.text:00401000 ; .text:00401000 ; +-------------------------------------------------------------------------+ .text:00401000 ; ¦ This file is generated by The Interactive Disassembler (IDA) ¦ .text:00401000 ; ¦ Copyright (c) 2010 by Hex-Rays SA, ¦ .text:00401000 ; ¦ Licensed to: Freeware version ¦ .text:00401000 ; +-------------------------------------------------------------------------+ .text:00401000 ; .text:00401000 ; Input MD5 : 85AFBD4188AFDCBBB557579966D31A52 .text:00401000 .text:00401000 ; File Name : C:\Users\chamberlin\Documents\Reversing\Key Gen Project\Release\Backwards.exe .text:00401000 ; Format : Portable executable for 80386 (PE) .text:00401000 ; Imagebase : 400000 .text:00401000 ; Section 1. (virtual address 00001000) .text:00401000 ; Virtual size : 000008BA ( 2234.) .text:00401000 ; Section size in file : 00000A00 ( 2560.) .text:00401000 ; Offset to raw data for section: 00000400 .text:00401000 ; Flags 60000020: Text Executable Readable .text:00401000 ; Alignment : default .text:00401000 .text:00401000 .686p .text:00401000 .mmx .text:00401000 .model flat .text:00401000 .text:00401000 ; --------------------------------------------------------------------------- .text:00401000 .text:00401000 ; Segment type: Pure code .text:00401000 ; Segment permissions: Read/Execute .text:00401000 _text segment para public 'CODE' use32 .text:00401000 assume cs:_text .text:00401000 ;org 401000h .text:00401000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .text:00401000 .text:00401000 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401000 .text:00401000 ; Attributes: bp-based frame .text:00401000 .text:00401000 ; int __cdecl sub_401000(char *,int) .text:00401000 sub_401000 proc near ; CODE XREF: CMain+2Bp .text:00401000 .text:00401000 arg_0 = dword ptr 8 .text:00401000 arg_4 = dword ptr 0Ch .text:00401000 .text:00401000 55 push ebp .text:00401001 8B EC mov ebp, esp .text:00401003 53 push ebx .text:00401004 8B 5D 08 mov ebx, [ebp+arg_0] .text:00401007 57 push edi .text:00401008 53 push ebx ; char * .text:00401009 E8 6C 00 00 00 call strlen .text:0040100E 8B 7D 0C mov edi, [ebp+arg_4] .text:00401011 59 pop ecx .text:00401012 8B C8 mov ecx, eax .text:00401014 33 D2 xor edx, edx .text:00401016 85 C9 test ecx, ecx .text:00401018 7E 12 jle short loc_40102C .text:0040101A 56 push esi .text:0040101B 8D 77 FF lea esi, [edi-1] .text:0040101E 03 F1 add esi, ecx .text:00401020 .text:00401020 loc_401020: ; CODE XREF: sub_401000+29j .text:00401020 8A 04 1A mov al, [edx+ebx] .text:00401023 42 inc edx .text:00401024 88 06 mov [esi], al .text:00401026 4E dec esi .text:00401027 3B D1 cmp edx, ecx .text:00401029 7C F5 jl short loc_401020 .text:0040102B 5E pop esi .text:0040102C .text:0040102C loc_40102C: ; CODE XREF: sub_401000+18j .text:0040102C C6 04 39 00 mov byte ptr [ecx+edi], 0 .text:00401030 5F pop edi .text:00401031 5B pop ebx .text:00401032 5D pop ebp .text:00401033 C3 retn .text:00401033 sub_401000 endp .text:00401033 .text:00401034 .text:00401034 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401034 .text:00401034 ; Attributes: bp-based frame .text:00401034 .text:00401034 CMain proc near ; CODE XREF: start-6Dp .text:00401034 .text:00401034 var_40 = dword ptr -40h .text:00401034 var_20 = byte ptr -20h .text:00401034 .text:00401034 55 push ebp .text:00401035 8B EC mov ebp, esp .text:00401037 83 EC 40 sub esp, 40h .text:0040103A 56 push esi .text:0040103B 8B 35 98 20 40 00 mov esi, ds:printf .text:00401041 68 C0 20 40 00 push offset aWhatIsYourName ; "What is your name? " .text:00401046 FF D6 call esi ; printf .text:00401048 8D 45 E0 lea eax, [ebp+var_20] .text:0040104B 50 push eax .text:0040104C 68 D4 20 40 00 push offset a31s ; "%31s" .text:00401051 FF 15 90 20 40 00 call ds:scanf .text:00401057 8D 45 C0 lea eax, [ebp+var_40] .text:0040105A 50 push eax ; int .text:0040105B 8D 45 E0 lea eax, [ebp+var_20] .text:0040105E 50 push eax ; char * .text:0040105F E8 9C FF FF FF call sub_401000 .text:00401064 68 DC 20 40 00 push offset aYourSecretCode ; "Your secret code is: " .text:00401069 FF D6 call esi ; printf .text:0040106B 8D 45 C0 lea eax, [ebp+var_40] .text:0040106E 50 push eax ; char * .text:0040106F FF D6 call esi ; printf .text:00401071 83 C4 1C add esp, 1Ch .text:00401074 33 C0 xor eax, eax .text:00401076 5E pop esi .text:00401077 C9 leave .text:00401078 C3 retn .text:00401078 CMain endp .text:00401078 .text:00401078 ; --------------------------------------------------------------------------- .text:00401079 CC align 2 .text:0040107A .text:0040107A ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040107A .text:0040107A ; Attributes: thunk .text:0040107A .text:0040107A ; size_t __cdecl strlen(const char *) .text:0040107A strlen proc near ; CODE XREF: sub_401000+9p .text:0040107A FF 25 8C 20 40 00 jmp ds:__imp_strlen .text:0040107A strlen endp .text:0040107A .text:00401080 ; --------------------------------------------------------------------------- .text:00401080 B8 4D 5A 00 00 mov eax, 5A4Dh .text:00401085 66 39 05 00 00 40 00 cmp ds:400000h, ax .text:0040108C 74 04 jz short loc_401092 .text:0040108E .text:0040108E loc_40108E: ; CODE XREF: .text:004010A2j .text:0040108E ; .text:004010B0j .text:0040108E 33 C0 xor eax, eax .text:00401090 EB 34 jmp short loc_4010C6 .text:00401092 ; --------------------------------------------------------------------------- .text:00401092 .text:00401092 loc_401092: ; CODE XREF: .text:0040108Cj .text:00401092 8B 0D 3C 00 40 00 mov ecx, ds:40003Ch .text:00401098 81 B9 00 00 40 00 50+ cmp dword ptr [ecx+400000h], 4550h .text:004010A2 75 EA jnz short loc_40108E .text:004010A4 B8 0B 01 00 00 mov eax, 10Bh .text:004010A9 66 39 81 18 00 40 00 cmp [ecx+400018h], ax .text:004010B0 75 DC jnz short loc_40108E .text:004010B2 33 C0 xor eax, eax .text:004010B4 83 B9 74 00 40 00 0E cmp dword ptr [ecx+400074h], 0Eh .text:004010BB 76 09 jbe short loc_4010C6 .text:004010BD 39 81 E8 00 40 00 cmp [ecx+4000E8h], eax .text:004010C3 0F 95 C0 setnz al .text:004010C6 .text:004010C6 loc_4010C6: ; CODE XREF: .text:00401090j .text:004010C6 ; .text:004010BBj .text:004010C6 6A 01 push 1 .text:004010C8 A3 3C 30 40 00 mov dword_40303C, eax .text:004010CD .text:004010CD InHdrParse: .text:004010CD FF 15 7C 20 40 00 call ds:__set_app_type .text:004010D3 59 pop ecx .text:004010D4 6A FF push 0FFFFFFFFh .text:004010D6 FF 15 18 20 40 00 call ds:EncodePointer .text:004010DC 8B 0D 3C 20 40 00 mov ecx, ds:_fmode .text:004010E2 A3 80 33 40 00 mov dword_403380, eax .text:004010E7 A3 84 33 40 00 mov dword_403384, eax .text:004010EC A1 50 30 40 00 mov eax, dword_403050 .text:004010F1 89 01 mov [ecx], eax .text:004010F3 8B 0D 40 20 40 00 mov ecx, ds:_commode .text:004010F9 A1 44 30 40 00 mov eax, dword_403044 .text:004010FE 89 01 mov [ecx], eax .text:00401100 E8 2C 05 00 00 call CalledFromHdrParse3 .text:00401105 E8 44 02 00 00 call CalledFromHdrParse2 .text:0040110A 83 3D 00 30 40 00 00 cmp dword_403000, 0 .text:00401111 75 0C jnz short loc_40111F .text:00401113 68 4E 13 40 00 push offset CalledFromHdrParse2 .text:00401118 FF 15 2C 20 40 00 call ds:__setusermatherr .text:0040111E 59 pop ecx .text:0040111F .text:0040111F loc_40111F: ; CODE XREF: .text:00401111j .text:0040111F E8 4D 05 00 00 call MaybeInvokeWatson .text:00401124 83 3D 10 30 40 00 FF cmp dword_403010, 0FFFFFFFFh .text:0040112B 75 09 jnz short loc_401136 .text:0040112D 6A FF push 0FFFFFFFFh .text:0040112F FF 15 28 20 40 00 call ds:_configthreadlocale .text:00401135 59 pop ecx .text:00401136 .text:00401136 loc_401136: ; CODE XREF: .text:0040112Bj .text:00401136 33 C0 xor eax, eax .text:00401138 C3 retn .text:00401139 ; --------------------------------------------------------------------------- .text:00401139 68 51 16 40 00 push offset sub_401651 .text:0040113E E8 D9 04 00 00 call CallEncDecPtrStuff .text:00401143 A1 4C 30 40 00 mov eax, dword_40304C .text:00401148 C7 04 24 40 30 40 00 mov dword ptr [esp], offset dword_403040 .text:0040114F FF 35 48 30 40 00 push dword_403048 .text:00401155 A3 40 30 40 00 mov dword_403040, eax .text:0040115A 68 34 30 40 00 push offset dword_403034 .text:0040115F 68 30 30 40 00 push offset dword_403030 .text:00401164 68 2C 30 40 00 push offset dword_40302C .text:00401169 FF 15 80 20 40 00 call ds:__getmainargs .text:0040116F 83 C4 14 add esp, 14h .text:00401172 A3 38 30 40 00 mov dword_403038, eax .text:00401177 85 C0 test eax, eax .text:00401179 79 08 jns short locret_401183 .text:0040117B 6A 08 push 8 .text:0040117D E8 C6 01 00 00 call _amsg_exit .text:00401182 59 pop ecx .text:00401183 .text:00401183 locret_401183: ; CODE XREF: .text:00401179j .text:00401183 C3 retn .text:00401184 ; --------------------------------------------------------------------------- .text:00401184 ; START OF FUNCTION CHUNK FOR start .text:00401184 .text:00401184 loc_401184: ; CODE XREF: start+5j .text:00401184 6A 0C push 0Ch .text:00401186 68 58 21 40 00 push offset unk_402158 .text:0040118B E8 20 05 00 00 call SetupSEHFrame .text:00401190 33 DB xor ebx, ebx .text:00401192 89 5D FC mov [ebp-4], ebx .text:00401195 .text:00401195 ThreadTIB: .text:00401195 64 A1 18 00 00 00 mov eax, large fs:18h .text:0040119B 8B 50 04 mov edx, [eax+4] .text:0040119E 8B FB mov edi, ebx .text:004011A0 BE 78 33 40 00 mov esi, offset unk_403378 .text:004011A5 .text:004011A5 loc_4011A5: ; CODE XREF: start-136j .text:004011A5 8B CA mov ecx, edx .text:004011A7 33 C0 xor eax, eax .text:004011A9 F0 0F B1 0E lock cmpxchg [esi], ecx .text:004011AD 85 C0 test eax, eax .text:004011AF 74 0B jz short loc_4011BC .text:004011B1 3B C2 cmp eax, edx .text:004011B3 75 F0 jnz short loc_4011A5 .text:004011B5 33 F6 xor esi, esi .text:004011B7 46 inc esi .text:004011B8 8B FE mov edi, esi .text:004011BA EB 03 jmp short loc_4011BF .text:004011BC ; --------------------------------------------------------------------------- .text:004011BC .text:004011BC loc_4011BC: ; CODE XREF: start-13Aj .text:004011BC 33 F6 xor esi, esi .text:004011BE 46 inc esi .text:004011BF .text:004011BF loc_4011BF: ; CODE XREF: start-12Fj .text:004011BF 39 35 7C 33 40 00 cmp dword_40337C, esi .text:004011C5 75 0A jnz short loc_4011D1 .text:004011C7 6A 1F push 1Fh .text:004011C9 E8 7A 01 00 00 call _amsg_exit .text:004011CE 59 pop ecx .text:004011CF EB 3A jmp short loc_40120B .text:004011D1 ; --------------------------------------------------------------------------- .text:004011D1 .text:004011D1 loc_4011D1: ; CODE XREF: start-124j .text:004011D1 39 1D 7C 33 40 00 cmp dword_40337C, ebx .text:004011D7 75 2C jnz short loc_401205 .text:004011D9 89 35 7C 33 40 00 mov dword_40337C, esi .text:004011DF 68 BC 20 40 00 push offset unk_4020BC .text:004011E4 68 AC 20 40 00 push offset unk_4020AC .text:004011E9 E8 AA 04 00 00 call _initterm_e .text:004011EE 59 pop ecx .text:004011EF 59 pop ecx .text:004011F0 85 C0 test eax, eax .text:004011F2 74 17 jz short loc_40120B .text:004011F4 C7 45 FC FE FF FF FF mov dword ptr [ebp-4], 0FFFFFFFEh .text:004011FB B8 FF 00 00 00 mov eax, 0FFh .text:00401200 E9 DE 00 00 00 jmp loc_4012E3 .text:00401205 ; --------------------------------------------------------------------------- .text:00401205 .text:00401205 loc_401205: ; CODE XREF: start-112j .text:00401205 89 35 28 30 40 00 mov dword_403028, esi .text:0040120B .text:0040120B loc_40120B: ; CODE XREF: start-11Aj .text:0040120B ; start-F7j .text:0040120B 39 35 7C 33 40 00 cmp dword_40337C, esi .text:00401211 75 1B jnz short loc_40122E .text:00401213 68 A8 20 40 00 push offset unk_4020A8 .text:00401218 68 A0 20 40 00 push offset unk_4020A0 .text:0040121D E8 7C 04 00 00 call _initterm .text:00401222 59 pop ecx .text:00401223 59 pop ecx .text:00401224 C7 05 7C 33 40 00 02+ mov dword_40337C, 2 .text:0040122E .text:0040122E loc_40122E: ; CODE XREF: start-D8j .text:0040122E 85 FF test edi, edi .text:00401230 75 09 jnz short loc_40123B .text:00401232 33 C0 xor eax, eax .text:00401234 B9 78 33 40 00 mov ecx, offset unk_403378 .text:00401239 87 01 xchg eax, [ecx] .text:0040123B .text:0040123B loc_40123B: ; CODE XREF: start-B9j .text:0040123B 83 3D 88 33 40 00 00 cmp SomeFunctionPointer, 0 .text:00401242 74 19 jz short loc_40125D .text:00401244 68 88 33 40 00 push offset