sub_outside(): KERNEL32.CreateFileA KERNEL32.GetFileSize KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.SetEndOfFile KERNEL32.GetStdHandle KERNEL32.GetFileType KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error KERNEL32.UnhandledExceptionFilter KERNEL32.InterlockedIncrement KERNEL32.InterlockedDecrement KERNEL32.GetCurrentThreadId KERNEL32.Sleep KERNEL32.GetCommandLineA KERNEL32.GetACP KERNEL32.GetSystemDirectoryA KERNEL32.CopyFileA KERNEL32.WritePrivateProfileStringA KERNEL32.GetModuleFileNameA KERNEL32.GetEnvironmentVariableA SHELL32.ShellExecuteA |
sub_4000BB80(0126): USER32.CharNextA |
sub_400040D8(027a): KERNEL32.UnhandledExceptionFilter |
sub_40012AF4(06cc): NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection |
sub_400080E8(0713): KERNEL32.GetDiskFreeSpaceA |
sub_4000D260(07a3): KERNEL32.GetProcAddress |
sub_4001464C(095d): ADVAPI32.RegSetValueExA |
sub_40014250(096b): ADVAPI32.RegOpenKeyExA ADVAPI32.RegCreateKeyExA |
sub_40005C40(0996): USER32.CharNextA |
sub_40007BB4(0f08): KERNEL32.CompareStringA |
sub_400141BC(1061): ADVAPI32.RegFlushKey ADVAPI32.RegCloseKey |
sub_40015358(1077): NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection |
sub_4000C5B4(15cd): KERNEL32.GetCurrentThreadId |
sub_4000AAF4(167e): KERNEL32.GetThreadLocale KERNEL32.EnumCalendarInfoA |
sub_400063E4(192d): KERNEL32.TlsSetValue |
sub_400049A4(1d31): KERNEL32.WideCharToMultiByte |
sub_4000A81C(1e31): KERNEL32.FormatMessageA |
sub_4001394C(1edc): KERNEL32.InitializeCriticalSection |
sub_4000C658(1f9a): KERNEL32.GetCurrentThreadId |
sub_40009590(23bd): KERNEL32.GetThreadLocale KERNEL32.GetDateFormatA "yyyy" |
sub_400033EC(2922): NTDLL.RtlGetLastWin32Error |
sub_4000C758(2b28): KERNEL32.ResetEvent |
sub_4000C764(2b28): KERNEL32.SetEvent |
sub_4000C770(2b28): KERNEL32.SetEvent |
sub_40017A1C(2cac): KERNEL32.GetModuleFileNameA KERNEL32.CreateProcessA KERNEL32.GetThreadContext KERNEL32.ReadProcessMemory KERNEL32.VirtualAllocEx KERNEL32.WriteProcessMemory KERNEL32.SetThreadContext KERNEL32.ResumeThread |
sub_40014D5C(2fbb): USER32.GetSysColor |
sub_40002D8C(36be): NTDLL.RtlGetLastWin32Error |
sub_4000C410(36be): NTDLL.RtlGetLastWin32Error |
sub_40001734(375a): KERNEL32.Sleep |
sub_40009414(3875): KERNEL32.GetThreadLocale KERNEL32.GetDateFormatA |
sub_4000BDA0(38e1): KERNEL32.GetThreadLocale USER32.GetSystemMetrics |
sub_40006428(3b40): KERNEL32.TlsGetValue |
sub_4000C4D8(3bab): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress "GetDiskFreeSpaceExA" |
sub_40006474(3f4e): KERNEL32.GetModuleHandleA |
sub_400173FC(40d1): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress KERNEL32.FreeLibrary |
sub_40015600(446a): GDI32.UnrealizeObject GDI32.SelectObject GDI32.SetBkColor GDI32.SetBkMode |
sub_400030D0(4636): KERNEL32.ReadFile NTDLL.RtlGetLastWin32Error |
sub_40012E54(4877): NTDLL.RtlDeleteCriticalSection |
sub_40012D98(4f03): NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection |
sub_40002B24(4f29): KERNEL32.VirtualFree |
sub_400012A0(5034): KERNEL32.GetStartupInfoA |
sub_4001452C(504c): ADVAPI32.RegQueryValueExA |
sub_40015408(5116): NTDLL.RtlLeaveCriticalSection NTDLL.RtlEnterCriticalSection |
sub_400096A8(512e): "AMPM" "AMPM" "AAAA" "AAA" " " |
sub_40002FF8(51d7): KERNEL32.GetModuleFileNameA KERNEL32.GetCommandLineA |
sub_40015C34(553a): GDI32.DeleteObject NTDLL.RtlDeleteCriticalSection |
sub_400022F0(5621): KERNEL32.Sleep KERNEL32.VirtualAlloc |
