Jump to content
Tuts 4 You

How make Hook to rtcMsgBox?

c0lo

By c0lo
in Programming and Coding

Recommended Posts

c0lo

c0lo

Posted
Posted

How can make Hook to rtcMsgBox...? i don't understand...

similar to __vbaStrCmp... injert in msvbvm60.dll but can learn me about this?

Thanks

Link to comment
c0lo

c0lo

Posted
  • Author
Posted

Advance :

Me load msvbvm60.dll version 6.0.96.90

and see in calls..

All names, item 359

Address=73482F29 msvbvm60

Section=.text

Type=Export

Name=rtcMsgBox

Now have this :

73482F29 >/$ 55 PUSH EBP

73482F2A |. 8BEC MOV EBP,ESP

73482F2C |. 83EC 4C SUB ESP,4C

73482F2F |. 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]

73482F32 |. 53 PUSH EBX

73482F33 |. 56 PUSH ESI

73482F34 |. 57 PUSH EDI

73482F35 |. 66:8339 0A CMP WORD PTR DS:[ECX],0A

73482F39 |. B8 04000280 MOV EAX,80020004

73482F3E |. 0F85 FC000000 JNZ msvbvm60.73483040

73482F44 |. 3941 08 CMP DWORD PTR DS:[ECX+8],EAX

73482F47 |. 0F85 F3000000 JNZ msvbvm60.73483040

73482F4D |. 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF

73482F51 |. 33F6 XOR ESI,ESI

73482F53 |> 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+18]

73482F56 |. 66:8339 0A CMP WORD PTR DS:[ECX],0A

73482F5A |. 0F85 EA000000 JNZ msvbvm60.7348304A

73482F60 |. 3941 08 CMP DWORD PTR DS:[ECX+8],EAX

73482F63 |. 0F85 E1000000 JNZ msvbvm60.7348304A

73482F69 |. 834D F8 FF OR DWORD PTR SS:[EBP-8],FFFFFFFF

73482F6D |> 8B7D 10 MOV EDI,DWORD PTR SS:[EBP+10]

73482F70 |. 66:833F 0A CMP WORD PTR DS:[EDI],0A

73482F74 |. 0F85 D8000000 JNZ msvbvm60.73483052

73482F7A |. 3947 08 CMP DWORD PTR DS:[EDI+8],EAX

73482F7D |. 0F85 CF000000 JNZ msvbvm60.73483052

73482F83 |. 834D F4 FF OR DWORD PTR SS:[EBP-C],FFFFFFFF

73482F87 |> FF75 08 PUSH DWORD PTR SS:[EBP+8]

73482F8A |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]

73482F8D |. 8975 F0 MOV DWORD PTR SS:[EBP-10],ESI

73482F90 |. 50 PUSH EAX

73482F91 |. E8 A5040000 CALL msvbvm60.7348343B

73482F96 |. 8BD8 MOV EBX,EAX

73482F98 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]

73482F9B |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX

73482F9E |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]

73482FA1 |. 83E0 0F AND EAX,0F

73482FA4 |. 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX

73482FA7 |. 3C 05 CMP AL,5

73482FA9 |. 7F 1C JG SHORT msvbvm60.73482FC7

73482FAB |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]

73482FAE |. 25 F0000000 AND EAX,0F0

73482FB3 |. 83F8 40 CMP EAX,40

73482FB6 |. 7F 0F JG SHORT msvbvm60.73482FC7

73482FB8 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]

73482FBB |. 25 000F0000 AND EAX,0F00

73482FC0 |. 3D 00030000 CMP EAX,300

73482FC5 |. 7E 03 JLE SHORT msvbvm60.73482FCA

73482FC7 |> 8975 0C MOV DWORD PTR SS:[EBP+C],ESI

73482FCA |> 66:3975 F4 CMP WORD PTR SS:[EBP-C],SI

73482FCE |. 8B35 F0193A73 MOV ESI,DWORD PTR DS:[<&OLEAUT32.#6>]

