文章分类
分类:
2012-05-30 22:35:12
原文地址: 作者:
.text1:00bfd818 ; ---------------------------------------------------------------------------
.text1:00bfd819 align 10h
.text1:00bfd820
.text1:00bfd820 loc_bfd820: ; code xref: sub_bfe1d0 3p
.text1:00bfd820 push ebp
.text1:00bfd821 mov ebp, esp
.text1:00bfd823 push 0ffffffffh
.text1:00bfd825 push offset loc_c7877d
.text1:00bfd82a mov eax, large fs:0
.text1:00bfd830 push eax
.text1:00bfd831 sub esp, 7f8h
.text1:00bfd837 mov eax, ds:dword_c9f8b0
.text1:00bfd83c xor eax, ebp
.text1:00bfd83e mov [ebp-18h], eax
.text1:00bfd841 push eax
.text1:00bfd842 lea eax, [ebp-0ch]
.text1:00bfd845 mov large fs:0, eax
.text1:00bfd84b mov byte ptr [ebp-0dh], 1
.text1:00bfd84f call sub_c401c0
.text1:00bfd854 mov eax, ds:createthread
.text1:00bfd859 mov [ebp-14h], eax
.text1:00bfd85c mov ecx, [ebp-14h]
.text1:00bfd85f add ecx, 1
.text1:00bfd862 mov [ebp-14h], ecx
.text1:00bfd865 mov edx, ds:loadstringa
.text1:00bfd86b mov [ebp-14h], edx
.text1:00bfd86e mov eax, [ebp-14h]
.text1:00bfd871 add eax, 1
.text1:00bfd874 mov [ebp-14h], eax
.text1:00bfd877 mov ecx, ds:loadstringw
.text1:00bfd87d mov [ebp-14h], ecx
.text1:00bfd880 mov edx, [ebp-14h]
.text1:00bfd883 add edx, 1
.text1:00bfd886 mov [ebp-14h], edx
.text1:00bfd889 push offset sub_bfc520
.text1:00bfd88e call ?_set_new_handler@@yap6ahi@zp6ahi@z@z ; _set_new_handler(int (*)(uint))
.text1:00bfd893 add esp, 4
.text1:00bfd896 mov eax, ds:dword_cb565c
.text1:00bfd89b mov ecx, ds:dword_cb565c
.text1:00bfd8a1 mov edx, [eax 50h]
.text1:00bfd8a4 xor edx, [ecx 70h]
.text1:00bfd8a7 push edx
.text1:00bfd8a8 call ds:getcurrentprocessid
.text1:00bfd8ae push eax
.text1:00bfd8af push offset axda08x ; "%x::dax"
.text1:00bfd8b4 push 104h
.text1:00bfd8b9 lea eax, [ebp-124h]
.text1:00bfd8bf push eax
.text1:00bfd8c0 call _sprintf_s
.text1:00bfd8c5 add esp, 14h
.text1:00bfd8c8 lea ecx, [ebp-124h]
.text1:00bfd8ce push ecx
.text1:00bfd8cf push 0
.text1:00bfd8d1 push 1f0001h
.text1:00bfd8d6 call ds:openmutexa
.text1:00bfd8dc test eax, eax
.text1:00bfd8de jz short loc_bfd8e4
.text1:00bfd8e0 mov byte ptr [ebp-0dh], 0
.text1:00bfd8e4
.text1:00bfd8e4 loc_bfd8e4: ; code xref: .text1:00bfd8dej
.text1:00bfd8e4 movzx edx, byte ptr [ebp-0dh]
.text1:00bfd8e8 test edx, edx
.text1:00bfd8ea jz loc_bfdabc
.text1:00bfd8f0 mov eax, ds:dword_cb565c
.text1:00bfd8f5 mov ecx, ds:dword_cb565c
.text1:00bfd8fb mov edx, [eax 40h]
.text1:00bfd8fe xor edx, [ecx 80h]
.text1:00bfd904 mov eax, ds:dword_cb565c
.text1:00bfd909 xor edx, [eax 4]
.text1:00bfd90c and edx, 20h
.text1:00bfd90f jz loc_bfdabc
.text1:00bfd915 mov ecx, ds:dword_cb565c
.text1:00bfd91b mov edx, ds:dword_cb565c
.text1:00bfd921 mov eax, [ecx 90h]
.text1:00bfd927 xor eax, [edx 64h]
.text1:00bfd92a mov ecx, ds:dword_cb565c
.text1:00bfd930 xor eax, [ecx 50h]
.text1:00bfd933 push eax
.text1:00bfd934 push offset arn08x ; "rnx"
.text1:00bfd939 push 104h
.text1:00bfd93e lea edx, [ebp-124h]
.text1:00bfd944 push edx
.text1:00bfd945 call _sprintf_s
.text1:00bfd94a add esp, 10h
.text1:00bfd94d lea eax, [ebp-124h]
.text1:00bfd953 push eax
.text1:00bfd954 push 0
.text1:00bfd956 push 0
.text1:00bfd958 call ds:createmutexa
.text1:00bfd95e mov [ebp-12ch], eax
.text1:00bfd964 cmp dword ptr [ebp-12ch], 0
.text1:00bfd96b jz loc_bfdabc
.text1:00bfd971 call ds:getlasterror
.text1:00bfd977 cmp eax, 0b7h
.text1:00bfd97c jnz loc_bfdabc
.text1:00bfd982 push 7530h
