Bܸ$Gɠn5۩fSAL3.DLL6.00.7663Sun Microsystems, Inc. SAL3.DLL@rmmtask.tsk4.90.3000Multimedia background task support moduleMicrosoft CorporationMicrosoft Windows(,xACXF^Microsoft Windows ME 4.90.3000 GenuineIntel Intel(r) family 6 model 5 processor IE 5 6.0.2800.110698lite by Shane BrooksCOMPUTER`Z( I(~(o~(o~ C:\WINDOWS\SYSTEM\Kernel32.dll4.90.3000Win32 Kernel core componentMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System((/~(o~ IC:\WINDOWS\SYSTEM\MSGSRV32.EXE4.90.3000Windows 32-bit VxD Message ServerMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System((.~(o~C:\WINDOWS\SYSTEM\Spool32.exe4.90.3000Spooler Sub System ProcessMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System( (/~(o~C:\WINDOWS\SYSTEM\MMTASK.TSK4.90.3000Multimedia background task support moduleMicrosoft CorporationMicrosoft Windows((>~(o~C:\WINDOWS\SYSTEM\Mprexe.exe4.90.3000WIN32 Network Interface Service ProcessMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System(OA(/~(o~C:\WINDOWS\SYSTEM\Mstask.exe4.71.2721.1Task Scheduler EngineMicrosoft CorporationMicrosoft Windows Task Scheduler(k\(-~(o~E:\DESKTOP\TRAYSAVE\Traysaver.exe(۪(,~(o~C:\WINDOWS\SYSTEM\WBEM\Winmgmt.exe1.50.1164.0000Windows Management InstrumentationMicrosoft CorporationWindows Management Instrumentation ((.~(o~C:\WINDOWS\SYSTEM\WINMODEM.101\WMEXE.EXE 1.60.013NVRAM ManagerU.S. Robotics, Inc.U.S. Robotics 56K Voice Win(`(+~(o~ C:\WINDOWS\Explorer.exe5.50.4134.100Windows ExplorerMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating System(g&(.~(o~`C:\WINDOWS\Taskmon.exe4.90.3000Task MonitorMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System(3(.~(o~`C:\WINDOWS\SYSTEM\Systray.exe4.90.3000System Tray AppletMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System(+(-~(o~`C:\WINDOWS\Startupmonitor.exe(3(/~(o~`C:\WINDOWS\Loadqm.exe5.4.1103.3Microsoft QMgrMicrosoft CorporationQMgr Loader(("~(o~`E:\DESKTOP\FOLCACHE\Ffolder.exe(e(,~(o~߿E:\PERIPHER\LOGITECH\MOUSEWARE\SYSTEM\Em_exec.exe9.75.302Logitech Events Handler ApplicationLogitech Inc.MouseWare(3`(/~(o~3C:\WINDOWS\SYSTEM\Wmiexe.exe4.90.2452.1WMI service exe housingMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System(z(!~(o~`E:\SYSTEM\EXECUTE\Xecutor.exe1.18.15.29Xpert-Design SoftwareXecutor(O(-~(o~zE:\FILEMNGT\WINKEY\Winkey.exe( (/~(o~}C:\WINDOWS\SYSTEM\Stimon.exe4.90.3000.1Still Image Devices MonitorMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System((+~(o~OC:\WINDOWS\Explorer.exe5.50.4134.100Windows ExplorerMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating System(("~T(o~OE:\REGISTRY\REGEDIT+\Regeditp.exe1.1.0.0Registry Editor PlusZiff-Davis, Inc.Registry Editor Plus(=(,~S(o~C:\WINDOWS\Regedit.exe4.90.3000Registry EditorMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System((,~l(o~`C:\WINDOWS\Drwatson.exe4.03Dr. Watson for WindowsMicrosoft CorporationMicrosoft Windows Product Support Tools(\(/~m(o~F:\DOWNLOAD\OPENOFF\Setup.exe(۩(~g(o~\F:\TEMP\SV1.TMP\Setup.exe6.00.7663xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSun Microsystems, Inc. ExecuteE:\System\Execute\xecutor.exeu\Programs\StartUp\Execute.lnkrunhpfschedFolder CacheE:\Desktop\Folcache\ffolder.exeScanRegistryC:\WINDOWS\scanregw.exe /autorunTaskMonitorC:\WINDOWS\taskmon.exe /autorunSystemTraySysTray.Exeaskmon.exe /autorunLoadPowerProfileRundll32.exe powrprof.dll,LoadCurrentPwrSchemeTweak UIProfileRUNDLL32.EXE TWEAKUI.CPL,TweakMeUpntPwrSchemeSRP StartupfileC:\WINDOWS\SYSTEM\SRP\SRRPRO.EXE /startuphemeRun StartupMonitorStartupMonitor.exeRP\SRRPRO.EXE /startuphemeLogitech UtilityrLogi_MwX.Exer.exeRP\SRRPRO.EXE /startuphemeVoodooBansheetyrrundll32.exe 3dfxVBps.dll,BansheeLoadSettingshppptaansheetyre:\peripher\Hpscan\PrecisionScan\hpppta.exe /ICONLoadQMansheetyrloadqm.exe\Hpscan\PrecisionScan\hpppta.exe /ICONLoadPowerProfileRundll32.exe powrprof.dll,LoadCurrentPwrSchemeSchedulingAgentmstask.exee powrprof.dll,LoadCurrentPwrSchemeAAATraySaverntE:\DESKTOP\TRAYSAVE\TRAYSA~1.EXErentPwrSchemeWinMgmtaverntC:\WINDOWS\SYSTEM\WBEM\WinMgmt.exentPwrSchemewinmodemverntWINMODEM.101\wmexe.exeWinMgmt.exentPwrScheme E:\APPS\COMMON\LOGITECH\SCROLLING\Lgmsghk.dllE:\PERIPHER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXEE:\PERIPHER\LOGITECH\MOUSEWARE\SYSTEM\Lgwndhk.dllE:\PERIPHER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXEE:\DESKTOP\FOLCACHE\Hookdll.dllE:\DESKTOP\FOLCACHE\FFOLDER.EXEE:\DESKTOP\TRAYSAVE\Wndspy.dllE:\DESKTOP\TRAYSAVE\TRAYSAVER.EXE C:\WINDOWS\SYSTEM\MMSYSTEM.DLLC:\WINDOWS\SYSTEM\mmtask.tskIVMM Z`C:\WINDOWS\SYSTEM\VMM32.VXDVirtual Machine ManagerMicrosoft CorporationMicrosoft Windows Operating SystemMTRR Z C:\WINDOWS\SYSTEM\VMM32.VXD?Microsoft CorporationMicrosoft Windows Operating SystemVCACHE  C:\WINDOWS\SYSTEM\VMM32.VXDCache managerMicrosoft CorporationMicrosoft Windows Operating SystemDFS  C:\WINDOWS\SYSTEM\dfs.vxd4.90.3000DFS Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemPERF Z C:\WINDOWS\SYSTEM\VMM32.VXDSystem Monitor data collection driverMicrosoft CorporationMicrosoft Windows Operating SystemVPOWERDZ C:\WINDOWS\SYSTEM\VMM32.VXDAdvanced Power Management driverMicrosoft CorporationMicrosoft Windows Operating SystemVPICD Z C:\WINDOWS\SYSTEM\VMM32.VXDHardware interrupt managerMicrosoft CorporationMicrosoft Windows Operating SystemVTD Z C:\WINDOWS\SYSTEM\VMM32.VXDTimer device driverMicrosoft CorporationMicrosoft Windows Operating SystemVWIN32 Z`C:\WINDOWS\SYSTEM\VMM32.VXDWin32 subsystem driverMicrosoft CorporationMicrosoft Windows Operating SystemVXDLDR Z C:\WINDOWS\SYSTEM\VMM32.VXDDynamic device driver loaderMicrosoft CorporationMicrosoft Windows Operating SystemNTKERN Z`C:\WINDOWS\SYSTEM\VMM32.VXDWindows Driver ModelMicrosoft CorporationMicrosoft Windows Operating SystemCONFIGMGZ C:\WINDOWS\SYSTEM\VMM32.VXDConfiguration managerMicrosoft CorporationMicrosoft Windows Operating SystemPCI ZC:\WINDOWS\SYSTEM\pci.vxd4.90.3000PCI Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemISAPNP ZC:\WINDOWS\SYSTEM\isapnp.vxd4.90.3000ISAPNP Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemBIOS ZC:\WINDOWS\SYSTEM\bios.vxd4.90.3000BIOS Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVCDFSD Z C:\WINDOWS\SYSTEM\VMM32.VXDCD-ROM filesystem driverMicrosoft CorporationMicrosoft Windows Operating SystemIOS Z C:\WINDOWS\SYSTEM\VMM32.VXDI/O SupervisorMicrosoft CorporationMicrosoft Windows Operating SystemPAGEFILEZ C:\WINDOWS\SYSTEM\VMM32.VXDSwapfile driverMicrosoft CorporationMicrosoft Windows Operating SystemPAGESWAPZ C:\WINDOWS\SYSTEM\VMM32.VXDSwapfile managerMicrosoft CorporationMicrosoft Windows Operating SystemPARITY ZC:\WINDOWS\SYSTEM\VMM32.VXDMemory parity driverMicrosoft CorporationMicrosoft Windows Operating SystemREBOOT Z@C:\WINDOWS\SYSTEM\VMM32.VXDCtrl+Alt+Del managerMicrosoft CorporationMicrosoft Windows Operating SystemEBIOS Z C:\WINDOWS\SYSTEM\VMM32.VXDExtended BIOS driverMicrosoft CorporationMicrosoft Windows Operating SystemVDD  C:\WINDOWS\SYSTEM\VMM32.VXDDisplay driverMicrosoft CorporationMicrosoft Windows Operating SystemH3VDD VSD ZC:\WINDOWS\SYSTEM\VMM32.VXDSpeaker driverMicrosoft CorporationMicrosoft Windows Operating SystemHPZIOL00C:\WINDOWS\SYSTEM\VMM32.VXD?Microsoft CorporationMicrosoft Windows Operating SystemHPZION00HPZIOP00TURBOVBFC:\WINDOWS\SYSTEM\turbovbf.vxd2.5.0TURBOVBF: DOS Vcomm ClientPacific CommWare, Inc.TurboCom ViP for Win 95COMBUFFZC:\WINDOWS\SYSTEM\VMM32.VXDCommunications buffer driverMicrosoft CorporationMicrosoft Windows Operating SystemVCD  C:\WINDOWS\SYSTEM\VMM32.VXDCommunications port driverMicrosoft CorporationMicrosoft Windows Operating SystemVMOUSE Z C:\WINDOWS\SYSTEM\VMM32.VXDMouse driverMicrosoft CorporationMicrosoft Windows Operating SystemVKD Z C:\WINDOWS\SYSTEM\VMM32.VXDKeyboard driverMicrosoft CorporationMicrosoft Windows Operating SystemLMOUSE C:\WINDOWS\SYSTEM\LMouse.Vxd19.75.294.0Logitech Virtual Mouse Driver.Logitech, Inc.Logitech MouseWare(TM)VPD ZC:\WINDOWS\SYSTEM\VMM32.VXDPrinter driverMicrosoft CorporationMicrosoft Windows Operating SystemINT13 Z C:\WINDOWS\SYSTEM\VMM32.VXDBIOS hard disk emulation driverMicrosoft CorporationMicrosoft Windows Operating SystemVMCPD Z C:\WINDOWS\SYSTEM\VMM32.VXDMath coprocessor driverMicrosoft CorporationMicrosoft Windows Operating SystemBIOSXLATZC:\WINDOWS\SYSTEM\VMM32.VXDBIOS emulation driverMicrosoft CorporationMicrosoft Windows Operating SystemVNETBIOSZ`C:\WINDOWS\SYSTEM\vnetbios.vxd4.90.3000VNETBIOS Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemNDIS  C:\WINDOWS\SYSTEM\ndis.vxd4.90.3000NDIS Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemPPPMAC C:\WINDOWS\SYSTEM\pppmac.vxd4.90.3000Windows Virtual PPP DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemNDISWANC:\WINDOWS\SYSTEM\ndiswan.vxd4.90.3000Windows Virtual WAN Protocol DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVTDI C:\WINDOWS\SYSTEM\vtdi.3864.90.3000Windows TDI Support DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVIP C:\WINDOWS\SYSTEM\vip.3864.90.3000Windows IP DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemMSTCP C:\WINDOWS\SYSTEM\vtcp.3864.90.3000Windows TCP DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemNETBEUIC:\WINDOWS\SYSTEM\netbeui.vxd4.90.3000NETBEUI Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemWSOCK2 C:\WINDOWS\SYSTEM\WSOCK2.vxd4.90.3000Windows Sockets Driver 2 TCP/IP only.Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVDHCP ZC:\WINDOWS\SYSTEM\vdhcp.3864.90.2535DHCP VxD DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVNBT C:\WINDOWS\SYSTEM\vnbt.3864.90.2535VNBT VxD DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemAFVXD C:\WINDOWS\SYSTEM\AFVXD.vxd4.90.3000Windows Sockets VTDI DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemDOSMGR Z C:\WINDOWS\SYSTEM\VMM32.VXDMS-DOS emulation managerMicrosoft CorporationMicrosoft Windows Operating SystemVMPOLL Z C:\WINDOWS\SYSTEM\VMM32.VXDSystem idle-time driverMicrosoft CorporationMicrosoft Windows Operating SystemJAVASUPC:\WINDOWS\SYSTEM\JAVASUP.VXD5.00.3805Microsoft Virtual Machine Helper Device for JavaMicrosoft CorporationMicrosoft(R) Windows (R) Operating SystemVCOMM Z`C:\WINDOWS\SYSTEM\VMM32.VXDCommunications port Plug and Play driverMicrosoft CorporationMicrosoft Windows Operating SystemVCOND Z@C:\WINDOWS\SYSTEM\VMM32.VXDConsole subsystem driverMicrosoft CorporationMicrosoft Windows Operating SystemVTDAPI Z@C:\WINDOWS\SYSTEM\VMM32.VXDMultimedia timer driverMicrosoft CorporationMicrosoft Windows Operating SystemVXDMON ZC:\WINDOWS\SYSTEM\VMM32.VXD?Microsoft CorporationMicrosoft Windows Operating SystemVKEYMAPC:\WINDOWS\SYSTEM\VKeyMap.vxdVFLATD Z C:\WINDOWS\SYSTEM\VMM32.VXDLinear aperture video driverMicrosoft CorporationMicrosoft Windows Operating SystemRT WMLDR C:\WINDOWS\SYSTEM\wmldr.vxdSBEMUL mmdevldrZC:\WINDOWS\SYSTEM\mmdevldr.vxd4.90.3000mmdevldr Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemAPIX C:\WINDOWS\SYSTEM\IOSUBSYS\APIX.VXD4.00.952APIX Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Operating SystemCDTSD ZC:\WINDOWS\SYSTEM\IOSUBSYS\CDTSD.VXD4.90.3000CDTSD Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemCDVSD ZC:\WINDOWS\SYSTEM\IOSUBSYS\CDVSD.VXD4.90.3000CDVSD Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemDiskTSDZC:\WINDOWS\SYSTEM\IOSUBSYS\DISKTSD.VXD4.90.3000DiskTSD Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating Systemscsi1hlpZC:\WINDOWS\SYSTEM\IOSUBSYS\SCSI1HLP.VXD4.90.3000scsi1hlp Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemvoltrackZC:\WINDOWS\SYSTEM\IOSUBSYS\VOLTRACK.VXD4.90.3000voltrack Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemA102 CDR4VSDC:\WINDOWS\SYSTEM\IOSUBSYS\cdr4vsd.vxd2.5 (099)CD-R Helper VSD for Windows 95RoxioRoxio's CD-R Helper DriversACbHlprC:\WINDOWS\SYSTEM\IOSUBSYS\acbhlpr.vxd1.01Adaptec's Callback Helper for Windows 9xAdaptecAdaptec's Callback Helper DriverIOMEGA C:\WINDOWS\SYSTEM\IOSUBSYS\iomega.vxd6.4.0.0IOMEGA Universal DASD VSDIomega CorporationIOMEGA Universal DASD VSDCDRPWD C:\WINDOWS\SYSTEM\IOSUBSYS\CDRPWD.VXD3.05 (210)Win95/98 Framework for Packet Write DriverAdaptecDirectCDCDRALVSDC:\WINDOWS\SYSTEM\IOSUBSYS\CDRALVSD.VXD1.00 (1046)Roxio CDRAL Virtual DeviceRoxioRoxio's CDRALBIGMEM ZC:\WINDOWS\SYSTEM\IOSUBSYS\BIGMEM.DRV4.90.3000BIGMEM Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemLMUL C:\WINDOWS\SYSTEM\LMUL.vxd19.75.294.0Logitech Virtual Mouse Filter Driver.Logitech, Inc.Logitech MouseWare(TM)LMOUHID C:\WINDOWS\SYSTEM\LMOUHID.vxd19.75.294.0Logitech Hid-Mouse Mapper Driver.Logitech, Inc.Logitech MouseWare(TM)SPAP C:\WINDOWS\SYSTEM\SPAP.vxd4.90.3000SPAP Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemAOLMAC C:\WINDOWS\SYSTEM\aolmac.vxd1.63Network AdapterAmerica OnlineAmerica OnlineHSFLOP C:\WINDOWS\SYSTEM\IOSUBSYS\HSFLOP.PDR4.90.3000HSFLOP Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemESDI_506ZC:\WINDOWS\SYSTEM\IOSUBSYS\ESDI_506.PDR4.90.3000ESDI_506 Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemDisplay1CDRMMC SERENUMZC:\WINDOWS\SYSTEM\serenum.vxd4.90.3000SERENUM Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemLPTENUMZC:\WINDOWS\SYSTEM\lptenum.vxd4.90.3000LPTENUM Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemSERWAVEC:\WINDOWS\SYSTEM\serwave.vxd4.90.3000Serwave Virtual DeviceMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemWDMAUD Zvjoyd C:\WINDOWS\SYSTEM\vjoyd.vxd4.08.01.0881Joystick Virtual DeviceMicrosoft CorporationMicrosoft DirectX for Windows 95 and 98sage C:\WINDOWS\SYSTEM\sage.vxd4.90.2447sage Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemWSHTCP C:\WINDOWS\SYSTEM\wshtcp.vxd4.90.3000Windows Sockets TCP helper DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemFIOLOG ZC:\WINDOWS\SYSTEM\FIOLOG.vxd4.90.3000File I/O Logging VxD for Application DefragMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVDMAD Z C:\WINDOWS\SYSTEM\VMM32.VXDDirect Memory Access controller driverMicrosoft CorporationMicrosoft Windows Operating SystemV86MMGRZ C:\WINDOWS\SYSTEM\VMM32.VXDMS-DOS memory managerMicrosoft CorporationMicrosoft Windows Operating SystemSPOOLERZ C:\WINDOWS\SYSTEM\VMM32.VXDPrint spoolerMicrosoft CorporationMicrosoft Windows Operating SystemUDF ZC:\WINDOWS\SYSTEM\VMM32.VXD?Microsoft CorporationMicrosoft Windows Operating SystemVFAT ZC:\WINDOWS\SYSTEM\VMM32.VXDFAT filesystem driverMicrosoft CorporationMicrosoft Windows Operating SystemVDEF ZC:\WINDOWS\SYSTEM\VMM32.VXDDefault filesystem driverMicrosoft CorporationMicrosoft Windows Operating SystemCDFS ZC:\WINDOWS\SYSTEM\IOSUBSYS\CDFS.VXD4.90.3000CDFS Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemCDUDF C:\WINDOWS\SYSTEM\IOSUBSYS\CDUDF.VXD3.05 (210)CD-UDF File System DriverAdaptecDirectCDUDFREADRC:\WINDOWS\SYSTEM\IOSUBSYS\udfreadr.vxd5.1.1.213 CD-UDF Read-Only File System DriverRoxioDirectCDCDUDFRWC:\WINDOWS\SYSTEM\IOSUBSYS\CDUDFRW.VXD3.05 (210)CD-UDF RW File System DriverAdaptecDirectCDIFSMGR Z C:\WINDOWS\SYSTEM\VMM32.VXDFile system managerMicrosoft CorporationMicrosoft Windows Operating SystemVNETSUPZ C:\WINDOWS\SYSTEM\vnetsup.vxd4.90.3000VNETSUP Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVREDIR Z C:\WINDOWS\SYSTEM\vredir.vxd4.90.3000VREDIR Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVSERVERZC:\WINDOWS\SYSTEM\vserver.vxd4.90.3001VSERVER Virtual Device (Version 4.0)Microsoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemVFBACKUPZ C:\WINDOWS\SYSTEM\VMM32.VXDFloppy backup helper driverMicrosoft CorporationMicrosoft Windows Operating SystemSHELL Z C:\WINDOWS\SYSTEM\VMM32.VXDShell device driverMicrosoft CorporationMicrosoft Windows Operating SystemHP5300CPC:\WINDOWS\SYSTEM\hp5300cp.vxdVersion 0.91VxD File DescriptionHPHP5300CPDRWATSONC:\WINDOWS\SYSTEM\DRWATSON.vxd4.03Dr. Watson for WindowsMicrosoft CorporationMicrosoft Windows Product Support ToolssysaudioredbookwdmaudtcpipTDIRTL8139vvlusbvvlstrmusbhubWMILIBWMIDRVuhcdUSBDsbemules1371mpportclsdrmkPCIMPhidvkdswenumksupdatewdmfsrt mmsystem.dllC:\WINDOWS\SYSTEM\mmsystem.dll4.90.3000System APIs for MultimediaMicrosoft CorporationMicrosoft Windows midiyoke.drvC:\WINDOWS\SYSTEM\MIDIYOKE.DRV1.63.35MIDI Yoke JunctionJamie O'ConnellMIDI Yoke Junction Drivermidimap.drvC:\WINDOWS\SYSTEM\midimap.drv4.90.3000Microsoft MIDI MapperMicrosoft CorporationMicrosoft Windowsserwvdrv.drvC:\WINDOWS\SYSTEM\serwvdrv.drv4.90.3000Voice Modem Serial Wave DriverMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating Systemmsacm.drvC:\WINDOWS\SYSTEM\msacm.drv4.90.3000Microsoft Sound MapperMicrosoft CorporationMicrosoft Windowswdmaud.drvC:\WINDOWS\SYSTEM\wdmaud.drv4.90.3000WDM Audio driver mapperMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating Systemmsjstick.drvC:\WINDOWS\SYSTEM\msjstick.drv4.08.01.0881Joystick driver for IBM-compatiblesMicrosoft CorporationMicrosoft DirectX for Windows 95 and 98 @Xmm-=JD$(o~۩  JVM641MI.DLLS\SYSTEM\KERNEL32.DLLF:\TEMP\SV1.TMP\JVM641MI.DLL IC:\WINDOWS\SYSTEM\MSGSRV32.EXE6.00.7663Sun Microsystems, Inc.N-=T=D$(o~۩REG4MSDOC641MI.DLL(.~(o~C:\WINDOWS\SYSTEM\SPOOL32.EXEF:\TEMP\SV1.TMP\REG4MSDOC641MI.DLL( (/~(o~C:\WINDOWS\SYSTEM\mmtask.tsk6.00.7663Sun Microsystems, Inc.8$=CD$(o~۩eeLOCALEDATA_ASCII.DLL((>~(o~C:\WINDOWS\SYSTEM\MPREXE.EXEF:\TEMP\SV1.TMP\LOCALEDATA_ASCII.DLL(OA(/~(o~C:\WINDOWS\SYSTEM\MSTASK.EXE6.00.7663Sun Microsystems, Inc.>$=6D$(o~۩]P]I18NPOOL641MI.DLL(k\(-~(o~E:\DESKTOP\TRAYSAVE\TRAYSAVER.EXEF:\TEMP\SV1.TMP\I18NPOOL641MI.DLL6.00.7663Sun Microsystems, Inc.$=S$(o~۩Rp RI18N641MI.DLLF:\TEMP\SV1.TMP\I18N641MI.DLL6.00.7663Sun Microsystems, Inc.Έ)=0S$ (o~۩DND.DLLF:\TEMP\SV1.TMP\DND.DLL6.00.7663Sun Microsystems, Inc.Z=tS$(o~۩LGMSGHK.DLLE:\APPS\COMMON\LOGITECH\SCROLLING\LGMSGHK.DLL1.0.0Logitech Message Hook LibraryLogitech Inc.Productivity Software Common Files 9S$(o~۩ x xMSVCP60.DLLC:\WINDOWS\SYSTEM\MSVCP60.DLL6.00.8972.0Microsoft (R) C++ Runtime LibraryMicrosoft CorporationMicrosoft (R) Visual C++"<@9XD$i(o~۩w@wMYDOCS.DLLC:\WINDOWS\SYSTEM\MYDOCS.DLL5.50.4134.100My Documents Folder UIMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating System=XD$(o~۩pqpqSHDOCVW.DLLC:\WINDOWS\SYSTEM\SHDOCVW.DLL6.00.2800.1133Shell Doc Object and Control LibraryMicrosoft CorporationMicrosoft Windows Operating System%)=IF$ (o~۩RDBTDP.DLLF:\TEMP\SV1.TMP\RDBTDP.DLL6.00.7663Sun Microsystems, Inc.u$=KF$ (o~۩`REG3.DLLF:\TEMP\SV1.TMP\REG3.DLL6.00.7663Sun Microsystems, Inc.t$=xQD$ (o~۩PSTORE3.DLLF:\TEMP\SV1.TMP\STORE3.DLL6.00.7663Sun Microsystems, Inc.)=,SD$ (o~۩IMPREG.DLLF:\TEMP\SV1.TMP\IMPREG.DLL6.00.7663Sun Microsystems, Inc._$=4TD$(o~۩TDMGR.DLLF:\TEMP\SV1.TMP\TDMGR.DLL6.00.7663Sun Microsystems, Inc.)=XUD$(o~۩DEFREG.DLLF:\TEMP\SV1.TMP\DEFREG.DLL6.00.7663Sun Microsystems, Inc.)=UD$p(o~۩SIMREG.DLLF:\TEMP\SV1.TMP\SIMREG.DLL6.00.7663Sun Microsystems, Inc.)=K$q(o~۩`CPLD.DLLF:\TEMP\SV1.TMP\CPLD.DLL6.00.7663Sun Microsystems, Inc. )=,K$r(o~۩pSMGR.DLLF:\TEMP\SV1.TMP\SMGR.DLL6.00.7663Sun Microsystems, Inc.Z=`K$s(o~۩pLGWNDHK.DLLE:\PERIPHER\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL9.75.302Logitech Call Window Hook LibraryLogitech Inc.MouseWare^B*K$N(o~۩pHOOKDLL.DLLE:\DESKTOP\FOLCACHE\HOOKDLL.DLLN-=(K$g(o~۩SETUP.EXEF:\TEMP\SV1.TMP\SETUP.EXE6.00.7663xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSun Microsystems, Inc.?9K$(o~۩ݿݿWINMM.DLLC:\WINDOWS\SYSTEM\WINMM.DLL4.90.3000System APIs for MultimediaMicrosoft CorporationMicrosoft WindowsN-=K$f(o~۩@ @SET641MI.DLLF:\TEMP\SV1.TMP\SET641MI.DLL6.00.7663Sun Microsystems, Inc.;@9ĝK$(o~۩ `VERSION.DLLC:\WINDOWS\SYSTEM\VERSION.DLL4.90.3000Win32 VERSION core componentMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System[$=(K$u(o~۩8`8SBL641MI.DLLF:\TEMP\SV1.TMP\SBL641MI.DLL6.00.7663Sun Microsystems, Inc.9)=lK$x(o~۩SVT641MI.DLLF:\TEMP\SV1.TMP\SVT641MI.DLL6.00.7663Sun Microsystems, Inc..)=`K$v(o~۩|P |SVL641MI.DLLF:\TEMP\SV1.TMP\SVL641MI.DLL6.00.7663Sun Microsystems, Inc.$=K$w(o~۩ TK641MI.DLLF:\TEMP\SV1.TMP\TK641MI.DLL6.00.7663Sun Microsystems, Inc.L-=K$a(o~۩``VCL641MI.DLLF:\TEMP\SV1.TMP\VCL641MI.DLL6.00.7663Sun Microsystems, Inc.;@9PK$y(o~۩@IMM32.DLLC:\WINDOWS\SYSTEM\IMM32.DLL4.90.3000Win32 IMM32 core componentMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System;@9K$(o~۩WINSPOOL.DRVC:\WINDOWS\SYSTEM\WINSPOOL.DRV4.90.3000Win32 WINSPOOL core componentMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System$=|K$`(o~۩SOT641MI.DLLF:\TEMP\SV1.TMP\SOT641MI.DLL6.00.7663Sun Microsystems, Inc.H)=K$(o~۩fPfUTL641MI.DLLF:\TEMP\SV1.TMP\UTL641MI.DLL6.00.7663Sun Microsystems, Inc.$=K${(o~۩v@vUCBHELPER1MSC.DLLF:\TEMP\SV1.TMP\UCBHELPER1MSC.DLL6.00.7663Sun Microsystems, Inc.s$=įK$z(o~۩{`{SALHELPER3MSC.DLLF:\TEMP\SV1.TMP\SALHELPER3MSC.DLL6.00.7663Sun Microsystems, Inc.p$=(K$|(o~۩ r`rCOMPHELP2.DLLF:\TEMP\SV1.TMP\COMPHELP2.DLL6.00.7663Sun Microsystems, Inc.܄$=XK$}(o~۩nnCPPUHELPER3MSC.DLLF:\TEMP\SV1.TMP\CPPUHELPER3MSC.DLL6.00.7663Sun Microsystems, Inc.~$=K$~(o~۩kkCPPU3.DLLF:\TEMP\SV1.TMP\CPPU3.DLL6.00.7663Sun Microsystems, Inc.!L-=K$b(o~۩ pTL641MI.DLLF:\TEMP\SV1.TMP\TL641MI.DLL6.00.7663Sun Microsystems, Inc.t$=bL$e(o~۩ 0 VOS2MSC.DLLF:\TEMP\SV1.TMP\VOS2MSC.DLL6.00.7663Sun Microsystems, Inc.s$=oL$d(o~۩LLSAL3.DLLF:\TEMP\SV1.TMP\SAL3.DLL6.00.7663Sun Microsystems, Inc.s$={L$t(o~۩W9XUCWRP.DLLF:\TEMP\SV1.TMP\W9XUCWRP.DLL6.00.7663Sun Microsystems, Inc.;@9~L$(o~۩ 0COMDLG32.DLLC:\WINDOWS\SYSTEM\COMDLG32.DLL5.50.4134.100Common Dialogs DLLMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating System;@9P$(o~۩"SHELL32.DLLC:\WINDOWS\SYSTEM\SHELL32.DLL5.50.4134.100Windows Shell Common DllMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating System*n=dP$(o~۩COMCTL32.DLLC:\WINDOWS\SYSTEM\COMCTL32.DLL5.81Common Controls LibraryMicrosoft CorporationMicrosoft(R) Windows (R) 2000 Operating Systemk$=P$c(o~۩ STLPORT_VC6.DLLF:\TEMP\SV1.TMP\STLPORT_VC6.DLL4.0.2000.0707STLportSTLport Consulting, Inc.STLport Standard ANSI C++ Libarary;@9Q$(o~۩ MPR.DLLC:\WINDOWS\SYSTEM\MPR.DLL4.90.3000WIN32 Network Interface DLLMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemQ<@9hQ$(o~۩msmsWSOCK32.DLLC:\WINDOWS\SYSTEM\WSOCK32.DLL4.90.3000BSD Socket API for WindowsMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System!<@9Q$(o~۩w@wMSWSOCK.DLLC:\WINDOWS\SYSTEM\MSWSOCK.DLL4.90.3000Microsoft WinSock Extension APIsMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating SystemP<@9Q$(o~۩qsqsWS2_32.DLLC:\WINDOWS\SYSTEM\WS2_32.DLL4.90.3000Windows Socket 2.0 32-Bit DLLMicrosoft CorporationMicrosoft(R) Windows(R) Millennium Operating System*n=%Q$(o~۩ pP pWININET.DLLC:\WINDOWS\SYSTEM\WININET.DLL6.00.2800.1106Internet Extensions for Win32Microsoft CorporationMicrosoft Windows Operating System*n=+Q$(o~۩pPpSHLWAPI.DLLC:\WINDOWS\SYSTEM\SHLWAPI.DLL6.00.2800.1106Shell Light-weight Utility LibraryMicrosoft CorporationMicrosoft Windows Operating System;@9X016f:004c8584 8b4004 mov eax,dword ptr [eax+04] sel type base lim/bot ---- ---- -------- -------- cs 016f r-x- 00000000 ffffffff ss 0177 rw-e 00000000 0000d5c0 ds 0177 rw-e 00000000 0000d5c0 es 0177 rw-e 00000000 0000d5c0 fs 3267 rw-- 819801f0 00000037 gs 0000 ---- stack base: 00990000 TIB limits: 00a89000 - 00a90000 -- exception record -- Exception Code: c0000005 (access violation) Exception Address: 004c8584 (SAL3.DLL:.text+0x7584) Exception Info: 00000000 ffffffff SAL3.DLL:.text+0x7584: >016f:004c8584 8b4004 mov eax,dword ptr [eax+04] 016f:004c8577 90 nop 016f:004c8578 90 nop 016f:004c8579 90 nop 016f:004c857a 90 nop 016f:004c857b 90 nop 016f:004c857c 90 nop 016f:004c857d 90 nop 016f:004c857e 90 nop 016f:004c857f 90 nop 016f:004c8580 8b442404 mov eax,dword ptr [esp+04] SAL3.DLL:.text+0x7584: *016f:004c8584 8b4004 mov eax,dword ptr [eax+04] 016f:004c8587 c3 retd 016f:004c8588 90 nop 016f:004c8589 90 nop 016f:004c858a 90 nop 016f:004c858b 90 nop 016f:004c858c 90 nop 016f:004c858d 90 nop 016f:004c858e 90 nop 016f:004c858f 90 nop 016f:004c8590 8b442404 mov eax,dword ptr [esp+04] -------------------- -- stack summary -- 0177:00000014 016f:004c8584 SAL3.DLL:.text+0x7584 (00f000ff,87c80000,33f000e9,33f000ff, 33f000ff,33f000ff,57f000ff,8ff000ef) 0177:f000ff54 016f:f00098be 016f:f00098be -- stack trace -- 0177:00000014 016f:004c8584 SAL3.DLL:.text+0x7584 (00f000ff,87c80000,33f000e9,33f000ff, 33f000ff,33f000ff,57f000ff,8ff000ef) 016f:004c8577 90 nop 016f:004c8578 90 nop 016f:004c8579 90 nop 016f:004c857a 90 nop 016f:004c857b 90 nop 016f:004c857c 90 nop 016f:004c857d 90 nop 016f:004c857e 90 nop 016f:004c857f 90 nop 016f:004c8580 8b442404 mov eax,dword ptr [esp+04] SAL3.DLL:.text+0x7584: *016f:004c8584 8b4004 mov eax,dword ptr [eax+04] 016f:004c8587 c3 retd 016f:004c8588 90 nop 016f:004c8589 90 nop 016f:004c858a 90 nop 016f:004c858b 90 nop 016f:004c858c 90 nop 016f:004c858d 90 nop 016f:004c858e 90 nop 016f:004c858f 90 nop 016f:004c8590 8b442404 mov eax,dword ptr [esp+04] -------------------- 0177:f000ff54 016f:f00098be 016f:f00098be -- stack dump -- 00a8c544 004c5beb = SAL3.DLL:.text+0x4beb -------------------- 016f:004c5bca 57 push edi 016f:004c5bcb 6866450000 push 00004566 016f:004c5bd0 33c0 xor eax,eax 016f:004c5bd2 6a4c push +4c 016f:004c5bd4 56 push esi 016f:004c5bd5 89442424 mov dword ptr [esp+24],eax 016f:004c5bd9 8944241c mov dword ptr [esp+1c],eax 016f:004c5bdd 89442420 mov dword ptr [esp+20],eax 016f:004c5be1 bd15000000 mov ebp,00000015 016f:004c5be6 e895290000 call 004c8580 = SAL3.DLL!rtl_uString_getLength SAL3.DLL:.text+0x4beb: *016f:004c5beb 83c404 add esp,+04 016f:004c5bee 50 push eax 016f:004c5bef 56 push esi 016f:004c5bf0 e89b290000 call 004c8590 = SAL3.DLL!rtl_uString_getStr 016f:004c5bf5 83c404 add esp,+04 016f:004c5bf8 50 push eax 016f:004c5bf9 8d442428 lea eax,[esp+28] 016f:004c5bfd 50 push eax 016f:004c5bfe e86d810000 call 004cdd70 = SAL3.DLL!rtl_uString2String 016f:004c5c03 8b54242c mov edx,dword ptr [esp+2c] 016f:004c5c07 8d4c2424 lea ecx,[esp+24] -------------------- 00a8c548 00000000 00a8c54c 0000004c 00a8c550 00004566 00a8c554 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c558 00a8c5ec -> 98 d6 20 1c 00 00 00 00 26 bb f6 bf 08 61 98 81 .. .....&....a.. 00a8c55c 00655e60 = SAL3.DLL:.data+0xe60 -> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu 00a8c560 00000000 ... 00a8c570 004c5e61 = SAL3.DLL:.text+0x4e61 -------------------- 016f:004c5e4c 90 nop 016f:004c5e4d 90 nop 016f:004c5e4e 90 nop 016f:004c5e4f 90 nop 016f:004c5e50 8b442408 mov eax,dword ptr [esp+08] 016f:004c5e54 8b4c2404 mov ecx,dword ptr [esp+04] 016f:004c5e58 6a01 push +01 016f:004c5e5a 50 push eax 016f:004c5e5b 51 push ecx 016f:004c5e5c e85ffdffff call 004c5bc0 = SAL3.DLL:.text+0x4bc0 SAL3.DLL:.text+0x4e61: *016f:004c5e61 83c40c add esp,+0c 016f:004c5e64 c3 retd 016f:004c5e65 90 nop 016f:004c5e66 90 nop 016f:004c5e67 90 nop 016f:004c5e68 90 nop 016f:004c5e69 90 nop 016f:004c5e6a 90 nop 016f:004c5e6b 90 nop 016f:004c5e6c 90 nop 016f:004c5e6d 90 nop -------------------- 00a8c574 00000000 00a8c578 00a8c598 -> 00 00 00 00 16 9c 20 1c 60 5e 65 00 00 00 00 00 ...... .`^e..... 00a8c57c 00000001 00a8c580 004d680d = SAL3.DLL:.text+0x1580d -------------------- 016f:004d67f0 8d4c240c lea ecx,[esp+0c] 016f:004d67f4 55 push ebp 016f:004d67f5 51 push ecx 016f:004d67f6 e8551dffff call 004c8550 = SAL3.DLL!rtl_uString_assign 016f:004d67fb 83c408 add esp,+08 016f:004d67fe 8b44240c mov eax,dword ptr [esp+0c] 016f:004d6802 8d54240c lea edx,[esp+0c] 016f:004d6806 52 push edx 016f:004d6807 50 push eax 016f:004d6808 e843f6feff call 004c5e50 = SAL3.DLL!osl_getSystemPathFromFileURL SAL3.DLL:.text+0x1580d: *016f:004d680d 8b5c2420 mov ebx,dword ptr [esp+20] 016f:004d6811 83c408 add esp,+08 016f:004d6814 f6c301 test bl,01 016f:004d6817 752c jnz 004d6845 = SAL3.DLL:.text+0x15845 016f:004d6819 8b4c240c mov ecx,dword ptr [esp+0c] 016f:004d681d 53 push ebx 016f:004d681e 51 push ecx 016f:004d681f e8ec110000 call 004d7a10 = SAL3.DLL:.text+0x16a10 016f:004d6824 8bf8 mov edi,eax 016f:004d6826 83c408 add esp,+08 016f:004d6829 85ff test edi,edi -------------------- 00a8c584 00000000 00a8c588 00a8c598 -> 00 00 00 00 16 9c 20 1c 60 5e 65 00 00 00 00 00 ...... .`^e..... 00a8c58c 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c590 00000000 ... 00a8c59c 1c209c16 = VOS2MSC.DLL:.text+0x8c16 -------------------- 016f:1c209bfa 7409 jz 1c209c05 = VOS2MSC.DLL:.text+0x8c05 016f:1c209bfc 56 push esi 016f:1c209bfd e82e000000 call 1c209c30 = VOS2MSC.DLL!234 016f:1c209c02 83c404 add esp,+04 016f:1c209c05 8b4c240c mov ecx,dword ptr [esp+0c] 016f:1c209c09 8b442410 mov eax,dword ptr [esp+10] 016f:1c209c0d 50 push eax 016f:1c209c0e 8b11 mov edx,dword ptr [ecx] 016f:1c209c10 52 push edx 016f:1c209c11 e8262b0000 call 1c20c73c = SAL3.DLL!osl_openProfile VOS2MSC.DLL:.text+0x8c16: *016f:1c209c16 83c408 add esp,+08 016f:1c209c19 33c9 xor ecx,ecx 016f:1c209c1b 85c0 test eax,eax 016f:1c209c1d 0f95c1 setnz cl 016f:1c209c20 894604 mov dword ptr [esi+04],eax 016f:1c209c23 8ac1 mov al,cl 016f:1c209c25 5e pop esi 016f:1c209c26 c3 retd 016f:1c209c27 90 nop 016f:1c209c28 90 nop 016f:1c209c29 90 nop -------------------- 00a8c5a0 00655e60 = SAL3.DLL:.data+0xe60 -> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu 00a8c5a4 00000000 00a8c5a8 00a8c5ec -> 98 d6 20 1c 00 00 00 00 26 bb f6 bf 08 61 98 81 .. .....&....a.. 00a8c5ac 1c209b90 = VOS2MSC.DLL:.text+0x8b90 -------------------- 016f:1c209b70 8b442408 mov eax,dword ptr [esp+08] 016f:1c209b74 56 push esi 016f:1c209b75 8bf1 mov esi,ecx 016f:1c209b77 50 push eax 016f:1c209b78 8b4c240c mov ecx,dword ptr [esp+0c] 016f:1c209b7c 51 push ecx 016f:1c209b7d 56 push esi 016f:1c209b7e c7460400000000 mov dword ptr [esi+04],00000000 016f:1c209b85 c70698d6201c mov dword ptr [esi],1c20d698 016f:1c209b8b e860000000 call 1c209bf0 = VOS2MSC.DLL!239 VOS2MSC.DLL:.text+0x8b90: *016f:1c209b90 83c40c add esp,+0c 016f:1c209b93 8bc6 mov eax,esi 016f:1c209b95 5e pop esi 016f:1c209b96 c20800 retd 0008 016f:1c209b99 90 nop 016f:1c209b9a 90 nop 016f:1c209b9b 90 nop 016f:1c209b9c 90 nop 016f:1c209b9d 90 nop 016f:1c209b9e 90 nop 016f:1c209b9f 90 nop -------------------- 00a8c5b0 00a8c5ec -> 98 d6 20 1c 00 00 00 00 26 bb f6 bf 08 61 98 81 .. .....&....a.. 00a8c5b4 00a8c5e0 -> 60 5e 65 00 80 00 97 00 cf 41 f6 bf 98 d6 20 1c `^e......A.... . 00a8c5b8 00000000 00a8c5bc 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8c5c0 010c3756 = JVM641MI.DLL:.text+0x2756 -------------------- 016f:010c3735 51 push ecx 016f:010c3736 e8055a0000 call 010c9140 = SAL3.DLL!rtl_uString_release 016f:010c373b 83c40c add esp,+0c 016f:010c373e 8d4c2410 lea ecx,[esp+10] 016f:010c3742 e8c7580000 call 010c900e = TL641MI.DLL!242 016f:010c3747 8d542414 lea edx,[esp+14] 016f:010c374b 55 push ebp 016f:010c374c 52 push edx 016f:010c374d 8d4c2428 lea ecx,[esp+28] 016f:010c3751 e804580000 call 010c8f5a = VOS2MSC.DLL!227 JVM641MI.DLL:.text+0x2756: *016f:010c3756 55 push ebp 016f:010c3757 55 push ebp 016f:010c3758 8d442428 lea eax,[esp+28] 016f:010c375c 6840b60c01 push 010cb640 016f:010c3761 50 push eax 016f:010c3762 e817580000 call 010c8f7e = VOS2MSC.DLL!237 016f:010c3767 8bf0 mov esi,eax 016f:010c3769 56 push esi 016f:010c376a e887580000 call 010c8ff6 = TL641MI.DLL!20 016f:010c376f 8bf8 mov edi,eax 016f:010c3771 56 push esi -------------------- 00a8c5c4 00a8c5e0 -> 60 5e 65 00 80 00 97 00 cf 41 f6 bf 98 d6 20 1c `^e......A.... . 00a8c5c8 00000000 00a8c5cc 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c5d0 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8c5d4 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c5d8 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// ... 00a8c5e0 00655e60 = SAL3.DLL:.data+0xe60 -> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu 00a8c5e4 00970080 -> 46 3a 5c 54 65 6d 70 20 00 77 69 6e 62 6f 6f 74 F:\Temp .winboot 00a8c5e8 bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8c5ec 1c20d698 = VOS2MSC.DLL!231 -> 50 9b 20 1c 70 9c 20 1c a0 9c 20 1c c0 9c 20 1c P. .p. ... ... . 00a8c5f0 00000000 00a8c5f4 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8c5f8 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c5fc 0107b0a8 -> 3a 00 2f 00 2f 00 2f 00 43 00 3a 00 2f 00 57 00 :./././.C.:./.W. 00a8c600 004c1d3c = SAL3.DLL:.text+0xd3c -> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. 00a8c604 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8c608 00000002 00a8c60c 00000040 00a8c610 00000001 00a8c614 1c832e55 = TL641MI.DLL:.text+0x31e55 -------------------- 016f:1c832e37 b801000000 mov eax,00000001 016f:1c832e3c 89442400 mov dword ptr [esp],eax 016f:1c832e40 3bc8 cmp ecx,eax 016f:1c832e42 8d442400 lea eax,[esp] 016f:1c832e46 7204 jc 1c832e4c = TL641MI.DLL:.text+0x31e4c 016f:1c832e48 8d442414 lea eax,[esp+14] 016f:1c832e4c 56 push esi 016f:1c832e4d 8b30 mov esi,dword ptr [eax] 016f:1c832e4f 56 push esi 016f:1c832e50 e8c10e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory TL641MI.DLL:.text+0x31e55: *016f:1c832e55 83c404 add esp,+04 016f:1c832e58 85c0 test eax,eax 016f:1c832e5a 7518 jnz 1c832e74 = TL641MI.DLL:.text+0x31e74 016f:1c832e5c a15824861c mov eax,dword ptr [1c862458] 016f:1c832e61 85c0 test eax,eax 016f:1c832e63 7414 jz 1c832e79 = TL641MI.DLL:.text+0x31e79 016f:1c832e65 ffd0 call eax 016f:1c832e67 56 push esi 016f:1c832e68 e8a90e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory 016f:1c832e6d 83c404 add esp,+04 016f:1c832e70 85c0 test eax,eax -------------------- 00a8c618 00000040 00a8c61c 780283f7 = MSVCRT.DLL!wcsspn -------------------- 016f:780283e2 3bc2 cmp eax,edx 016f:780283e4 75f5 jnz 780283db = MSVCRT.DLL:.text+0x273db 016f:780283e6 668b08 mov cx,word ptr [eax] 016f:780283e9 662bce sub cx,si 016f:780283ec 5e pop esi 016f:780283ed 66f7d9 neg cx 016f:780283f0 1bc9 sbb ecx,ecx 016f:780283f2 f7d1 not ecx 016f:780283f4 23c1 and eax,ecx 016f:780283f6 c3 retd MSVCRT.DLL!wcsspn: *016f:780283f7 8b442404 mov eax,dword ptr [esp+04] 016f:780283fb 53 push ebx 016f:780283fc 56 push esi 016f:780283fd 57 push edi 016f:780283fe 668b08 mov cx,word ptr [eax] 016f:78028401 6685c9 test cx,cx 016f:78028404 7429 jz 7802842f = MSVCRT.DLL:.text+0x2742f 016f:78028406 8b5c2414 mov ebx,dword ptr [esp+14] 016f:7802840a 668b3b mov di,word ptr [ebx] 016f:7802840d 663bf9 cmp di,cx 016f:78028410 8bf3 mov esi,ebx -------------------- 00a8c620 00000001 00a8c624 010b7238 -> 50 00 2e 00 45 00 58 00 45 00 00 00 00 00 00 00 P...E.X.E....... 00a8c628 00000003 00a8c62c 00000000 00a8c630 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8c634 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c638 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8c63c 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c640 0107b090 -> d8 01 00 00 28 00 00 00 b0 ee 07 01 60 57 65 00 ....(.......`We. 00a8c644 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8c648 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8c64c 0107b098 -> b0 ee 07 01 60 57 65 00 66 00 69 00 6c 00 65 00 ....`We.f.i.l.e. 00a8c650 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8c654 40000000 00a8c658 00a8c8b6 -> 00 00 01 00 00 00 13 00 00 00 0c 00 00 00 01 01 ................ 00a8c65c bff700e2 = KERNEL32.DLL:.text+0x70e2 -> 8b f8 85 ff 74 4c bb 10 96 f6 bf 53 e8 d6 6d 00 ....tL.....S..m. 00a8c660 00a8c799 -> 73 69 63 37 33 39 2e 74 6d 70 00 21 00 00 40 24 sic739.tmp.!..@$ 00a8c664 0054504c = SAL3.DLL:.rdata+0x5f04c -> b8 f4 00 00 00 00 00 00 a1 ef 00 00 00 00 00 00 ................ 00a8c668 40000000 00a8c66c 00000000 00a8c670 00000004 00a8c674 1c80e4f7 = TL641MI.DLL:.text+0xd4f7 -------------------- 016f:1c80e4d5 85db test ebx,ebx 016f:1c80e4d7 740c jz 1c80e4e5 = TL641MI.DLL:.text+0xd4e5 016f:1c80e4d9 8b442440 mov eax,dword ptr [esp+40] 016f:1c80e4dd 8bce mov ecx,esi 016f:1c80e4df 50 push eax 016f:1c80e4e0 e80b56ffff call 1c803af0 = TL641MI.DLL!155 016f:1c80e4e5 8d4c2424 lea ecx,[esp+24] 016f:1c80e4e9 e8c2f8ffff call 1c80ddb0 = TL641MI.DLL:.text+0xcdb0 016f:1c80e4ee 8d4c2410 lea ecx,[esp+10] 016f:1c80e4f2 e8b955ffff call 1c803ab0 = TL641MI.DLL!149 TL641MI.DLL:.text+0xd4f7: *016f:1c80e4f7 5f pop edi 016f:1c80e4f8 5e pop esi 016f:1c80e4f9 8bc3 mov eax,ebx 016f:1c80e4fb 5d pop ebp 016f:1c80e4fc 5b pop ebx 016f:1c80e4fd 83c42c add esp,+2c 016f:1c80e500 c20800 retd 0008 016f:1c80e503 90 nop 016f:1c80e504 90 nop 016f:1c80e505 90 nop 016f:1c80e506 90 nop -------------------- 00a8c678 00a8c768 -> 13 01 00 40 44 d3 98 81 8c 00 00 00 38 03 00 00 ...@D.......8... 00a8c67c 00a8c6e8 -> a4 8c 07 00 00 00 00 00 0c 70 90 81 00 70 90 81 .........p...p.. 00a8c680 00000000 00a8c684 00a8c768 -> 13 01 00 40 44 d3 98 81 8c 00 00 00 38 03 00 00 ...@D.......8... 00a8c688 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8c68c 00a8c768 -> 13 01 00 40 44 d3 98 81 8c 00 00 00 38 03 00 00 ...@D.......8... 00a8c690 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c694 010bffb0 -> 61 74 61 00 a8 ff 0b 01 46 3a 00 00 00 00 65 00 ata.....F:....e. 00a8c698 010b71e8 -> 6f 00 6e 00 25 00 32 00 30 00 44 00 61 00 74 00 o.n.%.2.0.D.a.t. 00a8c69c 0107b098 -> b0 ee 07 01 60 57 65 00 66 00 69 00 6c 00 65 00 ....`We.f.i.l.e. ... 00a8c6a8 04000000 00a8c6ac 00100010 00a8c6b0 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8c6b4 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c6b8 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- ... 00a8c6c0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c6c4 40000000 00a8c6c8 00000000 00a8c6cc 00a8c70c -> 00 78 6c c1 34 c7 a8 00 6e a2 f6 bf c8 a6 f6 bf .xl.4...n....... 00a8c6d0 00078ca4 00a8c6d4 8198d340 -> 21 00 00 a0 1c 70 90 81 0c 70 90 81 1a 03 00 00 !....p...p...... 00a8c6d8 00000020 00a8c6dc bff6a501 = KERNEL32.DLL:.text+0x1501 -------------------- 016f:bff6a4e6 2bfb sub edi,ebx 016f:bff6a4e8 57 push edi 016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax 016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a4f2 895004 mov dword ptr [eax+04],edx 016f:bff6a4f5 8d041e lea eax,[esi+ebx] 016f:bff6a4f8 50 push eax 016f:bff6a4f9 ff7508 push dword ptr [ebp+08] 016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 KERNEL32.DLL:.text+0x1501: *016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 016f:bff6a51d 85c0 test eax,eax -------------------- 00a8c6e0 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8c6e4 8198d360 -> 2e 02 00 a0 07 00 00 00 00 a9 6c c1 ec fb 46 01 ..........l...F. 00a8c6e8 00078ca4 00a8c6ec 00000000 00a8c6f0 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8c6f4 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8c6f8 8198d340 -> 21 00 00 a0 1c 70 90 81 0c 70 90 81 1a 03 00 00 !....p...p...... 00a8c6fc 00000040 00a8c700 00000000 00a8c704 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c708 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8c70c c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8c710 00a8c734 -> 6f 01 00 00 c5 cf f6 bf cf 41 f6 bf 44 d3 98 81 o........A..D... 00a8c714 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8c718 bff6a6c8 = KERNEL32.DLL:.text+0x16c8 -------------------- 016f:bff6a6ab 56 push esi 016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax 016f:bff6a6b4 85c0 test eax,eax 016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6b8 ff7510 push dword ptr [ebp+10] 016f:bff6a6bb 56 push esi 016f:bff6a6bc 0d000000a0 or eax,a0000000 016f:bff6a6c1 8903 mov dword ptr [ebx],eax 016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x16c8: *016f:bff6a6c8 8d4304 lea eax,[ebx+04] 016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 016f:bff6a6cd 6a08 push +08 016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6d6 6a08 push +08 016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6df 6a10 push +10 016f:bff6a6e1 ff75fc push dword ptr [ebp-04] 016f:bff6a6e4 680a000100 push 0001000a -------------------- 00a8c71c 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8c720 00000040 00a8c724 00000338 00a8c728 00000000 00a8c72c 00000008 00a8c730 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8c734 0000016f 00a8c738 bff6cfc5 = KERNEL32.DLL:.text+0x3fc5 -------------------- 016f:bff6cfa6 740a jz bff6cfb2 = KERNEL32.DLL:.text+0x3fb2 016f:bff6cfa8 ff7508 push dword ptr [ebp+08] 016f:bff6cfab e8b5ffffff call bff6cf65 = KERNEL32.DLL:.text+0x3f65 016f:bff6cfb0 eb13 jmp bff6cfc5 = KERNEL32.DLL:.text+0x3fc5 016f:bff6cfb2 6a01 push +01 016f:bff6cfb4 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6cfb7 83c004 add eax,+04 016f:bff6cfba 50 push eax 016f:bff6cfbb 6805000100 push 00010005 016f:bff6cfc0 e80f44ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:.text+0x3fc5: *016f:bff6cfc5 8945fc mov dword ptr [ebp-04],eax 016f:bff6cfc8 837dfc00 cmp dword ptr [ebp-04],+00 016f:bff6cfcc 7405 jz bff6cfd3 = KERNEL32.DLL:.text+0x3fd3 016f:bff6cfce 8b45fc mov eax,dword ptr [ebp-04] 016f:bff6cfd1 8818 mov byte ptr [eax],bl 016f:bff6cfd3 8b45fc mov eax,dword ptr [ebp-04] 016f:bff6cfd6 5b pop ebx 016f:bff6cfd7 8be5 mov esp,ebp 016f:bff6cfd9 5d pop ebp 016f:bff6cfda c20800 retd 0008 016f:bff6cfdd 8b442404 mov eax,dword ptr [esp+04] -------------------- 00a8c73c bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8c740 8198d344 -> 1c 70 90 81 0c 70 90 81 1a 03 00 00 00 00 00 00 .p...p.......... 00a8c744 bff6dc83 = KERNEL32.DLL:.text+0x4c83 -------------------- 016f:bff6dc5e 8b5510 mov edx,dword ptr [ebp+10] 016f:bff6dc61 52 push edx 016f:bff6dc62 8b4844 mov ecx,dword ptr [eax+44] 016f:bff6dc65 8954f908 mov dword ptr [ecx+edi*8+08],edx 016f:bff6dc69 8b4844 mov ecx,dword ptr [eax+44] 016f:bff6dc6c 8b4514 mov eax,dword ptr [ebp+14] 016f:bff6dc6f 8944f904 mov dword ptr [ecx+edi*8+04],eax 016f:bff6dc73 e865f3ffff call bff6cfdd = KERNEL32.DLL:.text+0x3fdd 016f:bff6dc78 ff3520bdfbbf push dword ptr [bffbbd20] 016f:bff6dc7e e84265ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x4c83: *016f:bff6dc83 8bc6 mov eax,esi 016f:bff6dc85 5f pop edi 016f:bff6dc86 5e pop esi 016f:bff6dc87 5d pop ebp 016f:bff6dc88 c21000 retd 0010 016f:bff6dc8b 55 push ebp 016f:bff6dc8c 8bec mov ebp,esp 016f:bff6dc8e 56 push esi 016f:bff6dc8f ff7508 push dword ptr [ebp+08] 016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 016f:bff6dc97 83f8ff cmp eax,-01 -------------------- 00a8c748 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c74c 00000338 00a8c750 0000008c 00a8c754 00a8c770 -> 8c 00 00 00 38 03 00 00 00 78 6c c1 b8 c8 a8 00 ....8....xl..... 00a8c758 bff6dcad = KERNEL32.DLL:.text+0x4cad -------------------- 016f:bff6dc8f ff7508 push dword ptr [ebp+08] 016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 016f:bff6dc97 83f8ff cmp eax,-01 016f:bff6dc9a 8bf0 mov esi,eax 016f:bff6dc9c 740f jz bff6dcad = KERNEL32.DLL:.text+0x4cad 016f:bff6dc9e ff7510 push dword ptr [ebp+10] 016f:bff6dca1 ff750c push dword ptr [ebp+0c] 016f:bff6dca4 56 push esi 016f:bff6dca5 ff7508 push dword ptr [ebp+08] 016f:bff6dca8 e88fffffff call bff6dc3c = KERNEL32.DLL:.text+0x4c3c KERNEL32.DLL:.text+0x4cad: *016f:bff6dcad 8bc6 mov eax,esi 016f:bff6dcaf 5e pop esi 016f:bff6dcb0 5d pop ebp 016f:bff6dcb1 c20c00 retd 000c 016f:bff6dcb4 8b442404 mov eax,dword ptr [esp+04] 016f:bff6dcb8 53 push ebx 016f:bff6dcb9 56 push esi 016f:bff6dcba 8bc8 mov ecx,eax 016f:bff6dcbc 33f6 xor esi,esi 016f:bff6dcbe 803800 cmp byte ptr [eax],00 016f:bff6dcc1 743a jz bff6dcfd = KERNEL32.DLL:.text+0x4cfd -------------------- 00a8c75c 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8c760 0000008c 00a8c764 8198d344 -> 1c 70 90 81 0c 70 90 81 1a 03 00 00 00 00 00 00 .p...p.......... 00a8c768 40000113 00a8c76c 8198d344 -> 1c 70 90 81 0c 70 90 81 1a 03 00 00 00 00 00 00 .p...p.......... 00a8c770 0000008c 00a8c774 00000338 00a8c778 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8c77c 00a8c8b8 -> 01 00 00 00 13 00 00 00 0c 00 00 00 01 01 01 00 ................ 00a8c780 bff6f69e = KERNEL32.DLL:.text+0x669e -------------------- 016f:bff6f679 bbffffffff mov ebx,ffffffff 016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 016f:bff6f684 6a00 push +00 016f:bff6f686 ff75f8 push dword ptr [ebp-08] 016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e 016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6f693 8b08 mov ecx,dword ptr [eax] 016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x669e: *016f:bff6f69e 8bc3 mov eax,ebx 016f:bff6f6a0 5f pop edi 016f:bff6f6a1 5e pop esi 016f:bff6f6a2 5b pop ebx 016f:bff6f6a3 8be5 mov esp,ebp 016f:bff6f6a5 5d pop ebp 016f:bff6f6a6 c21c00 retd 001c 016f:bff6f6a9 ff7514 push dword ptr [ebp+14] 016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb 016f:bff6f6b1 83f8ff cmp eax,-01 016f:bff6f6b4 8bf0 mov esi,eax -------------------- 00a8c784 40000000 00a8c788 00a8c974 -> 9c 5b 85 1c d8 fe 0b 01 00 00 00 00 00 00 00 00 .[.............. 00a8c78c 00000004 00a8c790 545c3a46 00a8c794 20706d65 00a8c798 6369735c 00a8c79c 2e393337 00a8c7a0 00706d74 = CPPUHELPER3MSC.DLL:.rdata+0x5d74 -> 3f 24 53 65 71 75 65 6e 63 65 40 56 54 79 70 65 ?$Sequence@VType 00a8c7a4 40000021 00a8c7a8 8198d324 -> 08 00 01 00 30 b4 6c c1 36 03 00 00 00 00 00 00 ....0.l.6....... 00a8c7ac 00000088 00a8c7b0 00000336 00a8c7b4 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8c7b8 00a8c8f4 -> 08 61 98 81 78 af 07 01 ac 1e 4c 00 30 55 65 00 .a..x.....L.0Ue. 00a8c7bc bff6f69e = KERNEL32.DLL:.text+0x669e -------------------- 016f:bff6f679 bbffffffff mov ebx,ffffffff 016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 016f:bff6f684 6a00 push +00 016f:bff6f686 ff75f8 push dword ptr [ebp-08] 016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e 016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6f693 8b08 mov ecx,dword ptr [eax] 016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x669e: *016f:bff6f69e 8bc3 mov eax,ebx 016f:bff6f6a0 5f pop edi 016f:bff6f6a1 5e pop esi 016f:bff6f6a2 5b pop ebx 016f:bff6f6a3 8be5 mov esp,ebp 016f:bff6f6a5 5d pop ebp 016f:bff6f6a6 c21c00 retd 001c 016f:bff6f6a9 ff7514 push dword ptr [ebp+14] 016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb 016f:bff6f6b1 83f8ff cmp eax,-01 016f:bff6f6b4 8bf0 mov esi,eax -------------------- 00a8c7c0 80000000 00a8c7c4 0107af18 -> 74 5b 85 1c 10 af 07 01 00 00 00 00 00 00 00 00 t[.............. 00a8c7c8 00000003 00a8c7cc 545c3a46 00a8c7d0 5c504d45 00a8c7d4 2e315653 00a8c7d8 00000005 00a8c7dc 010b7208 -> f0 55 65 00 f0 55 65 00 46 00 3a 00 2f 00 54 00 .Ue..Ue.F.:./.T. 00a8c7e0 010b7228 -> 54 00 4d 00 50 00 2f 00 53 00 45 00 54 00 55 00 T.M.P./.S.E.T.U. 00a8c7e4 00000005 00a8c7e8 010b7210 -> 46 00 3a 00 2f 00 54 00 30 00 00 00 78 00 00 00 F.:./.T.0...x... 00a8c7ec 00000005 00a8c7f0 010b7235 -> 00 55 00 50 00 2e 00 45 00 58 00 45 00 00 00 00 .U.P...E.X.E.... 00a8c7f4 010b721a -> 00 00 78 00 00 00 18 72 0b 01 18 72 0b 01 54 00 ..x....r...r..T. 00a8c7f8 00000005 00a8c7fc 010b721a -> 00 00 78 00 00 00 18 72 0b 01 18 72 0b 01 54 00 ..x....r...r..T. 00a8c800 00000008 00a8c804 0000000a 00a8c808 010b7228 -> 54 00 4d 00 50 00 2f 00 53 00 45 00 54 00 55 00 T.M.P./.S.E.T.U. 00a8c80c 010b71c8 -> 49 00 4e 00 44 00 4f 00 57 00 53 00 2f 00 41 00 I.N.D.O.W.S./.A. 00a8c810 0000000a 00a8c814 010b7230 -> 53 00 45 00 54 00 55 00 50 00 2e 00 45 00 58 00 S.E.T.U.P...E.X. 00a8c818 0000000a 00a8c81c 010b71da -> 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 6f 00 p.l.i.c.a.t.i.o. 00a8c820 010b7244 -> 00 00 00 00 28 00 00 80 48 00 00 00 03 00 00 00 ....(...H....... 00a8c824 0000000a 00a8c828 010b7244 -> 00 00 00 00 28 00 00 80 48 00 00 00 03 00 00 00 ....(...H....... 00a8c82c 00000013 00a8c830 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8c834 00000013 00a8c838 010b7210 -> 46 00 3a 00 2f 00 54 00 30 00 00 00 78 00 00 00 F.:./.T.0...x... 00a8c83c 00000013 00a8c840 010b726b -> 00 08 00 00 00 18 00 00 00 28 00 00 00 78 af 07 .........(...x.. 00a8c844 010b7236 -> 55 00 50 00 2e 00 45 00 58 00 45 00 00 00 00 00 U.P...E.X.E..... 00a8c848 010b7270 -> 18 00 00 00 28 00 00 00 78 af 07 01 90 55 65 00 ....