73482FD4 |. 0F84 80000000 JE msvbvm60.7348305A

73482FDA |. 8365 10 00 AND DWORD PTR SS:[EBP+10],0

73482FDE |. 8365 08 00 AND DWORD PTR SS:[EBP+8],0

73482FE2 |> 33C0 XOR EAX,EAX

73482FE4 |. 66:3945 FC CMP WORD PTR SS:[EBP-4],AX

73482FE8 |. 0F84 A7000000 JE msvbvm60.73483095

73482FEE |. 66:3945 F8 CMP WORD PTR SS:[EBP-8],AX

73482FF2 |. 0F84 97000000 JE msvbvm60.7348308F

73482FF8 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX

73482FFB |. 33FF XOR EDI,EDI

73482FFD |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]

73483000 |. 85D2 TEST EDX,EDX

73483002 |. 75 03 JNZ SHORT msvbvm60.73483007

73483004 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]

73483007 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]

7348300A |. 85C9 TEST ECX,ECX

7348300C |. 75 09 JNZ SHORT msvbvm60.73483017

7348300E |. 66:394D F4 CMP WORD PTR SS:[EBP-C],CX

73483012 |. 75 03 JNZ SHORT msvbvm60.73483017

73483014 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]

73483017 |> 6A 01 PUSH 1

73483019 |. 50 PUSH EAX

7348301A |. 57 PUSH EDI

7348301B |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

7348301E |. 51 PUSH ECX

7348301F |. 52 PUSH EDX

73483020 |. E8 1EB6F9FF CALL msvbvm60.7341E643

73483025 |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]

73483028 |. 8BF8 MOV EDI,EAX

7348302A |. FFD6 CALL ESI

7348302C |. FF75 10 PUSH DWORD PTR SS:[EBP+10]

7348302F |. FFD6 CALL ESI

73483031 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]

73483034 |. FFD6 CALL ESI

73483036 |. 0FBFC7 MOVSX EAX,DI

73483039 |. 5F POP EDI

7348303A |. 5E POP ESI

7348303B |. 5B POP EBX

7348303C |. C9 LEAVE

7348303D |. C2 1400 RETN 14

73483040 |> 33F6 XOR ESI,ESI

73483042 |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI

73483045 |.^ E9 09FFFFFF JMP msvbvm60.73482F53

7348304A |> 8975 F8 MOV DWORD PTR SS:[EBP-8],ESI

7348304D |.^ E9 1BFFFFFF JMP msvbvm60.73482F6D

73483052 |> 8975 F4 MOV DWORD PTR SS:[EBP-C],ESI

73483055 |.^ E9 2DFFFFFF JMP msvbvm60.73482F87

7348305A |> 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]

7348305D |. 66:8365 D4 00 AND WORD PTR SS:[EBP-2C],0

73483062 |. 50 PUSH EAX

73483063 |. 8D45 10 LEA EAX,DWORD PTR SS:[EBP+10]

73483066 |. 50 PUSH EAX

73483067 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]

7348306A |. 57 PUSH EDI

7348306B |. 50 PUSH EAX

7348306C |. E8 00040000 CALL msvbvm60.73483471

73483071 |. 8BF8 MOV EDI,EAX

73483073 |. 85FF TEST EDI,EDI

73483075 |. 7D 0D JGE SHORT msvbvm60.73483084

73483077 |. 53 PUSH EBX

73483078 |. FFD6 CALL ESI

7348307A |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]

7348307D |. 50 PUSH EAX

7348307E |. 57 PUSH EDI

7348307F |. E8 BFAAF3FF CALL msvbvm60.733BDB43

73483084 |> 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]

