Thursday, February 16, 2023

FindResourceA 0xa

 v0 = FindResourceA(0, "UPROMPT", (LPCSTR)0xA);


or


push 0xA ; lpType

push edi ; lpName

push 0 ; hModule

call ds:__imp__FindresourceA@12


This is grabbing a handle to a resource string from RCData with the name "UPROMPT" (you can see this in resource hacker)  ... please note it'll follow by using "LoadResourceA" to actually get the string value and put it into EAX

0xA = 10 = RT_RCDATA = Application-defined resource (raw data)

0 for hModule = use this current executable's resources

pointer to the resulting string is put into eax


2 comments:

  1. "I am writing this review to express my sincere gratitude to this NFT and USDT recovery hacker for all that he did for me during one of the most stressful and painful times in my life. His professionalism and guidance, at a time when I questioned myself how dumb I was to give out $1.2 Million Usdt to an NFT trading scammer, helped me to accept that so long there is a problem, there will always be a solution. He provided me with irrefutable proof that strengthened my doubts about the possibility of recovering or tracking lost BTC or USDT. I have no doubt about the decisions I made afterward. It took a while but success was achieved in recovering all the USDT Tokens I had sent. At a time when I felt like my whole world was tumbling down around me, his concern was truly appreciated. I highly recommend his services and while I hope never to need him again, I will be sure to call him if need be. Thanks so much, Cyber Genie Team”
    " ( Cybergenie (@) cyberservices (.) com ) "
    " ( WA +1252)(5120391)"

    ReplyDelete
  2. Hey, join me appreciate this credit specialist (760Plus Credit Score), I Just pulled my credit report on Equifax and Experian and confirmed that my credit score is now 794. I had a few collections, credit card debts, was late on my car payments and few other hard inquiries; after I employed the services of Jerry, he raised my score and eliminated all of these unwanted items, he further added some tradelines to my report. How would I have achieved this without Jerry’s help? C’mon guys, you can reach them via 760pluscreditscore AT gmail DOT com for your credit fix, and thank me later.

    ReplyDelete