.text1:00bfd987 mov ecx, [ebp-12ch]
.text1:00bfd98d push ecx
.text1:00bfd98e call ds:waitforsingleobject
.text1:00bfd994 mov [ebp-130h], eax
.text1:00bfd99a cmp dword ptr [ebp-130h], 0
.text1:00bfd9a1 jz short loc_bfd9b3
.text1:00bfd9a3 cmp dword ptr [ebp-130h], 80h
.text1:00bfd9ad jnz loc_bfdab2
.text1:00bfd9b3
.text1:00bfd9b3 loc_bfd9b3: ; code xref: .text1:00bfd9a1j
.text1:00bfd9b3 mov edx, ds:dword_cb565c
.text1:00bfd9b9 mov eax, ds:dword_cb565c
.text1:00bfd9be mov ecx, [edx 90h]
.text1:00bfd9c4 xor ecx, [eax 64h]
.text1:00bfd9c7 mov edx, ds:dword_cb565c
.text1:00bfd9cd xor ecx, [edx 50h]
.text1:00bfd9d0 push ecx
.text1:00bfd9d1 push offset a08x ; "x"
.text1:00bfd9d6 push 104h
.text1:00bfd9db lea eax, [ebp-124h]
.text1:00bfd9e1 push eax
.text1:00bfd9e2 call _sprintf_s
.text1:00bfd9e7 add esp, 10h
.text1:00bfd9ea mov dword ptr [ebp-138h], 0
.text1:00bfd9f4 jmp short loc_bfda05
.text1:00bfd9f6 ; ---------------------------------------------------------------------------
.text1:00bfd9f6
.text1:00bfd9f6 loc_bfd9f6: ; code xref: .text1:00bfda3cj
.text1:00bfd9f6 mov ecx, [ebp-138h]
.text1:00bfd9fc add ecx, 1
.text1:00bfd9ff mov [ebp-138h], ecx
.text1:00bfda05
.text1:00bfda05 loc_bfda05: ; code xref: .text1:00bfd9f4j
.text1:00bfda05 cmp dword ptr [ebp-138h], 12ch
.text1:00bfda0f jge short loc_bfda3e
.text1:00bfda11 lea edx, [ebp-124h]
.text1:00bfda17 push edx
.text1:00bfda18 push offset amainclass ; "mainclass"
.text1:00bfda1d call ds:findwindowa
.text1:00bfda23 mov [ebp-134h], eax
.text1:00bfda29 cmp dword ptr [ebp-134h], 0
.text1:00bfda30 jz short loc_bfda34
.text1:00bfda32 jmp short loc_bfda3e
.text1:00bfda34 ; ---------------------------------------------------------------------------
.text1:00bfda34
.text1:00bfda34 loc_bfda34: ; code xref: .text1:00bfda30j
.text1:00bfda34 push 64h
.text1:00bfda36 call ds:sleep
.text1:00bfda3c jmp short loc_bfd9f6
.text1:00bfda3e ; ---------------------------------------------------------------------------
.text1:00bfda3e
.text1:00bfda3e loc_bfda3e: ; code xref: .text1:00bfda0fj
.text1:00bfda3e ; .text1:00bfda32j
.text1:00bfda3e cmp dword ptr [ebp-134h], 0
.text1:00bfda45 jz short loc_bfdaa5
.text1:00bfda47 mov eax, ds:dword_cb565c
.text1:00bfda4c mov ecx, ds:dword_cb565c
.text1:00bfda52 mov edx, [eax 90h]
.text1:00bfda58 xor edx, [ecx 64h]
.text1:00bfda5b mov eax, ds:dword_cb565c
.text1:00bfda60 xor edx, [eax 50h]
.text1:00bfda63 mov [ebp-144h], edx
.text1:00bfda69 mov ecx, ds:dword_cb5400
.text1:00bfda6f push ecx
.text1:00bfda70 call _strlen
.text1:00bfda75 add esp, 4
.text1:00bfda78 add eax, 1
.text1:00bfda7b mov [ebp-140h], eax
.text1:00bfda81 mov edx, ds:dword_cb5400
.text1:00bfda87 mov [ebp-13ch], edx
.text1:00bfda8d lea eax, [ebp-144h]
.text1:00bfda93 push eax
.text1:00bfda94 push 0
.text1:00bfda96 push 4ah
.text1:00bfda98 mov ecx, [ebp-134h]
.text1:00bfda9e push ecx
.text1:00bfda9f call ds:sendmessagea
.text1:00bfdaa5
.text1:00bfdaa5 loc_bfdaa5: ; code xref: .text1:00bfda45j
.text1:00bfdaa5 mov edx, [ebp-12ch]
.text1:00bfdaab push edx
.text1:00bfdaac call ds:releasemutex
.text1:00bfdab2
.text1:00bfdab2 loc_bfdab2: ; code xref: .text1:00bfd9adj
.text1:00bfdab2 mov eax, 1
.text1:00bfdab7 jmp loc_bfe164
.text1:00bfdabc ; ---------------------------------------------------------------------------
.text1:00bfdabc
.text1:00bfdabc loc_bfdabc: ; code xref: .text1:00bfd8eaj
.text1:00bfdabc ; .text1:00bfd90fj ...
