#81988 - 2002-12-08 04:37 PM
Analysis of KiX-related files
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
This may have been done before, but found this intersting.
Looking at a program that was listed at http://shellcity.net and is called Scanbin and is available from - http://members.aol.com/bellamyjc/en/scanbin.html .
If we do an analysis of KIX32.EXE.
The only difference between KIX32.EXE and WKIX32.EXE is there is one additional entry for imported functions:
KERNEL32 4 AllocConsole
quote:
General informations : c:\WINDOWS\kix32.exe
===========================================
Last update : 11/11/2002
File size : 225 280 byte(s)
Module type : WINDOWS executable (32 bits) : Windows Console User Interface
FileDescription : KiXtart main executable
FileVersion : 4, 12, 0, 0
CompanyName : Ruud van Velsen (Microsoft)
LegalCopyright : Copyright Ruud van Velsen 2002
InternalName : KIX32
OriginalFilename : KIX32.EXE
ProductName : KiXtart
ProductVersion : 4, 12, 0, 0
Languages : Language independent
Module in use : 0 times
WARNING !
This file calls following libraries API :
KERNEL32: LoadLibrarya
KERNEL32: LoadLibraryexa
KERNEL32: GetProcAddress
=> DLL and Imports listes can be uncompleted
DLL used : c:\WINDOWS\kix32.exe
===============================
Direct calls
--------------------------------------------------------------
c:\windows\system32 (10 DLL)
dll-32 advapi32.dll 8/29/2002 558 080 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Advanced Windows 32 Base API)
dll-32 kernel32.dll 8/29/2002 930 304 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Windows NT BASE API Client DLL)
dll-32 mpr.dll 8/23/2001 55 808 byte(s) (V.5.1.2600.0(xpclient.010817-1148) Multiple Provider Router DLL)
dll-32 netapi32.dll 8/29/2002 309 248 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Net Win32 API DLL)
dll-32 ole32.dll 8/29/2002 1 169 920 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Microsoft OLE for Windows)
dll-32 oleaut32.dll 8/29/2002 569 344 byte(s) (V.3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems)
dll-32 user32.dll 8/29/2002 560 128 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Windows XP USER API Client DLL)
dll-32 version.dll 8/23/2001 16 384 byte(s) (V.5.1.2600.0(xpclient.010817-1148) Version Checking and File Installation Libraries)
dll-32 winmm.dll 8/29/2002 171 520 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) MCI API DLL)
dll-32 winspool.drv 8/29/2002 132 096 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Windows Spooler Driver)
Undirect calls
--------------------------------------------------------------
c:\windows\system32 (4 DLL)
dll-32 gdi32.dll 8/29/2002 250 368 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) GDI Client DLL)
dll-32 msvcrt.dll 8/29/2002 323 072 byte(s) (V.7.0.2600.1106(xpsp1.020828-1920) Windows NT CRT DLL)
dll-32 ntdll.dll 8/29/2002 668 672 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) NT Layer DLL)
dll-32 rpcrt4.dll 8/29/2002 530 432 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Remote Procedure Call Runtime)
Imported functions : c:\WINDOWS\kix32.exe
=========================================