sub_4001567C(568f): USER32.GetDC GDI32.GetDeviceCaps GDI32.GetSystemPaletteEntries USER32.ReleaseDC GDI32.CreatePalette |
sub_40014F8C(56fb): KERNEL32.CompareStringA GDI32.CreateFontIndirectA "Default" "Default" |
sub_4000ADE0(5863): KERNEL32.VirtualQuery KERNEL32.GetModuleFileNameA USER32.LoadStringA |
sub_40007EBC(588c): KERNEL32.CompareStringA |
sub_40015918(5898): USER32.GetDC GDI32.SelectObject GDI32.GetTextMetricsA USER32.ReleaseDC |
sub_40015380(5b2b): GDI32.MoveToEx |
sub_400139A0(5bc5): NTDLL.RtlDeleteCriticalSection |
sub_400153AC(5f5b): NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection |
sub_4000B830(5fcf): KERNEL32.GetVersionExA |
sub_4001607C(638c): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress "CoCreateInstanceEx" "CoInitializeEx" "CoAddRefServerProcess" "CoReleaseServerProcess" "CoResumeClassObjects" "CoSuspendClassObjects" |
sub_40005C60(6391): KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress KERNEL32.lstrcpynA KERNEL32.FindFirstFileA KERNEL32.FindClose KERNEL32.lstrlenA "GetLongPathNameA" |
sub_40016B44(6596): NTDLL.RtlDecompressBuffer |
sub_400015DC(69e9): KERNEL32.VirtualAlloc |
sub_400165F0(6e24): KERNEL32.MultiByteToWideChar KERNEL32.GetThreadLocale |
sub_40006758(7003): KERNEL32.FreeLibrary |
sub_40002208(713a): KERNEL32.VirtualQuery |
sub_40019144(7429): KERNEL32.InitializeCriticalSection |
sub_40004670(7b2f): "Runtime error at 00000000" |
sub_4000BC30(7bef): KERNEL32.CompareStringA |
sub_400092B0(7bf1): KERNEL32.GetLocalTime |
sub_40013E48(7ed1): NTDLL.RtlDeleteCriticalSection KERNEL32.CloseHandle |
sub_40015430(8088): GDI32.GetCurrentPositionEx |
sub_40015B9C(808e): NTDLL.RtlEnterCriticalSection |
sub_400148FC(808e): NTDLL.RtlLeaveCriticalSection |
sub_400134A8(808e): NTDLL.RtlEnterCriticalSection |
sub_400148F0(808e): NTDLL.RtlEnterCriticalSection |
sub_40015BA8(808e): NTDLL.RtlLeaveCriticalSection |
sub_40006248(808e): KERNEL32.InterlockedDecrement |
sub_40013B08(808e): NTDLL.RtlLeaveCriticalSection |
sub_400134B4(808e): NTDLL.RtlLeaveCriticalSection |
sub_4000BB60(856a): USER32.CharNextA |
sub_400063D0(8667): KERNEL32.LocalAlloc |
sub_4000A91C(8708): KERNEL32.GetThreadLocale |
sub_400016F8(8a39): KERNEL32.VirtualFree |
sub_4000ABA4(8c8b): KERNEL32.GetThreadLocale "yyyy" "eeee" "yy" |
sub_40002540(8d82): USER32.MessageBoxA "An unexpected memory leak has occurred."... "The unexpected small block leaks are:\r\n"... " bytes: " "Unknown" "String" "The sizes of unexpected leaked medium a"... "\r\n" "Unexpected Memory Leak" |
sub_40015B70(8e6a): NTDLL.RtlDeleteCriticalSection |
sub_4000B488(8f14): KERNEL32.VirtualQuery KERNEL32.GetModuleFileNameA |
sub_400151D0(904b): GDI32.CreatePenIndirect |
sub_40001694(90ae): KERNEL32.VirtualAlloc |
sub_4000AF68(94f8): USER32.CharToOemA KERNEL32.GetStdHandle KERNEL32.WriteFile USER32.LoadStringA USER32.MessageBoxA |
sub_40012C6C(99b9): NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection |
sub_4000315C(9a30): NTDLL.RtlGetLastWin32Error |
sub_40017D84(9c5d): KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.GetFileSize KERNEL32.CloseHandle |
sub_4000C710(9d07): KERNEL32.CloseHandle |
sub_40005BC0(a00d): KERNEL32.GetModuleFileNameA |
sub_40015478(a05b): GDI32.SelectObject |
sub_40016F88(a482): KERNEL32.FindResourceA KERNEL32.SizeofResource KERNEL32.LoadResource KERNEL32.SetHandleCount KERNEL32.FreeResource KERNEL32.ExitProcess |
sub_400148CC(a5f7): NTDLL.RtlDeleteCriticalSection |
sub_4000314C(abfd): KERNEL32.CloseHandle |