.text1:00bfdabc push 1
.text1:00bfdabe call sub_bfe180
.text1:00bfdac3 add esp, 4
.text1:00bfdac6 movzx eax, byte ptr [ebp-0dh]
.text1:00bfdaca test eax, eax
.text1:00bfdacc jz loc_bfde48
.text1:00bfdad2 mov ecx, ds:dword_cb565c
.text1:00bfdad8 mov edx, ds:dword_cb565c
.text1:00bfdade mov eax, [ecx 40h]
.text1:00bfdae1 xor eax, [edx 80h]
.text1:00bfdae7 mov ecx, ds:dword_cb565c
.text1:00bfdaed xor eax, [ecx 4]
.text1:00bfdaf0 and eax, 40h
.text1:00bfdaf3 jnz loc_bfde48
.text1:00bfdaf9 push 200h
.text1:00bfdafe lea edx, [ebp-344h]
.text1:00bfdb04 push edx
.text1:00bfdb05 push offset a_pad64 ; "_pad64"
.text1:00bfdb0a call ds:getenvironmentvariablea
.text1:00bfdb10 test eax, eax
.text1:00bfdb12 jnz loc_bfde48
.text1:00bfdb18 push 0c8h
.text1:00bfdb1d push 23h
.text1:00bfdb1f lea eax, [ebp-344h]
.text1:00bfdb25 push eax
.text1:00bfdb26 call _memset
.text1:00bfdb2b add esp, 0ch
.text1:00bfdb2e mov byte ptr [ebp-27ch], 0
.text1:00bfdb35 mov dword ptr [ebp-448h], 1
.text1:00bfdb3f jmp short loc_bfdb50
.text1:00bfdb41 ; ---------------------------------------------------------------------------
.text1:00bfdb41
.text1:00bfdb41 loc_bfdb41: ; code xref: .text1:00bfdb8dj
.text1:00bfdb41 mov ecx, [ebp-448h]
.text1:00bfdb47 add ecx, 1
.text1:00bfdb4a mov [ebp-448h], ecx
.text1:00bfdb50
.text1:00bfdb50 loc_bfdb50: ; code xref: .text1:00bfdb3fj
.text1:00bfdb50 cmp dword ptr [ebp-448h], 40h
.text1:00bfdb57 jg short loc_bfdb8f
.text1:00bfdb59 mov edx, [ebp-448h]
.text1:00bfdb5f push edx
.text1:00bfdb60 push offset a_padd ; "_pad%d"
.text1:00bfdb65 push 100h
.text1:00bfdb6a lea eax, [ebp-444h]
.text1:00bfdb70 push eax
.text1:00bfdb71 call _sprintf_s
.text1:00bfdb76 add esp, 10h
.text1:00bfdb79 lea ecx, [ebp-344h]
.text1:00bfdb7f push ecx
.text1:00bfdb80 lea edx, [ebp-444h]
.text1:00bfdb86 push edx
.text1:00bfdb87 call ds:setenvironmentvariablea
.text1:00bfdb8d jmp short loc_bfdb41
.text1:00bfdb8f ; ---------------------------------------------------------------------------
.text1:00bfdb8f
.text1:00bfdb8f loc_bfdb8f: ; code xref: .text1:00bfdb57j
.text1:00bfdb8f mov eax, ds:dword_cb565c
.text1:00bfdb94 mov ecx, ds:dword_cb565c
.text1:00bfdb9a mov edx, [eax 40h]
.text1:00bfdb9d xor edx, [ecx 80h]
.text1:00bfdba3 mov eax, ds:dword_cb565c
.text1:00bfdba8 xor edx, [eax 4]
.text1:00bfdbab and edx, 10h
.text1:00bfdbae jnz loc_bfde48
.text1:00bfdbb4 lea ecx, [ebp-624h]
.text1:00bfdbba push ecx
.text1:00bfdbbb call sub_c2b0d0
.text1:00bfdbc0 add esp, 4
.text1:00bfdbc3 mov dword ptr [ebp-4], 0
.text1:00bfdbca lea edx, [ebp-708h]
.text1:00bfdbd0 push edx
.text1:00bfdbd1 call sub_be4cb0
.text1:00bfdbd6 add esp, 4
.text1:00bfdbd9 mov [ebp-7f8h], eax
.text1:00bfdbdf mov eax, [ebp-7f8h]
.text1:00bfdbe5 mov [ebp-7fch], eax
.text1:00bfdbeb mov byte ptr [ebp-4], 1
.text1:00bfdbef mov ecx, [ebp-7fch]
.text1:00bfdbf5 push ecx
.text1:00bfdbf6 lea ecx, [ebp-4ach]
.text1:00bfdbfc call sub_c25300
.text1:00bfdc01 mov byte ptr [ebp-4], 3
.text1:00bfdc05 lea ecx, [ebp-708h]
.text1:00bfdc0b call sub_beb1d0
.text1:00bfdc10 cmp ds:dword_cb53f8, 1
.text1:00bfdc17 jnz short loc_bfdc45
.text1:00bfdc19 cmp dword ptr [ebp-618h], 0
.text1:00bfdc20 jnz short loc_bfdc45
.text1:00bfdc22 lea ecx, [ebp-4ach]
.text1:00bfdc28 call sub_c25fc0
.text1:00bfdc2d movzx edx, al
.text1:00bfdc30 test edx, edx
.text1:00bfdc32 jnz short loc_bfdc45
.text1:00bfdc34 lea ecx, [ebp-4ach]
.text1:00bfdc3a call sub_c25b60
.text1:00bfdc3f mov [ebp-618h], eax
.text1:00bfdc45
.text1:00bfdc45 loc_bfdc45: ; code xref: .text1:00bfdc17j
.text1:00bfdc45 ; .text1:00bfdc20j ...