(...x....Ue. 00a8c84c 00000013 00a8c850 004ceb52 = SAL3.DLL:.text+0xdb52 -------------------- 016f:004ceb3c 8b542420 mov edx,dword ptr [esp+20] 016f:004ceb40 51 push ecx 016f:004ceb41 8b4c2420 mov ecx,dword ptr [esp+20] 016f:004ceb45 52 push edx 016f:004ceb46 8b542420 mov edx,dword ptr [esp+20] 016f:004ceb4a 51 push ecx 016f:004ceb4b 8b08 mov ecx,dword ptr [eax] 016f:004ceb4d 52 push edx 016f:004ceb4e 51 push ecx 016f:004ceb4f ff5008 call dword ptr [eax+08] SAL3.DLL:.text+0xdb52: *016f:004ceb52 83c424 add esp,+24 016f:004ceb55 c3 retd 016f:004ceb56 90 nop 016f:004ceb57 90 nop 016f:004ceb58 90 nop 016f:004ceb59 90 nop 016f:004ceb5a 90 nop 016f:004ceb5b 90 nop 016f:004ceb5c 90 nop 016f:004ceb5d 90 nop 016f:004ceb5e 90 nop -------------------- 00a8c854 00000070 00a8c858 00000000 00a8c85c 010b7236 -> 55 00 50 00 2e 00 45 00 58 00 45 00 00 00 00 00 U.P...E.X.E..... 00a8c860 00000013 00a8c864 010b726b -> 00 08 00 00 00 18 00 00 00 28 00 00 00 78 af 07 .........(...x.. 00a8c868 00000013 00a8c86c 0000c566 00a8c870 00a8c8d8 -> 0f bb f6 bf 0f bb f6 bf 08 61 98 81 0f bb f6 bf .........a...... 00a8c874 00a8c8bc -> 13 00 00 00 0c 00 00 00 01 01 01 00 82 00 00 00 ................ 00a8c878 004cde76 = SAL3.DLL:.text+0xce76 -------------------- 016f:004cde62 8b4c2444 mov ecx,dword ptr [esp+44] 016f:004cde66 52 push edx 016f:004cde67 8d4708 lea eax,[edi+08] 016f:004cde6a 56 push esi 016f:004cde6b 50 push eax 016f:004cde6c 53 push ebx 016f:004cde6d 55 push ebp 016f:004cde6e 6a00 push +00 016f:004cde70 51 push ecx 016f:004cde71 e87a0c0000 call 004ceaf0 = SAL3.DLL!rtl_convertUnicodeToText SAL3.DLL:.text+0xce76: *016f:004cde76 8be8 mov ebp,eax 016f:004cde78 8a44245c mov al,byte ptr [esp+5c] 016f:004cde7c 83c42c add esp,+2c 016f:004cde7f a804 test al,04 016f:004cde81 745b jz 004cdede = SAL3.DLL:.text+0xcede 016f:004cde83 8b542410 mov edx,dword ptr [esp+10] 016f:004cde87 42 inc edx 016f:004cde88 89542410 mov dword ptr [esp+10],edx 016f:004cde8c 57 push edi 016f:004cde8d e8de3effff call 004c1d70 = SAL3.DLL!rtl_freeMemory 016f:004cde92 8b742418 mov esi,dword ptr [esp+18] -------------------- 00a8c87c 00552210 = SAL3.DLL:.rdata+0x6c210 -> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... 00a8c880 00000000 00a8c884 010b7210 -> 46 00 3a 00 2f 00 54 00 30 00 00 00 78 00 00 00 F.:./.T.0...x... 00a8c888 00000013 00a8c88c 010b7258 -> 46 3a 5c 54 65 6d 70 20 5c 73 69 63 37 33 39 2e F:\Temp \sic739. 00a8c890 00000013 00a8c894 0000c566 00a8c898 00a8c8d8 -> 0f bb f6 bf 0f bb f6 bf 08 61 98 81 0f bb f6 bf .........a...... 00a8c89c 00a8c8bc -> 13 00 00 00 0c 00 00 00 01 01 01 00 82 00 00 00 ................ 00a8c8a0 004cdf26 = SAL3.DLL:.text+0xcf26 -------------------- 016f:004cdf07 57 push edi 016f:004cdf08 e8633effff call 004c1d70 = SAL3.DLL!rtl_freeMemory 016f:004cdf0d 83c404 add esp,+04 016f:004cdf10 8bfb mov edi,ebx 016f:004cdf12 eb08 jmp 004cdf1c = SAL3.DLL:.text+0xcf1c 016f:004cdf14 896f04 mov dword ptr [edi+04],ebp 016f:004cdf17 c6442f0800 mov byte ptr [edi+ebp+08],00 016f:004cdf1c 8b442434 mov eax,dword ptr [esp+34] 016f:004cdf20 50 push eax 016f:004cdf21 e85a0b0000 call 004cea80 = SAL3.DLL!rtl_destroyUnicodeToTextConverter SAL3.DLL:.text+0xcf26: *016f:004cdf26 8b44242c mov eax,dword ptr [esp+2c] 016f:004cdf2a 83c404 add esp,+04 016f:004cdf2d 85ff test edi,edi 016f:004cdf2f 8938 mov dword ptr [eax],edi 016f:004cdf31 740d jz 004cdf40 = SAL3.DLL:.text+0xcf40 016f:004cdf33 85ed test ebp,ebp 016f:004cdf35 7509 jnz 004cdf40 = SAL3.DLL:.text+0xcf40 016f:004cdf37 50 push eax 016f:004cdf38 e893f6ffff call 004cd5d0 = SAL3.DLL!rtl_string_new 016f:004cdf3d 83c404 add esp,+04 016f:004cdf40 5f pop edi -------------------- 00a8c8a4 00552210 = SAL3.DLL:.rdata+0x6c210 -> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... 00a8c8a8 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c8ac 00a8c91c -> aa e0 43 00 e0 be 07 01 80 af 07 01 28 38 05 01 ..C.........(8.. 00a8c8b0 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c8b4 00000000 00a8c8b8 00000001 00a8c8bc 00000013 00a8c8c0 0000000c 00a8c8c4 00010101 00a8c8c8 00000082 00a8c8cc bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- ... 00a8c8d4 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c8d8 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- ... 00a8c8e0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c8e4 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- ... 00a8c8ec 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c8f0 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8c8f4 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8c8f8 0107af78 -> 18 00 00 00 68 00 00 00 90 55 65 00 70 72 0b 01 ....h....Ue.pr.. 00a8c8fc 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8c900 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8c904 00000000 00a8c908 1c803abd = TL641MI.DLL:.text+0x2abd -------------------- 016f:1c803aa9 c20400 retd 0004 016f:1c803aac 90 nop 016f:1c803aad 90 nop 016f:1c803aae 90 nop 016f:1c803aaf 90 nop 016f:1c803ab0 8b01 mov eax,dword ptr [ecx] 016f:1c803ab2 50 push eax 016f:1c803ab3 833801 cmp dword ptr [eax],+01 016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x2abd: *016f:1c803abd 83c404 add esp,+04 016f:1c803ac0 c3 retd 016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 016f:1c803ac6 59 pop ecx 016f:1c803ac7 c3 retd 016f:1c803ac8 90 nop 016f:1c803ac9 90 nop 016f:1c803aca 90 nop 016f:1c803acb 90 nop 016f:1c803acc 90 nop 016f:1c803acd 90 nop -------------------- 00a8c90c 0107af80 -> 90 55 65 00 70 72 0b 01 73 69 63 2a 00 00 00 00 .Ue.pr..sic*.... 00a8c910 1c80eda2 = TL641MI.DLL:.text+0xdda2 -------------------- 016f:1c80ed7f 7419 jz 1c80ed9a = TL641MI.DLL:.text+0xdd9a 016f:1c80ed81 8d4e10 lea ecx,[esi+10] 016f:1c80ed84 e857670100 call 1c8254e0 = TL641MI.DLL!242 016f:1c80ed89 8d4e0c lea ecx,[esi+0c] 016f:1c80ed8c e84f670100 call 1c8254e0 = TL641MI.DLL!242 016f:1c80ed91 56 push esi 016f:1c80ed92 e809410200 call 1c832ea0 = TL641MI.DLL!21 016f:1c80ed97 83c404 add esp,+04 016f:1c80ed9a 8d4f04 lea ecx,[edi+04] 016f:1c80ed9d e80e4dffff call 1c803ab0 = TL641MI.DLL!149 TL641MI.DLL:.text+0xdda2: *016f:1c80eda2 5f pop edi 016f:1c80eda3 5e pop esi 016f:1c80eda4 c3 retd 016f:1c80eda5 90 nop 016f:1c80eda6 90 nop 016f:1c80eda7 90 nop 016f:1c80eda8 90 nop 016f:1c80eda9 90 nop 016f:1c80edaa 90 nop 016f:1c80edab 90 nop 016f:1c80edac 90 nop -------------------- 00a8c914 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c918 00a8c9e8 -> 50 78 0b 01 a0 38 80 1c 50 72 0b 01 30 d9 07 01 Px...8..Pr..0... 00a8c91c 0043e0aa = SET641MI.DLL:.text+0x3d0aa -------------------- 016f:0043e077 8d4c2454 lea ecx,[esp+54] 016f:0043e07b c68424b800000006 mov byte ptr [esp+000000b8],06 016f:0043e083 e892c90300 call 0047aa1a = TL641MI.DLL!1168 016f:0043e088 8d4c2418 lea ecx,[esp+18] 016f:0043e08c c68424b800000003 mov byte ptr [esp+000000b8],03 016f:0043e094 e8c9c90300 call 0047aa62 = TL641MI.DLL!662 016f:0043e099 8d4c242c lea ecx,[esp+2c] 016f:0043e09d c68424b800000000 mov byte ptr [esp+000000b8],00 016f:0043e0a5 e8b8c90300 call 0047aa62 = TL641MI.DLL!662 SET641MI.DLL:.text+0x3d0aa: *016f:0043e0aa 8b8c24b0000000 mov ecx,dword ptr [esp+000000b0] 016f:0043e0b1 8bc6 mov eax,esi 016f:0043e0b3 5e pop esi 016f:0043e0b4 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:0043e0bb 81c4b8000000 add esp,000000b8 016f:0043e0c1 c20400 retd 0004 016f:0043e0c4 90 nop 016f:0043e0c5 90 nop 016f:0043e0c6 90 nop 016f:0043e0c7 90 nop 016f:0043e0c8 90 nop -------------------- 00a8c920 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8c924 0107af80 -> 90 55 65 00 70 72 0b 01 73 69 63 2a 00 00 00 00 .Ue.pr..sic*.... 00a8c928 01053828 -> 01 00 00 00 d5 01 00 00 0a 20 20 20 20 20 20 20 ......... 00a8c92c 00000001 00a8c930 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8c934 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c938 00000000 00a8c93c 010b71e8 -> 6f 00 6e 00 25 00 32 00 30 00 44 00 61 00 74 00 o.n.%.2.0.D.a.t. 00a8c940 010bff88 -> 28 d9 07 01 e0 55 65 00 66 69 6c 65 3a 2f 2f 2f (....Ue.file:/// 00a8c944 00000000 ... 00a8c950 0107af80 -> 90 55 65 00 70 72 0b 01 73 69 63 2a 00 00 00 00 .Ue.pr..sic*.... 00a8c954 00000000 ... 00a8c964 010b71e8 -> 6f 00 6e 00 25 00 32 00 30 00 44 00 61 00 74 00 o.n.%.2.0.D.a.t. 00a8c968 010b7158 -> 00 56 65 00 00 56 65 00 43 00 3a 00 5c 00 57 00 .Ve..Ve.C.:.\.W. 00a8c96c 00000000 ... 00a8c974 1c855b9c = TL641MI.DLL!1063 -> 90 c1 82 1c 30 c2 82 1c 80 c2 82 1c d0 c2 82 1c ....0........... 00a8c978 010bfed8 -> 66 00 69 00 6c 00 65 00 3a 00 2f 00 2f 00 2f 00 f.i.l.e.:./././. 00a8c97c 00000000 ... 00a8c984 010a40f0 -> d0 57 65 00 d0 57 65 00 20 5b 49 6e 73 74 61 6c .We..We. [Instal ... 00a8c98c 00002000 00a8c990 1e2b0000 00a8c994 004cdf08 = SAL3.DLL:.text+0xcf08 -> e8 63 3e ff ff 83 c4 04 8b fb eb 08 89 6f 04 c6 .c>..........o.. 00a8c998 00000000 00a8c99c 0000ffff 00a8c9a0 00000002 00a8c9a4 010b0001 -> 20 00 80 00 00 00 00 00 00 0b 01 00 00 0b 01 00 ............... 00a8c9a8 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8c9ac 000a2000 00a8c9b0 00000000 00a8c9b4 010b7158 -> 00 56 65 00 00 56 65 00 43 00 3a 00 5c 00 57 00 .Ve..Ve.C.:.\.W. 00a8c9b8 00000000 00a8c9bc 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c9c0 1c803adb = TL641MI.DLL:.text+0x2adb -------------------- 016f:1c803aca 90 nop 016f:1c803acb 90 nop 016f:1c803acc 90 nop 016f:1c803acd 90 nop 016f:1c803ace 90 nop 016f:1c803acf 90 nop 016f:1c803ad0 56 push esi 016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] 016f:1c803ad5 56 push esi 016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount TL641MI.DLL:.text+0x2adb: *016f:1c803adb 83c404 add esp,+04 016f:1c803ade 85c0 test eax,eax 016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb 016f:1c803ae2 56 push esi 016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory 016f:1c803ae8 83c404 add esp,+04 016f:1c803aeb 5e pop esi 016f:1c803aec c3 retd 016f:1c803aed 90 nop 016f:1c803aee 90 nop 016f:1c803aef 90 nop -------------------- 00a8c9c4 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c9c8 1c803adb = TL641MI.DLL:.text+0x2adb -------------------- 016f:1c803aca 90 nop 016f:1c803acb 90 nop 016f:1c803acc 90 nop 016f:1c803acd 90 nop 016f:1c803ace 90 nop 016f:1c803acf 90 nop 016f:1c803ad0 56 push esi 016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] 016f:1c803ad5 56 push esi 016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount TL641MI.DLL:.text+0x2adb: *016f:1c803adb 83c404 add esp,+04 016f:1c803ade 85c0 test eax,eax 016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb 016f:1c803ae2 56 push esi 016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory 016f:1c803ae8 83c404 add esp,+04 016f:1c803aeb 5e pop esi 016f:1c803aec c3 retd 016f:1c803aed 90 nop 016f:1c803aee 90 nop 016f:1c803aef 90 nop -------------------- 00a8c9cc 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8c9d0 00a8ca1c -> 50 72 0b 01 40 ff 0b 01 d0 fe 0b 01 f0 b4 07 01 Pr..@........... 00a8c9d4 1c803ac6 = TL641MI.DLL:.text+0x2ac6 -------------------- 016f:1c803aae 90 nop 016f:1c803aaf 90 nop 016f:1c803ab0 8b01 mov eax,dword ptr [ecx] 016f:1c803ab2 50 push eax 016f:1c803ab3 833801 cmp dword ptr [eax],+01 016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory 016f:1c803abd 83c404 add esp,+04 016f:1c803ac0 c3 retd 016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 TL641MI.DLL:.text+0x2ac6: *016f:1c803ac6 59 pop ecx 016f:1c803ac7 c3 retd 016f:1c803ac8 90 nop 016f:1c803ac9 90 nop 016f:1c803aca 90 nop 016f:1c803acb 90 nop 016f:1c803acc 90 nop 016f:1c803acd 90 nop 016f:1c803ace 90 nop 016f:1c803acf 90 nop 016f:1c803ad0 56 push esi -------------------- 00a8c9d8 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8c9dc 0043d7e9 = SET641MI.DLL:.text+0x3c7e9 -> 8b 4c 24 10 8b c6 5e 64 89 0d 00 00 00 00 83 c4 .L$...^d........ 00a8c9e0 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c9e4 1c803adb = TL641MI.DLL:.text+0x2adb -------------------- 016f:1c803aca 90 nop 016f:1c803acb 90 nop 016f:1c803acc 90 nop 016f:1c803acd 90 nop 016f:1c803ace 90 nop 016f:1c803acf 90 nop 016f:1c803ad0 56 push esi 016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] 016f:1c803ad5 56 push esi 016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount TL641MI.DLL:.text+0x2adb: *016f:1c803adb 83c404 add esp,+04 016f:1c803ade 85c0 test eax,eax 016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb 016f:1c803ae2 56 push esi 016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory 016f:1c803ae8 83c404 add esp,+04 016f:1c803aeb 5e pop esi 016f:1c803aec c3 retd 016f:1c803aed 90 nop 016f:1c803aee 90 nop 016f:1c803aef 90 nop -------------------- 00a8c9e8 010b7850 -> 45 3a 5c 4f 66 66 69 63 65 5c 4f 66 66 6f 70 65 E:\Office\Offope 00a8c9ec 1c8038a0 = TL641MI.DLL:.text+0x28a0 -------------------- 016f:1c80388d 90 nop 016f:1c80388e 90 nop 016f:1c80388f 90 nop 016f:1c803890 56 push esi 016f:1c803891 57 push edi 016f:1c803892 8b7c240c mov edi,dword ptr [esp+0c] 016f:1c803896 8bf1 mov esi,ecx 016f:1c803898 8b07 mov eax,dword ptr [edi] 016f:1c80389a 50 push eax 016f:1c80389b e870040500 call 1c853d10 = SAL3.DLL!osl_incrementInterlockedCount TL641MI.DLL:.text+0x28a0: *016f:1c8038a0 8b0f mov ecx,dword ptr [edi] 016f:1c8038a2 83c404 add esp,+04 016f:1c8038a5 890e mov dword ptr [esi],ecx 016f:1c8038a7 8bc6 mov eax,esi 016f:1c8038a9 5f pop edi 016f:1c8038aa 5e pop esi 016f:1c8038ab c20400 retd 0004 016f:1c8038ae 90 nop 016f:1c8038af 90 nop 016f:1c8038b0 8b442404 mov eax,dword ptr [esp+04] 016f:1c8038b4 53 push ebx -------------------- 00a8c9f0 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8c9f4 0107d930 -> e0 55 65 00 80 ff 0b 01 66 69 6c 65 3a 2f 2f 2f .Ue.....file:/// 00a8c9f8 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8c9fc 010c1db2 = JVM641MI.DLL:.text+0xdb2 -------------------- 016f:010c1d92 8d4c243c lea ecx,[esp+3c] 016f:010c1d96 50 push eax 016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 016f:010c1d9c 8d4c2414 lea ecx,[esp+14] 016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 016f:010c1da5 51 push ecx 016f:010c1da6 8d442440 lea eax,[esp+40] 016f:010c1daa 8bcc mov ecx,esp 016f:010c1dac 50 push eax 016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 JVM641MI.DLL:.text+0xdb2: *016f:010c1db2 e829190000 call 010c36e0 = JVM641MI.DLL:.text+0x26e0 016f:010c1db7 8b4c2448 mov ecx,dword ptr [esp+48] 016f:010c1dbb 51 push ecx 016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release 016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] 016f:010c1dc5 52 push edx 016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release 016f:010c1dcb 83c40c add esp,+0c 016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e 016f:010c1dd3 8bce mov ecx,esi 016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 -------------------- 00a8ca00 010c1db7 = JVM641MI.DLL:.text+0xdb7 -------------------- 016f:010c1d96 50 push eax 016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 016f:010c1d9c 8d4c2414 lea ecx,[esp+14] 016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 016f:010c1da5 51 push ecx 016f:010c1da6 8d442440 lea eax,[esp+40] 016f:010c1daa 8bcc mov ecx,esp 016f:010c1dac 50 push eax 016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 016f:010c1db2 e829190000 call 010c36e0 = JVM641MI.DLL:.text+0x26e0 JVM641MI.DLL:.text+0xdb7: *016f:010c1db7 8b4c2448 mov ecx,dword ptr [esp+48] 016f:010c1dbb 51 push ecx 016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release 016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] 016f:010c1dc5 52 push edx 016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release 016f:010c1dcb 83c40c add esp,+0c 016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e 016f:010c1dd3 8bce mov ecx,esi 016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 016f:010c1dda 50 push eax -------------------- 00a8ca04 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8ca08 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8ca0c 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8ca10 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8ca14 0107be0e -> 00 00 45 3a 00 00 58 cd 07 01 38 00 00 80 18 00 ..E:..X...8..... 00a8ca18 00000000 00a8ca1c 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8ca20 010bff40 -> 01 00 00 00 2e 00 00 00 66 69 6c 65 3a 2f 2f 2f ........file:/// 00a8ca24 010bfed0 -> 01 00 00 00 2e 00 00 00 66 00 69 00 6c 00 65 00 ........f.i.l.e. 00a8ca28 0107b4f0 -> 01 00 00 00 21 00 00 00 45 3a 5c 4f 66 66 69 63 ....!...E:\Offic 00a8ca2c 010bff40 -> 01 00 00 00 2e 00 00 00 66 69 6c 65 3a 2f 2f 2f ........file:/// 00a8ca30 00000000 00a8ca34 0107b048 -> 01 00 00 00 14 00 00 00 46 3a 5c 44 4f 57 4e 4c ........F:\DOWNL 00a8ca38 0107b4f0 -> 01 00 00 00 21 00 00 00 45 3a 5c 4f 66 66 69 63 ....!...E:\Offic 00a8ca3c 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8ca40 0107afc8 -> 01 00 00 00 1a 00 00 00 45 3a 5c 4f 66 66 69 63 ........E:\Offic 00a8ca44 010b7250 -> 03 00 00 00 13 00 00 00 46 3a 5c 54 65 6d 70 20 ........F:\Temp 00a8ca48 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8ca4c 0107d8f8 -> 01 00 00 00 11 00 00 00 45 00 3a 00 5c 00 4f 00 ........E.:.\.O. 00a8ca50 00000000 00a8ca54 010b7108 -> 01 00 00 00 06 00 00 00 6a 76 6d 36 34 31 00 00 ........jvm641.. 00a8ca58 00000002 00a8ca5c 00000000 ... 00a8ca90 00000001 00a8ca94 00000000 ... 00a8cb74 00000002 00a8cb78 00a8cba8 -> 46 00 3a 00 5c 00 54 00 45 00 4d 00 50 00 5c 00 F.:.\.T.E.M.P.\. 00a8cb7c 004c66b1 = SAL3.DLL:.text+0x56b1 -------------------- 016f:004c669d 90 nop 016f:004c669e 90 nop 016f:004c669f 90 nop 016f:004c66a0 56 push esi 016f:004c66a1 8b742408 mov esi,dword ptr [esp+08] 016f:004c66a5 57 push edi 016f:004c66a6 6a5c push +5c 016f:004c66a8 56 push esi 016f:004c66a9 33ff xor edi,edi 016f:004c66ab ff1578624e00 call dword ptr [004e6278] -> MSVCRT.DLL!wcsrchr SAL3.DLL:.text+0x56b1: *016f:004c66b1 83c408 add esp,+08 016f:004c66b4 3bc7 cmp eax,edi 016f:004c66b6 742c jz 004c66e4 = SAL3.DLL:.text+0x56e4 016f:004c66b8 66397802 cmp word ptr [eax+02],di 016f:004c66bc 7518 jnz 004c66d6 = SAL3.DLL:.text+0x56d6 016f:004c66be 3bc6 cmp eax,esi 016f:004c66c0 7622 jbe 004c66e4 = SAL3.DLL:.text+0x56e4 016f:004c66c2 668378fe3a cmp word ptr [eax-02],+3a 016f:004c66c7 741b jz 004c66e4 = SAL3.DLL:.text+0x56e4 016f:004c66c9 668938 mov word ptr [eax],di 016f:004c66cc 5f pop edi -------------------- 00a8cb80 004c6703 = SAL3.DLL:.text+0x5703 -------------------- 016f:004c66ee 90 nop 016f:004c66ef 90 nop 016f:004c66f0 56 push esi 016f:004c66f1 8b742408 mov esi,dword ptr [esp+08] 016f:004c66f5 57 push edi 016f:004c66f6 33ff xor edi,edi 016f:004c66f8 85f6 test esi,esi 016f:004c66fa 7432 jz 004c672e = SAL3.DLL:.text+0x572e 016f:004c66fc 56 push esi 016f:004c66fd ff158c624e00 call dword ptr [004e628c] -> MSVCRT.DLL!wcslen SAL3.DLL:.text+0x5703: *016f:004c6703 83c404 add esp,+04 016f:004c6706 85c0 test eax,eax 016f:004c6708 740f jz 004c6719 = SAL3.DLL:.text+0x5719 016f:004c670a 66837c46fe5c cmp word ptr [esi+eax*2-02],+5c 016f:004c6710 741c jz 004c672e = SAL3.DLL:.text+0x572e 016f:004c6712 3d03010000 cmp eax,00000103 016f:004c6717 7d15 jge 004c672e = SAL3.DLL:.text+0x572e 016f:004c6719 8d0446 lea eax,[esi+eax*2] 016f:004c671c 5f pop edi 016f:004c671d 5e pop esi 016f:004c671e 66c7005c00 mov word ptr [eax],005c -------------------- 00a8cb84 00a8cba8 -> 46 00 3a 00 5c 00 54 00 45 00 4d 00 50 00 5c 00 F.:.\.T.E.M.P.\. 00a8cb88 004c683c = SAL3.DLL:.text+0x583c -------------------- 016f:004c681c 50 push eax 016f:004c681d ff1574624e00 call dword ptr [004e6274] -> MSVCRT.DLL!_wcsupr 016f:004c6823 83c404 add esp,+04 016f:004c6826 8bb42470040000 mov esi,dword ptr [esp+00000470] 016f:004c682d 8d4c2410 lea ecx,[esp+10] 016f:004c6831 51 push ecx 016f:004c6832 56 push esi 016f:004c6833 ff1588624e00 call dword ptr [004e6288] -> MSVCRT.DLL!wcscpy 016f:004c6839 56 push esi 016f:004c683a ffd5 call ebp SAL3.DLL:.text+0x583c: *016f:004c683c 83c40c add esp,+0c 016f:004c683f 5f pop edi 016f:004c6840 5e pop esi 016f:004c6841 5d pop ebp 016f:004c6842 5b pop ebx 016f:004c6843 81c458040000 add esp,00000458 016f:004c6849 c20c00 retd 000c 016f:004c684c 90 nop 016f:004c684d 90 nop 016f:004c684e 90 nop 016f:004c684f 90 nop -------------------- 00a8cb8c 00a8d020 -> 38 d0 a8 00 a8 80 00 00 50 d0 a8 00 84 d0 a8 00 8.......P....... ... 00a8cb94 00a8cba8 -> 46 00 3a 00 5c 00 54 00 45 00 4d 00 50 00 5c 00 F.:.\.T.E.M.P.\. 00a8cb98 00a8d498 -> 14 00 c8 84 dc 3b b7 0a 00 00 90 77 07 01 00 00 .....;.....w.... 00a8cb9c 00000007 00a8cba0 780115fd = MSVCRT.DLL!wcslen -------------------- 016f:780115eb 41 inc ecx 016f:780115ec 6685d2 test dx,dx 016f:780115ef 740a jz 780115fb = MSVCRT.DLL:.text+0x105fb 016f:780115f1 668b11 mov dx,word ptr [ecx] 016f:780115f4 668916 mov word ptr [esi],dx 016f:780115f7 46 inc esi 016f:780115f8 46 inc esi 016f:780115f9 ebef jmp 780115ea = MSVCRT.DLL:.text+0x105ea 016f:780115fb 5e pop esi 016f:780115fc c3 retd MSVCRT.DLL!wcslen: *016f:780115fd 8b4c2404 mov ecx,dword ptr [esp+04] 016f:78011601 66833900 cmp word ptr [ecx],+00 016f:78011605 8d4102 lea eax,[ecx+02] 016f:78011608 740a jz 78011614 = MSVCRT.DLL:.text+0x10614 016f:7801160a 668b10 mov dx,word ptr [eax] 016f:7801160d 40 inc eax 016f:7801160e 40 inc eax 016f:7801160f 6685d2 test dx,dx 016f:78011612 75f6 jnz 7801160a = MSVCRT.DLL:.text+0x1060a 016f:78011614 2bc1 sub eax,ecx 016f:78011616 d1f8 sar eax,EvIa -------------------- 00a8cba4 0000000f 00a8cba8 003a0046 00a8cbac 0054005c = SAL3.DLL:.rdata+0x5a05c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8cbb0 004d0045 = SAL3.DLL:.text+0xf045 -> ff ff 83 c4 04 3b fe 8b e8 7e 22 8d 53 08 56 8d .....;....".S.V. 00a8cbb4 005c0050 = SAL3.DLL:.rdata+0xda050 -> 41 72 49 72 4a 72 6c 72 70 72 73 72 6e 72 ca 72 ArIrJrlrprsrnr.r 00a8cbb8 00000000 ... 00a8cf0c 32670177 00a8cf10 01770167 00a8cf14 01673267 = LOCALEDATA_ASCII.DLL:.rdata+0x1d267 -> 00 00 00 00 00 0d 00 00 00 5b 00 24 00 24 00 2d .........[.$.$.- 00a8cf18 19935f32 00a8cf1c 32b7015f 00a8cf20 01577656 = I18N641MI.DLL:.data+0x45656 -> 3b 61 3c 61 3d 61 3e 61 3f 61 40 61 41 61 42 61 ;aa?a@aAaBa 00a8cf24 00030007 00a8cf28 1c6e4f10 = VCL641MI.DLL:.text+0xe3f10 -> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 00a8cf2c 32670177 00a8cf30 5f5e0167 00a8cf34 5f680acf 00a8cf38 09c71429 00a8cf3c 09c7130e 00a8cf40 02a4001e 00a8cf44 0acf0000 00a8cf48 0d5e0000 00a8cf4c 4d730d5e 00a8cf50 02a409d7 00a8cf54 00000000 00a8cf58 000002a4 00a8cf5c 01770177 00a8cf60 34973267 00a8cf64 00003497 00a8cf68 05105f80 00a8cf6c 014009d7 00a8cf70 001e35cf 00a8cf74 00000000 ... 00a8cf7c bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8cf80 0000016f 00a8cf84 bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8cf88 0001bb24 ... 00a8cf90 bff6287a = KERNEL32.DLL:_FREQASM+0x187a -------------------- 016f:bff62857 33ff xor edi,edi 016f:bff62859 8ee6 mov fs,si 016f:bff6285b 8eef mov gs,di 016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] 016f:bff62865 6683eb01 sub bx,+01 016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e 016f:bff6286b 8bf0 mov esi,eax 016f:bff6286d 8bfa mov edi,edx 016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc KERNEL32.DLL:_FREQASM+0x187a: *016f:bff6287a 8bd7 mov edx,edi 016f:bff6287c 8bc6 mov eax,esi 016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] 016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] 016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] 016f:bff6288f ff65dc jmp dword ptr [ebp-24] 016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] 016f:bff62899 668945da mov word ptr [ebp-26],ax 016f:bff6289d 8f45dc pop dword ptr [ebp-24] 016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] -------------------- 00a8cf94 0001bb24 00a8cf98 bff6287a = KERNEL32.DLL:_FREQASM+0x187a -------------------- 016f:bff62857 33ff xor edi,edi 016f:bff62859 8ee6 mov fs,si 016f:bff6285b 8eef mov gs,di 016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] 016f:bff62865 6683eb01 sub bx,+01 016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e 016f:bff6286b 8bf0 mov esi,eax 016f:bff6286d 8bfa mov edi,edx 016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc KERNEL32.DLL:_FREQASM+0x187a: *016f:bff6287a 8bd7 mov edx,edi 016f:bff6287c 8bc6 mov eax,esi 016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] 016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] 016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] 016f:bff6288f ff65dc jmp dword ptr [ebp-24] 016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] 016f:bff62899 668945da mov word ptr [ebp-26],ax 016f:bff6289d 8f45dc pop dword ptr [ebp-24] 016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] -------------------- 00a8cf9c 00000000 ... 00a8cfb0 bff430c4 = USER32.DLL:.text+0x20c4 -------------------- 016f:bff430a8 b12b mov cl,2b 016f:bff430aa 55 push ebp 016f:bff430ab 8bec mov ebp,esp 016f:bff430ad 51 push ecx 016f:bff430ae 83ec3c sub esp,+3c 016f:bff430b1 66ff7508 push word ptr [ebp+08] 016f:bff430b5 ff750c push dword ptr [ebp+0c] 016f:bff430b8 ff7510 push dword ptr [ebp+10] 016f:bff430bb ff7514 push dword ptr [ebp+14] 016f:bff430be ff15bf27f4bf call dword ptr [bff427bf] -> USER32.DLL:.data+0x474 USER32.DLL:.text+0x20c4: *016f:bff430c4 c1e010 shl eax,10 016f:bff430c7 0facd010 shrd eax,edx,10 016f:bff430cb c9 leave 016f:bff430cc c21000 retd 0010 016f:bff430cf b129 mov cl,29 016f:bff430d1 55 push ebp 016f:bff430d2 8bec mov ebp,esp 016f:bff430d4 51 push ecx 016f:bff430d5 83ec3c sub esp,+3c 016f:bff430d8 66ff7508 push word ptr [ebp+08] 016f:bff430dc ff750c push dword ptr [ebp+0c] -------------------- 00a8cfb4 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8cfb8 bff41bc7 = USER32.DLL:.text+0xbc7 -------------------- 016f:bff41bad b179 mov cl,79 016f:bff41baf eb02 jmp bff41bb3 = USER32.DLL:.text+0xbb3 016f:bff41bb1 b162 mov cl,62 016f:bff41bb3 55 push ebp 016f:bff41bb4 8bec mov ebp,esp 016f:bff41bb6 51 push ecx 016f:bff41bb7 83ec3c sub esp,+3c 016f:bff41bba 66ff7508 push word ptr [ebp+08] 016f:bff41bbe ff750c push dword ptr [ebp+0c] 016f:bff41bc1 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 USER32.DLL:.text+0xbc7: *016f:bff41bc7 98 cwde 016f:bff41bc8 c9 leave 016f:bff41bc9 c20800 retd 0008 016f:bff41bcc b15e mov cl,5e 016f:bff41bce eb0a jmp bff41bda = USER32.DLL:.text+0xbda 016f:bff41bd0 b1d5 mov cl,d5 016f:bff41bd2 eb06 jmp bff41bda = USER32.DLL:.text+0xbda 016f:bff41bd4 b1b5 mov cl,b5 016f:bff41bd6 eb02 jmp bff41bda = USER32.DLL:.text+0xbda 016f:bff41bd8 b15f mov cl,5f 016f:bff41bda 55 push ebp -------------------- 00a8cfbc 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8cfc0 00000000 ... 00a8cfc8 0000001e 00a8cfcc 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8cfd0 00000471 00a8cfd4 00000570 00a8cfd8 1c6e4ec8 = VCL641MI.DLL:.text+0xe3ec8 -------------------- 016f:1c6e4eab 85c0 test eax,eax 016f:1c6e4ead 7409 jz 1c6e4eb8 = VCL641MI.DLL:.text+0xe3eb8 016f:1c6e4eaf 50 push eax 016f:1c6e4eb0 6a00 push +00 016f:1c6e4eb2 ff15d4f36f1c call dword ptr [1c6ff3d4] -> USER32.DLL!KillTimer 016f:1c6e4eb8 68104f6e1c push 1c6e4f10 016f:1c6e4ebd 57 push edi 016f:1c6e4ebe 6a00 push +00 016f:1c6e4ec0 6a00 push +00 016f:1c6e4ec2 ff15d0f36f1c call dword ptr [1c6ff3d0] -> USER32.DLL!SetTimer VCL641MI.DLL:.text+0xe3ec8: *016f:1c6e4ec8 894630 mov dword ptr [esi+30],eax 016f:1c6e4ecb 5f pop edi 016f:1c6e4ecc 5e pop esi 016f:1c6e4ecd c3 retd 016f:1c6e4ece 90 nop 016f:1c6e4ecf 90 nop 016f:1c6e4ed0 a188ca711c mov eax,dword ptr [1c71ca88] 016f:1c6e4ed5 56 push esi 016f:1c6e4ed6 8b30 mov esi,dword ptr [eax] 016f:1c6e4ed8 8b4630 mov eax,dword ptr [esi+30] 016f:1c6e4edb 85c0 test eax,eax -------------------- 00a8cfdc 00000000 ... 00a8cfe4 0000001e 00a8cfe8 1c6e4f10 = VCL641MI.DLL:.text+0xe3f10 -> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 00a8cfec 00000000 ... 00a8cff4 1c6dcd60 = VCL641MI.DLL:.text+0xdbd60 -------------------- 016f:1c6dcd44 83c410 add esp,+10 016f:1c6dcd47 8bc6 mov eax,esi 016f:1c6dcd49 5f pop edi 016f:1c6dcd4a c70100000000 mov dword ptr [ecx],00000000 016f:1c6dcd50 5e pop esi 016f:1c6dcd51 c21400 retd 0014 016f:1c6dcd54 8b542418 mov edx,dword ptr [esp+18] 016f:1c6dcd58 6a00 push +00 016f:1c6dcd5a 52 push edx 016f:1c6dcd5b e820810000 call 1c6e4e80 = VCL641MI.DLL:.text+0xe3e80 VCL641MI.DLL:.text+0xdbd60: *016f:1c6dcd60 8b442424 mov eax,dword ptr [esp+24] 016f:1c6dcd64 83c408 add esp,+08 016f:1c6dcd67 c70000000000 mov dword ptr [eax],00000000 016f:1c6dcd6d 8bc6 mov eax,esi 016f:1c6dcd6f 5f pop edi 016f:1c6dcd70 5e pop esi 016f:1c6dcd71 c21400 retd 0014 016f:1c6dcd74 8b0d88ca711c mov ecx,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 016f:1c6dcd7a 8b542414 mov edx,dword ptr [esp+14] 016f:1c6dcd7e 52 push edx 016f:1c6dcd7f 8b01 mov eax,dword ptr [ecx] -------------------- 00a8cff8 0000001e 00a8cffc 00000000 ... 00a8d004 0000001e 00a8d008 1c6dceeb = VCL641MI.DLL:.text+0xdbeeb -------------------- 016f:1c6dced0 8d44240c lea eax,[esp+0c] 016f:1c6dced4 57 push edi 016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] 016f:1c6dced9 50 push eax 016f:1c6dceda 56 push esi 016f:1c6dcedb 57 push edi 016f:1c6dcedc 53 push ebx 016f:1c6dcedd 55 push ebp 016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 VCL641MI.DLL:.text+0xdbeeb: *016f:1c6dceeb 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c6dceef 89442424 mov dword ptr [esp+24],eax 016f:1c6dcef3 85c9 test ecx,ecx 016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] 016f:1c6dcefb 51 push ecx 016f:1c6dcefc 56 push esi 016f:1c6dcefd 57 push edi 016f:1c6dcefe 53 push ebx 016f:1c6dceff 55 push ebp 016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 -------------------- 00a8d00c 00000570 00a8d010 00000471 00a8d014 00000000 00a8d018 0000001e 00a8d01c 00a8d030 -> 00 00 00 00 13 36 f6 bf 70 05 00 00 e2 13 f6 bf .....6..p....... 00a8d020 00a8d038 -> 70 05 00 00 e2 13 f6 bf 6f 01 00 00 c1 41 f6 bf p.......o....A.. 00a8d024 000080a8 00a8d028 00a8d050 -> 24 bb 01 00 26 18 f6 bf 00 00 00 00 00 00 a4 02 $...&........... 00a8d02c 00a8d084 -> 00 00 46 02 00 00 e0 80 00 00 c6 3c 71 1c d7 0a ..F........ e8 ff 0b 01 64 d9 67 1c e8 ff 0b 01 00 00 00 00 ....d.g......... 00a8d070 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8d074 8082347f 00a8d078 00000000 00a8d07c 36a78082 00a8d080 00000471 00a8d084 02460000 00a8d088 80e00000 00a8d08c 3cc60000 00a8d090 0ad71c71 00a8d094 2737bb24 00a8d098 0000015f 00a8d09c 273736a7 00a8d0a0 80e6015f 00a8d0a4 0ab73d92 00a8d0a8 00000004 00a8d0ac 00000000 00a8d0b0 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8d0b4 0000001e 00a8d0b8 00000000 00a8d0bc 00000471 00a8d0c0 00103d92 00a8d0c4 00000000 00a8d0c8 80d20000 00a8d0cc ffff7a6d 00a8d0d0 80e636a7 00a8d0d4 0ab73dd9 00a8d0d8 36a7ffff 00a8d0dc 00000000 00a8d0e0 000c36a7 00a8d0e4 810a0000 00a8d0e8 00030000 00a8d0ec 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8d0f0 09d7108b 00a8d0f4 001e0000 00a8d0f8 00000000 00a8d0fc 05700471 00a8d100 1c71000c = VCL641MI.DLL:.rdata+0x1100c -> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ 00a8d104 00000000 00a8d108 81520ad7 00a8d10c 09e71b97 00a8d110 00000001 00a8d114 0000001e 00a8d118 04710000 00a8d11c 09d70ddc 00a8d120 09e71cb9 00a8d124 000c81cc 00a8d128 00000000 ... 00a8d134 00a8d114 -> 1e 00 00 00 00 00 71 04 dc 0d d7 09 b9 1c e7 09 ......q......... 00a8d138 00a8d168 -> 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ................ 00a8d13c 00a8f02c -> 48 f2 a8 00 11 db 00 78 e0 32 03 78 ff ff ff ff H......x.2.x.... 00a8d140 78000570 = MSVCRT.DLL+0x570 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d144 00005638 00a8d148 004c0000 = SAL3.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8d14c 0000d5e0 00a8d150 817e0000 00a8d154 000019f0 00a8d158 00000000 00a8d15c 0000001e 00a8d160 04710000 00a8d164 00028470 00a8d168 00000000 ... 00a8d174 ffffffff 00a8d178 00010000 00a8d17c 819e0ad7 00a8d180 09d7031e 00a8d184 00000000 00a8d188 ffffffff 00a8d18c 00000000 00a8d190 0000001e 00a8d194 04710000 00a8d198 00028470 00a8d19c 81cc0323 00a8d1a0 0ab73863 00a8d1a4 001e0000 00a8d1a8 00000000 00a8d1ac 05700471 00a8d1b0 04710570 00a8d1b4 00000000 00a8d1b8 0000001e 00a8d1bc 00000000 00a8d1c0 c2c80002 00a8d1c4 00060000 00a8d1c8 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d1cc 0000016f 00a8d1d0 bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8d1d4 0001bb24 ... 00a8d1dc bff61547 = KERNEL32.DLL:_FREQASM+0x547 -------------------- 016f:bff6151d 660bff or di,di 016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e 016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff61527 ff30 push dword ptr [eax] 016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] 016f:bff61536 6683ef01 sub di,+01 016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x547: *016f:bff61547 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff6154f 8bc6 mov eax,esi 016f:bff61551 0fb6cb movzx ecx,bl 016f:bff61554 5f pop edi 016f:bff61555 5e pop esi 016f:bff61556 5b pop ebx 016f:bff61557 5d pop ebp 016f:bff61558 5a pop edx 016f:bff61559 03e1 add esp,ecx 016f:bff6155b ffe2 jmp edx 016f:bff6155d 55 push ebp -------------------- 00a8d1e0 1c71dae8 = VCL641MI.DLL:.data+0x5ae8 -> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... 00a8d1e4 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8d1e8 00000000 00a8d1ec 00a8d2ac -> 0a 24 4c 00 10 80 bb 00 6c 05 00 00 44 ae dd 00 .$L.....l...D... 00a8d1f0 1c6ec75e = VCL641MI.DLL:.text+0xeb75e -------------------- 016f:1c6ec743 c3 retd 016f:1c6ec744 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c6ec748 8b54240c mov edx,dword ptr [esp+0c] 016f:1c6ec74c 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec750 51 push ecx 016f:1c6ec751 8b4c2408 mov ecx,dword ptr [esp+08] 016f:1c6ec755 52 push edx 016f:1c6ec756 50 push eax 016f:1c6ec757 51 push ecx 016f:1c6ec758 ff15e8f36f1c call dword ptr [1c6ff3e8] -> USER32.DLL!SendMessageA VCL641MI.DLL:.text+0xeb75e: *016f:1c6ec75e c3 retd 016f:1c6ec75f 90 nop 016f:1c6ec760 a15cd3711c mov eax,dword ptr [1c71d35c] 016f:1c6ec765 85c0 test eax,eax 016f:1c6ec767 741b jz 1c6ec784 = VCL641MI.DLL:.text+0xeb784 016f:1c6ec769 8b442410 mov eax,dword ptr [esp+10] 016f:1c6ec76d 8b4c240c mov ecx,dword ptr [esp+0c] 016f:1c6ec771 8b542408 mov edx,dword ptr [esp+08] 016f:1c6ec775 50 push eax 016f:1c6ec776 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec77a 51 push ecx -------------------- 00a8d1f4 00000000 00a8d1f8 00000570 00a8d1fc 00000000 00a8d200 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8d204 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d208 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d20c bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8d210 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d214 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d218 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d21c bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8d220 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d224 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d228 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8d22c 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d230 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d234 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d238 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8d23c 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d240 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d244 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d248 010bffe0 -> 01 00 4d 00 0f 00 00 00 20 d8 07 01 98 af 07 01 ..M..... ....... 00a8d24c 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8d250 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8d254 010bffe8 -> 20 d8 07 01 98 af 07 01 00 00 00 00 e8 ff 0b 01 ............... 00a8d258 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8d25c 010bffe8 -> 20 d8 07 01 98 af 07 01 00 00 00 00 e8 ff 0b 01 ............... 00a8d260 1c67d964 = VCL641MI.DLL:.text+0x7c964 -------------------- 016f:1c67d94e 48 dec eax 016f:1c67d94f 8906 mov dword ptr [esi],eax 016f:1c67d951 5e pop esi 016f:1c67d952 c3 retd 016f:1c67d953 85f6 test esi,esi 016f:1c67d955 7410 jz 1c67d967 = VCL641MI.DLL:.text+0x7c967 016f:1c67d957 8bce mov ecx,esi 016f:1c67d959 e802f7ffff call 1c67d060 = VCL641MI.DLL:.text+0x7c060 016f:1c67d95e 56 push esi 016f:1c67d95f e808770700 call 1c6f506c = TL641MI.DLL!21 VCL641MI.DLL:.text+0x7c964: *016f:1c67d964 83c404 add esp,+04 016f:1c67d967 5e pop esi 016f:1c67d968 c3 retd 016f:1c67d969 90 nop 016f:1c67d96a 90 nop 016f:1c67d96b 90 nop 016f:1c67d96c 90 nop 016f:1c67d96d 90 nop 016f:1c67d96e 90 nop 016f:1c67d96f 90 nop 016f:1c67d970 8b542404 mov edx,dword ptr [esp+04] -------------------- 00a8d264 010bffe8 -> 20 d8 07 01 98 af 07 01 00 00 00 00 e8 ff 0b 01 ............... 00a8d268 00000000 00a8d26c 1c6acd8e = VCL641MI.DLL:.text+0xabd8e -------------------- 016f:1c6acd5e 8d4c2430 lea ecx,[esp+30] 016f:1c6acd62 e8490bfdff call 1c67d8b0 = VCL641MI.DLL!2530 016f:1c6acd67 8b4c2428 mov ecx,dword ptr [esp+28] 016f:1c6acd6b 8d44242c lea eax,[esp+2c] 016f:1c6acd6f 50 push eax 016f:1c6acd70 c744242400000000 mov dword ptr [esp+24],00000000 016f:1c6acd78 e8834dffff call 1c6a1b00 = VCL641MI.DLL:.text+0xa0b00 016f:1c6acd7d 8d4c242c lea ecx,[esp+2c] 016f:1c6acd81 c7442420ffffffff mov dword ptr [esp+20],ffffffff 016f:1c6acd89 e8b20bfdff call 1c67d940 = VCL641MI.DLL!2534 VCL641MI.DLL:.text+0xabd8e: *016f:1c6acd8e 8b4c2418 mov ecx,dword ptr [esp+18] 016f:1c6acd92 5e pop esi 016f:1c6acd93 5d pop ebp 016f:1c6acd94 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:1c6acd9b 83c41c add esp,+1c 016f:1c6acd9e c3 retd 016f:1c6acd9f 90 nop 016f:1c6acda0 83ec08 sub esp,+08 016f:1c6acda3 56 push esi 016f:1c6acda4 8b742410 mov esi,dword ptr [esp+10] 016f:1c6acda8 8b86f4000000 mov eax,dword ptr [esi+000000f4] -------------------- 00a8d270 0000015e 00a8d274 bff45537 = USER32.DLL!CopyRect -------------------- 016f:bff45525 740b jz bff45532 = USER32.DLL:.text+0x4532 016f:bff45527 b904000000 mov ecx,00000004 016f:bff4552c fc cld 016f:bff4552d 1e push ds 016f:bff4552e 07 pop es 016f:bff4552f f3ab rep stos dword ptr es:[edi],eax 016f:bff45531 48 dec eax 016f:bff45532 5f pop edi 016f:bff45533 c9 leave 016f:bff45534 c20400 retd 0004 USER32.DLL!CopyRect: *016f:bff45537 55 push ebp 016f:bff45538 8bec mov ebp,esp 016f:bff4553a 56 push esi 016f:bff4553b 57 push edi 016f:bff4553c 33c0 xor eax,eax 016f:bff4553e 8b7d08 mov edi,dword ptr [ebp+08] 016f:bff45541 0bff or edi,edi 016f:bff45543 7412 jz bff45557 = USER32.DLL:.text+0x4557 016f:bff45545 8b750c mov esi,dword ptr [ebp+0c] 016f:bff45548 0bf6 or esi,esi 016f:bff4554a 740b jz bff45557 = USER32.DLL:.text+0x4557 -------------------- 00a8d278 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d27c 0000016f 00a8d280 bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8d284 0001bb24 00a8d288 00a8d3d4 -> 14 d6 a8 00 00 00 01 00 d7 0a 14 2b d7 09 cc 84 ...........+.... 00a8d28c 1c6fdb18 = VCL641MI.DLL:.text+0xfcb18 -> b8 f8 c4 70 1c e9 74 ca ff ff cc cc cc cc cc cc ...p..t......... 00a8d290 ffffffff 00a8d294 1c6ac31b = VCL641MI.DLL:.text+0xab31b -------------------- 016f:1c6ac2f9 894c2414 mov dword ptr [esp+14],ecx 016f:1c6ac2fd 8d4430ff lea eax,[eax+esi-01] 016f:1c6ac301 7505 jnz 1c6ac308 = VCL641MI.DLL:.text+0xab308 016f:1c6ac303 b80180ffff mov eax,ffff8001 016f:1c6ac308 8b542430 mov edx,dword ptr [esp+30] 016f:1c6ac30c 8d4c240c lea ecx,[esp+0c] 016f:1c6ac310 51 push ecx 016f:1c6ac311 52 push edx 016f:1c6ac312 89442420 mov dword ptr [esp+20],eax 016f:1c6ac316 e8b5090000 call 1c6accd0 = VCL641MI.DLL:.text+0xabcd0 VCL641MI.DLL:.text+0xab31b: *016f:1c6ac31b 83c408 add esp,+08 016f:1c6ac31e 8bc3 mov eax,ebx 016f:1c6ac320 5f pop edi 016f:1c6ac321 5e pop esi 016f:1c6ac322 5b pop ebx 016f:1c6ac323 83c420 add esp,+20 016f:1c6ac326 c3 retd 016f:1c6ac327 8b442430 mov eax,dword ptr [esp+30] 016f:1c6ac32b b908000000 mov ecx,00000008 016f:1c6ac330 8d7c240c lea edi,[esp+0c] 016f:1c6ac334 8bb0f8000000 mov esi,dword ptr [eax+000000f8] -------------------- 00a8d298 00ddb3d8 -> 5c 85 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 \.p............. 00a8d29c 010bffe8 -> 20 d8 07 01 98 af 07 01 00 00 00 00 e8 ff 0b 01 ............... 00a8d2a0 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d2a4 8198a3cc -> 04 00 00 00 02 00 00 00 00 78 6c c1 00 00 00 00 .........xl..... 00a8d2a8 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d2ac 004c240a = SAL3.DLL:.text+0x140a -------------------- 016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection 016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] 016f:004c23f3 48 dec eax 016f:004c23f4 894618 mov dword ptr [esi+18],eax 016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 016f:004c2400 68f0916500 push 006591f0 016f:004c2405 ffd7 call edi 016f:004c2407 56 push esi 016f:004c2408 ffd7 call edi SAL3.DLL:.text+0x140a: *016f:004c240a 5f pop edi 016f:004c240b b001 mov al,01 016f:004c240d 5e pop esi 016f:004c240e c3 retd 016f:004c240f 90 nop 016f:004c2410 b878966500 mov eax,00659678 016f:004c2415 c3 retd 016f:004c2416 90 nop 016f:004c2417 90 nop 016f:004c2418 90 nop 016f:004c2419 90 nop -------------------- 00a8d2b0 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d2b4 0000056c 00a8d2b8 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d2bc 1c20922d = VOS2MSC.DLL:.text+0x822d -------------------- 016f:1c20921a 90 nop 016f:1c20921b 90 nop 016f:1c20921c 90 nop 016f:1c20921d 90 nop 016f:1c20921e 90 nop 016f:1c20921f 90 nop 016f:1c209220 8b442404 mov eax,dword ptr [esp+04] 016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] 016f:1c209227 51 push ecx 016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex VOS2MSC.DLL:.text+0x822d: *016f:1c20922d 59 pop ecx 016f:1c20922e c3 retd 016f:1c20922f 90 nop 016f:1c209230 83e904 sub ecx,+04 016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 016f:1c209238 cc int 3 016f:1c209239 cc int 3 016f:1c20923a cc int 3 016f:1c20923b cc int 3 016f:1c20923c cc int 3 016f:1c20923d cc int 3 -------------------- 00a8d2c0 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d2c4 1c6dc3e0 = VCL641MI.DLL:.text+0xdb3e0 -------------------- 016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 016f:1c6dc3c6 83c404 add esp,+04 016f:1c6dc3c9 5e pop esi 016f:1c6dc3ca c3 retd 016f:1c6dc3cb 83f801 cmp eax,+01 016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] 016f:1c6dc3da 56 push esi 016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 VCL641MI.DLL:.text+0xdb3e0: *016f:1c6dc3e0 83c404 add esp,+04 016f:1c6dc3e3 5e pop esi 016f:1c6dc3e4 c3 retd 016f:1c6dc3e5 90 nop 016f:1c6dc3e6 90 nop 016f:1c6dc3e7 90 nop 016f:1c6dc3e8 90 nop 016f:1c6dc3e9 90 nop 016f:1c6dc3ea 90 nop 016f:1c6dc3eb 90 nop 016f:1c6dc3ec 90 nop -------------------- 00a8d2c8 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d2cc 00dd3078 -> 00 00 10 01 70 05 00 00 08 af dd 00 80 5e 65 1c ....p........^e. 00a8d2d0 1c6dc591 = VCL641MI.DLL:.text+0xdb591 -------------------- 016f:1c6dc576 8b08 mov ecx,dword ptr [eax] 016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] 016f:1c6dc57b 85f6 test esi,esi 016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush 016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] 016f:1c6dc588 83c004 add eax,+04 016f:1c6dc58b 50 push eax 016f:1c6dc58c 8b10 mov edx,dword ptr [eax] 016f:1c6dc58e ff5208 call dword ptr [edx+08] VCL641MI.DLL:.text+0xdb591: *016f:1c6dc591 83c404 add esp,+04 016f:1c6dc594 5e pop esi 016f:1c6dc595 c3 retd 016f:1c6dc596 90 nop 016f:1c6dc597 90 nop 016f:1c6dc598 90 nop 016f:1c6dc599 90 nop 016f:1c6dc59a 90 nop 016f:1c6dc59b 90 nop 016f:1c6dc59c 90 nop 016f:1c6dc59d 90 nop -------------------- 00a8d2d4 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d2d8 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8d2dc 1c63157d = VCL641MI.DLL:.text+0x3057d -------------------- 016f:1c631566 85c0 test eax,eax 016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 016f:1c63156a 8b0e mov ecx,dword ptr [esi] 016f:1c63156c 50 push eax 016f:1c63156d 51 push ecx 016f:1c63156e ffd3 call ebx 016f:1c631570 8a442413 mov al,byte ptr [esp+13] 016f:1c631574 84c0 test al,al 016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d 016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 VCL641MI.DLL:.text+0x3057d: *016f:1c63157d 5f pop edi 016f:1c63157e 5e pop esi 016f:1c63157f 5d pop ebp 016f:1c631580 5b pop ebx 016f:1c631581 83c464 add esp,+64 016f:1c631584 c3 retd 016f:1c631585 90 nop 016f:1c631586 90 nop 016f:1c631587 90 nop 016f:1c631588 90 nop 016f:1c631589 90 nop -------------------- 00a8d2e0 00a8d398 -> 00 00 00 00 13 36 f6 bf 6c 05 00 00 e2 13 f6 bf .....6..l....... 00a8d2e4 0000056c 00a8d2e8 00000000 00a8d2ec 0000000f 00a8d2f0 01000000 -> 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc 00 p........$I..... 00a8d2f4 00000082 00a8d2f8 0000005c 00a8d2fc 0000029d 00a8d300 000001ba 00a8d304 00000082 00a8d308 0000005c 00a8d30c 0000021b 00a8d310 0000015e 00a8d314 00001b2e 00a8d318 00000000 00a8d31c 00000082 00a8d320 0000005c 00a8d324 0000029d 00a8d328 000001ba 00a8d32c 00000000 ... 00a8d334 bff62a20 = KERNEL32.DLL:_FREQASM+0x1a20 -------------------- 016f:bff629fd 33ff xor edi,edi 016f:bff629ff 8ee6 mov fs,si 016f:bff62a01 8eef mov gs,di 016f:bff62a03 66648b1d1e000000 mov bx,word ptr fs:[0000001e] 016f:bff62a0b 6683eb01 sub bx,+01 016f:bff62a0f 7313 jnc bff62a24 = KERNEL32.DLL:_FREQASM+0x1a24 016f:bff62a11 8bf0 mov esi,eax 016f:bff62a13 8bfa mov edi,edx 016f:bff62a15 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff62a1b e8bc170000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc KERNEL32.DLL:_FREQASM+0x1a20: *016f:bff62a20 8bd7 mov edx,edi 016f:bff62a22 8bc6 mov eax,esi 016f:bff62a24 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff62a2c 648b1d00000000 mov ebx,dword ptr fs:[00000000] 016f:bff62a33 895dd4 mov dword ptr [ebp-2c],ebx 016f:bff62a36 8d5dd4 lea ebx,[ebp-2c] 016f:bff62a39 64891d00000000 mov dword ptr fs:[00000000],ebx 016f:bff62a40 fc cld 016f:bff62a41 ff65dc jmp dword ptr [ebp-24] 016f:bff62a44 8f45dc pop dword ptr [ebp-24] 016f:bff62a47 ff35a0b7fbbf push dword ptr [bffbb7a0] -------------------- 00a8d338 0001bb24 ... 00a8d340 bff6287a = KERNEL32.DLL:_FREQASM+0x187a -------------------- 016f:bff62857 33ff xor edi,edi 016f:bff62859 8ee6 mov fs,si 016f:bff6285b 8eef mov gs,di 016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] 016f:bff62865 6683eb01 sub bx,+01 016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e 016f:bff6286b 8bf0 mov esi,eax 016f:bff6286d 8bfa mov edi,edx 016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc KERNEL32.DLL:_FREQASM+0x187a: *016f:bff6287a 8bd7 mov edx,edi 016f:bff6287c 8bc6 mov eax,esi 016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] 016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] 016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] 016f:bff6288f ff65dc jmp dword ptr [ebp-24] 016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] 016f:bff62899 668945da mov word ptr [ebp-26],ax 016f:bff6289d 8f45dc pop dword ptr [ebp-24] 016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] -------------------- 00a8d344 09d754b7 00a8d348 36a78366 00a8d34c 00000000 00a8d350 838c0ad7 00a8d354 1c630340 = VCL641MI.DLL:.text+0x2f340 -------------------- 016f:1c63031b 56 push esi 016f:1c63031c e85f1a0000 call 1c631d80 = VCL641MI.DLL:.text+0x30d80 016f:1c630321 83c408 add esp,+08 016f:1c630324 85c0 test eax,eax 016f:1c630326 0f8458030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 016f:1c63032c e94d030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c630331 894c2410 mov dword ptr [esp+10],ecx 016f:1c630335 e944030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c63033a 56 push esi 016f:1c63033b e810110000 call 1c631450 = VCL641MI.DLL:.text+0x30450 VCL641MI.DLL:.text+0x2f340: *016f:1c630340 83c404 add esp,+04 016f:1c630343 e936030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c630348 6685ed test bp,bp 016f:1c63034b 0f8433030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 016f:1c630351 6a00 push +00 016f:1c630353 6a00 push +00 016f:1c630355 688b040000 push 0000048b 016f:1c63035a 56 push esi 016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 016f:1c630360 83c410 add esp,+10 016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 -------------------- 00a8d358 0000056c ... 