WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Sponsors
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
User:
Pass:
Register!
Resend Validation Email
 
Forum
 

Winsock Ordinals, I dumped a PE that uses some networking out of curiousty to see maybe what functions/API's it uses.

SeaFarer
Quote Post


Extremely Active Member
******

Group: Members
Posts: 1753
Member No.: 1464
Joined: 2-September 05


Hi,

I was not sure where to post this question...but it can moved/removed depending on what the feedback is.

Anyway...

I dumped a PE that uses some networking out of curiousty to see maybe what functions/api's it uses. A very simple program that maybe can be re-created with source from scratch was the reasoning for this.

Well low and behold! :lol:

All other imports where standard win32 kernel/gdi/user, etc., but here is what the imports listed were, as for the winsock api's imported... which was what I was really after.

CODE
Imp Addr Hint Import Name from WS2_32.dll - Not Bound
-------- ---- ---------------------------------------------------------------
000030B4  Ord WS2_32.52
000030B8  Ord WS2_32.3
000030BC  Ord WS2_32.101
000030C0  Ord WS2_32.116
000030C4  Ord WS2_32.111
000030C8  Ord WS2_32.115
000030CC  Ord WS2_32.1
000030D0  Ord WS2_32.2
000030D4  Ord WS2_32.23
000030D8  Ord WS2_32.57
000030DC  Ord WS2_32.9
000030E0  Ord WS2_32.12
000030E4  Ord WS2_32.13
000030E8  Ord WS2_32.16
000030EC  Ord WS2_32.19


Bummer... ordinal names. <_<

Now my question is...

Is there anyway we can findout the NON-ORDINAL names for these functions used by this PE?

It would be a big help. :huh:

@UPDATE

After dumping Iczelions downloader example, I know all the functions used except Ordinals 1,2,13, & 57.

Sponsored Links
PM
Top
samael
Quote Post


Typo-lord
******

Group: Moderators
Posts: 404
Member No.: 5187
Joined: 10-June 07


Use a decent export directory viewer on WS2_32.dll.
You will then be able to correllate the ordinal numbers with the actual name of the exported functions (assuming of course a name exists, and the function is not exported exclusively as ordinal... :rolleyes: )

In order to get the following list, i used Stud-PE, for example (with a little manual editing of the output)...

QUOTE
Module name:WS2_32.dll
More
TimeDateStamp: 41107EDA
Version: 0.00
Ordinal base: 00000001
Number of functions: 000001F4
Number of Names: 00000075

