H:\asm2\fileio\append\append.exe (hex) (dec) .EXE size (bytes) 490 1168 Minimum load size (bytes) 450 1104 Overlay number 0 0 Initial CS:IP 0000:0000 Initial SS:SP 0000:00B8 184 Minimum allocation (para) 0 0 Maximum allocation (para) FFFF 65535 Header size (para) 4 4 Relocation table offset 40 64 Relocation entries 0 0 Portable Executable starts at b0 Signature 00004550 (PE) Machine 014C (Intel 386) Sections 0003 Time Date Stamp 42EF3F51 Tue Aug 2 20:39:29 2005 Symbol Table 00000000 Number of Symbols 00000000 Optional header size 00E0 Characteristics 010F Relocation information stripped Executable Image Line numbers stripped Local symbols stripped 32 bit word machine Magic 010B Linker Version 5.12 Size of Code 00000200 Size of Initialized Data 00000400 Size of Uninitialized Data 00000000 Address of Entry Point 00001000 Base of Code 00001000 Base of Data 00002000 Image Base 00400000 Section Alignment 00001000 File Alignment 00000200 Operating System Version 4.00 Image Version 0.00 Subsystem Version 4.00 reserved 00000000 Image Size 00004000 Header Size 00000400 Checksum 00000000 Subsystem 0003 (Console) DLL Characteristics 0000 Size Of Stack Reserve 00100000 Size Of Stack Commit 00001000 Size Of Heap Reserve 00100000 Size Of Heap Commit 00001000 Loader Flags 00000000 Number of Directories 00000010 Directory Name VirtAddr VirtSize -------------------------------------- -------- -------- Export 00000000 00000000 Import 00002020 00000028 Resource 00000000 00000000 Exception 00000000 00000000 Security 00000000 00000000 Base Relocation 00000000 00000000 Debug 00000000 00000000 Decription/Architecture 00000000 00000000 Machine Value (MIPS GP) 00000000 00000000 Thread Storage 00000000 00000000 Load Configuration 00000000 00000000 Bound Import 00000000 00000000 Import Address Table 00002000 00000020 Delay Import 00000000 00000000 COM Runtime Descriptor 00000000 00000000 (reserved) 00000000 00000000 Section Table ------------- 01 .text Virtual Address 00001000 Virtual Size 0000017E Raw Data Offset 00000400 Raw Data Size 00000200 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 60000020 Code Executable Readable 02 .rdata Virtual Address 00002000 Virtual Size 000000DC Raw Data Offset 00000600 Raw Data Size 00000200 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 40000040 Initialized Data Readable 03 .data Virtual Address 00003000 Virtual Size 00000024 Raw Data Offset 00000800 Raw Data Size 00000200 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics C0000040 Initialized Data Readable Writeable Imp Addr Hint Import Name from kernel32.dll - Not Bound -------- ---- --------------------------------------------------------------- 00002000 30 CreateFileA 00002004 80 ExitProcess 00002008 236 SetFilePointer 0000200C 29E WriteFile 00002010 8F FindClose 00002014 93 FindFirstFileA 00002018 1A CloseHandle IAT Entry 00000000: 00002076 00002084 - 00002092 000020A4 - 000020B0 000020BC 00000018: 00002068 00000000 Disassembly 00401000 start: 00401000 E807000000 call fn_0040100C 00401005 6A00 push 0 00401007 E854010000 call fn_00401160 0040100C fn_0040100C: 0040100C 55 push ebp 0040100D 8BEC mov ebp,esp 0040100F 83C4EC add esp,0FFFFFFECh 00401012 C745F400304000 mov dword ptr [ebp-0Ch],403000h 00401019 C745F00C304000 mov dword ptr [ebp-10h],40300Ch 00401020 90 nop 00401021 90 nop 00401022 90 nop 00401023 813C0618304000 cmp dword ptr [esi+eax],403018h 0040102A 33C0 xor eax,eax 0040102C 390406 cmp [esi+eax],eax 0040102F 833C0600 cmp dword ptr [esi+eax],0 00401033 90 nop 00401034 90 nop 00401035 90 nop 00401036 56 push esi 00401037 BE32000000 mov esi,32h 0040103C FF75F4 push dword ptr [ebp-0Ch] 0040103F