sub_40003110(acbe): KERNEL32.WriteFile NTDLL.RtlGetLastWin32Error |
sub_400155A4(aee0): GDI32.SelectObject GDI32.SetTextColor |
sub_40004790(afba): KERNEL32.FreeLibrary KERNEL32.ExitProcess |
sub_400146B4(b0c2): ADVAPI32.RegQueryValueExA |
sub_400179D4(b1d7): KERNEL32.GetTickCount KERNEL32.Sleep |
sub_40014374(b343): ADVAPI32.RegOpenKeyExA |
sub_40003B94(b3af): ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey "SOFTWARE\\Borland\\Delphi\\RTL" "FPUMaskValue" |
sub_40017944(ba13): ADVAPI32.GetUserNameA "CurrentUser" |
sub_4000C5D0(ba51): KERNEL32.GetCurrentThreadId |
sub_40017F10(bee4): "haha, look at this Wallpaper :D its gre"... "Look at this new game... :D, Look at my"... "Looki ^^, my new hair style what you th"... "Wonna see a real evil pic? :D mwahaha B"... "Now this is what i call Pure Ownage..." "I finally got a new car, what you think"... "oooo Tell me if you like my new compute"... "Tell me if this looks coo, i made my ow"... "I went to a party last night, i got so "... "You goto see this pic, its brilliant ^_"... |
sub_400062F0(bee8): USER32.LoadStringA |
sub_40007E2C(c056): "True" "False" |
sub_40002BB4(c067): USER32.DestroyWindow KERNEL32.VirtualFree |
sub_4000C69C(c2ef): KERNEL32.CreateEventA |
sub_40001A9C(c418): KERNEL32.Sleep KERNEL32.VirtualFree |
sub_40009F74(c47c): KERNEL32.CompareStringA |
sub_40001654(c746): KERNEL32.Sleep |
sub_400049C4(cb57): KERNEL32.MultiByteToWideChar |
sub_4000BE64(cb75): KERNEL32.GetThreadLocale |
sub_400155D0(cd6b): GDI32.SelectObject GDI32.SetROP2 |
sub_40004704(cf12): KERNEL32.GetStdHandle KERNEL32.WriteFile USER32.MessageBoxA "Runtime error at 00000000" "Error" "Runtime error at 00000000" |
sub_40003644(cf52): KERNEL32.CreateFileA KERNEL32.GetStdHandle NTDLL.RtlGetLastWin32Error |
sub_40003B64(d3f8): USER32.GetKeyboardType |
sub_40001C7C(d8f8): KERNEL32.Sleep |
sub_40005E24(d955): KERNEL32.GetModuleFileNameA ADVAPI32.RegOpenKeyExA ADVAPI32.RegQueryValueExA ADVAPI32.RegCloseKey KERNEL32.lstrcpynA KERNEL32.GetThreadLocale KERNEL32.GetLocaleInfoA KERNEL32.lstrlenA KERNEL32.LoadLibraryExA "Software\\Borland\\Locales" "Software\\Borland\\Locales" "Software\\Borland\\Delphi\\Locales" |
sub_4000C79C(d9e2): KERNEL32.GetCurrentThreadId |
sub_400171BC(dc2c): KERNEL32.GetTempPathA KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.WinExec |
sub_40013AA4(dc74): NTDLL.RtlEnterCriticalSection |
sub_40013E14(ddee): KERNEL32.InitializeCriticalSection KERNEL32.CreateEventA |
sub_400141EC(de67): ADVAPI32.RegCloseKey |
sub_40005B98(df74): KERNEL32.VirtualQuery |
sub_4000A868(e0af): KERNEL32.GetLocaleInfoA |
sub_40015840(e6ea): GDI32.SelectObject GDI32.SelectPalette GDI32.DeleteDC |
sub_4000A8B4(eb9d): KERNEL32.GetLocaleInfoA |
sub_40003058(eba1): KERNEL32.QueryPerformanceCounter KERNEL32.GetTickCount |
sub_4000C77C(f172): KERNEL32.WaitForSingleObject |
sub_4000C78C(f172): KERNEL32.WaitForSingleObject |
sub_400133D4(f296): KERNEL32.InitializeCriticalSection |
sub_40002EFC(f357): USER32.CharNextA |
sub_40015270(f60e): GDI32.CreateBrushIndirect |
sub_4000D28C(f615): KERNEL32.GetModuleHandleA "VariantChangeTypeEx" "VarNeg" "VarNot" "VarAdd" "VarSub" "VarMul" "VarDiv" "VarIdiv" "VarMod" "VarAnd" "VarOr" "VarXor" "VarCmp" "VarI4FromStr" "VarR4FromStr" "VarR8FromStr" "VarDateFromStr" "VarCyFromStr" "VarBoolFromStr" "VarBstrFromCy" "VarBstrFromDate" "VarBstrFromBool" |
sub_4000BD44(fa20): KERNEL32.GetCPInfo |
sub_40013448(ffcb): NTDLL.RtlDeleteCriticalSection |