Norsk møteplass for freakere av alle slag

Reverse Engineer

10. mars 2016

Kode

.text:0040861B                 push    ebp
.text:0040861C                 mov     ebp, esp
.text:0040861E                 sub     esp, 8
.text:00408621                 mov     [ebp-8], ecx
.text:00408624                 push    1
.text:00408626                 push    0
.text:00408628                 push    offset aHttpWww_respon ; "http://www.respondus.com/browser/ie.pl"
.text:0040862D                 push    offset aIexplore_exe ; "iexplore.exe"
.text:00408632                 push    0
.text:00408634                 mov     ecx, [ebp-8]
.text:00408637                 call    sub_406EF0
.text:0040863C                 push    eax
.text:0040863D                 call    ds:ShellExecuteA
.text:00408643                 mov     [ebp-4], eax
.text:00408646                 cmp     dword ptr [ebp-4], 20h
.text:0040864A                 jg      short loc_408660
.text:0040864C                 push    0
.text:0040864E                 push    0
.text:00408650                 push    16h
.text:00408652                 call    sub_40D85A
.text:00408657                 add     esp, 4
.text:0040865A                 push    eax
.text:0040865B                 call    sub_47297C
.text:00408660

Ser ut som appen bruker noe som kalles "LockDown Browser" -> den bruker bare internet explorer (lol);

Skal prøve å finne ut litt mer.