.text1:00bfdc45 push 0
.text1:00bfdc47 lea eax, [ebp-644h]
.text1:00bfdc4d push eax
.text1:00bfdc4e call sub_c2a9b0
.text1:00bfdc53 add esp, 8
.text1:00bfdc56 mov byte ptr [ebp-4], 4
.text1:00bfdc5a lea ecx, [ebp-644h]
.text1:00bfdc60 call sub_beb260
.text1:00bfdc65 movzx ecx, al
.text1:00bfdc68 test ecx, ecx
.text1:00bfdc6a jz short loc_bfdcb1
.text1:00bfdc6c mov dword ptr [ebp-70ch], 0
.text1:00bfdc76 mov byte ptr [ebp-4], 3
.text1:00bfdc7a lea ecx, [ebp-644h]
.text1:00bfdc80 call sub_beb1d0
.text1:00bfdc85 mov byte ptr [ebp-4], 0
.text1:00bfdc89 lea ecx, [ebp-4ach]
.text1:00bfdc8f call sub_be5650
.text1:00bfdc94 mov dword ptr [ebp-4], 0ffffffffh
.text1:00bfdc9b lea ecx, [ebp-624h]
.text1:00bfdca1 call sub_beac60
.text1:00bfdca6 mov eax, [ebp-70ch]
.text1:00bfdcac jmp loc_bfe164
.text1:00bfdcb1 ; ---------------------------------------------------------------------------
.text1:00bfdcb1
.text1:00bfdcb1 loc_bfdcb1: ; code xref: .text1:00bfdc6aj
.text1:00bfdcb1 lea edx, [ebp-78ch]
.text1:00bfdcb7 push edx
.text1:00bfdcb8 call sub_c2b2f0
.text1:00bfdcbd add esp, 4
.text1:00bfdcc0 mov [ebp-800h], eax
.text1:00bfdcc6 mov eax, [ebp-800h]
.text1:00bfdccc mov [ebp-804h], eax
.text1:00bfdcd2 mov byte ptr [ebp-4], 5
.text1:00bfdcd6 mov ecx, [ebp-804h]
.text1:00bfdcdc push ecx
.text1:00bfdcdd lea ecx, [ebp-770h]
.text1:00bfdce3 call sub_be55d0
.text1:00bfdce8 mov byte ptr [ebp-4], 6
.text1:00bfdcec lea ecx, [ebp-644h]
.text1:00bfdcf2 call sub_beb220
.text1:00bfdcf7 push eax
.text1:00bfdcf8 lea ecx, [ebp-7ech]
.text1:00bfdcfe call sub_be55d0
.text1:00bfdd03 mov byte ptr [ebp-4], 7
.text1:00bfdd07 lea edx, [ebp-4bch]
.text1:00bfdd0d push edx
.text1:00bfdd0e lea eax, [ebp-624h]
.text1:00bfdd14 push eax
.text1:00bfdd15 push offset unk_cb63b8
.text1:00bfdd1a push offset unk_cb63b8
.text1:00bfdd1f push 0
.text1:00bfdd21 push 0
.text1:00bfdd23 push 0
.text1:00bfdd25 push 0
.text1:00bfdd27 lea ecx, [ebp-770h]
.text1:00bfdd2d push ecx
.text1:00bfdd2e lea edx, [ebp-7ech]
.text1:00bfdd34 push edx
.text1:00bfdd35 call sub_c2abd0
.text1:00bfdd3a add esp, 28h
.text1:00bfdd3d neg eax
.text1:00bfdd3f sbb eax, eax
.text1:00bfdd41 add eax, 1
.text1:00bfdd44 mov [ebp-70dh], al
.text1:00bfdd4a mov byte ptr [ebp-4], 6
.text1:00bfdd4e lea ecx, [ebp-7ech]
.text1:00bfdd54 call sub_be5650
.text1:00bfdd59 mov byte ptr [ebp-4], 5
.text1:00bfdd5d lea ecx, [ebp-770h]
.text1:00bfdd63 call sub_be5650
.text1:00bfdd68 mov byte ptr [ebp-4], 4
.text1:00bfdd6c lea ecx, [ebp-78ch]
.text1:00bfdd72 call sub_bf5f60
.text1:00bfdd77 movzx eax, byte ptr [ebp-70dh]
.text1:00bfdd7e test eax, eax
.text1:00bfdd80 jz short loc_bfddf1
.text1:00bfdd82 mov ds:dword_cb5538, 6
.text1:00bfdd8c call ds:getlasterror
.text1:00bfdd92 push eax
.text1:00bfdd93 push offset alocationxeberr ; "(location xeb, error code %d)"
.text1:00bfdd98 push 100h
.text1:00bfdd9d push offset unk_cb5540
.text1:00bfdda2 call _sprintf_s
.text1:00bfdda7 add esp, 10h
.text1:00bfddaa mov dword ptr [ebp-7f0h], 0
.text1:00bfddb4 mov byte ptr [ebp-4], 3
.text1:00bfddb8 lea ecx, [ebp-644h]
.text1:00bfddbe call sub_beb1d0
.text1:00bfddc3 mov byte ptr [ebp-4], 0
.text1:00bfddc7 lea ecx, [ebp-4ach]
.text1:00bfddcd call sub_be5650
.text1:00bfddd2 mov dword ptr [ebp-4], 0ffffffffh
.text1:00bfddd9 lea ecx, [ebp-624h]
.text1:00bfdddf call sub_beac60
.text1:00bfdde4 mov eax, [ebp-7f0h]
.text1:00bfddea jmp loc_bfe164
.text1:00bfddef ; ---------------------------------------------------------------------------
.text1:00bfddef jmp short loc_bfde03
.text1:00bfddf1 ; ---------------------------------------------------------------------------
.text1:00bfddf1
.text1:00bfddf1 loc_bfddf1: ; code xref: .text1:00bfdd80j
.text1:00bfddf1 push 2710h
.text1:00bfddf6 mov ecx, [ebp-4bch]
.text1:00bfddfc push ecx
.text1:00bfddfd call ds:waitforinputidle
.text1:00bfde03
.text1:00bfde03 loc_bfde03: ; code xref: .text1:00bfddefj
.text1:00bfde03 mov dword ptr [ebp-7f4h], 1
.text1:00bfde0d mov byte ptr [ebp-4], 3
.text1:00bfde11 lea ecx, [ebp-644h]
.text1:00bfde17 call sub_beb1d0
.text1:00bfde1c mov byte ptr [ebp-4], 0
.text1:00bfde20 lea ecx, [ebp-4ach]
.text1:00bfde26 call sub_be5650
.text1:00bfde2b mov dword ptr [ebp-4], 0ffffffffh
.text1:00bfde32 lea ecx, [ebp-624h]
.text1:00bfde38 call sub_beac60
.text1:00bfde3d mov eax, [ebp-7f4h]
.text1:00bfde43 jmp loc_bfe164
.text1:00bfde48 ; ---------------------------------------------------------------------------
.text1:00bfde48
.text1:00bfde48 loc_bfde48: ; code xref: .text1:00bfdaccj
.text1:00bfde48 ; .text1:00bfdaf3j ...