73483087 |. 8945 08 MOV DWORD PTR SS:[EBP+8],EAX

7348308A |.^ E9 53FFFFFF JMP msvbvm60.73482FE2

7348308F |> 66:3945 FC CMP WORD PTR SS:[EBP-4],AX

73483093 |. 75 54 JNZ SHORT msvbvm60.734830E9

73483095 |> 66:3945 F8 CMP WORD PTR SS:[EBP-8],AX

73483099 |. 75 4E JNZ SHORT msvbvm60.734830E9

7348309B |. 66:8945 D4 MOV WORD PTR SS:[EBP-2C],AX

7348309F |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]

734830A2 |. 50 PUSH EAX

734830A3 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]

734830A6 |. 50 PUSH EAX

734830A7 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]

734830AA |. FF75 14 PUSH DWORD PTR SS:[EBP+14]

734830AD |. 50 PUSH EAX

734830AE |. E8 BE030000 CALL msvbvm60.73483471

734830B3 |. 8BF8 MOV EDI,EAX

734830B5 |. 85FF TEST EDI,EDI

734830B7 |. 7D 12 JGE SHORT msvbvm60.734830CB

734830B9 |. 53 PUSH EBX

734830BA |. FFD6 CALL ESI

734830BC |. FF75 10 PUSH DWORD PTR SS:[EBP+10]

734830BF |. FFD6 CALL ESI

734830C1 |. 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]

734830C4 |. 50 PUSH EAX

734830C5 |. 57 PUSH EDI

734830C6 |. E8 78AAF3FF CALL msvbvm60.733BDB43

734830CB |> 8B7D DC MOV EDI,DWORD PTR SS:[EBP-24]

734830CE |. 66:8365 D4 00 AND WORD PTR SS:[EBP-2C],0

734830D3 |. 6A 03 PUSH 3

734830D5 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]

734830D8 |. FF75 18 PUSH DWORD PTR SS:[EBP+18]

734830DB |. 50 PUSH EAX

734830DC |. E8 CE360000 CALL msvbvm60.734867AF

734830E1 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]

734830E4 |.^ E9 14FFFFFF JMP msvbvm60.73482FFD

734830E9 |> 53 PUSH EBX

734830EA |. FFD6 CALL ESI

734830EC |. FF75 10 PUSH DWORD PTR SS:[EBP+10]

734830EF |. FFD6 CALL ESI

734830F1 |. 6A 05 PUSH 5

734830F3 |. E8 9D25F4FF CALL msvbvm60.733C5695

734830F8 >|$ 55 PUSH EBP

734830F9 |. 8BEC MOV EBP,ESP

734830FB |. 83EC 54 SUB ESP,54

734830FE |. 8B45 1C MOV EAX,DWORD PTR SS:[EBP+1C]

73483101 |. 53 PUSH EBX

73483102 |. 56 PUSH ESI

73483103 |. 57 PUSH EDI

73483104 |. 66:8338 0A CMP WORD PTR DS:[EAX],0A

73483108 |. BF 04000280 MOV EDI,80020004

7348310D |. 0F85 5F010000 JNZ msvbvm60.73483272

73483113 |. 3978 08 CMP DWORD PTR DS:[EAX+8],EDI

73483116 |. 0F85 56010000 JNZ msvbvm60.73483272

7348311C |. 834D F8 FF OR DWORD PTR SS:[EBP-8],FFFFFFFF

73483120 |. 33F6 XOR ESI,ESI

73483122 |> 8B45 20 MOV EAX,DWORD PTR SS:[EBP+20]

73483125 |. 66:8338 0A CMP WORD PTR DS:[EAX],0A

73483129 |. 0F85 4D010000 JNZ msvbvm60.7348327C

7348312F |. 3978 08 CMP DWORD PTR DS:[EAX+8],EDI

73483132 |. 0F85 44010000 JNZ msvbvm60.7348327C

73483138 |. 834D F4 FF OR DWORD PTR SS:[EBP-C],FFFFFFFF

7348313C |> 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C]