SomeFunctionPointer .text:00401249 E8 62 01 00 00 call MainLoopSetup2 .text:0040124E 59 pop ecx .text:0040124F 85 C0 test eax, eax .text:00401251 74 0A jz short loc_40125D .text:00401253 53 push ebx .text:00401254 6A 02 push 2 .text:00401256 53 push ebx .text:00401257 FF 15 88 33 40 00 call SomeFunctionPointer .text:0040125D .text:0040125D loc_40125D: ; CODE XREF: start-A7j .text:0040125D ; start-98j .text:0040125D 8B 0D 34 30 40 00 mov ecx, dword_403034 .text:00401263 A1 38 20 40 00 mov eax, ds:__initenv .text:00401268 89 08 mov [eax], ecx .text:0040126A FF 35 34 30 40 00 push dword_403034 .text:00401270 FF 35 30 30 40 00 push dword_403030 .text:00401276 FF 35 2C 30 40 00 push dword_40302C .text:0040127C E8 B3 FD FF FF call CMain .text:00401281 83 C4 0C add esp, 0Ch .text:00401284 A3 24 30 40 00 mov dword_403024, eax .text:00401289 83 3D 3C 30 40 00 00 cmp dword_40303C, 0 .text:00401290 75 36 jnz short loc_4012C8 .text:00401292 50 push eax ; int .text:00401293 FF 15 78 20 40 00 call ds:exit .text:00401293 ; END OF FUNCTION CHUNK FOR start .text:00401299 ; --------------------------------------------------------------------------- .text:00401299 8B 4D EC mov ecx, [ebp-14h] .text:0040129C 8B 01 mov eax, [ecx] .text:0040129E 8B 00 mov eax, [eax] .text:004012A0 89 45 E4 mov [ebp-1Ch], eax .text:004012A3 51 push ecx .text:004012A4 50 push eax .text:004012A5 E8 98 00 00 00 call _XcptFilter .text:004012AA 59 pop ecx .text:004012AB 59 pop ecx .text:004012AC C3 retn .text:004012AD ; --------------------------------------------------------------------------- .text:004012AD 8B 65 E8 mov esp, [ebp-18h] .text:004012B0 8B 45 E4 mov eax, [ebp-1Ch] .text:004012B3 A3 24 30 40 00 mov dword_403024, eax .text:004012B8 83 3D 3C 30 40 00 00 cmp dword_40303C, 0 .text:004012BF 75 07 jnz short loc_4012C8 .text:004012C1 50 push eax .text:004012C2 FF 15 48 20 40 00 call ds:_exit .text:004012C8 ; --------------------------------------------------------------------------- .text:004012C8 ; START OF FUNCTION CHUNK FOR start .text:004012C8 .text:004012C8 loc_4012C8: ; CODE XREF: start-59j .text:004012C8 ; .text:004012BFj .text:004012C8 83 3D 28 30 40 00 00 cmp dword_403028, 0 .text:004012CF 75 0B jnz short loc_4012DC .text:004012D1 FF 15 24 20 40 00 call ds:_cexit .text:004012D7 A1 24 30 40 00 mov eax, dword_403024 .text:004012DC .text:004012DC loc_4012DC: ; CODE XREF: start-1Aj .text:004012DC C7 45 FC FE FF FF FF mov dword ptr [ebp-4], 0FFFFFFFEh .text:004012E3 .text:004012E3 loc_4012E3: ; CODE XREF: start-E9j .text:004012E3 E8 0D 04 00 00 call sub_4016F5 .text:004012E8 C3 retn .text:004012E8 ; END OF FUNCTION CHUNK FOR start .text:004012E9 .text:004012E9 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004012E9 .text:004012E9 ; Attributes: library function .text:004012E9 .text:004012E9 public start .text:004012E9 start proc near .text:004012E9 .text:004012E9 ; FUNCTION CHUNK AT .text:00401184 SIZE 00000115 BYTES .text:004012E9 ; FUNCTION CHUNK AT .text:004012C8 SIZE 00000021 BYTES .text:004012E9 .text:004012E9 E8 B3 01 00 00 call InitSecurityCookie .text:004012EE E9 91 FE FF FF jmp loc_401184 .text:004012EE start endp .text:004012EE .text:004012F3 .text:004012F3 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004012F3 .text:004012F3 ; Attributes: bp-based frame .text:004012F3 .text:004012F3 MyExceptionFilter proc near ; DATA XREF: MyExceptionFilter+41o .text:004012F3 .text:004012F3 arg_0 = dword ptr 8 .text:004012F3 .text:004012F3 55 push ebp .text:004012F4 8B EC mov ebp, esp .text:004012F6 8B 45 08 mov eax, [ebp+arg_0] .text:004012F9 8B 00 mov eax, [eax] .text:004012FB 81 38 63 73 6D E0 cmp dword ptr [eax], 0E06D7363h .text:00401301 75 25 jnz short loc_401328 .text:00401303 83 78 10 03 cmp dword ptr [eax+10h], 3 .text:00401307 75 1F jnz short loc_401328 .text:00401309 8B 40 14 mov eax, [eax+14h] .text:0040130C 3D 20 05 93 19 cmp eax, 19930520h .text:00401311 74 1B jz short loc_40132E .text:00401313 3D 21 05 93 19 cmp eax, 19930521h .text:00401318 74 14 jz short loc_40132E .text:0040131A 3D 22 05 93 19 cmp eax, 19930522h .text:0040131F 74 0D jz short loc_40132E .text:00401321 3D 00 40 99 01 cmp eax, 1994000h .text:00401326 74 06 jz short loc_40132E .text:00401328 .text:00401328 loc_401328: ; CODE XREF: MyExceptionFilter+Ej .text:00401328 ; MyExceptionFilter+14j .text:00401328 33 C0 xor eax, eax .text:0040132A 5D pop ebp .text:0040132B C2 04 00 retn 4 .text:0040132E ; --------------------------------------------------------------------------- .text:0040132E .text:0040132E loc_40132E: ; CODE XREF: MyExceptionFilter+1Ej .text:0040132E ; MyExceptionFilter+25j ... .text:0040132E E8 F9 03 00 00 call ?terminate@@YAXXZ ; terminate(void) .text:00401333 CC int 3 ; Trap to Debugger .text:00401334 68 F3 12 40 00 push offset MyExceptionFilter .text:00401339 E8 F4 03 00 00 call __crtSetUnhandledExceptionFilter .text:0040133E 59 pop ecx .text:0040133F 33 C0 xor eax, eax .text:00401341 C3 retn .text:00401341 MyExceptionFilter endp ; sp = -4 .text:00401341 .text:00401342 .text:00401342 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401342 .text:00401342 ; Attributes: thunk .text:00401342 .text:00401342 _XcptFilter proc near ; CODE XREF: .text:004012A5p .text:00401342 FF 25 88 20 40 00 jmp ds:__imp__XcptFilter .text:00401342 _XcptFilter endp .text:00401342 .text:00401348 .text:00401348 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401348 .text:00401348 ; Attributes: thunk .text:00401348 .text:00401348 _amsg_exit proc near ; CODE XREF: .text:0040117Dp .text:00401348 ; start-120p .text:00401348 FF 25 84 20 40 00 jmp ds:__imp__amsg_exit .text:00401348 _amsg_exit endp .text:00401348 .text:0040134E .text:0040134E ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040134E .text:0040134E .text:0040134E CalledFromHdrParse2 proc near ; CODE XREF: .text:00401105p .text:0040134E ; DATA XREF: .text:00401113o .text:0040134E 33 C0 xor eax, eax .text:00401350 C3 retn .text:00401350 CalledFromHdrParse2 endp .text:00401350 .text:00401350 ; --------------------------------------------------------------------------- .text:00401351 