ADVAPI32 23 AdjustTokenPrivileges
ADVAPI32 24 AllocateAndInitializeSid
ADVAPI32 28 BackupEventLogA
ADVAPI32 48 ClearEventLogA
ADVAPI32 121 DeregisterEventSource
ADVAPI32 157 FreeSid
ADVAPI32 199 GetSidIdentifierAuthority
ADVAPI32 201 GetSidSubAuthority
ADVAPI32 202 GetSidSubAuthorityCount
ADVAPI32 208 GetTokenInformation
ADVAPI32 225 InitiateSystemShutdownA
ADVAPI32 239 LookupAccountSidA
ADVAPI32 240 LookupAccountSidW
ADVAPI32 245 LookupPrivilegeValueA
ADVAPI32 320 OpenEventLogA
ADVAPI32 322 OpenProcessToken
ADVAPI32 347 RegCloseKey
ADVAPI32 348 RegConnectRegistryA
ADVAPI32 351 RegCreateKeyExA
ADVAPI32 354 RegDeleteKeyA
ADVAPI32 356 RegDeleteValueA
ADVAPI32 358 RegEnumKeyA
ADVAPI32 359 RegEnumKeyExA
ADVAPI32 362 RegEnumValueA
ADVAPI32 366 RegLoadKeyA
ADVAPI32 370 RegOpenKeyExA
ADVAPI32 374 RegQueryInfoKeyA
ADVAPI32 379 RegQueryValueExA
ADVAPI32 384 RegRestoreKeyA
ADVAPI32 386 RegSaveKeyA
ADVAPI32 390 RegSetValueExA
ADVAPI32 393 RegUnLoadKeyA
ADVAPI32 396 RegisterEventSourceA
ADVAPI32 401 ReportEventA
KERNEL32 11 Beep
KERNEL32 27 CloseHandle
KERNEL32 32 CompareFileTime
KERNEL32 40 CopyFileA
KERNEL32 45 CreateDirectoryA
KERNEL32 52 CreateFileA
KERNEL32 68 CreateProcessA
KERNEL32 87 DeleteFileA
KERNEL32 119 EnumSystemLocalesA
KERNEL32 125 ExitProcess
KERNEL32 136 FileTimeToDosDateTime
KERNEL32 137 FileTimeToLocalFileTime
KERNEL32 139 FillConsoleOutputAttribute
KERNEL32 140 FillConsoleOutputCharacterA
KERNEL32 144 FindClose
KERNEL32 148 FindFirstFileA
KERNEL32 157 FindNextFileA
KERNEL32 169 FlushConsoleInputBuffer
KERNEL32 170 FlushFileBuffers
KERNEL32 175 FormatMessageA
KERNEL32 178 FreeEnvironmentStringsA
KERNEL32 179 FreeEnvironmentStringsW
KERNEL32 180 FreeLibrary
KERNEL32 185 GetACP
KERNEL32 191 GetCPInfo
KERNEL32 202 GetCommandLineA
KERNEL32 206 GetComputerNameA
KERNEL32 224 GetConsoleCursorInfo
KERNEL32 235 GetConsoleMode
KERNEL32 238 GetConsoleScreenBufferInfo
KERNEL32 239 GetConsoleTitleA
KERNEL32 245 GetCurrentDirectoryA
KERNEL32 247 GetCurrentProcess
KERNEL32 248 GetCurrentProcessId
KERNEL32 250 GetCurrentThreadId
KERNEL32 256 GetDiskFreeSpaceA
KERNEL32 262 GetEnvironmentStrings
KERNEL32 264 GetEnvironmentStringsW
KERNEL32 265 GetEnvironmentVariableA
KERNEL32 266 GetEnvironmentVariableW
KERNEL32 267 GetExitCodeProcess
KERNEL32 269 GetFileAttributesA
KERNEL32 274 GetFileSize
KERNEL32 276 GetFileTime
KERNEL32 277 GetFileType
KERNEL32 278 GetFullPathNameA
KERNEL32 282 GetLastError
KERNEL32 283 GetLocalTime
KERNEL32 284 GetLocaleInfoA
KERNEL32 285 GetLocaleInfoW
KERNEL32 292 GetModuleFileNameA
KERNEL32 294 GetModuleHandleA
KERNEL32 303 GetNumberOfConsoleInputEvents
KERNEL32 305 GetOEMCP
KERNEL32 314 GetPrivateProfileStringA
KERNEL32 318 GetProcAddress
KERNEL32 331 GetProfileStringA
KERNEL32 334 GetShortPathNameA
KERNEL32 336 GetStartupInfoA
KERNEL32 338 GetStdHandle
KERNEL32 339 GetStringTypeA
KERNEL32 342 GetStringTypeW
KERNEL32 343 GetSystemDefaultLCID
KERNEL32 345 GetSystemDirectoryA
KERNEL32 347 GetSystemInfo
KERNEL32 349 GetSystemTime
KERNEL32 357 GetTempPathA
KERNEL32 365 GetTickCount
KERNEL32 369 GetUserDefaultLCID
KERNEL32 372 GetVersion
