.idata:01001000 ;
.idata:01001000 ; 赏屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.idata:01001000 ; ? This file is generated by The Interactive Disassembler (IDA) ?
.idata:01001000 ; ? Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ?
.idata:01001000 ; ?Licensed to: Paul Ashton - Blue Lane Technologies (1-user Advanced 03/2006) ?s
.idata:01001000 ; 韧屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.idata:01001000 ;
.idata:01001000 ; Input MD5 : 06EF7E7D31C2584DA31CA3D40CDB4A3E
.idata:01001000
.idata:01001000 ; File Name : C:\WINDOWS\system32\ping.exe
.idata:01001000 ; Format : Portable executable for 80386 (PE)
.idata:01001000 ; Imagebase : 1000000
.idata:01001000 ; Section 1. (virtual address 00001000)
.idata:01001000 ; Virtual size : 00002010 ( 8208.)
.idata:01001000 ; Section size in file : 00002200 ( 8704.)
.idata:01001000 ; Offset to raw data for section: 00000400
.idata:01001000 ; Flags 60000020: Text Executable Readable
.idata:01001000 ; Alignment : default
.idata:01001000 ;
.idata:01001000 ; Imports from ADVAPI32.dll
.idata:01001000 ;
.idata:01001000 ; OS type : MS Windows
.idata:01001000 ; Application type: Executable 32bit
.idata:01001000
.idata:01001000 .686p
.idata:01001000 .mmx
.idata:01001000 .model flat
.idata:01001000
.idata:01001000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.idata:01001000
.idata:01001000 ; Segment type: Externs
.idata:01001000 ; _idata
.idata:01001000 ; LONG __stdcall RegCloseKey(HKEY hKey)
.idata:01001000 extrn __declspec(dllimport) __stdcall RegCloseKey(x):dword
.idata:01001000 ; DATA XREF: GetDefaultTTL()+60r
.idata:01001004 ; LONG __stdcall RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult)
.idata:01001004 extrn __declspec(dllimport) __stdcall RegOpenKeyExA(x, x, x, x, x):dword
.idata:01001004 ; DATA XREF: GetDefaultTTL()+2Ar
.idata:01001008 ; LONG __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
.idata:01001008 extrn __declspec(dllimport) __stdcall RegQueryValueExA(x, x, x, x, x, x):dword
.idata:01001008 ; DATA XREF: GetDefaultTTL()+49r
.idata:0100100C extrn _ADVAPI32_NULL_THUNK_DATA:dword
.idata:01001010 ;
.idata:01001010 ; Imports from KERNEL32.dll
.idata:01001010 ;
.idata:01001010 ; DWORD GetLastError(void)
.idata:01001010 extrn __declspec(dllimport) __stdcall GetLastError():dword
.idata:01001010 ; DATA XREF: _main+8Fr
.idata:01001010 ; _main+7F1r
.idata:01001010 ; _main+9BCr
.idata:01001010 ; _main+BB7r
.idata:01001014 ; HLOCAL __stdcall LocalAlloc(UINT uFlags,UINT uBytes)
.idata:01001014 extrn __declspec(dllimport) __stdcall LocalAlloc(x, x):dword
.idata:01001014 ; DATA XREF: _main+80Fr
.idata:01001014 ; _main+819r
.idata:01001014 ; _main+84Er
.idata:01001018 ; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount)
.idata:01001018 extrn __declspec(dllimport) __stdcall QueryPerformanceCounter(x):dword
.idata:01001018 ; DATA XREF: ___security_init_cookie+45r
.idata:0100101C ; void __stdcall Sleep(DWORD dwMilliseconds)
.idata:0100101C extrn __declspec(dllimport) __stdcall Sleep(x):dword
.idata:0100101C ; DATA XREF: _main:loc_10026D9r