7348313F |. 66:833B 0A CMP WORD PTR DS:[EBX],0A

73483143 |. 0F85 3B010000 JNZ msvbvm60.73483284

73483149 |. 397B 08 CMP DWORD PTR DS:[EBX+8],EDI

7348314C |. 0F85 32010000 JNZ msvbvm60.73483284

73483152 |. 834D F0 FF OR DWORD PTR SS:[EBP-10],FFFFFFFF

73483156 |> FF75 08 PUSH DWORD PTR SS:[EBP+8]

73483159 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

7348315C |. 8975 E8 MOV DWORD PTR SS:[EBP-18],ESI

7348315F |. 50 PUSH EAX

73483160 |. E8 D6020000 CALL msvbvm60.7348343B

73483165 |. 66:3975 F0 CMP WORD PTR SS:[EBP-10],SI

73483169 |. 8B35 F0193A73 MOV ESI,DWORD PTR DS:[<&OLEAUT32.#6>]

7348316F |. 8945 0C MOV DWORD PTR SS:[EBP+C],EAX

73483172 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]

73483175 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX

73483178 |. 0F84 0E010000 JE msvbvm60.7348328C

7348317E |. 8365 08 00 AND DWORD PTR SS:[EBP+8],0

73483182 |. 8365 E0 00 AND DWORD PTR SS:[EBP-20],0

73483186 |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]

73483189 |. 66:8338 0A CMP WORD PTR DS:[EAX],0A

7348318D |. 0F85 2B010000 JNZ msvbvm60.734832BE

73483193 |. 3978 08 CMP DWORD PTR DS:[EAX+8],EDI

73483196 |. 0F85 22010000 JNZ msvbvm60.734832BE

7348319C |. 83C9 FF OR ECX,FFFFFFFF

7348319F |> 66:85C9 TEST CX,CX

734831A2 |. 0F84 1D010000 JE msvbvm60.734832C5

734831A8 |. 8365 FC 00 AND DWORD PTR SS:[EBP-4],0

734831AC |. 8365 EC 00 AND DWORD PTR SS:[EBP-14],0

734831B0 |> 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]

734831B3 |. 66:8365 CC 00 AND WORD PTR SS:[EBP-34],0

734831B8 |. 66:8338 0A CMP WORD PTR DS:[EAX],0A

734831BC |. 0F85 3A010000 JNZ msvbvm60.734832FC

734831C2 |. 3978 08 CMP DWORD PTR DS:[EAX+8],EDI

734831C5 |. 0F85 31010000 JNZ msvbvm60.734832FC

734831CB |. 83C9 FF OR ECX,FFFFFFFF

734831CE |> 66:85C9 TEST CX,CX

734831D1 |. 0F84 2C010000 JE msvbvm60.73483303

734831D7 |. BB 00000080 MOV EBX,80000000

734831DC |. 895D 14 MOV DWORD PTR SS:[EBP+14],EBX

734831DF |> 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18]

734831E2 |. 66:8338 0A CMP WORD PTR DS:[EAX],0A

734831E6 |. 0F85 63010000 JNZ msvbvm60.7348334F

734831EC |. 3978 08 CMP DWORD PTR DS:[EAX+8],EDI

734831EF |. 0F85 5A010000 JNZ msvbvm60.7348334F

734831F5 |. 83C9 FF OR ECX,FFFFFFFF

734831F8 |> 66:85C9 TEST CX,CX

734831FB |. 0F84 55010000 JE msvbvm60.73483356

73483201 |. 895D 10 MOV DWORD PTR SS:[EBP+10],EBX

73483204 |> 33FF XOR EDI,EDI

73483206 |. 66:397D F8 CMP WORD PTR SS:[EBP-8],DI

7348320A |. 0F84 96010000 JE msvbvm60.734833A6

73483210 |. 66:397D F4 CMP WORD PTR SS:[EBP-C],DI

73483214 |. 0F84 82010000 JE msvbvm60.7348339C

7348321A |. 897D E4 MOV DWORD PTR SS:[EBP-1C],EDI

7348321D |. 33DB XOR EBX,EBX

7348321F |> 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]

