 loc_418654:                             ; DATA XREF: `eh vector destructor iterator'(void *,uint,int,void (*)(void *))+Ao
                                         ; __ArrayUnwind(void *,uint,int,void (*)(void *))+Ao ...
                 jmp     ds:_except_handler3

 ; =============== S U B R O U T I N E =======================================

ObjAsm / Re: ObjAsm64
« Last post by HSE on Today at 11:03:34 AM »
Is posible to change colors?
ObjAsm / Re: ObjAsm64
« Last post by fearless on Today at 05:57:59 AM »
looks pretty good.

Just in case you didnt notice but the links on ObjAsm64 dont point to valid files:

Not Found The requested URL /DwnFiles/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
ObjAsm / Re: ObjAsm64
« Last post by Biterider on Today at 03:13:21 AM »

While I was finishing some functional parts of the ObjAsm64 framework, I came to Object Explorer. This application is a very efficient way to quickly show important information about objects. This information is read using PCRE from the source code by using the structured information ahead object, method or procedure definitions. Whole directories are scanned to get this information. Knowing how to read these definitions, a whole tree of relationships is created that allows us to visually browse through parent and descendant objects.

The Object Explorer application is divided into two panels. On the left side, a tree (XTreeView) displays all object dependencies. On the right side, an OCX_Container manages a Web Browser instance that is fed with HTML code to represent the previously collected information of the shown object selected on the left side. This information panel displays first the object header information followed by the object inheritance path. Thereafter, all object related files are displayed. The icons on the left (Actions) can be used to start the File Explorer or the standard editor. To create or update a precompiled object, a special additional button is provided.

Finally, 2 sections are shown: Methods and Variables.

Methods: this section displays all method members of the current object. In gray, you can see the inherited methods, while in black you can see the object new defined and implemented methods. A plus sign in front of each line can be used to popup the method heading information.

Variables: this section displays in a similar way variable members, their type and initial value (template value). In case of an embedded object, the icon in front of the line changes to indicate this and you can navigate to the corresponding object by clicking on “Type”.

Since I haven’t found the time to port the last PCRE 8.41 to x64, Object Explorer remains at the moment a 32 bit application.

Regards, Biterider
The Soap Box / Re: Australia: Cyclone Marcus
« Last post by hutch-- on Today at 01:00:30 AM »
The west and northern sides of OZ share the weather with the monsoon that hits India, when the inland of OZ heats up, it changes the weather pattern and pulls the rain down to OZ in what is called the wet season up north. As OZ cools down and India and the Tibetan plateau heat up it pulls the rain back towards India creating the monsoon season.

These weather conditions at times create cyclones that bash around the top end of OZ and while they usually don't hit highly populated areas, a big one hit Darwin in the 1970s and wrecked the place. You should see the ones that hit north Queensland, they can be really ferocious.
The Soap Box / Australia: Cyclone Marcus
« Last post by anunitu on Today at 12:25:33 AM »
Australia: Cyclone Marcus may affect Perth in a week, another cyclone may follow.

just caught this on the news.
The Colosseum / Re: Trump and his mouth.
« Last post by K_F on March 18, 2018, 10:25:41 PM »
I hear Stormy Daniel's attorney claims six other women are going to come forward with similar charges against Trump. The porn actress is scheduled to do an interview on the American news magazine television program "60 minutes" on 3/25 to discuss her relationship with Trump and issues related to their nondisclosure agreement , etc. Should be interesting ..
Interesting why they're only doing this now when they would have achieved more fame and glory (for the dems) during the election time.
Maybe seconds is better than nothing. :)
The Colosseum / Re: Trump and his mouth.
« Last post by Siekmanski on March 18, 2018, 04:28:44 PM »
It really doesn't make sense, or do they think you need more of those just bought items?
After Trump is done wiping out the Deep State, maybe he can do the same to Big Brother.  8)
The Colosseum / Re: Trump and his mouth.
« Last post by hutch-- on March 18, 2018, 03:48:28 PM »
Something that does piss me off is the lag effect in targeted ads, I buy something from a retail source then I get their targeted ads all over the internet trying to see me the same thing.
Pages: [1] 2 3 ... 10