CC CC CC CC CC CC CC+ align 10h .text:00401360 .text:00401360 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401360 .text:00401360 ; Attributes: bp-based frame .text:00401360 .text:00401360 sub_401360 proc near ; CODE XREF: MainLoopSetup2+59p .text:00401360 .text:00401360 arg_0 = dword ptr 8 .text:00401360 arg_4 = dword ptr 0Ch .text:00401360 .text:00401360 55 push ebp .text:00401361 8B EC mov ebp, esp .text:00401363 8B 45 08 mov eax, [ebp+arg_0] .text:00401366 53 push ebx .text:00401367 8B 48 3C mov ecx, [eax+3Ch] .text:0040136A 03 C8 add ecx, eax .text:0040136C 56 push esi .text:0040136D 0F B7 41 14 movzx eax, word ptr [ecx+14h] .text:00401371 0F B7 59 06 movzx ebx, word ptr [ecx+6] .text:00401375 83 C0 18 add eax, 18h .text:00401378 33 D2 xor edx, edx .text:0040137A 03 C1 add eax, ecx .text:0040137C 57 push edi .text:0040137D 85 DB test ebx, ebx .text:0040137F 74 1B jz short loc_40139C .text:00401381 8B 7D 0C mov edi, [ebp+arg_4] .text:00401384 .text:00401384 loc_401384: ; CODE XREF: sub_401360+3Aj .text:00401384 8B 70 0C mov esi, [eax+0Ch] .text:00401387 3B FE cmp edi, esi .text:00401389 72 09 jb short loc_401394 .text:0040138B 8B 48 08 mov ecx, [eax+8] .text:0040138E 03 CE add ecx, esi .text:00401390 3B F9 cmp edi, ecx .text:00401392 72 0A jb short loc_40139E .text:00401394 .text:00401394 loc_401394: ; CODE XREF: sub_401360+29j .text:00401394 42 inc edx .text:00401395 83 C0 28 add eax, 28h .text:00401398 3B D3 cmp edx, ebx .text:0040139A 72 E8 jb short loc_401384 .text:0040139C .text:0040139C loc_40139C: ; CODE XREF: sub_401360+1Fj .text:0040139C 33 C0 xor eax, eax .text:0040139E .text:0040139E loc_40139E: ; CODE XREF: sub_401360+32j .text:0040139E 5F pop edi .text:0040139F 5E pop esi .text:004013A0 5B pop ebx .text:004013A1 5D pop ebp .text:004013A2 C3 retn .text:004013A2 sub_401360 endp .text:004013A2 .text:004013A2 ; --------------------------------------------------------------------------- .text:004013A3 CC CC CC CC CC CC CC+ align 10h .text:004013B0 .text:004013B0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004013B0 .text:004013B0 ; Attributes: bp-based frame .text:004013B0 .text:004013B0 MainLoopSetup2 proc near ; CODE XREF: start-A0p .text:004013B0 .text:004013B0 var_18 = dword ptr -18h .text:004013B0 var_10 = dword ptr -10h .text:004013B0 var_8 = dword ptr -8 .text:004013B0 var_4 = dword ptr -4 .text:004013B0 arg_0 = dword ptr 8 .text:004013B0 .text:004013B0 55 push ebp .text:004013B1 8B EC mov ebp, esp .text:004013B3 6A FE push 0FFFFFFFEh .text:004013B5 68 78 21 40 00 push offset unk_402178 .text:004013BA 68 09 17 40 00 push offset sub_401709 .text:004013BF 64 A1 00 00 00 00 mov eax, large fs:0 .text:004013C5 50 push eax .text:004013C6 83 EC 08 sub esp, 8 .text:004013C9 53 push ebx .text:004013CA 56 push esi .text:004013CB 57 push edi .text:004013CC A1 18 30 40 00 mov eax, dword_403018 .text:004013D1 31 45 F8 xor [ebp+var_8], eax .text:004013D4 33 C5 xor eax, ebp .text:004013D6 50 push eax .text:004013D7 8D 45 F0 lea eax, [ebp+var_10] .text:004013DA 64 A3 00 00 00 00 mov large fs:0, eax .text:004013E0 89 65 E8 mov [ebp+var_18], esp .text:004013E3 C7 45 FC 00 00 00 00 mov [ebp+var_4], 0 .text:004013EA 68 00 00 40 00 push 400000h .text:004013EF E8 7C 00 00 00 call sub_401470 .text:004013F4 83 C4 04 add esp, 4 .text:004013F7 85 C0 test eax, eax .text:004013F9 74 54 jz short loc_40144F .text:004013FB 8B 45 08 mov eax, [ebp+arg_0] .text:004013FE 2D 00 00 40 00 sub eax, 400000h .text:00401403 50 push eax .text:00401404 68 00 00 40 00 push 400000h .text:00401409 E8 52 FF FF FF call sub_401360 .text:0040140E 83 C4 08 add esp, 8 .text:00401411 85 C0 test eax, eax .text:00401413 74 3A jz short loc_40144F .text:00401415 8B 40 24 mov eax, [eax+24h] .text:00401418 C1 E8 1F shr eax, 1Fh .text:0040141B F7 D0 not eax .text:0040141D 83 E0 01 and eax, 1 .text:00401420 C7 45 FC FE FF FF FF mov [ebp+var_4], 0FFFFFFFEh .text:00401427 8B 4D F0 mov ecx, [ebp+var_10] .text:0040142A 64 89 0D 00 00 00 00 mov large fs:0, ecx .text:00401431 59 pop ecx .text:00401432 5F pop edi .text:00401433 5E pop esi .text:00401434 5B pop ebx .text:00401435 8B E5 mov esp, ebp .text:00401437 5D pop ebp .text:00401438 C3 retn .text:00401439 ; --------------------------------------------------------------------------- .text:00401439 8B 45 EC mov eax, [ebp-14h] .text:0040143C 8B 00 mov eax, [eax] .text:0040143E 33 C9 xor ecx, ecx .text:00401440 81 38 05 00 00 C0 cmp dword ptr [eax], 0C0000005h .text:00401446 0F 94 C1 setz cl .text:00401449 8B C1 mov eax, ecx .text:0040144B C3 retn .text:0040144C ; --------------------------------------------------------------------------- .text:0040144C 8B 65 E8 mov esp, [ebp-18h] .text:0040144F .text:0040144F loc_40144F: ; CODE XREF: MainLoopSetup2+49j .text:0040144F ; MainLoopSetup2+63j .text:0040144F C7 45 FC FE FF FF FF mov [ebp+var_4], 0FFFFFFFEh .text:00401456 33 C0 xor eax, eax .text:00401458 8B 4D F0 mov ecx, [ebp+var_10] .text:0040145B 64 89 0D 00 00 00 00 mov large fs:0, ecx .text:00401462 59 pop ecx .text:00401463 5F pop edi .text:00401464 5E pop esi .text:00401465 5B pop ebx .text:00401466 8B E5 mov esp, ebp .text:00401468 5D pop ebp .text:00401469 C3 retn .text:00401469 MainLoopSetup2 endp .text:00401469 .text:00401469 ; --------------------------------------------------------------------------- .text:0040146A CC CC CC CC CC CC align 10h .text:00401470 .text:00401470 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401470 .text:00401470 ; Attributes: bp-based frame .text:00401470 .text:00401470 sub_401470 proc near ; CODE XREF: MainLoopSetup2+3Fp .text:00401470 .text:00401470 arg_0 = dword ptr 8 .text:00401470 .text:00401470 55 push ebp .text:00401471 8B EC mov ebp, esp .text:00401473 8B 45 08 mov eax, [ebp+arg_0] .text:00401476 B9 4D 5A 00 00 mov ecx, 5A4Dh .text:0040147B 66 39 08 cmp [eax], cx .text:0040147E 74 04 jz short loc_401484 .text:00401480 33 C0 xor eax, eax .text:00401482 5D pop ebp .text:00401483 C3 retn .text:00401484 ; --------------------------------------------------------------------------- .text:00401484 .text:00401484 loc_401484: ; CODE XREF: sub_401470+Ej .text:00401484 8B 48 3C mov ecx, [eax+3Ch] .text:00401487 03 C8 add ecx, eax .text:00401489 33 C0 xor eax, eax .text:0040148B 81 39 50 45 00 00 cmp dword ptr [ecx], 4550h .text:00401491 75 0C jnz short loc_40149F .text:00401493 BA 0B 01 00 00 mov edx, 10Bh .text:00401498 66 39 51 18 cmp [ecx+18h], dx .text:0040149C 0F 94 C0 setz al .text:0040149F .text:0040149F loc_40149F: ; CODE XREF: sub_401470+21j .text:0040149F 5D pop ebp .text:004014A0 C3 retn .text:004014A0 sub_401470 endp .text:004014A0 .text:004014A1 .text:004014A1 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004014A1 .text:004014A1 ; Attributes: bp-based frame .text:004014A1 .text:004014A1 InitSecurityCookie proc near ; CODE XREF: startp .text:004014A1 .text:004014A1 PerformanceCount= LARGE_INTEGER ptr -14h .text:004014A1 SystemTimeAsFileTime= _FILETIME ptr -0Ch .text:004014A1 var_4 = dword ptr -4 .text:004014A1 .text:004014A1 55 push ebp .text:004014A2 8B EC mov ebp, esp .text:004014A4 83 EC 14 sub esp, 14h .text:004014A7 A1 18 30 40 00 mov eax, dword_403018 .text:004014AC 83 65 F4 00 and [ebp+SystemTimeAsFileTime.dwLowDateTime], 0 .text:004014B0 83 65 F8 00 and [ebp+SystemTimeAsFileTime.dwHighDateTime], 0 .text:004014B4 56 push esi .text:004014B5 57 push edi .text:004014B6 BF 4E E6 40 BB mov edi, 0BB40E64Eh .text:004014BB BE 00 00 FF FF mov esi, 0FFFF0000h .text:004014C0 3B C7 cmp eax, edi .text:004014C2 74 0D jz short loc_4014D1 .text:004014C4 85 C6 test eax, esi .text:004014C6 74 09 jz short loc_4014D1 .text:004014C8 F7 D0 not eax .text:004014CA A3 1C 30 40 00 mov dword_40301C, eax .text:004014CF EB 66 jmp short loc_401537 .text:004014D1 ; --------------------------------------------------------------------------- .text:004014D1 .text:004014D1 loc_4014D1: ; CODE XREF: InitSecurityCookie+21j .text:004014D1 ; InitSecurityCookie+25j .text:004014D1 8D 45 F4 lea eax, [ebp+SystemTimeAsFileTime] .text:004014D4 50 push eax ; lpSystemTimeAsFileTime .text:004014D5 FF 15 0C 20 40 00 call ds:GetSystemTimeAsFileTime .text:004014DB 8B 45 F8 mov eax, [ebp+SystemTimeAsFileTime.dwHighDateTime] .text:004014DE 33 45 F4 xor eax, [ebp+SystemTimeAsFileTime.dwLowDateTime] .text:004014E1 89 45 FC mov [ebp+var_4], eax .text:004014E4 FF 15 10 20 40 00 call ds:GetCurrentThreadId .text:004014EA 31 45 FC xor [ebp+var_4], eax .text:004014ED FF 15 08 20 40 00 call ds:GetTickCount64 .text:004014F3 31 45 FC xor [ebp+var_4], eax .text:004014F6 8D 45 EC lea eax, [ebp+PerformanceCount] .text:004014F9 50 push eax ; lpPerformanceCount .text:004014FA FF 15 14 20 40 00 call ds:QueryPerformanceCounter .text:00401500 8B 4D F0 mov ecx, dword ptr [ebp+PerformanceCount+4] .text:00401503 33 4D EC xor ecx, dword ptr [ebp+PerformanceCount] .text:00401506 8D 45 FC lea eax, [ebp+var_4] .text:00401509 33 4D FC xor ecx, [ebp+var_4] .text:0040150C 33 C8 xor ecx, eax .text:0040150E 3B CF cmp ecx, edi .text:00401510 75 07 jnz short loc_401519 .text:00401512 B9 4F E6 40 BB mov ecx, 0BB40E64Fh .text:00401517 EB 10 jmp short loc_401529 .text:00401519 ; --------------------------------------------------------------------------- .text:00401519 .text:00401519 loc_401519: ; CODE XREF: InitSecurityCookie+6Fj .text:00401519 85 CE test ecx, esi .text:0040151B 75 0C jnz short loc_401529 .text:0040151D 8B C1 mov eax, ecx .text:0040151F 0D 11 47 00 00 or eax, 4711h .text:00401524 C1 E0 10 shl eax, 10h .text:00401527 0B C8 or ecx, eax .text:00401529 .text:00401529 loc_401529: ; CODE XREF: InitSecurityCookie+76j .text:00401529 ; InitSecurityCookie+7Aj .text:00401529 89 0D 18 30 40 00 mov dword_403018, ecx .text:0040152F F7 D1 not ecx .text:00401531 89 0D 1C 30 40 00 mov dword_40301C, ecx .text:00401537 .text:00401537 loc_401537: ; CODE XREF: InitSecurityCookie+2Ej .text:00401537 5F pop edi .text:00401538 5E pop esi .text:00401539 C9 leave .text:0040153A C3 retn .text:0040153A InitSecurityCookie endp .text:0040153A .text:0040153B ; --------------------------------------------------------------------------- .text:0040153B 83 3D 84 33 40 00 00 cmp dword_403384, 0 .text:00401542 74 03 jz short loc_401547 .text:00401544 33 C0 xor eax, eax .text:00401546 C3 retn .text:00401547 ; --------------------------------------------------------------------------- .text:00401547 .text:00401547 loc_401547: ; CODE XREF: .text:00401542j .text:00401547 56 push esi .text:00401548 6A 04 push 4 .text:0040154A 6A 20 push 20h .text:0040154C FF 15 54 20 40 00 call ds:_calloc_crt .text:00401552 59 pop ecx .text:00401553 59 pop ecx .text:00401554 8B F0 mov esi, eax .text:00401556 56 push esi .text:00401557 FF 15 18 20 40 00 call ds:EncodePointer .text:0040155D A3 84 33 40 00 mov dword_403384, eax .text:00401562 A3 80 33 40 00 mov dword_403380, eax .text:00401567 85 F6 test esi, esi .text:00401569 75 05 jnz short loc_401570 .text:0040156B 6A 18 push 18h .text:0040156D 58 pop eax .text:0040156E 5E pop esi .text:0040156F C3 retn .text:00401570 ; --------------------------------------------------------------------------- .text:00401570 .text:00401570 loc_401570: ; CODE XREF: .text:00401569j .text:00401570 83 26 00 and dword ptr [esi], 0 .text:00401573 33 C0 xor eax, eax .text:00401575 5E pop esi .text:00401576 C3 retn .text:00401577 .text:00401577 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401577 .text:00401577 .text:00401577 EncodeDecodePtrStuff proc near ; CODE XREF: CallEncDecPtrStuff+6p .text:00401577 6A 14 push 14h .text:00401579 68 98 21 40 00 push offset unk_402198 .text:0040157E E8 2D 01 00 00 call SetupSEHFrame .text:00401583 FF 35 84 33 40 00 push dword_403384 .text:00401589 8B 35 04 20 40 00 mov esi, ds:DecodePointer .text:0040158F FF D6 call esi ; DecodePointer .text:00401591 89 45 E4 mov [ebp-1Ch], eax .text:00401594 83 F8 FF cmp eax, 0FFFFFFFFh .text:00401597 75 0C jnz short loc_4015A5 .text:00401599 FF 75 08 push dword ptr [ebp+8] ; _onexit_t .text:0040159C FF 15 5C 20 40 00 call ds:_onexit .text:004015A2 59 pop ecx .text:004015A3 EB 65 jmp short loc_40160A .text:004015A5 ; --------------------------------------------------------------------------- .text:004015A5 .text:004015A5 loc_4015A5: ; CODE XREF: EncodeDecodePtrStuff+20j .text:004015A5 6A 08 push 8 .text:004015A7 E8 8C 01 00 00 call _lock .text:004015AC 59 pop ecx .text:004015AD 83 65 FC 00 and dword ptr [ebp-4], 0 .text:004015B1 FF 35 84 33 40 00 push dword_403384 .text:004015B7 FF D6 call esi ; DecodePointer .text:004015B9 89 45 E4 mov [ebp-1Ch], eax .text:004015BC FF 35 80 33 40 00 push dword_403380 .text:004015C2 FF D6 call esi ; DecodePointer .text:004015C4 89 45 E0 mov [ebp-20h], eax .text:004015C7 8D 45 E0 lea eax, [ebp-20h] .text:004015CA 50 push eax .text:004015CB 8D 45 E4 lea eax, [ebp-1Ch] .text:004015CE 50 push eax .text:004015CF FF 75 08 push dword ptr [ebp+8] .text:004015D2 8B 35 18 20 40 00 mov esi, ds:EncodePointer .text:004015D8 FF D6 call esi ; EncodePointer .text:004015DA 50 push eax .text:004015DB E8 64 01 00 00 call __dllonexit .text:004015E0 83 C4 0C add esp, 0Ch .text:004015E3 8B F8 mov edi, eax .text:004015E5 89 7D DC mov [ebp-24h], edi .text:004015E8 FF 75 E4 push dword ptr [ebp-1Ch] .text:004015EB FF D6 call esi ; EncodePointer .text:004015ED A3 84 33 40 00 mov dword_403384, eax .text:004015F2 FF 75 E0 push dword ptr [ebp-20h] .text:004015F5 FF D6 call esi ; EncodePointer .text:004015F7 A3 80 33 40 00 mov dword_403380, eax .text:004015FC C7 45 FC FE FF FF FF mov dword ptr [ebp-4], 0FFFFFFFEh .text:00401603 E8 0B 00 00 00 call sub_401613 .text:00401608 8B C7 mov eax, edi .text:0040160A .text:0040160A loc_40160A: ; CODE XREF: EncodeDecodePtrStuff+2Cj .text:0040160A E8 E6 00 00 00 call sub_4016F5 .text:0040160F C3 retn .text:0040160F EncodeDecodePtrStuff endp ; sp = 4 .text:0040160F .text:00401610 ; --------------------------------------------------------------------------- .text:00401610 8B 7D DC mov edi, [ebp-24h] .text:00401613 .text:00401613 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401613 .text:00401613 .text:00401613 sub_401613 proc near ; CODE XREF: EncodeDecodePtrStuff+8Cp .text:00401613 6A 08 push 8 .text:00401615 E8 24 01 00 00 call _unlock .text:0040161A 59 pop ecx .text:0040161B C3 retn .text:0040161B sub_401613 endp .text:0040161B .text:0040161C .text:0040161C ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040161C .text:0040161C ; Attributes: bp-based frame .text:0040161C .text:0040161C CallEncDecPtrStuff proc near ; CODE XREF: .text:0040113Ep .text:0040161C .text:0040161C arg_0 = dword ptr 8 .text:0040161C .text:0040161C 55 push ebp .text:0040161D 8B EC mov ebp, esp .text:0040161F FF 75 08 push [ebp+arg_0] .text:00401622 E8 50 FF FF FF call EncodeDecodePtrStuff .text:00401627 F7 D8 neg eax .text:00401629 1B C0 sbb eax, eax .text:0040162B F7 D8 neg eax .text:0040162D 59 pop ecx .text:0040162E 48 dec eax .text:0040162F 5D pop ebp .text:00401630 C3 retn .text:00401630 CallEncDecPtrStuff endp .text:00401630 .text:00401631 .text:00401631 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401631 .text:00401631 .text:00401631 CalledFromHdrParse3 proc near ; CODE XREF: .text:00401100p .text:00401631 56 push esi .text:00401632 57 push edi .text:00401633 BE 4C 21 40 00 mov esi, offset unk_40214C .text:00401638 BF 4C 21 40 00 mov edi, offset unk_40214C .text:0040163D EB 0B jmp short loc_40164A .text:0040163F ; --------------------------------------------------------------------------- .text:0040163F .text:0040163F loc_40163F: ; CODE XREF: CalledFromHdrParse3+1Bj .text:0040163F 8B 06 mov eax, [esi] .text:00401641 85 C0 test eax, eax .text:00401643 74 02 jz short CalledFromHdrParse31 .text:00401645 FF D0 call eax .text:00401647 .text:00401647 CalledFromHdrParse31: ; CODE XREF: CalledFromHdrParse3+12j .text:00401647 83 C6 04 add esi, 4 .text:0040164A .text:0040164A loc_40164A: ; CODE XREF: CalledFromHdrParse3+Cj .text:0040164A 3B F7 cmp esi, edi .text:0040164C 72 F1 jb short loc_40163F .text:0040164E 5F pop edi .text:0040164F 5E pop esi .text:00401650 C3 retn .text:00401650 CalledFromHdrParse3 endp .text:00401650 .text:00401651 .text:00401651 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401651 .text:00401651 .text:00401651 sub_401651 proc near ; DATA XREF: .text:00401139o .text:00401651 56 push esi .text:00401652 57 push edi .text:00401653 BE 54 21 40 00 mov esi, offset unk_402154 .text:00401658 BF 54 21 40 00 mov edi, offset unk_402154 .text:0040165D EB 0B jmp short loc_40166A .text:0040165F ; --------------------------------------------------------------------------- .text:0040165F .text:0040165F loc_40165F: ; CODE XREF: sub_401651+1Bj .text:0040165F 8B 06 mov eax, [esi] .text:00401661 85 C0 test eax, eax .text:00401663 74 02 jz short loc_401667 .text:00401665 FF D0 call eax .text:00401667 .text:00401667 loc_401667: ; CODE XREF: sub_401651+12j .text:00401667 83 C6 04 add esi, 4 .text:0040166A .text:0040166A loc_40166A: ; CODE XREF: sub_401651+Cj .text:0040166A 3B F7 cmp esi, edi .text:0040166C 72 F1 jb short loc_40165F .text:0040166E 5F pop edi .text:0040166F 5E pop esi .text:00401670 C3 retn .text:00401670 sub_401651 endp .text:00401670 .text:00401671 .text:00401671 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401671 .text:00401671 .text:00401671 MaybeInvokeWatson proc near ; CODE XREF: .text:loc_40111Fp .text:00401671 56 push esi .text:00401672 68 00 00 03 00 push 30000h .text:00401677 68 00 00 01 00 push 10000h .text:0040167C 33 F6 xor esi, esi .text:0040167E 56 push esi .text:0040167F E8 CC 00 00 00 call _controlfp_s .text:00401684 83 C4 0C add esp, 0Ch .text:00401687 85 C0 test eax, eax .text:00401689 75 02 jnz short loc_40168D .text:0040168B 5E pop esi .text:0040168C C3 retn .text:0040168D ; --------------------------------------------------------------------------- .text:0040168D .text:0040168D loc_40168D: ; CODE XREF: MaybeInvokeWatson+18j .text:0040168D 56 push esi .text:0040168E 56 push esi .text:0040168F 56 push esi .text:00401690 56 push esi .text:00401691 56 push esi .text:00401692 E8 B3 00 00 00 call _invoke_watson .text:00401697 CC int 3 ; Trap to Debugger .text:00401697 MaybeInvokeWatson endp .text:00401697 .text:00401698 .text:00401698 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401698 .text:00401698 ; Attributes: thunk .text:00401698 .text:00401698 _initterm_e proc near ; CODE XREF: start-100p .text:00401698 FF 25 30 20 40 00 jmp ds:__imp__initterm_e .text:00401698 _initterm_e endp .text:00401698 .text:0040169E .text:0040169E ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040169E .text:0040169E ; Attributes: thunk .text:0040169E .text:0040169E _initterm proc near ; CODE XREF: start-CCp .text:0040169E FF 25 34 20 40 00 jmp ds:__imp__initterm .text:0040169E _initterm endp .text:0040169E .text:0040169E ; --------------------------------------------------------------------------- .text:004016A4 CC CC CC CC CC CC CC+ align 10h .text:004016B0 .text:004016B0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004016B0 .text:004016B0 .text:004016B0 SetupSEHFrame proc near ; CODE XREF: start-15Ep .text:004016B0 ; EncodeDecodePtrStuff+7p .text:004016B0 .text:004016B0 arg_4 = dword ptr 8 .text:004016B0 .text:004016B0 68 09 17 40 00 push offset sub_401709 .text:004016B5 64 FF 35 00 00 00 00 push large dword ptr fs:0 .text:004016BC 8B 44 24 10 mov eax, [esp+8+arg_4] .text:004016C0 89 6C 24 10 mov [esp+8+arg_4], ebp .text:004016C4 8D 6C 24 10 lea ebp, [esp+8+arg_4] .text:004016C8 2B E0 sub esp, eax .text:004016CA 53 push ebx .text:004016CB 56 push esi .text:004016CC 57 push edi .text:004016CD A1 18 30 40 00 mov eax, dword_403018 .text:004016D2 31 45 FC xor [ebp-4], eax .text:004016D5 33 C5 xor eax, ebp .text:004016D7 50 push eax .text:004016D8 89 65 E8 mov [ebp-18h], esp .text:004016DB FF 75 F8 push dword ptr [ebp-8] .text:004016DE 8B 45 FC mov eax, [ebp-4] .text:004016E1 C7 45 FC FE FF FF FF mov dword ptr [ebp-4], 0FFFFFFFEh .text:004016E8 89 45 F8 mov [ebp-8], eax .text:004016EB 8D 45 F0 lea eax, [ebp-10h] .text:004016EE 64 A3 00 00 00 00 mov large fs:0, eax .text:004016F4 C3 retn .text:004016F4 SetupSEHFrame endp ; sp = -1Ch .text:004016F4 .text:004016F5 .text:004016F5 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004016F5 .text:004016F5 .text:004016F5 sub_4016F5 proc near ; CODE XREF: start:loc_4012E3p .text:004016F5 ; EncodeDecodePtrStuff:loc_40160Ap .text:004016F5 8B 4D F0 mov ecx, [ebp-10h] .text:004016F8 64 89 0D 00 00 00 00 mov large fs:0, ecx .text:004016FF 59 pop ecx .text:00401700 5F pop edi .text:00401701 5F pop edi .text:00401702 5E pop esi .text:00401703 5B pop ebx .text:00401704 8B E5 mov esp, ebp .text:00401706 5D pop ebp .text:00401707 51 push ecx .text:00401708 C3 retn .text:00401708 sub_4016F5 endp .text:00401708 .text:00401709 .text:00401709 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401709 .text:00401709 ; Attributes: bp-based frame .text:00401709 .text:00401709 sub_401709 proc near ; DATA XREF: MainLoopSetup2+Ao .text:00401709 ; SetupSEHFrameo .text:00401709 .text:00401709 arg_0 = dword ptr 8 .text:00401709 arg_4 = dword ptr 0Ch .text:00401709 arg_8 = dword ptr 10h .text:00401709 arg_C = dword ptr 14h .text:00401709 .text:00401709 55 push ebp .text:0040170A 8B EC mov ebp, esp .text:0040170C FF 75 14 push [ebp+arg_C] .text:0040170F FF 75 10 push [ebp+arg_8] .text:00401712 FF 75 0C push [ebp+arg_4] .text:00401715 FF 75 08 push [ebp+arg_0] .text:00401718 68 56 17 40 00 push offset word_401756 .text:0040171D 68 18 30 40 00 push offset dword_403018 .text:00401722 E8 3F 00 00 00 call _except_handler4_common .text:00401727 83 C4 18 add esp, 18h .text:0040172A 5D pop ebp .text:0040172B C3 retn .text:0040172B sub_401709 endp .text:0040172B .text:0040172C .text:0040172C ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040172C .text:0040172C ; Attributes: thunk .text:0040172C .text:0040172C ; void __cdecl terminate(void) .text:0040172C ?terminate@@YAXXZ proc near ; CODE XREF: MyExceptionFilter:loc_40132Ep .text:0040172C FF 25 44 20 40 00 jmp ds:__imp_?terminate@@YAXXZ ; terminate(void) .text:0040172C ?terminate@@YAXXZ endp .text:0040172C .text:00401732 .text:00401732 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401732 .text:00401732 ; Attributes: thunk .text:00401732 .text:00401732 __crtSetUnhandledExceptionFilter proc near .text:00401732 ; CODE XREF: MyExceptionFilter+46p .text:00401732 FF 25 94 20 40 00 jmp ds:__imp___crtSetUnhandledExceptionFilter .text:00401732 __crtSetUnhandledExceptionFilter endp .text:00401732 .text:00401738 .text:00401738 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401738 .text:00401738 ; Attributes: thunk .text:00401738 .text:00401738 _lock proc near ; CODE XREF: EncodeDecodePtrStuff+30p .text:00401738 FF 25 4C 20 40 00 jmp ds:__imp__lock .text:00401738 _lock endp .text:00401738 .text:0040173E .text:0040173E ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040173E .text:0040173E ; Attributes: thunk .text:0040173E .text:0040173E _unlock proc near ; CODE XREF: sub_401613+2p .text:0040173E FF 25 50 20 40 00 jmp ds:__imp__unlock .text:0040173E _unlock endp .text:0040173E .text:00401744 .text:00401744 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401744 .text:00401744 ; Attributes: thunk .text:00401744 .text:00401744 __dllonexit proc near ; CODE XREF: EncodeDecodePtrStuff+64p .text:00401744 FF 25 58 20 40 00 jmp ds:__imp___dllonexit .text:00401744 __dllonexit endp .text:00401744 .text:0040174A .text:0040174A ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040174A .text:0040174A ; Attributes: thunk .text:0040174A .text:0040174A _invoke_watson proc near ; CODE XREF: MaybeInvokeWatson+21p .text:0040174A FF 25 60 20 40 00 jmp ds:__imp__invoke_watson .text:0040174A _invoke_watson endp .text:0040174A .text:00401750 .text:00401750 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401750 .text:00401750 ; Attributes: thunk .text:00401750 .text:00401750 _controlfp_s proc near ; CODE XREF: MaybeInvokeWatson+Ep .text:00401750 FF 25 64 20 40 00 jmp ds:__imp__controlfp_s .text:00401750 _controlfp_s endp .text:00401750 .text:00401750 ; --------------------------------------------------------------------------- .text:00401756 3B 0D word_401756 dw 0D3Bh ; DATA XREF: sub_401709+Fo .text:00401758 18 30 40 00 dd offset