73483222 |. 85D2 TEST EDX,EDX

73483224 |. 75 03 JNZ SHORT msvbvm60.73483229

73483226 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]

73483229 |> 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]

7348322C |. 85C9 TEST ECX,ECX

7348322E |. 75 09 JNZ SHORT msvbvm60.73483239

73483230 |. 66:394D F0 CMP WORD PTR SS:[EBP-10],CX

73483234 |. 75 03 JNZ SHORT msvbvm60.73483239

73483236 |. 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]

73483239 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]

7348323C |. 85C0 TEST EAX,EAX

7348323E |. 75 03 JNZ SHORT msvbvm60.73483243

73483240 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]

73483243 |> 57 PUSH EDI

73483244 |. 53 PUSH EBX

73483245 |. FF75 10 PUSH DWORD PTR SS:[EBP+10]

73483248 |. FF75 14 PUSH DWORD PTR SS:[EBP+14]

7348324B |. 50 PUSH EAX

7348324C |. 51 PUSH ECX

7348324D |. 52 PUSH EDX

7348324E |. E8 39B1F9FF CALL msvbvm60.7341E38C

73483253 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

73483256 |. 8BF8 MOV EDI,EAX

73483258 |. FFD6 CALL ESI

7348325A |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

7348325D |. FFD6 CALL ESI

7348325F |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

73483262 |. FFD6 CALL ESI

73483264 |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]

73483267 |. FFD6 CALL ESI

73483269 |. 8BC7 MOV EAX,EDI

7348326B |. 5F POP EDI

7348326C |. 5E POP ESI

7348326D |. 5B POP EBX

7348326E |. C9 LEAVE

7348326F |. C2 1C00 RETN 1C

73483272 |> 33F6 XOR ESI,ESI

73483274 |. 8975 F8 MOV DWORD PTR SS:[EBP-8],ESI

73483277 |.^ E9 A6FEFFFF JMP msvbvm60.73483122

7348327C |> 8975 F4 MOV DWORD PTR SS:[EBP-C],ESI

7348327F |.^ E9 B8FEFFFF JMP msvbvm60.7348313C

73483284 |> 8975 F0 MOV DWORD PTR SS:[EBP-10],ESI

73483287 |.^ E9 CAFEFFFF JMP msvbvm60.73483156

7348328C |> 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

7348328F |. 50 PUSH EAX

73483290 |. 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]

73483293 |. 50 PUSH EAX

73483294 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

73483297 |. 53 PUSH EBX

73483298 |. 50 PUSH EAX

73483299 |. E8 D3010000 CALL msvbvm60.73483471

7348329E |. 8BD8 MOV EBX,EAX

734832A0 |. 85DB TEST EBX,EBX

734832A2 |. 7D 0F JGE SHORT msvbvm60.734832B3

734832A4 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

734832A7 |. FFD6 CALL ESI

734832A9 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

734832AC |. 50 PUSH EAX

734832AD |. 53 PUSH EBX

734832AE |. E8 90A8F3FF CALL msvbvm60.733BDB43

734832B3 |> 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]

734832B6 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX

734832B9 |.^ E9 C8FEFFFF JMP msvbvm60.73483186

734832BE |> 33C9 XOR ECX,ECX

734832C0 |.^ E9 DAFEFFFF JMP msvbvm60.7348319F

734832C5 |> 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]

734832C8 |. 51 PUSH ECX

734832C9 |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]

734832CC |. 51 PUSH ECX

734832CD |. 50 PUSH EAX

734832CE |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

734832D1 |. 50 PUSH EAX

734832D2 |. E8 9A010000 CALL msvbvm60.73483471

734832D7 |. 8BD8 MOV EBX,EAX

734832D9 |. 85DB TEST EBX,EBX

734832DB |. 7D 14 JGE SHORT msvbvm60.734832F1

734832DD |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

734832E0 |. FFD6 CALL ESI

734832E2 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

734832E5 |. FFD6 CALL ESI

734832E7 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

734832EA |. 50 PUSH EAX

734832EB |. 53 PUSH EBX

734832EC |. E8 52A8F3FF CALL msvbvm60.733BDB43

734832F1 |> 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]

