you have assembly: sub_13144FF6 proc near NumberOfBytesWritten= dword ptr -4 push ebp mov ebp, esp push ecx pu

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
correctanswer
Posts: 43759
Joined: Sat Aug 07, 2021 7:38 am

you have assembly: sub_13144FF6 proc near NumberOfBytesWritten= dword ptr -4 push ebp mov ebp, esp push ecx pu

Post by correctanswer »

you have assembly:
sub_13144FF6 proc near
NumberOfBytesWritten= dword ptr -4
push ebp
mov ebp, esp
push ecx
push
100h
; size_t
push
0
; int
push offset byte_1314CA1C ; void *
call memset
add esp, 0Ch
push
100h
; uSize
push offset Data ;
lpBuffer
call GetWindowsDirectoryA
push offset aPwsbandook2_ex ;
"pwsbandook2.exe"
push offset aS_1 ;
"\\%s"
push offset byte_1314CA1C ; char *
call sprintf
add esp, 0Ch
push
0
; hTemplateFile
push
80h
; dwFlagsAndAttributes
push
2
; dwCreationDisposition
push
0
; lpSecurityAttributes
push
0
; dwShareMode
push
40000000h ;
dwDesiredAccess
push offset byte_1314CA1C ; char *
push offset Data ; char
*
call strcat
pop ecx
pop ecx
push
eax
; lpFileName
call CreateFileA
mov dword_1314E32C, eax
push
0
; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push
eax
; lpNumberOfBytesWritten
push
0
; lpFileSizeHigh
push
hFile ;
hFile
call GetFileSize
push
eax
; nNumberOfBytesToWrite
push
lpBuffer ; lpBuffer
push dword_1314E32C ; hFile
call WriteFile
push dword_1314E32C ; hObject
call CloseHandle
xor eax, eax
leave
retn
sub_13144FF6 endp
1) define input argument to CreateFile contains
the path and the filename
2) how to find the path and file name
Register for solutions, replies, and use board search function. Answer Happy Forum is an archive of questions covering all technical subjects across the Internet.
Top
Post Reply

Return to “Archived Questions & Answers”