.text1:00bfde48 mov edx, ds:dword_cb565c
.text1:00bfde4e mov eax, ds:dword_cb565c
.text1:00bfde53 mov ecx, [edx 40h]
.text1:00bfde56 xor ecx, [eax 80h]
.text1:00bfde5c mov edx, ds:dword_cb565c
.text1:00bfde62 xor ecx, [edx 4]
.text1:00bfde65 and ecx, 10h
.text1:00bfde68 jz loc_bfe0c6
.text1:00bfde6e mov eax, ds:dword_cb565c
.text1:00bfde73 mov ecx, ds:dword_cb565c
.text1:00bfde79 mov edx, [eax 50h]
.text1:00bfde7c xor edx, [ecx 70h]
.text1:00bfde7f push edx
.text1:00bfde80 call ds:getcurrentprocessid
.text1:00bfde86 push eax
.text1:00bfde87 push offset axda08x ; "%x::dax"
.text1:00bfde8c push 104h
.text1:00bfde91 lea eax, [ebp-124h]
.text1:00bfde97 push eax
.text1:00bfde98 call _sprintf_s
.text1:00bfde9d add esp, 14h
.text1:00bfdea0 lea ecx, [ebp-124h]
.text1:00bfdea6 push ecx
.text1:00bfdea7 push 0
.text1:00bfdea9 push 1f0001h
.text1:00bfdeae call ds:openmutexa
.text1:00bfdeb4 test eax, eax
.text1:00bfdeb6 jnz loc_bfe0c4
.text1:00bfdebc push 1
.text1:00bfdebe call ds:getcurrentthread
.text1:00bfdec4 push eax
.text1:00bfdec5 call ds:setthreadpriority
.text1:00bfdecb mov byte ptr [ebp-645h], 0
.text1:00bfded2 push offset akernel32 ; "kernel32"
.text1:00bfded7 call ds:loadlibrarya
.text1:00bfdedd mov [ebp-64ch], eax
.text1:00bfdee3 cmp dword ptr [ebp-64ch], 0
.text1:00bfdeea jz short loc_bfdf1e
.text1:00bfdeec push offset aisdebuggerpres ; "isdebuggerpresent"
.text1:00bfdef1 mov edx, [ebp-64ch]
.text1:00bfdef7 push edx
.text1:00bfdef8 call ds:getprocaddress
.text1:00bfdefe mov [ebp-6e8h], eax
.text1:00bfdf04 cmp dword ptr [ebp-6e8h], 0
.text1:00bfdf0b jz short loc_bfdf1e
.text1:00bfdf0d call dword ptr [ebp-6e8h]
.text1:00bfdf13 test eax, eax
.text1:00bfdf15 jz short loc_bfdf1e
.text1:00bfdf17 mov byte ptr [ebp-645h], 1
.text1:00bfdf1e
.text1:00bfdf1e loc_bfdf1e: ; code xref: .text1:00bfdeeaj
.text1:00bfdf1e ; .text1:00bfdf0bj ...
.text1:00bfdf1e mov dword ptr [ebp-6e4h], 94h
.text1:00bfdf28 lea eax, [ebp-6e4h]
.text1:00bfdf2e push eax
.text1:00bfdf2f call ds:getversionexa
.text1:00bfdf35 cmp dword ptr [ebp-6d4h], 2
.text1:00bfdf3c jnz short loc_bfdf9f
.text1:00bfdf3e push ecx
.text1:00bfdf3f bswap ecx
.text1:00bfdf41 not ecx
.text1:00bfdf43 push eax
.text1:00bfdf44 not eax
.text1:00bfdf46 mov eax, 6c65696dh
.text1:00bfdf4b xchg eax, ecx
.text1:00bfdf4c mov ecx, 0deadc0deh
.text1:00bfdf51 xchg eax, ecx
.text1:00bfdf52 not eax
.text1:00bfdf54 pop eax
.text1:00bfdf55 not ecx
.text1:00bfdf57 pop ecx
.text1:00bfdf58 pushf
.text1:00bfdf59 pusha
.text1:00bfdf5a xor ebx, ebx
.text1:00bfdf5c
.text1:00bfdf5c loc_bfdf5c: ; code xref: .text1:loc_bfdfd4j
.text1:00bfdf5c jz short loc_bfdf61
.text1:00bfdf5e
.text1:00bfdf5e loc_bfdf5e: ; code xref: .text1:00bfdf7fj
.text1:00bfdf5e jmp short near ptr loc_bfdf81 1
.text1:00bfdf5e ; ---------------------------------------------------------------------------
.text1:00bfdf60 db 0ebh
.text1:00bfdf61 ; ---------------------------------------------------------------------------
.text1:00bfdf61
.text1:00bfdf61 loc_bfdf61: ; code xref: .text1:loc_bfdf5cj