.idata:01001020 ; DWORD __stdcall FormatMessageA(DWORD dwFlags,LPCVOID lpSource,DWORD dwMessageId,DWORD dwLanguageId,LPSTR lpBuffer,DWORD nSize,va_list *Arguments)
.idata:01001020 extrn __declspec(dllimport) __stdcall FormatMessageA(x, x, x, x, x, x, x):dword
.idata:01001020 ; DATA XREF: _NlsPutMsg+23r
.idata:01001024 ; HLOCAL __stdcall LocalFree(HLOCAL hMem)
.idata:01001024 extrn __declspec(dllimport) __stdcall LocalFree(x):dword
.idata:01001024 ; DATA XREF: _NlsPutMsg+63r
.idata:01001024 ; _main+86Er
.idata:01001024 ; _main+D44r
.idata:01001024 ; _main+D4Ar
.idata:01001024 ; _main+D52r
.idata:01001028 ; DWORD GetCurrentThreadId(void)
.idata:01001028 extrn __declspec(dllimport) __stdcall GetCurrentThreadId():dword
.idata:01001028 ; DATA XREF: ___security_init_cookie+31r
.idata:0100102C ; DWORD GetCurrentProcessId(void)
.idata:0100102C extrn __declspec(dllimport) __stdcall GetCurrentProcessId():dword
.idata:0100102C ; DATA XREF: ___security_init_cookie+29r
.idata:01001030 ; BOOL __stdcall SetConsoleCtrlHandler(PHANDLER_ROUTINE HandlerRoutine,BOOL Add)
.idata:01001030 extrn __declspec(dllimport) __stdcall SetConsoleCtrlHandler(x, x):dword
.idata:01001030 ; DATA XREF: _main+953r
.idata:01001034 ; DWORD GetTickCount(void)
.idata:01001034 extrn __declspec(dllimport) __stdcall GetTickCount():dword
.idata:01001034 ; DATA XREF: ___security_init_cookie+39r
.idata:01001038 extrn __declspec(dllimport) __stdcall SetThreadUILanguage(x):dword
.idata:01001038 ; DATA XREF: SetThreadUILanguage(x)r
.idata:0100103C ; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
.idata:0100103C extrn __declspec(dllimport) __stdcall GetModuleHandleA(x):dword
.idata:0100103C ; DATA XREF: _mainCRTStartup+Fr
.idata:01001040 ; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
.idata:01001040 extrn __declspec(dllimport) __stdcall SetUnhandledExceptionFilter(x):dword
.idata:01001040 ; DATA XREF: __security_check_cookie(x)+EEr
.idata:01001044 ; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
.idata:01001044 extrn __declspec(dllimport) __stdcall UnhandledExceptionFilter(x):dword
.idata:01001044 ; DATA XREF: __security_check_cookie(x)+F8r
.idata:01001048 ; HANDLE GetCurrentProcess(void)
.idata:01001048 extrn __declspec(dllimport) __stdcall GetCurrentProcess():dword
.idata:01001048 ; DATA XREF: __security_check_cookie(x)+103r
.idata:0100104C ; BOOL __stdcall TerminateProcess(HANDLE hProcess,UINT uExitCode)
.idata:0100104C extrn __declspec(dllimport) __stdcall TerminateProcess(x, x):dword
.idata:0100104C ; DATA XREF: __security_check_cookie(x)+10Ar
.idata:01001050 ; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
.idata:01001050 extrn __declspec(dllimport) __stdcall GetSystemTimeAsFileTime(x):dword
.idata:01001050 ; DATA XREF: ___security_init_cookie+1Dr
.idata:01001054 extrn _KERNEL32_NULL_THUNK_DATA:dword
.idata:01001058 ;
.idata:01001058 ; Imports from USER32.dll
.idata:01001058 ;
.idata:01001058 ; BOOL __stdcall CharToOemBuffA(LPCSTR lpszSrc,LPSTR lpszDst,DWORD cchDstLength)
.idata:01001058 extrn __declspec(dllimport) __stdcall CharToOemBuffA(x, x, x):dword