00a8d360 00000000 ... 00a8d368 0000000f 00a8d36c 00000000 00a8d370 1c63295b = VCL641MI.DLL:.text+0x3195b -------------------- 016f:1c632940 8d44240c lea eax,[esp+0c] 016f:1c632944 57 push edi 016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] 016f:1c632949 50 push eax 016f:1c63294a 56 push esi 016f:1c63294b 57 push edi 016f:1c63294c 53 push ebx 016f:1c63294d 55 push ebp 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 VCL641MI.DLL:.text+0x3195b: *016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA 016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp -------------------- 00a8d374 0000056c 00a8d378 0000000f 00a8d37c 00000000 ... 00a8d384 00a8d398 -> 00 00 00 00 13 36 f6 bf 6c 05 00 00 e2 13 f6 bf .....6..l....... 00a8d388 00a8d3a0 -> 6c 05 00 00 e2 13 f6 bf 6f 01 00 00 c1 41 f6 bf l.......o....A.. 00a8d38c 00006410 00a8d390 00a8d3b8 -> 24 bb 01 00 26 18 f6 bf 00 00 00 00 28 12 dd 00 $...&.......(... 00a8d394 00a8d3ec -> 00 00 00 00 00 00 00 00 00 00 00 00 90 77 07 01 .............w.. 00a8d398 00000000 00a8d39c bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8d3a0 0000056c 00a8d3a4 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d3a8 0000016f 00a8d3ac bff641c1 = KERNEL32.DLL:_FREQASM+0x31c1 -------------------- 016f:bff641aa ff4204 inc dword ptr [edx+04] 016f:bff641ad 90 nop 016f:bff641ae c3 retd 016f:bff641af 394208 cmp dword ptr [edx+08],eax 016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa 016f:bff641b4 52 push edx 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x31c1: *016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] -------------------- 00a8d3b0 0001bb24 00a8d3b4 00000000 00a8d3b8 0001bb24 00a8d3bc bff61826 = KERNEL32.DLL:_FREQASM+0x826 -------------------- 016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61809 c3 retd 016f:bff6180a 52 push edx 016f:bff6180b 50 push eax 016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] 016f:bff61811 8b00 mov eax,dword ptr [eax] 016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax 016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e 016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f KERNEL32.DLL:_FREQASM+0x826: *016f:bff61826 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff6182e 58 pop eax 016f:bff6182f 5a pop edx 016f:bff61830 c3 retd 016f:bff61831 ff7316 push dword ptr [ebx+16] 016f:bff61834 ff731a push dword ptr [ebx+1a] 016f:bff61837 ff731e push dword ptr [ebx+1e] 016f:bff6183a ff7322 push dword ptr [ebx+22] 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff -------------------- 00a8d3c0 00000000 00a8d3c4 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8d3c8 bff848fc = KERNEL32.DLL:.text+0x1b8fc -------------------- 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog KERNEL32.DLL:.text+0x1b8fc: *016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84922 33c0 xor eax,eax -------------------- 00a8d3cc bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8d3d0 0000640a 00a8d3d4 00a8d614 -> 68 d8 a8 00 6d 18 f6 bf 7f 34 28 86 00 00 00 00 h...m....4(..... 00a8d3d8 00010000 00a8d3dc 2b140ad7 00a8d3e0 84cc09d7 00a8d3e4 2ceb640e 00a8d3e8 01bc0224 00a8d3ec 00000000 ... 00a8d3f8 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d3fc 2cf60000 00a8d400 2cf684cc 00a8d404 326709d7 00a8d408 04ec0000 00a8d40c 642e3d92 00a8d410 09d78bdc 00a8d414 000284cc 00a8d418 00000482 00a8d41c 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d420 00000000 00a8d424 34973497 00a8d428 00010000 00a8d42c 64440acf 00a8d430 09d7036a 00a8d434 77900000 00a8d438 00000107 00a8d43c 84cc0482 00a8d440 036f0002 00a8d444 8c6264cc 00a8d448 000009d7 00a8d44c 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d450 8c730000 00a8d454 017709d7 00a8d458 32670000 00a8d45c 64cc0000 00a8d460 64760000 00a8d464 04ec0000 00a8d468 347f00a8 00a8d46c 0002014f 00a8d470 14840000 00a8d474 0acf0000 00a8d478 12d20177 00a8d47c 016709d7 = LOCALEDATA_ASCII.DLL:.rdata+0x1a9d7 -> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I 00a8d480 014f80b6 00a8d484 01770177 00a8d488 01a70028 00a8d48c 09c7123c 00a8d490 c1538e00 -> 02 00 00 00 74 74 48 c1 00 00 00 00 00 00 00 00 ....ttH......... 00a8d494 0ad70001 00a8d498 84c80014 00a8d49c 0ab73bdc 00a8d4a0 77900000 00a8d4a4 00000107 00a8d4a8 bff8bafc = KERNEL32.DLL:.text+0x22afc -------------------- 016f:bff8bae5 b14e mov cl,4e 016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef 016f:bff8bae9 b14d mov cl,4d 016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef 016f:bff8baed b13e mov cl,3e 016f:bff8baef 55 push ebp 016f:bff8baf0 8bec mov ebp,esp 016f:bff8baf2 51 push ecx 016f:bff8baf3 83ec3c sub esp,+3c 016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 KERNEL32.DLL:.text+0x22afc: *016f:bff8bafc c9 leave 016f:bff8bafd c3 retd 016f:bff8bafe b101 mov cl,01 016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 016f:bff8bb02 b14f mov cl,4f 016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 016f:bff8bb06 b105 mov cl,05 016f:bff8bb08 55 push ebp 016f:bff8bb09 8bec mov ebp,esp 016f:bff8bb0b 51 push ecx 016f:bff8bb0c 83ec3c sub esp,+3c -------------------- 00a8d4ac 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8d4b0 00000000 00a8d4b4 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d4b8 0001bb24 00a8d4bc c2b30001 00a8d4c0 00ddffff -> 00 2e 00 00 00 01 00 00 00 1c 00 00 00 45 78 63 .............Exc 00a8d4c4 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d4c8 0000016f 00a8d4cc bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8d4d0 0001bb24 ... 00a8d4d8 bff61547 = KERNEL32.DLL:_FREQASM+0x547 -------------------- 016f:bff6151d 660bff or di,di 016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e 016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff61527 ff30 push dword ptr [eax] 016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] 016f:bff61536 6683ef01 sub di,+01 016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x547: *016f:bff61547 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff6154f 8bc6 mov eax,esi 016f:bff61551 0fb6cb movzx ecx,bl 016f:bff61554 5f pop edi 016f:bff61555 5e pop esi 016f:bff61556 5b pop ebx 016f:bff61557 5d pop ebp 016f:bff61558 5a pop edx 016f:bff61559 03e1 add esp,ecx 016f:bff6155b ffe2 jmp edx 016f:bff6155d 55 push ebp -------------------- 00a8d4dc 00ddb754 -> 90 77 07 01 70 b0 07 01 3b 02 00 00 b6 01 00 00 .w..p...;....... 00a8d4e0 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d4e4 00000000 00a8d4e8 00000588 00a8d4ec 1c6ec71e = VCL641MI.DLL:.text+0xeb71e -------------------- 016f:1c6ec703 c3 retd 016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] 016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec710 51 push ecx 016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] 016f:1c6ec715 52 push edx 016f:1c6ec716 50 push eax 016f:1c6ec717 51 push ecx 016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA VCL641MI.DLL:.text+0xeb71e: *016f:1c6ec71e c3 retd 016f:1c6ec71f 90 nop 016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] 016f:1c6ec725 85c0 test eax,eax 016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] 016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] 016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] 016f:1c6ec735 50 push eax 016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec73a 51 push ecx -------------------- 00a8d4f0 00000001 00a8d4f4 0000056c 00a8d4f8 00000482 00a8d4fc 00000000 00a8d500 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d504 1c62d694 = VCL641MI.DLL:.text+0x2c694 -------------------- 016f:1c62d67d 90 nop 016f:1c62d67e 90 nop 016f:1c62d67f 90 nop 016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] 016f:1c62d684 8b09 mov ecx,dword ptr [ecx] 016f:1c62d686 50 push eax 016f:1c62d687 6a00 push +00 016f:1c62d689 6882040000 push 00000482 016f:1c62d68e 51 push ecx 016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 VCL641MI.DLL:.text+0x2c694: *016f:1c62d694 83c410 add esp,+10 016f:1c62d697 c20400 retd 0004 016f:1c62d69a 90 nop 016f:1c62d69b 90 nop 016f:1c62d69c 90 nop 016f:1c62d69d 90 nop 016f:1c62d69e 90 nop 016f:1c62d69f 90 nop 016f:1c62d6a0 56 push esi 016f:1c62d6a1 57 push edi 016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] -------------------- 00a8d508 0000056c 00a8d50c 00000482 00a8d510 00000000 00a8d514 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d518 1c61db3e = VCL641MI.DLL:.text+0x1cb3e -------------------- 016f:1c61db17 8b7c240c mov edi,dword ptr [esp+0c] 016f:1c61db1b 894608 mov dword ptr [esi+08],eax 016f:1c61db1e c7460c00000000 mov dword ptr [esi+0c],00000000 016f:1c61db25 c6461801 mov byte ptr [esi+18],01 016f:1c61db29 8937 mov dword ptr [edi],esi 016f:1c61db2b e830f90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 016f:1c61db30 8b80f8000000 mov eax,dword ptr [eax+000000f8] 016f:1c61db36 56 push esi 016f:1c61db37 8bc8 mov ecx,eax 016f:1c61db39 e842fb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 VCL641MI.DLL:.text+0x1cb3e: *016f:1c61db3e 84c0 test al,al 016f:1c61db40 7405 jz 1c61db47 = VCL641MI.DLL:.text+0x1cb47 016f:1c61db42 5f pop edi 016f:1c61db43 b001 mov al,01 016f:1c61db45 5e pop esi 016f:1c61db46 c3 retd 016f:1c61db47 56 push esi 016f:1c61db48 c70700000000 mov dword ptr [edi],00000000 016f:1c61db4e e819750d00 call 1c6f506c = TL641MI.DLL!21 016f:1c61db53 83c404 add esp,+04 016f:1c61db56 32c0 xor al,al -------------------- 00a8d51c 01077790 -> 00 00 00 00 00 00 00 00 c8 1b 06 01 00 00 00 00 ................ 00a8d520 0000056c 00a8d524 00ddb3d8 -> 5c 85 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 \.p............. 00a8d528 1c6acdf5 = VCL641MI.DLL:.text+0xabdf5 -------------------- 016f:1c6acdcc 0f94c1 setz cl 016f:1c6acdcf 8888a2000000 mov byte ptr [eax+000000a2],cl 016f:1c6acdd5 8b86f4000000 mov eax,dword ptr [esi+000000f4] 016f:1c6acddb 8d542408 lea edx,[esp+08] 016f:1c6acddf 83c06c add eax,+6c 016f:1c6acde2 52 push edx 016f:1c6acde3 50 push eax 016f:1c6acde4 89742410 mov dword ptr [esp+10],esi 016f:1c6acde8 c744241400be6a1c mov dword ptr [esp+14],1c6abe00 016f:1c6acdf0 e8db0cf7ff call 1c61dad0 = VCL641MI.DLL!383 VCL641MI.DLL:.text+0xabdf5: *016f:1c6acdf5 8b8ef4000000 mov ecx,dword ptr [esi+000000f4] 016f:1c6acdfb 83c40c add esp,+0c 016f:1c6acdfe 8b4128 mov eax,dword ptr [ecx+28] 016f:1c6ace01 85c0 test eax,eax 016f:1c6ace03 7413 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 016f:1c6ace05 8b8058010000 mov eax,dword ptr [eax+00000158] 016f:1c6ace0b 85c0 test eax,eax 016f:1c6ace0d 7409 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 016f:1c6ace0f 6a01 push +01 016f:1c6ace11 8bc8 mov ecx,eax 016f:1c6ace13 e848d6f8ff call 1c63a460 = VCL641MI.DLL:.text+0x39460 -------------------- 00a8d52c 00ddb754 -> 90 77 07 01 70 b0 07 01 3b 02 00 00 b6 01 00 00 .w..p...;....... 00a8d530 00a8d53c -> d8 b3 dd 00 00 be 6a 1c de c3 6a 1c d8 b3 dd 00 ......j...j..... 00a8d534 00000000 00a8d538 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8d53c 00ddb3d8 -> 5c 85 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 \.p............. 00a8d540 1c6abe00 = VCL641MI.DLL:.text+0xaae00 -> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... 00a8d544 1c6ac3de = VCL641MI.DLL:.text+0xab3de -------------------- 016f:1c6ac3c8 83c414 add esp,+14 016f:1c6ac3cb 8bc3 mov eax,ebx 016f:1c6ac3cd 5f pop edi 016f:1c6ac3ce 5e pop esi 016f:1c6ac3cf 5b pop ebx 016f:1c6ac3d0 83c420 add esp,+20 016f:1c6ac3d3 c3 retd 016f:1c6ac3d4 8b442430 mov eax,dword ptr [esp+30] 016f:1c6ac3d8 50 push eax 016f:1c6ac3d9 e8c2090000 call 1c6acda0 = VCL641MI.DLL:.text+0xabda0 VCL641MI.DLL:.text+0xab3de: *016f:1c6ac3de 83c404 add esp,+04 016f:1c6ac3e1 8bc3 mov eax,ebx 016f:1c6ac3e3 5f pop edi 016f:1c6ac3e4 5e pop esi 016f:1c6ac3e5 5b pop ebx 016f:1c6ac3e6 83c420 add esp,+20 016f:1c6ac3e9 c3 retd 016f:1c6ac3ea 8b4c2430 mov ecx,dword ptr [esp+30] 016f:1c6ac3ee 51 push ecx 016f:1c6ac3ef e82c0a0000 call 1c6ace20 = VCL641MI.DLL:.text+0xabe20 016f:1c6ac3f4 83c404 add esp,+04 -------------------- 00a8d548 00ddb3d8 -> 5c 85 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 \.p............. 00a8d54c bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d550 8198a3cc -> 04 00 00 00 02 00 00 00 00 78 6c c1 00 00 00 00 .........xl..... 00a8d554 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d558 004c240a = SAL3.DLL:.text+0x140a -------------------- 016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection 016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] 016f:004c23f3 48 dec eax 016f:004c23f4 894618 mov dword ptr [esi+18],eax 016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 016f:004c2400 68f0916500 push 006591f0 016f:004c2405 ffd7 call edi 016f:004c2407 56 push esi 016f:004c2408 ffd7 call edi SAL3.DLL:.text+0x140a: *016f:004c240a 5f pop edi 016f:004c240b b001 mov al,01 016f:004c240d 5e pop esi 016f:004c240e c3 retd 016f:004c240f 90 nop 016f:004c2410 b878966500 mov eax,00659678 016f:004c2415 c3 retd 016f:004c2416 90 nop 016f:004c2417 90 nop 016f:004c2418 90 nop 016f:004c2419 90 nop -------------------- 00a8d55c 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d560 0000056c 00a8d564 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d568 1c20922d = VOS2MSC.DLL:.text+0x822d -------------------- 016f:1c20921a 90 nop 016f:1c20921b 90 nop 016f:1c20921c 90 nop 016f:1c20921d 90 nop 016f:1c20921e 90 nop 016f:1c20921f 90 nop 016f:1c209220 8b442404 mov eax,dword ptr [esp+04] 016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] 016f:1c209227 51 push ecx 016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex VOS2MSC.DLL:.text+0x822d: *016f:1c20922d 59 pop ecx 016f:1c20922e c3 retd 016f:1c20922f 90 nop 016f:1c209230 83e904 sub ecx,+04 016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 016f:1c209238 cc int 3 016f:1c209239 cc int 3 016f:1c20923a cc int 3 016f:1c20923b cc int 3 016f:1c20923c cc int 3 016f:1c20923d cc int 3 -------------------- 00a8d56c 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8d570 1c6dc3e0 = VCL641MI.DLL:.text+0xdb3e0 -------------------- 016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 016f:1c6dc3c6 83c404 add esp,+04 016f:1c6dc3c9 5e pop esi 016f:1c6dc3ca c3 retd 016f:1c6dc3cb 83f801 cmp eax,+01 016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] 016f:1c6dc3da 56 push esi 016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 VCL641MI.DLL:.text+0xdb3e0: *016f:1c6dc3e0 83c404 add esp,+04 016f:1c6dc3e3 5e pop esi 016f:1c6dc3e4 c3 retd 016f:1c6dc3e5 90 nop 016f:1c6dc3e6 90 nop 016f:1c6dc3e7 90 nop 016f:1c6dc3e8 90 nop 016f:1c6dc3e9 90 nop 016f:1c6dc3ea 90 nop 016f:1c6dc3eb 90 nop 016f:1c6dc3ec 90 nop -------------------- 00a8d574 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d578 00dd3078 -> 00 00 10 01 70 05 00 00 08 af dd 00 80 5e 65 1c ....p........^e. 00a8d57c 1c6dc591 = VCL641MI.DLL:.text+0xdb591 -------------------- 016f:1c6dc576 8b08 mov ecx,dword ptr [eax] 016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] 016f:1c6dc57b 85f6 test esi,esi 016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush 016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] 016f:1c6dc588 83c004 add eax,+04 016f:1c6dc58b 50 push eax 016f:1c6dc58c 8b10 mov edx,dword ptr [eax] 016f:1c6dc58e ff5208 call dword ptr [edx+08] VCL641MI.DLL:.text+0xdb591: *016f:1c6dc591 83c404 add esp,+04 016f:1c6dc594 5e pop esi 016f:1c6dc595 c3 retd 016f:1c6dc596 90 nop 016f:1c6dc597 90 nop 016f:1c6dc598 90 nop 016f:1c6dc599 90 nop 016f:1c6dc59a 90 nop 016f:1c6dc59b 90 nop 016f:1c6dc59c 90 nop 016f:1c6dc59d 90 nop -------------------- 00a8d580 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8d584 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8d588 1c631854 = VCL641MI.DLL:.text+0x30854 -------------------- 016f:1c631837 0f94c0 setz al 016f:1c63183a 888685000000 mov byte ptr [esi+00000085],al 016f:1c631840 8b4e18 mov ecx,dword ptr [esi+18] 016f:1c631843 6a00 push +00 016f:1c631845 6a0a push +0a 016f:1c631847 56 push esi 016f:1c631848 51 push ecx 016f:1c631849 ff561c call dword ptr [esi+1c] 016f:1c63184c 83c410 add esp,+10 016f:1c63184f e81cad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 VCL641MI.DLL:.text+0x30854: *016f:1c631854 5f pop edi 016f:1c631855 5e pop esi 016f:1c631856 c3 retd 016f:1c631857 8b5618 mov edx,dword ptr [esi+18] 016f:1c63185a 6a00 push +00 016f:1c63185c 6a0b push +0b 016f:1c63185e 56 push esi 016f:1c63185f 52 push edx 016f:1c631860 ff561c call dword ptr [esi+1c] 016f:1c631863 83c410 add esp,+10 016f:1c631866 e805ad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 -------------------- 00a8d58c 00a8d5d8 -> 00 00 00 00 13 36 f6 bf 6c 05 00 00 e2 13 f6 bf .....6..l....... 00a8d590 0000056c 00a8d594 1c630374 = VCL641MI.DLL:.text+0x2f374 -------------------- 016f:1c630351 6a00 push +00 016f:1c630353 6a00 push +00 016f:1c630355 688b040000 push 0000048b 016f:1c63035a 56 push esi 016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 016f:1c630360 83c410 add esp,+10 016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 016f:1c630368 ff154cf36f1c call dword ptr [1c6ff34c] -> USER32.DLL!DestroyCaret 016f:1c63036e 56 push esi 016f:1c63036f e83c140000 call 1c6317b0 = VCL641MI.DLL:.text+0x307b0 VCL641MI.DLL:.text+0x2f374: *016f:1c630374 83c404 add esp,+04 016f:1c630377 e902030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c63037c 56 push esi 016f:1c63037d e80e150000 call 1c631890 = VCL641MI.DLL:.text+0x30890 016f:1c630382 83c404 add esp,+04 016f:1c630385 e9f4020000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c63038a a10cd5711c mov eax,dword ptr [1c71d50c] 016f:1c63038f 85c0 test eax,eax 016f:1c630391 751d jnz 1c6303b0 = VCL641MI.DLL:.text+0x2f3b0 016f:1c630393 56 push esi 016f:1c630394 890d0cd5711c mov dword ptr [1c71d50c],ecx -------------------- 00a8d598 0000056c ... 00a8d5a0 00000588 00a8d5a4 00000000 00a8d5a8 00000007 00a8d5ac 00000000 00a8d5b0 1c63295b = VCL641MI.DLL:.text+0x3195b -------------------- 016f:1c632940 8d44240c lea eax,[esp+0c] 016f:1c632944 57 push edi 016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] 016f:1c632949 50 push eax 016f:1c63294a 56 push esi 016f:1c63294b 57 push edi 016f:1c63294c 53 push ebx 016f:1c63294d 55 push ebp 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 VCL641MI.DLL:.text+0x3195b: *016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA 016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp -------------------- 00a8d5b4 0000056c 00a8d5b8 00000007 00a8d5bc 00000588 00a8d5c0 00000000 00a8d5c4 00a8d5d8 -> 00 00 00 00 13 36 f6 bf 6c 05 00 00 e2 13 f6 bf .....6..l....... 00a8d5c8 00a8d5e0 -> 6c 05 00 00 e2 13 f6 bf 6f 01 00 00 c1 41 f6 bf l.......o....A.. 00a8d5cc 0000864e 00a8d5d0 00a8d5f8 -> 24 bb 01 00 26 18 f6 bf 00 00 00 00 28 12 dd 00 $...&.......(... 00a8d5d4 00a8d62a -> 00 00 46 02 00 00 86 86 02 00 c6 3c 00 00 d7 0a ..F........<.... 00a8d5d8 00000000 00a8d5dc bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8d5e0 0000056c 00a8d5e4 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d5e8 0000016f 00a8d5ec bff641c1 = KERNEL32.DLL:_FREQASM+0x31c1 -------------------- 016f:bff641aa ff4204 inc dword ptr [edx+04] 016f:bff641ad 90 nop 016f:bff641ae c3 retd 016f:bff641af 394208 cmp dword ptr [edx+08],eax 016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa 016f:bff641b4 52 push edx 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x31c1: *016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] -------------------- 00a8d5f0 0001bb24 00a8d5f4 00000000 00a8d5f8 0001bb24 00a8d5fc bff61826 = KERNEL32.DLL:_FREQASM+0x826 -------------------- 016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61809 c3 retd 016f:bff6180a 52 push edx 016f:bff6180b 50 push eax 016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] 016f:bff61811 8b00 mov eax,dword ptr [eax] 016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax 016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e 016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f KERNEL32.DLL:_FREQASM+0x826: *016f:bff61826 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff6182e 58 pop eax 016f:bff6182f 5a pop edx 016f:bff61830 c3 retd 016f:bff61831 ff7316 push dword ptr [ebx+16] 016f:bff61834 ff731a push dword ptr [ebx+1a] 016f:bff61837 ff731e push dword ptr [ebx+1e] 016f:bff6183a ff7322 push dword ptr [ebx+22] 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff -------------------- 00a8d600 00000000 00a8d604 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8d608 bff848fc = KERNEL32.DLL:.text+0x1b8fc -------------------- 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog KERNEL32.DLL:.text+0x1b8fc: *016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84922 33c0 xor eax,eax -------------------- 00a8d60c bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8d610 00008648 00a8d614 00a8d868 -> b4 da a8 00 6d 18 f6 bf 27 36 7c 68 00 00 00 00 ....m...'6|h.... 00a8d618 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8d61c 8628347f 00a8d620 00000000 00a8d624 36378628 00a8d628 00000000 00a8d62c 00000246 00a8d630 00028686 00a8d634 00003cc6 00a8d638 00010ad7 00a8d63c 015f2737 = I18NPOOL641MI.DLL:.data+0x10737 -> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ 00a8d640 36370000 00a8d644 015f2737 = I18NPOOL641MI.DLL:.data+0x10737 -> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ 00a8d648 3d92868c 00a8d64c 00040ab7 00a8d650 00000000 00a8d654 29300000 00a8d658 00001c63 00a8d65c 05880000 00a8d660 00070000 00a8d664 3d920000 00a8d668 00000010 00a8d66c 00000000 00a8d670 7a6d8678 00a8d674 3637ffff 00a8d678 3dd9868c 00a8d67c ffff0ab7 00a8d680 00003637 00a8d684 36370000 00a8d688 00000000 00a8d68c 000086b0 00a8d690 29300003 00a8d694 108b1c63 00a8d698 000009d7 00a8d69c 00000000 00a8d6a0 00070588 00a8d6a4 0000056c 00a8d6a8 00000000 00a8d6ac 0ad70002 00a8d6b0 1b9786f8 00a8d6b4 000109e7 00a8d6b8 00000000 00a8d6bc 05880000 00a8d6c0 0ddc0007 00a8d6c4 1cb909d7 = SVT641MI.DLL:.text+0x8f9d7 -> 89 44 24 1c e8 9e 6a 0b 00 eb 56 6a 04 e8 b7 45 .D$...j...Vj...E 00a8d6c8 852c09e7 00a8d6cc 00000000 00a8d6d0 bff641c1 = KERNEL32.DLL:_FREQASM+0x31c1 -------------------- 016f:bff641aa ff4204 inc dword ptr [edx+04] 016f:bff641ad 90 nop 016f:bff641ae c3 retd 016f:bff641af 394208 cmp dword ptr [edx+08],eax 016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa 016f:bff641b4 52 push edx 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x31c1: *016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] -------------------- 00a8d6d4 0001bb24 00a8d6d8 bff43e27 = USER32.DLL:.text+0x2e27 -------------------- 016f:bff43df9 006813 add byte ptr [eax+13],ch 016f:bff43dfc 3ef4 ?hlt 016f:bff43dfe bfff750666 mov edi,660675ff 016f:bff43e03 bfffff6664 mov edi,6466ffff 016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi 016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff43e1b 50 push eax 016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] 016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 USER32.DLL:.text+0x2e27: *016f:bff43e27 58 pop eax 016f:bff43e28 2bf3 sub esi,ebx 016f:bff43e2a 2beb sub ebp,ebx 016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] 016f:bff43e30 6603f4 add si,sp 016f:bff43e33 6683ee04 sub si,+04 016f:bff43e37 6603ec add bp,sp 016f:bff43e3a 6683ed04 sub bp,+04 016f:bff43e3e 66cb retfd 016f:bff43e40 ff750e push dword ptr [ebp+0e] 016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] -------------------- 00a8d6dc 0001bb24 00a8d6e0 bff43e27 = USER32.DLL:.text+0x2e27 -------------------- 016f:bff43df9 006813 add byte ptr [eax+13],ch 016f:bff43dfc 3ef4 ?hlt 016f:bff43dfe bfff750666 mov edi,660675ff 016f:bff43e03 bfffff6664 mov edi,6466ffff 016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi 016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff43e1b 50 push eax 016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] 016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 USER32.DLL:.text+0x2e27: *016f:bff43e27 58 pop eax 016f:bff43e28 2bf3 sub esi,ebx 016f:bff43e2a 2beb sub ebp,ebx 016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] 016f:bff43e30 6603f4 add si,sp 016f:bff43e33 6683ee04 sub si,+04 016f:bff43e37 6603ec add bp,sp 016f:bff43e3a 6683ed04 sub bp,+04 016f:bff43e3e 66cb retfd 016f:bff43e40 ff750e push dword ptr [ebp+0e] 016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] -------------------- 00a8d6e4 056c0000 00a8d6e8 00000009 00a8d6ec 00000000 00a8d6f0 00000588 00a8d6f4 00000000 00a8d6f8 19f08724 00a8d6fc 00000000 ... 00a8d704 05880000 00a8d708 84cc0007 00a8d70c 00000002 00a8d710 00000000 ... 00a8d718 ffff0000 00a8d71c 0000ffff 00a8d720 0ad70001 00a8d724 6b9f874a 00a8d728 000009d7 00a8d72c ffff0000 00a8d730 0000ffff 00a8d734 00000000 00a8d738 05880000 00a8d73c 84cc0007 00a8d740 00000002 00a8d744 05880000 00a8d748 876c0588 00a8d74c 84cc846c 00a8d750 00000002 00a8d754 0ad73497 00a8d758 000c0006 00a8d75c 0002852c 00a8d760 05880000 00a8d764 34970000 00a8d768 000284cc 00a8d76c 11c78798 00a8d770 84cc09df 00a8d774 0ad70002 00a8d778 000087dc 00a8d77c 0000000c 00a8d780 048b056c 00a8d784 00000000 ... 00a8d790 c2b30002 00a8d794 000284cc 00a8d798 004787ae = SET641MI.DLL:.text+0x777ae -> 90 90 6a ff 68 22 c0 48 00 64 a1 00 00 00 00 50 ..j.h".H.d.....P 00a8d79c 000009df 00a8d7a0 00000588 00a8d7a4 00060001 00a8d7a8 000284cc 00a8d7ac 87dc004c 00a8d7b0 0ab73863 00a8d7b4 05880000 00a8d7b8 00010000 00a8d7bc 056c0006 00a8d7c0 0006056c 00a8d7c4 00000001 00a8d7c8 00000588 00a8d7cc 00000000 00a8d7d0 c2b30002 00a8d7d4 00060000 00a8d7d8 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d7dc 0000016f 00a8d7e0 bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8d7e4 0001bb24 ... 00a8d7ec bff61547 = KERNEL32.DLL:_FREQASM+0x547 -------------------- 016f:bff6151d 660bff or di,di 016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e 016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff61527 ff30 push dword ptr [eax] 016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] 016f:bff61536 6683ef01 sub di,+01 016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x547: *016f:bff61547 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff6154f 8bc6 mov eax,esi 016f:bff61551 0fb6cb movzx ecx,bl 016f:bff61554 5f pop edi 016f:bff61555 5e pop esi 016f:bff61556 5b pop ebx 016f:bff61557 5d pop ebp 016f:bff61558 5a pop edx 016f:bff61559 03e1 add esp,ecx 016f:bff6155b ffe2 jmp edx 016f:bff6155d 55 push ebp -------------------- 00a8d7f0 00000001 00a8d7f4 00000588 00a8d7f8 00000006 00a8d7fc 0000056c 00a8d800 1c63296d = VCL641MI.DLL:.text+0x3196d -------------------- 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA VCL641MI.DLL:.text+0x3196d: *016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp 016f:1c632970 5b pop ebx 016f:1c632971 59 pop ecx 016f:1c632972 c21000 retd 0010 016f:1c632975 90 nop 016f:1c632976 90 nop 016f:1c632977 90 nop 016f:1c632978 90 nop 016f:1c632979 90 nop -------------------- 00a8d804 00000001 00a8d808 0000056c 00a8d80c 00000000 00a8d810 00000006 00a8d814 00000001 00a8d818 00000588 00a8d81c 00a8d834 -> 6c 05 00 00 e2 13 f6 bf 6f 01 00 00 c1 41 f6 bf l.......o....A.. 00a8d820 000068a2 00a8d824 00a8d84c -> 24 bb 01 00 26 18 f6 bf 00 00 00 00 6d 29 63 1c $...&.......m)c. 00a8d828 00a8d87e -> 00 00 02 02 00 00 da 68 02 00 c6 3c 00 00 d7 0a .......h...<.... 00a8d82c 00000001 00a8d830 bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8d834 0000056c 00a8d838 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8d83c 0000016f 00a8d840 bff641c1 = KERNEL32.DLL:_FREQASM+0x31c1 -------------------- 016f:bff641aa ff4204 inc dword ptr [edx+04] 016f:bff641ad 90 nop 016f:bff641ae c3 retd 016f:bff641af 394208 cmp dword ptr [edx+08],eax 016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa 016f:bff641b4 52 push edx 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x31c1: *016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] -------------------- 00a8d844 0001bb24 00a8d848 00000000 00a8d84c 0001bb24 00a8d850 bff61826 = KERNEL32.DLL:_FREQASM+0x826 -------------------- 016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61809 c3 retd 016f:bff6180a 52 push edx 016f:bff6180b 50 push eax 016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] 016f:bff61811 8b00 mov eax,dword ptr [eax] 016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax 016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e 016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f KERNEL32.DLL:_FREQASM+0x826: *016f:bff61826 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff6182e 58 pop eax 016f:bff6182f 5a pop edx 016f:bff61830 c3 retd 016f:bff61831 ff7316 push dword ptr [ebx+16] 016f:bff61834 ff731a push dword ptr [ebx+1a] 016f:bff61837 ff731e push dword ptr [ebx+1e] 016f:bff6183a ff7322 push dword ptr [ebx+22] 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff -------------------- 00a8d854 00000000 00a8d858 1c63296d = VCL641MI.DLL:.text+0x3196d -------------------- 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA VCL641MI.DLL:.text+0x3196d: *016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp 016f:1c632970 5b pop ebx 016f:1c632971 59 pop ecx 016f:1c632972 c21000 retd 0010 016f:1c632975 90 nop 016f:1c632976 90 nop 016f:1c632977 90 nop 016f:1c632978 90 nop 016f:1c632979 90 nop -------------------- 00a8d85c bff848fc = KERNEL32.DLL:.text+0x1b8fc -------------------- 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog KERNEL32.DLL:.text+0x1b8fc: *016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84922 33c0 xor eax,eax -------------------- 00a8d860 bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8d864 0000689c 00a8d868 00a8dab4 -> 78 dd a8 00 68 d6 6f 1c ff ff ff ff 22 25 00 1c x...h.o....."%.. 00a8d86c bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8d870 687c3627 00a8d874 00000000 00a8d878 347f687c 00a8d87c 00000000 00a8d880 00000202 00a8d884 000268da 00a8d888 00003cc6 00a8d88c 00010ad7 00a8d890 015f2737 = I18NPOOL641MI.DLL:.data+0x10737 -> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ 00a8d894 347f0000 00a8d898 015f2737 = I18NPOOL641MI.DLL:.data+0x10737 -> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ 00a8d89c 00000000 00a8d8a0 00000177 00a8d8a4 00a8d8c0 -> d8 d8 a8 00 89 b9 f6 bf 14 81 97 81 cf 41 f6 bf .............A.. 00a8d8a8 bff6b8dc = KERNEL32.DLL:.text+0x28dc -------------------- 016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] 016f:bff6b8c0 fb sti 016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b 016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b8cb ff7514 push dword ptr [ebp+14] 016f:bff6b8ce ff7510 push dword ptr [ebp+10] 016f:bff6b8d1 ff750c push dword ptr [ebp+0c] 016f:bff6b8d4 ff7508 push dword ptr [ebp+08] 016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c KERNEL32.DLL:.text+0x28dc: *016f:bff6b8dc 8bf0 mov esi,eax 016f:bff6b8de 85f6 test esi,esi 016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e8 66ff4602 inc word ptr [esi+02] 016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b8f1 50 push eax 016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 016f:bff6b8f7 8bc6 mov eax,esi 016f:bff6b8f9 5e pop esi -------------------- 00a8d8ac bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8d8b0 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d8b4 bff6b8f7 = KERNEL32.DLL:.text+0x28f7 -------------------- 016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c 016f:bff6b8dc 8bf0 mov esi,eax 016f:bff6b8de 85f6 test esi,esi 016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e8 66ff4602 inc word ptr [esi+02] 016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b8f1 50 push eax 016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x28f7: *016f:bff6b8f7 8bc6 mov eax,esi 016f:bff6b8f9 5e pop esi 016f:bff6b8fa 5d pop ebp 016f:bff6b8fb c21000 retd 0010 016f:bff6b8fe 55 push ebp 016f:bff6b8ff 8bec mov ebp,esp 016f:bff6b901 53 push ebx 016f:bff6b902 56 push esi 016f:bff6b903 57 push edi 016f:bff6b904 33ff xor edi,edi 016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 -------------------- 00a8d8b8 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d8bc 00000177 00a8d8c0 00a8d8d8 -> 01 00 00 00 01 00 00 00 00 78 6c c1 fc d8 a8 00 .........xl..... 00a8d8c4 bff6b989 = KERNEL32.DLL:.text+0x2989 -------------------- 016f:bff6b96c 5b pop ebx 016f:bff6b96d c20800 retd 0008 016f:bff6b970 55 push ebp 016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff6b976 8bec mov ebp,esp 016f:bff6b978 ff742410 push dword ptr [esp+10] 016f:bff6b97c ff750c push dword ptr [ebp+0c] 016f:bff6b97f ff7508 push dword ptr [ebp+08] 016f:bff6b982 ff30 push dword ptr [eax] 016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc KERNEL32.DLL:.text+0x2989: *016f:bff6b989 5d pop ebp 016f:bff6b98a c20c00 retd 000c 016f:bff6b98d 55 push ebp 016f:bff6b98e 8bec mov ebp,esp 016f:bff6b990 50 push eax 016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b996 50 push eax 016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b99c ff7508 push dword ptr [ebp+08] 016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] -------------------- 00a8d8c8 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8d8cc bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8d8d0 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8d8d4 bff6b9af = KERNEL32.DLL:.text+0x29af -------------------- 016f:bff6b98e 8bec mov ebp,esp 016f:bff6b990 50 push eax 016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b996 50 push eax 016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b99c ff7508 push dword ptr [ebp+08] 016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b9a9 50 push eax 016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x29af: *016f:bff6b9af 58 pop eax 016f:bff6b9b0 5d pop ebp 016f:bff6b9b1 c20400 retd 0004 016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6b9ba 55 push ebp 016f:bff6b9bb 8bec mov ebp,esp 016f:bff6b9bd 6aff push -01 016f:bff6b9bf 683092f6bf push bff69230 016f:bff6b9c4 68201bfbbf push bffb1b20 016f:bff6b9c9 50 push eax 016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8d8d8 00000001 ... 00a8d8e0 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8d8e4 00a8d8fc -> b8 19 f6 bf 40 69 00 00 b4 da a8 00 6d 18 f6 bf ....@i......m... 00a8d8e8 bff8309d = KERNEL32.DLL:.text+0x1a09d -------------------- 016f:bff8307f e8ec88feff call bff6b970 = KERNEL32.DLL:.text+0x2970 016f:bff83084 3bc7 cmp eax,edi 016f:bff83086 8bf0 mov esi,eax 016f:bff83088 740e jz bff83098 = KERNEL32.DLL:.text+0x1a098 016f:bff8308a 56 push esi 016f:bff8308b e8b3010000 call bff83243 = KERNEL32.DLL:.text+0x1a243 016f:bff83090 8bf8 mov edi,eax 016f:bff83092 56 push esi 016f:bff83093 e8f588feff call bff6b98d = KERNEL32.DLL:.text+0x298d 016f:bff83098 e81073feff call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x1a09d: *016f:bff8309d 8bc7 mov eax,edi 016f:bff8309f 5f pop edi 016f:bff830a0 5e pop esi 016f:bff830a1 c20400 retd 0004 016f:bff830a4 56 push esi 016f:bff830a5 57 push edi 016f:bff830a6 33ff xor edi,edi 016f:bff830a8 e85b73feff call bff6a408 = KERNEL32.DLL:.text+0x1408 016f:bff830ad 57 push edi 016f:bff830ae 6802000080 push 80000002 016f:bff830b3 ff742414 push dword ptr [esp+14] -------------------- 00a8d8ec 691a3627 00a8d8f0 00000177 00a8d8f4 bff844b5 = KERNEL32.DLL:.text+0x1b4b5 -------------------- 016f:bff84491 8bd0 mov edx,eax 016f:bff84493 c1c210 rol edx,10 016f:bff84496 e935fcffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 016f:bff8449b ff7316 push dword ptr [ebx+16] 016f:bff8449e e839ecffff call bff830dc = KERNEL32.DLL!ResetEvent 016f:bff844a3 8bd0 mov edx,eax 016f:bff844a5 c1c210 rol edx,10 016f:bff844a8 e9f3fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 016f:bff844ad ff7316 push dword ptr [ebx+16] 016f:bff844b0 e8b7ebffff call bff8306c = KERNEL32.DLL!SetEvent KERNEL32.DLL:.text+0x1b4b5: *016f:bff844b5 8bd0 mov edx,eax 016f:bff844b7 c1c210 rol edx,10 016f:bff844ba e9e1fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 016f:bff844bf e893d4ffff call bff81957 = KERNEL32.DLL:.text+0x18957 016f:bff844c4 e9c7fbffff jmp bff84090 = KERNEL32.DLL:.text+0x1b090 016f:bff844c9 ff7316 push dword ptr [ebx+16] 016f:bff844cc e814d3fdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff844d1 e883a0ffff call bff7e559 = KERNEL32.DLL!FreeLibrary 016f:bff844d6 e82fd3fdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff844db e9c0fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 016f:bff844e0 33c0 xor eax,eax -------------------- 00a8d8f8 453a4d5c 00a8d8fc bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8d900 00006940 00a8d904 00a8dab4 -> 78 dd a8 00 68 d6 6f 1c ff ff ff ff 22 25 00 1c x...h.o....."%.. 00a8d908 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8d90c 691a3627 00a8d910 00000002 00a8d914 347f691a 00a8d918 00003497 00a8d91c 02020000 00a8d920 25f00000 00a8d924 53240002 00a8d928 0ad70000 00a8d92c 748509d7 00a8d930 7485014f 00a8d934 0ad7014f 00a8d938 00005324 00a8d93c 000225f0 00a8d940 1153695a 00a8d944 4d5c09d7 00a8d948 1bef453a 00a8d94c 2cf62b8c 00a8d950 326709d7 00a8d954 04fa0000 00a8d958 697a0000 00a8d95c 09d78bdc 00a8d960 00022b8c 00a8d964 0004cd0b 00a8d968 0000056c 00a8d96c 00000000 00a8d970 1bef1bef 00a8d974 00010000 00a8d978 69900acf 00a8d97c 09d7036a 00a8d980 056c0000 00a8d984 00040000 00a8d988 2b8ccd0b 00a8d98c 036f0002 00a8d990 8c626a18 00a8d994 000009d7 00a8d998 0000056c 00a8d99c 8c730004 00a8d9a0 017709d7 00a8d9a4 32670000 00a8d9a8 6a180000 00a8d9ac 69c20000 00a8d9b0 04fa0000 00a8d9b4 347f00a8 00a8d9b8 0002014f 00a8d9bc 19d00000 00a8d9c0 0acf0000 00a8d9c4 12d20177 00a8d9c8 016709d7 = LOCALEDATA_ASCII.DLL:.rdata+0x1a9d7 -> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I 00a8d9cc 014f80b6 00a8d9d0 01770177 00a8d9d4 01a70028 00a8d9d8 00000000 00a8d9dc 0107dbb0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8d9e0 00000000 00a8d9e4 00000010 00a8d9e8 012c0a2f 00a8d9ec 01770002 00a8d9f0 00a8da1c -> 48 da a8 00 1b cf 6f 1c ff ff ff ff bb 0a 6a 1c H.....o.......j. 00a8d9f4 1c6fcf1b = VCL641MI.DLL:.text+0xfbf1b -------------------- 016f:1c6fcf0b cc int 3 016f:1c6fcf0c cc int 3 016f:1c6fcf0d cc int 3 016f:1c6fcf0e cc int 3 016f:1c6fcf0f cc int 3 016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] 016f:1c6fcf13 50 push eax 016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 016f:1c6fcf19 59 pop ecx 016f:1c6fcf1a c3 retd VCL641MI.DLL:.text+0xfbf1b: *016f:1c6fcf1b b858b6701c mov eax,1c70b658 016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler 016f:1c6fcf25 cc int 3 016f:1c6fcf26 cc int 3 016f:1c6fcf27 cc int 3 016f:1c6fcf28 cc int 3 016f:1c6fcf29 cc int 3 016f:1c6fcf2a cc int 3 016f:1c6fcf2b cc int 3 016f:1c6fcf2c cc int 3 016f:1c6fcf2d cc int 3 -------------------- 00a8d9f8 ffffffff 00a8d9fc 1c6a0abb = VCL641MI.DLL:.text+0x9fabb -------------------- 016f:1c6a0a97 0ad3 or dl,bl 016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl 016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl 016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] 016f:1c6a0aab 85f6 test esi,esi 016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] 016f:1c6a0ab3 57 push edi 016f:1c6a0ab4 8bce mov ecx,esi 016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 VCL641MI.DLL:.text+0x9fabb: *016f:1c6a0abb 84c0 test al,al 016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 016f:1c6a0abf 88442413 mov byte ptr [esp+13],al 016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] 016f:1c6a0ac9 85f6 test esi,esi 016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] 016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0ad3 90 nop 016f:1c6a0ad4 90 nop 016f:1c6a0ad5 90 nop -------------------- 00a8da00 00000000 ... 00a8da08 010bfb08 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8da0c 00000000 00a8da10 00000010 00a8da14 0100016f -> 00 20 00 00 80 70 01 00 00 01 00 00 00 06 00 00 . ...p.......... 00a8da18 bff6424a = KERNEL32.DLL:_FREQASM+0x324a -------------------- 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add 016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x324a: *016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6424d 681c002a00 push 002a001c 016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff6425c 8b00 mov eax,dword ptr [eax] 016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff64265 8d400c lea eax,[eax+0c] 016f:bff64268 50 push eax 016f:bff64269 6a00 push +00 -------------------- 00a8da1c 00a8da48 -> 74 da a8 00 1b cf 6f 1c ff ff ff ff bb 0a 6a 1c t.....o.......j. 00a8da20 1c6fcf1b = VCL641MI.DLL:.text+0xfbf1b -------------------- 016f:1c6fcf0b cc int 3 016f:1c6fcf0c cc int 3 016f:1c6fcf0d cc int 3 016f:1c6fcf0e cc int 3 016f:1c6fcf0f cc int 3 016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] 016f:1c6fcf13 50 push eax 016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 016f:1c6fcf19 59 pop ecx 016f:1c6fcf1a c3 retd VCL641MI.DLL:.text+0xfbf1b: *016f:1c6fcf1b b858b6701c mov eax,1c70b658 016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler 016f:1c6fcf25 cc int 3 016f:1c6fcf26 cc int 3 016f:1c6fcf27 cc int 3 016f:1c6fcf28 cc int 3 016f:1c6fcf29 cc int 3 016f:1c6fcf2a cc int 3 016f:1c6fcf2b cc int 3 016f:1c6fcf2c cc int 3 016f:1c6fcf2d cc int 3 -------------------- 00a8da24 ffffffff 00a8da28 1c6a0abb = VCL641MI.DLL:.text+0x9fabb -------------------- 016f:1c6a0a97 0ad3 or dl,bl 016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl 016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl 016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] 016f:1c6a0aab 85f6 test esi,esi 016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] 016f:1c6a0ab3 57 push edi 016f:1c6a0ab4 8bce mov ecx,esi 016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 VCL641MI.DLL:.text+0x9fabb: *016f:1c6a0abb 84c0 test al,al 016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 016f:1c6a0abf 88442413 mov byte ptr [esp+13],al 016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] 016f:1c6a0ac9 85f6 test esi,esi 016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] 016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0ad3 90 nop 016f:1c6a0ad4 90 nop 016f:1c6a0ad5 90 nop -------------------- 00a8da2c 00000000 ... 00a8da34 010beb30 -> a0 57 65 00 a8 d8 fc 00 00 00 00 00 00 00 00 00 .We............. 00a8da38 00000000 00a8da3c 00000010 00a8da40 01f641cf 00a8da44 bff420df = USER32.DLL:.text+0x10df -------------------- 016f:bff420c4 b14e mov cl,4e 016f:bff420c6 eb02 jmp bff420ca = USER32.DLL:.text+0x10ca 016f:bff420c8 b145 mov cl,45 016f:bff420ca 55 push ebp 016f:bff420cb 8bec mov ebp,esp 016f:bff420cd 51 push ecx 016f:bff420ce 83ec3c sub esp,+3c 016f:bff420d1 66ff7508 push word ptr [ebp+08] 016f:bff420d5 66ff750c push word ptr [ebp+0c] 016f:bff420d9 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 USER32.DLL:.text+0x10df: *016f:bff420df 98 cwde 016f:bff420e0 c9 leave 016f:bff420e1 c20800 retd 0008 016f:bff420e4 b135 mov cl,35 016f:bff420e6 eb02 jmp bff420ea = USER32.DLL:.text+0x10ea 016f:bff420e8 b17d mov cl,7d 016f:bff420ea 55 push ebp 016f:bff420eb 8bec mov ebp,esp 016f:bff420ed 51 push ecx 016f:bff420ee 83ec3c sub esp,+3c 016f:bff420f1 66ff7508 push word ptr [ebp+08] -------------------- 00a8da48 00a8da74 -> b4 da a8 00 1b cf 6f 1c ff ff ff ff ef 0a 6a 1c ......o.......j. 00a8da4c 1c6fcf1b = VCL641MI.DLL:.text+0xfbf1b -------------------- 016f:1c6fcf0b cc int 3 016f:1c6fcf0c cc int 3 016f:1c6fcf0d cc int 3 016f:1c6fcf0e cc int 3 016f:1c6fcf0f cc int 3 016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] 016f:1c6fcf13 50 push eax 016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 016f:1c6fcf19 59 pop ecx 016f:1c6fcf1a c3 retd VCL641MI.DLL:.text+0xfbf1b: *016f:1c6fcf1b b858b6701c mov eax,1c70b658 016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler 016f:1c6fcf25 cc int 3 016f:1c6fcf26 cc int 3 016f:1c6fcf27 cc int 3 016f:1c6fcf28 cc int 3 016f:1c6fcf29 cc int 3 016f:1c6fcf2a cc int 3 016f:1c6fcf2b cc int 3 016f:1c6fcf2c cc int 3 016f:1c6fcf2d cc int 3 -------------------- 00a8da50 ffffffff 00a8da54 1c6a0abb = VCL641MI.DLL:.text+0x9fabb -------------------- 016f:1c6a0a97 0ad3 or dl,bl 016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl 016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl 016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] 016f:1c6a0aab 85f6 test esi,esi 016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] 016f:1c6a0ab3 57 push edi 016f:1c6a0ab4 8bce mov ecx,esi 016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 VCL641MI.DLL:.text+0x9fabb: *016f:1c6a0abb 84c0 test al,al 016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 016f:1c6a0abf 88442413 mov byte ptr [esp+13],al 016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] 016f:1c6a0ac9 85f6 test esi,esi 016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] 016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 016f:1c6a0ad3 90 nop 016f:1c6a0ad4 90 nop 016f:1c6a0ad5 90 nop -------------------- 00a8da58 00000000 ... 00a8da60 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8da64 00000000 00a8da68 00000001 00a8da6c 0162d95d = I18NPOOL641MI.DLL:.data+0x4b95d -> 00 1c 00 1c 00 1f 00 1f 00 1f 00 1f 00 1f 00 1f ................ 00a8da70 00000588 00a8da74 00a8dab4 -> 78 dd a8 00 68 d6 6f 1c ff ff ff ff 22 25 00 1c x...h.o....."%.. 00a8da78 1c6fcf1b = VCL641MI.DLL:.text+0xfbf1b -------------------- 016f:1c6fcf0b cc int 3 016f:1c6fcf0c cc int 3 016f:1c6fcf0d cc int 3 016f:1c6fcf0e cc int 3 016f:1c6fcf0f cc int 3 016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] 016f:1c6fcf13 50 push eax 016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 016f:1c6fcf19 59 pop ecx 016f:1c6fcf1a c3 retd VCL641MI.DLL:.text+0xfbf1b: *016f:1c6fcf1b b858b6701c mov eax,1c70b658 016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler 016f:1c6fcf25 cc int 3 016f:1c6fcf26 cc int 3 016f:1c6fcf27 cc int 3 016f:1c6fcf28 cc int 3 016f:1c6fcf29 cc int 3 016f:1c6fcf2a cc int 3 016f:1c6fcf2b cc int 3 016f:1c6fcf2c cc int 3 016f:1c6fcf2d cc int 3 -------------------- 00a8da7c ffffffff 00a8da80 1c6a0aef = VCL641MI.DLL:.text+0x9faef -------------------- 016f:1c6a0add 90 nop 016f:1c6a0ade 90 nop 016f:1c6a0adf 90 nop 016f:1c6a0ae0 53 push ebx 016f:1c6a0ae1 56 push esi 016f:1c6a0ae2 57 push edi 016f:1c6a0ae3 8b7c2410 mov edi,dword ptr [esp+10] 016f:1c6a0ae7 8bf1 mov esi,ecx 016f:1c6a0ae9 57 push edi 016f:1c6a0aea e881feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 VCL641MI.DLL:.text+0x9faef: *016f:1c6a0aef 8bb624010000 mov esi,dword ptr [esi+00000124] 016f:1c6a0af5 8ad8 mov bl,al 016f:1c6a0af7 85f6 test esi,esi 016f:1c6a0af9 7418 jz 1c6a0b13 = VCL641MI.DLL:.text+0x9fb13 016f:1c6a0afb 57 push edi 016f:1c6a0afc 8bce mov ecx,esi 016f:1c6a0afe e8ddffffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 016f:1c6a0b03 84c0 test al,al 016f:1c6a0b05 7502 jnz 1c6a0b09 = VCL641MI.DLL:.text+0x9fb09 016f:1c6a0b07 32db xor bl,bl 016f:1c6a0b09 8bb630010000 mov esi,dword ptr [esi+00000130] -------------------- 00a8da84 00000000 00a8da88 00a8dddc -> 2c 35 19 82 a6 06 a6 06 f8 dd a8 00 98 45 f8 bf ,5...........E.. 00a8da8c 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8da90 00000001 00a8da94 1c6a0bb6 = VCL641MI.DLL:.text+0x9fbb6 -------------------- 016f:1c6a0b9c 75e8 jnz 1c6a0b86 = VCL641MI.DLL:.text+0x9fb86 016f:1c6a0b9e 8ac3 mov al,bl 016f:1c6a0ba0 5f pop edi 016f:1c6a0ba1 5b pop ebx 016f:1c6a0ba2 5e pop esi 016f:1c6a0ba3 c20400 retd 0004 016f:1c6a0ba6 8b442408 mov eax,dword ptr [esp+08] 016f:1c6a0baa 8b8e04010000 mov ecx,dword ptr [esi+00000104] 016f:1c6a0bb0 50 push eax 016f:1c6a0bb1 e82affffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 VCL641MI.DLL:.text+0x9fbb6: *016f:1c6a0bb6 5e pop esi 016f:1c6a0bb7 c20400 retd 0004 016f:1c6a0bba 90 nop 016f:1c6a0bbb 90 nop 016f:1c6a0bbc 90 nop 016f:1c6a0bbd 90 nop 016f:1c6a0bbe 90 nop 016f:1c6a0bbf 90 nop 016f:1c6a0bc0 56 push esi 016f:1c6a0bc1 8bf1 mov esi,ecx 016f:1c6a0bc3 f6860002000010 test byte ptr [esi+00000200],10 -------------------- 00a8da98 00000000 00a8da9c 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8daa4 1c6a6823 = VCL641MI.DLL:.text+0xa5823 -------------------- 016f:1c6a67fd 740c jz 1c6a680b = VCL641MI.DLL:.text+0xa580b 016f:1c6a67ff 8d54241c lea edx,[esp+1c] 016f:1c6a6803 8bce mov ecx,esi 016f:1c6a6805 52 push edx 016f:1c6a6806 e8a5b3ffff call 1c6a1bb0 = VCL641MI.DLL:.text+0xa0bb0 016f:1c6a680b 8bce mov ecx,esi 016f:1c6a680d e81ed2ffff call 1c6a3a30 = VCL641MI.DLL:.text+0xa2a30 016f:1c6a6812 8d4c241c lea ecx,[esp+1c] 016f:1c6a6816 c7442414ffffffff mov dword ptr [esp+14],ffffffff 016f:1c6a681e e81d71fdff call 1c67d940 = VCL641MI.DLL!2534 VCL641MI.DLL:.text+0xa5823: *016f:1c6a6823 e92f010000 jmp 1c6a6957 = VCL641MI.DLL:.text+0xa5957 016f:1c6a6828 f6860002000002 test byte ptr [esi+00000200],02 016f:1c6a682f 7407 jz 1c6a6838 = VCL641MI.DLL:.text+0xa5838 016f:1c6a6831 8bce mov ecx,esi 016f:1c6a6833 e8a88dffff call 1c69f5e0 = VCL641MI.DLL:.text+0x9e5e0 016f:1c6a6838 f6860002000004 test byte ptr [esi+00000200],04 016f:1c6a683f 7407 jz 1c6a6848 = VCL641MI.DLL:.text+0xa5848 016f:1c6a6841 8bce mov ecx,esi 016f:1c6a6843 e8588dffff call 1c69f5a0 = VCL641MI.DLL:.text+0x9e5a0 016f:1c6a6848 8b06 mov eax,dword ptr [esi] 016f:1c6a684a 6a02 push +02 -------------------- 00a8daa8 00000001 00a8daac 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8dab4 00a8dd78 -> a0 6e 3e 82 00 78 6c c1 a4 dd a8 00 6e a2 f6 bf .n>..xl.....n... 00a8dab8 1c6fd668 = VCL641MI.DLL:.text+0xfc668 -> b8 30 be 70 1c e9 24 cf ff ff cc cc cc cc cc cc .0.p..