.text1:00bfdf61 xor ebx, ebx
.text1:00bfdf63 jz short $ 2
.text1:00bfdf65 jmp short loc_bfdf74
.text1:00bfdf65 ; ---------------------------------------------------------------------------
.text1:00bfdf67 db 0b8h
.text1:00bfdf68 db 0ebh, 0fh
.text1:00bfdf6a ; ---------------------------------------------------------------------------
.text1:00bfdf6a
.text1:00bfdf6a loc_bfdf6a: ; code xref: .text1:00bfdf76j
.text1:00bfdf6a mov ecx, 34f9c987h
.text1:00bfdf6f nop
.text1:00bfdf70 stc
.text1:00bfdf71 jz short loc_bfdf78
.text1:00bfdf71 ; ---------------------------------------------------------------------------
.text1:00bfdf73 db 0ebh
.text1:00bfdf74 ; ---------------------------------------------------------------------------
.text1:00bfdf74
.text1:00bfdf74 loc_bfdf74: ; code xref: .text1:00bfdf65j
.text1:00bfdf74 xor eax, eax
.text1:00bfdf76 jz short loc_bfdf6a
.text1:00bfdf78
.text1:00bfdf78 loc_bfdf78: ; code xref: .text1:00bfdf71j
.text1:00bfdf78 mov eax, 4840c987h
.text1:00bfdf7d test eax, eax
.text1:00bfdf7f jnz short loc_bfdf5e
.text1:00bfdf81
.text1:00bfdf81 loc_bfdf81: ; code xref: .text1:loc_bfdf5ej
.text1:00bfdf81 jmp near ptr 93267ce7h
.text1:00bfdf86 ; ---------------------------------------------------------------------------
.text1:00bfdf86 xchg ax, dx
.text1:00bfdf88 mov eax, eax
.text1:00bfdf8a mov eax, large fs:30h
.text1:00bfdf90
.text1:00bfdf90 loc_bfdf90: ; code xref: .text1:00bfdffej
.text1:00bfdf90 movzx eax, byte ptr [eax 2]
.text1:00bfdf94 or al, al
.text1:00bfdf96 jnz short loc_bfdfb6
.text1:00bfdf98 jmp loc_bfe027
.text1:00bfdf9d ; ---------------------------------------------------------------------------
.text1:00bfdf9d jmp short loc_bfdfb6
.text1:00bfdf9f ; ---------------------------------------------------------------------------
.text1:00bfdf9f
.text1:00bfdf9f loc_bfdf9f: ; code xref: .text1:00bfdf3cj
.text1:00bfdf9f jo short loc_bfdfa8
.text1:00bfdfa1 jl short loc_bfdfa6
.text1:00bfdfa3
.text1:00bfdfa3 loc_bfdfa3: ; code xref: .text1:loc_bfdfa6j
.text1:00bfdfa3 ; .text1:loc_bfdfa8j
.text1:00bfdfa3 jmp short loc_bfdfaa
.text1:00bfdfa3 ; ---------------------------------------------------------------------------
.text1:00bfdfa5 db 0e8h
.text1:00bfdfa6 ; ---------------------------------------------------------------------------
.text1:00bfdfa6
.text1:00bfdfa6 loc_bfdfa6: ; code xref: .text1:00bfdfa1j
.text1:00bfdfa6 jz short loc_bfdfa3
.text1:00bfdfa8
.text1:00bfdfa8 loc_bfdfa8: ; code xref: .text1:loc_bfdf9fj
.text1:00bfdfa8 jmp short loc_bfdfa3
.text1:00bfdfaa ; ---------------------------------------------------------------------------
.text1:00bfdfaa
.text1:00bfdfaa loc_bfdfaa: ; code xref: .text1:loc_bfdfa3j
.text1:00bfdfaa mov eax, large fs:20h
.text1:00bfdfb0 or eax, eax
.text1:00bfdfb2 jnz short loc_bfdfb6
.text1:00bfdfb4 jmp short loc_bfe027
.text1:00bfdfb6 ; ---------------------------------------------------------------------------
.text1:00bfdfb6
.text1:00bfdfb6 loc_bfdfb6: ; code xref: .text1:00bfdf96j
.text1:00bfdfb6 ; .text1:00bfdf9dj ...