.idata:01001058 ; DATA XREF: _NlsPutMsg+48r
.idata:0100105C extrn _USER32_NULL_THUNK_DATA:dword
.idata:01001060 ;
.idata:01001060 ; Imports from WS2_32.dll
.idata:01001060 ;
.idata:01001060 extrn __declspec(dllimport) __stdcall getnameinfo(x, x, x, x, x, x, x):dword
.idata:01001060 ; DATA XREF: ResolveTarget(x,x,x,x,x,x,x)+7Ar
.idata:01001060 ; print_statistics()+46r
.idata:01001060 ; _main+8A5r
.idata:01001060 ; _main+8F6r
.idata:01001060 ; _main+94Ar
.idata:01001060 ; _main+C30r
.idata:01001064 extrn __declspec(dllimport) __stdcall getaddrinfo(x, x, x, x):dword
.idata:01001064 ; DATA XREF: ResolveTarget(x,x,x,x,x,x,x)+Cr
.idata:01001064 ; ResolveTarget(x,x,x,x,x,x,x)+3Ar
.idata:01001064 ; GetSource(x,x,x)+2Dr
.idata:01001068 ; char *__stdcall inet_ntoa(struct in_addr in)
.idata:01001068 extrn __declspec(dllimport) __stdcall inet_ntoa(x):dword
.idata:01001068 ; DATA XREF: ProcessOptions(x,x)+14Ar
.idata:01001068 ; ProcessOptions(x,x)+168r
.idata:01001068 ; ProcessOptions(x,x)+2D8r
.idata:01001068 ; ProcessOptions(x,x)+2F6r
.idata:01001068 ; _main+A0Dr
.idata:0100106C ; struct hostent *__stdcall gethostbyaddr(const char *addr,int len,int type)
.idata:0100106C extrn __declspec(dllimport) __stdcall gethostbyaddr(x, x, x):dword
.idata:0100106C ; DATA XREF: ProcessOptions(x,x)+13Fr
.idata:0100106C ; ProcessOptions(x,x)+2CDr
.idata:01001070 extrn __declspec(dllimport) __stdcall freeaddrinfo(x):dword
.idata:01001070 ; DATA XREF: ResolveTarget(x,x,x,x,x,x,x):loc_1001371r
.idata:01001074 ; int __stdcall closesocket(SOCKET s)
.idata:01001074 extrn __declspec(dllimport) __stdcall closesocket(x):dword
.idata:01001074 ; DATA XREF: _main+7DBr
.idata:01001078 ; int __stdcall WSAIoctl(SOCKET s,DWORD dwIoControlCode,LPVOID lpvInBuffer,DWORD cbInBuffer,LPVOID lpvOutBuffer,DWORD cbOutBuffer,LPDWORD lpcbBytesReturned,LPWSAOVERLAPPED lpOverlapped,LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
.idata:01001078 extrn __declspec(dllimport) __stdcall WSAIoctl(x, x, x, x, x, x, x, x, x):dword
.idata:01001078 ; DATA XREF: _main+7D4r
.idata:0100107C ; int WSAGetLastError(void)
.idata:0100107C extrn __declspec(dllimport) __stdcall WSAGetLastError():dword
.idata:0100107C ; DATA XREF: _main+7A7r
.idata:01001080 ; SOCKET __stdcall socket(int af,int type,int protocol)
.idata:01001080 extrn __declspec(dllimport) __stdcall socket(x, x, x):dword
.idata:01001080 ; DATA XREF: _main+79Ar
.idata:01001084 ; int __stdcall WSAStartup(WORD wVersionRequested,LPWSADATA lpWSAData)
.idata:01001084 extrn __declspec(dllimport) __stdcall WSAStartup(x, x):dword
.idata:01001084 ; DATA XREF: _main+85r
.idata:01001088 ; int WSACleanup(void)
.idata:01001088 extrn __declspec(dllimport) __stdcall WSACleanup():dword
.idata:01001088 ; DATA XREF: _main:loc_100223Dr
.idata:01001088 ; _main+D54r
.idata:0100108C extrn _WS2_32_NULL_THUNK_DATA:dword
.idata:01001090 ;
.idata:01001090 ; Imports from iphlpapi.dll
.idata:01001090 ;
.idata:01001090 extrn __declspec(dllimport) __stdcall IcmpCreateFile():dword
.idata:01001090 ; DATA XREF: IcmpCreateFile()r
.idata:01001094 extrn __declspec(dllimport) __stdcall Icmp6CreateFile():dword
