Web-Money Keeper Classic


Keeper' - 5


IDA Pro, <Shift-F4> "Name", "DeviceIoControl" ( , IDA Pro , ). <ENTER> . IDA Pro , "View" "Open subview",   "Cross references" : <ALT-V>,<O>,<O>.

 

 10  , DeviceIoControl()

, :

 

.text:100B76C3 push 0 ; lpOverlapped

.text:100B76C5 lea edx, [ebp+BytesReturned]

.text:100B76CB push edx ; lpBytesReturned

.text:100B76CC push 18h ; nOutBufferSize

.text:100B76CE lea eax, [ebp+OutBuffer]

.text:100B76D4 push eax ; lpOutBuffer

.text:100B76D5 push 0 ; nInBufferSize

.text:100B76D7 push 0 ; lpInBuffer

.text:100B76D9 push 74080h ; dwIoControlCode

.text:100B76DE mov ecx, [ebp+hObject]

.text:100B76E4 push ecx ; hDevice

.text:100B76E5 call ds:DeviceIoControl

 5  Keeper', DeviceIoControl

, , [ebp + hObject] , CreateFileA(), "\\.\PhysicalDrive%d". ! , , . ? IOCTL- 74080h. ,   , IOCTL on-line , http://www.osronline.com/article.cfm?article=229.