KERNEL32 373 GetVersionExA
KERNEL32 381 GetWindowsDirectoryA
KERNEL32 397 GlobalMemoryStatus
KERNEL32 409 HeapAlloc
KERNEL32 411 HeapCreate
KERNEL32 413 HeapDestroy
KERNEL32 415 HeapFree
KERNEL32 418 HeapReAlloc
KERNEL32 445 IsValidCodePage
KERNEL32 446 IsValidLocale
KERNEL32 447 LCMapStringA
KERNEL32 448 LCMapStringW
KERNEL32 450 LoadLibraryA
KERNEL32 451 LoadLibraryExA
KERNEL32 460 LocalFree
KERNEL32 484 MultiByteToWideChar
KERNEL32 503 PeekConsoleInputA
KERNEL32 523 RaiseException
KERNEL32 524 ReadConsoleA
KERNEL32 525 ReadConsoleInputA
KERNEL32 536 ReadFile
KERNEL32 551 RemoveDirectoryA
KERNEL32 559 RtlUnwind
KERNEL32 577 SetConsoleCtrlHandler
KERNEL32 579 SetConsoleCursorInfo
KERNEL32 581 SetConsoleCursorPosition
KERNEL32 592 SetConsoleMode
KERNEL32 600 SetConsoleTextAttribute
KERNEL32 601 SetConsoleTitleA
KERNEL32 605 SetCurrentDirectoryA
KERNEL32 609 SetEndOfFile
KERNEL32 610 SetEnvironmentVariableA
KERNEL32 616 SetFileAttributesA
KERNEL32 618 SetFilePointer
KERNEL32 621 SetHandleCount
KERNEL32 625 SetLastError
KERNEL32 626 SetLocalTime
KERNEL32 636 SetStdHandle
KERNEL32 637 SetSystemPowerState
KERNEL32 638 SetSystemTime
KERNEL32 662 Sleep
KERNEL32 667 SystemTimeToFileTime
KERNEL32 670 TerminateProcess
KERNEL32 685 UnhandledExceptionFilter
KERNEL32 699 VirtualAlloc
KERNEL32 703 VirtualFree
KERNEL32 718 WaitForSingleObject
KERNEL32 722 WideCharToMultiByte
KERNEL32 724 WriteConsoleA
KERNEL32 734 WriteConsoleW
KERNEL32 735 WriteFile
KERNEL32 741 WritePrivateProfileStringA
KERNEL32 749 WriteProfileStringA
KERNEL32 762 lstrcatW
KERNEL32 771 lstrcpyW
MPR 6 WNetAddConnection2A
MPR 12 WNetCancelConnection2A
MPR 17 WNetCloseEnum
MPR 28 WNetEnumResourceA
MPR 61 WNetGetUserA
MPR 64 WNetOpenEnumA
NETAPI32 211 Netbios
OLE32 1 BindMoniker
OLE32 5 CLSIDFromProgID
OLE32 13 CoCreateInstance
OLE32 89 CreateBindCtx
OLE32 168 MkParseDisplayName
OLE32 171 OleBuildVersion
OLE32 201 OleInitialize
OLEAUT32 2247 CLSIDFromProgID
USER32 10 AttachThreadInput
USER32 43 CharToOemA
USER32 96 DdeClientTransaction
USER32 98 DdeConnect
USER32 101 DdeCreateStringHandleA
USER32 103 DdeDisconnect
USER32 107 DdeFreeStringHandle
USER32 112 DdeInitializeA
USER32 125 DdeUninitialize
USER32 185 EndDialog
USER32 189 EnumChildWindows
USER32 208 EnumWindows
USER32 211 ExitWindowsEx
USER32 213 FindWindowA
USER32 221 GetActiveWindow
USER32 325 GetSystemMenu
USER32 348 GetWindowRect
USER32 350 GetWindowTextA
USER32 354 GetWindowThreadProcessId
USER32 405 KillTimer
USER32 437 MapVirtualKeyA
USER32 446 MessageBoxA
USER32 462 OemToCharA
USER32 516 RemoveMenu
USER32 532 SendMessageA
USER32 535 SendMessageTimeoutA
USER32 559 SetFocus
USER32 560 SetForegroundWindow
USER32 594 SetTimer
USER32 603 SetWindowPos
USER32 618 ShowWindow
USER32 625 SystemParametersInfoA
USER32 668 VkKeyScanA
USER32 682 keybd_event
VERSION 0 GetFileVersionInfoA
VERSION 1 GetFileVersionInfoSizeA
VERSION 10 VerQueryValueA
WINMM 12 PlaySoundA
WINMM 145 sndPlaySoundA
WINSPOOL 17 AddPrinterConnectionA
WINSPOOL 50 DeletePrinterConnectionA
Started to look at KX16.DLL, KX32.DLL, and KX95.DLL and these appear to call different DLLs than those of NT-Class systems.