.idata:01001094 ; DATA XREF: Icmp6CreateFile()r
.idata:01001098 extrn __declspec(dllimport) __stdcall IcmpSendEcho2(x, x, x, x, x, x, x, x, x, x, x):dword
.idata:01001098 ; DATA XREF: IcmpSendEcho2(x,x,x,x,x,x,x,x,x,x,x)r
.idata:0100109C extrn __declspec(dllimport) __stdcall Icmp6SendEcho2(x, x, x, x, x, x, x, x, x, x, x, x):dword
.idata:0100109C ; DATA XREF: Icmp6SendEcho2(x,x,x,x,x,x,x,x,x,x,x,x)r
.idata:010010A0 extrn __declspec(dllimport) __stdcall IcmpCloseHandle(x):dword
.idata:010010A0 ; DATA XREF: IcmpCloseHandle(x)r
.idata:010010A4 extrn _iphlpapi_NULL_THUNK_DATA:dword
.idata:010010A8 ;
.idata:010010A8 ; Imports from msvcrt.dll
.idata:010010A8 ;
.idata:010010A8 extrn __imp___except_handler3:dword
.idata:010010A8 ; DATA XREF: __except_handler3r
.idata:010010AC ; unsigned int __cdecl __controlfp(unsigned int,unsigned int)
.idata:010010AC extrn __imp___controlfp:dword ; DATA XREF: __controlfpr
.idata:010010B0 extrn __imp____set_app_type:dword
.idata:010010B0 ; DATA XREF: _mainCRTStartup+6Cr
.idata:010010B4 extrn __imp____p__fmode:dword
.idata:010010B4 ; DATA XREF: _mainCRTStartup+81r
.idata:010010B8 extrn __imp____p__commode:dword
.idata:010010B8 ; DATA XREF: _mainCRTStartup+8Fr
.idata:010010BC extrn __imp___adjust_fdiv:dword
.idata:010010BC ; DATA XREF: _mainCRTStartup+9Dr
.idata:010010C0 extrn __imp____setusermatherr:dword
.idata:010010C0 ; DATA XREF: _mainCRTStartup+BBr
.idata:010010C4 extrn __imp___initterm:dword ; DATA XREF: __inittermr
.idata:010010C8 extrn __imp____getmainargs:dword
.idata:010010C8 ; DATA XREF: _mainCRTStartup+F4r
.idata:010010CC ; int ___initenv
.idata:010010CC extrn __imp____initenv:dword
.idata:010010CC ; DATA XREF: _mainCRTStartup+10Fr
.idata:010010D0 ; void __cexit(void)
.idata:010010D0 extrn __imp___cexit:dword
.idata:010010D0 ; DATA XREF: _mainCRTStartup:loc_10029FFr
.idata:010010D4 extrn __imp___XcptFilter:dword ; DATA XREF: __XcptFilterr
.idata:010010D8 ; void __cdecl __exit(int)
.idata:010010D8 extrn __imp___exit:dword ; DATA XREF: _mainCRTStartup+162r
.idata:010010DC ; void __c_exit(void)
.idata:010010DC extrn __imp___c_exit:dword
.idata:010010DC ; DATA XREF: _mainCRTStartup:loc_1002A2Er
.idata:010010E0 ; int __cdecl _isspace(int)
.idata:010010E0 extrn __imp__isspace:dword ; DATA XREF: _main+375r
.idata:010010E0 ; _main+59Er
.idata:010010E4 ; void __cdecl _exit(int)
.idata:010010E4 extrn __imp__exit:dword ; DATA XREF: param(x,x,x,x,x)+67r
.idata:010010E4 ; _main:loc_100272Fr
.idata:010010E4 ; _mainCRTStartup+133r
.idata:010010E8 ; unsigned __int32 __cdecl _strtoul(const char *,char **,int)
.idata:010010E8 extrn __imp__strtoul:dword ; DATA XREF: str2ip(x,x)+18r
.idata:010010E8 ; param(x,x,x,x,x)+36r
.idata:010010EC ; int __cdecl __write(int,const void *,unsigned int)
.idata:010010EC extrn __imp___write:dword ; DATA XREF: _NlsPutMsg+55r
.idata:010010F0 extrn _msvcrt_NULL_THUNK_DATA:dword
.idata:010010F0
.text:010010F4 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.text:010010F4
.text:010010F4 ; Segment type: Pure code
.text:010010F4 ; Segment permissions: Read/Execute