  accept    Ordinal:   1
  bind     Ordinal:   2
  closesocket    Ordinal:   3
  connect    Ordinal:   4
  getpeername    Ordinal:   5
  getsockname    Ordinal:   6
  getsockopt    Ordinal:   7
  htonl     Ordinal:   8
  htons     Ordinal:   9
  ioctlsocket    Ordinal:  10
  inet_addr    Ordinal:  11
  inet_ntoa    Ordinal:  12
  listen    Ordinal:  13
  ntohl     Ordinal:  14
  ntohs     Ordinal:  15
  recv     Ordinal:  16
  recvfrom    Ordinal:  17
  select    Ordinal:  18
  send     Ordinal:  19
  sendto    Ordinal:  20
  setsockopt    Ordinal:  21
  shutdown    Ordinal:  22
  socket    Ordinal:  23
  GetAddrInfoW    Ordinal:  24
  GetNameInfoW    Ordinal:  25
  WSApSetPostRoutine   Ordinal:  26
  FreeAddrInfoW    Ordinal:  27
  WPUCompleteOverlappedRequest  Ordinal:  28
  WSAAccept    Ordinal:  29
  WSAAddressToStringA   Ordinal:  30
  WSAAddressToStringW   Ordinal:  31
  WSACloseEvent    Ordinal:  32
  WSAConnect    Ordinal:  33
  WSACreateEvent   Ordinal:  34
  WSADuplicateSocketA   Ordinal:  35
  WSADuplicateSocketW   Ordinal:  36
  WSAEnumNameSpaceProvidersA  Ordinal:  37
  WSAEnumNameSpaceProvidersW  Ordinal:  38
  WSAEnumNetworkEvents   Ordinal:  39
  WSAEnumProtocolsA   Ordinal:  40
  WSAEnumProtocolsW   Ordinal:  41
  WSAEventSelect   Ordinal:  42
  WSAGetOverlappedResult  Ordinal:  43
  WSAGetQOSByName   Ordinal:  44
  WSAGetServiceClassInfoA  Ordinal:  45
  WSAGetServiceClassInfoW  Ordinal:  46
  WSAGetServiceClassNameByClassIdA Ordinal:  47
  WSAGetServiceClassNameByClassIdW Ordinal:  48
  WSAHtonl        Ordinal:  49
  WSAHtons    Ordinal:  50
  gethostbyaddr    Ordinal:  51
  gethostbyname    Ordinal:  52
  getprotobyname   Ordinal:  53
  getprotobynumber   Ordinal:  54
  getservbyname    Ordinal:  55
  getservbyport    Ordinal:  56
  gethostname    Ordinal:  57
  WSAInstallServiceClassA  Ordinal:  58
  WSAInstallServiceClassW  Ordinal:  59
  WSAIoctl    Ordinal:  60
  WSAJoinLeaf    Ordinal:  61
  WSALookupServiceBeginA  Ordinal:  62
  WSALookupServiceBeginW  Ordinal:  63
  WSALookupServiceEnd   Ordinal:  64
  WSALookupServiceNextA   Ordinal:  65
  WSALookupServiceNextW   Ordinal:  66
  WSANSPIoctl    Ordinal:  67
  WSANtohl    Ordinal:  68
  WSANtohs    Ordinal:  69
  WSAProviderConfigChange  Ordinal:  70
  WSARecv    Ordinal:  71
  WSARecvDisconnect   Ordinal:  72
  WSARecvFrom    Ordinal:  73
  WSARemoveServiceClass   Ordinal:  74
  WSAResetEvent    Ordinal:  75
  WSASend    Ordinal:  76
  WSASendDisconnect   Ordinal:  77
  WSASendTo    Ordinal:  78
  WSASetEvent    Ordinal:  79
  WSASetServiceA   Ordinal:  80
  WSASetServiceW   Ordinal:  81
  WSASocketA    Ordinal:  82
  WSASocketW    Ordinal:  83
  WSAStringToAddressA   Ordinal:  84
  WSAStringToAddressW   Ordinal:  85
  WSAWaitForMultipleEvents  Ordinal:  86
  WSCDeinstallProvider   Ordinal:  87
  WSCEnableNSProvider   Ordinal:  88
  WSCEnumProtocols   Ordinal:  89
  WSCGetProviderPath   Ordinal:  90
  WSCInstallNameSpace   Ordinal:  91
  WSCInstallProvider   Ordinal:  92
  WSCUnInstallNameSpace   Ordinal:  93
  WSCUpdateProvider   Ordinal:  94
  WSCWriteNameSpaceOrder  Ordinal:  95
  WSCWriteProviderOrder   Ordinal:  96
  freeaddrinfo    Ordinal:  97
  getaddrinfo    Ordinal:  98
  getnameinfo    Ordinal:  99
  WSAAsyncSelect   Ordinal: 101
  WSAAsyncGetHostByAddr   Ordinal: 102
  WSAAsyncGetHostByName   Ordinal: 103
  WSAAsyncGetProtoByNumber  Ordinal: 104
  WSAAsyncGetProtoByName  Ordinal: 105
  WSAAsyncGetServByPort   Ordinal: 106
  WSAAsyncGetServByName   Ordinal: 107
  WSACancelAsyncRequest   Ordinal: 108
  WSASetBlockingHook   Ordinal: 109
  WSAUnhookBlockingHook   Ordinal: 110
  WSAGetLastError   Ordinal: 111
  WSASetLastError   Ordinal: 112
  WSACancelBlockingCall   Ordinal: 113
  WSAIsBlocking    Ordinal: 114
  WSAStartup    Ordinal: 115
  WSACleanup    Ordinal: 116
  __WSAFDIsSet    Ordinal: 151
  WEP     Ordinal: 500
PM
Top
SeaFarer
Quote Post


Extremely Active Member
******

Group: Members
Posts: 1753
Member No.: 1464
Joined: 2-September 05


Thanks Sam.