$......... 00a8dabc ffffffff 00a8dac0 1c002522 = REG4MSDOC641MI.DLL:.text+0x1522 -------------------- 016f:1c0024fa 888e3a110000 mov byte ptr [esi+0000113a],cl 016f:1c002500 8ac8 mov cl,al 016f:1c002502 80e104 and cl,04 016f:1c002505 2408 and al,08 016f:1c002507 888e3c110000 mov byte ptr [esi+0000113c],cl 016f:1c00250d 6a00 push +00 016f:1c00250f 8bce mov ecx,esi 016f:1c002511 88963b110000 mov byte ptr [esi+0000113b],dl 016f:1c002517 88863d110000 mov byte ptr [esi+0000113d],al 016f:1c00251d e8be5e0000 call 1c0083e0 = VCL641MI.DLL!3838 REG4MSDOC641MI.DLL:.text+0x1522: *016f:1c002522 b001 mov al,01 016f:1c002524 8b8c24ac020000 mov ecx,dword ptr [esp+000002ac] 016f:1c00252b 5e pop esi 016f:1c00252c 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:1c002533 81c4b4020000 add esp,000002b4 016f:1c002539 c20400 retd 0004 016f:1c00253c 90 nop 016f:1c00253d 90 nop 016f:1c00253e 90 nop 016f:1c00253f 90 nop 016f:1c002540 e9a35f0000 jmp 1c0084e8 = VCL641MI.DLL!3240 -------------------- 00a8dac4 010bfed0 -> 01 00 00 00 2e 00 00 00 66 00 69 00 6c 00 65 00 ........f.i.l.e. 00a8dac8 00000000 00a8dacc 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8dad0 00000000 00a8dad4 00a8daf8 -> 4a 6b 55 03 d7 03 00 00 ee 0f 85 00 85 00 44 40 JkU...........D@ 00a8dad8 bff6451a = KERNEL32.DLL:_FREQASM+0x351a -------------------- 016f:bff644fd eb04 jmp bff64503 = KERNEL32.DLL:_FREQASM+0x3503 016f:bff644ff 804b7401 or byte ptr [ebx+74],01 016f:bff64503 33c9 xor ecx,ecx 016f:bff64505 f6451402 test byte ptr [ebp+14],02 016f:bff64509 7403 jz bff6450e = KERNEL32.DLL:_FREQASM+0x350e 016f:bff6450b 80c908 or cl,08 016f:bff6450e ff750c push dword ptr [ebp+0c] 016f:bff64511 51 push ecx 016f:bff64512 ff737c push dword ptr [ebx+7c] 016f:bff64515 e8dc4c0100 call bff791f6 = KERNEL32.DLL:.text+0x101f6 KERNEL32.DLL:_FREQASM+0x351a: *016f:bff6451a 0bc0 or eax,eax 016f:bff6451c 741e jz bff6453c = KERNEL32.DLL:_FREQASM+0x353c 016f:bff6451e 2b436c sub eax,dword ptr [ebx+6c] 016f:bff64521 8b4d10 mov ecx,dword ptr [ebp+10] 016f:bff64524 0bc9 or ecx,ecx 016f:bff64526 7805 js bff6452d = KERNEL32.DLL:_FREQASM+0x352d 016f:bff64528 8b55fc mov edx,dword ptr [ebp-04] 016f:bff6452b 8902 mov dword ptr [edx],eax 016f:bff6452d 2eff148d6048f6bf call dword ptr ss:[ecx*4+bff64860] 016f:bff64535 5b pop ebx 016f:bff64536 5f pop edi -------------------- 00a8dadc 81eecf00 -> 52 4a 31 46 ef 3d ef 3d ef 3d ef 3d ef 3d ef 3d RJ1F.=.=.=.=.=.= 00a8dae0 d0d40000 00a8dae4 bff600c8 = KERNEL32.DLL+0xc8 -> 04 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 .........0...... 00a8dae8 00a8db2e -> 00 00 46 02 fd 01 b0 01 41 00 11 00 c8 d0 d4 00 ..F.....A....... 00a8daec 6b2c3627 00a8daf0 00200000 00a8daf4 042f8101 00a8daf8 03556b4a 00a8dafc 000003d7 00a8db00 00850fee = SVL641MI.DLL:.reloc+0x3fee -> 89 3a b1 3a c9 3a e9 3a 0c 3b 2c 3b 49 3b 69 3b .:.:.:.:.;,;I;i; 00a8db04 40440085 00a8db08 6b8c07cf 00a8db0c 0002347f 00a8db10 0fee0000 00a8db14 a032069f 00a8db18 00a86b8c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8db1c bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8db20 6b2c3627 00a8db24 00000000 00a8db28 6ba4a032 00a8db2c 0000069f 00a8db30 01fd0246 00a8db34 004101b0 = SET641MI.DLL:.text+0xf1b0 -> dc 6c ff ff 8b 17 52 e8 b6 a7 06 00 8b 4c 24 24 .l....R......L$$ 00a8db38 d0c80011 00a8db3c 72b400d4 00a8db40 014faf4b 00a8db44 00000001 00a8db48 00000000 ... 00a8db50 00850000 = SVL641MI.DLL:.reloc+0x3000 -> 04 39 08 39 0c 39 10 39 14 39 18 39 1c 39 20 39 .9.9.9.9.9.9.9 9 00a8db54 07cf4044 00a8db58 347f6b8c 00a8db5c 01470002 00a8db60 35cc0000 00a8db64 00000147 00a8db68 ac500000 00a8db6c 96ad0002 00a8db70 00020d40 00a8db74 0000a032 00a8db78 069f069f 00a8db7c 0100fb00 -> 48 d4 85 1c 00 00 00 00 01 00 00 00 00 00 00 00 H............... 00a8db80 6b9c0084 00a8db84 052f1666 00a8db88 0b480001 00a8db8c 81ee94d8 -> 8c 20 03 00 00 00 16 36 16 36 ff ff ff 40 aa aa . .....6.6...@.. 00a8db90 00a8dc1c -> 80 a0 9f 06 d8 34 bf 06 49 00 5a 00 0d 00 68 0e .....4..I.Z...h. 00a8db94 0001e6f3 00a8db98 55aa55aa ... 00a8dba0 00006bcc 00a8dba4 c161f394 -------------------- 016f:c161f374 8d0491 lea eax,[ecx+edx*4] 016f:c161f377 8b0d3cc861c1 mov ecx,dword ptr [c161c83c] 016f:c161f37d 8b915c050000 mov edx,dword ptr [ecx+0000055c] 016f:c161f383 89420c mov dword ptr [edx+0c],eax 016f:c161f386 8b45f4 mov eax,dword ptr [ebp-0c] 016f:c161f389 8b4e08 mov ecx,dword ptr [esi+08] 016f:c161f38c 50 push eax 016f:c161f38d 51 push ecx 016f:c161f38e 57 push edi 016f:c161f38f e85c770100 call c1636af0 *016f:c161f394 8b153cc861c1 mov edx,dword ptr [c161c83c] 016f:c161f39a 8bd8 mov ebx,eax 016f:c161f39c 83c40c add esp,+0c 016f:c161f39f 81e3fffffeff and ebx,fffeffff 016f:c161f3a5 8b825c050000 mov eax,dword ptr [edx+0000055c] 016f:c161f3ab 8b5028 mov edx,dword ptr [eax+28] 016f:c161f3ae 8b480c mov ecx,dword ptr [eax+0c] 016f:c161f3b1 83c204 add edx,+04 016f:c161f3b4 895028 mov dword ptr [eax+28],edx 016f:c161f3b7 a13cc861c1 mov eax,dword ptr [c161c83c] 016f:c161f3bc 8b905c050000 mov edx,dword ptr [eax+0000055c] -------------------- 00a8dba8 81ee94d8 -> 8c 20 03 00 00 00 16 36 16 36 ff ff ff 40 aa aa . .....6.6...@.. 00a8dbac 005a0049 = SAL3.DLL:.rdata+0xba049 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dbb0 81ed0080 -> 0d 00 02 00 ff ff ff 40 00 00 00 40 00 00 00 00 .......@...@.... 00a8dbb4 0000a032 00a8dbb8 00000000 ... 00a8dbc0 81ed0080 -> 0d 00 02 00 ff ff ff 40 00 00 00 40 00 00 00 00 .......@...@.... 00a8dbc4 81ee94d8 -> 8c 20 03 00 00 00 16 36 16 36 ff ff ff 40 aa aa . .....6.6...@.. 00a8dbc8 80575b5c -> 01 81 00 04 6e 02 2f 04 14 20 97 03 76 20 97 03 ....n./.. ..v .. 00a8dbcc 00006bf4 00a8dbd0 c161da81 -------------------- 016f:c161da70 5e pop esi 016f:c161da71 5b pop ebx 016f:c161da72 8be5 mov esp,ebp 016f:c161da74 5d pop ebp 016f:c161da75 c3 retd 016f:c161da76 51 push ecx 016f:c161da77 8b4d08 mov ecx,dword ptr [ebp+08] 016f:c161da7a 51 push ecx 016f:c161da7b 52 push edx 016f:c161da7c e85f140000 call c161eee0 *016f:c161da81 83c40c add esp,+0c 016f:c161da84 5f pop edi 016f:c161da85 5e pop esi 016f:c161da86 5b pop ebx 016f:c161da87 8be5 mov esp,ebp 016f:c161da89 5d pop ebp 016f:c161da8a c3 retd 016f:c161da8b 8b4508 mov eax,dword ptr [ebp+08] 016f:c161da8e 6a00 push +00 016f:c161da90 50 push eax 016f:c161da91 52 push edx -------------------- 00a8dbd4 00a8dc1c -> 80 a0 9f 06 d8 34 bf 06 49 00 5a 00 0d 00 68 0e .....4..I.Z...h. 00a8dbd8 80575b40 -> 50 52 20 03 58 02 80 0c 01 20 00 00 00 00 80 0c PR .X.... ...... 00a8dbdc 0fee0000 00a8dbe0 0000a032 00a8dbe4 00000000 00a8dbe8 000001b1 00a8dbec 00000000 00a8dbf0 0fee0000 00a8dbf4 00006c00 00a8dbf8 c163a707 -------------------- 016f:c163a6de 017613 add dword ptr [esi+13],esi 016f:c163a6e1 a1d09f61c1 mov eax,dword ptr [c1619fd0] 016f:c163a6e6 50 push eax 016f:c163a6e7 e874450000 call c163ec60 016f:c163a6ec 83c404 add esp,+04 016f:c163a6ef a33cc861c1 mov dword ptr [c161c83c],eax 016f:c163a6f4 c70540c861c100000000 mov dword ptr [c161c840],00000000 016f:c163a6fe 8b4d0c mov ecx,dword ptr [ebp+0c] 016f:c163a701 51 push ecx 016f:c163a702 e8c931feff call c161d8d0 *016f:c163a707 83c404 add esp,+04 016f:c163a70a 89450c mov dword ptr [ebp+0c],eax 016f:c163a70d 833d40c861c100 cmp dword ptr [c161c840],+00 016f:c163a714 740c jz c163a722 016f:c163a716 8b5508 mov edx,dword ptr [ebp+08] 016f:c163a719 81ca00000080 or edx,80000000 016f:c163a71f 895508 mov dword ptr [ebp+08],edx 016f:c163a722 8b4508 mov eax,dword ptr [ebp+08] 016f:c163a725 8be5 mov esp,ebp 016f:c163a727 5d pop ebp 016f:c163a728 cb retfd -------------------- 00a8dbfc 80575b40 -> 50 52 20 03 58 02 80 0c 01 20 00 00 00 00 80 0c PR .X.... ...... 00a8dc00 00006c10 00a8dc04 000001c8 00a8dc08 00000377 00a8dc0c 00000001 00a8dc10 a0326c6c 00a8dc14 069f6c4c 00a8dc18 052f8fdb 00a8dc1c 069fa080 00a8dc20 06bf34d8 00a8dc24 005a0049 = SAL3.DLL:.rdata+0xba049 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dc28 0e68000d 00a8dc2c 000010ee 00a8dc30 069fa032 00a8dc34 00290002 00a8dc38 0fee0000 ... 00a8dc40 00000177 ... 00a8dc48 0000cd8a 00a8dc4c fffe0d40 00a8dc50 01b1022f 00a8dc54 069fa032 00a8dc58 1bf16c66 00a8dc5c 1bac6c7a 00a8dc60 a088052f 00a8dc64 00a85000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8dc68 00040000 00a8dc6c 0ab72d9c 00a8dc70 bff614d9 = KERNEL32.DLL:_FREQASM+0x4d9 -> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f 00a8dc74 0000016f 00a8dc78 00a8dc80 -> 00 00 92 8c b7 54 d7 09 a6 8c 37 36 00 00 00 00 .....T....76.... 00a8dc7c 347f0177 00a8dc80 8c920000 00a8dc84 09d754b7 00a8dc88 36378ca6 00a8dc8c 00000000 00a8dc90 8ccc0ad7 00a8dc94 34638ccc 00a8dc98 00000000 ... 00a8dca0 00000588 00a8dca4 00000000 ... 00a8dcac 00000082 00a8dcb0 bff45cfa = USER32.DLL:.text+0x4cfa -------------------- 016f:bff45cd8 d1e1 shl ecx,EvIa 016f:bff45cda c1ea04 shr edx,04 016f:bff45cdd c1e202 shl edx,02 016f:bff45ce0 8b82c55bf4bf mov eax,dword ptr [edx+bff45bc5] 016f:bff45ce6 d3e8 shr eax,cl 016f:bff45ce8 83e003 and eax,+03 016f:bff45ceb c1e002 shl eax,02 016f:bff45cee c20400 retd 0004 016f:bff45cf1 ff742408 push dword ptr [esp+08] 016f:bff45cf5 e8cbffffff call bff45cc5 = USER32.DLL:.text+0x4cc5 USER32.DLL:.text+0x4cfa: *016f:bff45cfa 8bd0 mov edx,eax 016f:bff45cfc 33c0 xor eax,eax 016f:bff45cfe 2effa2055df4bf jmp dword ptr ss:[edx+bff45d05] 016f:bff45d05 195df4 sbb dword ptr [ebp-0c],ebx 016f:bff45d08 bf185df4bf mov edi,bff45d18 016f:bff45d0d 155df4bf1c adc eax,1cbff45d 016f:bff45d12 5d pop ebp 016f:bff45d13 f4 hlt 016f:bff45d14 bf48eb0140 mov edi,4001eb48 016f:bff45d19 c21000 retd 0010 016f:bff45d1c 58 pop eax -------------------- 00a8dcb4 00000082 00a8dcb8 8190b06c -> 00 00 00 00 f0 dc 65 c1 55 73 65 72 33 32 57 69 ......e.User32Wi 00a8dcbc bff4d6c0 = USER32.DLL:.data+0x6c0 -> 55 73 65 72 33 32 57 69 6e 64 6f 77 48 61 6e 64 User32WindowHand 00a8dcc0 0000000d 00a8dcc4 00000000 ... 00a8dccc ffffffff 00a8dcd0 00000000 ... 00a8dcd8 81908864 -> 00 00 00 00 76 d5 e1 81 08 d6 e1 81 4c 87 90 81 ....v.......L... 00a8dcdc 00000000 00a8dce0 81908874 -> e2 c3 e0 81 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dce4 00000588 00a8dce8 00000000 00a8dcec 00000005 00a8dcf0 00000000 ... 00a8dcfc 0ea8dd10 00a8dd00 00000000 ... 00a8dd0c 0e9948fc 00a8dd10 8190885c -> 09 04 00 00 e4 04 00 00 00 00 00 00 76 d5 e1 81 ............v... 00a8dd14 00006d4c 00a8dd18 00a8df70 -> 70 e1 a8 00 6d 18 f6 bf 27 35 86 7f 00 00 00 00 p...m...'5...... 00a8dd1c bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8dd20 12020e9f 00a8dd24 12020e99 00a8dd28 00a8dd5c -> 00 b0 39 82 00 00 00 00 27 36 cc 6d 77 01 00 00 ..9.....'6.mw... 00a8dd2c 8190b130 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dd30 823bf1f8 -> 18 00 00 a0 26 4d 6f 76 65 00 00 00 00 00 00 00 ....&Move....... 00a8dd34 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8dd38 00a8dd5c -> 00 b0 39 82 00 00 00 00 27 36 cc 6d 77 01 00 00 ..9.....'6.mw... 00a8dd3c bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8dd40 00a8dd74 -> 30 b1 90 81 a0 6e 3e 82 00 78 6c c1 a4 dd a8 00 0....n>..xl..... 00a8dd44 8190b130 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dd48 823d2010 -> 34 00 00 a0 a4 3e 8f 11 01 04 0c 07 cf 00 00 00 4....>.......... 00a8dd4c c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8dd50 00a8dd74 -> 30 b1 90 81 a0 6e 3e 82 00 78 6c c1 a4 dd a8 00 0....n>..xl..... 00a8dd54 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8dd58 bff6b487 = KERNEL32.DLL:.text+0x2487 -------------------- 016f:bff6b46a 8b00 mov eax,dword ptr [eax] 016f:bff6b46c 894304 mov dword ptr [ebx+04],eax 016f:bff6b46f 6800020000 push 00000200 016f:bff6b474 51 push ecx 016f:bff6b475 ff75fc push dword ptr [ebp-04] 016f:bff6b478 56 push esi 016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 016f:bff6b47e ff750c push dword ptr [ebp+0c] 016f:bff6b481 56 push esi 016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x2487: *016f:bff6b487 b801000000 mov eax,00000001 016f:bff6b48c 5f pop edi 016f:bff6b48d 5e pop esi 016f:bff6b48e 5b pop ebx 016f:bff6b48f 8be5 mov esp,ebp 016f:bff6b491 5d pop ebp 016f:bff6b492 c20c00 retd 000c 016f:bff6b495 55 push ebp 016f:bff6b496 8bec mov ebp,esp 016f:bff6b498 83ec04 sub esp,+04 016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] -------------------- 00a8dd5c 8239b000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... ....... 00a8dd60 00000000 00a8dd64 6dcc3627 00a8dd68 00000177 00a8dd6c 8238b000 -> 04 07 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dd70 00a8dda4 -> 00 b0 18 82 00 00 00 00 27 36 14 6e 77 01 00 00 ........'6.nw... 00a8dd74 8190b130 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dd78 823e6ea0 -> 34 00 00 a0 34 01 67 10 00 04 34 07 cf 00 00 00 4...4.g...4..... 00a8dd7c c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8dd80 00a8dda4 -> 00 b0 18 82 00 00 00 00 27 36 14 6e 77 01 00 00 ........'6.nw... 00a8dd84 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8dd88 00a8ddbc -> e4 dd a8 00 74 46 f6 bf 00 b0 18 82 00 00 00 00 ....tF.......... 00a8dd8c 8190b0fc -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dd90 82193528 -> 68 00 00 a0 6c da 02 00 00 00 00 00 f0 d9 02 00 h...l........... 00a8dd94 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8dd98 00a8ddbc -> e4 dd a8 00 74 46 f6 bf 00 b0 18 82 00 00 00 00 ....tF.......... 00a8dd9c bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8dda0 bff6b487 = KERNEL32.DLL:.text+0x2487 -------------------- 016f:bff6b46a 8b00 mov eax,dword ptr [eax] 016f:bff6b46c 894304 mov dword ptr [ebx+04],eax 016f:bff6b46f 6800020000 push 00000200 016f:bff6b474 51 push ecx 016f:bff6b475 ff75fc push dword ptr [ebp-04] 016f:bff6b478 56 push esi 016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 016f:bff6b47e ff750c push dword ptr [ebp+0c] 016f:bff6b481 56 push esi 016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x2487: *016f:bff6b487 b801000000 mov eax,00000001 016f:bff6b48c 5f pop edi 016f:bff6b48d 5e pop esi 016f:bff6b48e 5b pop ebx 016f:bff6b48f 8be5 mov esp,ebp 016f:bff6b491 5d pop ebp 016f:bff6b492 c20c00 retd 000c 016f:bff6b495 55 push ebp 016f:bff6b496 8bec mov ebp,esp 016f:bff6b498 83ec04 sub esp,+04 016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] -------------------- 00a8dda4 8218b000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... ....... 00a8dda8 00000000 00a8ddac 6e143627 00a8ddb0 00000177 00a8ddb4 8217b000 -> 60 06 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 `............... 00a8ddb8 82193528 -> 68 00 00 a0 6c da 02 00 00 00 00 00 f0 d9 02 00 h...l........... 00a8ddbc 00a8dde4 -> f8 dd a8 00 98 45 f8 bf 00 b0 17 82 88 05 00 00 .....E.......... 00a8ddc0 bff64674 = KERNEL32.DLL:_FREQASM+0x3674 -------------------- 016f:bff6464f 17 pop ss 016f:bff64650 816b7000100000 sub dword ptr [ebx+70],00001000 016f:bff64657 66c70419ffff mov word ptr [ecx+ebx],ffff 016f:bff6465d 83e902 sub ecx,+02 016f:bff64660 2d00100000 sub eax,00001000 016f:bff64665 eba7 jmp bff6460e = KERNEL32.DLL:_FREQASM+0x360e 016f:bff64667 ff75f8 push dword ptr [ebp-08] 016f:bff6466a 6a00 push +00 016f:bff6466c ff737c push dword ptr [ebx+7c] 016f:bff6466f e871040000 call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 KERNEL32.DLL:_FREQASM+0x3674: *016f:bff64674 5b pop ebx 016f:bff64675 5f pop edi 016f:bff64676 5e pop esi 016f:bff64677 c9 leave 016f:bff64678 c20c00 retd 000c 016f:bff6467b 90 nop 016f:bff6467c 55 push ebp 016f:bff6467d 8bec mov ebp,esp 016f:bff6467f 56 push esi 016f:bff64680 57 push edi 016f:bff64681 53 push ebx -------------------- 00a8ddc4 8218b000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... ....... 00a8ddc8 00000000 00a8ddcc 8219352c -> 6c da 02 00 00 00 00 00 f0 d9 02 00 00 00 00 00 l............... 00a8ddd0 00a8de16 -> 00 00 46 02 00 00 01 00 02 00 2c 85 02 00 d7 0a ..F.......,..... 00a8ddd4 6e143627 00a8ddd8 00000177 00a8dddc 8219352c -> 6c da 02 00 00 00 00 00 f0 d9 02 00 00 00 00 00 l............... 00a8dde0 06a606a6 00a8dde4 00a8ddf8 -> b8 19 f6 bf 36 6e 00 00 70 df a8 00 6d 18 f6 bf ....6n..p...m... 00a8dde8 bff84598 = KERNEL32.DLL:.text+0x1b598 -------------------- 016f:bff84576 0fb74316 movzx eax,word ptr [ebx+16] 016f:bff8457a 50 push eax 016f:bff8457b ff7318 push dword ptr [ebx+18] 016f:bff8457e e83101feff call bff646b4 = KERNEL32.DLL:_FREQASM+0x36b4 016f:bff84583 e920fbffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84588 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8458c 50 push eax 016f:bff8458d ff7318 push dword ptr [ebx+18] 016f:bff84590 ff731c push dword ptr [ebx+1c] 016f:bff84593 e81c00feff call bff645b4 = KERNEL32.DLL:_FREQASM+0x35b4 KERNEL32.DLL:.text+0x1b598: *016f:bff84598 e91bfbffff jmp bff840b8 = KERNEL32.DLL:.text+0x1b0b8 016f:bff8459d 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff845a1 50 push eax 016f:bff845a2 ff7318 push dword ptr [ebx+18] 016f:bff845a5 ff731c push dword ptr [ebx+1c] 016f:bff845a8 e85b5e0000 call bff8a408 = KERNEL32.DLL:.text+0x21408 016f:bff845ad 8bd0 mov edx,eax 016f:bff845af c1c210 rol edx,10 016f:bff845b2 e901fbffff jmp bff840b8 = KERNEL32.DLL:.text+0x1b0b8 016f:bff845b7 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff845bb 50 push eax -------------------- 00a8ddec 8217b000 -> 60 06 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 `............... 00a8ddf0 00000588 00a8ddf4 00000000 00a8ddf8 bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8ddfc 00006e36 00a8de00 00a8df70 -> 70 e1 a8 00 6d 18 f6 bf 27 35 86 7f 00 00 00 00 p...m...'5...... 00a8de04 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8de08 6e143627 00a8de0c 00000000 00a8de10 347f6e14 00a8de14 00000000 00a8de18 00000246 00a8de1c 00020001 00a8de20 0002852c 00a8de24 00280ad7 00a8de28 014fb01b 00a8de2c 05880000 00a8de30 b01b0000 00a8de34 6e70014f 00a8de38 0a1f23aa 00a8de3c 05880000 00a8de40 b0000000 00a8de44 852c8217 00a8de48 00000002 00a8de4c 0a1f0002 00a8de50 5cf50000 = CRYPT32.DLL:.text+0x4f000 -> 08 0f 84 59 01 00 00 8b 4b 04 8b 76 4c 8b f8 8b ...Y....K..vL... 00a8de54 000009e7 00a8de58 00000000 00a8de5c 6e700000 00a8de60 84cc852c 00a8de64 84cc0002 00a8de68 00000002 00a8de6c 59980000 00a8de70 1e3b6e94 00a8de74 0002852c 00a8de78 32670177 00a8de7c 01770000 00a8de80 84cc0000 00a8de84 05880002 00a8de88 00003497 ... 00a8de90 6edc680f 00a8de94 08946ea0 00a8de98 852c0a1f 00a8de9c 08990002 00a8dea0 00286ee8 00a8dea4 bff6287a = KERNEL32.DLL:_FREQASM+0x187a -------------------- 016f:bff62857 33ff xor edi,edi 016f:bff62859 8ee6 mov fs,si 016f:bff6285b 8eef mov gs,di 016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] 016f:bff62865 6683eb01 sub bx,+01 016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e 016f:bff6286b 8bf0 mov esi,eax 016f:bff6286d 8bfa mov edi,edx 016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc KERNEL32.DLL:_FREQASM+0x187a: *016f:bff6287a 8bd7 mov edx,edi 016f:bff6287c 8bc6 mov eax,esi 016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] 016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] 016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] 016f:bff6288f ff65dc jmp dword ptr [ebp-24] 016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] 016f:bff62899 668945da mov word ptr [ebp-26],ax 016f:bff6289d 8f45dc pop dword ptr [ebp-24] 016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] -------------------- 00a8dea8 00a8de5c -> 00 00 70 6e 2c 85 cc 84 02 00 cc 84 02 00 00 00 ..pn,........... 00a8deac 7b730002 00a8deb0 bff12549 = GDI32.DLL:.text+0x1549 -------------------- 016f:bff1252e b150 mov cl,50 016f:bff12530 eb02 jmp bff12534 = GDI32.DLL:.text+0x1534 016f:bff12532 b14c mov cl,4c 016f:bff12534 55 push ebp 016f:bff12535 8bec mov ebp,esp 016f:bff12537 51 push ecx 016f:bff12538 83ec3c sub esp,+3c 016f:bff1253b 66ff7508 push word ptr [ebp+08] 016f:bff1253f 66ff750c push word ptr [ebp+0c] 016f:bff12543 ff15c617f1bf call dword ptr [bff117c6] -> GDI32.DLL:.data+0x268 GDI32.DLL:.text+0x1549: *016f:bff12549 0fb7c0 movzx eax,ax 016f:bff1254c c9 leave 016f:bff1254d c20800 retd 0008 016f:bff12550 b133 mov cl,33 016f:bff12552 55 push ebp 016f:bff12553 8bec mov ebp,esp 016f:bff12555 51 push ecx 016f:bff12556 83ec3c sub esp,+3c 016f:bff12559 e846720000 call bff197a4 = KERNEL32.DLL!SMapLS_IP_EBP_8 016f:bff1255e 50 push eax 016f:bff1255f 66ff750c push word ptr [ebp+0c] -------------------- 00a8deb4 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8deb8 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8debc 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dec0 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8dec4 bff4252a = USER32.DLL:.text+0x152a -------------------- 016f:bff42511 eb06 jmp bff42519 = USER32.DLL:.text+0x1519 016f:bff42513 b141 mov cl,41 016f:bff42515 eb02 jmp bff42519 = USER32.DLL:.text+0x1519 016f:bff42517 b112 mov cl,12 016f:bff42519 55 push ebp 016f:bff4251a 8bec mov ebp,esp 016f:bff4251c 51 push ecx 016f:bff4251d 83ec3c sub esp,+3c 016f:bff42520 66ff7508 push word ptr [ebp+08] 016f:bff42524 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 USER32.DLL:.text+0x152a: *016f:bff4252a 98 cwde 016f:bff4252b c9 leave 016f:bff4252c c20400 retd 0004 016f:bff4252f b10f mov cl,0f 016f:bff42531 eb06 jmp bff42539 = USER32.DLL:.text+0x1539 016f:bff42533 b153 mov cl,53 016f:bff42535 eb02 jmp bff42539 = USER32.DLL:.text+0x1539 016f:bff42537 b152 mov cl,52 016f:bff42539 55 push ebp 016f:bff4253a 8bec mov ebp,esp 016f:bff4253c 51 push ecx -------------------- 00a8dec8 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8decc bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8ded0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ded4 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8ded8 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dedc bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8dee0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dee4 010b7188 -> 6f 00 6e 00 20 00 44 00 61 00 74 00 61 00 00 00 o.n. .D.a.t.a... 00a8dee8 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8deec 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8def0 00000000 00a8def4 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8def8 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8defc 1c6dcdf7 = VCL641MI.DLL:.text+0xdbdf7 -------------------- 016f:1c6dcddd 5f pop edi 016f:1c6dcdde 5e pop esi 016f:1c6dcddf c21400 retd 0014 016f:1c6dcde2 8b7c2418 mov edi,dword ptr [esp+18] 016f:1c6dcde6 85ff test edi,edi 016f:1c6dcde8 7410 jz 1c6dcdfa = VCL641MI.DLL:.text+0xdbdfa 016f:1c6dcdea 8bcf mov ecx,edi 016f:1c6dcdec e84f040100 call 1c6ed240 = VCL641MI.DLL:.text+0xec240 016f:1c6dcdf1 57 push edi 016f:1c6dcdf2 e875820100 call 1c6f506c = TL641MI.DLL!21 VCL641MI.DLL:.text+0xdbdf7: *016f:1c6dcdf7 83c404 add esp,+04 016f:1c6dcdfa 8b4c241c mov ecx,dword ptr [esp+1c] 016f:1c6dcdfe 8bc6 mov eax,esi 016f:1c6dce00 5f pop edi 016f:1c6dce01 5e pop esi 016f:1c6dce02 c70100000000 mov dword ptr [ecx],00000000 016f:1c6dce08 c21400 retd 0014 016f:1c6dce0b 8b4c2418 mov ecx,dword ptr [esp+18] 016f:1c6dce0f e85c7d0100 call 1c6f4b70 = VCL641MI.DLL:.text+0xf3b70 016f:1c6dce14 8b54241c mov edx,dword ptr [esp+1c] 016f:1c6dce18 25ff000000 and eax,000000ff -------------------- 00a8df00 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8df04 00000000 00a8df08 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8df0c 1c6dceeb = VCL641MI.DLL:.text+0xdbeeb -------------------- 016f:1c6dced0 8d44240c lea eax,[esp+0c] 016f:1c6dced4 57 push edi 016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] 016f:1c6dced9 50 push eax 016f:1c6dceda 56 push esi 016f:1c6dcedb 57 push edi 016f:1c6dcedc 53 push ebx 016f:1c6dcedd 55 push ebp 016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 VCL641MI.DLL:.text+0xdbeeb: *016f:1c6dceeb 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c6dceef 89442424 mov dword ptr [esp+24],eax 016f:1c6dcef3 85c9 test ecx,ecx 016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] 016f:1c6dcefb 51 push ecx 016f:1c6dcefc 56 push esi 016f:1c6dcefd 57 push edi 016f:1c6dcefe 53 push ebx 016f:1c6dceff 55 push ebp 016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 -------------------- 00a8df10 00000570 00a8df14 00000473 00a8df18 00000000 00a8df1c 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8df20 00a8df34 -> 00 00 00 00 13 36 f6 bf 70 05 00 00 73 04 00 00 .....6..p...s... 00a8df24 00a8df3c -> 70 05 00 00 73 04 00 00 00 00 00 00 00 00 00 00 p...s........... 00a8df28 00007fac 00a8df2c 00a8df54 -> 68 df a8 00 26 18 f6 bf 00 00 00 00 40 57 65 00 h...&.......@We. 00a8df30 00a8df88 -> 00 00 46 02 00 00 e4 7f 00 00 c6 3c a8 00 d7 0a ..F........<.... 00a8df34 00000000 00a8df38 bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8df3c 00000570 00a8df40 00000473 00a8df44 00000000 ... 00a8df4c 7f863527 00a8df50 00000177 00a8df54 00a8df68 -> b8 19 f6 bf a6 7f 00 00 70 e1 a8 00 6d 18 f6 bf ........p...m... 00a8df58 bff61826 = KERNEL32.DLL:_FREQASM+0x826 -------------------- 016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61809 c3 retd 016f:bff6180a 52 push edx 016f:bff6180b 50 push eax 016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] 016f:bff61811 8b00 mov eax,dword ptr [eax] 016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax 016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e 016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f KERNEL32.DLL:_FREQASM+0x826: *016f:bff61826 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff6182e 58 pop eax 016f:bff6182f 5a pop edx 016f:bff61830 c3 retd 016f:bff61831 ff7316 push dword ptr [ebx+16] 016f:bff61834 ff731a push dword ptr [ebx+1a] 016f:bff61837 ff731e push dword ptr [ebx+1e] 016f:bff6183a ff7322 push dword ptr [ebx+22] 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff -------------------- 00a8df5c 00000000 00a8df60 00655740 = SAL3.DLL:.data+0x740 -> f0 00 00 00 00 00 00 00 40 57 65 00 40 57 65 00 ........@We.@We. 00a8df64 bff848fc = KERNEL32.DLL:.text+0x1b8fc -------------------- 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog KERNEL32.DLL:.text+0x1b8fc: *016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84922 33c0 xor eax,eax -------------------- 00a8df68 bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8df6c 00007fa6 00a8df70 00a8e170 -> f0 f2 a8 00 79 d4 6f 1c ff ff ff ff 44 ae dd 00 ....y.o.....D... 00a8df74 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8df78 7f863527 00a8df7c 00000000 00a8df80 36277f86 00a8df84 00000473 00a8df88 02460000 00a8df8c 7fe40000 = WINSPOOL.DRV+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8df90 3cc60000 00a8df94 0ad700a8 00a8df98 27373527 00a8df9c 0000015f 00a8dfa0 27373627 00a8dfa4 7fea015f = OLEAUT32.DLL:.text+0x1f15f -> 0f 84 b5 02 01 00 8b 08 50 ff 51 04 8b 46 50 85 ........P.Q..FP. 00a8dfa8 0ab73d92 00a8dfac 00000004 00a8dfb0 00000000 00a8dfb4 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8dfb8 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8dfbc 00000000 00a8dfc0 00000473 00a8dfc4 00103d92 00a8dfc8 00000000 00a8dfcc 7fd60000 = SHELL32.DLL:.rsrc+0x8b000 -> 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8dfd0 ffff7a6d 00a8dfd4 7fea3627 = OLEAUT32.DLL:.text+0x22627 -------------------- 016f:7fea3625 ffd1 call ecx OLEAUT32.DLL:.text+0x22627: *016f:7fea3627 e9f3ab13c9 jmp 48fde21f 016f:7fea362c 66f3ab rep stos word ptr es:[edi],ax 016f:7fea362f 33c0 xor eax,eax 016f:7fea3631 5f pop edi 016f:7fea3632 5e pop esi 016f:7fea3633 c9 leave 016f:7fea3634 c20400 retd 0004 016f:7fea3637 83ec0c sub esp,+0c 016f:7fea363a 53 push ebx 016f:7fea363b 55 push ebp 016f:7fea363c 56 push esi -------------------- 00a8dfd8 0ab73dd9 00a8dfdc 3627ffff 00a8dfe0 00000000 00a8dfe4 000c3627 00a8dfe8 800e0000 -------------------- 016f:800dfffa f0 ?db f0 016f:800dfffb e803005389 call 09610003 *016f:800e0000 2010 and byte ptr [eax],dl 016f:800e0002 0300 add eax,dword ptr [eax] 016f:800e0004 c45350 les edx,fword ptr [ebx+50] 016f:800e0007 6a03 push +03 016f:800e0009 6a01 push +01 016f:800e000b 897dc4 mov dword ptr [ebp-3c],edi 016f:800e000e 8975c8 mov dword ptr [ebp-38],esi 016f:800e0011 685c1000c0 push c000105c 016f:800e0016 eb33 jmp 800e004b 016f:800e0018 8b45fc mov eax,dword ptr [ebp-04] 016f:800e001b 8b4df0 mov ecx,dword ptr [ebp-10] -------------------- 00a8dfec 00030000 00a8dff0 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8dff4 09d7108b 00a8dff8 71900000 00a8dffc 0000010b 00a8e000 05700473 00a8e004 0000003f 00a8e008 00bc0c30 -> cc 05 aa 00 cc 05 aa 00 94 07 bc 00 94 07 bc 00 ................ 00a8e00c 00bc0490 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e010 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8e014 81984e74 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e018 00bc0490 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e01c 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8e020 7803b128 = MSVCRT.DLL:.data+0x128 -> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... 00a8e024 00a8e058 -> 90 42 bc 00 26 bb f6 bf 74 4e 98 81 90 42 bc 00 .B..&...tN...B.. 00a8e028 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e02c 00a8e060 -> 74 4e 98 81 90 42 bc 00 b2 16 00 78 28 b1 03 78 tN...B.....x(..x 00a8e030 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e034 8198bb6c -> 40 00 00 a0 02 00 00 00 18 d0 98 81 ff ff ff ff @............... 00a8e038 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8e03c 00a8e060 -> 74 4e 98 81 90 42 bc 00 b2 16 00 78 28 b1 03 78 tN...B.....x(..x 00a8e040 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8e044 bff6b487 = KERNEL32.DLL:.text+0x2487 -------------------- 016f:bff6b46a 8b00 mov eax,dword ptr [eax] 016f:bff6b46c 894304 mov dword ptr [ebx+04],eax 016f:bff6b46f 6800020000 push 00000200 016f:bff6b474 51 push ecx 016f:bff6b475 ff75fc push dword ptr [ebp-04] 016f:bff6b478 56 push esi 016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 016f:bff6b47e ff750c push dword ptr [ebp+0c] 016f:bff6b481 56 push esi 016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x2487: *016f:bff6b487 b801000000 mov eax,00000001 016f:bff6b48c 5f pop edi 016f:bff6b48d 5e pop esi 016f:bff6b48e 5b pop ebx 016f:bff6b48f 8be5 mov esp,ebp 016f:bff6b491 5d pop ebp 016f:bff6b492 c20c00 retd 000c 016f:bff6b495 55 push ebp 016f:bff6b496 8bec mov ebp,esp 016f:bff6b498 83ec04 sub esp,+04 016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] -------------------- 00a8e048 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8e04c 00000000 00a8e050 0107e0e8 -> e0 e0 07 01 e0 e0 07 01 00 00 00 00 6c 00 65 00 ............l.e. ... 00a8e058 00bc4290 -> d4 05 aa 00 d4 05 aa 00 53 56 31 2e 54 4d 50 5c ........SV1.TMP\ 00a8e05c bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8e060 81984e74 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e064 00bc4290 -> d4 05 aa 00 d4 05 aa 00 53 56 31 2e 54 4d 50 5c ........SV1.TMP\ 00a8e068 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8e06c 7803b128 = MSVCRT.DLL:.data+0x128 -> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... 00a8e070 00a8e0b4 -> 18 e1 a8 00 e7 22 4c 00 0f bb f6 bf 08 61 98 81 ....."L......a.. 00a8e074 7800b330 = MSVCRT.DLL:.text+0xa330 -------------------- 016f:7800b30c 59 pop ecx 016f:7800b30d 59 pop ecx 016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 016f:7800b317 837de400 cmp dword ptr [ebp-1c],+00 016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 016f:7800b321 ff7508 push dword ptr [ebp+08] 016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 016f:7800b329 6a09 push +09 016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0xa330: *016f:7800b330 59 pop ecx 016f:7800b331 c3 retd 016f:7800b332 6a09 push +09 016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock 016f:7800b339 59 pop ecx 016f:7800b33a c745fc01000000 mov dword ptr [ebp-04],00000001 016f:7800b341 8d45e0 lea eax,[ebp-20] 016f:7800b344 50 push eax 016f:7800b345 8d45d8 lea eax,[ebp-28] 016f:7800b348 50 push eax 016f:7800b349 56 push esi -------------------- 00a8e078 00000009 00a8e07c 7800b317 = MSVCRT.DLL:.text+0xa317 -------------------- 016f:7800b2fe 8945e4 mov dword ptr [ebp-1c],eax 016f:7800b301 85c0 test eax,eax 016f:7800b303 7409 jz 7800b30e = MSVCRT.DLL:.text+0xa30e 016f:7800b305 56 push esi 016f:7800b306 50 push eax 016f:7800b307 e886050000 call 7800b892 = MSVCRT.DLL:.text+0xa892 016f:7800b30c 59 pop ecx 016f:7800b30d 59 pop ecx 016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 MSVCRT.DLL:.text+0xa317: *016f:7800b317 837de400 cmp dword ptr [ebp-1c],+00 016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 016f:7800b321 ff7508 push dword ptr [ebp+08] 016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 016f:7800b329 6a09 push +09 016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock 016f:7800b330 59 pop ecx 016f:7800b331 c3 retd 016f:7800b332 6a09 push +09 016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock 016f:7800b339 59 pop ecx -------------------- 00a8e080 0107e0e8 -> e0 e0 07 01 e0 e0 07 01 00 00 00 00 6c 00 65 00 ............l.e. 00a8e084 00bc4290 -> d4 05 aa 00 d4 05 aa 00 53 56 31 2e 54 4d 50 5c ........SV1.TMP\ 00a8e088 1c71dae8 = VCL641MI.DLL:.data+0x5ae8 -> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... ... 00a8e090 00a8e084 -> 90 42 bc 00 e8 da 71 1c e8 da 71 1c 84 e0 a8 00 .B....q...q..... 00a8e094 ffffffff 00a8e098 00ba000c -> 00 00 02 f8 01 90 00 00 ff ff ff 1f 00 00 bb 00 ................ 00a8e09c bffb1b20 = KERNEL32.DLL:.text+0x48b20 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00a8e0a0 bff69200 = KERNEL32.DLL:.text+0x200 -> ff ff ff ff 36 97 f7 bf 3c 97 f7 bf 00 00 00 00 ....6...<....... 00a8e0a4 00a8e0d4 -> 08 61 98 81 26 bb f6 bf 08 61 98 81 e0 f0 07 01 .a..&....a...... 00a8e0a8 7800db11 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00a8e0ac 780332a0 = MSVCRT.DLL:.rdata+0x2a0 -> ff ff ff ff 00 00 00 00 29 b3 00 78 ff ff ff ff ........)..x.... 00a8e0b0 ffffffff 00a8e0b4 00a8e118 -> 30 55 65 00 70 e1 a8 00 b5 c3 6f 1c 00 00 00 00 0Ue.p.....o..... 00a8e0b8 004c22e7 = SAL3.DLL:.text+0x12e7 -------------------- 016f:004c22ce 90 nop 016f:004c22cf 90 nop 016f:004c22d0 56 push esi 016f:004c22d1 8b742408 mov esi,dword ptr [esp+08] 016f:004c22d5 85f6 test esi,esi 016f:004c22d7 7411 jz 004c22ea = SAL3.DLL:.text+0x12ea 016f:004c22d9 56 push esi 016f:004c22da ff15ec614e00 call dword ptr [004e61ec] -> KERNEL32.DLL!DeleteCriticalSection 016f:004c22e0 56 push esi 016f:004c22e1 ff15a8624e00 call dword ptr [004e62a8] -> MSVCRT.DLL!free SAL3.DLL:.text+0x12e7: *016f:004c22e7 83c404 add esp,+04 016f:004c22ea 5e pop esi 016f:004c22eb c3 retd 016f:004c22ec 90 nop 016f:004c22ed 90 nop 016f:004c22ee 90 nop 016f:004c22ef 90 nop 016f:004c22f0 a1e0586500 mov eax,dword ptr [006558e0] 016f:004c22f5 85c0 test eax,eax 016f:004c22f7 755c jnz 004c2355 = SAL3.DLL:.text+0x1355 016f:004c22f9 53 push ebx -------------------- 00a8e0bc bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8e0c0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e0c4 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8e0c8 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e0cc 0107e0e0 -> 18 07 00 00 18 00 00 00 e0 e0 07 01 e0 e0 07 01 ................ 00a8e0d0 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8e0d4 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e0d8 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8e0dc 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e0e0 0107f0e0 -> 18 00 00 80 68 00 00 00 68 db 04 01 d8 de 04 01 ....h...h....... 00a8e0e4 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8e0e8 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8e0ec 0107f0e8 -> 68 db 04 01 d8 de 04 01 01 00 69 00 6c 00 65 00 h.........i.l.e. 00a8e0f0 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8e0f4 0107f0e8 -> 68 db 04 01 d8 de 04 01 01 00 69 00 6c 00 65 00 h.........i.l.e. 00a8e0f8 1c64dd4b = VCL641MI.DLL:.text+0x4cd4b -------------------- 016f:1c64dd2b 663d0100 cmp ax,0001 016f:1c64dd2f 751f jnz 1c64dd50 = VCL641MI.DLL:.text+0x4cd50 016f:1c64dd31 85f6 test esi,esi 016f:1c64dd33 741f jz 1c64dd54 = VCL641MI.DLL:.text+0x4cd54 016f:1c64dd35 8d4e08 lea ecx,[esi+08] 016f:1c64dd38 e829730a00 call 1c6f5066 = TL641MI.DLL!242 016f:1c64dd3d 8d4e04 lea ecx,[esi+04] 016f:1c64dd40 e821730a00 call 1c6f5066 = TL641MI.DLL!242 016f:1c64dd45 56 push esi 016f:1c64dd46 e821730a00 call 1c6f506c = TL641MI.DLL!21 VCL641MI.DLL:.text+0x4cd4b: *016f:1c64dd4b 83c404 add esp,+04 016f:1c64dd4e 5e pop esi 016f:1c64dd4f c3 retd 016f:1c64dd50 48 dec eax 016f:1c64dd51 668906 mov word ptr [esi],ax 016f:1c64dd54 5e pop esi 016f:1c64dd55 c3 retd 016f:1c64dd56 90 nop 016f:1c64dd57 90 nop 016f:1c64dd58 90 nop 016f:1c64dd59 90 nop -------------------- 00a8e0fc 0107f0e8 -> 68 db 04 01 d8 de 04 01 01 00 69 00 6c 00 65 00 h.........i.l.e. 00a8e100 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e104 1c6768cf = VCL641MI.DLL:.text+0x758cf -------------------- 016f:1c67689f 8d8ecc000000 lea ecx,[esi+000000cc] 016f:1c6768a5 c644241c02 mov byte ptr [esp+1c],02 016f:1c6768aa e881750200 call 1c69de30 = VCL641MI.DLL!2597 016f:1c6768af 8d8eb4000000 lea ecx,[esi+000000b4] 016f:1c6768b5 c644241c01 mov byte ptr [esp+1c],01 016f:1c6768ba e86174fdff call 1c64dd20 = VCL641MI.DLL!937 016f:1c6768bf 8d8ea8000000 lea ecx,[esi+000000a8] 016f:1c6768c5 c644241c00 mov byte ptr [esp+1c],00 016f:1c6768ca e871700000 call 1c67d940 = VCL641MI.DLL!2534 VCL641MI.DLL:.text+0x758cf: *016f:1c6768cf 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c6768d3 5f pop edi 016f:1c6768d4 5e pop esi 016f:1c6768d5 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:1c6768dc 83c418 add esp,+18 016f:1c6768df c3 retd 016f:1c6768e0 e98de70700 jmp 1c6f5072 = TL641MI.DLL!334 016f:1c6768e5 90 nop 016f:1c6768e6 90 nop 016f:1c6768e7 90 nop 016f:1c6768e8 90 nop -------------------- 00a8e108 00000000 00a8e10c 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e110 010773b8 -> d0 03 00 00 48 01 00 00 01 00 00 00 31 00 00 00 ....H.......1... 00a8e114 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e118 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8e11c 00a8e170 -> f0 f2 a8 00 79 d4 6f 1c ff ff ff ff 44 ae dd 00 ....y.o.....D... 00a8e120 1c6fc3b5 = VCL641MI.DLL:.text+0xfb3b5 -> b8 f8 a8 70 1c e9 d7 e1 ff ff cc 8b 4d f0 e9 18 ...p........M... 00a8e124 00000000 00a8e128 1c6a4a4f = VCL641MI.DLL:.text+0xa3a4f -------------------- 016f:1c6a4a30 05008d8e68 add eax,688e8d00 016f:1c6a4a35 0100 add dword ptr [eax],eax 016f:1c6a4a37 00c6 add dh,al 016f:1c6a4a39 45 inc ebp 016f:1c6a4a3a fc cld 016f:1c6a4a3b 00e8 add al,ch 016f:1c6a4a3d 250605008b and eax,8b000506 016f:1c6a4a42 ce into 016f:1c6a4a43 c745fcffffffff mov dword ptr [ebp-04],ffffffff 016f:1c6a4a4a e8411dfdff call 1c676790 = VCL641MI.DLL!2089 VCL641MI.DLL:.text+0xa3a4f: *016f:1c6a4a4f 8b4df4 mov ecx,dword ptr [ebp-0c] 016f:1c6a4a52 5f pop edi 016f:1c6a4a53 5e pop esi 016f:1c6a4a54 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:1c6a4a5b 5b pop ebx 016f:1c6a4a5c 8be5 mov esp,ebp 016f:1c6a4a5e 5d pop ebp 016f:1c6a4a5f c3 retd 016f:1c6a4a60 83ec10 sub esp,+10 016f:1c6a4a63 8b442414 mov eax,dword ptr [esp+14] 016f:1c6a4a67 56 push esi -------------------- 00a8e12c 1c00e560 = REG4MSDOC641MI.DLL:.data+0x1560 -> 1f 00 00 00 00 00 00 00 10 66 07 01 60 5e 65 00 .........f..`^e. 00a8e130 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e134 00000007 00a8e138 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e13c 00000000 00a8e140 00a80009 00a8e144 00000000 ... 00a8e14c 00a8e42c -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e150 00000000 00a8e154 01075b70 -> 80 46 03 01 b8 49 03 01 01 00 5c 54 45 4d 50 5c .F...I....\TEMP\ 00a8e158 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8e15c 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e160 00000000 00a8e164 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e168 00000000 00a8e16c 00a8e12c -> 60 e5 00 1c b0 e1 a8 00 07 00 00 00 b0 e1 a8 00 `............... 00a8e170 00a8f2f0 -> ff ff ff ff fc d6 43 00 c8 db 05 01 01 00 00 00 ......C......... 00a8e174 1c6fd479 = VCL641MI.DLL:.text+0xfc479 -> b8 20 bb 70 1c e9 13 d1 ff ff cc cc cc cc cc cc . .p............ 00a8e178 ffffffff 00a8e17c 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8e180 00413f0b = SET641MI.DLL:.text+0x12f0b -------------------- 016f:00413ed8 8d8e14050000 lea ecx,[esi+00000514] 016f:00413ede e82b710600 call 0047b00e = VCL641MI.DLL!3631 016f:00413ee3 8d8e7c020000 lea ecx,[esi+0000027c] 016f:00413ee9 e87a740600 call 0047b368 = SVT641MI.DLL!3888 016f:00413eee 8d8e78020000 lea ecx,[esi+00000278] 016f:00413ef4 e88d6b0600 call 0047aa86 = TL641MI.DLL!242 016f:00413ef9 8d8e5c020000 lea ecx,[esi+0000025c] 016f:00413eff e804710600 call 0047b008 = VCL641MI.DLL!454 016f:00413f04 8bce mov ecx,esi 016f:00413f06 e803710600 call 0047b00e = VCL641MI.DLL!3631 SET641MI.DLL:.text+0x12f0b: *016f:00413f0b 5e pop esi 016f:00413f0c c3 retd 016f:00413f0d 90 nop 016f:00413f0e 90 nop 016f:00413f0f 90 nop 016f:00413f10 53 push ebx 016f:00413f11 56 push esi 016f:00413f12 57 push edi 016f:00413f13 8bf9 mov edi,ecx 016f:00413f15 33f6 xor esi,esi 016f:00413f17 8b8f1c110000 mov ecx,dword ptr [edi+0000111c] -------------------- 00a8e184 0107cb08 -> a0 31 05 01 88 34 05 01 01 00 85 1c 58 0f 01 01 .1...4......X... 00a8e188 1c001bb9 = REG4MSDOC641MI.DLL:.text+0xbb9 -------------------- 016f:1c001b92 8d4c2424 lea ecx,[esp+24] 016f:1c001b96 e8a50a0000 call 1c002640 = REG4MSDOC641MI.DLL:.text+0x1640 016f:1c001b9b 84c0 test al,al 016f:1c001b9d 7406 jz 1c001ba5 = REG4MSDOC641MI.DLL:.text+0xba5 016f:1c001b9f 8b07 mov eax,dword ptr [edi] 016f:1c001ba1 0c08 or al,08 016f:1c001ba3 8907 mov dword ptr [edi],eax 016f:1c001ba5 8d4c2424 lea ecx,[esp+24] 016f:1c001ba9 c784246c110000ffffffff mov dword ptr [esp+0000116c],ffffffff 016f:1c001bb4 e89b690000 call 1c008554 = SET641MI.DLL!2055 REG4MSDOC641MI.DLL:.text+0xbb9: *016f:1c001bb9 8a44240b mov al,byte ptr [esp+0b] 016f:1c001bbd 5f pop edi 016f:1c001bbe 5b pop ebx 016f:1c001bbf 8b8c245c110000 mov ecx,dword ptr [esp+0000115c] 016f:1c001bc6 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:1c001bcd 81c468110000 add esp,00001168 016f:1c001bd3 c3 retd 016f:1c001bd4 8b8c2464110000 mov ecx,dword ptr [esp+00001164] 016f:1c001bdb 5f pop edi 016f:1c001bdc b001 mov al,01 016f:1c001bde 5b pop ebx -------------------- 00a8e18c 0107cb08 -> a0 31 05 01 88 34 05 01 01 00 85 1c 58 0f 01 01 .1...4......X... 00a8e190 0107cb01 -> 00 00 80 18 00 00 00 a0 31 05 01 88 34 05 01 01 ........1...4... 00a8e194 01001920 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e198 01077438 -> 30 74 07 01 30 74 07 01 50 00 75 00 65 00 64 00 0t..0t..P.u.e.d. 00a8e19c 00000000 00a8e1a0 01112363 = SETUP.EXE:.text+0x11363 -> 00 8d 8e 9c 10 00 00 8d 44 24 04 50 ff 52 5c 8d ........D$.P.R\. 00a8e1a4 010757e0 -> e8 ab 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e1a8 71cc0100 00a8e1ac 054f1f69 00a8e1b0 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8e1b4 00000000 ... 00a8e1c8 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8e1cc 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8e1d0 00000000 ... 00a8e1e8 0000004e 00a8e1ec 7172f040 = SHDOCVW.DLL:.text+0x2e040 -> 7b 00 62 00 66 00 35 00 30 00 62 00 36 00 38 00 {.b.f.5.0.b.6.8. 00a8e1f0 70c208a1 = SHLWAPI.DLL!437 -------------------- 016f:70c2088c 837dfc00 cmp dword ptr [ebp-04],+00 016f:70c20890 7405 jz 70c20897 = SHLWAPI.DLL:.text+0x4f897 016f:70c20892 33c0 xor eax,eax 016f:70c20894 40 inc eax 016f:70c20895 eb02 jmp 70c20899 = SHLWAPI.DLL:.text+0x4f899 016f:70c20897 33c0 xor eax,eax 016f:70c20899 a3f4b2c270 mov dword ptr [70c2b2f4],eax 016f:70c2089e 5e pop esi 016f:70c2089f c9 leave 016f:70c208a0 c3 retd SHLWAPI.DLL!437: *016f:70c208a1 53 push ebx 016f:70c208a2 33db xor ebx,ebx 016f:70c208a4 56 push esi 016f:70c208a5 43 inc ebx 016f:70c208a6 833dacbcc27000 cmp dword ptr [70c2bcac],+00 016f:70c208ad 57 push edi 016f:70c208ae 752f jnz 70c208df = SHLWAPI.DLL:.text+0x4f8df 016f:70c208b0 8b35cc13bd70 mov esi,dword ptr [70bd13cc] -> KERNEL32.DLL!GetVersionExA 016f:70c208b6 bf10bcc270 mov edi,70c2bc10 016f:70c208bb 57 push edi 016f:70c208bc 891dacbcc270 mov dword ptr [70c2bcac],ebx -------------------- 00a8e1f4 71718a16 = SHDOCVW.DLL:.text+0x17a16 -------------------- 016f:717189f0 ff154c187071 call dword ptr [7170184c] -> SHLWAPI.DLL!SHGetValueW 016f:717189f6 85c0 test eax,eax 016f:717189f8 7517 jnz 71718a11 = SHDOCVW.DLL:.text+0x17a11 016f:717189fa 68188a7171 push 71718a18 016f:717189ff 8d45ac lea eax,[ebp-54] 016f:71718a02 50 push eax 016f:71718a03 ff1550187071 call dword ptr [71701850] -> SHLWAPI.DLL!StrCmpIW 016f:71718a09 85c0 test eax,eax 016f:71718a0b 0f8599f00100 jnz 71737aaa = SHDOCVW.DLL:.text+0x36aaa 016f:71718a11 e82c650100 call 7172ef42 = SHDOCVW.DLL:.text+0x2df42 SHDOCVW.DLL:.text+0x17a16: *016f:71718a16 ebb6 jmp 717189ce = SHDOCVW.DLL:.text+0x179ce 016f:71718a18 7b00 jnp 71718a1a = SHDOCVW.DLL:.text+0x17a1a 016f:71718a1a 45 inc ebp 016f:71718a1b 004100 add byte ptr [ecx],al 016f:71718a1e 42 inc edx 016f:71718a1f 0032 add byte ptr [edx],dh 016f:71718a21 0032 add byte ptr [edx],dh 016f:71718a23 004100 add byte ptr [ecx],al 016f:71718a26 43 inc ebx 016f:71718a27 0030 add byte ptr [eax],dh 016f:71718a29 002d00330030 add byte ptr [30003300],ch -------------------- 00a8e1f8 00000000 ... 00a8e200 00000215 00a8e204 00000145 00a8e208 00000060 ... 00a8e210 00000000 ... 00a8e224 00420045 = SET641MI.DLL:.text+0x1f045 -> 00 00 00 83 ec 34 53 56 57 8d 45 e0 89 65 f0 33 .....4SVW.E..e.3 00a8e228 0030002d 00a8e22c 00300030 00a8e230 00430030 = SET641MI.DLL:.text+0x2f030 -> 68 e0 55 4a 00 52 e8 b7 aa 04 00 83 c4 08 8d 4c h.UJ.R.........L 00a8e234 00350030 00a8e238 00410042 = SET641MI.DLL:.text+0xf042 -> f0 c6 44 24 20 02 e8 27 aa 06 00 85 f6 0f 84 09 ..D$ ..'........ 