.text:010010F4 _text segment para public 'CODE' use32
.text:010010F4 assume cs:_text
.text:010010F4 ;org 10010F4h
.text:010010F4 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:010010F4 dd 4 dup(0)
.text:01001104 dd 48025816h, 0
.text:0100110C dd 2, 21h, 11B8h, 5B8h
.text:0100111C ; char ValueName[]
.text:0100111C ValueName db 'DefaultTTL',0 ; DATA XREF: GetDefaultTTL()+41o
.text:01001127 align 4
.text:01001128 ; char SubKey[]
.text:01001128 SubKey db 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters',0
.text:01001128 ; DATA XREF: GetDefaultTTL()+13o
.text:0100115B align 10h
.text:01001160 stru_1001160 _msEH <0FFFFFFFFh, offset loc_1002A07, offset loc_1002A1B>
.text:01001160 ; DATA XREF: _mainCRTStartup+2o
.text:0100116C align 10h
.text:01001170
.text:01001170 __load_config_used:
.text:01001170 dec eax
.text:01001170
.text:01001170 ; ---------------------------------------------------------------------------
.text:01001171 db 3 dup(0)
.text:01001174 dd 0Eh dup(0)
.text:010011AC dd offset ___security_cookie
.text:010011B0 dd offset ___safe_se_handler_table
.text:010011B4 dd 1, 53445352h, 4F814EE1h, 4AD788D2h, 4CFA1A8Ch, 64AA1AA4h, 1, 676E6970h, 6264702Eh
.text:010011B4 dd 2 dup(0)
.text:010011E0 ; ---------------------------------------------------------------------------
.text:010011E0
.text:010011E0 ___safe_se_handler_table: ; DATA XREF: .text:010011B0o
.text:010011E0 into
.text:010011E1 sub al, [eax]
.text:010011E1
.text:010011E1 ; ---------------------------------------------------------------------------
.text:010011E3 db 0
.text:010011E4 dd 0
.text:010011E8 db 0
.text:010011E9
.text:010011E9 ; *************** S U B R O U T I N E ***************************************
.text:010011E9
.text:010011E9
.text:010011E9 __fastcall net_long(x) proc near ; CODE XREF: str2ip(x,x)+57p
.text:010011E9 ; ProcessOptions(x,x)+189p
.text:010011E9 mov edx, ecx
.text:010011EB shr edx, 8
.text:010011EE mov eax, ecx
.text:010011F0 shl eax, 8
.text:010011F3 xor edx, eax
.text:010011F5 and edx, 0FF00FFh
.text:010011FB shl ecx, 8
.text:010011FE xor edx, ecx
.text:01001200 mov eax, edx
.text:01001202 shr eax, 10h
.text:01001205 shl edx, 10h
.text:01001208 or eax, edx
.text:0100120A retn
.text:0100120A
.text:0100120A __fastcall net_long(x) endp
.text:0100120A
.text:0100120A ; ---------------------------------------------------------------------------
.text:0100120B align 10h
.text:01001210
.text:01001210 ; *************** S U B R O U T I N E ***************************************
.text:01001210
.text:01001210 ; Attributes: bp-based frame
.text:01001210
.text:01001210 ; int __cdecl NlsPutMsg(int,DWORD dwMessageId,int)
.text:01001210 _NlsPutMsg proc near ; CODE XREF: PrintUsage()+7p
.text:01001210 ; param(x,x,x,x,x)+1Fp
.text:01001210 ; param(x,x,x,x,x)+5Dp
.text:01001210 ; ProcessOptions(x,x)+8Ep
.text:01001210 ; ProcessOptions(x,x)+C9p
.text:01001210 ; ProcessOptions(x,x)+E9p ...
......................
......................
.text:01001210
=========================================================
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。