[Dshield] Worm Disassembly
tliston at premmag.com
Wed Aug 13 20:00:04 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
You probably should have un-UPXed the code before disassembling it.
On 13 Aug 2003 at 13:22, Chris Ream wrote:
> Ok, I've been getting slammed with requests so here is the disassembly
> of one of the worms. I'll post the other one shortly and send my
> comments privately to those interested in discussing it.
> For those examining it don't forget that windows programs written in c
> don't actually start executing code at void main() they do several
> things like loading environment variables and argc's before they jump to
> the actual code.
> chrisr at stopthemcold.com
- ---- >8 ---- Snip!
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 -- QDPGP 2.70
Comment: Public key - http://www.hackbusters.net/pgp.txt
-----END PGP SIGNATURE-----
More information about the list