Author: joestewart

# Views: 63933

Printer Friendly ...

    10001BF4  LEA EAX,DWORD PTR SS:[EBP-120]
    10001BFA  LEA ECX,DWORD PTR SS:[EBP-18]
    10001BFD  PUSH EAX
    10001BFE  MOV DWORD PTR SS:[EBP-18],EBX
    10001C01  CALL 10003352
    10001C06  CMP EAX,EBX
    10001C08  JGE SHORT newsubmi.10001C17
    10001C0A  CMP EAX,80004002
    10001C0F  JE SHORT newsubmi.10001C17
    10001C11  PUSH EAX
    10001C12  CALL 1000AA08
    10001C17  MOV EAX,DWORD PTR SS:[EBP-18]
    10001C1A  CMP EAX,EBX
    10001C1C  JE newsubmi.10002212
    10001C22  MOV DWORD PTR SS:[EBP-1C],EBX
    10001C25  MOV ECX,DWORD PTR DS:[EAX]
    10001C27  LEA EDX,DWORD PTR SS:[EBP-1C]
    10001C2A  PUSH EDX
    10001C2B  PUSH EAX
    10001C2C  MOV BYTE PTR SS:[EBP-4],0C
    10001C30  CALL DWORD PTR DS:[ECX+30]

    100037AA  MOV ECX,DWORD PTR DS:[EAX]
    100037AC  LEA EDX,DWORD PTR SS:[EBP+8]
    100037AF  PUSH EDX
    100037B0  PUSH newsubmi.1001C1E0
    100037B5  PUSH EAX
    100037B6  CALL DWORD PTR DS:[ECX]

    HRESULT QueryInterface(
      REFIID iid,
      void ** ppvObject
    );

    1001C1E0   D2 F5 50 30 B5 98 CF 11
    1001C1E8   BB 82 00 AA 00 BD CE 0B

    IHTMLInputElement

    10001C17  MOV EAX,DWORD PTR SS:[EBP-18]
    10001C1A  CMP EAX,EBX
    10001C1C  JE newsubmi.10002212
    10001C22  MOV DWORD PTR SS:[EBP-1C],EBX
    10001C25  MOV ECX,DWORD PTR DS:[EAX]
    10001C27  LEA EDX,DWORD PTR SS:[EBP-1C]
    10001C2A  PUSH EDX
    10001C2B  PUSH EAX
    10001C2C  MOV BYTE PTR SS:[EBP-4],0C
    10001C30  CALL DWORD PTR DS:[ECX+30]

    HRESULT ( STDMETHODCALLTYPE __RPC_FAR *get_name )(
        IHTMLInputElement __RPC_FAR * This,
        STR __RPC_FAR *p);

• Extract GUIDs and corresponding interface names from the registry
• Scan a PE file for binary-encoded GUIDs and produce labels with offsets
• Search Windows header files and list Vtbl methods in order