00a8e23c 00300045 00a8e240 007d0042 = SVL641MI.DLL:.text+0xf042 -------------------- 016f:007d0020 8d4c2428 lea ecx,[esp+28] 016f:007d0024 6868fc8300 push 0083fc68 016f:007d0029 51 push ecx 016f:007d002a 89742430 mov dword ptr [esp+30],esi 016f:007d002e e8df470500 call 00824812 = SAL3.DLL!rtl_string2UString 016f:007d0033 8b542430 mov edx,dword ptr [esp+30] 016f:007d0037 8d442418 lea eax,[esp+18] 016f:007d003b 52 push edx 016f:007d003c 50 push eax 016f:007d003d e8be470500 call 00824800 = SAL3.DLL!rtl_uString_assign SVL641MI.DLL:.text+0xf042: *016f:007d0042 8b4c2438 mov ecx,dword ptr [esp+38] 016f:007d0046 51 push ecx 016f:007d0047 eb62 jmp 007d00ab = SVL641MI.DLL:.text+0xf0ab 016f:007d0049 6833030000 push 00000333 016f:007d004e 6a0b push +0b 016f:007d0050 6a16 push +16 016f:007d0052 8d54242c lea edx,[esp+2c] 016f:007d0056 6880fc8300 push 0083fc80 016f:007d005b 52 push edx 016f:007d005c 89742434 mov dword ptr [esp+34],esi 016f:007d0060 e8ad470500 call 00824812 = SAL3.DLL!rtl_string2UString -------------------- 00a8e244 00000000 00a8e248 00000177 00a8e24c 00a8e268 -> 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................ 00a8e250 bff6b8dc = KERNEL32.DLL:.text+0x28dc -------------------- 016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] 016f:bff6b8c0 fb sti 016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b 016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b8cb ff7514 push dword ptr [ebp+14] 016f:bff6b8ce ff7510 push dword ptr [ebp+10] 016f:bff6b8d1 ff750c push dword ptr [ebp+0c] 016f:bff6b8d4 ff7508 push dword ptr [ebp+08] 016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c KERNEL32.DLL:.text+0x28dc: *016f:bff6b8dc 8bf0 mov esi,eax 016f:bff6b8de 85f6 test esi,esi 016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e8 66ff4602 inc word ptr [esi+02] 016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b8f1 50 push eax 016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 016f:bff6b8f7 8bc6 mov eax,esi 016f:bff6b8f9 5e pop esi -------------------- 00a8e254 00000001 00a8e258 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e25c 00000000 00a8e260 00ffffff -> 00 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc .p........$I.... 00a8e264 0107f0e8 -> 68 db 04 01 d8 de 04 01 01 00 69 00 6c 00 65 00 h.........i.l.e. 00a8e268 00000000 00a8e26c ffffffff ... 00a8e274 00000000 ... 00a8e27c 010b7248 -> 28 00 00 80 48 00 00 00 03 00 00 00 13 00 00 00 (...H........... 00a8e280 00dde860 -> 0a 00 dd 00 78 e2 dd 00 f0 e2 dd 00 d8 2e dd 00 ....x........... 00a8e284 1c71d70c = VCL641MI.DLL:.data+0x570c -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e288 00000000 ... 00a8e290 bff80000 = KERNEL32.DLL:.text+0x17000 -> ff 85 f6 74 04 03 c6 eb 03 03 45 f4 83 45 0c 02 ...t......E..E.. 00a8e294 72c03637 00a8e298 0000bfcc 00a8e29c 00000000 00a8e2a0 010baea8 -> 00 00 0b 01 a0 ae 0b 01 20 00 00 00 20 02 00 00 ........ ... ... 00a8e2a4 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e2a8 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8e2ac 00000000 00a8e2b0 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8e2b4 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8e2bc 00000000 ... 00a8e2c4 00ddb188 -> fc 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. ... 00a8e2cc 00000000 ... 00a8e2f0 731e0167 00a8e2f4 015f1e25 = I18NPOOL641MI.DLL:.data+0xfe25 -> 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 ................ 00a8e2f8 765632b7 00a8e2fc 00070157 00a8e300 00000000 ... 00a8e30c 4d730000 00a8e310 00000001 ... 00a8e318 010773c0 -> 01 00 00 00 31 00 00 00 50 00 72 00 6f 00 67 00 ....1...P.r.o.g. 00a8e31c 00000000 00a8e320 ffffffff ... 00a8e328 00000000 ... 00a8e340 00287394 00a8e344 014001a7 00a8e348 00000000 ... 00a8e350 85dc0000 00a8e354 00000000 00a8e358 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 00a8e360 1c71d550 = VCL641MI.DLL:.data+0x5550 -> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ 00a8e364 00000000 ... 00a8e370 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e374 010bfed0 -> 01 00 00 00 2e 00 00 00 66 00 69 00 6c 00 65 00 ........f.i.l.e. 00a8e378 1c71d928 = VCL641MI.DLL:.data+0x5928 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e37c 00000000 ... 00a8e384 c0000742 00a8e388 00000000 ... 00a8e394 0000013b 00a8e398 00004ec8 00a8e39c 00000000 00a8e3a0 00010000 00a8e3a4 00000000 00a8e3a8 1c6e4f10 = VCL641MI.DLL:.text+0xe3f10 -> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 00a8e3ac 8200801d 00a8e3b0 00400010 = SET641MI.DLL+0x10 -> b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@....... 00a8e3b4 00000000 ... 00a8e3e4 00008468 00a8e3e8 00000000 ... 00a8e3f4 bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8e3f8 00000000 00a8e3fc 010757e0 -> e8 ab 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e400 00000000 ... 00a8e408 bff6c600 = KERNEL32.DLL:.text+0x3600 -> f8 85 c9 75 e2 e9 7d fc ff ff 8b 45 e8 83 45 e8 ...u..}....E..E. 00a8e40c 1c703ae8 = VCL641MI.DLL!458 -> c0 ee 61 1c c0 ee 61 1c a0 01 62 1c 00 00 00 00 ..a...a...b..... 00a8e410 00000000 00a8e414 000005dc 00a8e418 00000000 00a8e41c 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e420 00413fb0 = SET641MI.DLL!2067 -> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... 00a8e424 01000001 -> 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc 00 d8 ........$I...... 00a8e428 01077438 -> 30 74 07 01 30 74 07 01 50 00 75 00 65 00 64 00 0t..0t..P.u.e.d. 00a8e42c 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8e430 00000000 ... 00a8e444 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8e448 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8e44c 00000000 ... 00a8e464 0ab73d92 00a8e468 00000004 00a8e46c 00000000 00a8e470 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8e474 0000000b 00a8e478 00000012 00a8e47c 000001ff 00a8e480 000000f8 00a8e484 00000060 ... 00a8e48c 00000000 ... 00a8e4a0 000c3637 00a8e4a4 84ca0000 00a8e4a8 00030000 00a8e4ac 1c6dcec0 = VCL641MI.DLL:.text+0xdbec0 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8e4b0 09d7108b 00a8e4b4 001e0000 00a8e4b8 00000000 00a8e4bc 05700471 00a8e4c0 1c71000c = VCL641MI.DLL:.rdata+0x1100c -> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ 00a8e4c4 00000000 00a8e4c8 85120ad7 00a8e4cc 09e71b97 00a8e4d0 00000001 00a8e4d4 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e4d8 00000000 00a8e4dc 00ffffff -> 00 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc .p........$I.... 00a8e4e0 0107de20 -> 01 00 07 01 40 e7 dd 00 f8 e3 85 1c 00 00 00 00 ....@........... 00a8e4e4 00000000 00a8e4e8 ffffffff ... 00a8e4f0 00000000 ... 00a8e4f8 0107ff78 -> ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e4fc 00dde860 -> 0a 00 dd 00 78 e2 dd 00 f0 e2 dd 00 d8 2e dd 00 ....x........... 00a8e500 1c71d70c = VCL641MI.DLL:.data+0x570c -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e504 00000000 ... 00a8e510 853e0000 00a8e514 00009fcc 00a8e518 00000000 ... 00a8e520 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e524 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8e528 00000000 ... 00a8e530 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8e538 0107fd40 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e53c 00000000 00a8e540 0107fd40 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e544 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8e548 00000000 ... 00a8e56c 05700471 00a8e570 04710570 00a8e574 00000000 00a8e578 0000001e 00a8e57c 00000000 ... 00a8e588 0ab70003 00a8e58c 00000001 ... 00a8e594 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers 00a8e598 00000000 00a8e59c ffffffff ... 00a8e5a4 00000002 ... 00a8e5bc 00000000 00a8e5c0 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8e5c4 00000009 00a8e5c8 00000010 00a8e5cc 85dc0a09 00a8e5d0 00000000 00a8e5d4 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 00a8e5dc 1c71d550 = VCL641MI.DLL:.data+0x5550 -> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ 00a8e5e0 00000000 ... 00a8e5ec 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ... 00a8e5f4 1c71d928 = VCL641MI.DLL:.data+0x5928 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e5f8 00000000 ... 00a8e600 0200250c 00a8e604 02006548 00a8e608 00000000 ... 00a8e610 65fb0153 = OLE32.DLL:.data+0x1153 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e614 0000ea9c 00a8e618 00000000 ... 00a8e624 65f2feed = OLE32.DLL:.text+0x2eeed -------------------- 016f:65f2fecf 83f9ff cmp ecx,-01 016f:65f2fed2 0f84e2000000 jz 65f2ffba = OLE32.DLL:.text+0x2efba 016f:65f2fed8 8d45f8 lea eax,[ebp-08] 016f:65f2fedb 50 push eax 016f:65f2fedc ff750c push dword ptr [ebp+0c] 016f:65f2fedf ff7508 push dword ptr [ebp+08] 016f:65f2fee2 ff7238 push dword ptr [edx+38] 016f:65f2fee5 51 push ecx 016f:65f2fee6 8bce mov ecx,esi 016f:65f2fee8 e83d020000 call 65f3012a = OLE32.DLL:.text+0x2f12a OLE32.DLL:.text+0x2eeed: *016f:65f2feed 8b551c mov edx,dword ptr [ebp+1c] 016f:65f2fef0 8902 mov dword ptr [edx],eax 016f:65f2fef2 8b7df8 mov edi,dword ptr [ebp-08] 016f:65f2fef5 83c608 add esi,+08 016f:65f2fef8 56 push esi 016f:65f2fef9 ff15f813f065 call dword ptr [65f013f8] -> KERNEL32.DLL!LeaveCriticalSection 016f:65f2feff 8bc7 mov eax,edi 016f:65f2ff01 5f pop edi 016f:65f2ff02 5e pop esi 016f:65f2ff03 5b pop ebx 016f:65f2ff04 8be5 mov esp,ebp -------------------- 00a8e628 00000000 00a8e62c 80440018 -> 00 00 00 00 00 00 00 00 40 10 39 00 00 00 00 00 ........@.9..... 00a8e630 0107a5bc -> 48 fa 6f 1c 00 22 bc 00 01 03 00 00 00 00 00 00 H.o..".......... 00a8e634 65f2feff = OLE32.DLL:.text+0x2eeff -> 8b c7 5f 5e 5b 8b e5 5d c2 18 00 ff 15 0c 14 f0 .._^[..]........ 00a8e638 65fb2f20 = OLE32.DLL:.data+0x3f20 -> 04 00 00 00 54 a8 98 81 00 00 00 00 00 00 00 00 ....T........... 00a8e63c 00a8ea00 -> b0 e1 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e640 00000000 ... 00a8e650 1c7052c0 = VCL641MI.DLL!4393 -> 60 8e 64 1c 00 91 64 1c 70 94 64 1c 80 37 64 1c `.d...d.p.d..7d. 00a8e654 00000000 ... 00a8e664 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 00a8e674 00000000 ... 00a8e680 ffff0001 00a8e684 00000000 00a8e688 000c0000 00a8e68c 00dd3078 -> 00 00 10 01 70 05 00 00 08 af dd 00 80 5e 65 1c ....p........^e. 00a8e690 00000000 00a8e694 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8e698 00000000 00a8e69c 1c63157d = VCL641MI.DLL:.text+0x3057d -------------------- 016f:1c631566 85c0 test eax,eax 016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 016f:1c63156a 8b0e mov ecx,dword ptr [esi] 016f:1c63156c 50 push eax 016f:1c63156d 51 push ecx 016f:1c63156e ffd3 call ebx 016f:1c631570 8a442413 mov al,byte ptr [esp+13] 016f:1c631574 84c0 test al,al 016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d 016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 VCL641MI.DLL:.text+0x3057d: *016f:1c63157d 5f pop edi 016f:1c63157e 5e pop esi 016f:1c63157f 5d pop ebp 016f:1c631580 5b pop ebx 016f:1c631581 83c464 add esp,+64 016f:1c631584 c3 retd 016f:1c631585 90 nop 016f:1c631586 90 nop 016f:1c631587 90 nop 016f:1c631588 90 nop 016f:1c631589 90 nop -------------------- 00a8e6a0 00000000 00a8e6a4 01075b74 -> b8 49 03 01 01 00 5c 54 45 4d 50 5c 18 00 00 80 .I....\TEMP\.... 00a8e6a8 0107a5d8 -> d0 a5 07 01 d0 a5 07 01 00 00 00 00 2c e4 a8 00 ............,... 00a8e6ac 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers 00a8e6b0 01986108 00a8e6b4 00000000 ... 00a8e6bc 000001da 00a8e6c0 00000000 00a8e6c4 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8e6c8 00000000 ... 00a8e6dc 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8e6e0 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8e6e4 00000000 ... 00a8e6fc 7fbd3a8a = SHELL32.DLL:.text+0x2a8a -------------------- 016f:7fbd3a6b be00200000 mov esi,00002000 016f:7fbd3a70 57 push edi 016f:7fbd3a71 56 push esi 016f:7fbd3a72 ff15ac1abd7f call dword ptr [7fbd1aac] -> SHLWAPI.DLL!461 016f:7fbd3a78 85c6 test esi,eax 016f:7fbd3a7a 7506 jnz 7fbd3a82 = SHELL32.DLL:.text+0x2a82 016f:7fbd3a7c 8b4518 mov eax,dword ptr [ebp+18] 016f:7fbd3a7f 832000 and dword ptr [eax],+00 016f:7fbd3a82 ff750c push dword ptr [ebp+0c] 016f:7fbd3a85 e8eee4ffff call 7fbd1f78 = SHELL32.DLL:.text+0xf78 SHELL32.DLL:.text+0x2a8a: *016f:7fbd3a8a 8bf8 mov edi,eax 016f:7fbd3a8c 85ff test edi,edi 016f:7fbd3a8e 897df4 mov dword ptr [ebp-0c],edi 016f:7fbd3a91 0f8429550a00 jz 7fc78fc0 = SHELL32.DLL:.text+0xa7fc0 016f:7fbd3a97 57 push edi 016f:7fbd3a98 e896f8ffff call 7fbd3333 = SHELL32.DLL:.text+0x2333 016f:7fbd3a9d 85c0 test eax,eax 016f:7fbd3a9f 7442 jz 7fbd3ae3 = SHELL32.DLL:.text+0x2ae3 016f:7fbd3aa1 8b4508 mov eax,dword ptr [ebp+08] 016f:7fbd3aa4 8d70f0 lea esi,[eax-10] 016f:7fbd3aa7 8d45f8 lea eax,[ebp-08] -------------------- 00a8e700 008703d8 -> 1c 00 86 00 f4 68 86 00 25 ad d0 11 98 a8 08 00 .....h..%....... 00a8e704 008673cc -> d0 c9 bd 7f d8 28 bd 7f 01 00 00 00 a8 73 86 00 .....(.......s.. 00a8e708 008673dc -> 80 c9 bd 7f 70 c9 bd 7f 58 c9 bd 7f 50 44 39 38 ....p...X...PD98 00a8e70c 00000009 00a8e710 0000011e 00a8e714 00000203 00a8e718 00000003 00a8e71c 00000060 ... 00a8e724 00000000 ... 00a8e738 00a8e887 -> 1c a8 5d dd 00 28 d9 71 1c 00 00 00 00 00 00 00 ..]..(.q........ 00a8e73c 00000104 00a8e740 7fbd3397 = SHELL32.DLL:.text+0x2397 -------------------- 016f:7fbd3377 ff7508 push dword ptr [ebp+08] 016f:7fbd337a ff153414bd7f call dword ptr [7fbd1434] -> USER32.DLL!CharPrevA 016f:7fbd3380 80385c cmp byte ptr [eax],5c 016f:7fbd3383 7404 jz 7fbd3389 = SHELL32.DLL:.text+0x2389 016f:7fbd3385 c6065c mov byte ptr [esi],5c 016f:7fbd3388 46 inc esi 016f:7fbd3389 8d85f8feffff lea eax,[ebp-00000108] 016f:7fbd338f 50 push eax 016f:7fbd3390 56 push esi 016f:7fbd3391 ff152417bd7f call dword ptr [7fbd1724] -> KERNEL32.DLL!lstrcpy SHELL32.DLL:.text+0x2397: *016f:7fbd3397 0fb707 movzx eax,word ptr [edi] 016f:7fbd339a 03750c add esi,dword ptr [ebp+0c] 016f:7fbd339d 03f8 add edi,eax 016f:7fbd339f 85ff test edi,edi 016f:7fbd33a1 7440 jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 016f:7fbd33a3 66833f00 cmp word ptr [edi],+00 016f:7fbd33a7 743a jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 016f:7fbd33a9 8d85f8feffff lea eax,[ebp-00000108] 016f:7fbd33af 53 push ebx 016f:7fbd33b0 50 push eax 016f:7fbd33b1 57 push edi -------------------- 00a8e744 00a8e887 -> 1c a8 5d dd 00 28 d9 71 1c 00 00 00 00 00 00 00 ..]..(.q........ 00a8e748 00a8e758 -> 98 e7 a8 00 20 00 00 00 34 68 86 00 2c 00 00 00 .... ...4h..,... 00a8e74c 00a8edc0 -> 00 00 00 00 00 00 00 00 00 00 00 00 90 e9 dd 00 ................ 00a8e750 00a8e9a8 -> ff ff ff ff 00 00 00 00 00 00 00 00 38 da 71 1c ............8.q. 00a8e754 00870318 -> 3c 00 86 00 80 ef 86 00 34 03 87 00 1c 03 87 00 <.......4....... 00a8e758 00a8e798 -> 0c d7 71 1c 00 00 00 00 00 00 00 00 00 00 f6 bf ..q............. 00a8e75c 00000020 00a8e760 00866834 -> 2c 00 00 a0 40 16 b8 77 f0 15 b8 77 d8 15 b8 77 ,...@..w...w...w 00a8e764 0000002c 00a8e768 00000001 00a8e76c 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e770 00ffffff -> 00 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc .p........$I.... ... 00a8e778 0107dae8 -> 01 00 07 01 40 e7 dd 00 f8 e3 85 1c 00 00 00 00 ....@........... 00a8e77c 00000000 00a8e780 ffffffff ... 00a8e788 00000000 ... 00a8e790 010b7248 -> 28 00 00 80 48 00 00 00 03 00 00 00 13 00 00 00 (...H........... 00a8e794 00dde860 -> 0a 00 dd 00 78 e2 dd 00 f0 e2 dd 00 d8 2e dd 00 ....x........... 00a8e798 1c71d70c = VCL641MI.DLL:.data+0x570c -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e79c 00000000 ... 00a8e7a4 bff60000 = KERNEL32.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8e7a8 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8e7ac 0000becc 00a8e7b0 00000000 ... 00a8e7b8 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e7bc 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8e7c0 00000000 00a8e7c4 00866838 -> 40 16 b8 77 f0 15 b8 77 d8 15 b8 77 01 00 00 00 @..w...w...w.... 00a8e7c8 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8e7d0 00000000 ... 00a8e7d8 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8e7e0 00000000 ... 00a8e804 00a8eac0 -> 00 00 00 00 00 00 00 00 00 00 00 00 46 01 86 00 ............F... 00a8e808 00000001 00a8e80c 00a8eac8 -> 00 00 00 00 46 01 86 00 30 02 00 00 00 00 00 00 ....F...0....... 00a8e810 00a8e87c -> 00 00 00 00 00 00 00 00 18 d9 71 1c a8 5d dd 00 ..........q..].. 00a8e814 00000000 ... 00a8e824 00000001 ... 00a8e82c 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers 00a8e830 00000000 00a8e834 ffffffff ... 00a8e83c 00000000 ... 00a8e84c 00000009 00a8e850 0000011e 00a8e854 00000000 00a8e858 7fbd7b7b = SHELL32.DLL:.text+0x6b7b -------------------- 016f:7fbd7b58 0f849f000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd 016f:7fbd7b5e 85c0 test eax,eax 016f:7fbd7b60 0f8497000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd 016f:7fbd7b66 57 push edi 016f:7fbd7b67 8bcb mov ecx,ebx 016f:7fbd7b69 e8e0000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e 016f:7fbd7b6e ff75f4 push dword ptr [ebp-0c] 016f:7fbd7b71 8bcb mov ecx,ebx 016f:7fbd7b73 8845fb mov byte ptr [ebp-05],al 016f:7fbd7b76 e8d3000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e SHELL32.DLL:.text+0x6b7b: *016f:7fbd7b7b 0fb675fb movzx esi,byte ptr [ebp-05] 016f:7fbd7b7f 0fb6c0 movzx eax,al 016f:7fbd7b82 2bf0 sub esi,eax 016f:7fbd7b84 7577 jnz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd 016f:7fbd7b86 57 push edi 016f:7fbd7b87 8bcb mov ecx,ebx 016f:7fbd7b89 e817b4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 016f:7fbd7b8e ff75f4 push dword ptr [ebp-0c] 016f:7fbd7b91 8bcb mov ecx,ebx 016f:7fbd7b93 8bf0 mov esi,eax 016f:7fbd7b95 e80bb4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 -------------------- 00a8e85c 00000009 00a8e860 0000011e 00a8e864 00000000 ... 00a8e86c 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 00a8e874 1c71d550 = VCL641MI.DLL:.data+0x5550 -> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ 00a8e878 00000000 ... 00a8e884 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e888 00dd5da8 -> 00 00 00 00 b8 5d fc 00 50 98 0b 01 00 00 00 00 .....]..P....... 00a8e88c 1c71d928 = VCL641MI.DLL:.data+0x5928 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e890 00000000 ... 00a8e898 00000440 00a8e89c 00000000 ... 00a8e8a8 00860158 -> 34 00 00 a0 02 00 00 00 01 00 00 00 90 01 86 00 4............... 00a8e8ac 00000000 ... 00a8e8bc 81984d6c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e8c0 00000000 00a8e8c4 c0400018 00a8e8c8 00000000 00a8e8cc 7fbd23a7 = SHELL32.DLL:.text+0x13a7 -------------------- 016f:7fbd2387 ebe7 jmp 7fbd2370 = SHELL32.DLL:.text+0x1370 016f:7fbd2389 836c240410 sub dword ptr [esp+04],+10 016f:7fbd238e ff742404 push dword ptr [esp+04] 016f:7fbd2392 e803000000 call 7fbd239a = SHELL32.DLL:.text+0x139a 016f:7fbd2397 c20400 retd 0004 016f:7fbd239a 8b442404 mov eax,dword ptr [esp+04] 016f:7fbd239e 8b400c mov eax,dword ptr [eax+0c] 016f:7fbd23a1 50 push eax 016f:7fbd23a2 8b08 mov ecx,dword ptr [eax] 016f:7fbd23a4 ff5104 call dword ptr [ecx+04] SHELL32.DLL:.text+0x13a7: *016f:7fbd23a7 c20400 retd 0004 016f:7fbd23aa 90 nop 016f:7fbd23ab 90 nop 016f:7fbd23ac 90 nop 016f:7fbd23ad 90 nop 016f:7fbd23ae 90 nop 016f:7fbd23af 90 nop 016f:7fbd23b0 8c ?db 8c 016f:7fbd23b1 f6f2 div dl 016f:7fbd23b3 93 xchg eax,ebx 016f:7fbd23b4 1b1dd311a30e sbb ebx,dword ptr [0ea311d3] -------------------- 00a8e8d0 008673a8 -> 60 a1 c1 7f 48 a1 c1 7f 38 a1 c1 7f 20 a1 c1 7f `...H...8... ... 00a8e8d4 7fbd2300 = SHELL32.DLL:.text+0x1300 -> 33 eb 99 66 ff 46 04 eb 93 b8 10 23 bd 7f eb 93 3..f.F.....#.... 00a8e8d8 008673cc -> d0 c9 bd 7f d8 28 bd 7f 01 00 00 00 a8 73 86 00 .....(.......s.. 00a8e8dc 00000000 00a8e8e0 008673cc -> d0 c9 bd 7f d8 28 bd 7f 01 00 00 00 a8 73 86 00 .....(.......s.. 00a8e8e4 00000000 00a8e8e8 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8e8ec 00000000 ... 00a8e8fc 00dde990 -> 08 69 07 01 b0 c0 dd 00 00 00 00 00 40 e7 dd 00 .i..........@... 00a8e900 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8e904 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8e908 00000000 ... 00a8e920 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8e924 00a8e958 -> 00 00 00 00 00 00 86 00 00 00 00 00 00 00 00 00 ................ 00a8e928 81984d6c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e92c 00870260 -> 00 00 00 00 b7 de 10 00 00 00 00 00 28 33 f0 65 ............(3.e 00a8e930 00000127 00a8e934 00000128 00a8e938 0000004e 00a8e93c 00000017 00a8e940 00000060 ... 00a8e948 00000000 00a8e94c 0000000b 00a8e950 00000000 ... 00a8e95c 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8e960 00000000 ... 00a8e968 00870230 -> 3c 00 86 00 2c 00 86 00 53 56 31 2e 54 4d 50 5c <...,...SV1.TMP\ 00a8e96c 00a8ead8 -> 00 00 00 00 00 00 00 00 39 38 41 38 80 00 00 00 ........98A8.... 00a8e970 0087022c -> c9 01 00 a0 3c 00 86 00 2c 00 86 00 53 56 31 2e ....<...,...SV1. 00a8e974 00a8eac4 -> 00 00 00 00 00 00 00 00 46 01 86 00 30 02 00 00 ........F...0... 00a8e978 65f014db = OLE32.DLL:.text+0x4db -------------------- 016f:65f014bc 1b11 sbb edx,dword ptr [ecx] 016f:65f014be f9 stc 016f:65f014bf bf00000000 mov edi,00000000 016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] 016f:65f014c8 85c0 test eax,eax 016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db 016f:65f014cc 50 push eax 016f:65f014cd 6a00 push +00 016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] 016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree OLE32.DLL:.text+0x4db: *016f:65f014db c20800 retd 0008 016f:65f014de ff742408 push dword ptr [esp+08] 016f:65f014e2 6a00 push +00 016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] 016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc 016f:65f014f0 c20800 retd 0008 016f:65f014f3 56 push esi 016f:65f014f4 8bf1 mov esi,ecx 016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 016f:65f014fc 83c608 add esi,+08 -------------------- 00a8e97c 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8e980 00000000 00a8e984 00870230 -> 3c 00 86 00 2c 00 86 00 53 56 31 2e 54 4d 50 5c <...,...SV1.TMP\ 00a8e988 65f0155a = OLE32.DLL:.text+0x55a -------------------- 016f:65f01531 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc 016f:65f01537 ff3510f0fa65 push dword ptr [65faf010] 016f:65f0153d 8b01 mov eax,dword ptr [ecx] 016f:65f0153f ff500c call dword ptr [eax+0c] 016f:65f01542 c20400 retd 0004 016f:65f01545 ff742404 push dword ptr [esp+04] 016f:65f01549 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc 016f:65f0154f ff3510f0fa65 push dword ptr [65faf010] 016f:65f01555 8b01 mov eax,dword ptr [ecx] 016f:65f01557 ff5014 call dword ptr [eax+14] OLE32.DLL:.text+0x55a: *016f:65f0155a c20400 retd 0004 016f:65f0155d ff742404 push dword ptr [esp+04] 016f:65f01561 e8c7ffffff call 65f0152d = OLE32.DLL!CoTaskMemAlloc 016f:65f01566 c3 retd 016f:65f01567 ff742404 push dword ptr [esp+04] 016f:65f0156b e8d5ffffff call 65f01545 = OLE32.DLL!CoTaskMemFree 016f:65f01570 c3 retd 016f:65f01571 56 push esi 016f:65f01572 8bf1 mov esi,ecx 016f:65f01574 ff155414f065 call dword ptr [65f01454] -> KERNEL32.DLL!GetCurrentThreadId 016f:65f0157a 2b06 sub eax,dword ptr [esi] -------------------- 00a8e98c 00000001 00a8e990 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e994 00000000 00a8e998 00ffffff -> 00 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc .p........$I.... 00a8e99c 0107de80 -> 78 de 07 01 78 de 07 01 f8 e3 85 1c 00 00 00 00 x...x........... 00a8e9a0 00000000 00a8e9a4 ffffffff ... 00a8e9ac 00000000 ... 00a8e9b4 1c71da38 = VCL641MI.DLL:.data+0x5a38 -> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e9b8 00dde860 -> 0a 00 dd 00 78 e2 dd 00 f0 e2 dd 00 d8 2e dd 00 ....x........... 00a8e9bc 1c71d70c = VCL641MI.DLL:.data+0x570c -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8e9c0 00000000 ... 00a8e9c8 00a80000 00a8e9cc 65f014db = OLE32.DLL:.text+0x4db -------------------- 016f:65f014bc 1b11 sbb edx,dword ptr [ecx] 016f:65f014be f9 stc 016f:65f014bf bf00000000 mov edi,00000000 016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] 016f:65f014c8 85c0 test eax,eax 016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db 016f:65f014cc 50 push eax 016f:65f014cd 6a00 push +00 016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] 016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree OLE32.DLL:.text+0x4db: *016f:65f014db c20800 retd 0008 016f:65f014de ff742408 push dword ptr [esp+08] 016f:65f014e2 6a00 push +00 016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] 016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc 016f:65f014f0 c20800 retd 0008 016f:65f014f3 56 push esi 016f:65f014f4 8bf1 mov esi,ecx 016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 016f:65f014fc 83c608 add esi,+08 -------------------- 00a8e9d0 00801fc8 = SVL641MI.DLL:.text+0x40fc8 -> d8 8b 0e 8d 44 24 14 50 51 8b cf e8 f8 00 00 00 ....D$.PQ....... 00a8e9d4 00000000 ... 00a8e9dc 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8e9e0 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8e9e4 00000000 00a8e9e8 00a8eaac -> 18 d9 71 1c 28 d9 71 1c 00 00 00 00 00 00 00 00 ..q.(.q......... 00a8e9ec 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8e9f4 00000000 ... 00a8e9fc 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8ea04 00000000 ... 00a8ea28 bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8ea2c bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ea30 bff6b9af = KERNEL32.DLL:.text+0x29af -------------------- 016f:bff6b98e 8bec mov ebp,esp 016f:bff6b990 50 push eax 016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b996 50 push eax 016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b99c ff7508 push dword ptr [ebp+08] 016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b9a9 50 push eax 016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x29af: *016f:bff6b9af 58 pop eax 016f:bff6b9b0 5d pop ebp 016f:bff6b9b1 c20400 retd 0004 016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6b9ba 55 push ebp 016f:bff6b9bb 8bec mov ebp,esp 016f:bff6b9bd 6aff push -01 016f:bff6b9bf 683092f6bf push bff69230 016f:bff6b9c4 68201bfbbf push bffb1b20 016f:bff6b9c9 50 push eax 016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8ea34 00000000 ... 00a8ea44 00a80000 00a8ea48 00000001 ... 00a8ea50 0107dee0 -> d8 de 07 01 d8 de 07 01 3c 00 3c 00 20 00 52 00 ........<.<. .R. 00a8ea54 00000000 00a8ea58 ffffffff ... 00a8ea60 00000000 ... 00a8ea70 00000127 00a8ea74 00000128 00a8ea78 7fbd45c7 = SHELL32.DLL:.text+0x35c7 -------------------- 016f:7fbd45ad 7435 jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 016f:7fbd45af 85f6 test esi,esi 016f:7fbd45b1 741f jz 7fbd45d2 = SHELL32.DLL:.text+0x35d2 016f:7fbd45b3 6804010000 push 00000104 016f:7fbd45b8 56 push esi 016f:7fbd45b9 53 push ebx 016f:7fbd45ba ff15f416bd7f call dword ptr [7fbd16f4] -> KERNEL32.DLL!lstrcpyn 016f:7fbd45c0 56 push esi 016f:7fbd45c1 57 push edi 016f:7fbd45c2 e8d1d9ffff call 7fbd1f98 = SHELL32.DLL:.text+0xf98 SHELL32.DLL:.text+0x35c7: *016f:7fbd45c7 33f6 xor esi,esi 016f:7fbd45c9 8bc6 mov eax,esi 016f:7fbd45cb 5f pop edi 016f:7fbd45cc 5e pop esi 016f:7fbd45cd 5b pop ebx 016f:7fbd45ce 5d pop ebp 016f:7fbd45cf c21400 retd 0014 016f:7fbd45d2 83feff cmp esi,-01 016f:7fbd45d5 740d jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 016f:7fbd45d7 f64515c0 test byte ptr [ebp+15],c0 016f:7fbd45db 7507 jnz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 -------------------- 00a8ea7c 7fbd3f54 = SHELL32.DLL:.text+0x2f54 -> 05 00 00 00 8c 23 00 00 c4 43 bd 7f 01 00 00 80 .....#...C...... 00a8ea80 00000127 00a8ea84 00000128 00a8ea88 85dc1207 00a8ea8c 00000000 00a8ea90 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 00a8ea98 1c71d550 = VCL641MI.DLL:.data+0x5550 -> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ 00a8ea9c 00000000 ... 00a8eaa8 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ... 00a8eab0 1c71d928 = VCL641MI.DLL:.data+0x5928 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8eab4 00000000 ... 00a8eabc 00000540 00a8eac0 00000000 ... 00a8eacc 00860146 -> 00 00 1f 00 00 00 00 00 00 00 54 01 86 00 bc dc ..........T..... 00a8ead0 00000230 00a8ead4 00000000 ... 00a8eae0 38413839 00a8eae4 00000080 00a8eae8 3040001e 00a8eaec 00000000 00a8eaf0 00007d33 00a8eaf4 00a8eb1c -> 01 80 ff ff 01 80 ff ff 00 00 00 00 00 00 00 00 ................ 00a8eaf8 70c0b800 = SHLWAPI.DLL:.text+0x3a800 -> 8d 85 d4 fe ff ff 50 68 02 00 00 80 ff 15 10 10 ......Ph........ 00a8eafc 00a8eb0c -> b0 e1 a8 00 90 4a 41 00 00 00 00 00 00 00 00 00 .....JA......... 00a8eb00 00000000 ... 00a8eb0c 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8eb10 00414a90 = SET641MI.DLL!2066 -> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... 00a8eb14 00000000 ... 00a8eb1c ffff8001 ... 00a8eb24 00000000 ... 00a8eb34 00000001 00a8eb38 00000000 ... 00a8eb44 312d0000 00a8eb48 2d304431 00a8eb4c 00000000 00a8eb50 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8eb54 00000000 ... 00a8eb64 00dde990 -> 08 69 07 01 b0 c0 dd 00 00 00 00 00 40 e7 dd 00 .i..........@... 00a8eb68 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8eb6c 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8eb70 00000000 ... 00a8eb88 00a8ecd4 -> 00 00 00 00 75 01 00 00 28 01 00 00 00 00 00 00 ....u...(....... 00a8eb8c 54464f53 00a8eb90 45524157 00a8eb94 63694d5c 00a8eb98 00000175 00a8eb9c 00000128 00a8eba0 00000047 00a8eba4 00000017 00a8eba8 00000060 ... 00a8ebb0 00000000 00a8ebb4 0000000b 00a8ebb8 00000000 ... 00a8ebc4 7974696c 00a8ebc8 6a624f5c 00a8ebcc 73746365 00a8ebd0 35347b5c 00a8ebd4 46384430 00a8ebd8 412d4142 00a8ebdc 4d5c3a46 00a8ebe0 61696465 00a8ebe4 41383900 00a8ebe8 38302d38 00a8ebec 36333030 00a8ebf0 31314231 00a8ebf4 00000001 00a8ebf8 1c71d918 = VCL641MI.DLL:.data+0x5918 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ebfc 00000000 00a8ec00 00ffffff -> 00 70 01 00 80 00 00 00 00 00 24 49 00 b8 f8 fc .p........$I.... 00a8ec04 0107df40 -> 01 00 07 01 40 e7 dd 00 f8 e3 85 1c 00 00 00 00 ....@........... 00a8ec08 00000000 00a8ec0c ffffffff ... 00a8ec14 00000000 ... 00a8ec1c 1c71da38 = VCL641MI.DLL:.data+0x5a38 -> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ec20 00dde860 -> 0a 00 dd 00 78 e2 dd 00 f0 e2 dd 00 d8 2e dd 00 ....x........... 00a8ec24 1c71d70c = VCL641MI.DLL:.data+0x570c -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ec28 00000000 ... 00a8ec30 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ec34 bff6a51d = KERNEL32.DLL:.text+0x151d -------------------- 016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 KERNEL32.DLL:.text+0x151d: *016f:bff6a51d 85c0 test eax,eax 016f:bff6a51f 747d jz bff6a59e = KERNEL32.DLL:.text+0x159e 016f:bff6a521 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a524 8b4e04 mov ecx,dword ptr [esi+04] 016f:bff6a527 8bdf mov ebx,edi 016f:bff6a529 894108 mov dword ptr [ecx+08],eax 016f:bff6a52c 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a52f 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a532 895004 mov dword ptr [eax+04],edx 016f:bff6a535 80243efd and byte ptr [esi+edi],fd 016f:bff6a539 837df000 cmp dword ptr [ebp-10],+00 -------------------- 00a8ec38 000033c8 00a8ec3c 010bffc0 -> 40 00 00 80 40 00 00 80 bc 5a 85 1c 01 00 00 00 @...@....Z...... 00a8ec40 00000000 00a8ec44 0107fc78 -> c8 ff 0b 01 00 00 00 00 00 00 00 00 00 00 54 00 ..............T. 00a8ec48 010b7190 -> 61 00 74 00 61 00 00 00 58 00 00 00 48 00 00 00 a.t.a...X...H... 00a8ec4c 00000000 ... 00a8ec54 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8ec5c 00000000 ... 00a8ec64 00a8e1b0 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8ec6c 00000000 ... 00a8ec90 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8ec94 00a8ecb8 -> 20 e6 07 01 00 00 00 00 ff ff ff ff ff ff ff ff ............... 00a8ec98 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8ec9c bff6b487 = KERNEL32.DLL:.text+0x2487 -------------------- 016f:bff6b46a 8b00 mov eax,dword ptr [eax] 016f:bff6b46c 894304 mov dword ptr [ebx+04],eax 016f:bff6b46f 6800020000 push 00000200 016f:bff6b474 51 push ecx 016f:bff6b475 ff75fc push dword ptr [ebp-04] 016f:bff6b478 56 push esi 016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 016f:bff6b47e ff750c push dword ptr [ebp+0c] 016f:bff6b481 56 push esi 016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x2487: *016f:bff6b487 b801000000 mov eax,00000001 016f:bff6b48c 5f pop edi 016f:bff6b48d 5e pop esi 016f:bff6b48e 5b pop ebx 016f:bff6b48f 8be5 mov esp,ebp 016f:bff6b491 5d pop ebp 016f:bff6b492 c20c00 retd 000c 016f:bff6b495 55 push ebp 016f:bff6b496 8bec mov ebp,esp 016f:bff6b498 83ec04 sub esp,+04 016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] -------------------- 00a8eca0 00000000 ... 00a8ecac 00860000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ecb0 00000001 ... 00a8ecb8 0107e620 -> 01 00 00 00 07 00 00 00 41 00 63 00 65 00 70 00 ........A.c.e.p. 00a8ecbc 00000000 00a8ecc0 ffffffff ... 00a8ecc8 00000000 ... 00a8ecd8 00000175 00a8ecdc 00000128 00a8ece0 00000000 00a8ece4 00a8ed24 -> 00 78 6c c1 4c ed a8 00 6e a2 f6 bf c8 a6 f6 bf .xl.L...n....... 00a8ece8 00000014 00a8ecec 8198bbd0 -> 24 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 56 31 2e $...F:\TEMP\SV1. 00a8ecf0 00000024 00a8ecf4 bff6a501 = KERNEL32.DLL:.text+0x1501 -------------------- 016f:bff6a4e6 2bfb sub edi,ebx 016f:bff6a4e8 57 push edi 016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax 016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a4f2 895004 mov dword ptr [eax+04],edx 016f:bff6a4f5 8d041e lea eax,[esi+ebx] 016f:bff6a4f8 50 push eax 016f:bff6a4f9 ff7508 push dword ptr [ebp+08] 016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 KERNEL32.DLL:.text+0x1501: *016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 016f:bff6a51d 85c0 test eax,eax -------------------- 00a8ecf8 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ecfc 8198bbf4 -> 14 00 00 a0 c8 06 00 00 00 00 00 00 00 00 00 00 ................ 00a8ed00 00000014 00a8ed04 00000000 00a8ed08 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8ed0c 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ed10 8198bbd0 -> 24 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 56 31 2e $...F:\TEMP\SV1. 00a8ed14 00000000 ... 00a8ed1c 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ed20 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8ed24 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8ed28 00a8ed4c -> 1d 00 00 00 00 78 6c c1 b8 ee a8 00 63 4d f7 bf .....xl.....cM.. 00a8ed2c bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8ed30 bff6a6c8 = KERNEL32.DLL:.text+0x16c8 -------------------- 016f:bff6a6ab 56 push esi 016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax 016f:bff6a6b4 85c0 test eax,eax 016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6b8 ff7510 push dword ptr [ebp+10] 016f:bff6a6bb 56 push esi 016f:bff6a6bc 0d000000a0 or eax,a0000000 016f:bff6a6c1 8903 mov dword ptr [ebx],eax 016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x16c8: *016f:bff6a6c8 8d4304 lea eax,[ebx+04] 016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 016f:bff6a6cd 6a08 push +08 016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6d6 6a08 push +08 016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6df 6a10 push +10 016f:bff6a6e1 ff75fc push dword ptr [ebp-04] 016f:bff6a6e4 680a000100 push 0001000a -------------------- 00a8ed34 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ed38 00000000 00a8ed3c 8198bb70 -> 02 00 00 00 18 d0 98 81 ff ff ff ff b0 bb 98 81 ................ 00a8ed40 0000001d ... 00a8ed48 8198bbd4 -> 46 3a 5c 54 45 4d 50 5c 53 56 31 2e 54 4d 50 5c F:\TEMP\SV1.TMP\ 00a8ed4c 0000001d 00a8ed50 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8ed54 00a8eeb8 -> 00 00 00 00 00 00 00 00 00 00 40 fe 08 40 00 58 ..........@..@.X 00a8ed58 bff74d63 = KERNEL32.DLL:.text+0xbd63 -------------------- 016f:bff74d49 8d7001 lea esi,[eax+01] 016f:bff74d4c 56 push esi 016f:bff74d4d e829b9ffff call bff7067b = KERNEL32.DLL:.text+0x767b 016f:bff74d52 8bf8 mov edi,eax 016f:bff74d54 85ff test edi,edi 016f:bff74d56 740b jz bff74d63 = KERNEL32.DLL:.text+0xbd63 016f:bff74d58 56 push esi 016f:bff74d59 ff742410 push dword ptr [esp+10] 016f:bff74d5d 57 push edi 016f:bff74d5e e86ac3feff call bff610cd = KERNEL32.DLL:_FREQASM+0xcd KERNEL32.DLL:.text+0xbd63: *016f:bff74d63 8bc7 mov eax,edi 016f:bff74d65 5f pop edi 016f:bff74d66 5e pop esi 016f:bff74d67 c3 retd 016f:bff74d68 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff74d6d ff30 push dword ptr [eax] 016f:bff74d6f e893c2ffff call bff71007 = KERNEL32.DLL:.text+0x8007 016f:bff74d74 c3 retd 016f:bff74d75 55 push ebp 016f:bff74d76 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff74d7b 8bec mov ebp,esp -------------------- 00a8ed5c 8198bbd4 -> 46 3a 5c 54 45 4d 50 5c 53 56 31 2e 54 4d 50 5c F:\TEMP\SV1.TMP\ 00a8ed60 00a8ed84 -> 46 3a 5c 54 45 4d 50 5c 53 56 31 2e 54 4d 50 5c F:\TEMP\SV1.TMP\ 00a8ed64 8198bb70 -> 02 00 00 00 18 d0 98 81 ff ff ff ff b0 bb 98 81 ................ 00a8ed68 00a8eeb0 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ed6c 00a8eeb8 -> 00 00 00 00 00 00 00 00 00 00 40 fe 08 40 00 58 ..........@..@.X 00a8ed70 bff779de = KERNEL32.DLL:.text+0xe9de -------------------- 016f:bff779bf 50 push eax 016f:bff779c0 e8ab97feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 016f:bff779c5 66894734 mov word ptr [edi+34],ax 016f:bff779c9 8d45f8 lea eax,[ebp-08] 016f:bff779cc 50 push eax 016f:bff779cd ff7730 push dword ptr [edi+30] 016f:bff779d0 e8df62ffff call bff6dcb4 = KERNEL32.DLL:.text+0x4cb4 016f:bff779d5 50 push eax 016f:bff779d6 894736 mov dword ptr [edi+36],eax 016f:bff779d9 e89297feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 KERNEL32.DLL:.text+0xe9de: *016f:bff779de 6689473a mov word ptr [edi+3a],ax 016f:bff779e2 8b4d0c mov ecx,dword ptr [ebp+0c] 016f:bff779e5 895f08 mov dword ptr [edi+08],ebx 016f:bff779e8 85f6 test esi,esi 016f:bff779ea 895f18 mov dword ptr [edi+18],ebx 016f:bff779ed 0fb75106 movzx edx,word ptr [ecx+06] 016f:bff779f1 89571c mov dword ptr [edi+1c],edx 016f:bff779f4 8b4134 mov eax,dword ptr [ecx+34] 016f:bff779f7 894724 mov dword ptr [edi+24],eax 016f:bff779fa 7513 jnz bff77a0f = KERNEL32.DLL:.text+0xea0f 016f:bff779fc 56 push esi -------------------- 00a8ed74 8198bbe4 -> 4a 56 4d 36 34 31 4d 49 2e 44 4c 4c 00 70 90 81 JVM641MI.DLL.p.. 00a8ed78 ffffffff 00a8ed7c 8198d018 -> 50 45 00 00 4c 01 05 00 6d 6d 2d 3d 00 00 00 00 PE..L...mm-=.... 00a8ed80 000001c0 00a8ed84 545c3a46 00a8ed88 5c504d45 00a8ed8c 2e315653 00a8ed90 5c504d54 00a8ed94 364d564a 00a8ed98 494d3134 00a8ed9c 4c4c442e 00a8eda0 00000000 ... 00a8eda8 00010000 00a8edac 00650000 = SAL3.DLL:.rdata+0x16a000 -> 04 0d 19 00 ee 0c 19 00 dc 0c 19 00 d0 0c 19 00 ................ 00a8edb0 00655d9c = SAL3.DLL:.data+0xd9c -> 43 00 4f 00 4d 00 32 00 00 00 00 00 43 00 4f 00 C.O.M.2.....C.O. 00a8edb4 00000000 00a8edb8 1c7067c4 = VCL641MI.DLL!2091 -> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. 00a8edbc 00000000 ... 00a8edcc 00dde990 -> 08 69 07 01 b0 c0 dd 00 00 00 00 00 40 e7 dd 00 .i..........@... 00a8edd0 00dd5478 -> 90 e9 dd 00 01 00 00 00 38 00 00 80 10 00 00 00 ........8....... 00a8edd4 00ddaee0 -> e8 b8 dd 00 e8 b8 dd 00 e8 b8 dd 00 13 00 e0 3f ...............? 00a8edd8 00000000 ... 00a8edf4 7800281d = MSVCRT.DLL:.text+0x181d -------------------- 016f:780027f7 57 push edi 016f:780027f8 ff154c300378 call dword ptr [7803304c] -> KERNEL32.DLL!GetLastError 016f:780027fe ff3530b00378 push dword ptr [7803b030] 016f:78002804 8bf8 mov edi,eax 016f:78002806 ff1574300378 call dword ptr [78033074] -> KERNEL32.DLL!TlsGetValue 016f:7800280c 8bf0 mov esi,eax 016f:7800280e 85f6 test esi,esi 016f:78002810 0f843b7c0000 jz 7800a451 = MSVCRT.DLL:.text+0x9451 016f:78002816 57 push edi 016f:78002817 ff1570300378 call dword ptr [78033070] -> KERNEL32.DLL!SetLastError MSVCRT.DLL:.text+0x181d: *016f:7800281d 8bc6 mov eax,esi 016f:7800281f 5f pop edi 016f:78002820 5e pop esi 016f:78002821 c3 retd 016f:78002822 55 push ebp 016f:78002823 8bec mov ebp,esp 016f:78002825 6aff push -01 016f:78002827 6878340378 push 78033478 016f:7800282c 6811db0078 push 7800db11 016f:78002831 64a100000000 mov eax,dword ptr fs:[00000000] 016f:78002837 50 push eax -------------------- 00a8edf8 00000000 00a8edfc 00000016 00a8ee00 bff66821 = KERNEL32.DLL:_FREQASM+0x5821 -------------------- 016f:bff667fe 8bec mov ebp,esp 016f:bff66800 ff750c push dword ptr [ebp+0c] 016f:bff66803 52 push edx 016f:bff66804 64ff3500000000 push dword ptr fs:[00000000] 016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff66812 ff7514 push dword ptr [ebp+14] 016f:bff66815 ff7510 push dword ptr [ebp+10] 016f:bff66818 ff750c push dword ptr [ebp+0c] 016f:bff6681b ff7508 push dword ptr [ebp+08] 016f:bff6681e ff5518 call dword ptr [ebp+18] KERNEL32.DLL:_FREQASM+0x5821: *016f:bff66821 83c410 add esp,+10 016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] 016f:bff6682b c9 leave 016f:bff6682c c3 retd 016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 016f:bff66838 b801000000 mov eax,00000001 016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] 016f:bff66843 8b542410 mov edx,dword ptr [esp+10] 016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] -------------------- 00a8ee04 00a8ef14 -> 26 00 00 c0 02 00 00 00 00 00 00 00 40 1a fb bf &...........@... 00a8ee08 00a8f024 -> 18 3a 06 10 00 00 00 00 48 f2 a8 00 11 db 00 78 .:......H......x 00a8ee0c 00a8ee48 -> 1f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ee10 00a8efb8 -> d0 c5 0c 01 00 00 0c 01 09 00 00 00 d1 b3 00 78 ...............x 00a8ee14 00a8f024 -> 18 3a 06 10 00 00 00 00 48 f2 a8 00 11 db 00 78 .:......H......x 00a8ee18 bff66852 = KERNEL32.DLL:_FREQASM+0x5852 -------------------- 016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 016f:bff66838 b801000000 mov eax,00000001 016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] 016f:bff66843 8b542410 mov edx,dword ptr [esp+10] 016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] 016f:bff6684a 8902 mov dword ptr [edx],eax 016f:bff6684c b802000000 mov eax,00000002 016f:bff66851 c3 retd KERNEL32.DLL:_FREQASM+0x5852: *016f:bff66852 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bff66856 f7410406000000 test dword ptr [ecx+04],00000006 016f:bff6685d b801000000 mov eax,00000001 016f:bff66862 7412 jz bff66876 = KERNEL32.DLL:_FREQASM+0x5876 016f:bff66864 8b4c2408 mov ecx,dword ptr [esp+08] 016f:bff66868 8b542410 mov edx,dword ptr [esp+10] 016f:bff6686c 8b4108 mov eax,dword ptr [ecx+08] 016f:bff6686f 8902 mov dword ptr [edx],eax 016f:bff66871 b803000000 mov eax,00000003 016f:bff66876 c3 retd 016f:bff66877 c3 retd -------------------- 00a8ee1c bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8ee20 0000016f 00a8ee24 bff666ed = KERNEL32.DLL:_FREQASM+0x56ed -------------------- 016f:bff666d5 83c40c add esp,+0c 016f:bff666d8 c9 leave 016f:bff666d9 c3 retd 016f:bff666da 55 push ebp 016f:bff666db 8bec mov ebp,esp 016f:bff666dd 8b5d08 mov ebx,dword ptr [ebp+08] 016f:bff666e0 53 push ebx 016f:bff666e1 6a00 push +00 016f:bff666e3 6815002a00 push 002a0015 016f:bff666e8 e8e7acffff call bff613d4 = KERNEL32.DLL!1 KERNEL32.DLL:_FREQASM+0x56ed: *016f:bff666ed 55 push ebp 016f:bff666ee 8bec mov ebp,esp 016f:bff666f0 9c pushfd 016f:bff666f1 81eccc000000 sub esp,000000cc 016f:bff666f7 ff75fc push dword ptr [ebp-04] 016f:bff666fa 9d popfd 016f:bff666fb 57 push edi 016f:bff666fc 8dbd30ffffff lea edi,[ebp-000000d0] 016f:bff66702 6a04 push +04 016f:bff66704 55 push ebp 016f:bff66705 57 push edi -------------------- 00a8ee28 00000000 00a8ee2c 00a8ee48 -> 1f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ee30 00a8efc0 -> 09 00 00 00 d1 b3 00 78 00 00 00 00 0c 00 ba 00 .......x........ 00a8ee34 bff788ec = KERNEL32.DLL:.text+0xf8ec -------------------- 016f:bff788c6 50 push eax 016f:bff788c7 e8c263ffff call bff6ec8e = KERNEL32.DLL:.text+0x5c8e 016f:bff788cc 85c0 test eax,eax 016f:bff788ce 0f849b000000 jz bff7896f = KERNEL32.DLL:.text+0xf96f 016f:bff788d4 c745fc01000000 mov dword ptr [ebp-04],00000001 016f:bff788db 395d08 cmp dword ptr [ebp+08],ebx 016f:bff788de 750c jnz bff788ec = KERNEL32.DLL:.text+0xf8ec 016f:bff788e0 8d8588feffff lea eax,[ebp-00000178] 016f:bff788e6 50 push eax 016f:bff788e7 e8eeddfeff call bff666da = KERNEL32.DLL:_FREQASM+0x56da KERNEL32.DLL:.text+0xf8ec: *016f:bff788ec 837df400 cmp dword ptr [ebp-0c],+00 016f:bff788f0 7411 jz bff78903 = KERNEL32.DLL:.text+0xf903 016f:bff788f2 8b4304 mov eax,dword ptr [ebx+04] 016f:bff788f5 3d00000080 cmp eax,80000000 016f:bff788fa 724f jc bff7894b = KERNEL32.DLL:.text+0xf94b 016f:bff788fc 3dffffffbf cmp eax,bfffffff 016f:bff78901 7748 ja bff7894b = KERNEL32.DLL:.text+0xf94b 016f:bff78903 8d4df8 lea ecx,[ebp-08] 016f:bff78906 8d9588feffff lea edx,[ebp-00000178] 016f:bff7890c ff7304 push dword ptr [ebx+04] 016f:bff7890f 51 push ecx -------------------- 00a8ee38 00a8ee48 -> 1f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ee3c bff691a8 = KERNEL32.DLL:.text+0x1a8 -> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... 00a8ee40 00000000 00a8ee44 00a8f254 -> aa 2e 83 1c 98 b0 07 01 70 9f 80 1c 98 b0 07 01 ........p....... 00a8ee48 0001001f 00a8ee4c 00000000 ... 00a8ee64 ffff027f 00a8ee68 ffff0120 00a8ee6c ffffffff 00a8ee70 0041f9ee = SET641MI.DLL:.text+0x1e9ee -------------------- 016f:0041f9dd 90 nop 016f:0041f9de 90 nop 016f:0041f9df 90 nop 016f:0041f9e0 83ec0c sub esp,+0c 016f:0041f9e3 53 push ebx 016f:0041f9e4 55 push ebp 016f:0041f9e5 56 push esi 016f:0041f9e6 57 push edi 016f:0041f9e7 8bd9 mov ebx,ecx 016f:0041f9e9 e8c2ffffff call 0041f9b0 = SET641MI.DLL!1565 SET641MI.DLL:.text+0x1e9ee: *016f:0041f9ee dc5b18 fcomp qword ptr [ebx+18] 016f:0041f9f1 dfe0 fstsw ax 016f:0041f9f3 f6c441 test ah,41 016f:0041f9f6 0f85e4000000 jnz 0041fae0 = SET641MI.DLL:.text+0x1eae0 016f:0041f9fc 8b6b08 mov ebp,dword ptr [ebx+08] 016f:0041f9ff 8b7b10 mov edi,dword ptr [ebx+10] 016f:0041fa02 896c2410 mov dword ptr [esp+10],ebp 016f:0041fa06 c744241400000000 mov dword ptr [esp+14],00000000 016f:0041fa0e df6c2410 fild qword ptr [esp+10] 016f:0041fa12 897c2418 mov dword ptr [esp+18],edi 016f:0041fa16 dc4b20 fmul qword ptr [ebx+20] -------------------- 00a8ee74 045b016f 00a8ee78 00a8f438 -> 9a 99 99 99 99 99 e9 3f 00 00 00 00 00 00 00 40 .......?.......@ 00a8ee7c ffff0177 00a8ee80 00000000 ... 00a8eec0 fe400000 00a8eec4 58004008 00a8eec8 8ab2b8c3 00a8eecc 3ff580e1 00a8eed0 0000000a 00a8eed4 00000000 00a8eed8 00003267 00a8eedc 00000177 ... 00a8eee4 819801e8 -> 07 00 01 00 40 91 6c c1 20 c3 a8 00 00 00 a9 00 ....@.l. ....... 00a8eee8 00a8ef14 -> 26 00 00 c0 02 00 00 00 00 00 00 00 40 1a fb bf &...........@... 00a8eeec 00000000 00a8eef0 bff6682d = KERNEL32.DLL:_FREQASM+0x582d -------------------- 016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff66812 ff7514 push dword ptr [ebp+14] 016f:bff66815 ff7510 push dword ptr [ebp+10] 016f:bff66818 ff750c push dword ptr [ebp+0c] 016f:bff6681b ff7508 push dword ptr [ebp+08] 016f:bff6681e ff5518 call dword ptr [ebp+18] 016f:bff66821 83c410 add esp,+10 016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] 016f:bff6682b c9 leave 016f:bff6682c c3 retd KERNEL32.DLL:_FREQASM+0x582d: *016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 016f:bff66838 b801000000 mov eax,00000001 016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] 016f:bff66843 8b542410 mov edx,dword ptr [esp+10] 016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] 016f:bff6684a 8902 mov dword ptr [edx],eax 016f:bff6684c b802000000 mov eax,00000002 016f:bff66851 c3 retd 016f:bff66852 8b4c2404 mov ecx,dword ptr [esp+04] -------------------- 00a8eef4 00000000 ... 00a8eefc 00a8efe8 -> ff ff ff ff 26 bb f6 bf 40 4e 98 81 14 b0 0c 01 ....&...