E8DC000000 call fn_00401120 00401044 0BC0 or eax,eax 00401046 741F jz loc_00401067 00401048 6A00 push 0 0040104A 6880000000 push 80h 0040104F 6A03 push 3 00401051 6A00 push 0 00401053 6A00 push 0 00401055 68000000C0 push 0C0000000h 0040105A FF75F4 push dword ptr [ebp-0Ch] 0040105D E8F8000000 call fn_0040115A 00401062 8945EC mov [ebp-14h],eax 00401065 EB1D jmp loc_00401084 00401067 loc_00401067: 00401067 6A00 push 0 00401069 6880000000 push 80h 0040106E 6A02 push 2 00401070 6A00 push 0 00401072 6A00 push 0 00401074 68000000C0 push 0C0000000h 00401079 FF75F4 push dword ptr [ebp-0Ch] 0040107C E8D9000000 call fn_0040115A 00401081 8945EC mov [ebp-14h],eax 00401084 loc_00401084: 00401084 6A02 push 2 00401086 6A00 push 0 00401088 6A00 push 0 0040108A FF75EC push dword ptr [ebp-14h] 0040108D E8D4000000 call fn_00401166 00401092 8945FC mov [ebp-4],eax 00401095 loc_00401095: 00401095 FF75F0 push dword ptr [ebp-10h] 00401098 E833000000 call fn_004010D0 0040109D 6A00 push 0 0040109F 6820304000 push 403020h 004010A4 50 push eax 004010A5 8D45F0 lea eax,[ebp-10h] 004010A8 50 push eax 004010A9 FF75EC push dword ptr [ebp-14h] 004010AC E8BB000000 call fn_0040116C 004010B1 A120304000 mov eax,[403020h] 004010B6 8945F8 mov [ebp-8],eax 004010B9 83EE01 sub esi,1 004010BC 75D7 jnz loc_00401095 004010BE FF75EC push dword ptr [ebp-14h] 004010C1 E88E000000 call fn_00401154 004010C6 C9 leave 004010C7 C3 ret 004010C8 CC int 3 004010C9 CC int 3 004010CA CC int 3 004010CB CC int 3 004010CC CC int 3 004010CD CC int 3 004010CE CC int 3 004010CF CC int 3 004010D0 fn_004010D0: 004010D0 55 push ebp 004010D1 8BEC mov ebp,esp 004010D3 8B4508 mov eax,[ebp+8] 004010D6 83E804 sub eax,4 004010D9 loc_004010D9: 004010D9 83C004 add eax,4 004010DC 803800 cmp byte ptr [eax],0 004010DF 7430 jz loc_00401111 004010E1 80780100 cmp byte ptr [eax+1],0 004010E5 7420 jz loc_00401107 004010E7 80780200 cmp byte ptr [eax+2],0 004010EB 7410 jz loc_004010FD 004010ED 80780300 cmp byte ptr [eax+3],0 004010F1 75E6 jnz loc_004010D9 004010F3 2B4508 sub eax,[ebp+8] 004010F6 83C003 add eax,3 004010F9 C9 leave 004010FA C20400 ret 4 004010FD loc_004010FD: 004010FD 2B4508 sub eax,[ebp+8] 00401100 83C002 add eax,2 00401103 C9 leave 00401104 C20400 ret 4 00401107 loc_00401107: 00401107 2B4508 sub eax,[ebp+8] 0040110A 83C001 add eax,1 0040110D C9 leave 0040110E C20400 ret 4 00401111 loc_00401111: 00401111 2B4508 sub eax,[ebp+8] 00401114 C9 leave 00401115 C20400 ret 4 00401118 CC int 3 00401119 CC int 3 0040111A CC int 3 0040111B CC int 3 0040111C CC int 3 0040111D CC int 3 0040111E CC int 3 0040111F CC int 3 00401120 fn_00401120: 00401120 55 push ebp 00401121 8BEC mov ebp,esp 00401123 81C4C0FEFFFF add esp,0FFFFFEC0h 00401129 8D85C2FEFFFF lea eax,[ebp-13Eh] 0040112F 50 push eax 00401130 FF7508 push dword ptr [ebp+8] 00401133 E840000000 call fn_00401178 00401138 83F8FF cmp eax,0FFFFFFFFh 0040113B 7507 jnz loc_00401144 0040113D B800000000 mov eax,0 00401142 EB0B jmp loc_0040114F 00401144 loc_00401144: 00401144 50 push eax 00401145 E828000000 call fn_00401172 0040114A B801000000 mov eax,1 0040114F loc_0040114F: 0040114F C9 leave 00401150 C20400 ret 4 00401153 CC int 3 00401154 fn_00401154: 00401154 FF2518204000 jmp dword ptr [CloseHandle] 0040115A fn_0040115A: 0040115A FF2500204000 jmp dword ptr [CreateFileA] 00401160 fn_00401160: 00401160 FF2504204000 jmp dword ptr [ExitProcess] 00401166 fn_00401166: 00401166 FF2508204000 jmp dword ptr [SetFilePointer] 0040116C fn_0040116C: 0040116C FF250C204000 jmp dword ptr [WriteFile] 00401172 fn_00401172: 00401172 FF2510204000 jmp dword ptr [FindClose] 00401178 fn_00401178: 00401178 FF2514204000 jmp dword ptr [FindFirstFileA]