9 pop ecx # ret push eax # pop esp # ret pop eax # ret ptr to CreateFileMappingA() call [eax] # ret HANDLE hFile LPSECURITY_ATTRIBUTES lpAttributes DWORD flProtect DWORD dwMaximumSizeHigh DWORD dwMaximumSizeHigh LPCTSTR lpName pop edi # ret pop ebp # pop ebx # pop ecx # ret pop ebx # ret pop eax # ret pop ecx # ret ptr to MapViewOfFile() mov edx, ecx pop ecx # ret call [eax] # ret pushad # add al, 0 # ret DWORD dwDesiredAccess DWORD dwFileOffsetHigh DWORD dwFileOffsetLow SIZE_T dwNumberOfBytesToMap pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret jmp IAT msvcr80!memcpy ret JUNK memcpy length JUNK xchg eax, ebp # ret pushad # add al, 0 # ret 10 pop ecx # ret push eax # pop esp # ret pop eax # ret ptr to CreateFileMappingA() call [eax] # ret HANDLE hFile LPSECURITY_ATTRIBUTES lpAttributes DWORD flProtect DWORD dwMaximumSizeHigh DWORD dwMaximumSizeHigh LPCTSTR lpName pop edi # ret pop ebp # pop ebx # pop ecx # ret pop ebx # ret pop eax # ret pop ecx # ret ptr to MapViewOfFile() mov edx, ecx pop ecx # ret call [eax] # ret pushad # add al, 0 # ret DWORD dwDesiredAccess DWORD dwFileOffsetHigh DWORD dwFileOffsetLow SIZE_T dwNumberOfBytesToMap pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret jmp to IAT msvcr90!memcpy ret JUNK memcpy length JUNK xchg eax, ebp # ret pushad # add al, 0 # ret 11 pop ecx # ret push eax # pop esp # ret pop eax # ret ptr to CreateFileMappingA() call [eax] # ret HANDLE hFile LPSECURITY_ATTRIBUTES lpAttributes DWORD flProtect DWORD dwMaximumSizeHigh DWORD dwMaximumSizeHigh LPCTSTR lpName pop edi # ret JUNK pop ebx # pop esi # pop ebp # ret pop eax # ret pop esi # pop ebp # ret JUNK pop ecx # ret call [eax] # ret pop edx # ret ptr to MapViewOfFile() pushad # add al, 0 # pop ebp # ret DWORD dwDesiredAccess DWORD dwFileOffsetHigh DWORD dwFileOffsetLow SIZE_T dwNumberOfBytesToMap pop edi # pop esi # pop ebp # ret memcpy address call eax # ret memcpy address xchg eax, ebp # ret pop ebx # ret memcpy length pop edx # ret pop edx # ret pushad # add al, 0 # pop ebp # ret