@N...... 00a8ef00 bffb1a40 = KERNEL32.DLL:.text+0x48a40 -------------------- 016f:bffb1a29 8bec mov ebp,esp 016f:bffb1a2b 53 push ebx 016f:bffb1a2c 56 push esi 016f:bffb1a2d 57 push edi 016f:bffb1a2e 55 push ebp 016f:bffb1a2f 6a00 push +00 016f:bffb1a31 6a00 push +00 016f:bffb1a33 68401afbbf push bffb1a40 016f:bffb1a38 ff7508 push dword ptr [ebp+08] 016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind KERNEL32.DLL:.text+0x48a40: *016f:bffb1a40 5d pop ebp 016f:bffb1a41 5f pop edi 016f:bffb1a42 5e pop esi 016f:bffb1a43 5b pop ebx 016f:bffb1a44 8be5 mov esp,ebp 016f:bffb1a46 5d pop ebp 016f:bffb1a47 c3 retd 016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 016f:bffb1a53 b801000000 mov eax,00000001 016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 -------------------- 00a8ef04 0000016f 00a8ef08 00000202 00a8ef0c 00a8efd8 -> 90 04 bc 00 2c f0 a8 00 11 db 00 78 f0 32 03 78 ....,......x.2.x 00a8ef10 00000177 00a8ef14 c0000026 00a8ef18 00000002 00a8ef1c 00000000 00a8ef20 bffb1a40 = KERNEL32.DLL:.text+0x48a40 -------------------- 016f:bffb1a29 8bec mov ebp,esp 016f:bffb1a2b 53 push ebx 016f:bffb1a2c 56 push esi 016f:bffb1a2d 57 push edi 016f:bffb1a2e 55 push ebp 016f:bffb1a2f 6a00 push +00 016f:bffb1a31 6a00 push +00 016f:bffb1a33 68401afbbf push bffb1a40 016f:bffb1a38 ff7508 push dword ptr [ebp+08] 016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind KERNEL32.DLL:.text+0x48a40: *016f:bffb1a40 5d pop ebp 016f:bffb1a41 5f pop edi 016f:bffb1a42 5e pop esi 016f:bffb1a43 5b pop ebx 016f:bffb1a44 8be5 mov esp,ebp 016f:bffb1a46 5d pop ebp 016f:bffb1a47 c3 retd 016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] 016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 016f:bffb1a53 b801000000 mov eax,00000001 016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 -------------------- 00a8ef24 00000000 00a8ef28 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8ef2c 00a8ef6c -> 00 78 6c c1 94 ef a8 00 6e a2 f6 bf c8 a6 f6 bf .xl.....n....... 00a8ef30 00078d2c 00a8ef34 8198d200 -> d8 00 00 a0 4e 45 01 00 00 00 00 00 00 00 ab 00 ....NE.......... 00a8ef38 000000d8 00a8ef3c bff6a501 = KERNEL32.DLL:.text+0x1501 -------------------- 016f:bff6a4e6 2bfb sub edi,ebx 016f:bff6a4e8 57 push edi 016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax 016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a4f2 895004 mov dword ptr [eax+04],edx 016f:bff6a4f5 8d041e lea eax,[esi+ebx] 016f:bff6a4f8 50 push eax 016f:bff6a4f9 ff7508 push dword ptr [ebp+08] 016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 KERNEL32.DLL:.text+0x1501: *016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 016f:bff6a51d 85c0 test eax,eax -------------------- 00a8ef40 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ef44 8198d2d8 -> 48 00 00 a0 78 b4 98 81 00 00 00 00 00 00 00 00 H...x........... 00a8ef48 00078d2c 00a8ef4c 00000000 00a8ef50 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8ef54 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ef58 8198d200 -> d8 00 00 a0 4e 45 01 00 00 00 00 00 00 00 ab 00 ....NE.......... 00a8ef5c 00000040 00a8ef60 00000000 00a8ef64 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ef68 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8ef6c c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8ef70 00a8ef94 -> 74 4e 98 81 88 00 00 00 b2 16 00 78 28 b1 03 78 tN.........x(..x 00a8ef74 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8ef78 bff6a6c8 = KERNEL32.DLL:.text+0x16c8 -------------------- 016f:bff6a6ab 56 push esi 016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax 016f:bff6a6b4 85c0 test eax,eax 016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6b8 ff7510 push dword ptr [ebp+10] 016f:bff6a6bb 56 push esi 016f:bff6a6bc 0d000000a0 or eax,a0000000 016f:bff6a6c1 8903 mov dword ptr [ebx],eax 016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x16c8: *016f:bff6a6c8 8d4304 lea eax,[ebx+04] 016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 016f:bff6a6cd 6a08 push +08 016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6d6 6a08 push +08 016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee 016f:bff6a6df 6a10 push +10 016f:bff6a6e1 ff75fc push dword ptr [ebp-04] 016f:bff6a6e4 680a000100 push 0001000a -------------------- 00a8ef7c 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8ef80 00000040 00a8ef84 8198bbcd -> 00 00 00 24 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 ...$...F:\TEMP\S 00a8ef88 000000d1 00a8ef8c 8198d018 -> 50 45 00 00 4c 01 05 00 6d 6d 2d 3d 00 00 00 00 PE..L...mm-=.... 00a8ef90 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8ef94 81984e74 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ef98 00000088 00a8ef9c 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8efa0 7803b128 = MSVCRT.DLL:.data+0x128 -> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... 00a8efa4 00a8efec -> 26 bb f6 bf 40 4e 98 81 14 b0 0c 01 b2 16 00 78 &...@N.........x 00a8efa8 7801a8ab = MSVCRT.DLL:.text+0x198ab -------------------- 016f:7801a884 834dfcff or dword ptr [ebp-04],-01 016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb 016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a8a4 6a09 push +09 016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0x198ab: *016f:7801a8ab 59 pop ecx 016f:7801a8ac c3 retd 016f:7801a8ad 6a09 push +09 016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock 016f:7801a8b4 59 pop ecx 016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 016f:7801a8bc 8d45dc lea eax,[ebp-24] 016f:7801a8bf 50 push eax 016f:7801a8c0 8d45d4 lea eax,[ebp-2c] 016f:7801a8c3 50 push eax 016f:7801a8c4 ff7508 push dword ptr [ebp+08] -------------------- 00a8efac 00000009 00a8efb0 7801a88d = MSVCRT.DLL:.text+0x1988d -------------------- 016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 016f:7801a873 59 pop ecx 016f:7801a874 8945e0 mov dword ptr [ebp-20],eax 016f:7801a877 85c0 test eax,eax 016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c 016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] 016f:7801a87e 83ee09 sub esi,+09 016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi 016f:7801a884 834dfcff or dword ptr [ebp-04],-01 016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 MSVCRT.DLL:.text+0x1988d: *016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb 016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a8a4 6a09 push +09 016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock 016f:7801a8ab 59 pop ecx 016f:7801a8ac c3 retd 016f:7801a8ad 6a09 push +09 -------------------- 00a8efb4 00000000 00a8efb8 010cc5d0 = JVM641MI.DLL:.data+0x15d0 -> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. 00a8efbc 010c0000 = JVM641MI.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8efc0 00000009 00a8efc4 7800b3d1 = MSVCRT.DLL:.text+0xa3d1 -------------------- 016f:7800b3b2 6a09 push +09 016f:7800b3b4 e88b62ffff call 78001644 = MSVCRT.DLL!_lock 016f:7800b3b9 59 pop ecx 016f:7800b3ba 8365fc00 and dword ptr [ebp-04],+00 016f:7800b3be 56 push esi 016f:7800b3bf e81a080000 call 7800bbde = MSVCRT.DLL:.text+0xabde 016f:7800b3c4 59 pop ecx 016f:7800b3c5 8945e4 mov dword ptr [ebp-1c],eax 016f:7800b3c8 834dfcff or dword ptr [ebp-04],-01 016f:7800b3cc e810000000 call 7800b3e1 = MSVCRT.DLL:.text+0xa3e1 MSVCRT.DLL:.text+0xa3d1: *016f:7800b3d1 8b45e4 mov eax,dword ptr [ebp-1c] 016f:7800b3d4 85c0 test eax,eax 016f:7800b3d6 0f842b60ffff jz 78001407 = MSVCRT.DLL:.text+0x407 016f:7800b3dc e94560ffff jmp 78001426 = MSVCRT.DLL:.text+0x426 016f:7800b3e1 6a09 push +09 016f:7800b3e3 e8b762ffff call 7800169f = MSVCRT.DLL!_unlock 016f:7800b3e8 59 pop ecx 016f:7800b3e9 c3 retd 016f:7800b3ea 8b4508 mov eax,dword ptr [ebp+08] 016f:7800b3ed 85c0 test eax,eax 016f:7800b3ef 7449 jz 7800b43a = MSVCRT.DLL:.text+0xa43a -------------------- 00a8efc8 00000000 00a8efcc 00ba000c -> 00 00 02 f8 01 90 00 00 ff ff ff 1f 00 00 bb 00 ................ 00a8efd0 00000088 00a8efd4 fffffffe 00a8efd8 00bc0490 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8efdc 00a8f02c -> 48 f2 a8 00 11 db 00 78 e0 32 03 78 ff ff ff ff H......x.2.x.... 00a8efe0 7800db11 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00a8efe4 780332f0 = MSVCRT.DLL:.rdata+0x2f0 -> ff ff ff ff 00 00 00 00 a1 a8 01 78 ff ff ff ff ...........x.... 00a8efe8 ffffffff 00a8efec bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8eff0 81984e40 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8eff4 010cb014 = JVM641MI.DLL:.data+0x14 -> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8eff8 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8effc 7803b140 = MSVCRT.DLL:.data+0x140 -> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... 00a8f000 00a8f03c -> 90 f0 a8 00 fe 92 0c 01 00 14 0c 01 d0 c5 0c 01 ................ 00a8f004 780021e3 = MSVCRT.DLL:.text+0x11e3 -------------------- 016f:780021cb 8bc6 mov eax,esi 016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] 016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:780021d7 5f pop edi 016f:780021d8 5e pop esi 016f:780021d9 5b pop ebx 016f:780021da c9 leave 016f:780021db c3 retd 016f:780021dc 6a0d push +0d 016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0x11e3: *016f:780021e3 59 pop ecx 016f:780021e4 c3 retd 016f:780021e5 55 push ebp 016f:780021e6 8bec mov ebp,esp 016f:780021e8 6aff push -01 016f:780021ea 6808330378 push 78033308 016f:780021ef 6811db0078 push 7800db11 016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] 016f:780021fa 50 push eax 016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp 016f:78002202 83ec14 sub esp,+14 -------------------- 00a8f008 0000000d 00a8f00c 78002118 = MSVCRT.DLL:.text+0x1118 -------------------- 016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 016f:78002101 8b45e4 mov eax,dword ptr [ebp-1c] 016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] 016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:7800210e 5f pop edi 016f:7800210f 5e pop esi 016f:78002110 5b pop ebx 016f:78002111 c9 leave 016f:78002112 c3 retd 016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc MSVCRT.DLL:.text+0x1118: *016f:78002118 c3 retd 016f:78002119 6a0d push +0d 016f:7800211b e824f5ffff call 78001644 = MSVCRT.DLL!_lock 016f:78002120 59 pop ecx 016f:78002121 c3 retd 016f:78002122 53 push ebx 016f:78002123 56 push esi 016f:78002124 8b742410 mov esi,dword ptr [esp+10] 016f:78002128 57 push edi 016f:78002129 ff36 push dword ptr [esi] 016f:7800212b e84e000000 call 7800217e = MSVCRT.DLL!_msize -------------------- 00a8f010 78002101 = MSVCRT.DLL:.text+0x1101 -------------------- 016f:780020db e839000000 call 78002119 = MSVCRT.DLL:.text+0x1119 016f:780020e0 8365fc00 and dword ptr [ebp-04],+00 016f:780020e4 ff7510 push dword ptr [ebp+10] 016f:780020e7 ff750c push dword ptr [ebp+0c] 016f:780020ea ff7508 push dword ptr [ebp+08] 016f:780020ed e830000000 call 78002122 = MSVCRT.DLL:.text+0x1122 016f:780020f2 83c40c add esp,+0c 016f:780020f5 8945e4 mov dword ptr [ebp-1c],eax 016f:780020f8 834dfcff or dword ptr [ebp-04],-01 016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 MSVCRT.DLL:.text+0x1101: *016f:78002101 8b45e4 mov eax,dword ptr [ebp-1c] 016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] 016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:7800210e 5f pop edi 016f:7800210f 5e pop esi 016f:78002110 5b pop ebx 016f:78002111 c9 leave 016f:78002112 c3 retd 016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc 016f:78002118 c3 retd 016f:78002119 6a0d push +0d -------------------- 00a8f014 00000000 00a8f018 010cb014 = JVM641MI.DLL:.data+0x14 -> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f01c 010c0000 = JVM641MI.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8f020 010c1400 = JVM641MI.DLL:.text+0x400 -> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ 00a8f024 10063a18 = STLPORT_VC6.DLL:.text+0x62a18 -> b8 b0 ff 06 10 e9 e2 fa ff ff cc cc cc cc cc cc ................ 00a8f028 00000000 00a8f02c 00a8f248 -> ac 1e 4c 00 30 55 65 00 58 b1 07 01 aa 2e 83 1c ..L.0Ue.X....... 00a8f030 7800db11 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00a8f034 780332e0 = MSVCRT.DLL:.rdata+0x2e0 -> ff ff ff ff 00 00 00 00 13 21 00 78 00 00 00 00 .........!.x.... 00a8f038 ffffffff 00a8f03c 00a8f090 -> cf 41 f6 bf 08 00 00 00 63 69 f6 bf c0 b4 fb bf .A......ci...... 00a8f040 010c92fe = JVM641MI.DLL:.text+0x82fe -------------------- 016f:010c92d6 833dd0c50c01ff cmp dword ptr [010cc5d0],-01 016f:010c92dd 750c jnz 010c92eb = JVM641MI.DLL:.text+0x82eb 016f:010c92df ff742404 push dword ptr [esp+04] 016f:010c92e3 ff153ca00c01 call dword ptr [010ca03c] -> MSVCRT.DLL!_onexit 016f:010c92e9 59 pop ecx 016f:010c92ea c3 retd 016f:010c92eb 68ccc50c01 push 010cc5cc 016f:010c92f0 68d0c50c01 push 010cc5d0 016f:010c92f5 ff74240c push dword ptr [esp+0c] 016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit JVM641MI.DLL:.text+0x82fe: *016f:010c92fe 83c40c add esp,+0c 016f:010c9301 c3 retd 016f:010c9302 ff742404 push dword ptr [esp+04] 016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 016f:010c930b f7d8 neg eax 016f:010c930d 1bc0 sbb eax,eax 016f:010c930f 59 pop ecx 016f:010c9310 f7d8 neg eax 016f:010c9312 48 dec eax 016f:010c9313 c3 retd 016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf -------------------- 00a8f044 010c1400 = JVM641MI.DLL:.text+0x400 -> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ 00a8f048 010cc5d0 = JVM641MI.DLL:.data+0x15d0 -> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. 00a8f04c 010cc5cc = JVM641MI.DLL:.data+0x15cc -> 64 40 bc 00 50 40 bc 00 00 00 00 00 00 00 00 00 d@..P@.......... 00a8f050 010c930b = JVM641MI.DLL:.text+0x830b -------------------- 016f:010c92e9 59 pop ecx 016f:010c92ea c3 retd 016f:010c92eb 68ccc50c01 push 010cc5cc 016f:010c92f0 68d0c50c01 push 010cc5d0 016f:010c92f5 ff74240c push dword ptr [esp+0c] 016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit 016f:010c92fe 83c40c add esp,+0c 016f:010c9301 c3 retd 016f:010c9302 ff742404 push dword ptr [esp+04] 016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 JVM641MI.DLL:.text+0x830b: *016f:010c930b f7d8 neg eax 016f:010c930d 1bc0 sbb eax,eax 016f:010c930f 59 pop ecx 016f:010c9310 f7d8 neg eax 016f:010c9312 48 dec eax 016f:010c9313 c3 retd 016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf 016f:010c931a cc int 3 016f:010c931b cc int 3 016f:010c931c cc int 3 016f:010c931d cc int 3 -------------------- 00a8f054 010c1400 = JVM641MI.DLL:.text+0x400 -> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ 00a8f058 010c13fa = JVM641MI.DLL:.text+0x3fa -------------------- 016f:010c13e0 b968c50c01 mov ecx,010cc568 016f:010c13e5 e91e7c0000 jmp 010c9008 = TL641MI.DLL!241 016f:010c13ea 90 nop 016f:010c13eb 90 nop 016f:010c13ec 90 nop 016f:010c13ed 90 nop 016f:010c13ee 90 nop 016f:010c13ef 90 nop 016f:010c13f0 6800140c01 push 010c1400 016f:010c13f5 e8087f0000 call 010c9302 = JVM641MI.DLL:.text+0x8302 JVM641MI.DLL:.text+0x3fa: *016f:010c13fa 59 pop ecx 016f:010c13fb c3 retd 016f:010c13fc 90 nop 016f:010c13fd 90 nop 016f:010c13fe 90 nop 016f:010c13ff 90 nop 016f:010c1400 b968c50c01 mov ecx,010cc568 016f:010c1405 e9047c0000 jmp 010c900e = TL641MI.DLL!242 016f:010c140a 90 nop 016f:010c140b 90 nop 016f:010c140c 90 nop -------------------- 00a8f05c 00000000 00a8f060 00000001 00a8f064 bff860b9 = KERNEL32.DLL:.text+0x1d0b9 -------------------- 016f:bff86092 fd std 016f:bff86093 ff8bc65f5ec2 dec dword ptr [ebx+c25e5fc6] 016f:bff86099 0400 add al,00 016f:bff8609b ff742404 push dword ptr [esp+04] 016f:bff8609f e8b584ffff call bff7e559 = KERNEL32.DLL!FreeLibrary 016f:bff860a4 ff742408 push dword ptr [esp+08] 016f:bff860a8 e8d542ffff call bff7a382 = KERNEL32.DLL!ExitThread 016f:bff860ad c20800 retd 0008 016f:bff860b0 ff742404 push dword ptr [esp+04] 016f:bff860b4 e87769feff call bff6ca30 = KERNEL32.DLL:.text+0x3a30 KERNEL32.DLL:.text+0x1d0b9: *016f:bff860b9 85c0 test eax,eax 016f:bff860bb 7417 jz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 016f:bff860bd 668b4814 mov cx,word ptr [eax+14] 016f:bff860c1 f6c120 test cl,20 016f:bff860c4 750e jnz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 016f:bff860c6 80c940 or cl,40 016f:bff860c9 66894814 mov word ptr [eax+14],cx 016f:bff860cd b801000000 mov eax,00000001 016f:bff860d2 eb09 jmp bff860dd = KERNEL32.DLL:.text+0x1d0dd 016f:bff860d4 6a1f push +1f 016f:bff860d6 e8266afeff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 -------------------- 00a8f068 010c0000 = JVM641MI.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8f06c 010c9382 = JVM641MI.DLL:.text+0x8382 -------------------- 016f:010c9350 ff2554a00c01 jmp dword ptr [010ca054] -> MSVCRT.DLL!_stat 016f:010c9356 ff2550a00c01 jmp dword ptr [010ca050] -> MSVCRT.DLL!free 016f:010c935c ff254ca00c01 jmp dword ptr [010ca04c] -> MSVCRT.DLL!_initterm 016f:010c9362 ff2548a00c01 jmp dword ptr [010ca048] -> MSVCRT.DLL!malloc 016f:010c9368 837c240801 cmp dword ptr [esp+08],+01 016f:010c936d 7513 jnz 010c9382 = JVM641MI.DLL:.text+0x8382 016f:010c936f 833dd4c50c0100 cmp dword ptr [010cc5d4],+00 016f:010c9376 750a jnz 010c9382 = JVM641MI.DLL:.text+0x8382 016f:010c9378 ff742404 push dword ptr [esp+04] 016f:010c937c ff1514a00c01 call dword ptr [010ca014] -> KERNEL32.DLL!DisableThreadLibraryCalls JVM641MI.DLL:.text+0x8382: *016f:010c9382 6a01 push +01 016f:010c9384 58 pop eax 016f:010c9385 c20c00 retd 000c 016f:010c9388 ff2540a00c01 jmp dword ptr [010ca040] -> MSVCRT.DLL!__dllonexit 016f:010c938e ff2534a00c01 jmp dword ptr [010ca034] -> KERNEL32.DLL!ReadFile 016f:010c9394 ff2530a00c01 jmp dword ptr [010ca030] -> KERNEL32.DLL!CreateProcessA 016f:010c939a ff252ca00c01 jmp dword ptr [010ca02c] -> KERNEL32.DLL!CloseHandle 016f:010c93a0 ff2528a00c01 jmp dword ptr [010ca028] -> KERNEL32.DLL!DuplicateHandle 016f:010c93a6 ff2524a00c01 jmp dword ptr [010ca024] -> KERNEL32.DLL!GetCurrentProcess 016f:010c93ac ff2520a00c01 jmp dword ptr [010ca020] -> KERNEL32.DLL!SetStdHandle 016f:010c93b2 ff251ca00c01 jmp dword ptr [010ca01c] -> KERNEL32.DLL!CreatePipe -------------------- 00a8f070 00000001 00a8f074 010c9289 = JVM641MI.DLL:.text+0x8289 -------------------- 016f:010c9273 53 push ebx 016f:010c9274 e815ffffff call 010c918e = JVM641MI.DLL:.text+0x818e 016f:010c9279 85c0 test eax,eax 016f:010c927b 7504 jnz 010c9281 = JVM641MI.DLL:.text+0x8281 016f:010c927d 33c0 xor eax,eax 016f:010c927f eb4e jmp 010c92cf = JVM641MI.DLL:.text+0x82cf 016f:010c9281 57 push edi 016f:010c9282 56 push esi 016f:010c9283 53 push ebx 016f:010c9284 e8df000000 call 010c9368 = JVM641MI.DLL:.text+0x8368 JVM641MI.DLL:.text+0x8289: *016f:010c9289 83fe01 cmp esi,+01 016f:010c928c 89450c mov dword ptr [ebp+0c],eax 016f:010c928f 750c jnz 010c929d = JVM641MI.DLL:.text+0x829d 016f:010c9291 85c0 test eax,eax 016f:010c9293 7537 jnz 010c92cc = JVM641MI.DLL:.text+0x82cc 016f:010c9295 57 push edi 016f:010c9296 50 push eax 016f:010c9297 53 push ebx 016f:010c9298 e8f1feffff call 010c918e = JVM641MI.DLL:.text+0x818e 016f:010c929d 85f6 test esi,esi 016f:010c929f 7405 jz 010c92a6 = JVM641MI.DLL:.text+0x82a6 -------------------- 00a8f078 010c0000 = JVM641MI.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8f07c 00000001 00a8f080 00000000 ... 00a8f088 010c0000 = JVM641MI.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8f08c 81980234 -> 08 00 00 00 00 00 00 00 c0 05 66 c1 9f 32 00 00 ..........f..2.. 00a8f090 bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8f094 00000008 00a8f098 bff66963 = KERNEL32.DLL:_FREQASM+0x5963 -------------------- 016f:bff66941 7512 jnz bff66955 = KERNEL32.DLL:_FREQASM+0x5955 016f:bff66943 a801 test al,01 016f:bff66945 7520 jnz bff66967 = KERNEL32.DLL:_FREQASM+0x5967 016f:bff66947 8b15ccc0fbbf mov edx,dword ptr [bffbc0cc] 016f:bff6694d 8911 mov dword ptr [ecx],edx 016f:bff6694f 890dccc0fbbf mov dword ptr [bffbc0cc],ecx 016f:bff66955 a804 test al,04 016f:bff66957 75d6 jnz bff6692f = KERNEL32.DLL:_FREQASM+0x592f 016f:bff66959 68c0b4fbbf push bffbb4c0 016f:bff6695e e862d8ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:_FREQASM+0x5963: *016f:bff66963 c9 leave 016f:bff66964 c20400 retd 0004 016f:bff66967 50 push eax 016f:bff66968 51 push ecx 016f:bff66969 e87a660000 call bff6cfe8 = KERNEL32.DLL:.text+0x3fe8 016f:bff6696e 58 pop eax 016f:bff6696f ebe4 jmp bff66955 = KERNEL32.DLL:_FREQASM+0x5955 016f:bff66971 64ff3500000000 push dword ptr fs:[00000000] 016f:bff66978 55 push ebp 016f:bff66979 8d4c2404 lea ecx,[esp+04] 016f:bff6697d 16 push ss -------------------- 00a8f09c bffbb4c0 = KERNEL32.DLL:.data+0x4c0 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f0a0 00a8f258 -> 98 b0 07 01 70 9f 80 1c 98 b0 07 01 70 d1 fc 00 ....p.......p... 00a8f0a4 bff669ad = KERNEL32.DLL:_FREQASM+0x59ad -------------------- 016f:bff6698b e8e1ffffff call bff66971 = KERNEL32.DLL:_FREQASM+0x5971 016f:bff66990 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff66995 8b00 mov eax,dword ptr [eax] 016f:bff66997 8b486c mov ecx,dword ptr [eax+6c] 016f:bff6699a e304 jecxz bff669a0 = KERNEL32.DLL:_FREQASM+0x59a0 016f:bff6699c 83490420 or dword ptr [ecx+04],+20 016f:bff669a0 c3 retd 016f:bff669a1 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff669a6 ff30 push dword ptr [eax] 016f:bff669a8 e875ffffff call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 KERNEL32.DLL:_FREQASM+0x59ad: *016f:bff669ad c3 retd 016f:bff669ae cc int 3 016f:bff669af cc int 3 016f:bff669b0 55 push ebp 016f:bff669b1 8bec mov ebp,esp 016f:bff669b3 57 push edi 016f:bff669b4 53 push ebx 016f:bff669b5 ff3520bdfbbf push dword ptr [bffbbd20] 016f:bff669bb e8ccd7ffff call bff6418c = KERNEL32.DLL!97 016f:bff669c0 8b7d08 mov edi,dword ptr [ebp+08] 016f:bff669c3 b904000000 mov ecx,00000004 -------------------- 00a8f0a8 819801e8 -> 07 00 01 00 40 91 6c c1 20 c3 a8 00 00 00 a9 00 ....@.l. ....... 00a8f0ac bff6dfbb = KERNEL32.DLL:.text+0x4fbb -------------------- 016f:bff6df90 ff75d8 push dword ptr [ebp-28] 016f:bff6df93 e8e8010200 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter 016f:bff6df98 c3 retd 016f:bff6df99 8b65e8 mov esp,dword ptr [ebp-18] 016f:bff6df9c c745e401000000 mov dword ptr [ebp-1c],00000001 016f:bff6dfa3 8d8564feffff lea eax,[ebp-0000019c] 016f:bff6dfa9 50 push eax 016f:bff6dfaa e876d50200 call bff9b525 = KERNEL32.DLL:.text+0x32525 016f:bff6dfaf c745fcffffffff mov dword ptr [ebp-04],ffffffff 016f:bff6dfb6 e8e689ffff call bff669a1 = KERNEL32.DLL:_FREQASM+0x59a1 KERNEL32.DLL:.text+0x4fbb: *016f:bff6dfbb 8b45dc mov eax,dword ptr [ebp-24] 016f:bff6dfbe 8020ef and byte ptr [eax],ef 016f:bff6dfc1 8b45e4 mov eax,dword ptr [ebp-1c] 016f:bff6dfc4 eb02 jmp bff6dfc8 = KERNEL32.DLL:.text+0x4fc8 016f:bff6dfc6 33c0 xor eax,eax 016f:bff6dfc8 8b4df0 mov ecx,dword ptr [ebp-10] 016f:bff6dfcb 5f pop edi 016f:bff6dfcc 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:bff6dfd3 5e pop esi 016f:bff6dfd4 5b pop ebx 016f:bff6dfd5 8be5 mov esp,ebp -------------------- 00a8f0b0 0000000a 00a8f0b4 8198d2dc -> 78 b4 98 81 00 00 00 00 00 00 00 00 00 00 00 00 x............... 00a8f0b8 8198d2f0 -> 48 02 0a 00 14 81 97 81 44 64 97 81 dc b2 97 81 H.......Dd...... 00a8f0bc c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8f0c0 00000000 00a8f0c4 00a8f264 -> 70 d1 fc 00 58 f7 fc 00 ff ff ff ff 30 00 65 00 p...X.......0.e. 00a8f0c8 ffecbad7 00a8f0cc 00a8f0f8 -> 1f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f0d0 00a8f0dc -> 05 00 00 c0 00 00 00 00 00 00 00 00 51 3f f7 bf ............Q?.. 00a8f0d4 0000000e 00a8f0d8 00000007 00a8f0dc c0000005 00a8f0e0 00000000 ... 00a8f0e8 bff73f51 = KERNEL32.DLL:.text+0xaf51 -> 89 01 c7 45 fc ff ff ff ff 83 45 c4 04 8b 45 c4 ...E......E...E. 00a8f0ec 00000002 00a8f0f0 00000001 00a8f0f4 010ca000 = JVM641MI.DLL:.rdata+0x0 -> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... 00a8f0f8 0001001f 00a8f0fc 00000000 ... 00a8f110 00a8f12c -> 44 f1 a8 00 89 b9 f6 bf ee 13 f6 bf 6f 01 00 00 D...........o... 00a8f114 bff6b8dc = KERNEL32.DLL:.text+0x28dc -------------------- 016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] 016f:bff6b8c0 fb sti 016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b 016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b8cb ff7514 push dword ptr [ebp+14] 016f:bff6b8ce ff7510 push dword ptr [ebp+10] 016f:bff6b8d1 ff750c push dword ptr [ebp+0c] 016f:bff6b8d4 ff7508 push dword ptr [ebp+08] 016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c KERNEL32.DLL:.text+0x28dc: *016f:bff6b8dc 8bf0 mov esi,eax 016f:bff6b8de 85f6 test esi,esi 016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e8 66ff4602 inc word ptr [esi+02] 016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b8f1 50 push eax 016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 016f:bff6b8f7 8bc6 mov eax,esi 016f:bff6b8f9 5e pop esi -------------------- 00a8f118 bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8f11c bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f120 bff6b8f7 = KERNEL32.DLL:.text+0x28f7 -------------------- 016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c 016f:bff6b8dc 8bf0 mov esi,eax 016f:bff6b8de 85f6 test esi,esi 016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec 016f:bff6b8e8 66ff4602 inc word ptr [esi+02] 016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b8f1 50 push eax 016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x28f7: *016f:bff6b8f7 8bc6 mov eax,esi 016f:bff6b8f9 5e pop esi 016f:bff6b8fa 5d pop ebp 016f:bff6b8fb c21000 retd 0010 016f:bff6b8fe 55 push ebp 016f:bff6b8ff 8bec mov ebp,esp 016f:bff6b901 53 push ebx 016f:bff6b902 56 push esi 016f:bff6b903 57 push edi 016f:bff6b904 33ff xor edi,edi 016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 -------------------- 00a8f124 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f128 00000000 00a8f12c 00a8f144 -> 01 00 00 00 08 00 00 00 0a 00 58 06 00 00 06 60 ..........X....` 00a8f130 bff6b989 = KERNEL32.DLL:.text+0x2989 -------------------- 016f:bff6b96c 5b pop ebx 016f:bff6b96d c20800 retd 0008 016f:bff6b970 55 push ebp 016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff6b976 8bec mov ebp,esp 016f:bff6b978 ff742410 push dword ptr [esp+10] 016f:bff6b97c ff750c push dword ptr [ebp+0c] 016f:bff6b97f ff7508 push dword ptr [ebp+08] 016f:bff6b982 ff30 push dword ptr [eax] 016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc KERNEL32.DLL:.text+0x2989: *016f:bff6b989 5d pop ebp 016f:bff6b98a c20c00 retd 000c 016f:bff6b98d 55 push ebp 016f:bff6b98e 8bec mov ebp,esp 016f:bff6b990 50 push eax 016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff6b996 50 push eax 016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 016f:bff6b99c ff7508 push dword ptr [ebp+08] 016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] -------------------- 00a8f134 bff613ee = KERNEL32.DLL:_FREQASM+0x3ee -------------------- 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3ee: *016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 016f:bff61414 55 push ebp 016f:bff61415 53 push ebx -------------------- 00a8f138 0000016f 00a8f13c bff6ec61 = KERNEL32.DLL:.text+0x5c61 -------------------- 016f:bff6ec44 8b354cb5fbbf mov esi,dword ptr [bffbb54c] 016f:bff6ec4a b801000000 mov eax,00000001 016f:bff6ec4f 85db test ebx,ebx 016f:bff6ec51 740e jz bff6ec61 = KERNEL32.DLL:.text+0x5c61 016f:bff6ec53 ff7518 push dword ptr [ebp+18] 016f:bff6ec56 ff75fc push dword ptr [ebp-04] 016f:bff6ec59 56 push esi 016f:bff6ec5a 53 push ebx 016f:bff6ec5b ff75f8 push dword ptr [ebp-08] 016f:bff6ec5e ff551c call dword ptr [ebp+1c] KERNEL32.DLL:.text+0x5c61: *016f:bff6ec61 85c0 test eax,eax 016f:bff6ec63 7420 jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 016f:bff6ec65 83e707 and edi,+07 016f:bff6ec68 741b jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 016f:bff6ec6a c1e710 shl edi,10 016f:bff6ec6d 015dfc add dword ptr [ebp-04],ebx 016f:bff6ec70 097dfc or dword ptr [ebp-04],edi 016f:bff6ec73 015df8 add dword ptr [ebp-08],ebx 016f:bff6ec76 ff7518 push dword ptr [ebp+18] 016f:bff6ec79 ff75fc push dword ptr [ebp-04] 016f:bff6ec7c 56 push esi -------------------- 00a8f140 000010ca 00a8f144 00000001 00a8f148 00000008 00a8f14c 0658000a 00a8f150 60060000 00a8f154 00000000 00a8f158 8198d138 -> 2e 72 64 61 74 61 00 00 9a 0c 00 00 00 a0 00 00 .rdata.......... 00a8f15c 010ca000 = JVM641MI.DLL:.rdata+0x0 -> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... 00a8f160 000010ca 00a8f164 0658000a 00a8f168 00a8f1b8 -> e0 a5 07 10 14 81 97 81 00 00 00 00 01 00 00 00 ................ 00a8f16c bff78b09 = KERNEL32.DLL:.text+0xfb09 -------------------- 016f:bff78aef 8b4624 mov eax,dword ptr [esi+24] 016f:bff78af2 0d00000080 or eax,80000000 016f:bff78af7 50 push eax 016f:bff78af8 51 push ecx 016f:bff78af9 8b4614 mov eax,dword ptr [esi+14] 016f:bff78afc 0345f8 add eax,dword ptr [ebp-08] 016f:bff78aff 50 push eax 016f:bff78b00 53 push ebx 016f:bff78b01 ff7508 push dword ptr [ebp+08] 016f:bff78b04 e8aa60ffff call bff6ebb3 = KERNEL32.DLL:.text+0x5bb3 KERNEL32.DLL:.text+0xfb09: *016f:bff78b09 85c0 test eax,eax 016f:bff78b0b 7409 jz bff78b16 = KERNEL32.DLL:.text+0xfb16 016f:bff78b0d c745fc01000000 mov dword ptr [ebp-04],00000001 016f:bff78b14 eb07 jmp bff78b1d = KERNEL32.DLL:.text+0xfb1d 016f:bff78b16 c745fc00000000 mov dword ptr [ebp-04],00000000 016f:bff78b1d 85ff test edi,edi 016f:bff78b1f 7418 jz bff78b39 = KERNEL32.DLL:.text+0xfb39 016f:bff78b21 837dfc00 cmp dword ptr [ebp-04],+00 016f:bff78b25 740c jz bff78b33 = KERNEL32.DLL:.text+0xfb33 016f:bff78b27 6800100000 push 00001000 016f:bff78b2c 57 push edi -------------------- 00a8f170 819800cb -> 00 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 .$.............. 00a8f174 010ca000 = JVM641MI.DLL:.rdata+0x0 -> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... 00a8f178 0000a000 00a8f17c 00001000 00a8f180 60060000 00a8f184 bff613e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 016f:bff613c5 c20400 retd 0004 016f:bff613c8 33c0 xor eax,eax 016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] 016f:bff613d8 8f0424 pop dword ptr [esp] 016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] KERNEL32.DLL:_FREQASM+0x3e2: *016f:bff613e2 b801000100 mov eax,00010001 016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613ee b843002a00 mov eax,002a0043 016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] 016f:bff613fa 83c414 add esp,+14 016f:bff613fd 0fb7c8 movzx ecx,ax 016f:bff61400 0fa4d310 shld ebx,edx,10 016f:bff61404 c0e302 shl bl,02 016f:bff61407 6681ea0010 sub dx,1000 016f:bff6140c 0fbfc2 movsx eax,dx 016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 00a8f188 bff691a8 = KERNEL32.DLL:.text+0x1a8 -> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... 00a8f18c 0000040d 00a8f190 00a8f1c0 -> 00 00 00 00 01 00 00 00 80 65 97 81 0d 04 00 00 .........e...... 00a8f194 00000001 00a8f198 00000000 ... 00a8f1b8 1007a5e0 = STLPORT_VC6.DLL:.rdata+0xe5e0 -> 00 00 00 00 10 6b 24 3d 00 00 00 00 62 fb 07 00 .....k$=....b... 00a8f1bc 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8f1c0 00000000 00a8f1c4 00000001 00a8f1c8 81976580 -> 50 45 00 00 4c 01 06 00 11 6b 24 3d 00 00 00 00 PE..L....k$=.... 00a8f1cc 0000040d 00a8f1d0 010cac0c = JVM641MI.DLL:.rdata+0xc0c -> 3f 61 6c 6c 6f 63 61 74 65 40 3f 24 5f 5f 6e 6f ?allocate@?$__no 00a8f1d4 8198d2dc -> 78 b4 98 81 00 00 00 00 00 00 00 00 00 00 00 00 x............... 00a8f1d8 8198d2f0 -> 48 02 0a 00 14 81 97 81 44 64 97 81 dc b2 97 81 H.......Dd...... 00a8f1dc 0000000a 00a8f1e0 00000000 ... 00a8f208 00000007 00a8f20c 81976444 -> 68 64 97 81 5c 65 97 81 ec 63 93 81 00 00 00 00 hd..\e...c...... 00a8f210 8198d2f8 -> 44 64 97 81 dc b2 97 81 38 5a 97 81 b4 56 97 81 Dd......8Z...V.. 00a8f214 8198bb70 -> 02 00 00 00 18 d0 98 81 ff ff ff ff b0 bb 98 81 ................ 00a8f218 8198d320 -> 20 00 00 a0 08 00 01 00 30 b4 6c c1 36 03 00 00 .......0.l.6... 00a8f21c 8198d2f0 -> 48 02 0a 00 14 81 97 81 44 64 97 81 dc b2 97 81 H.......Dd...... 00a8f220 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f224 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f228 00655600 = SAL3.DLL:.data+0x600 -> 50 00 00 00 00 00 00 00 50 71 0b 01 50 71 0b 01 P.......Pq..Pq.. 00a8f22c 004c1d3c = SAL3.DLL:.text+0xd3c -> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. 00a8f230 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8f234 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8f238 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f23c bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f240 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f244 0107b090 -> d8 01 00 00 28 00 00 00 b0 ee 07 01 60 57 65 00 ....(.......`We. 00a8f248 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8f24c 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8f250 0107b158 -> 10 01 00 00 60 00 00 00 58 b1 07 01 58 b1 07 01 ....`...X...X... 00a8f254 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8f258 0107b098 -> b0 ee 07 01 60 57 65 00 66 00 69 00 6c 00 65 00 ....`We.f.i.l.e. 00a8f25c 1c809f70 = TL641MI.DLL:.text+0x8f70 -------------------- 016f:1c809f55 8d7c8204 lea edi,[edx+eax*4+04] 016f:1c809f59 8bc1 mov eax,ecx 016f:1c809f5b c1e902 shr ecx,02 016f:1c809f5e f3a5 rep movs dword ptr es:[edi],dword ptr ds:[esi] 016f:1c809f60 8bc8 mov ecx,eax 016f:1c809f62 83e103 and ecx,+03 016f:1c809f65 f3a4 rep movs byte ptr es:[edi],byte ptr ds:[esi] 016f:1c809f67 8b4b0c mov ecx,dword ptr [ebx+0c] 016f:1c809f6a 51 push ecx 016f:1c809f6b e8308f0200 call 1c832ea0 = TL641MI.DLL!21 TL641MI.DLL:.text+0x8f70: *016f:1c809f70 8b542420 mov edx,dword ptr [esp+20] 016f:1c809f74 83c404 add esp,+04 016f:1c809f77 89530c mov dword ptr [ebx+0c],edx 016f:1c809f7a 5f pop edi 016f:1c809f7b eb38 jmp 1c809fb5 = TL641MI.DLL:.text+0x8fb5 016f:1c809f7d 8b6c2414 mov ebp,dword ptr [esp+14] 016f:1c809f81 663be9 cmp bp,cx 016f:1c809f84 732f jnc 1c809fb5 = TL641MI.DLL:.text+0x8fb5 016f:1c809f86 8bc5 mov eax,ebp 016f:1c809f88 8b530c mov edx,dword ptr [ebx+0c] 016f:1c809f8b 25ffff0000 and eax,0000ffff -------------------- 00a8f260 0107b098 -> b0 ee 07 01 60 57 65 00 66 00 69 00 6c 00 65 00 ....`We.f.i.l.e. 00a8f264 00fcd170 -> 00 00 00 00 00 00 00 00 40 00 32 00 d0 6f 0b 01 ........@.2..o.. 00a8f268 00fcf758 -> 70 d1 fc 00 70 d1 fc 00 70 d1 fc 00 00 00 00 04 p...p...p....... 00a8f26c ffffffff 00a8f270 00650030 = SAL3.DLL:.rdata+0x16a030 -> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... 00a8f274 1c80a90d = TL641MI.DLL:.text+0x990d -------------------- 016f:1c80a8f5 c20c00 retd 000c 016f:1c80a8f8 894604 mov dword ptr [esi+04],eax 016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] 016f:1c80a8fe 40 inc eax 016f:1c80a8ff 5f pop edi 016f:1c80a900 894614 mov dword ptr [esi+14],eax 016f:1c80a903 5e pop esi 016f:1c80a904 5b pop ebx 016f:1c80a905 c20c00 retd 000c 016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 TL641MI.DLL:.text+0x990d: *016f:1c80a90d 3b7e04 cmp edi,dword ptr [esi+04] 016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 016f:1c80a912 668b460c mov ax,word ptr [esi+0c] 016f:1c80a916 663bd8 cmp bx,ax 016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 016f:1c80a91b 40 inc eax 016f:1c80a91c 6689460c mov word ptr [esi+0c],ax 016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] 016f:1c80a923 5f pop edi 016f:1c80a924 40 inc eax 016f:1c80a925 894614 mov dword ptr [esi+14],eax -------------------- 00a8f278 01039cd0 -> 88 b4 07 01 c8 9c 03 01 50 00 00 80 10 00 00 00 ........P....... 00a8f27c 00650030 = SAL3.DLL:.rdata+0x16a030 -> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... 00a8f280 010b6fd0 -> 88 fd 05 01 d0 0e 06 01 d0 90 0b 01 b8 e4 05 01 ................ 00a8f284 0105d078 -> 84 22 49 00 b8 f8 fc 00 40 d0 05 01 00 00 00 00 ."I.....@....... 00a8f288 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f28c 00fcf758 -> 70 d1 fc 00 70 d1 fc 00 70 d1 fc 00 00 00 00 04 p...p...p....... 00a8f290 ffffffff 00a8f294 00650031 = SAL3.DLL:.rdata+0x16a031 -> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T 00a8f298 1c80a90d = TL641MI.DLL:.text+0x990d -------------------- 016f:1c80a8f5 c20c00 retd 000c 016f:1c80a8f8 894604 mov dword ptr [esi+04],eax 016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] 016f:1c80a8fe 40 inc eax 016f:1c80a8ff 5f pop edi 016f:1c80a900 894614 mov dword ptr [esi+14],eax 016f:1c80a903 5e pop esi 016f:1c80a904 5b pop ebx 016f:1c80a905 c20c00 retd 000c 016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 TL641MI.DLL:.text+0x990d: *016f:1c80a90d 3b7e04 cmp edi,dword ptr [esi+04] 016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 016f:1c80a912 668b460c mov ax,word ptr [esi+0c] 016f:1c80a916 663bd8 cmp bx,ax 016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 016f:1c80a91b 40 inc eax 016f:1c80a91c 6689460c mov word ptr [esi+0c],ax 016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] 016f:1c80a923 5f pop edi 016f:1c80a924 40 inc eax 016f:1c80a925 894614 mov dword ptr [esi+14],eax -------------------- 00a8f29c 00ffd910 -> d8 70 0b 01 08 d9 ff 00 48 00 00 80 10 00 00 00 .p......H....... 00a8f2a0 00650031 = SAL3.DLL:.rdata+0x16a031 -> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T 00a8f2a4 00000010 00a8f2a8 0105dc00 -> 84 22 49 00 b8 f8 fc 00 c8 db 05 01 00 00 00 00 ."I............. 00a8f2ac ffffffff 00a8f2b0 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8f2b4 1c80a973 = TL641MI.DLL:.text+0x9973 -------------------- 016f:1c80a95a 772d ja 1c80a989 = TL641MI.DLL:.text+0x9989 016f:1c80a95c 8b4108 mov eax,dword ptr [ecx+08] 016f:1c80a95f 85c0 test eax,eax 016f:1c80a961 7414 jz 1c80a977 = TL641MI.DLL:.text+0x9977 016f:1c80a963 668b500a mov dx,word ptr [eax+0a] 016f:1c80a967 52 push edx 016f:1c80a968 50 push eax 016f:1c80a969 8b442410 mov eax,dword ptr [esp+10] 016f:1c80a96d 50 push eax 016f:1c80a96e e87dfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 TL641MI.DLL:.text+0x9973: *016f:1c80a973 5e pop esi 016f:1c80a974 c20800 retd 0008 016f:1c80a977 8b542408 mov edx,dword ptr [esp+08] 016f:1c80a97b 6a00 push +00 016f:1c80a97d 6a00 push +00 016f:1c80a97f 52 push edx 016f:1c80a980 e86bfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 016f:1c80a985 5e pop esi 016f:1c80a986 c20800 retd 0008 016f:1c80a989 8b11 mov edx,dword ptr [ecx] 016f:1c80a98b 33c0 xor eax,eax -------------------- 00a8f2b8 00ffd910 -> d8 70 0b 01 08 d9 ff 00 48 00 00 80 10 00 00 00 .p......H....... 00a8f2bc 00fcd170 -> 00 00 00 00 00 00 00 00 40 00 32 00 d0 6f 0b 01 ........@.2..o.. 00a8f2c0 00650031 = SAL3.DLL:.rdata+0x16a031 -> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T 00a8f2c4 00ffd910 -> d8 70 0b 01 08 d9 ff 00 48 00 00 80 10 00 00 00 .p......H....... 00a8f2c8 0043d6d7 = SET641MI.DLL:.text+0x3c6d7 -------------------- 016f:0043d6b6 8bcd mov ecx,ebp 016f:0043d6b8 e851d30300 call 0047aa0e = TL641MI.DLL!332 016f:0043d6bd eb02 jmp 0043d6c1 = SET641MI.DLL:.text+0x3c6c1 016f:0043d6bf 33ed xor ebp,ebp 016f:0043d6c1 c744241cffffffff mov dword ptr [esp+1c],ffffffff 016f:0043d6c9 896b60 mov dword ptr [ebx+60],ebp 016f:0043d6cc 8b4b60 mov ecx,dword ptr [ebx+60] 016f:0043d6cf 6aff push -01 016f:0043d6d1 56 push esi 016f:0043d6d2 e8a9d30300 call 0047aa80 = TL641MI.DLL!347 SET641MI.DLL:.text+0x3c6d7: *016f:0043d6d7 8b87ec000000 mov eax,dword ptr [edi+000000ec] 016f:0043d6dd 8db7d8000000 lea esi,[edi+000000d8] 016f:0043d6e3 33ff xor edi,edi 016f:0043d6e5 5d pop ebp 016f:0043d6e6 85c0 test eax,eax 016f:0043d6e8 7621 jbe 0043d70b = SET641MI.DLL:.text+0x3c70b 016f:0043d6ea 33c0 xor eax,eax 016f:0043d6ec 50 push eax 016f:0043d6ed 8bce mov ecx,esi 016f:0043d6ef e83ed30300 call 0047aa32 = TL641MI.DLL!341 016f:0043d6f4 50 push eax -------------------- 00a8f2cc 00ffd910 -> d8 70 0b 01 08 d9 ff 00 48 00 00 80 10 00 00 00 .p......H....... 00a8f2d0 ffffffff 00a8f2d4 00dd12f8 -> 00 00 dd 00 00 00 00 00 00 00 00 00 48 d4 85 1c ............H... 00a8f2d8 00000005 00a8f2dc 01051eb8 -> 78 f3 04 01 78 f3 04 01 78 f3 04 01 00 00 00 04 x...x...x....... 00a8f2e0 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8f2e4 00ffd900 -> 18 00 00 00 20 00 00 00 10 00 00 80 28 00 00 00 .... .......(... 00a8f2e8 00a8f30c -> 3c 61 98 81 10 80 bb 00 4f 23 4c 00 f0 91 65 00 03 00 00 00 1e 00 00 00 67 69 64 5f 4d 6f 64 75 ........gid_Modu 00a8f2fc 00000001 00a8f300 01011128 -> 38 17 01 01 38 17 01 01 38 17 01 01 00 00 00 04 8...8...8....... 00a8f304 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8f308 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f30c 8198613c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f310 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8f314 004c234f = SAL3.DLL:.text+0x134f -------------------- 016f:004c2331 4a dec edx 016f:004c2332 8d4801 lea ecx,[eax+01] 016f:004c2335 895620 mov dword ptr [esi+20],edx 016f:004c2338 85c0 test eax,eax 016f:004c233a 894e18 mov dword ptr [esi+18],ecx 016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId 016f:004c2345 89461c mov dword ptr [esi+1c],eax 016f:004c2348 68f0916500 push 006591f0 016f:004c234d ffd3 call ebx SAL3.DLL:.text+0x134f: *016f:004c234f 5f pop edi 016f:004c2350 5e pop esi 016f:004c2351 b001 mov al,01 016f:004c2353 5b pop ebx 016f:004c2354 c3 retd 016f:004c2355 8b542404 mov edx,dword ptr [esp+04] 016f:004c2359 52 push edx 016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection 016f:004c2360 b001 mov al,01 016f:004c2362 c3 retd 016f:004c2363 90 nop -------------------- 00a8f318 006591f0 = SAL3.DLL:.data+0x41f0 -> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 .... 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8f320 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8f324 0107be0e -> 00 00 45 3a 00 00 58 cd 07 01 38 00 00 80 18 00 ..E:..X...8..... 00a8f328 1c2091fd = VOS2MSC.DLL:.text+0x81fd -------------------- 016f:1c2091ea 90 nop 016f:1c2091eb 90 nop 016f:1c2091ec 90 nop 016f:1c2091ed 90 nop 016f:1c2091ee 90 nop 016f:1c2091ef 90 nop 016f:1c2091f0 8b442404 mov eax,dword ptr [esp+04] 016f:1c2091f4 8b4804 mov ecx,dword ptr [eax+04] 016f:1c2091f7 51 push ecx 016f:1c2091f8 e809350000 call 1c20c706 = SAL3.DLL!osl_acquireMutex VOS2MSC.DLL:.text+0x81fd: *016f:1c2091fd 59 pop ecx 016f:1c2091fe c3 retd 016f:1c2091ff 90 nop 016f:1c209200 8b442404 mov eax,dword ptr [esp+04] 016f:1c209204 8b4804 mov ecx,dword ptr [eax+04] 016f:1c209207 51 push ecx 016f:1c209208 e8ff340000 call 1c20c70c = SAL3.DLL!osl_tryToAcquireMutex 016f:1c20920d 83c404 add esp,+04 016f:1c209210 c3 retd 016f:1c209211 90 nop 016f:1c209212 90 nop -------------------- 00a8f32c 7e6f28cf 00a8f330 00000001 00a8f334 0043dd9f = SET641MI.DLL:.text+0x3cd9f -------------------- 016f:0043dd7d c744242cf8e74800 mov dword ptr [esp+2c],0048e7f8 016f:0043dd85 55 push ebp 016f:0043dd86 896c2434 mov dword ptr [esp+34],ebp 016f:0043dd8a 8b4d00 mov ecx,dword ptr [ebp] 016f:0043dd8d ff11 call dword ptr [ecx] 016f:0043dd8f 8b5660 mov edx,dword ptr [esi+60] 016f:0043dd92 c684249400000016 mov byte ptr [esp+00000094],16 016f:0043dd9a 52 push edx 016f:0043dd9b 57 push edi 016f:0043dd9c ff5624 call dword ptr [esi+24] SET641MI.DLL:.text+0x3cd9f: *016f:0043dd9f 8844241f mov byte ptr [esp+1f],al 016f:0043dda3 8b4500 mov eax,dword ptr [ebp] 016f:0043dda6 55 push ebp 016f:0043dda7 889c24a0000000 mov byte ptr [esp+000000a0],bl 016f:0043ddae ff5008 call dword ptr [eax+08] 016f:0043ddb1 83c410 add esp,+10 016f:0043ddb4 eb0f jmp 0043ddc5 = SET641MI.DLL:.text+0x3cdc5 016f:0043ddb6 8b4e60 mov ecx,dword ptr [esi+60] 016f:0043ddb9 51 push ecx 016f:0043ddba 57 push edi 016f:0043ddbb ff5624 call dword ptr [esi+24] -------------------- 00a8f338 0107bee0 -> 0c 22 49 00 78 f7 fc 00 50 72 0b 01 70 30 05 01 ."I.x...Pr..p0.. 00a8f33c 00fcf758 -> 70 d1 fc 00 70 d1 fc 00 70 d1 fc 00 00 00 00 04 p...p...p....... 00a8f340 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8f344 0107f160 -> d4 dd 48 00 50 3e 07 01 08 91 11 01 60 6d 10 01 ..H.P>......`m.. 00a8f348 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8f34c 00fc5ef8 -> e8 fb fc 00 48 e8 05 01 50 10 01 01 00 00 00 00 ....H...P....... 00a8f350 00000000 00a8f354 010b9980 -> 00 00 00 00 38 b4 07 01 00 00 00 00 00 00 00 00 ....8........... 00a8f358 010bac20 -> 01 00 00 00 24 00 00 00 66 00 69 00 6c 00 65 00 ....$...f.i.l.e. 00a8f35c 01077968 -> 01 00 00 00 0a 00 00 00 43 75 73 74 6f 6d 49 6e ........CustomIn 00a8f360 00fcd170 -> 00 00 00 00 00 00 00 00 40 00 32 00 d0 6f 0b 01 ........@.2..o.. 00a8f364 010768d0 -> 58 32 01 01 60 35 01 01 00 00 75 00 73 00 74 00 X2..`5....u.s.t. 00a8f368 00ddae60 -> 03 00 00 00 0f 00 00 00 46 3a 5c 54 45 4d 50 5c ........F:\TEMP\ 00a8f36c 010768d0 -> 58 32 01 01 60 35 01 01 00 00 75 00 73 00 74 00 X2..`5....u.s.t. 00a8f370 0048e7f8 = SET641MI.DLL!665 -> 80 ba 40 00 02 aa 47 00 fc a9 47 00 f6 a9 47 00 ..@...G...G...G. 00a8f374 00ddae44 -> 2c 83 70 1c 10 80 bb 00 78 30 dd 00 02 00 00 00 ,.p.....x0...... 00a8f378 0107bee8 -> 50 72 0b 01 70 30 05 01 98 c0 07 01 52 00 00 00 Pr..p0......R... 00a8f37c 00000000 00a8f380 01053070 -> 04 00 00 00 0c 00 00 00 6a 76 6d 36 34 31 6d 69 ........jvm641mi 00a8f384 00dd5da8 -> 00 00 00 00 b8 5d fc 00 50 98 0b 01 00 00 00 00 .....]..P....... 00a8f388 00000000 ... 00a8f394 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8f398 00000000 ... 00a8f3a0 00000003 00a8f3a4 00000000 00a8f3a8 00fc5db8 -> 02 00 00 00 07 00 00 00 53 56 31 2e 54 4d 50 00 ........SV1.TMP. 00a8f3ac 01075758 -> 00 00 00 00 98 61 07 01 80 99 0b 01 00 00 00 00 .....a.......... 00a8f3b0 00000000 ... 00a8f3bc 00fc5db8 -> 02 00 00 00 07 00 00 00 53 56 31 2e 54 4d 50 00 ........SV1.TMP. 00a8f3c0 01077968 -> 01 00 00 00 0a 00 00 00 43 75 73 74 6f 6d 49 6e ........CustomIn 00a8f3c4 00000000 ... 00a8f3cc 00a8f450 -> a4 f4 a8 00 28 23 48 00 01 00 00 00 2f 35 40 00 ....(#H...../5@. 00a8f3d0 004864cb = SET641MI.DLL:.text+0x854cb -> b8 e0 83 49 00 e9 db b4 ff ff cc cc cc cc cc cc ...I............ 00a8f3d4 00000016 00a8f3d8 0040330b = SET641MI.DLL:.text+0x230b -------------------- 016f:004032ec 8bf0 mov esi,eax 016f:004032ee 8a477c mov al,byte ptr [edi+7c] 016f:004032f1 84c0 test al,al 016f:004032f3 89742424 mov dword ptr [esp+24],esi 016f:004032f7 0f8552010000 jnz 0040344f = SET641MI.DLL:.text+0x244f 016f:004032fd 8b8fc4010000 mov ecx,dword ptr [edi+000001c4] 016f:00403303 8b06 mov eax,dword ptr [esi] 016f:00403305 51 push ecx 016f:00403306 8bce mov ecx,esi 016f:00403308 ff5008 call dword ptr [eax+08] SET641MI.DLL:.text+0x230b: *016f:0040330b 84c0 test al,al 016f:0040330d 0f843c010000 jz 0040344f = SET641MI.DLL:.text+0x244f 016f:00403313 f6465c20 test byte ptr [esi+5c],20 016f:00403317 0f8545010000 jnz 00403462 = SET641MI.DLL:.text+0x2462 016f:0040331d 8b5660 mov edx,dword ptr [esi+60] 016f:00403320 899c2480000000 mov dword ptr [esp+00000080],ebx 016f:00403327 8954241c mov dword ptr [esp+1c],edx 016f:0040332b 395a14 cmp dword ptr [edx+14],ebx 016f:0040332e 0f861f010000 jbe 00403453 = SET641MI.DLL:.text+0x2453 016f:00403334 33c0 xor eax,eax 016f:00403336 50 push eax -------------------- 00a8f3dc 00dd12f8 -> 00 00 dd 00 00 00 00 00 00 00 00 00 48 d4 85 1c ............H... 00a8f3e0 00fc5ef8 -> e8 fb fc 00 48 e8 05 01 50 10 01 01 00 00 00 00 ....H...P....... 00a8f3e4 0107f160 -> d4 dd 48 00 50 3e 07 01 08 91 11 01 60 6d 10 01 ..H.P>......`m.. 00a8f3e8 00000001 00a8f3ec 00000000 00a8f3f0 0105dbc8 -> 03 00 00 00 1e 00 00 00 67 69 64 5f 4d 6f 64 75 ........gid_Modu ... 00a8f3fc 01074bc8 -> e8 e3 03 01 e8 e8 03 01 01 00 3a 00 5c 00 54 00 ..........:.\.T. 00a8f400 0107f160 -> d4 dd 48 00 50 3e 07 01 08 91 11 01 60 6d 10 01 ..H.P>......`m.. 00a8f404 0107be98 -> 18 20 49 00 60 f1 07 01 00 00 00 00 00 01 5c 4f . I.`.........\O 00a8f408 00fcf7a0 -> 00 00 00 00 00 00 00 00 10 00 02 00 30 cb 07 01 ............0... ... 00a8f414 04000000 00a8f418 00100010 00a8f41c 00000002 00a8f420 0048de18 = SET641MI.DLL!425 -> 60 f6 41 00 00 00 00 00 50 41 47 45 5f 57 45 4c `.A.....PAGE_WEL 00a8f424 1c20d28c = VOS2MSC.DLL!610 -> 40 10 20 1c c0 10 20 1c f0 1f 20 1c d0 12 20 1c @. ... ... ... . 