.text1:00bfdfb6 pusha
.text1:00bfdfb7 xor eax, eax
.text1:00bfdfb9 jnz short loc_bfdfbd
.text1:00bfdfbb jmp short loc_bfdfd2
.text1:00bfdfbd ; ---------------------------------------------------------------------------
.text1:00bfdfbd
.text1:00bfdfbd loc_bfdfbd: ; code xref: .text1:00bfdfb9j
.text1:00bfdfbd jmp short loc_bfdff2
.text1:00bfdfbd ; ---------------------------------------------------------------------------
.text1:00bfdfbf db 0c0h
.text1:00bfdfc0 dd 0c7a1875h
.text1:00bfdfc4 ; ---------------------------------------------------------------------------
.text1:00bfdfc4
.text1:00bfdfc4 loc_bfdfc4: ; code xref: .text1:loc_bfdfd2j
.text1:00bfdfc4 jo short loc_bfdfd4
.text1:00bfdfc6 jmp short near ptr loc_bfdfd4 1
.text1:00bfdfc6 ; ---------------------------------------------------------------------------
.text1:00bfdfc8 dd 790e72e8h, 15fff1h
.text1:00bfdfd0 db 79h, 9
.text1:00bfdfd2 ; ---------------------------------------------------------------------------
.text1:00bfdfd2
.text1:00bfdfd2 loc_bfdfd2: ; code xref: .text1:00bfdfbbj
.text1:00bfdfd2 jz short loc_bfdfc4
.text1:00bfdfd4
.text1:00bfdfd4 loc_bfdfd4: ; code xref: .text1:loc_bfdfc4j
.text1:00bfdfd4 ; .text1:00bfdfc6j
.text1:00bfdfd4 jmp short near ptr loc_bfdf5c 1
.text1:00bfdfd6 ; ---------------------------------------------------------------------------
.text1:00bfdfd6 fstp tbyte ptr [edx-10h]
.text1:00bfdfd9 mov al, ds:5c66133h
.text1:00bfdfde and al, 54h
.text1:00bfdfe0 retf
.text1:00bfdfe0 ; ---------------------------------------------------------------------------
.text1:00bfdfe1 align 2
.text1:00bfdfe2 dw 5001h
.text1:00bfdfe4 dd 0c80fd0f7h, 9c007358h
.text1:00bfdfec db 60h, 0ebh
.text1:00bfdfee ; ---------------------------------------------------------------------------
.text1:00bfdfee
.text1:00bfdfee loc_bfdfee: ; code xref: .text1:00bfe01aj
.text1:00bfdfee sub edx, edx
.text1:00bfdff0 jo short loc_bfe000
.text1:00bfdff2
.text1:00bfdff2 loc_bfdff2: ; code xref: .text1:loc_bfdfbdj
.text1:00bfdff2 ; .text1:00bfe013j
.text1:00bfdff2 jmp short loc_bfe011
.text1:00bfdff4 ; ---------------------------------------------------------------------------
.text1:00bfdff4
.text1:00bfdff4 loc_bfdff4: ; code xref: .text1:loc_bfe011j
.text1:00bfdff4 xor ecx, ecx
.text1:00bfdff6
.text1:00bfdff6 loc_bfdff6: ; code xref: .text1:00bfe005j
.text1:00bfdff6 jz short $ 2
.text1:00bfdff8 jmp short loc_bfe00a
.text1:00bfdffa ; ---------------------------------------------------------------------------
.text1:00bfdffa
.text1:00bfdffa loc_bfdffa: ; code xref: .text1:00bfe00ej
.text1:00bfdffa stc
.text1:00bfdffb xor ecx, 3
.text1:00bfdffe jz short loc_bfdf90
.text1:00bfe000
.text1:00bfe000 loc_bfe000: ; code xref: .text1:00bfdff0j
.text1:00bfe000 jmp short loc_bfe007
.text1:00bfe000 ; ---------------------------------------------------------------------------
.text1:00bfe002 db 0b9h
.text1:00bfe003 ; ---------------------------------------------------------------------------
.text1:00bfe003
.text1:00bfe003 loc_bfe003: ; code xref: .text1:loc_bfe007j
.text1:00bfe003 jmp short loc_bfe015
.text1:00bfe005 ; ---------------------------------------------------------------------------
.text1:00bfe005 jz short loc_bfdff6
.text1:00bfe007
.text1:00bfe007 loc_bfe007: ; code xref: .text1:loc_bfe000j
.text1:00bfe007 jnb short loc_bfe003
.text1:00bfe007 ; ---------------------------------------------------------------------------
.text1:00bfe009 db 0f2h
.text1:00bfe00a ; ---------------------------------------------------------------------------
.text1:00bfe00a
.text1:00bfe00a loc_bfe00a: ; code xref: .text1:00bfdff8j
.text1:00bfe00a sbb bl, bl
.text1:00bfe00c xor ebx, ebx
.text1:00bfe00e jmp short loc_bfdffa
.text1:00bfe00e ; ---------------------------------------------------------------------------
.text1:00bfe010 db 0e9h
.text1:00bfe011 ; ---------------------------------------------------------------------------
.text1:00bfe011
.text1:00bfe011 loc_bfe011: ; code xref: .text1:loc_bfdff2j
.text1:00bfe011 jmp short loc_bfdff4
.text1:00bfe013 ; ---------------------------------------------------------------------------
.text1:00bfe013 jmp short loc_bfdff2
.text1:00bfe015 ; ---------------------------------------------------------------------------
.text1:00bfe015
.text1:00bfe015 loc_bfe015: ; code xref: .text1:loc_bfe003j
.text1:00bfe015 repne sbb al, 0dbh
.text1:00bfe018 jmp short loc_bfe01d
.text1:00bfe01a ; ---------------------------------------------------------------------------
.text1:00bfe01a jmp short loc_bfdfee
.text1:00bfe01a ; ---------------------------------------------------------------------------
.text1:00bfe01c db 0b8h
