Next in the list of commands, is the 'rndnick' command.
After checking for the '.' marker, the message is compared against 'rndnick' or 'rn'.
If one of the strings match, then the execution jumps to location 40A992:
00403D35 loc_403D35: 00403D35 8B 38 mov edi, [eax] 00403D37 57 push edi 00403D38 68 9C 4F 44 00 push offset aRndnick_1 ; "rndnick" 00403D3D 89 7D 3C mov [ebp+4Ch+var_10], edi 00403D40 E8 6B E5 01 00 call strcmp? 00403D45 85 C0 test eax, eax 00403D47 59 pop ecx 00403D48 59 pop ecx 00403D49 0F 84 43 6C 00 00 jz randomnick_cmd 00403D4F 57 push edi 00403D50 68 A4 4F 44 00 push offset aRn ; "rn" 00403D55 E8 56 E5 01 00 call strcmp? 00403D5A 85 C0 test eax, eax 00403D5C 59 pop ecx 00403D5D 59 pop ecx 00403D5E 0F 84 2E 6C 00 00 jz randomnick_cmd
At location 40A9AF, sub_40AF58 is called with arguments (&out_var, 4, 0, 0) which means that it will run in the same way as previously mentioned, with the only difference that the third argument is set to 0 instead of 1, therefore the call to the function that would check whether mIRC is running or not will not be called. We should expect as a result (since our locale is set to USA) USA|xxxxx.
0040A992 randomnick_cmd: 0040A992 0040A992 FF 74 35 AC push [ebp+esi+4Ch+message_type] 0040A996 33 C0 xor eax, eax 0040A998 38 9D 54 F7 FF FF cmp [ebp+4Ch+var_8F8], bl 0040A99E 0F 95 C0 setnz al 0040A9A1 50 push eax 0040A9A2 FF 35 98 70 45 00 push arg_4_of_sub_40AF58 0040A9A8 8D 85 0C FD FF FF lea eax, [ebp+4Ch+var_340] 0040A9AE 50 push eax 0040A9AF E8 A4 05 00 00 call sub_40AF58 0040A9B4 8D 85 0C FD FF FF lea eax, [ebp+4Ch+var_340] 0040A9BA 50 push eax 0040A9BB 68 A8 4F 44 00 push offset aNickS_7 ; "NICK %s\r\n" 0040A9C0 FF 75 58 push [ebp+4Ch+arg_4] 0040A9C3 E8 1A 6A FF FF call SendMessageToSocket
A message is then sent to the irc server to change our nick to the new string.
This is the result:
20:11 <@unchk> .rn
20:26 -!- USA|55211 is now known as USA|52072
No comments:
Post a Comment