0 inet_addr
0 htons
0 getsockname
0 socket
0 gethostbyname
0 gethostbyaddr
0 connect
0 closesocket
0 bind
0 accept
0 __WSAFDIsSet
0 WSAStartup
0 send
0 select
0 recvSummary1000 .bss
1000 .data
1000 .idata
3000 .rsrc
3000 .textListing 8.2 (continued)That’s more like it, now you can see exactly which functions are used by the
program, and reversing it is going to be a more straightforward task. Keep in
mind that in some cases automatically unpacking the program is not going to
be possible, and we would have to confront the packed program. This subject is
discussed in depth in Part III of this book. For now let’s start by running the
program and trying to determine what it does. Needless to say, this should
only be done in a controlled environment, on an isolated system that doesn’t
contain any valuable data or programs. There’s no telling what this program is
liable to do.Initial Impressions
When launching the Webcam Shots.scrfile, the first thing you’ll notice is
that nothing happens. That’s the way it should be—this program does not
want to present itself to the end user in any way. It was made to be invisible. If
the program’s authors wanted the program to be even more convincing and
effective, they could have embedded an actual image file into this executable,
and immediately extract and show it when the program is first launched. This
way the user would never suspect that anything was wrong because the image
would be properly displayed. By not doing anything when the user clicks on290 Chapter 8