00a8f428 000003f9 00a8f42c 00000002 00a8f430 010b2014 -> 00 00 00 00 00 00 00 00 48 d4 85 1c 00 00 00 00 ........H....... 00a8f434 0000ffff 00a8f438 9999999a 00a8f43c 3fe99999 00a8f440 00000000 00a8f444 40000000 00a8f448 0000ff00 00a8f44c 00000000 00a8f450 00a8f4a4 -> d0 f8 a8 00 48 23 48 00 ff ff ff ff 4a c1 10 01 ....H#H.....J... 00a8f454 00482328 = SET641MI.DLL:.text+0x81328 -> b8 f8 3e 49 00 e9 7e f6 ff ff cc cc cc cc cc cc ..>I............ 00a8f458 00000001 00a8f45c 0040352f = SET641MI.DLL:.text+0x252f -------------------- 016f:0040350d b901000000 mov ecx,00000001 016f:00403512 884e14 mov byte ptr [esi+14],cl 016f:00403515 8b8ec4010000 mov ecx,dword ptr [esi+000001c4] 016f:0040351b 50 push eax 016f:0040351c e86f380500 call 00456d90 = SET641MI.DLL!2180 016f:00403521 8b7c244c mov edi,dword ptr [esp+4c] 016f:00403525 6a01 push +01 016f:00403527 57 push edi 016f:00403528 8bce mov ecx,esi 016f:0040352a e8e1fcffff call 00403210 = SET641MI.DLL!491 SET641MI.DLL:.text+0x252f: *016f:0040352f dd0520524a00 fld qword ptr [004a5220] 016f:00403535 83ec08 sub esp,+08 016f:00403538 8d4c2414 lea ecx,[esp+14] 016f:0040353c dd1c24 fstp qword ptr [esp] 016f:0040353f dd0518524a00 fld qword ptr [004a5218] 016f:00403545 83ec08 sub esp,+08 016f:00403548 dd1c24 fstp qword ptr [esp] 016f:0040354b 53 push ebx 016f:0040354c 68f9030000 push 000003f9 016f:00403551 e8aabe0100 call 0041f400 = SET641MI.DLL!1558 016f:00403556 c744240c18de4800 mov dword ptr [esp+0c],0048de18 -------------------- 00a8f460 00000032 00a8f464 00000001 00a8f468 00000000 00a8f46c 01119108 = SETUP.EXE:.data+0x1108 -> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. 00a8f470 00000000 00a8f474 0110e89f = SETUP.EXE:.text+0xd89f -------------------- 016f:0110e87c 84c0 test al,al 016f:0110e87e 7404 jz 0110e884 = SETUP.EXE:.text+0xd884 016f:0110e880 c6461201 mov byte ptr [esi+12],01 016f:0110e884 8d4c2410 lea ecx,[esp+10] 016f:0110e888 e8f94d0000 call 01113686 = TL641MI.DLL!662 016f:0110e88d 8b4604 mov eax,dword ptr [esi+04] 016f:0110e890 3bc3 cmp eax,ebx 016f:0110e892 740b jz 0110e89f = SETUP.EXE:.text+0xd89f 016f:0110e894 8b883c020000 mov ecx,dword ptr [eax+0000023c] 016f:0110e89a e861a3ffff call 01108c00 = SETUP.EXE:.text+0x7c00 SETUP.EXE:.text+0xd89f: *016f:0110e89f 8bc6 mov eax,esi 016f:0110e8a1 5f pop edi 016f:0110e8a2 5e pop esi 016f:0110e8a3 5d pop ebp 016f:0110e8a4 5b pop ebx 016f:0110e8a5 83c428 add esp,+28 016f:0110e8a8 c20c00 retd 000c 016f:0110e8ab 90 nop 016f:0110e8ac 90 nop 016f:0110e8ad 90 nop 016f:0110e8ae 90 nop -------------------- 00a8f478 bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8f47c 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f480 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f484 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f488 010686d8 -> 10 00 00 00 38 00 00 00 f0 55 07 01 68 e3 fd 00 ....8....U..h... 00a8f48c 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8f490 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8f494 010686e0 -> f0 55 07 01 68 e3 fd 00 58 00 00 80 10 00 00 00 .U..h...X....... 00a8f498 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8f49c 010686e0 -> f0 55 07 01 68 e3 fd 00 58 00 00 80 10 00 00 00 .U..h...X....... 00a8f4a0 00401677 = SET641MI.DLL:.text+0x677 -------------------- 016f:0040165e 90 nop 016f:0040165f 90 nop 016f:00401660 8a442404 mov al,byte ptr [esp+04] 016f:00401664 56 push esi 016f:00401665 8bf1 mov esi,ecx 016f:00401667 a801 test al,01 016f:00401669 c70698dd4800 mov dword ptr [esi],0048dd98 016f:0040166f 7409 jz 0040167a = SET641MI.DLL:.text+0x67a 016f:00401671 56 push esi 016f:00401672 e89d930700 call 0047aa14 = TL641MI.DLL!21 SET641MI.DLL:.text+0x677: *016f:00401677 83c404 add esp,+04 016f:0040167a 8bc6 mov eax,esi 016f:0040167c 5e pop esi 016f:0040167d c20400 retd 0004 016f:00401680 e9a1930700 jmp 0047aa26 = TL641MI.DLL!334 016f:00401685 90 nop 016f:00401686 90 nop 016f:00401687 90 nop 016f:00401688 90 nop 016f:00401689 90 nop 016f:0040168a 90 nop -------------------- 00a8f4a4 00a8f8d0 -> 88 fd a8 00 6d 18 f6 bf 9f 32 e6 88 00 00 00 00 ....m....2...... 00a8f4a8 00482348 = SET641MI.DLL:.text+0x81348 -> b8 40 3f 49 00 e9 5e f6 ff ff cc cc cc cc cc cc .@?I..^......... 00a8f4ac ffffffff 00a8f4b0 0110c14a = SETUP.EXE:.text+0xb14a -------------------- 016f:0110c12f 8d485c lea ecx,[eax+5c] 016f:0110c132 e891750000 call 011136c8 = TL641MI.DLL!155 016f:0110c137 ebb6 jmp 0110c0ef = SETUP.EXE:.text+0xb0ef 016f:0110c139 8b4e40 mov ecx,dword ptr [esi+40] 016f:0110c13c 33c0 xor eax,eax 016f:0110c13e 50 push eax 016f:0110c13f 8b442440 mov eax,dword ptr [esp+40] 016f:0110c143 55 push ebp 016f:0110c144 50 push eax 016f:0110c145 e8ae720000 call 011133f8 = SET641MI.DLL!497 SETUP.EXE:.text+0xb14a: *016f:0110c14a eb3e jmp 0110c18a = SETUP.EXE:.text+0xb18a 016f:0110c14c 8b442444 mov eax,dword ptr [esp+44] 016f:0110c150 83e802 sub eax,+02 016f:0110c153 7426 jz 0110c17b = SETUP.EXE:.text+0xb17b 016f:0110c155 48 dec eax 016f:0110c156 7412 jz 0110c16a = SETUP.EXE:.text+0xb16a 016f:0110c158 48 dec eax 016f:0110c159 752f jnz 0110c18a = SETUP.EXE:.text+0xb18a 016f:0110c15b 8b4c243c mov ecx,dword ptr [esp+3c] 016f:0110c15f 51 push ecx 016f:0110c160 8b4e40 mov ecx,dword ptr [esi+40] -------------------- 00a8f4b4 00fc5ef8 -> e8 fb fc 00 48 e8 05 01 50 10 01 01 00 00 00 00 ....H...P....... 00a8f4b8 00000001 00a8f4bc 00000000 00a8f4c0 00a8f894 -> 01 00 00 00 13 36 f6 bf 6c 05 00 00 82 04 00 00 .....6..l....... 00a8f4c4 01119108 = SETUP.EXE:.data+0x1108 -> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. 00a8f4c8 00000000 ... 00a8f4d0 00ddaf88 -> 03 00 00 00 13 00 00 00 46 3a 5c 44 4f 57 4e 4c ........F:\DOWNL 00a8f4d4 00fcfbe8 -> 20 23 49 00 b8 f8 fc 00 50 1d fd 00 00 4e 44 4f #I.....P....NDO 00a8f4d8 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f4dc 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f4e0 00fcd8a8 -> 60 11 00 00 58 00 00 00 28 eb 0b 01 a0 57 65 00 `...X...(....We. 00a8f4e4 004c1eac = SAL3.DLL:.text+0xeac -> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. 00a8f4e8 00655530 = SAL3.DLL:.data+0x530 -> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... 00a8f4ec 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f4f0 1c832eaa = TL641MI.DLL:.text+0x31eaa -------------------- 016f:1c832e99 90 nop 016f:1c832e9a 90 nop 016f:1c832e9b 90 nop 016f:1c832e9c 90 nop 016f:1c832e9d 90 nop 016f:1c832e9e 90 nop 016f:1c832e9f 90 nop 016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] 016f:1c832ea4 50 push eax 016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory TL641MI.DLL:.text+0x31eaa: *016f:1c832eaa 59 pop ecx 016f:1c832eab c3 retd 016f:1c832eac 90 nop 016f:1c832ead 90 nop 016f:1c832eae 90 nop 016f:1c832eaf 90 nop 016f:1c832eb0 83ec10 sub esp,+10 016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c832eb7 b801000000 mov eax,00000001 016f:1c832ebc 89442400 mov dword ptr [esp],eax 016f:1c832ec0 3bc8 cmp ecx,eax -------------------- 00a8f4f4 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f4f8 0110b209 = SETUP.EXE:.text+0xa209 -------------------- 016f:0110b1f6 f6d8 neg al 016f:0110b1f8 1bc0 sbb eax,eax 016f:0110b1fa 53 push ebx 016f:0110b1fb 83c002 add eax,+02 016f:0110b1fe 53 push ebx 016f:0110b1ff 53 push ebx 016f:0110b200 50 push eax 016f:0110b201 52 push edx 016f:0110b202 8bce mov ecx,esi 016f:0110b204 e8670d0000 call 0110bf70 = SETUP.EXE:.text+0xaf70 SETUP.EXE:.text+0xa209: *016f:0110b209 5e pop esi 016f:0110b20a 5b pop ebx 016f:0110b20b 81c4dc020000 add esp,000002dc 016f:0110b211 c20800 retd 0008 016f:0110b214 8b4634 mov eax,dword ptr [esi+34] 016f:0110b217 8b9034010000 mov edx,dword ptr [eax+00000134] 016f:0110b21d 3bd3 cmp edx,ebx 016f:0110b21f 7431 jz 0110b252 = SETUP.EXE:.text+0xa252 016f:0110b221 668b4e66 mov cx,word ptr [esi+66] 016f:0110b225 663bcb cmp cx,bx 016f:0110b228 7504 jnz 0110b22e = SETUP.EXE:.text+0xa22e -------------------- 00a8f4fc 00fc5ef8 -> e8 fb fc 00 48 e8 05 01 50 10 01 01 00 00 00 00 ....H...P....... 00a8f500 00000001 00a8f504 00000000 ... 00a8f510 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f514 00000000 00a8f518 000284cc 00a8f51c 00000482 00a8f520 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f524 00000000 00a8f528 34973497 00a8f52c 00000000 00a8f530 85480acf 00a8f534 09d7036a 00a8f538 78200000 00a8f53c 0000010b 00a8f540 84cc0482 00a8f544 036f0002 00a8f548 8c6285d0 00a8f54c 000009d7 00a8f550 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f554 8c730000 00a8f558 017709d7 00a8f55c 32670000 00a8f560 85d00000 00a8f564 857a0000 00a8f568 04360000 00a8f56c 347f00a8 00a8f570 0002014f 00a8f574 35880000 00a8f578 0acf0000 00a8f57c 12d20177 00a8f580 016709d7 = LOCALEDATA_ASCII.DLL:.rdata+0x1a9d7 -> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I 00a8f584 014f80b6 00a8f588 01770177 00a8f58c 01a70028 00a8f590 09c7123c 00a8f594 c1538e00 -> 02 00 00 00 54 6b 66 c1 00 00 00 00 00 00 00 00 ....Tkf......... 00a8f598 0ad70001 00a8f59c 85cc0014 00a8f5a0 0ab73bdc 00a8f5a4 78200000 00a8f5a8 0000010b 00a8f5ac bff8bafc = KERNEL32.DLL:.text+0x22afc -------------------- 016f:bff8bae5 b14e mov cl,4e 016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef 016f:bff8bae9 b14d mov cl,4d 016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef 016f:bff8baed b13e mov cl,3e 016f:bff8baef 55 push ebp 016f:bff8baf0 8bec mov ebp,esp 016f:bff8baf2 51 push ecx 016f:bff8baf3 83ec3c sub esp,+3c 016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 KERNEL32.DLL:.text+0x22afc: *016f:bff8bafc c9 leave 016f:bff8bafd c3 retd 016f:bff8bafe b101 mov cl,01 016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 016f:bff8bb02 b14f mov cl,4f 016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 016f:bff8bb06 b105 mov cl,05 016f:bff8bb08 55 push ebp 016f:bff8bb09 8bec mov ebp,esp 016f:bff8bb0b 51 push ecx 016f:bff8bb0c 83ec3c sub esp,+3c -------------------- 00a8f5b0 00a87000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00a8f5b4 00000000 00a8f5b8 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f5bc 1c6770ed = VCL641MI.DLL:.text+0x760ed -------------------- 016f:1c6770cd 0ac3 or al,bl 016f:1c6770cf 8886e8000000 mov byte ptr [esi+000000e8],al 016f:1c6770d5 eb19 jmp 1c6770f0 = VCL641MI.DLL:.text+0x760f0 016f:1c6770d7 8b5604 mov edx,dword ptr [esi+04] 016f:1c6770da 8d4c2408 lea ecx,[esp+08] 016f:1c6770de 24df and al,df 016f:1c6770e0 51 push ecx 016f:1c6770e1 52 push edx 016f:1c6770e2 8886e8000000 mov byte ptr [esi+000000e8],al 016f:1c6770e8 e863f4ffff call 1c676550 = VCL641MI.DLL:.text+0x75550 VCL641MI.DLL:.text+0x760ed: *016f:1c6770ed 83c408 add esp,+08 016f:1c6770f0 8a8ee9000000 mov cl,byte ptr [esi+000000e9] 016f:1c6770f6 c7442418ffffffff mov dword ptr [esp+18],ffffffff 016f:1c6770fe 0acb or cl,bl 016f:1c677100 888ee9000000 mov byte ptr [esi+000000e9],cl 016f:1c677106 8d4c2408 lea ecx,[esp+08] 016f:1c67710a e831680000 call 1c67d940 = VCL641MI.DLL!2534 016f:1c67710f e98d000000 jmp 1c6771a1 = VCL641MI.DLL:.text+0x761a1 016f:1c677114 f686e800000002 test byte ptr [esi+000000e8],02 016f:1c67711b 7464 jz 1c677181 = VCL641MI.DLL:.text+0x76181 016f:1c67711d 57 push edi -------------------- 00a8f5c0 c2b30001 00a8f5c4 00a8ffff -> 00 . 00a8f5c8 00000001 00a8f5cc 09c70514 00a8f5d0 000085d4 00a8f5d4 bff6422e = KERNEL32.DLL:_FREQASM+0x322e -------------------- 016f:bff6420f c3 retd 016f:bff64210 8b0d74b4fbbf mov ecx,dword ptr [bffbb474] 016f:bff64216 e31f jecxz bff64237 = KERNEL32.DLL:_FREQASM+0x3237 016f:bff64218 33c0 xor eax,eax 016f:bff6421a 8701 xchg dword ptr [ecx],eax 016f:bff6421c 0bc0 or eax,eax 016f:bff6421e 74ca jz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64220 52 push edx 016f:bff64221 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add KERNEL32.DLL:_FREQASM+0x322e: *016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] 016f:bff64236 5a pop edx 016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff64239 ff4210 inc dword ptr [edx+10] 016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb 016f:bff6423e 52 push edx 016f:bff6423f 52 push edx 016f:bff64240 681e002a00 push 002a001e 016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 016f:bff6424a 5a pop edx 016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb -------------------- 00a8f5d8 0001bb24 00a8f5dc bff61547 = KERNEL32.DLL:_FREQASM+0x547 -------------------- 016f:bff6151d 660bff or di,di 016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e 016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] 016f:bff61527 ff30 push dword ptr [eax] 016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] 016f:bff61536 6683ef01 sub di,+01 016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x547: *016f:bff61547 6664893d1e000000 mov word ptr fs:[0000001e],di 016f:bff6154f 8bc6 mov eax,esi 016f:bff61551 0fb6cb movzx ecx,bl 016f:bff61554 5f pop edi 016f:bff61555 5e pop esi 016f:bff61556 5b pop ebx 016f:bff61557 5d pop ebp 016f:bff61558 5a pop edx 016f:bff61559 03e1 add esp,ecx 016f:bff6155b ffe2 jmp edx 016f:bff6155d 55 push ebp -------------------- 00a8f5e0 00a8f644 -> 20 78 0b 01 b0 d8 fc 00 01 00 00 00 8a 4b 41 00 x...........KA. 00a8f5e4 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f5e8 00000001 00a8f5ec 00000000 00a8f5f0 1c6ec71e = VCL641MI.DLL:.text+0xeb71e -------------------- 016f:1c6ec703 c3 retd 016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] 016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec710 51 push ecx 016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] 016f:1c6ec715 52 push edx 016f:1c6ec716 50 push eax 016f:1c6ec717 51 push ecx 016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA VCL641MI.DLL:.text+0xeb71e: *016f:1c6ec71e c3 retd 016f:1c6ec71f 90 nop 016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] 016f:1c6ec725 85c0 test eax,eax 016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] 016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] 016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] 016f:1c6ec735 50 push eax 016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] 016f:1c6ec73a 51 push ecx -------------------- 00a8f5f4 00000001 00a8f5f8 0000056c 00a8f5fc 00000482 00a8f600 00000000 00a8f604 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f608 1c62d694 = VCL641MI.DLL:.text+0x2c694 -------------------- 016f:1c62d67d 90 nop 016f:1c62d67e 90 nop 016f:1c62d67f 90 nop 016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] 016f:1c62d684 8b09 mov ecx,dword ptr [ecx] 016f:1c62d686 50 push eax 016f:1c62d687 6a00 push +00 016f:1c62d689 6882040000 push 00000482 016f:1c62d68e 51 push ecx 016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 VCL641MI.DLL:.text+0x2c694: *016f:1c62d694 83c410 add esp,+10 016f:1c62d697 c20400 retd 0004 016f:1c62d69a 90 nop 016f:1c62d69b 90 nop 016f:1c62d69c 90 nop 016f:1c62d69d 90 nop 016f:1c62d69e 90 nop 016f:1c62d69f 90 nop 016f:1c62d6a0 56 push esi 016f:1c62d6a1 57 push edi 016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] -------------------- 00a8f60c 0000056c 00a8f610 00000482 00a8f614 00000000 00a8f618 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f61c 1c61dab2 = VCL641MI.DLL:.text+0x1cab2 -------------------- 016f:1c61da88 894e04 mov dword ptr [esi+04],ecx 016f:1c61da8b c7460800000000 mov dword ptr [esi+08],00000000 016f:1c61da92 c7460c00000000 mov dword ptr [esi+0c],00000000 016f:1c61da99 c6461801 mov byte ptr [esi+18],01 016f:1c61da9d 8937 mov dword ptr [edi],esi 016f:1c61da9f e8bcf90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 016f:1c61daa4 8b80f8000000 mov eax,dword ptr [eax+000000f8] 016f:1c61daaa 56 push esi 016f:1c61daab 8bc8 mov ecx,eax 016f:1c61daad e8cefb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 VCL641MI.DLL:.text+0x1cab2: *016f:1c61dab2 84c0 test al,al 016f:1c61dab4 7405 jz 1c61dabb = VCL641MI.DLL:.text+0x1cabb 016f:1c61dab6 5f pop edi 016f:1c61dab7 b001 mov al,01 016f:1c61dab9 5e pop esi 016f:1c61daba c3 retd 016f:1c61dabb 56 push esi 016f:1c61dabc c70700000000 mov dword ptr [edi],00000000 016f:1c61dac2 e8a5750d00 call 1c6f506c = TL641MI.DLL!21 016f:1c61dac7 83c404 add esp,+04 016f:1c61daca 32c0 xor al,al -------------------- 00a8f620 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f624 00a8f6a8 -> 9b fe 69 1c f4 f6 a8 00 f4 f6 a8 00 50 e2 fc 00 ..i.........P... 00a8f628 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f62c 1c61da34 = VCL641MI.DLL:.text+0x1ca34 -------------------- 016f:1c61da1d c3 retd 016f:1c61da1e 90 nop 016f:1c61da1f 90 nop 016f:1c61da20 8b442408 mov eax,dword ptr [esp+08] 016f:1c61da24 8b4c2404 mov ecx,dword ptr [esp+04] 016f:1c61da28 50 push eax 016f:1c61da29 8d54240c lea edx,[esp+0c] 016f:1c61da2d 51 push ecx 016f:1c61da2e 52 push edx 016f:1c61da2f e82c000000 call 1c61da60 = VCL641MI.DLL!384 VCL641MI.DLL:.text+0x1ca34: *016f:1c61da34 8b442414 mov eax,dword ptr [esp+14] 016f:1c61da38 83c40c add esp,+0c 016f:1c61da3b c3 retd 016f:1c61da3c 90 nop 016f:1c61da3d 90 nop 016f:1c61da3e 90 nop 016f:1c61da3f 90 nop 016f:1c61da40 8b442408 mov eax,dword ptr [esp+08] 016f:1c61da44 8b4c2404 mov ecx,dword ptr [esp+04] 016f:1c61da48 50 push eax 016f:1c61da49 8d54240c lea edx,[esp+0c] -------------------- 00a8f630 00a8f644 -> 20 78 0b 01 b0 d8 fc 00 01 00 00 00 8a 4b 41 00 x...........KA. 00a8f634 00000034 00a8f638 00000000 00a8f63c 004338a2 = SET641MI.DLL:.text+0x328a2 -------------------- 016f:00433886 e825feffff call 004336b0 = SET641MI.DLL!25 016f:0043388b 84c0 test al,al 016f:0043388d 7505 jnz 00433894 = SET641MI.DLL:.text+0x32894 016f:0043388f 5e pop esi 016f:00433890 5b pop ebx 016f:00433891 c20400 retd 0004 016f:00433894 8b863c110000 mov eax,dword ptr [esi+0000113c] 016f:0043389a 6a00 push +00 016f:0043389c 50 push eax 016f:0043389d e8a6790400 call 0047b248 = VCL641MI.DLL!386 SET641MI.DLL:.text+0x328a2: *016f:004338a2 83c408 add esp,+08 016f:004338a5 b001 mov al,01 016f:004338a7 889e36110000 mov byte ptr [esi+00001136],bl 016f:004338ad 888635110000 mov byte ptr [esi+00001135],al 016f:004338b3 5e pop esi 016f:004338b4 5b pop ebx 016f:004338b5 c20400 retd 0004 016f:004338b8 90 nop 016f:004338b9 90 nop 016f:004338ba 90 nop 016f:004338bb 90 nop -------------------- 00a8f640 00000034 00a8f644 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f648 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f64c 00000001 00a8f650 00414b8a = SET641MI.DLL:.text+0x13b8a -------------------- 016f:00414b61 8b11 mov edx,dword ptr [ecx] 016f:00414b63 ff929c000000 call dword ptr [edx+0000009c] 016f:00414b69 8b8e24110000 mov ecx,dword ptr [esi+00001124] 016f:00414b6f 8b01 mov eax,dword ptr [ecx] 016f:00414b71 ff9090000000 call dword ptr [eax+00000090] 016f:00414b77 8b16 mov edx,dword ptr [esi] 016f:00414b79 6a01 push +01 016f:00414b7b 8bce mov ecx,esi 016f:00414b7d c6867402000001 mov byte ptr [esi+00000274],01 016f:00414b84 ff9298000000 call dword ptr [edx+00000098] SET641MI.DLL:.text+0x13b8a: *016f:00414b8a 5f pop edi 016f:00414b8b b801000000 mov eax,00000001 016f:00414b90 5e pop esi 016f:00414b91 c20400 retd 0004 016f:00414b94 8b01 mov eax,dword ptr [ecx] 016f:00414b96 ff9098000000 call dword ptr [eax+00000098] 016f:00414b9c 84c0 test al,al 016f:00414b9e 0f8403010000 jz 00414ca7 = SET641MI.DLL:.text+0x13ca7 016f:00414ba4 8b8e24110000 mov ecx,dword ptr [esi+00001124] 016f:00414baa 8b11 mov edx,dword ptr [ecx] 016f:00414bac ff929c000000 call dword ptr [edx+0000009c] -------------------- 00a8f654 00000001 00a8f658 00a8f6a8 -> 9b fe 69 1c f4 f6 a8 00 f4 f6 a8 00 50 e2 fc 00 ..i.........P... 00a8f65c 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f660 00414a9e = SET641MI.DLL:.text+0x13a9e -------------------- 016f:00414a8a 5e pop esi 016f:00414a8b c3 retd 016f:00414a8c 90 nop 016f:00414a8d 90 nop 016f:00414a8e 90 nop 016f:00414a8f 90 nop 016f:00414a90 8b442408 mov eax,dword ptr [esp+08] 016f:00414a94 8b4c2404 mov ecx,dword ptr [esp+04] 016f:00414a98 50 push eax 016f:00414a99 e802000000 call 00414aa0 = SET641MI.DLL!2059 SET641MI.DLL:.text+0x13a9e: *016f:00414a9e c3 retd 016f:00414a9f 90 nop 016f:00414aa0 56 push esi 016f:00414aa1 8bf1 mov esi,ecx 016f:00414aa3 8b4c2408 mov ecx,dword ptr [esp+08] 016f:00414aa7 57 push edi 016f:00414aa8 8d86080c0000 lea eax,[esi+00000c08] 016f:00414aae 3bc8 cmp ecx,eax 016f:00414ab0 750e jnz 00414ac0 = SET641MI.DLL:.text+0x13ac0 016f:00414ab2 8bce mov ecx,esi 016f:00414ab4 e837feffff call 004148f0 = SET641MI.DLL!2077 -------------------- 00a8f664 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f668 1c626664 = VCL641MI.DLL:.text+0x25664 -------------------- 016f:1c62664d 90 nop 016f:1c62664e 90 nop 016f:1c62664f 90 nop 016f:1c626650 8b8128020000 mov eax,dword ptr [ecx+00000228] 016f:1c626656 85c0 test eax,eax 016f:1c626658 740d jz 1c626667 = VCL641MI.DLL:.text+0x25667 016f:1c62665a 51 push ecx 016f:1c62665b 8b8924020000 mov ecx,dword ptr [ecx+00000224] 016f:1c626661 51 push ecx 016f:1c626662 ffd0 call eax VCL641MI.DLL:.text+0x25664: *016f:1c626664 83c408 add esp,+08 016f:1c626667 c3 retd 016f:1c626668 90 nop 016f:1c626669 90 nop 016f:1c62666a 90 nop 016f:1c62666b 90 nop 016f:1c62666c 90 nop 016f:1c62666d 90 nop 016f:1c62666e 90 nop 016f:1c62666f 90 nop 016f:1c626670 83ec18 sub esp,+18 -------------------- 00a8f66c 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f670 00a8f6f4 -> 8f 01 00 00 2c 01 00 00 e8 da 71 1c 20 00 00 00 ....,.....q. ... 00a8f674 00000001 00a8f678 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. ... 00a8f680 1c69ff2b = VCL641MI.DLL:.text+0x9ef2b -------------------- 016f:1c69ff08 89442418 mov dword ptr [esp+18],eax 016f:1c69ff0c 8d443aff lea eax,[edx+edi-01] 016f:1c69ff10 85ff test edi,edi 016f:1c69ff12 7505 jnz 1c69ff19 = VCL641MI.DLL:.text+0x9ef19 016f:1c69ff14 b80180ffff mov eax,ffff8001 016f:1c69ff19 8b7c2424 mov edi,dword ptr [esp+24] 016f:1c69ff1d 8d4c2410 lea ecx,[esp+10] 016f:1c69ff21 57 push edi 016f:1c69ff22 89442420 mov dword ptr [esp+20],eax 016f:1c69ff26 e86d520500 call 1c6f5198 = TL641MI.DLL!105 VCL641MI.DLL:.text+0x9ef2b: *016f:1c69ff2b 84c0 test al,al 016f:1c69ff2d 750b jnz 1c69ff3a = VCL641MI.DLL:.text+0x9ef3a 016f:1c69ff2f 5f pop edi 016f:1c69ff30 6633c0 xor ax,ax 016f:1c69ff33 5e pop esi 016f:1c69ff34 83c418 add esp,+18 016f:1c69ff37 c20400 retd 0004 016f:1c69ff3a f6860002000040 test byte ptr [esi+00000200],40 016f:1c69ff41 7436 jz 1c69ff79 = VCL641MI.DLL:.text+0x9ef79 016f:1c69ff43 8b07 mov eax,dword ptr [edi] 016f:1c69ff45 8b5648 mov edx,dword ptr [esi+48] -------------------- 00a8f684 00a8f6f4 -> 8f 01 00 00 2c 01 00 00 e8 da 71 1c 20 00 00 00 ....,.....q. ... ... 00a8f68c 00000000 00a8f690 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... ... 00a8f698 00000175 00a8f69c 00000128 00a8f6a0 000001bb 00a8f6a4 0000013e 00a8f6a8 1c69fe9b = VCL641MI.DLL:.text+0x9ee9b -------------------- 016f:1c69fe7c 85c0 test eax,eax 016f:1c69fe7e 7558 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 016f:1c69fe80 8bb630010000 mov esi,dword ptr [esi+00000130] 016f:1c69fe86 85f6 test esi,esi 016f:1c69fe88 75ea jnz 1c69fe74 = VCL641MI.DLL:.text+0x9ee74 016f:1c69fe8a f685fd01000001 test byte ptr [ebp+000001fd],01 016f:1c69fe91 7443 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 016f:1c69fe93 57 push edi 016f:1c69fe94 8bcd mov ecx,ebp 016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 VCL641MI.DLL:.text+0x9ee9b: *016f:1c69fe9b 8bd8 mov ebx,eax 016f:1c69fe9d f6c301 test bl,01 016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] 016f:1c69fea8 85f6 test esi,esi 016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 016f:1c69feac 57 push edi 016f:1c69fead 8bce mov ecx,esi 016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 016f:1c69feb4 85c0 test eax,eax 016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 -------------------- 00a8f6ac 00a8f6f4 -> 8f 01 00 00 2c 01 00 00 e8 da 71 1c 20 00 00 00 ....,.....q. ... ... 00a8f6b4 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f6b8 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f6bc 00000001 00a8f6c0 1c69feb4 = VCL641MI.DLL:.text+0x9eeb4 -------------------- 016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 016f:1c69fe9b 8bd8 mov ebx,eax 016f:1c69fe9d f6c301 test bl,01 016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] 016f:1c69fea8 85f6 test esi,esi 016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 016f:1c69feac 57 push edi 016f:1c69fead 8bce mov ecx,esi 016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 VCL641MI.DLL:.text+0x9eeb4: *016f:1c69feb4 85c0 test eax,eax 016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 016f:1c69feb8 8bb630010000 mov esi,dword ptr [esi+00000130] 016f:1c69febe 85f6 test esi,esi 016f:1c69fec0 75ea jnz 1c69feac = VCL641MI.DLL:.text+0x9eeac 016f:1c69fec2 80e302 and bl,02 016f:1c69fec5 5f pop edi 016f:1c69fec6 f6db neg bl 016f:1c69fec8 1bdb sbb ebx,ebx 016f:1c69feca 5e pop esi 016f:1c69fecb f7d3 not ebx -------------------- 00a8f6c4 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f6c8 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f6cc 1c6ab879 = VCL641MI.DLL:.text+0xaa879 -------------------- 016f:1c6ab855 8b89f8000000 mov ecx,dword ptr [ecx+000000f8] 016f:1c6ab85b e8202df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 016f:1c6ab860 c3 retd 016f:1c6ab861 56 push esi 016f:1c6ab862 8b742408 mov esi,dword ptr [esp+08] 016f:1c6ab866 8bce mov ecx,esi 016f:1c6ab868 e88348ffff call 1c6a00f0 = VCL641MI.DLL:.text+0x9f0f0 016f:1c6ab86d 8b8ef8000000 mov ecx,dword ptr [esi+000000f8] 016f:1c6ab873 50 push eax 016f:1c6ab874 e8072df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 VCL641MI.DLL:.text+0xaa879: *016f:1c6ab879 5e pop esi 016f:1c6ab87a c3 retd 016f:1c6ab87b 90 nop 016f:1c6ab87c 90 nop 016f:1c6ab87d 90 nop 016f:1c6ab87e 90 nop 016f:1c6ab87f 90 nop 016f:1c6ab880 8b4c2414 mov ecx,dword ptr [esp+14] 016f:1c6ab884 83ec30 sub esp,+30 016f:1c6ab887 85c9 test ecx,ecx 016f:1c6ab889 53 push ebx -------------------- 00a8f6d0 1c710000 = VCL641MI.DLL:.rdata+0x11000 -> 80 d1 01 00 f0 d6 01 00 70 d1 01 00 00 d5 01 00 ........p....... 00a8f6d4 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f6d8 1c6aab69 = VCL641MI.DLL:.text+0xa9b69 -------------------- 016f:1c6aab46 82880000000f85 or byte ptr [eax+0f000000],85 016f:1c6aab4d 50 push eax 016f:1c6aab4e 0100 add dword ptr [eax],eax 016f:1c6aab50 00668b add byte ptr [esi-75],ah 016f:1c6aab53 5c pop esp 016f:1c6aab54 2424 and al,24 016f:1c6aab56 663b9a94000000 cmp bx,word ptr [edx+00000094] 016f:1c6aab5d 0f853e010000 jnz 1c6aaca1 = VCL641MI.DLL:.text+0xa9ca1 016f:1c6aab63 56 push esi 016f:1c6aab64 e8d70c0000 call 1c6ab840 = VCL641MI.DLL:.text+0xaa840 VCL641MI.DLL:.text+0xa9b69: *016f:1c6aab69 83c404 add esp,+04 016f:1c6aab6c 33c0 xor eax,eax 016f:1c6aab6e e9800a0000 jmp 1c6ab5f3 = VCL641MI.DLL:.text+0xaa5f3 016f:1c6aab73 8d4c2414 lea ecx,[esp+14] 016f:1c6aab77 51 push ecx 016f:1c6aab78 8bcf mov ecx,edi 016f:1c6aab7a e8e152ffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 016f:1c6aab7f 8bf0 mov esi,eax 016f:1c6aab81 85f6 test esi,esi 016f:1c6aab83 7507 jnz 1c6aab8c = VCL641MI.DLL:.text+0xa9b8c 016f:1c6aab85 33c0 xor eax,eax -------------------- 00a8f6dc 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f6e0 0000012c 00a8f6e4 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f6e8 00000000 00a8f6ec 00fcd800 -> e0 5d 07 01 40 f9 dd 00 35 00 00 00 60 5f 07 01 .]..@...5...`_.. 00a8f6f0 1c63296d = VCL641MI.DLL:.text+0x3196d -------------------- 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA VCL641MI.DLL:.text+0x3196d: *016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp 016f:1c632970 5b pop ebx 016f:1c632971 59 pop ecx 016f:1c632972 c21000 retd 0010 016f:1c632975 90 nop 016f:1c632976 90 nop 016f:1c632977 90 nop 016f:1c632978 90 nop 016f:1c632979 90 nop -------------------- 00a8f6f4 0000018f 00a8f6f8 0000012c 00a8f6fc 1c71dae8 = VCL641MI.DLL:.data+0x5ae8 -> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... 00a8f700 00000020 00a8f704 00000001 00a8f708 02010001 00a8f70c 00a8f724 -> 00 00 00 00 1a 00 00 00 04 00 00 00 03 00 01 00 ................ 00a8f710 00008792 00a8f714 00a8f73c -> 50 f7 a8 00 1a 00 00 00 04 00 00 00 6d 29 63 1c P...........m)c. 00a8f718 00a8f76e -> 02 00 50 e2 fc 00 28 f7 a8 00 02 00 73 7b 00 00 ..P...(.....s{.. 00a8f71c 00000001 00a8f720 bff63600 = KERNEL32.DLL:_FREQASM+0x2600 -> 8d 52 04 e2 f2 8b fc 33 c0 65 39 46 08 74 04 65 .R.....3.e9F.t.e 00a8f724 00000000 00a8f728 0000001a 00a8f72c 00000004 00a8f730 00010003 00a8f734 876c0001 00a8f738 00000177 00a8f73c 00a8f750 -> b8 19 f6 bf 8c 87 00 00 88 fd a8 00 6d 18 f6 bf ............m... 00a8f740 0000001a 00a8f744 00000004 00a8f748 1c63296d = VCL641MI.DLL:.text+0x3196d -------------------- 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA VCL641MI.DLL:.text+0x3196d: *016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp 016f:1c632970 5b pop ebx 016f:1c632971 59 pop ecx 016f:1c632972 c21000 retd 0010 016f:1c632975 90 nop 016f:1c632976 90 nop 016f:1c632977 90 nop 016f:1c632978 90 nop 016f:1c632979 90 nop -------------------- 00a8f74c bff848fc = KERNEL32.DLL:.text+0x1b8fc -------------------- 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog KERNEL32.DLL:.text+0x1b8fc: *016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff84922 33c0 xor eax,eax -------------------- 00a8f750 bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8f754 0000878c 00a8f758 00a8fd88 -> 28 fe a8 00 79 46 11 01 29 00 00 00 38 fe a8 00 (...yF..)...8... 00a8f75c bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8f760 876c329f 00a8f764 00000000 00a8f768 3527876c 00a8f76c 0002852c 00a8f770 00fce250 -> c4 67 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .gp............. 00a8f774 00a8f728 -> 1a 00 00 00 04 00 00 00 03 00 01 00 01 00 6c 87 ..............l. 00a8f778 7b730002 00a8f77c 00000000 00a8f780 00a8f8d0 -> 88 fd a8 00 6d 18 f6 bf 9f 32 e6 88 00 00 00 00 ....m....2...... 00a8f784 1c6fdae6 = VCL641MI.DLL:.text+0xfcae6 -> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s 00a8f788 ffffffff 00a8f78c 1c6ac1ed = VCL641MI.DLL:.text+0xab1ed -------------------- 016f:1c6ac1d9 51 push ecx 016f:1c6ac1da 8b4e04 mov ecx,dword ptr [esi+04] 016f:1c6ac1dd 52 push edx 016f:1c6ac1de 8b542440 mov edx,dword ptr [esp+40] 016f:1c6ac1e2 50 push eax 016f:1c6ac1e3 51 push ecx 016f:1c6ac1e4 53 push ebx 016f:1c6ac1e5 6a02 push +02 016f:1c6ac1e7 52 push edx 016f:1c6ac1e8 e863e7ffff call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 VCL641MI.DLL:.text+0xab1ed: *016f:1c6ac1ed 83c424 add esp,+24 016f:1c6ac1f0 8bd8 mov ebx,eax 016f:1c6ac1f2 5f pop edi 016f:1c6ac1f3 5e pop esi 016f:1c6ac1f4 5b pop ebx 016f:1c6ac1f5 83c420 add esp,+20 016f:1c6ac1f8 c3 retd 016f:1c6ac1f9 8b44243c mov eax,dword ptr [esp+3c] 016f:1c6ac1fd 8b4c2430 mov ecx,dword ptr [esp+30] 016f:1c6ac201 50 push eax 016f:1c6ac202 51 push ecx -------------------- 00a8f790 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f794 00000002 00a8f798 00000000 00a8f79c 00a8f8d0 -> 88 fd a8 00 6d 18 f6 bf 9f 32 e6 88 00 00 00 00 ....m....2...... 00a8f7a0 1c6fdae6 = VCL641MI.DLL:.text+0xfcae6 -> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s 00a8f7a4 ffffffff 00a8f7a8 1c6a3a1e = VCL641MI.DLL:.text+0xa2a1e -------------------- 016f:1c6a3a07 51 push ecx 016f:1c6a3a08 50 push eax 016f:1c6a3a09 8b8604010000 mov eax,dword ptr [esi+00000104] 016f:1c6a3a0f 57 push edi 016f:1c6a3a10 52 push edx 016f:1c6a3a11 8b542424 mov edx,dword ptr [esp+24] 016f:1c6a3a15 52 push edx 016f:1c6a3a16 6a03 push +03 016f:1c6a3a18 50 push eax 016f:1c6a3a19 e8326f0000 call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 VCL641MI.DLL:.text+0xa2a1e: *016f:1c6a3a1e 83c420 add esp,+20 016f:1c6a3a21 5f pop edi 016f:1c6a3a22 5d pop ebp 016f:1c6a3a23 5b pop ebx 016f:1c6a3a24 5e pop esi 016f:1c6a3a25 59 pop ecx 016f:1c6a3a26 c20800 retd 0008 016f:1c6a3a29 90 nop 016f:1c6a3a2a 90 nop 016f:1c6a3a2b 90 nop 016f:1c6a3a2c 90 nop -------------------- 00a8f7ac 00fcd8b0 -> 28 eb 0b 01 a0 57 65 00 00 00 00 00 00 00 00 00 (....We......... 00a8f7b0 00000003 00a8f7b4 00fcd800 -> e0 5d 07 01 40 f9 dd 00 35 00 00 00 60 5f 07 01 .]..@...5...`_.. 00a8f7b8 0000018f 00a8f7bc 0000012c 00a8f7c0 0010dea6 00a8f7c4 01070001 -> 00 00 80 00 00 00 00 02 00 00 00 27 00 00 00 67 ...........'...g 00a8f7c8 01070043 -> 80 40 00 00 00 ec 28 49 00 b8 f8 fc 00 08 00 07 .@....(I........ 00a8f7cc bff6bb0f = KERNEL32.DLL:.text+0x2b0f -------------------- 016f:bff6baf3 803e04 cmp byte ptr [esi],04 016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 016f:bff6baf8 33c0 xor eax,eax 016f:bff6bafa 50 push eax 016f:bff6bafb 50 push eax 016f:bff6bafc 50 push eax 016f:bff6bafd 68050000c0 push c0000005 016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff6bb07 ff7604 push dword ptr [esi+04] 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 KERNEL32.DLL:.text+0x2b0f: *016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 -------------------- 00a8f7d0 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f7d4 bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f7d8 87ea0000 00a8f7dc bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8f7e0 8198613c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8f7e4 00bb8010 -> 04 00 00 00 cc a3 98 81 00 00 00 00 00 00 00 00 ................ 00a8f7e8 004c234f = SAL3.DLL:.text+0x134f -------------------- 016f:004c2331 4a dec edx 016f:004c2332 8d4801 lea ecx,[eax+01] 016f:004c2335 895620 mov dword ptr [esi+20],edx 016f:004c2338 85c0 test eax,eax 016f:004c233a 894e18 mov dword ptr [esi+18],ecx 016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId 016f:004c2345 89461c mov dword ptr [esi+1c],eax 016f:004c2348 68f0916500 push 006591f0 016f:004c234d ffd3 call ebx SAL3.DLL:.text+0x134f: *016f:004c234f 5f pop edi 016f:004c2350 5e pop esi 016f:004c2351 b001 mov al,01 016f:004c2353 5b pop ebx 016f:004c2354 c3 retd 016f:004c2355 8b542404 mov edx,dword ptr [esp+04] 016f:004c2359 52 push edx 016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection 016f:004c2360 b001 mov al,01 016f:004c2362 c3 retd 016f:004c2363 90 nop -------------------- 00a8f7ec 006591f0 = SAL3.DLL:.data+0x41f0 -> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 .... 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f80c 00a8f894 -> 01 00 00 00 13 36 f6 bf 6c 05 00 00 82 04 00 00 .....6..l....... 00a8f810 0000056c 00a8f814 00000482 00a8f818 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8f81c bff44f8c = USER32.DLL:.text+0x3f8c -------------------- 016f:bff44f6d 1bc0 sbb eax,eax 016f:bff44f6f 40 inc eax 016f:bff44f70 c21000 retd 0010 016f:bff44f73 cc int 3 016f:bff44f74 ff35e4d4f4bf push dword ptr [bff4d4e4] 016f:bff44f7a e88b330000 call bff4830a = KERNEL32.DLL!97 016f:bff44f7f c3 retd 016f:bff44f80 50 push eax 016f:bff44f81 ff35e4d4f4bf push dword ptr [bff4d4e4] 016f:bff44f87 e8c6330000 call bff48352 = KERNEL32.DLL!98 USER32.DLL:.text+0x3f8c: *016f:bff44f8c 58 pop eax 016f:bff44f8d c3 retd 016f:bff44f8e 640fb70528000000 movzx eax,word ptr fs:[00000028] 016f:bff44f96 85c0 test eax,eax 016f:bff44f98 7401 jz bff44f9b = USER32.DLL:.text+0x3f9b 016f:bff44f9a c3 retd 016f:bff44f9b b804000000 mov eax,00000004 016f:bff44fa0 6664f7051c0000000100 test word ptr fs:[0000001c],0001 016f:bff44faa 7403 jz bff44faf = USER32.DLL:.text+0x3faf 016f:bff44fac 83c801 or eax,+01 016f:bff44faf 50 push eax -------------------- 00a8f820 0001bb24 00a8f824 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8f828 bff45749 = USER32.DLL:.text+0x4749 -------------------- 016f:bff45724 83c058 add eax,+58 016f:bff45727 03442408 add eax,dword ptr [esp+08] 016f:bff4572b 0fb708 movzx ecx,word ptr [eax] 016f:bff4572e c1c110 rol ecx,10 016f:bff45731 f744241002000000 test dword ptr [esp+10],00000002 016f:bff45739 7404 jz bff4573f = USER32.DLL:.text+0x473f 016f:bff4573b 668b4802 mov cx,word ptr [eax+02] 016f:bff4573f c1c910 ror ecx,10 016f:bff45742 8bc1 mov eax,ecx 016f:bff45744 e837f8ffff call bff44f80 = USER32.DLL:.text+0x3f80 USER32.DLL:.text+0x4749: *016f:bff45749 c21000 retd 0010 016f:bff4574c e82ff8ffff call bff44f80 = USER32.DLL:.text+0x3f80 016f:bff45751 e91fbbffff jmp bff41275 = USER32.DLL:.text+0x275 016f:bff45756 83ec04 sub esp,+04 016f:bff45759 8bd4 mov edx,esp 016f:bff4575b b904000000 mov ecx,00000004 016f:bff45760 8b4204 mov eax,dword ptr [edx+04] 016f:bff45763 8902 mov dword ptr [edx],eax 016f:bff45765 83c204 add edx,+04 016f:bff45768 e2f6 loop bff45760 = USER32.DLL:.text+0x4760 016f:bff4576a b805000000 mov eax,00000005 -------------------- 00a8f82c 1c6ec6da = VCL641MI.DLL:.text+0xeb6da -------------------- 016f:1c6ec6bd 8b4c2404 mov ecx,dword ptr [esp+04] 016f:1c6ec6c1 50 push eax 016f:1c6ec6c2 51 push ecx 016f:1c6ec6c3 ff15dcf36f1c call dword ptr [1c6ff3dc] -> USER32.DLL!CalcChildScroll 016f:1c6ec6c9 c3 retd 016f:1c6ec6ca 8b542408 mov edx,dword ptr [esp+08] 016f:1c6ec6ce 8b442404 mov eax,dword ptr [esp+04] 016f:1c6ec6d2 52 push edx 016f:1c6ec6d3 50 push eax 016f:1c6ec6d4 ff1564f26f1c call dword ptr [1c6ff264] -> USER32.DLL!GetWindowLongA VCL641MI.DLL:.text+0xeb6da: *016f:1c6ec6da c3 retd 016f:1c6ec6db 90 nop 016f:1c6ec6dc 90 nop 016f:1c6ec6dd 90 nop 016f:1c6ec6de 90 nop 016f:1c6ec6df 90 nop 016f:1c6ec6e0 a15cd3711c mov eax,dword ptr [1c71d35c] 016f:1c6ec6e5 85c0 test eax,eax 016f:1c6ec6e7 741b jz 1c6ec704 = VCL641MI.DLL:.text+0xeb704 016f:1c6ec6e9 8b442410 mov eax,dword ptr [esp+10] 016f:1c6ec6ed 8b4c240c mov ecx,dword ptr [esp+0c] -------------------- 00a8f830 0000056c 00a8f834 00000000 00a8f838 1c631a47 = VCL641MI.DLL:.text+0x30a47 -------------------- 016f:1c631a31 83c408 add esp,+08 016f:1c631a34 85c0 test eax,eax 016f:1c631a36 7412 jz 1c631a4a = VCL641MI.DLL:.text+0x30a4a 016f:1c631a38 8b4c2408 mov ecx,dword ptr [esp+08] 016f:1c631a3c 8b5018 mov edx,dword ptr [eax+18] 016f:1c631a3f 51 push ecx 016f:1c631a40 6a16 push +16 016f:1c631a42 50 push eax 016f:1c631a43 52 push edx 016f:1c631a44 ff501c call dword ptr [eax+1c] VCL641MI.DLL:.text+0x30a47: *016f:1c631a47 83c410 add esp,+10 016f:1c631a4a e921ab0a00 jmp 1c6dc570 = VCL641MI.DLL:.text+0xdb570 016f:1c631a4f 90 nop 016f:1c631a50 a188ca711c mov eax,dword ptr [1c71ca88] 016f:1c631a55 55 push ebp 016f:1c631a56 8b08 mov ecx,dword ptr [eax] 016f:1c631a58 8b690c mov ebp,dword ptr [ecx+0c] 016f:1c631a5b 85ed test ebp,ebp 016f:1c631a5d 0f8489000000 jz 1c631aec = VCL641MI.DLL:.text+0x30aec 016f:1c631a63 e8b8aa0a00 call 1c6dc520 = VCL641MI.DLL:.text+0xdb520 016f:1c631a68 84c0 test al,al -------------------- 00a8f83c 00ddb3d8 -> 5c 85 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 \.p............. 00a8f840 00ddb630 -> 6c 05 00 00 16 0b 00 00 00 00 00 00 b0 b7 dd 00 l............... 00a8f844 00000016 00a8f848 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f84c 1c630638 = VCL641MI.DLL:.text+0x2f638 -------------------- 016f:1c63061d 56 push esi 016f:1c63061e 51 push ecx 016f:1c63061f e8cc140000 call 1c631af0 = VCL641MI.DLL:.text+0x30af0 016f:1c630624 83c418 add esp,+18 016f:1c630627 89442410 mov dword ptr [esp+10],eax 016f:1c63062b eb57 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 016f:1c63062d 8b4c2424 mov ecx,dword ptr [esp+24] 016f:1c630631 51 push ecx 016f:1c630632 56 push esi 016f:1c630633 e8e8130000 call 1c631a20 = VCL641MI.DLL:.text+0x30a20 VCL641MI.DLL:.text+0x2f638: *016f:1c630638 eb41 jmp 1c63067b = VCL641MI.DLL:.text+0x2f67b 016f:1c63063a 56 push esi 016f:1c63063b ff1548f36f1c call dword ptr [1c6ff348] -> USER32.DLL!SetCapture 016f:1c630641 eb3b jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c630643 ff1540f36f1c call dword ptr [1c6ff340] -> USER32.DLL!GetCapture 016f:1c630649 3bc6 cmp eax,esi 016f:1c63064b 7531 jnz 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c63064d ff1544f36f1c call dword ptr [1c6ff344] -> USER32.DLL!ReleaseCapture 016f:1c630653 eb29 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e 016f:1c630655 55 push ebp 016f:1c630656 56 push esi -------------------- 00a8f850 0000056c 00a8f854 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f858 0000056c 00a8f85c 00000000 00a8f860 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f864 00000482 00a8f868 00000000 00a8f86c 1c63295b = VCL641MI.DLL:.text+0x3195b -------------------- 016f:1c632940 8d44240c lea eax,[esp+0c] 016f:1c632944 57 push edi 016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] 016f:1c632949 50 push eax 016f:1c63294a 56 push esi 016f:1c63294b 57 push edi 016f:1c63294c 53 push ebx 016f:1c63294d 55 push ebp 016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 VCL641MI.DLL:.text+0x3195b: *016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] 016f:1c63295f 85c9 test ecx,ecx 016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d 016f:1c632963 56 push esi 016f:1c632964 57 push edi 016f:1c632965 53 push ebx 016f:1c632966 55 push ebp 016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA 016f:1c63296d 5f pop edi 016f:1c63296e 5e pop esi 016f:1c63296f 5d pop ebp -------------------- 00a8f870 0000056c 00a8f874 00000482 00a8f878 00000000 00a8f87c 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f880 00a8f894 -> 01 00 00 00 13 36 f6 bf 6c 05 00 00 82 04 00 00 .....6..l....... 00a8f884 00a8f89c -> 6c 05 00 00 82 04 00 00 00 00 00 00 20 78 0b 01 l........... x.. 00a8f888 0000890c 00a8f88c 00a8f8b4 -> c8 f8 a8 00 f7 48 f8 bf 0c 89 27 35 27 35 00 00 .....H....'5'5.. 00a8f890 00a8f8e8 -> 00 00 46 02 00 00 44 89 00 00 c6 3c a8 00 d7 0a ..F...D....<.... 00a8f894 00000001 00a8f898 bff63613 = KERNEL32.DLL:_FREQASM+0x2613 -------------------- 016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa 016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f 016f:bff635fd 65ff32 push dword ptr gs:[edx] 016f:bff63600 8d5204 lea edx,[edx+04] 016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 016f:bff63605 8bfc mov edi,esp 016f:bff63607 33c0 xor eax,eax 016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax 016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x2613: *016f:bff63613 8be7 mov esp,edi 016f:bff63615 33c9 xor ecx,ecx 016f:bff63617 8ee9 mov gs,cx 016f:bff63619 5f pop edi 016f:bff6361a 5e pop esi 016f:bff6361b c9 leave 016f:bff6361c c20c00 retd 000c 016f:bff6361f 52 push edx 016f:bff63620 51 push ecx 016f:bff63621 33c0 xor eax,eax 016f:bff63623 48 dec eax -------------------- 00a8f89c 0000056c 00a8f8a0 00000482 00a8f8a4 00000000 00a8f8a8 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f8ac 88e6329f 00a8f8b0 00000177 00a8f8b4 00a8f8c8 -> b8 19 f6 bf 06 89 dd 00 88 fd a8 00 6d 18 f6 bf ............m... 00a8f8b8 bff848f7 = KERNEL32.DLL:.text+0x1b8f7 -------------------- 016f:bff848d6 8bd0 mov edx,eax 016f:bff848d8 c1c210 rol edx,10 016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff848e4 50 push eax 016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] 016f:bff848e9 50 push eax 016f:bff848ea ff731a push dword ptr [ebx+1a] 016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 KERNEL32.DLL:.text+0x1b8f7: *016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff848fc 8bd0 mov edx,eax 016f:bff848fe c1c210 rol edx,10 016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] 016f:bff8490a 50 push eax 016f:bff8490b ff7318 push dword ptr [ebx+18] 016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog 016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog 016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 -------------------- 00a8f8bc 3527890c 00a8f8c0 00003527 00a8f8c4 00000000 00a8f8c8 bff619b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 016f:bff61991 51 push ecx 016f:bff61992 c1cf10 ror edi,10 016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di 016f:bff6199d 57 push edi 016f:bff6199e 686d18f6bf push bff6186d 016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] 016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp 016f:bff619b1 55 push ebp 016f:bff619b2 8d6c24fc lea ebp,[esp-04] 016f:bff619b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *016f:bff619b8 5d pop ebp 016f:bff619b9 0fb6c9 movzx ecx,cl 016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] 016f:bff619c3 8d642404 lea esp,[esp+04] 016f:bff619c7 5f pop edi 016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di 016f:bff619d0 5b pop ebx 016f:bff619d1 660fb22424 lss sp,dword ptr [esp] 016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 016f:bff619de 5b pop ebx 016f:bff619df 0bdb or ebx,ebx -------------------- 00a8f8cc 00dd8906 -> 00 00 72 17 59 01 b2 02 01 00 73 17 59 01 f2 02 ..r.Y.....s.Y... 00a8f8d0 00a8fd88 -> 28 fe a8 00 79 46 11 01 29 00 00 00 38 fe a8 00 (...yF..)...8... 00a8f8d4 bff6186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 016f:bff61852 ff5326 call dword ptr [ebx+26] 016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] 016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f 016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] 016f:bff61868 b114 mov cl,14 016f:bff6186a 8be5 mov esp,ebp 016f:bff6186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *016f:bff6186d 8b442404 mov eax,dword ptr [esp+04] 016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] 016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d 016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 016f:bff61887 668b4808 mov cx,word ptr [eax+08] 016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 016f:bff61893 b801000000 mov eax,00000001 016f:bff61898 c3 retd 016f:bff61899 9d popfd -------------------- 00a8f8d8 88e6329f 00a8f8dc 00000000 00a8f8e0 352788e6 00a8f8e4 0000bff4 00a8f8e8 02460000 00a8f8ec 89440000 00a8f8f0 3cc60000 00a8f8f4 0ad700a8 00a8f8f8 2737ffff 00a8f8fc 0000015f 00a8f900 890c3527 00a8f904 894a3527 00a8f908 0ab73d92 00a8f90c 00000004 00a8f910 00000000 00a8f914 1c632930 = VCL641MI.DLL:.text+0x31930 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8f918 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f91c 00000000 00a8f920 00000482 00a8f924 0000056c 00a8f928 0482056c 00a8f92c 00000000 00a8f930 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f934 00017a6d 00a8f938 c2b30000 00a8f93c 0ab70000 00a8f940 35270001 00a8f944 f9f83527 00a8f948 89788984 00a8f94c 00030000 00a8f950 1c632930 = VCL641MI.DLL:.text+0x31930 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 00a8f954 09d70fe0 00a8f958 78200000 00a8f95c 0000010b 00a8f960 056c0482 ... 00a8f968 f9f80ad7 00a8f96c 89b400a8 00a8f970 00000000 00a8f974 029b0296 00a8f978 394989b4 00a8f97c 00010ab7 00a8f980 35cf00fe 00a8f984 0482056c 00a8f988 78200000 00a8f98c dea6010b 00a8f990 026c0010 00a8f994 000001e3 00a8f998 0482056c 00a8f99c 00000000 00a8f9a0 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8f9a4 bff614d9 = KERNEL32.DLL:_FREQASM+0x4d9 -> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f 00a8f9a8 c2b30001 00a8f9ac 00010000 00a8f9b0 38bc38bc 00a8f9b4 bff614d9 = KERNEL32.DLL:_FREQASM+0x4d9 -> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f 00a8f9b8 00dd016f -> 00 53 65 6e 64 65 72 00 00 00 00 00 00 00 00 00 .Sender......... 00a8f9bc 00a8f9c4 -> 67 32 00 00 f8 f9 a8 00 28 12 dd 00 27 29 f7 ff g2......(...').. 00a8f9c0 fff70177 00a8f9c4 00003267 00a8f9c8 00a8f9f8 -> 6c 05 00 00 82 04 00 00 00 00 00 00 20 78 0b 01 l........... x.. 00a8f9cc 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8f9d0 fff72927 00a8f9d4 00dd3078 -> 00 00 10 01 70 05 00 00 08 af dd 00 80 5e 65 1c ....p........