.text1:00bfe01d ; ---------------------------------------------------------------------------
.text1:00bfe01d
.text1:00bfe01d loc_bfe01d: ; code xref: .text1:00bfe018j
.text1:00bfe01d popa
.text1:00bfe01e popf
.text1:00bfe01f bswap eax
.text1:00bfe021 not ecx
.text1:00bfe023 bswap eax
.text1:00bfe025 not ecx
.text1:00bfe027
.text1:00bfe027 loc_bfe027: ; code xref: .text1:00bfdf98j
.text1:00bfe027 ; .text1:00bfdfb4j
.text1:00bfe027 movzx ecx, byte ptr [ebp-645h]
.text1:00bfe02e test ecx, ecx
.text1:00bfe030 jz short loc_bfe065
.text1:00bfe032 call ds:getcurrentprocessid
.text1:00bfe038 push eax
.text1:00bfe039 push offset format ; "%x:daf"
.text1:00bfe03e push 104h
.text1:00bfe043 lea edx, [ebp-124h]
.text1:00bfe049 push edx
.text1:00bfe04a call _sprintf_s
.text1:00bfe04f add esp, 10h
.text1:00bfe052 lea eax, [ebp-124h]
.text1:00bfe058 push eax
.text1:00bfe059 push 0
.text1:00bfe05b push 0
.text1:00bfe05d call ds:createmutexa
.text1:00bfe063 jmp short loc_bfe0c4
.text1:00bfe065 ; ---------------------------------------------------------------------------
.text1:00bfe065
.text1:00bfe065 loc_bfe065: ; code xref: .text1:00bfe030j
.text1:00bfe065 cmp ds:dword_cb53f8, 0
.text1:00bfe06c setz cl
.text1:00bfe06f push ecx
.text1:00bfe070 call loc_be9ab0
.text1:00bfe075 add esp, 4
.text1:00bfe078 movzx edx, al
.text1:00bfe07b test edx, edx
.text1:00bfe07d jnz short loc_bfe0b0
.text1:00bfe07f mov ds:dword_cb5538, 6
.text1:00bfe089 call ds:getlasterror
.text1:00bfe08f push eax
.text1:00bfe090 push offset aerrorcoded ; "(error code %d)"
.text1:00bfe095 push 100h
.text1:00bfe09a push offset unk_cb5540
.text1:00bfe09f call _sprintf_s
.text1:00bfe0a4 add esp, 10h
.text1:00bfe0a7 xor eax, eax
.text1:00bfe0a9 jmp loc_bfe164
.text1:00bfe0ae ; ---------------------------------------------------------------------------
.text1:00bfe0ae jmp short loc_bfe0c4
.text1:00bfe0b0 ; ---------------------------------------------------------------------------
.text1:00bfe0b0
.text1:00bfe0b0 loc_bfe0b0: ; code xref: .text1:00bfe07dj
.text1:00bfe0b0 push 0
.text1:00bfe0b2 call sub_bfe180
.text1:00bfe0b7 add esp, 4
.text1:00bfe0ba mov eax, 1
.text1:00bfe0bf jmp loc_bfe164
.text1:00bfe0c4 ; ---------------------------------------------------------------------------
.text1:00bfe0c4
.text1:00bfe0c4 loc_bfe0c4: ; code xref: .text1:00bfdeb6j
.text1:00bfe0c4 ; .text1:00bfe063j ...
.text1:00bfe0c4 jmp short loc_bfe0ec
.text1:00bfe0c6 ; ---------------------------------------------------------------------------
.text1:00bfe0c6
.text1:00bfe0c6 loc_bfe0c6: ; code xref: .text1:00bfde68j
.text1:00bfe0c6 mov eax, ds:dword_cb565c
.text1:00bfe0cb mov ecx, ds:dword_cb565c
.text1:00bfe0d1 mov edx, [eax 8]
.text1:00bfe0d4 xor edx, [ecx 80h]
.text1:00bfe0da mov eax, ds:dword_cb565c
.text1:00bfe0df xor edx, [eax 4]
.text1:00bfe0e2 and edx, 2
.text1:00bfe0e5 jz short loc_bfe0ec
.text1:00bfe0e7 call sub_c1d8e0
.text1:00bfe0ec
.text1:00bfe0ec loc_bfe0ec: ; code xref: .text1:loc_bfe0c4j
.text1:00bfe0ec ; .text1:00bfe0e5j
.text1:00bfe0ec call sub_bfc550
.text1:00bfe0f1 mov [ebp-128h], eax
.text1:00bfe0f7 push 0
.text1:00bfe0f9 call sub_bfe180
.text1:00bfe0fe add esp, 4
.text1:00bfe101 push 0
.text1:00bfe103 call ?_set_new_handler@@yap6ahi@zp6ahi@z@z ; _set_new_handler(int (*)(uint))
.text1:00bfe108 add esp, 4
.text1:00bfe10b cmp dword ptr [ebp-128h], 1
.text1:00bfe112 jnz short loc_bfe128
.text1:00bfe114 push offset dword_cb53f8
.text1:00bfe119 call ds:dword_cb5420
.text1:00bfe11f add esp, 4
.text1:00bfe122 mov [ebp-128h], eax
.text1:00bfe128
.text1:00bfe128 loc_bfe128: ; code xref: .text1:00bfe112j
.text1:00bfe128 push offset sub_bfc520
.text1:00bfe12d call ?_set_new_handler@@yap6ahi@zp6ahi@z@z ; _set_new_handler(int (*)(uint))
.text1:00bfe132 add esp, 4
.text1:00bfe135 cmp ds:dword_cb541c, 0
.text1:00bfe13c jz short loc_bfe144
.text1:00bfe13e call ds:dword_cb541c
.text1:00bfe144
.text1:00bfe144 loc_bfe144: ; code xref: .text1:00bfe13cj
.text1:00bfe144 cmp ds:dword_cb5530, 0
.text1:00bfe14b jz short loc_bfe15e
.text1:00bfe14d push 0
.text1:00bfe14f push 0
.text1:00bfe151 mov ecx, ds:dword_cb552c
.text1:00bfe157 push ecx
.text1:00bfe158 call ds:dword_cb5530
.text1:00bfe15e
.text1:00bfe15e loc_bfe15e: ; code xref: .text1:00bfe14bj
.text1:00bfe15e mov eax, [ebp-128h]
.text1:00bfe164
.text1:00bfe164 loc_bfe164: ; code xref: .text1:00bfdab7j
.text1:00bfe164 ; .text1:00bfdcacj ...
.text1:00bfe164 mov ecx, [ebp-0ch]
.text1:00bfe167 mov large fs:0, ecx
.text1:00bfe16e pop ecx
.text1:00bfe16f mov ecx, [ebp-18h]
.text1:00bfe172 xor ecx, ebp
.text1:00bfe174 call sub_c4aad2
.text1:00bfe179 mov esp, ebp
.text1:00bfe17b pop ebp
.text1:00bfe17c retn
给主人留下些什么吧!~~