In C++
XorTesting.exe
has
XorTesting.cpp
which looks like
int main(int argc, char * argv[])
{
if ((argc == 3 && strlen(argv[1]) == 1 && argv[1][0] == '0') ||
(argc == 2 && strlen(argv[1]) == 1 && argv[1][0] == '1'))
{
.... more code ....
}
}
----------
In IDA Pro here is how to find the actual main function
----------
----------
start proc
jmp start_0
----------
----------
start_0 proc
push ebp
mov ebp, esp
call sub_xxxxx1 (just calls init functions)
pop ebp
return
-----------
-----------
sub_xxxxx1 proc
push ebp
mov ebp, esp
call sub_xxxxx2 (security cookie check)
call sub_xxxxx3 (initializes and then calls actual main function)
pop ebp
ret
-----------
-----------
sub_xxxxx3 proc
var_44= dword ptr -44h
var_40= dword ptr -40h
var_3C= dword ptr -3Ch
... many more ...
push ebp
mov ebp, esp
push 0FFFFFFFEh
...
call j__initterm
...
call ds:___guard_check_icall_fptr
...
call j__register_threat_local_exe_atexit_callback
add esp, 4
loc_xxxxxx:
call sub_xxxxx4 (will end up calling the actual main function)
...
call j_exit
... lots more code...
------------
------------
sub_xxxxx4 proc
var_C= dword ptr -0Ch
var_8= dword ptr -8h
var_4= dword ptr -4h
push ebp
mov ebp, esp
...
call j__get_initial_narrow_environment
...
call j__p___argv
...
call j__p___argc
...
call j__sub_xxxxx5 (will end up calling the actual main function)
add esp, 0Ch
mov esp, ebp
pop ebp
return
-------------
-------------
sub_xxxxx5 proc
jmp sub_xxxxx6 (the ACTUAL main function code)
-------------
-------------
sub_xxxxx6 proc
var_178= dword ptr -178h
var_174= dword ptr -174h
var_168= dword ptr -168h
... many more ...
push ebp
mov ebp, esp
sub esp, 178h
...
rep stosd
mov eax, __security_cookie
...
cmp [ebp+arg_0], 3 (equivalent of C++ "if argc == 3")
...
call j_strlen (equivalent of c++ 'strlen' call)
... rest of code ...
-------------
I want to thank Dr Emu a very powerful spell caster who help me to bring my husband back to me, few month ago i have a serious problem with my husband, to the extend that he left the house, and he started dating another woman and he stayed with the woman, i tried all i can to bring him back, but all my effort was useless until the day my friend came to my house and i told her every thing that had happened between me and my husband, then she told me of a powerful spell caster who help her when she was in the same problem I then contact Dr Emu and told him every thing and he told me not to worry my self again that my husband will come back to me after he has cast a spell on him, i thought it was a joke, after he had finish casting the spell, he told me that he had just finish casting the spell, to my greatest surprise within 48 hours, my husband really came back begging me to forgive him, if you need his help you can contact him with via email: Emutemple@gmail.com or add him up on his whatsapp +2347012841542 is willing to help any body that need his help.
ReplyDelete