734832F4 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX

734832F7 |.^ E9 B4FEFFFF JMP msvbvm60.734831B0

734832FC |> 33C9 XOR ECX,ECX

734832FE |.^ E9 CBFEFFFF JMP msvbvm60.734831CE

73483303 |> 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]

73483306 |. 51 PUSH ECX

73483307 |. 6A 02 PUSH 2

73483309 |. 50 PUSH EAX

7348330A |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

7348330D |. 50 PUSH EAX

7348330E |. E8 84340000 CALL msvbvm60.73486797

73483313 |. 8BF8 MOV EDI,EAX

73483315 |. 85FF TEST EDI,EDI

73483317 |. 7D 19 JGE SHORT msvbvm60.73483332

73483319 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

7348331C |. FFD6 CALL ESI

7348331E |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

73483321 |. FFD6 CALL ESI

73483323 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

73483326 |. FFD6 CALL ESI

73483328 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

7348332B |. 50 PUSH EAX

7348332C |. 57 PUSH EDI

7348332D |. E8 11A8F3FF CALL msvbvm60.733BDB43

73483332 |> 0FBF45 D4 MOVSX EAX,WORD PTR SS:[EBP-2C]

73483336 |. BB 00000080 MOV EBX,80000000

7348333B |. 8945 14 MOV DWORD PTR SS:[EBP+14],EAX

7348333E |. 3BC3 CMP EAX,EBX

73483340 |. 75 03 JNZ SHORT msvbvm60.73483345

73483342 |. FF45 14 INC DWORD PTR SS:[EBP+14]

73483345 |> BF 04000280 MOV EDI,80020004

7348334A |.^ E9 90FEFFFF JMP msvbvm60.734831DF

7348334F |> 33C9 XOR ECX,ECX

73483351 |.^ E9 A2FEFFFF JMP msvbvm60.734831F8

73483356 |> 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]

73483359 |. 51 PUSH ECX

7348335A |. 6A 02 PUSH 2

7348335C |. 50 PUSH EAX

7348335D |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

73483360 |. 50 PUSH EAX

73483361 |. E8 31340000 CALL msvbvm60.73486797

73483366 |. 8BF8 MOV EDI,EAX

73483368 |. 85FF TEST EDI,EDI

7348336A |. 7D 19 JGE SHORT msvbvm60.73483385

7348336C |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

7348336F |. FFD6 CALL ESI

73483371 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

73483374 |. FFD6 CALL ESI

73483376 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

73483379 |. FFD6 CALL ESI

7348337B |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

7348337E |. 50 PUSH EAX

7348337F |. 57 PUSH EDI

73483380 |. E8 BEA7F3FF CALL msvbvm60.733BDB43

73483385 |> 0FBF45 D4 MOVSX EAX,WORD PTR SS:[EBP-2C]

73483389 |. 3BC3 CMP EAX,EBX

7348338B |. 8945 10 MOV DWORD PTR SS:[EBP+10],EAX

7348338E |.^ 0F85 70FEFFFF JNZ msvbvm60.73483204

73483394 |. FF45 10 INC DWORD PTR SS:[EBP+10]

73483397 |.^ E9 68FEFFFF JMP msvbvm60.73483204

7348339C |> 66:397D F8 CMP WORD PTR SS:[EBP-8],DI

734833A0 |. 0F85 7F000000 JNZ msvbvm60.73483425

734833A6 |> 66:397D F4 CMP WORD PTR SS:[EBP-C],DI

734833AA |. 75 79 JNZ SHORT msvbvm60.73483425

734833AC |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

734833AF |. 50 PUSH EAX

734833B0 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]

