Lab 20-1 Solutions
Short Answers
The function at 0x401040 does not take any parameters, but it is passed a reference to an object in ECX that represents the
this
pointer.The call to
URLDownloadToFile
uses http://www.practicalmalwareanalysis.com/cpp.html as the URL.This program downloads a file from a remote server and stores it as c:\tempdownload.exe on the local system.
Detailed Analysis
This short lab is intended to demonstrate the usage of the this
pointer. The bulk of the main
method is shown in
Example C-209.
Example C-209. The main
method for
Lab20-01.exe
00401006 push 4 00401008 ❶call ??2@YAPAXI@Z ; operator new(uint) 0040100D add esp, 4 00401010 ❷mov [ebp+var_8], eax 00401013 mov eax, [ebp+var_8] 00401016 ❸mov [ebp+var_4], eax 00401019 ❹mov ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.