However, did look at KXRPC.EXE
quote:
General informations : c:\Documents and Settings\Kent\KiX2001.412\kxrpc.exe
===========================================================================
Last update : 9/11/2002
File size : 69 632 byte(s)
Module type : WINDOWS executable (32 bits) : Windows Console User Interface
FileDescription : KiXtart RPC service
FileVersion : 4, 1, 0
CompanyName : Ruud van Velsen (Microsoft)
LegalCopyright : Copyright Ruud van Velsen. 2001
InternalName : KXRPC
OriginalFilename : KXRPC.EXE
ProductName : KiXtart
ProductVersion : 4, 1, 0
Languages : Language independent
Module in use : 0 times
WARNING !
This file calls following libraries API :
KERNEL32: LoadLibrarya
KERNEL32: GetProcAddress
=> DLL and Imports listes can be uncompleted
DLL used : c:\Documents and Settings\Kent\KiX2001.412\kxrpc.exe
===============================================================
Direct calls
--------------------------------------------------------------
c:\windows\system32 (6 DLL)
dll-32 advapi32.dll 8/29/2002 558 080 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Advanced Windows 32 Base API)
dll-32 kernel32.dll 8/29/2002 930 304 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Windows NT BASE API Client DLL)
dll-32 netapi32.dll 8/29/2002 309 248 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Net Win32 API DLL)
dll-32 rpcrt4.dll 8/29/2002 530 432 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Remote Procedure Call Runtime)
dll-32 shell32.dll 8/29/2002 8 336 384 byte(s) (V.6.00.2800.1106(xpsp1.020828-1920) Windows Shell Common Dll)
dll-32 user32.dll 8/29/2002 560 128 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) Windows XP USER API Client DLL)
Undirect calls
--------------------------------------------------------------
c:\program files\common files\adaptec shared\system (1 DLL)
dll-32 shlwapi.dll 4/23/1999 282 896 byte(s) (V.5.00.2614.3500 Shell Light-weight Utility Library)
c:\windows\system32 (3 DLL)
dll-32 gdi32.dll 8/29/2002 250 368 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) GDI Client DLL)
dll-32 msvcrt.dll 8/29/2002 323 072 byte(s) (V.7.0.2600.1106(xpsp1.020828-1920) Windows NT CRT DLL)
dll-32 ntdll.dll 8/29/2002 668 672 byte(s) (V.5.1.2600.1106(xpsp1.020828-1920) NT Layer DLL)
Imported functions : c:\Documents and Settings\Kent\KiX2001.412\kxrpc.exe
=========================================================================
ADVAPI32 29 AllocateAndInitializeSid
ADVAPI32 62 CloseServiceHandle
ADVAPI32 66 ControlService
ADVAPI32 100 CreateServiceW
ADVAPI32 174 DeleteService
ADVAPI32 175 DeregisterEventSource
ADVAPI32 213 EqualPrefixSid
ADVAPI32 223 FreeSid
ADVAPI32 275 GetSidIdentifierAuthority
ADVAPI32 277 GetSidSubAuthority
ADVAPI32 278 GetSidSubAuthorityCount
ADVAPI32 279 GetTokenInformation
ADVAPI32 326 LookupAccountSidW
ADVAPI32 424 OpenProcessToken
ADVAPI32 426 OpenSCManagerW
ADVAPI32 428 OpenServiceW
ADVAPI32 429 OpenThreadToken
ADVAPI32 447 QueryServiceStatus
ADVAPI32 456 RegCloseKey
ADVAPI32 461 RegCreateKeyExW
ADVAPI32 464 RegDeleteKeyW
ADVAPI32 481 RegOpenKeyExA
ADVAPI32 482 RegOpenKeyExW
ADVAPI32 491 RegQueryValueExA
ADVAPI32 505 RegSetValueExW
ADVAPI32 510 RegisterEventSourceW