734833B3 |. 50 PUSH EAX

734833B4 |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

734833B7 |. FF75 1C PUSH DWORD PTR SS:[EBP+1C]

734833BA |. 50 PUSH EAX

734833BB |. E8 B1000000 CALL msvbvm60.73483471

734833C0 |. 8BF8 MOV EDI,EAX

734833C2 |. 85FF TEST EDI,EDI

734833C4 |. 7D 19 JGE SHORT msvbvm60.734833DF

734833C6 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

734833C9 |. FFD6 CALL ESI

734833CB |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

734833CE |. FFD6 CALL ESI

734833D0 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

734833D3 |. FFD6 CALL ESI

734833D5 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

734833D8 |. 50 PUSH EAX

734833D9 |. 57 PUSH EDI

734833DA |. E8 64A7F3FF CALL msvbvm60.733BDB43

734833DF |> 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

734833E2 |. 8B5D D4 MOV EBX,DWORD PTR SS:[EBP-2C]

734833E5 |. 66:8365 CC 00 AND WORD PTR SS:[EBP-34],0

734833EA |. 50 PUSH EAX

734833EB |. 6A 03 PUSH 3

734833ED |. 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]

734833F0 |. FF75 20 PUSH DWORD PTR SS:[EBP+20]

734833F3 |. 50 PUSH EAX

734833F4 |. E8 9E330000 CALL msvbvm60.73486797

734833F9 |. 8BF8 MOV EDI,EAX

734833FB |. 85FF TEST EDI,EDI

734833FD |. 7D 1E JGE SHORT msvbvm60.7348341D

734833FF |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

73483402 |. FFD6 CALL ESI

73483404 |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

73483407 |. FFD6 CALL ESI

73483409 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

7348340C |. FFD6 CALL ESI

7348340E |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]

73483411 |. FFD6 CALL ESI

73483413 |. 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]

73483416 |. 50 PUSH EAX

73483417 |. 57 PUSH EDI

73483418 |. E8 26A7F3FF CALL msvbvm60.733BDB43

7348341D |> 8B7D D4 MOV EDI,DWORD PTR SS:[EBP-2C]

73483420 |.^ E9 FAFDFFFF JMP msvbvm60.7348321F

73483425 |> FF75 0C PUSH DWORD PTR SS:[EBP+C]

73483428 |. FFD6 CALL ESI

7348342A |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

7348342D |. FFD6 CALL ESI

7348342F |. FF75 FC PUSH DWORD PTR SS:[EBP-4]

73483432 |. FFD6 CALL ESI

73483434 |. 6A 05 PUSH 5

73483436 |. E8 5A22F4FF CALL msvbvm60.733C5695

7348343B |$ 55 PUSH EBP

7348343C |. 8BEC MOV EBP,ESP

7348343E |. 83EC 20 SUB ESP,20

73483441 |. 57 PUSH EDI

73483442 |. 6A 08 PUSH 8

73483444 |. 59 POP ECX

73483445 |. 33C0 XOR EAX,EAX

73483447 |. 8D7D E0 LEA EDI,DWORD PTR SS:[EBP-20]

7348344A |. F3:AB REP STOS DWORD PTR ES:[EDI]

7348344C |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]

7348344F |. 50 PUSH EAX

73483450 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]

73483453 |. 50 PUSH EAX

73483454 |. 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C]

73483457 |. 50 PUSH EAX

73483458 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]

7348345B |. FF75 08 PUSH DWORD PTR SS:[EBP+8]

7348345E |. E8 0E000000 CALL msvbvm60.73483471

73483463 |. 50 PUSH EAX

73483464 |. E8 DAA6F3FF CALL msvbvm60.733BDB43

73483469 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]

7348346C |. 5F POP EDI

7348346D |. C9 LEAVE

7348346E \. C2 0800 RETN 8

Now how can make jump when proccess call rtcMsgBox, I like call and obtain address in memory...

PD: Sorry for speak... my english is very very suck....

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...