It never occured to me to dump the winsock libraries, duh! :lol:

Trying something different... Here's what I found about wsock32.dll...

QUOTE
Exp Addr Hint  Ord Export Name by WSOCK32.dll - Tue Apr 28 22:35:43 1998
-------- ---- ----- ---------------------------------------------------------
00002325    0  1141 AcceptEx
00001D09    1  1003 Arecv
00001D2C    2  1004 Asend
00001D8C    3  1111 EnumProtocolsA
00001DC5    4  1112 EnumProtocolsW
00002369    5  1142 GetAcceptExSockaddrs
00001FEA    6  1109 GetAddressByNameA
00002039    7  1110 GetAddressByNameW
000020F2    8  1115 GetNameByTypeA
0000212B    9  1116 GetNameByTypeW
000021EA    A  1119 GetServiceA
00002230    B  1120 GetServiceW
00002088    C  1113 GetTypeByNameA
000020BD    D  1114 GetTypeByNameW
000023AD    E    24 MigrateWinsockConfiguration
00002276    F  1130 NPLoadNameSpaces
000022AF  10  1131 NSPStartup
00002164  11  1117 SetServiceA
000021A7  12  1118 SetServiceW
000022E4  13  1140 TransmitFile
00001C22  14  500 WEP
0000195D  15  102 WSAAsyncGetHostByAddr
0000199E  16  103 WSAAsyncGetHostByName
00001A14  17  105 WSAAsyncGetProtoByName
000019D9  18  104 WSAAsyncGetProtoByNumber
00001A8D  19  107 WSAAsyncGetServByName
00001A4F  1A  106 WSAAsyncGetServByPort
00001920  1B  101 WSAAsyncSelect
00001ACB  1C  108 WSACancelAsyncRequest
00001BA3  1D  113 WSACancelBlockingCall
00001C8B  1E  116 WSACleanup
00001B51  1F  111 WSAGetLastError
00001BCC  20  114 WSAIsBlocking
00001F7D  21  1107 WSARecvEx
00001AFC  22  109 WSASetBlockingHook
00001B77  23  112 WSASetLastError
00001C54  24  115 WSAStartup
00001B28  25  110 WSAUnhookBlockingHook
00001C23  26  1000 WSApSetPostRoutine
00001D4F  27  1005 WSHEnumProtocols
00001CB4  28  1001 WsControl
00001BF2  29  151 __WSAFDIsSet
000013BF  2A    1 accept
000013F8  2B    2 bind
00001431  2C    3 closesocket
00001CF7  2D  1002 closesockinfo
00001462  2E    4 connect
00001F3F  2F  1106 dn_expand
000017D3  30    51 gethostbyaddr
00001807  31    52 gethostbyname
000018EB  32    57 gethostname
00001E2A  33  1101 getnetbyname
0000149B  34    5 getpeername
00001833  35    53 getprotobyname
0000185F  36    54 getprotobynumber
0000188B  37    55 getservbyname
000018BB  38    56 getservbyport
000014D4  39    6 getsockname
00001000  3A    7 getsockopt
0000150D  3B    8 htonl
00001539  3C    9 htons
0000156A  3D    10 inet_addr
00001DFE  3E  1100 inet_network
0000159B  3F    11 inet_ntoa
000015C7  40    12 ioctlsocket
00001600  41    13 listen
00001635  42    14 ntohl
00001661  43    15 ntohs
00001E56  44  1102 rcmd
00001692  45    16 recv
000016B5  46    17 recvfrom
00001E99  47  1103 rexec
00001EDC  48  1104 rresvport
00001FBA  49  1108 s_perror
000016F8  4A    18 select
00001738  4B    19 send
0000175B  4C    20 sendto
00001F0B  4D  1105 sethostname
000010A0  4E    21 setsockopt
0000179E  4F    22 shutdown
00001145  50    23 socket


I also downloaded the Stud-Pe utility. ;)
PM
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll

 

Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins
Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets
Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian
Google