ADVAPI32 515 RegisterServiceCtrlHandlerW
ADVAPI32 521 ReportEventW
ADVAPI32 568 SetServiceStatus
ADVAPI32 575 StartServiceCtrlDispatcherW
KERNEL32 27 CloseHandle
KERNEL32 74 CreateThread
KERNEL32 85 DeleteCriticalSection
KERNEL32 102 EnterCriticalSection
KERNEL32 125 ExitProcess
KERNEL32 170 FlushFileBuffers
KERNEL32 176 FormatMessageW
KERNEL32 178 FreeEnvironmentStringsA
KERNEL32 179 FreeEnvironmentStringsW
KERNEL32 185 GetACP
KERNEL32 191 GetCPInfo
KERNEL32 202 GetCommandLineA
KERNEL32 203 GetCommandLineW
KERNEL32 247 GetCurrentProcess
KERNEL32 249 GetCurrentThread
KERNEL32 250 GetCurrentThreadId
KERNEL32 262 GetEnvironmentStrings
KERNEL32 264 GetEnvironmentStringsW
KERNEL32 265 GetEnvironmentVariableA
KERNEL32 277 GetFileType
KERNEL32 282 GetLastError
KERNEL32 292 GetModuleFileNameA
KERNEL32 293 GetModuleFileNameW
KERNEL32 294 GetModuleHandleA
KERNEL32 305 GetOEMCP
KERNEL32 318 GetProcAddress
KERNEL32 320 GetProcessHeap
KERNEL32 336 GetStartupInfoA
KERNEL32 338 GetStdHandle
KERNEL32 339 GetStringTypeA
KERNEL32 342 GetStringTypeW
KERNEL32 372 GetVersion
KERNEL32 373 GetVersionExA
KERNEL32 409 HeapAlloc
KERNEL32 411 HeapCreate
KERNEL32 413 HeapDestroy
KERNEL32 415 HeapFree
KERNEL32 418 HeapReAlloc
KERNEL32 426 InitializeCriticalSection
KERNEL32 429 InterlockedDecrement
KERNEL32 432 InterlockedIncrement
KERNEL32 447 LCMapStringA
KERNEL32 448 LCMapStringW
KERNEL32 449 LeaveCriticalSection
KERNEL32 450 LoadLibraryA
KERNEL32 460 LocalFree
KERNEL32 484 MultiByteToWideChar
KERNEL32 559 RtlUnwind
KERNEL32 577 SetConsoleCtrlHandler
KERNEL32 618 SetFilePointer
KERNEL32 621 SetHandleCount
KERNEL32 625 SetLastError
KERNEL32 636 SetStdHandle
KERNEL32 662 Sleep
KERNEL32 670 TerminateProcess
KERNEL32 674 TlsAlloc
KERNEL32 676 TlsGetValue
KERNEL32 677 TlsSetValue
KERNEL32 685 UnhandledExceptionFilter
KERNEL32 699 VirtualAlloc
KERNEL32 703 VirtualFree
KERNEL32 722 WideCharToMultiByte
KERNEL32 735 WriteFile
KERNEL32 777 lstrlenW
NETAPI32 104 NetApiBufferFree
NETAPI32 142 NetGetAnyDCName
NETAPI32 239 NetUserGetInfo
NETAPI32 240 NetUserGetLocalGroups
NETAPI32 246 NetWkstaGetInfo
RPCRT4 47 I_RpcGetBuffer
RPCRT4 145 NdrConformantStringUnmarshall
RPCRT4 163 NdrConvert
RPCRT4 236 NdrPointerFree
RPCRT4 262 NdrServerInitializeNew
RPCRT4 267 NdrSimpleStructBufferSize
RPCRT4 269 NdrSimpleStructMarshall
RPCRT4 343 RpcBindingVectorFree
RPCRT4 353 RpcEpRegisterW
RPCRT4 355 RpcEpUnregister
RPCRT4 370 RpcImpersonateClient
RPCRT4 384 RpcMgmtIsServerListening
RPCRT4 390 RpcMgmtStopServerListening
RPCRT4 391 RpcMgmtWaitServerListen
RPCRT4 403 RpcRaiseException
RPCRT4 405 RpcRevertToSelf
RPCRT4 407 RpcServerInqBindings
RPCRT4 413 RpcServerListen
RPCRT4 415 RpcServerRegisterAuthInfoW
RPCRT4 416 RpcServerRegisterIf
RPCRT4 420 RpcServerUnregisterIf
RPCRT4 437 RpcServerUseProtseqW
SHELL32 4 CommandLineToArgvW
USER32 729 wsprintfW
Thanks!
Kent
[ 10. December 2002, 09:08: Message edited by: kdyer ]
|
|
Top
|
|
|
|
#81989 - 2002-12-08 04:42 PM
Re: Analysis of KiX-related files
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear,
Nice info. Nice tool.
greetings.
|
|
Top
|
|
|
|
Moderator: Jochen, Radimus, Glenn Barnas, Allen, Arend_, ShaneEP, Mart
|
0 registered
and 360 anonymous users online.
|
|
|