dword_403018 .text:0040175C 75 02 F3 C3 E9 44 00+ dd 0C3F30275h, 44E9h .text:00401764 ; --------------------------------------------------------------------------- .text:00401764 00 CC add ah, cl .text:00401766 .text:00401766 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:00401766 .text:00401766 ; Attributes: thunk .text:00401766 .text:00401766 _except_handler4_common proc near ; CODE XREF: sub_401709+19p .text:00401766 FF 25 68 20 40 00 jmp ds:__imp__except_handler4_common .text:00401766 _except_handler4_common endp .text:00401766 .text:0040176C .text:0040176C ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:0040176C .text:0040176C ; Attributes: bp-based frame .text:0040176C .text:0040176C DbgHookOrException proc near ; CODE XREF: .text:0040189Bp .text:0040176C .text:0040176C arg_0 = dword ptr 8 .text:0040176C .text:0040176C 55 push ebp .text:0040176D 8B EC mov ebp, esp .text:0040176F FF 15 00 20 40 00 call ds:IsDebuggerPresent .text:00401775 6A 01 push 1 .text:00401777 A3 74 33 40 00 mov dword_403374, eax .text:0040177C E8 21 01 00 00 call _crt_debugger_hook .text:00401781 FF 75 08 push [ebp+arg_0] .text:00401784 E8 1F 01 00 00 call __crtUnhandledException .text:00401789 83 3D 74 33 40 00 00 cmp dword_403374, 0 .text:00401790 59 pop ecx .text:00401791 59 pop ecx .text:00401792 75 08 jnz short loc_40179C .text:00401794 6A 01 push 1 .text:00401796 E8 07 01 00 00 call _crt_debugger_hook .text:0040179B 59 pop ecx .text:0040179C .text:0040179C loc_40179C: ; CODE XREF: DbgHookOrException+26j .text:0040179C 68 09 04 00 C0 push 0C0000409h .text:004017A1 E8 08 01 00 00 call __crtTerminateProcess .text:004017A6 59 pop ecx .text:004017A7 5D pop ebp .text:004017A8 C3 retn .text:004017A8 DbgHookOrException endp .text:004017A8 .text:004017A9 ; --------------------------------------------------------------------------- .text:004017A9 55 push ebp .text:004017AA 8B EC mov ebp, esp .text:004017AC 81 EC 24 03 00 00 sub esp, 324h .text:004017B2 6A 17 push 17h .text:004017B4 E8 FB 00 00 00 call IsProcessorFeaturePresent .text:004017B9 85 C0 test eax, eax .text:004017BB 74 05 jz short loc_4017C2 .text:004017BD 6A 02 push 2 .text:004017BF 59 pop ecx .text:004017C0 CD 29 int 29h ; DOS 2+ internal - FAST PUTCHAR .text:004017C0 ; AL = character to display .text:004017C2 .text:004017C2 loc_4017C2: ; CODE XREF: .text:004017BBj .text:004017C2 A3 58 31 40 00 mov dword_403158, eax .text:004017C7 89 0D 54 31 40 00 mov dword_403154, ecx .text:004017CD 89 15 50 31 40 00 mov dword_403150, edx .text:004017D3 89 1D 4C 31 40 00 mov dword_40314C, ebx .text:004017D9 89 35 48 31 40 00 mov dword_403148, esi .text:004017DF 89 3D 44 31 40 00 mov dword_403144, edi .text:004017E5 66 8C 15 70 31 40 00 mov word_403170, ss .text:004017EC 66 8C 0D 64 31 40 00 mov word_403164, cs .text:004017F3 66 8C 1D 40 31 40 00 mov word_403140, ds .text:004017FA 66 8C 05 3C 31 40 00 mov word_40313C, es .text:00401801 66 8C 25 38 31 40 00 mov word_403138, fs .text:00401808 66 8C 2D 34 31 40 00 mov word_403134, gs .text:0040180F 9C pushf .text:00401810 8F 05 68 31 40 00 pop dword_403168 .text:00401816 8B 45 00 mov eax, [ebp+0] .text:00401819 A3 5C 31 40 00 mov dword_40315C, eax .text:0040181E 8B 45 04 mov eax, [ebp+4] .text:00401821 A3 60 31 40 00 mov dword_403160, eax .text:00401826 8D 45 08 lea eax, [ebp+8] .text:00401829 A3 6C 31 40 00 mov dword_40316C, eax .text:0040182E 8B 85 DC FC FF FF mov eax, [ebp-324h] .text:00401834 C7 05 A8 30 40 00 01+ mov dword_4030A8, 10001h .text:0040183E A1 60 31 40 00 mov eax, dword_403160 .text:00401843 A3 64 30 40 00 mov dword_403064, eax .text:00401848 C7 05 58 30 40 00 09+ mov dword_403058, 0C0000409h .text:00401852 C7 05 5C 30 40 00 01+ mov dword_40305C, 1 .text:0040185C C7 05 68 30 40 00 01+ mov dword_403068, 1 .text:00401866 6A 04 push 4 .text:00401868 58 pop eax .text:00401869 6B C0 00 imul eax, 0 .text:0040186C C7 80 6C 30 40 00 02+ mov dword_40306C[eax], 2 .text:00401876 6A 04 push 4 .text:00401878 58 pop eax .text:00401879 6B C0 00 imul eax, 0 .text:0040187C 8B 0D 18 30 40 00 mov ecx, dword_403018 .text:00401882 89 4C 05 F8 mov [ebp+eax-8], ecx .text:00401886 6A 04 push 4 .text:00401888 58 pop eax .text:00401889 C1 E0 00 shl eax, 0 .text:0040188C 8B 0D 1C 30 40 00 mov ecx, dword_40301C .text:00401892 89 4C 05 F8 mov [ebp+eax-8], ecx .text:00401896 68 F4 20 40 00 push offset off_4020F4 .text:0040189B E8 CC FE FF FF call DbgHookOrException .text:004018A0 C9 leave .text:004018A1 C3 retn .text:004018A2 .text:004018A2 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004018A2 .text:004018A2 ; Attributes: thunk .text:004018A2 .text:004018A2 _crt_debugger_hook proc near ; CODE XREF: DbgHookOrException+10p .text:004018A2 ; DbgHookOrException+2Ap .text:004018A2 FF 25 6C 20 40 00 jmp ds:__imp__crt_debugger_hook .text:004018A2 _crt_debugger_hook endp .text:004018A2 .text:004018A8 .text:004018A8 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004018A8 .text:004018A8 ; Attributes: thunk .text:004018A8 .text:004018A8 __crtUnhandledException proc near ; CODE XREF: DbgHookOrException+18p .text:004018A8 FF 25 70 20 40 00 jmp ds:__imp___crtUnhandledException .text:004018A8 __crtUnhandledException endp .text:004018A8 .text:004018AE .text:004018AE ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004018AE .text:004018AE ; Attributes: thunk .text:004018AE .text:004018AE __crtTerminateProcess proc near ; CODE XREF: DbgHookOrException+35p .text:004018AE FF 25 74 20 40 00 jmp ds:__imp___crtTerminateProcess .text:004018AE __crtTerminateProcess endp .text:004018AE .text:004018B4 .text:004018B4 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:004018B4 .text:004018B4 ; Attributes: thunk .text:004018B4 .text:004018B4 ; BOOL __stdcall IsProcessorFeaturePresent(DWORD ProcessorFeature) .text:004018B4 IsProcessorFeaturePresent proc near ; CODE XREF: .text:004017B4p .text:004018B4 FF 25 1C 20 40 00 jmp ds:__imp_IsProcessorFeaturePresent .text:004018B4 IsProcessorFeaturePresent endp .text:004018B4 .text:004018B4 ; ---------------------------------------------------------------------------