^e. 00a8f9d8 1c6ec810 = VCL641MI.DLL:.text+0xeb810 -------------------- 016f:1c6ec7f0 a15cd3711c mov eax,dword ptr [1c71d35c] 016f:1c6ec7f5 85c0 test eax,eax 016f:1c6ec7f7 740c jz 1c6ec805 = VCL641MI.DLL:.text+0xeb805 016f:1c6ec7f9 8b442404 mov eax,dword ptr [esp+04] 016f:1c6ec7fd 50 push eax 016f:1c6ec7fe ff1504f46f1c call dword ptr [1c6ff404] -> USER32.DLL!CharLowerW 016f:1c6ec804 c3 retd 016f:1c6ec805 8b4c2404 mov ecx,dword ptr [esp+04] 016f:1c6ec809 51 push ecx 016f:1c6ec80a ff1500f46f1c call dword ptr [1c6ff400] -> USER32.DLL!DispatchMessageA VCL641MI.DLL:.text+0xeb810: *016f:1c6ec810 c3 retd 016f:1c6ec811 90 nop 016f:1c6ec812 90 nop 016f:1c6ec813 90 nop 016f:1c6ec814 90 nop 016f:1c6ec815 90 nop 016f:1c6ec816 90 nop 016f:1c6ec817 90 nop 016f:1c6ec818 90 nop 016f:1c6ec819 90 nop 016f:1c6ec81a 90 nop -------------------- 00a8f9dc 00a8f9f8 -> 6c 05 00 00 82 04 00 00 00 00 00 00 20 78 0b 01 l........... x.. 00a8f9e0 1c6dcbd7 = VCL641MI.DLL:.text+0xdbbd7 -------------------- 016f:1c6dcbbd 8b464c mov eax,dword ptr [esi+4c] 016f:1c6dcbc0 85c0 test eax,eax 016f:1c6dcbc2 740d jz 1c6dcbd1 = VCL641MI.DLL:.text+0xdbbd1 016f:1c6dcbc4 57 push edi 016f:1c6dcbc5 e846fe0000 call 1c6eca10 = VCL641MI.DLL:.text+0xeba10 016f:1c6dcbca 83c404 add esp,+04 016f:1c6dcbcd 84c0 test al,al 016f:1c6dcbcf 751a jnz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb 016f:1c6dcbd1 57 push edi 016f:1c6dcbd2 e819fc0000 call 1c6ec7f0 = VCL641MI.DLL:.text+0xeb7f0 VCL641MI.DLL:.text+0xdbbd7: *016f:1c6dcbd7 8b4e4c mov ecx,dword ptr [esi+4c] 016f:1c6dcbda 83c404 add esp,+04 016f:1c6dcbdd 85c9 test ecx,ecx 016f:1c6dcbdf 740a jz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb 016f:1c6dcbe1 50 push eax 016f:1c6dcbe2 57 push edi 016f:1c6dcbe3 e8b8ff0000 call 1c6ecba0 = VCL641MI.DLL:.text+0xebba0 016f:1c6dcbe8 83c408 add esp,+08 016f:1c6dcbeb 5f pop edi 016f:1c6dcbec 5e pop esi 016f:1c6dcbed c3 retd -------------------- 00a8f9e4 00a8f9f8 -> 6c 05 00 00 82 04 00 00 00 00 00 00 20 78 0b 01 l........... x.. 00a8f9e8 00ddae40 -> 3c 83 70 1c 2c 83 70 1c 10 80 bb 00 78 30 dd 00 <.p.,.p.....x0.. 00a8f9ec 00000001 00a8f9f0 1c6dcba2 = VCL641MI.DLL:.text+0xdbba2 -------------------- 016f:1c6dcb81 e81afc0000 call 1c6ec7a0 = VCL641MI.DLL:.text+0xeb7a0 016f:1c6dcb86 83c414 add esp,+14 016f:1c6dcb89 85c0 test eax,eax 016f:1c6dcb8b 7418 jz 1c6dcba5 = VCL641MI.DLL:.text+0xdbba5 016f:1c6dcb8d 8d4c2400 lea ecx,[esp] 016f:1c6dcb91 51 push ecx 016f:1c6dcb92 ff15acf36f1c call dword ptr [1c6ff3ac] -> USER32.DLL!TranslateMessage 016f:1c6dcb98 8d542400 lea edx,[esp] 016f:1c6dcb9c 52 push edx 016f:1c6dcb9d e80e000000 call 1c6dcbb0 = VCL641MI.DLL:.text+0xdbbb0 VCL641MI.DLL:.text+0xdbba2: *016f:1c6dcba2 83c404 add esp,+04 016f:1c6dcba5 83c41c add esp,+1c 016f:1c6dcba8 c3 retd 016f:1c6dcba9 90 nop 016f:1c6dcbaa 90 nop 016f:1c6dcbab 90 nop 016f:1c6dcbac 90 nop 016f:1c6dcbad 90 nop 016f:1c6dcbae 90 nop 016f:1c6dcbaf 90 nop 016f:1c6dcbb0 a188ca711c mov eax,dword ptr [1c71ca88] -------------------- 00a8f9f4 00a8f9f8 -> 6c 05 00 00 82 04 00 00 00 00 00 00 20 78 0b 01 l........... x.. 00a8f9f8 0000056c 00a8f9fc 00000482 00a8fa00 00000000 00a8fa04 010b7820 -> 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4............... 00a8fa08 0010dea6 00a8fa0c 0000026c 00a8fa10 000001e3 00a8fa14 1c6dcc90 = VCL641MI.DLL:.text+0xdbc90 -------------------- 016f:1c6dcc7a 75f5 jnz 1c6dcc71 = VCL641MI.DLL:.text+0xdbc71 016f:1c6dcc7c 5f pop edi 016f:1c6dcc7d 5e pop esi 016f:1c6dcc7e 5d pop ebp 016f:1c6dcc7f 5b pop ebx 016f:1c6dcc80 83c40c add esp,+0c 016f:1c6dcc83 c20400 retd 0004 016f:1c6dcc86 8b4c2420 mov ecx,dword ptr [esp+20] 016f:1c6dcc8a 51 push ecx 016f:1c6dcc8b e8c0feffff call 1c6dcb50 = VCL641MI.DLL:.text+0xdbb50 VCL641MI.DLL:.text+0xdbc90: *016f:1c6dcc90 83c404 add esp,+04 016f:1c6dcc93 85f6 test esi,esi 016f:1c6dcc95 7408 jz 1c6dcc9f = VCL641MI.DLL:.text+0xdbc9f 016f:1c6dcc97 e8a4f7ffff call 1c6dc440 = VCL641MI.DLL:.text+0xdb440 016f:1c6dcc9c 4e dec esi 016f:1c6dcc9d 75f8 jnz 1c6dcc97 = VCL641MI.DLL:.text+0xdbc97 016f:1c6dcc9f 5f pop edi 016f:1c6dcca0 5e pop esi 016f:1c6dcca1 5d pop ebp 016f:1c6dcca2 5b pop ebx 016f:1c6dcca3 83c40c add esp,+0c -------------------- 00a8fa18 fff72901 00a8fa1c 00000100 00a8fa20 1c71dae8 = VCL641MI.DLL:.data+0x5ae8 -> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... 00a8fa24 00a8fd94 -> 38 fe a8 00 2a 72 10 01 15 72 10 01 a3 3f 11 01 8...*r...r...?.. 00a8fa28 00a80013 00a8fa2c 00000000 00a8fa30 fff72927 00a8fa34 00dd1228 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 00a8fa38 1c61d532 = VCL641MI.DLL:.text+0x1c532 -> 66 ff 4e 78 5e c3 90 90 90 90 90 90 90 90 a1 88 f.Nx^........... 00a8fa3c fff72901 00a8fa40 1c71dae8 = VCL641MI.DLL:.data+0x5ae8 -> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... 00a8fa44 1c61d4bd = VCL641MI.DLL:.text+0x1c4bd -------------------- 016f:1c61d49d 90 nop 016f:1c61d49e 90 nop 016f:1c61d49f 90 nop 016f:1c61d4a0 56 push esi 016f:1c61d4a1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 016f:1c61d4a7 8a8688000000 mov al,byte ptr [esi+00000088] 016f:1c61d4ad c6868700000001 mov byte ptr [esi+00000087],01 016f:1c61d4b4 84c0 test al,al 016f:1c61d4b6 750f jnz 1c61d4c7 = VCL641MI.DLL:.text+0x1c4c7 016f:1c61d4b8 e843000000 call 1c61d500 = VCL641MI.DLL!413 VCL641MI.DLL:.text+0x1c4bd: *016f:1c61d4bd 8a8688000000 mov al,byte ptr [esi+00000088] 016f:1c61d4c3 84c0 test al,al 016f:1c61d4c5 74f1 jz 1c61d4b8 = VCL641MI.DLL:.text+0x1c4b8 016f:1c61d4c7 c6868700000000 mov byte ptr [esi+00000087],00 016f:1c61d4ce 5e pop esi 016f:1c61d4cf c3 retd 016f:1c61d4d0 56 push esi 016f:1c61d4d1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 016f:1c61d4d7 8a462c mov al,byte ptr [esi+2c] 016f:1c61d4da 84c0 test al,al 016f:1c61d4dc 740c jz 1c61d4ea = VCL641MI.DLL:.text+0x1c4ea -------------------- 00a8fa48 01119108 = SETUP.EXE:.data+0x1108 -> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. 00a8fa4c 011037f6 = SETUP.EXE:.text+0x27f6 -------------------- 016f:011037d0 8d4db8 lea ecx,[ebp-48] 016f:011037d3 c645fca0 mov byte ptr [ebp-04],a0 016f:011037d7 e8f8fe0000 call 011136d4 = TL641MI.DLL!242 016f:011037dc c645fc29 mov byte ptr [ebp-04],29 016f:011037e0 8d4de8 lea ecx,[ebp-18] 016f:011037e3 e8e4fd0000 call 011135cc = TL641MI.DLL!149 016f:011037e8 6a0a push +0a 016f:011037ea 8bce mov ecx,esi 016f:011037ec e85f380000 call 01107050 = SETUP.EXE:.text+0x6050 016f:011037f1 e83c010100 call 01113932 = VCL641MI.DLL!322 SETUP.EXE:.text+0x27f6: *016f:011037f6 f6464880 test byte ptr [esi+48],80 016f:011037fa 750d jnz 01103809 = SETUP.EXE:.text+0x2809 016f:011037fc 33ff xor edi,edi 016f:011037fe 57 push edi 016f:011037ff e810010100 call 01113914 = VCL641MI.DLL!399 016f:01103804 83c404 add esp,+04 016f:01103807 eb02 jmp 0110380b = SETUP.EXE:.text+0x280b 016f:01103809 33ff xor edi,edi 016f:0110380b 8b4d88 mov ecx,dword ptr [ebp-78] 016f:0110380e 51 push ecx 016f:0110380f e88cdaffff call 011012a0 = SETUP.EXE:.text+0x2a0 -------------------- 00a8fa50 00000000 00a8fa54 819782b1 -> 00 44 00 14 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 .D.....F:\TEMP\S 00a8fa58 00000000 00a8fa5c 02460000 00a8fa60 8ab80000 00a8fa64 3cc60002 00a8fa68 0ad70000 00a8fa6c 2737329f 00a8fa70 0000015f 00a8fa74 2737347f 00a8fa78 8abe015f 00a8fa7c 0ab73d92 00a8fa80 00000004 00a8fa84 00000000 00a8fa88 65f0d58d = OLE32.DLL:.text+0xc58d -------------------- 016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 016f:65f0d57d 33c0 xor eax,eax 016f:65f0d57f 5d pop ebp 016f:65f0d580 5f pop edi 016f:65f0d581 5e pop esi 016f:65f0d582 5b pop ebx 016f:65f0d583 c3 retd 016f:65f0d584 8bc1 mov eax,ecx 016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 016f:65f0d58c c3 retd OLE32.DLL:.text+0xc58d: *016f:65f0d58d 55 push ebp 016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] 016f:65f0d592 8bec mov ebp,esp 016f:65f0d594 81f904040000 cmp ecx,00000404 016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb 016f:65f0d59c ff7514 push dword ptr [ebp+14] 016f:65f0d59f 81f905040000 cmp ecx,00000405 016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 016f:65f0d5ab ff7510 push dword ptr [ebp+10] 016f:65f0d5ae 51 push ecx 016f:65f0d5af ff7508 push dword ptr [ebp+08] -------------------- 00a8fa8c 00000000 ... 00a8fa94 00000003 00a8fa98 00103d92 00a8fa9c 00000000 00a8faa0 8aaa0000 00a8faa4 ffff7a6d 00a8faa8 8abe347f 00a8faac 0ab73dd9 00a8fab0 347fffff 00a8fab4 00000000 00a8fab8 0000347f 00a8fabc 8ae20000 00a8fac0 00030000 00a8fac4 65f0d58d = OLE32.DLL:.text+0xc58d -------------------- 016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 016f:65f0d57d 33c0 xor eax,eax 016f:65f0d57f 5d pop ebp 016f:65f0d580 5f pop edi 016f:65f0d581 5e pop esi 016f:65f0d582 5b pop ebx 016f:65f0d583 c3 retd 016f:65f0d584 8bc1 mov eax,ecx 016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 016f:65f0d58c c3 retd OLE32.DLL:.text+0xc58d: *016f:65f0d58d 55 push ebp 016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] 016f:65f0d592 8bec mov ebp,esp 016f:65f0d594 81f904040000 cmp ecx,00000404 016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb 016f:65f0d59c ff7514 push dword ptr [ebp+14] 016f:65f0d59f 81f905040000 cmp ecx,00000405 016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 016f:65f0d5ab ff7510 push dword ptr [ebp+10] 016f:65f0d5ae 51 push ecx 016f:65f0d5af ff7508 push dword ptr [ebp+08] -------------------- 00a8fac8 09d7108b 00a8facc 00000000 ... 00a8fad4 057c0003 00a8fad8 00000000 00a8fadc 00020000 00a8fae0 8b2a0ad7 00a8fae4 09e71b97 00a8fae8 00000001 00a8faec 00000000 00a8faf0 00030000 00a8faf4 09d70ddc 00a8faf8 09e71cb9 00a8fafc 0000050c 00a8fb00 8000057c 00a8fb04 00000000 00a8fb08 65f20000 = OLE32.DLL:.text+0x1f000 -> c1 e6 04 39 4c 16 08 8d 04 16 0f 85 3b 01 03 00 ...9L.......;... 00a8fb0c 0000c05c 00a8fb10 8b3e0000 00a8fb14 000019f0 00a8fb18 0000057c 00a8fb1c 00000000 00a8fb20 00050000 00a8fb24 0000788c 00a8fb28 8b560000 00a8fb2c 000019f0 00a8fb30 00000000 ... 00a8fb38 00030000 00a8fb3c 0002788c 00a8fb40 00000000 ... 00a8fb4c ffffffff 00a8fb50 00010000 00a8fb54 8bee0ad7 00a8fb58 0a1f1698 00a8fb5c 00000000 00a8fb60 ffffffff 00a8fb64 00000000 ... 00a8fb6c 00030000 00a8fb70 0002788c 00a8fb74 32670177 00a8fb78 01770000 00a8fb7c 00a8fbc2 -> 05 00 00 00 b4 57 00 00 00 00 10 67 d7 0e 7c 05 .....W.....g..|. 00a8fb80 8bc0329f 00a8fb84 00000177 00a8fb88 8190885c -> 09 04 00 00 e4 04 00 00 00 00 00 00 76 d5 e1 81 ............v... 00a8fb8c 00a8fba4 -> b8 19 00 00 00 00 00 00 00 00 f6 8b 7f 34 00 00 .............4.. 00a8fb90 bff84609 = KERNEL32.DLL:.text+0x1b609 -------------------- 016f:bff845e7 e854fffdff call bff64540 = KERNEL32.DLL:_FREQASM+0x3540 016f:bff845ec 8bd0 mov edx,eax 016f:bff845ee c1c210 rol edx,10 016f:bff845f1 e9e2faffff jmp bff840d8 = KERNEL32.DLL:.text+0x1b0d8 016f:bff845f6 ff7316 push dword ptr [ebx+16] 016f:bff845f9 0fbf431a movsx eax,word ptr [ebx+1a] 016f:bff845fd 50 push eax 016f:bff845fe ff731c push dword ptr [ebx+1c] 016f:bff84601 ff7320 push dword ptr [ebx+20] 016f:bff84604 e8bbfefdff call bff644c4 = KERNEL32.DLL:_FREQASM+0x34c4 KERNEL32.DLL:.text+0x1b609: *016f:bff84609 8bd0 mov edx,eax 016f:bff8460b c1c210 rol edx,10 016f:bff8460e e9b5faffff jmp bff840c8 = KERNEL32.DLL:.text+0x1b0c8 016f:bff84613 ff7316 push dword ptr [ebx+16] 016f:bff84616 ff731a push dword ptr [ebx+1a] 016f:bff84619 ff731e push dword ptr [ebx+1e] 016f:bff8461c ff7322 push dword ptr [ebx+22] 016f:bff8461f e8a8fdfdff call bff643cc = KERNEL32.DLL:_FREQASM+0x33cc 016f:bff84624 8bd0 mov edx,eax 016f:bff84626 c1c210 rol edx,10 016f:bff84629 e9a2faffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 -------------------- 00a8fb94 0000b000 00a8fb98 00000000 00a8fb9c ffff0000 00a8fba0 00000003 00a8fba4 000019b8 00a8fba8 00000000 00a8fbac 8bf60000 00a8fbb0 0000347f 00a8fbb4 8bc00000 00a8fbb8 00000000 ... 00a8fbc0 00050000 00a8fbc4 57b40000 00a8fbc8 00000000 00a8fbcc 0ed76710 00a8fbd0 0000057c 00a8fbd4 00000000 00a8fbd8 00024ab0 00a8fbdc 00000000 ... 00a8fbe4 00000400 00a8fbe8 788c3497 00a8fbec 8c600002 00a8fbf0 01a70020 00a8fbf4 00000000 00a8fbf8 16e70000 00a8fbfc 00000000 00a8fc00 80000000 ... 00a8fc08 88000000 00a8fc0c 34870000 00a8fc10 00a8fc50 -> 00 70 90 81 58 6f 98 81 40 00 00 00 00 00 00 00 .p..Xo..@....... 00a8fc14 000021ac 00a8fc18 81986f34 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 00a8fc1c 00000024 00a8fc20 bff6a501 = KERNEL32.DLL:.text+0x1501 -------------------- 016f:bff6a4e6 2bfb sub edi,ebx 016f:bff6a4e8 57 push edi 016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax 016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a4f2 895004 mov dword ptr [eax+04],edx 016f:bff6a4f5 8d041e lea eax,[esi+ebx] 016f:bff6a4f8 50 push eax 016f:bff6a4f9 ff7508 push dword ptr [ebp+08] 016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 KERNEL32.DLL:.text+0x1501: *016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 016f:bff6a51d 85c0 test eax,eax -------------------- 00a8fc24 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8fc28 00a8fc68 -> 00 78 6c c1 90 fc a8 00 6e a2 f6 bf 26 6f f7 bf .xl.....n...&o.. 00a8fc2c 0000219c 00a8fc30 81986f58 -> 10 00 00 a0 dc 71 94 81 dc 71 94 81 dc 71 94 81 .....q...q...q.. 00a8fc34 00000010 00a8fc38 bff6a501 = KERNEL32.DLL:.text+0x1501 -------------------- 016f:bff6a4e6 2bfb sub edi,ebx 016f:bff6a4e8 57 push edi 016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax 016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] 016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] 016f:bff6a4f2 895004 mov dword ptr [eax+04],edx 016f:bff6a4f5 8d041e lea eax,[esi+ebx] 016f:bff6a4f8 50 push eax 016f:bff6a4f9 ff7508 push dword ptr [ebp+08] 016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 KERNEL32.DLL:.text+0x1501: *016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] 016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] 016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] 016f:bff6a50d 50 push eax 016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] 016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] 016f:bff6a514 50 push eax 016f:bff6a515 ff75fc push dword ptr [ebp-04] 016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 016f:bff6a51d 85c0 test eax,eax -------------------- 00a8fc3c 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8fc40 81986f68 -> 20 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 56 31 2e ...F:\TEMP\SV1. 00a8fc44 0000219c 00a8fc48 00000000 00a8fc4c 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8fc50 81907000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00a8fc54 81986f58 -> 10 00 00 a0 dc 71 94 81 dc 71 94 81 dc 71 94 81 .....q...q...q.. 00a8fc58 00000040 00a8fc5c 00000000 00a8fc60 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fc64 8190700c -> 01 00 00 a0 40 d3 98 81 78 d8 98 81 80 00 00 00 ....@...x....... 00a8fc68 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8fc6c 00a8fc90 -> a9 2f f8 bf 5c 6f 98 81 dc 71 94 81 00 00 00 00 ./..\o...q...... 00a8fc70 bff6a26e = KERNEL32.DLL:.text+0x126e -------------------- 016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl 016f:bff6a255 b648 mov dh,48 016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 016f:bff6a259 4c dec esp 016f:bff6a25a 2408 and al,08 016f:bff6a25c f6c101 test cl,01 016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e 016f:bff6a261 ff704c push dword ptr [eax+4c] 016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad KERNEL32.DLL:.text+0x126e: *016f:bff6a26e c20800 retd 0008 016f:bff6a271 53 push ebx 016f:bff6a272 56 push esi 016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] 016f:bff6a277 57 push edi 016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] 016f:bff6a27c 55 push ebp 016f:bff6a27d b900001000 mov ecx,00100000 016f:bff6a282 8d1c37 lea ebx,[edi+esi] 016f:bff6a285 8b03 mov eax,dword ptr [ebx] 016f:bff6a287 a801 test al,01 -------------------- 00a8fc74 bff76f26 = KERNEL32.DLL:.text+0xdf26 -------------------- 016f:bff76f02 0c53 or al,53 016f:bff76f04 ff7508 push dword ptr [ebp+08] 016f:bff76f07 e8f36e0100 call bff8ddff = KERNEL32.DLL:.text+0x24dff 016f:bff76f0c 8945fc mov dword ptr [ebp-04],eax 016f:bff76f0f 395dfc cmp dword ptr [ebp-04],ebx 016f:bff76f12 7519 jnz bff76f2d = KERNEL32.DLL:.text+0xdf2d 016f:bff76f14 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff76f19 8b08 mov ecx,dword ptr [eax] 016f:bff76f1b ffb198000000 push dword ptr [ecx+00000098] 016f:bff76f21 e88e6cffff call bff6dbb4 = KERNEL32.DLL:.text+0x4bb4 KERNEL32.DLL:.text+0xdf26: *016f:bff76f26 8bf0 mov esi,eax 016f:bff76f28 e990000000 jmp bff76fbd = KERNEL32.DLL:.text+0xdfbd 016f:bff76f2d 85f6 test esi,esi 016f:bff76f2f 7416 jz bff76f47 = KERNEL32.DLL:.text+0xdf47 016f:bff76f31 57 push edi 016f:bff76f32 8d45f4 lea eax,[ebp-0c] 016f:bff76f35 50 push eax 016f:bff76f36 8d4dfc lea ecx,[ebp-04] 016f:bff76f39 51 push ecx 016f:bff76f3a e81d290100 call bff8985c = KERNEL32.DLL:.text+0x2085c 016f:bff76f3f 85c0 test eax,eax -------------------- 00a8fc78 819807f0 -> 40 4d 98 81 14 6a 98 81 00 00 00 00 00 00 00 00 @M...j.......... 00a8fc7c 00000000 00a8fc80 819782b1 -> 00 44 00 14 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 .D.....F:\TEMP\S 00a8fc84 00000000 00a8fc88 819471dc -> 00 00 00 00 00 00 00 00 14 81 97 81 00 00 00 00 ................ 00a8fc8c 00a8fcb8 -> 38 fe a8 00 c0 22 4c 00 c0 6d bb 00 08 91 11 01 8...."L..m...... 00a8fc90 bff82fa9 = KERNEL32.DLL:.text+0x19fa9 -------------------- 016f:bff82f89 e8ffd5feff call bff7058d = KERNEL32.DLL:.text+0x758d 016f:bff82f8e 8bf0 mov esi,eax 016f:bff82f90 85f6 test esi,esi 016f:bff82f92 7415 jz bff82fa9 = KERNEL32.DLL:.text+0x19fa9 016f:bff82f94 ff742410 push dword ptr [esp+10] 016f:bff82f98 56 push esi 016f:bff82f99 ff742410 push dword ptr [esp+10] 016f:bff82f9d 8b442418 mov eax,dword ptr [esp+18] 016f:bff82fa1 894608 mov dword ptr [esi+08],eax 016f:bff82fa4 e84ad6feff call bff705f3 = KERNEL32.DLL:.text+0x75f3 KERNEL32.DLL:.text+0x19fa9: *016f:bff82fa9 8bc6 mov eax,esi 016f:bff82fab 5e pop esi 016f:bff82fac c20c00 retd 000c 016f:bff82faf ff742404 push dword ptr [esp+04] 016f:bff82fb3 e88414ffff call bff7443c = KERNEL32.DLL:.text+0xb43c 016f:bff82fb8 85c0 test eax,eax 016f:bff82fba 7406 jz bff82fc2 = KERNEL32.DLL:.text+0x19fc2 016f:bff82fbc 50 push eax 016f:bff82fbd e8a4c5feff call bff6f566 = KERNEL32.DLL:.text+0x6566 016f:bff82fc2 c20400 retd 0004 016f:bff82fc5 55 push ebp -------------------- 00a8fc94 81986f5c -> dc 71 94 81 dc 71 94 81 dc 71 94 81 20 00 00 a0 .q...q...q.. ... 00a8fc98 819471dc -> 00 00 00 00 00 00 00 00 14 81 97 81 00 00 00 00 ................ 00a8fc9c 00000000 00a8fca0 81986f38 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fca4 bff641cf = KERNEL32.DLL:_FREQASM+0x31cf -------------------- 016f:bff641b5 51 push ecx 016f:bff641b6 52 push edx 016f:bff641b7 681d002a00 push 002a001d 016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 016f:bff641c1 59 pop ecx 016f:bff641c2 5a pop edx 016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad 016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] 016f:bff641c9 50 push eax 016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 KERNEL32.DLL:_FREQASM+0x31cf: *016f:bff641cf 58 pop eax 016f:bff641d0 c20400 retd 0004 016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e 016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] 016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea 016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 016f:bff641ea ff4a04 dec dword ptr [edx+04] 016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 00a8fca8 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fcac bff74692 = KERNEL32.DLL:.text+0xb692 -------------------- 016f:bff74674 c60004 mov byte ptr [eax],04 016f:bff74677 8b4508 mov eax,dword ptr [ebp+08] 016f:bff7467a 89461c mov dword ptr [esi+1c],eax 016f:bff7467d eb08 jmp bff74687 = KERNEL32.DLL:.text+0xb687 016f:bff7467f 56 push esi 016f:bff74680 e847500000 call bff796cc = KERNEL32.DLL:.text+0x106cc 016f:bff74685 33f6 xor esi,esi 016f:bff74687 a120bdfbbf mov eax,dword ptr [bffbbd20] 016f:bff7468c 50 push eax 016f:bff7468d e833fbfeff call bff641c5 = KERNEL32.DLL!98 KERNEL32.DLL:.text+0xb692: *016f:bff74692 33c0 xor eax,eax 016f:bff74694 85f6 test esi,esi 016f:bff74696 750d jnz bff746a5 = KERNEL32.DLL:.text+0xb6a5 016f:bff74698 50 push eax 016f:bff74699 50 push eax 016f:bff7469a 50 push eax 016f:bff7469b 68050000c0 push c0000005 016f:bff746a0 e80621ffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab 016f:bff746a5 5e pop esi 016f:bff746a6 5d pop ebp 016f:bff746a7 c20400 retd 0004 -------------------- 00a8fcb0 bffbb490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fcb4 00bb6dc0 -> 04 00 00 00 38 6f 98 81 00 00 00 00 00 00 00 00 ....8o.......... 00a8fcb8 00a8fe38 -> 78 ff a8 00 e4 b9 f7 bf 00 00 00 00 14 81 97 81 x............... 00a8fcbc 004c22c0 = SAL3.DLL:.text+0x12c0 -------------------- 016f:004c22a1 8935e0586500 mov dword ptr [006558e0],esi 016f:004c22a7 68f0916500 push 006591f0 016f:004c22ac ffd3 call ebx 016f:004c22ae 6a01 push +01 016f:004c22b0 6a24 push +24 016f:004c22b2 ff15ac624e00 call dword ptr [004e62ac] -> MSVCRT.DLL!calloc 016f:004c22b8 83c408 add esp,+08 016f:004c22bb 8bf0 mov esi,eax 016f:004c22bd 56 push esi 016f:004c22be ffd3 call ebx SAL3.DLL:.text+0x12c0: *016f:004c22c0 8bc6 mov eax,esi 016f:004c22c2 5e pop esi 016f:004c22c3 5b pop ebx 016f:004c22c4 81c494000000 add esp,00000094 016f:004c22ca c3 retd 016f:004c22cb 90 nop 016f:004c22cc 90 nop 016f:004c22cd 90 nop 016f:004c22ce 90 nop 016f:004c22cf 90 nop 016f:004c22d0 56 push esi -------------------- 00a8fcc0 00bb6dc0 -> 04 00 00 00 38 6f 98 81 00 00 00 00 00 00 00 00 ....8o.......... 00a8fcc4 01119108 = SETUP.EXE:.data+0x1108 -> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. 00a8fcc8 00000000 00a8fccc bff6bb26 = KERNEL32.DLL:.text+0x2b26 -------------------- 016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 016f:bff6bb0f 5e pop esi 016f:bff6bb10 c20400 retd 0004 016f:bff6bb13 56 push esi 016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] 016f:bff6bb18 8a06 mov al,byte ptr [esi] 016f:bff6bb1a 3c04 cmp al,04 016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 016f:bff6bb1e ff7604 push dword ptr [esi+04] 016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 KERNEL32.DLL:.text+0x2b26: *016f:bff6bb26 5e pop esi 016f:bff6bb27 c20400 retd 0004 016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] 016f:bff6bb30 55 push ebp 016f:bff6bb31 8bec mov ebp,esp 016f:bff6bb33 6aff push -01 016f:bff6bb35 685092f6bf push bff69250 016f:bff6bb3a 68201bfbbf push bffb1b20 016f:bff6bb3f 50 push eax 016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] 016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00a8fcd0 81984e74 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fcd4 00000088 00a8fcd8 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8fcdc 7803b128 = MSVCRT.DLL:.data+0x128 -> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... 00a8fce0 00a8fd28 -> 40 b1 03 78 68 fd a8 00 e3 21 00 78 0d 00 00 00 @..xh....!.x.... 00a8fce4 7801a8ab = MSVCRT.DLL:.text+0x198ab -------------------- 016f:7801a884 834dfcff or dword ptr [ebp-04],-01 016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb 016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a8a4 6a09 push +09 016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0x198ab: *016f:7801a8ab 59 pop ecx 016f:7801a8ac c3 retd 016f:7801a8ad 6a09 push +09 016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock 016f:7801a8b4 59 pop ecx 016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 016f:7801a8bc 8d45dc lea eax,[ebp-24] 016f:7801a8bf 50 push eax 016f:7801a8c0 8d45d4 lea eax,[ebp-2c] 016f:7801a8c3 50 push eax 016f:7801a8c4 ff7508 push dword ptr [ebp+08] -------------------- 00a8fce8 00000009 00a8fcec 7801a88d = MSVCRT.DLL:.text+0x1988d -------------------- 016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 016f:7801a873 59 pop ecx 016f:7801a874 8945e0 mov dword ptr [ebp-20],eax 016f:7801a877 85c0 test eax,eax 016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c 016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] 016f:7801a87e 83ee09 sub esi,+09 016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi 016f:7801a884 834dfcff or dword ptr [ebp-04],-01 016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 MSVCRT.DLL:.text+0x1988d: *016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb 016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] 016f:7801a8a4 6a09 push +09 016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock 016f:7801a8ab 59 pop ecx 016f:7801a8ac c3 retd 016f:7801a8ad 6a09 push +09 -------------------- 00a8fcf0 00000000 00a8fcf4 01073ca0 -> 01 00 00 00 0c 00 00 00 72 65 73 70 6f 6e 73 65 ........response 00a8fcf8 00fc5ed8 -> 00 00 00 00 90 5e fc 00 98 90 dd 00 00 00 00 00 .....^.......... 00a8fcfc 00000000 ... 00a8fd04 1c85d448 = TL641MI.DLL:.data+0x448 -> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00a8fd08 00ba000c -> 00 00 02 f8 01 90 00 00 ff ff ff 1f 00 00 bb 00 ................ 00a8fd0c 00000088 00a8fd10 81986108 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fd14 1c85e3f8 = TL641MI.DLL:.data+0x13f8 -> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers 00a8fd18 00dd2188 -> e0 e3 ef 00 c8 e3 ef 00 a4 e3 ef 00 90 e3 ef 00 ................ 00a8fd1c 00000000 00a8fd20 01118008 = SETUP.EXE:.data+0x8 -> 10 17 10 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8fd24 780016b2 = MSVCRT.DLL:.text+0x6b2 -------------------- 016f:78001694 6a11 push +11 016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock 016f:7800169b 59 pop ecx 016f:7800169c 5f pop edi 016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c 016f:7800169f 55 push ebp 016f:780016a0 8bec mov ebp,esp 016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] 016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] 016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x6b2: *016f:780016b2 5d pop ebp 016f:780016b3 c3 retd 016f:780016b4 8b442404 mov eax,dword ptr [esp+04] 016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 016f:780016bf 83f8fe cmp eax,-02 016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 016f:780016c8 83f8fd cmp eax,-03 016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 016f:780016cd 83f8fc cmp eax,-04 016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] -------------------- 00a8fd28 7803b140 = MSVCRT.DLL:.data+0x140 -> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... 00a8fd2c 00a8fd68 -> 08 91 11 01 58 d2 fc 00 88 50 dd 00 d5 3d 11 00 ....X....P...=.. 00a8fd30 780021e3 = MSVCRT.DLL:.text+0x11e3 -------------------- 016f:780021cb 8bc6 mov eax,esi 016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] 016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:780021d7 5f pop edi 016f:780021d8 5e pop esi 016f:780021d9 5b pop ebx 016f:780021da c9 leave 016f:780021db c3 retd 016f:780021dc 6a0d push +0d 016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0x11e3: *016f:780021e3 59 pop ecx 016f:780021e4 c3 retd 016f:780021e5 55 push ebp 016f:780021e6 8bec mov ebp,esp 016f:780021e8 6aff push -01 016f:780021ea 6808330378 push 78033308 016f:780021ef 6811db0078 push 7800db11 016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] 016f:780021fa 50 push eax 016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp 016f:78002202 83ec14 sub esp,+14 -------------------- 00a8fd34 0000000d 00a8fd38 7801f07a = MSVCRT.DLL:.text+0x1e07a -------------------- 016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 016f:7801f063 8b45e4 mov eax,dword ptr [ebp-1c] 016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] 016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:7801f070 5f pop edi 016f:7801f071 5e pop esi 016f:7801f072 5b pop ebx 016f:7801f073 c9 leave 016f:7801f074 c3 retd 016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc MSVCRT.DLL:.text+0x1e07a: *016f:7801f07a c3 retd 016f:7801f07b 56 push esi 016f:7801f07c ff3504c90378 push dword ptr [7803c904] 016f:7801f082 e8f730feff call 7800217e = MSVCRT.DLL!_msize 016f:7801f087 59 pop ecx 016f:7801f088 8bf0 mov esi,eax 016f:7801f08a 8b0d00c90378 mov ecx,dword ptr [7803c900] 016f:7801f090 a104c90378 mov eax,dword ptr [7803c904] 016f:7801f095 8bd1 mov edx,ecx 016f:7801f097 2bd0 sub edx,eax 016f:7801f099 83c204 add edx,+04 -------------------- 00a8fd3c 7801f063 = MSVCRT.DLL:.text+0x1e063 -------------------- 016f:7801f043 56 push esi 016f:7801f044 57 push edi 016f:7801f045 e8cf30feff call 78002119 = MSVCRT.DLL:.text+0x1119 016f:7801f04a 8365fc00 and dword ptr [ebp-04],+00 016f:7801f04e ff7508 push dword ptr [ebp+08] 016f:7801f051 e825000000 call 7801f07b = MSVCRT.DLL:.text+0x1e07b 016f:7801f056 59 pop ecx 016f:7801f057 8945e4 mov dword ptr [ebp-1c],eax 016f:7801f05a 834dfcff or dword ptr [ebp-04],-01 016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 MSVCRT.DLL:.text+0x1e063: *016f:7801f063 8b45e4 mov eax,dword ptr [ebp-1c] 016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] 016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx 016f:7801f070 5f pop edi 016f:7801f071 5e pop esi 016f:7801f072 5b pop ebx 016f:7801f073 c9 leave 016f:7801f074 c3 retd 016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc 016f:7801f07a c3 retd 016f:7801f07b 56 push esi -------------------- 00a8fd40 00000000 ... 00a8fd4c 00fd1908 -> 01 00 00 00 13 00 00 00 6f 70 65 6e 5f 6f 66 66 ........open_off 00a8fd50 00ddae60 -> 03 00 00 00 0f 00 00 00 46 3a 5c 54 45 4d 50 5c ........F:\TEMP\ 00a8fd54 00000000 00a8fd58 01073ca0 -> 01 00 00 00 0c 00 00 00 72 65 73 70 6f 6e 73 65 ........response 00a8fd5c 00000000 ... 00a8fd68 01119108 = SETUP.EXE:.data+0x1108 -> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. 00a8fd6c 00fcd258 -> 02 00 00 00 20 00 00 00 4f 00 70 00 65 00 6e 00 .... ...O.p.e.n. 00a8fd70 00dd5088 -> 24 14 70 00 f0 bb bb 00 00 00 00 00 00 00 53 00 $.p...........S. 00a8fd74 00113dd5 00a8fd78 01101740 = SETUP.EXE:.text+0x740 -> b9 08 91 11 01 e9 66 fe ff ff 90 90 90 90 90 90 ......f......... 00a8fd7c 0110173a = SETUP.EXE:.text+0x73a -------------------- 016f:01101720 b908911101 mov ecx,01119108 016f:01101725 e966fdffff jmp 01101490 = SETUP.EXE:.text+0x490 016f:0110172a 90 nop 016f:0110172b 90 nop 016f:0110172c 90 nop 016f:0110172d 90 nop 016f:0110172e 90 nop 016f:0110172f 90 nop 016f:01101730 6840171001 push 01101740 016f:01101735 e892260100 call 01113dcc = SETUP.EXE:.text+0x12dcc SETUP.EXE:.text+0x73a: *016f:0110173a 59 pop ecx 016f:0110173b c3 retd 016f:0110173c 90 nop 016f:0110173d 90 nop 016f:0110173e 90 nop 016f:0110173f 90 nop 016f:01101740 b908911101 mov ecx,01119108 016f:01101745 e966feffff jmp 011015b0 = SETUP.EXE:.text+0x5b0 016f:0110174a 90 nop 016f:0110174b 90 nop 016f:0110174c 90 nop -------------------- 00a8fd80 01073ca0 -> 01 00 00 00 0c 00 00 00 72 65 73 70 6f 6e 73 65 ........response 00a8fd84 00a8fa50 -> 00 00 00 00 b1 82 97 81 00 00 00 00 00 00 46 02 ..............F. 00a8fd88 00a8fe28 -> 68 ff a8 00 26 40 11 01 a0 5e 11 01 00 00 00 00 h...&@...^...... 00a8fd8c 01114679 = SETUP.EXE:.text+0x13679 -> b8 58 60 11 01 e9 5b f7 ff ff cc cc cc cc cc cc .X`...[......... 00a8fd90 00000029 00a8fd94 00a8fe38 -> 78 ff a8 00 e4 b9 f7 bf 00 00 00 00 14 81 97 81 x............... 00a8fd98 0110722a = SETUP.EXE:.text+0x622a -------------------- 016f:01107218 90 nop 016f:01107219 90 nop 016f:0110721a 90 nop 016f:0110721b 90 nop 016f:0110721c 90 nop 016f:0110721d 90 nop 016f:0110721e 90 nop 016f:0110721f 90 nop 016f:01107220 b908911101 mov ecx,01119108 016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 SETUP.EXE:.text+0x622a: *016f:0110722a 33c0 xor eax,eax 016f:0110722c c3 retd 016f:0110722d 90 nop 016f:0110722e 90 nop 016f:0110722f 90 nop 016f:01107230 8b01 mov eax,dword ptr [ecx] 016f:01107232 8b08 mov ecx,dword ptr [eax] 016f:01107234 51 push ecx 016f:01107235 e87ac30000 call 011135b4 = SAL3.DLL!osl_releaseMutex 016f:0110723a 59 pop ecx 016f:0110723b c3 retd -------------------- 00a8fd9c 01107215 = SETUP.EXE:.text+0x6215 -------------------- 016f:01107207 90 nop 016f:01107208 90 nop 016f:01107209 90 nop 016f:0110720a 90 nop 016f:0110720b 90 nop 016f:0110720c 90 nop 016f:0110720d 90 nop 016f:0110720e 90 nop 016f:0110720f 90 nop 016f:01107210 e80b000000 call 01107220 = SETUP.EXE:.text+0x6220 SETUP.EXE:.text+0x6215: *016f:01107215 c21000 retd 0010 016f:01107218 90 nop 016f:01107219 90 nop 016f:0110721a 90 nop 016f:0110721b 90 nop 016f:0110721c 90 nop 016f:0110721d 90 nop 016f:0110721e 90 nop 016f:0110721f 90 nop 016f:01107220 b908911101 mov ecx,01119108 016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 -------------------- 00a8fda0 01113fa3 = SETUP.EXE:.text+0x12fa3 -------------------- 016f:01113f8e ebf5 jmp 01113f85 = SETUP.EXE:.text+0x12f85 016f:01113f90 6a0a push +0a 016f:01113f92 58 pop eax 016f:01113f93 50 push eax 016f:01113f94 56 push esi 016f:01113f95 53 push ebx 016f:01113f96 53 push ebx 016f:01113f97 ff1504501101 call dword ptr [01115004] -> KERNEL32.DLL!GetModuleHandleA 016f:01113f9d 50 push eax 016f:01113f9e e86d32ffff call 01107210 = SETUP.EXE:.text+0x6210 SETUP.EXE:.text+0x12fa3: *016f:01113fa3 894598 mov dword ptr [ebp-68],eax 016f:01113fa6 50 push eax 016f:01113fa7 ff1540501101 call dword ptr [01115040] -> MSVCRT.DLL!exit 016f:01113fad 8b45ec mov eax,dword ptr [ebp-14] 016f:01113fb0 8b08 mov ecx,dword ptr [eax] 016f:01113fb2 8b09 mov ecx,dword ptr [ecx] 016f:01113fb4 894d88 mov dword ptr [ebp-78],ecx 016f:01113fb7 50 push eax 016f:01113fb8 51 push ecx 016f:01113fb9 e822000000 call 01113fe0 = MSVCRT.DLL!_XcptFilter 016f:01113fbe 59 pop ecx -------------------- 00a8fda4 01100000 = SETUP.EXE+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00a8fda8 00000000 00a8fdac 819782b1 -> 00 44 00 14 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 .D.....F:\TEMP\S 00a8fdb0 00000005 00a8fdb4 00000000 00a8fdb8 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8fdbc 00980000 00a8fdc0 c0000005 00a8fdc4 819782b1 -> 00 44 00 14 00 00 a0 46 3a 5c 54 45 4d 50 5c 53 .D.....F:\TEMP\S 00a8fdc8 00bb6e80 -> 88 6e bb 00 00 00 00 00 46 3a 5c 54 65 6d 70 20 .n......F:\Temp 00a8fdcc 00000000 ... 00a8fdd4 00bb0c40 -> 10 0c bb 00 e0 0b bb 00 c0 0b bb 00 a0 0b bb 00 ................ 00a8fdd8 00000001 00a8fddc 00000044 00a8fde0 00000000 ... 00a8fe08 00000001 00a8fe0c 00000005 00a8fe10 00000000 ... 00a8fe20 00a8fdb4 -> 00 00 00 00 14 81 97 81 00 00 98 00 05 00 00 c0 ................ 00a8fe24 00a8c374 -> 4c c4 a8 00 68 c4 a8 00 a0 c3 a8 00 21 68 f6 bf L...h.......!h.. 00a8fe28 00a8ff68 -> ff ff ff ff 20 1b fb bf 38 91 f6 bf 00 00 00 00 .... ...8....... 00a8fe2c 01114026 = SETUP.EXE:.text+0x13026 -> ff 25 64 50 11 01 ff 25 68 50 11 01 ff 25 04 50 .%dP...%hP...%.P 00a8fe30 01115ea0 = SETUP.EXE:.rdata+0xea0 -> ff ff ff ff ad 3f 11 01 c1 3f 11 01 00 00 00 00 .....?...?...... 00a8fe34 00000000 00a8fe38 00a8ff78 -> f4 ff a8 00 96 b8 f7 bf e8 01 98 81 08 00 00 00 ................ 00a8fe3c bff7b9e4 = KERNEL32!ApplicationStartup -------------------- 016f:bff7b9c0 7413 jz bff7b9d5 = KERNEL32.DLL:.text+0x129d5 016f:bff7b9c2 6a00 push +00 016f:bff7b9c4 56 push esi 016f:bff7b9c5 e83d56ffff call bff71007 = KERNEL32.DLL:.text+0x8007 016f:bff7b9ca 50 push eax 016f:bff7b9cb 6800050000 push 00000500 016f:bff7b9d0 e8d75cffff call bff716ac = KERNEL32.DLL:.text+0x86ac 016f:bff7b9d5 c745fc00000000 mov dword ptr [ebp-04],00000000 016f:bff7b9dc 8b45d4 mov eax,dword ptr [ebp-2c] 016f:bff7b9df e80d89feff call bff642f1 = KERNEL32.DLL:_FREQASM+0x32f1 KERNEL32!ApplicationStartup: *016f:bff7b9e4 8945d8 mov dword ptr [ebp-28],eax 016f:bff7b9e7 eb1a jmp bff7ba03 = KERNEL32.DLL:.text+0x12a03 016f:bff7b9e9 ff75ec push dword ptr [ebp-14] 016f:bff7b9ec e88f270100 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter 016f:bff7b9f1 c3 retd 016f:bff7b9f2 8b65e8 mov esp,dword ptr [ebp-18] 016f:bff7b9f5 8b45e0 mov eax,dword ptr [ebp-20] 016f:bff7b9f8 80480308 or byte ptr [eax+03],08 016f:bff7b9fc 6aff push -01 016f:bff7b9fe e8511c0000 call bff7d654 = KERNEL32.DLL:.text+0x14654 016f:bff7ba03 c745fcffffffff mov dword ptr [ebp-04],ffffffff -------------------- 00a8fe40 00000000 00a8fe44 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8fe48 00980000 00a8fe4c 75746553 00a8fe50 58450070 00a8fe54 00000045 00a8fe58 00000000 ... 00a8ff38 00a8ff6c -> 20 1b fb bf 38 91 f6 bf 00 00 00 00 f4 ff a8 00 ...8........... 00a8ff3c 81907050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a8ff40 819782c8 -> 10 00 00 a0 0c 6c 95 81 0c 6c 95 81 0c 6c 95 81 .....l...l...l.. 00a8ff44 c16c7800 -> 01 00 00 00 00 00 00 00 00 00 00 00 c0 05 66 c1 ..............f. 00a8ff48 00a8ff6c -> 20 1b fb bf 38 91 f6 bf 00 00 00 00 f4 ff a8 00 ...8........... 00a8ff4c 01113e6f = SETUP.EXE:.text+0x12e6f -------------------- 016f:01113e59 3d00100000 cmp eax,00001000 016f:01113e5e 73ec jnc 01113e4c = SETUP.EXE:.text+0x12e4c 016f:01113e60 2bc8 sub ecx,eax 016f:01113e62 8bc4 mov eax,esp 016f:01113e64 8501 test dword ptr [ecx],eax 016f:01113e66 8be1 mov esp,ecx 016f:01113e68 8b08 mov ecx,dword ptr [eax] 016f:01113e6a 8b4004 mov eax,dword ptr [eax+04] 016f:01113e6d 50 push eax 016f:01113e6e c3 retd SETUP.EXE:.text+0x12e6f: *016f:01113e6f 55 push ebp 016f:01113e70 8bec mov ebp,esp 016f:01113e72 6aff push -01 016f:01113e74 68a05e1101 push 01115ea0 016f:01113e79 6826401101 push 01114026 016f:01113e7e 64a100000000 mov eax,dword ptr fs:[00000000] 016f:01113e84 50 push eax 016f:01113e85 64892500000000 mov dword ptr fs:[00000000],esp 016f:01113e8c 83ec68 sub esp,+68 016f:01113e8f 53 push ebx 016f:01113e90 56 push esi -------------------- 00a8ff50 bff6b487 = KERNEL32.DLL:.text+0x2487 -------------------- 016f:bff6b46a 8b00 mov eax,dword ptr [eax] 016f:bff6b46c 894304 mov dword ptr [ebx+04],eax 016f:bff6b46f 6800020000 push 00000200 016f:bff6b474 51 push ecx 016f:bff6b475 ff75fc push dword ptr [ebp-04] 016f:bff6b478 56 push esi 016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 016f:bff6b47e ff750c push dword ptr [ebp+0c] 016f:bff6b481 56 push esi 016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 KERNEL32.DLL:.text+0x2487: *016f:bff6b487 b801000000 mov eax,00000001 016f:bff6b48c 5f pop edi 016f:bff6b48d 5e pop esi 016f:bff6b48e 5b pop ebx 016f:bff6b48f 8be5 mov esp,ebp 016f:bff6b491 5d pop ebp 016f:bff6b492 c20c00 retd 000c 016f:bff6b495 55 push ebp 016f:bff6b496 8bec mov ebp,esp 016f:bff6b498 83ec04 sub esp,+04 016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] -------------------- 00a8ff54 00080000 00a8ff58 81978134 -> 00 02 00 00 20 c4 02 00 17 33 a8 00 01 00 01 00 .... ....3...... 00a8ff5c 32b60000 00a8ff60 00a8fe40 -> 00 00 00 00 14 81 97 81 00 00 98 00 53 65 74 75 ............Setu 00a8ff64 00980000 00a8ff68 ffffffff 00a8ff6c bffb1b20 = KERNEL32.DLL:.text+0x48b20 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00a8ff70 bff69138 = KERNEL32.DLL:.text+0x138 -> ff ff ff ff e9 b9 f7 bf f2 b9 f7 bf 00 00 00 00 ................ 00a8ff74 00000000 00a8ff78 00a8fff4 -> ec 5f 18 83 4f a2 f7 bf 00 00 00 00 ._..O....... 00a8ff7c bff7b896 = KERNEL32.DLL:.text+0x12896 -------------------- 016f:bff7b877 ff7508 push dword ptr [ebp+08] 016f:bff7b87a 56 push esi 016f:bff7b87b e8dd560000 call bff80f5d = KERNEL32.DLL:.text+0x17f5d 016f:bff7b880 ff7508 push dword ptr [ebp+08] 016f:bff7b883 33ff xor edi,edi 016f:bff7b885 57 push edi 016f:bff7b886 ff7634 push dword ptr [esi+34] 016f:bff7b889 e85792feff call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 016f:bff7b88e 897d08 mov dword ptr [ebp+08],edi 016f:bff7b891 e84a000000 call bff7b8e0 = KERNEL32.DLL:.text+0x128e0 KERNEL32.DLL:.text+0x12896: *016f:bff7b896 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff7b89b 8b00 mov eax,dword ptr [eax] 016f:bff7b89d 83c060 add eax,+60 016f:bff7b8a0 50 push eax 016f:bff7b8a1 e81f89feff call bff641c5 = KERNEL32.DLL!98 016f:bff7b8a6 e87b23ffff call bff6dc26 = KERNEL32.DLL:.text+0x4c26 016f:bff7b8ab 8945f0 mov dword ptr [ebp-10],eax 016f:bff7b8ae 837df800 cmp dword ptr [ebp-08],+00 016f:bff7b8b2 7408 jz bff7b8bc = KERNEL32.DLL:.text+0x128bc 016f:bff7b8b4 ff75f8 push dword ptr [ebp-08] 016f:bff7b8b7 e843020000 call bff7baff = KERNEL32.DLL:.text+0x12aff -------------------- 00a8ff80 819801e8 -> 07 00 01 00 40 91 6c c1 20 c3 a8 00 00 00 a9 00 ....@.l. ....... 00a8ff84 00000008 00a8ff88 81978114 -> 06 00 05 00 80 2b 6c c1 00 00 00 00 00 00 00 00 .....+l......... 00a8ff8c 00000000 ... 00a8ffd0 0002ffff 00a8ffd4 0000f2a8 00a8ffd8 00a8e000 -> 73 04 70 05 3f 00 00 00 30 0c bc 00 90 04 bc 00 s.p.?...0....... 00a8ffdc 00a90000 00a8ffe0 00000000 00a8ffe4 ffffffff 00a8ffe8 81980474 -> 50 45 00 00 4c 01 04 00 e0 4e 2d 3d 00 00 00 00 PE..L....N-=.... 00a8ffec 00000000 00a8fff0 345732b6 00a8fff4 83185fec 00a8fff8 bff7a24f = KERNEL32.DLL:.text+0x1124f -------------------- 016f:bff7a22c e8bb4b0000 call bff7edec = KERNEL32.DLL:.text+0x15dec 016f:bff7a231 56 push esi 016f:bff7a232 e8ca28ffff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 016f:bff7a237 33c0 xor eax,eax 016f:bff7a239 ebdf jmp bff7a21a = KERNEL32.DLL:.text+0x1121a 016f:bff7a23b f644240c10 test byte ptr [esp+0c],10 016f:bff7a240 7505 jnz bff7a247 = KERNEL32.DLL:.text+0x11247 016f:bff7a242 e898deffff call bff780df = KERNEL32.DLL:.text+0xf0df 016f:bff7a247 ff742408 push dword ptr [esp+08] 016f:bff7a24b ff542408 call dword ptr [esp+08] KERNEL32.DLL:.text+0x1124f: *016f:bff7a24f c20c00 retd 000c 016f:bff7a252 56 push esi 016f:bff7a253 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] 016f:bff7a258 8b742408 mov esi,dword ptr [esp+08] 016f:bff7a25c 57 push edi 016f:bff7a25d 8b38 mov edi,dword ptr [eax] 016f:bff7a25f 8b4608 mov eax,dword ptr [esi+08] 016f:bff7a262 85c0 test eax,eax 016f:bff7a264 7413 jz bff7a279 = KERNEL32.DLL:.text+0x11279 016f:bff7a266 50 push eax 016f:bff7a267 e85cb3feff call bff655c8 = KERNEL32.DLL:_FREQASM+0x45c8 -------------------- 00a8fffc 00000000 9-/R#;~?_mo+Heg<d,oCk 3vxb ] % M u  c  , T |   ' ) T V h j %Y?)]Dt0sX0CMxC)YCk 3[ H[qs _?o(\O5ikFYc < =!m!!!-"H"|"""#V#### $1$Y$[$q$s$u$$$ %`%%%%%%,&`&&&'3'{''("(V(((();)c))))*****v***7+f+y++++,I,,,-2-b----..^....C/w///!0Q0S0i0k0m000.11132=2g223G3Z3p3r3334M4}445D5t5556H666&7z778P8888999-9999999E:u:::;W;;;<m<<<<2=b====0>`>>>>???^???6@`@@@@@A2AHAJAAAA-B~BBB'CWCCCC.DDDDIEyEEE0FdFfF|F~FFFFFFFGiGGG H8HlHHHH IPIIIIJPJJJ!KSKKKKKKK L L3LbLuLLLLMPMMMMNiNNNOHOyOOO*P\PPP@QpQQQQQQRCRVRlRnRRR#SSSSSTWTTTU6UgUUUVCVxVVV WhWjWWWWW2X\XXX4YYYYYY Z5Z]ZZZZZ@[p[[[ \4\\\\\\]K]]]]]^^^'^~^^_[____``F`Y`o`q```8alaaablbbbc7cgcccc/d`ddddeeeeeseee4faffgfgghkhuhhhhhhh3iiiijHj}jjkdkkkklTlllmTmmm n n!n#n%n|nnnnn*oZoooonTƃȃރ$:<l4ą-mچd6f8wĉƉȉ2EXkŊNJ,ҋ%xˌJ)bڎ Dvݏ02HJL_ I^’=Yߓ0s$XJ]suՖ PGw˘K)}S b/rA۞cCtؠG͡ϡn-CE֣ >Τ =|ͥM}!QHJ`bdΨ%8 c9KЬb~Bv׮gϯѯUh{ATѱ(ײٲUֳg-~ε.^¶2qи'~R&9Qd%|Pch{ϿѿD*j !U~Fn(fVO8P+x.^ 9 dw8cv AuJ7z"o os!x,BD7g _0`d'XZprt~-/m"R JKOCE[]_iX =m56y:y.0FHJTY-k-FvDtrJt 57hHxWrOx@hj 24=.g)RzBj\7F *sX)QSikmr3Fh{3FPv$7AJ]p^qEs>f1b E n        Y       * R z    E    & v   )YmEmmi-U}MOegiGGoZ7k:n?AWY[  3[&Z(C+[ OI      2!b!!!)"Y""""=#X###$p$$$7%k%%%9&;&Q&S&U&&&&&&%'^'''(B(r(( )%)h)))/*_***8+l++++++,X,,-]---.u..#/z///;0h001m111H2[22222233%3|333333"4J4z4445M5555$6X66637g777C88888888 9!9#9K9s999:J:~:::Q;i;;;<f<<<9=u===>>->/>1>>>>>>?e???@K@{@@A1AIA}AAA B=BvBBBBCGCIC_CaCcCCCDrDDDDDDE9EEEF5FeFFFG"GeGGG-HkHHHHMIIIIIIIII%J|JJJ+KKKKKKKULhL{LLMMFMMMMMMMN"N5NHN[NnNNNNNNNNOOAOTOjOlOOO$PwPPQpQQQ3RQRRRSKSSSSTOTTTTTTTU6UIU_UaUUU&VzVV W=WmWWWX7XXXYKYYY!ZZZZZZZZZZZ%[8[N[P[[[[.\a\\\]b]]] ^=^^^ _L___`Q````````aaaRaaaa/bbbb0cccc dQdddeYeeef`fbfxfzf|fffffff#gSgggg)hhhhhAi[iiii jRjjjjkXkkkkkk l6lIl_lalllmCmwmmmnXnnnnoPooopPpppq2q4qJqLqNqqqqq,r?rRrrrrrr3scsss!tQttt u&uiuuuuvBvvvv:wnwpwwwwwwwwAxTx^xxxxxx!yQyyyy:zjzzz {L{{{{)|Y|||/}_}}}}}}}}}}.~A~W~Y~~~5e=2f!Q35KMObuI\ ObxzTI%Dxވ>hɉ-]_uwyЊMF/k͍Jǎ.eˏQSikmŐېݐDm4dɒ.^%Uٔ O*=n ;k5͘!? JȚL+[n M}-֞+H|Cs[68NPRޢWHx/bߥUĦ :np%8NP2q Mܪ=ثc=vɭ˭ 1DWj}ɮܮ2¯կ!4GZmð-@Sf':M`s d8KmĴ״#6I\fyŵص$7J]p϶&9OQ \UԹ6o0dλ4gҼԼּ.DF۽ _"RͿp0p?o 24f:ZWN~BDZ\^;N)l"eQn8S%8Kz4h-0`BtX,[n ;koN+[84I~eUU  "$&}+[=oSoH|FDs-a&z )Y;mQ%Tg}4dhGx$T1y{-~Bw ^z NNv$T6hLhAu?=l&Zs"R4fJzM`vx-]a@qM*rt< f   >       ? g     J z    > f    Uu@pS8l=e "8:<:/wJ#S T(*,?h{CrGqL|'v<>TVX l  !e!!!7"{"""#O####1$c$$$%%5%7%9%L%~%%%%%>&n&&'U''''0(O((()N)))*i***+++++1+++,",R,e,{,},,,O---.4.d.../J/~///0B0k000 1i1k1111132b2u22223B3r333%4v44 5%5U555526b6666?7777777Q8|8888 9P999:X::::;5;e;;;;<Q<z<<<<==2=4=6====%>8>N>P>x>>>>?@????G@b@@@@A^AAAABDBrBtBBBBBC(C>C@CCCCDHDDD!EQEEEEFBFjFFFF G2GZGGGGGGGLH|HHHHH*I^IIJJJ~JJJ-KJK~KKKK'LOLwLLLLMM/M1M3MMMN$N:NQdΒ-@Sfy /BUh{DWj}  3FvӖ%Wۗ ?oGp&xښ>rtObu̜&(Y3ٞ,o Fà;nס >o6uɤ)^åG|¦GݧFvx  =թeު1vʫ.bŬ%U135 9LbdЯVɰ)Yұ#h1t*Z\rtv´I\rtĵ/o϶4׷0Xи(XʹݹGw(pCB_EuξY׿ٿۿ2E&m#SVs3g6>@VXZrPCsCsJz7z02HJLQ%c%y>n<lj}3-]7`:bg8`6f+S*XU+[ R%Y*Rz  eW w^Go7_Q"e%d7g3cXZprt!79iP2bW _*Z$Tg}+[cI+[IKacex_r 3ex+j+_;Z$T~Csu/c \E`D{gi2Z J z   % D t   ; k    e       - @ S      !QK7U!`b.eH0 [ a \8kZ ;Y9idNC   !d!!! "6"T"""2#u##$Q$$$$#%%%;%=%?%R%e%x%%%%%% &c&v&&''(';'N'a't'''''''' ((2(E(X(k(~((((((())))<)O))))).*A*W*Y****,++++,E,,,, -^---%.U.../d/f/|/~///////,0T000 1R111 2P2j2223A3s333 454t44444445%5;5=5~5556]6667[7777 8T8888*9]999: : :":$:7:J:]:p::::::::: ;;/;B;U;h;{;;;;;;;<<&<9<L<_<r<<<<<<<< =='=:=M=}==== > >3>F>Y>l>>>>>>>>"?5?K?M?~??@X@@@QAAAB2BkBBB,C`CCCC0DcDDDDDDDE*E@EBEEEF[FFFGNGGGGHlHHH,IlIIJ;JkJJJJJJJJKK.K0KbKKK6LLLMVMMM NSNNNNOJOzOOOP>P@PVPXPZPmPPPPPPPQIQQQRdRRRR$SSSSS/T_TTTTU8U`UUUUUUUUUUVVmVVV.WAWsWWWWW9XxXXY9YmYYZIZhZZZ[2[b[[[[\Q\\\\\\\\\ ] ]=]q]]^j^^_S____*`n```aRaaaa"bubwbbbbbbbbc@chccc(dXdddd3eReeefIfyfff.gsgg hh$h&h(h;hNhahhhhhi/i_iiijYjjjEkckkkl/lnlll+mpmm nn%n'n)n|q|||}d}}}~I~}~~~~~~4G]_Aŀ\ L*rŃL؄ڄ-@Sfy+`ʆ݆4cvLJ 3l1pPՊgaŌnj݌ߌ&<>nӍIy͎@YFݑpВҒԒY8lOҕIeɖ*ZRߘ6Iϙ*[КCNj˜/_ԝZ  c UˠO¡5eۢ/tȣ _:<RTVۥ 35iަU*ZNƩ*_Ī $&(;E#6LNӬYۭ?2bï#Wذ LNdfh{ѱP0d(uƴK.Ӷ(zƷȷʷݷ!79iGӹ<l1jOż(ýٽ۽ tAؿ >gcA*TVlnp.ATgz%8K^q /BUh{&} 3FYlLzGw3lJx0^`vxza%wpR!b,.DFH[e9k~+[Br<l;V  bGu\ _Es,\oGY,^:nS{[nm3g>X]#W8KacI2[x3aGu+-_6j/cVf!Iqs'\M`vx0^GpHv.\*@BjJC`aI.02E6I_aEu2b2Z"RS] Cw-    I f   Q    p   6 f h ~      M}/EG$k]Cs%Mu&(*UG{BBa,o:z$&<>@(exL_uwY1 t   !!!d!!!B"""#d#####$ $ $$2$E$X$k$$$%%*%=%P%Z%%%%&&-&@&S&f&y&&&& ''/''''( ( (3(I(K((()X)))*>*n***+P+++,X,,,-]-_-u-w-y---T.....2////000N0~000 1;1~1112G2w222 3;3d33347494O4Q4S4455'5:5M5`5s55555596i6667b777 8>8888>9w9991:a:::::::;$;7;J;];p;;;;;-<@<S<f<y<<<<<<<<<=%=8======>P>>>>>>??,???I?\?o?y??????@L@@@@/AbAAA!B;BoBBB.CgCCCC1DbDDDDDDDEDEEEEEEEERFeFFFFFGG%G8GBGUGGGHGHZHpHrHH ITIII,JoJJJJK_KKK=LLLM_MMMMMNNNN-NNN2OOOP"P8P:PPPQ4QfQQQ(R|RRRSJSzSSS0T`TTTUEUGU]U_UaUUVfVVWCWVWlWnWWW8XhXXXY\YYZZNZ~ZZZ![d[[[\G\y\{\\\\\\\\/]r]]]^F^^^_W_s___ `<`p```a5aiaaaaaa!b4bGbZbbc_cc ddddddde7eeeefmffgQgmggggAhqhhhiWiiiiiiix@xoxxx/yhyyy+zjzzz {={m{{{{ |T|||||||}W}j}}~+~>~~~~/BXZ _#bdւTڃ _фӄDWjąƅ)oԆ`ɇGz'm܉"R =PfhJΌ"eˍU3{ΏU#6I\oΑ-@Sْ%8K^qГ&9L~ݔABv.bܗb*k^qƚȚHzޛB1d!U ={}0FHנ ;kС$cӢ4dh+\^tvxϥ')}ަQQ"jΩ3h۪#%;=?lgɬ-a=gʮK̯0`bxz|Ӱ+-UŲUų&nҴ7lߵ')?ACɶܶ2G|иcSúS׻  "${Ӽռ)Y;mQmοFzDBD0X c.W+n357IzCw?\7g r at$&_2b \y3N~/BUZm.`s&e&Z6UOy >npJ{HxB.LWY%O49iQ*|-+}')Y7{,\z!Z?od1.WuS1rDF\^`s<Obu"5H[9L_r Nawy?s.b  !4GZm'g M=6I\oCr!R55eBr O a2bD4 M }   . b   3 g       B   G   L)<RTNB4dJz-_awy{X,}=Y"VOq{*,TT%m6k& ( > @ B   !/!E!G!w!!!!"o"""#]### $5$x$$$@%t%%%D&&&&&&&(''''''(7(z(( )Z)))*a*{***+L+|+++-,f,,,,,,,,"-5-K-M---.C.s..."/e///0_0001f111172g2i2222213`3334+444 575556m6667[777777818t888%999:(:\::::;-;U;;;<K<M<c<e<g<<<<<<P====>I>>>0?L?|??? @^@@@ AtAAAAAAAHBwBBBBB&CWCCCD:DDDE:EjEEEFGFwFFFGTGGGGGGHfHHHHHHOIIIIJHJJJ/KKK{KKKL]LLLMsMMMMMMMGNvNNNNN%OVOOOP9PPPQ9QiQQQRFRvRRRSSSSSSSSTeTTTUgUUUVVV@VhVVVVW0WsWWWX>XgXXXXY;Y~YYY+Z-ZCZEZGZZZZZZ-[[[\>\\\]5]{]]]]%^U^^^^_<_d_______V``````1azaaaBbbb c(ckcccdGdpddde/eWeYeoeqeseee4fff gcgggg-h@hVhXhhhi3i[iiii7jjjjk@kkkklElyllllmmm=mmmmUnhn{nnnnoYooooooBpvpppq;qqq"r>rnrrrsPssstfttttttt:uMuuuvevvvvVwwwwww9xxxxyGyyyzKzhzzzz{9{i{{{{1|z|||||||!}4}J}L}}}~d~~~O K{<uIy{C1߄,Nak~)<RTLшFpۉ?o5ыFH^`bLҍ ;Ȏj׏(XƐB13IKM`j}ʒQdw@ٔ=r8{gƗG|ܘJz(*,?Rؚ<(g$uŝJܞ_֟ :<RTViYá֡Tڢ1DN~գe&Wjǥd<,o M)oѪnx &ZĬ׬${ȭۭ 1_FYc@oưٰ &9L_r 3Ͳײ 24{ϳGϴIߵ2fȶ"S/13F@fйMt˺"y k¼ռ߼HŽؽ%8K^ 1b̿߿4L_r|Gv#-OYq 'U ;Ndf)YB!R5Iz|gq C*=GZm  3=j}Q>n N5/_p wi| (2EXk,?o `1c$TAi  !#%8k~?R\ 'Uh~m4tQI`E,?R\oy$:<{b?o"e\K{}EJ 1`oj 3h)%|=PZmw",?I\o+_cg+{/n&(>@BUh{ C=-7J]g2EXkWZ Lg8` _ a w y {   W    + R     t    ?   DWj}GZdiV~.{v.o+_!#9;=)<RT1p<}E<|q2EXbu\ = P f h    !L!!!!-"n"""#P###$M$}$$$?%s%u%%%%%&)&3&&&&K''''' (*(=(G(y((((()9))))3*v***+I+z++,X,,,C---. .6.8.:.h...///M/}///90x001>1111222z2223C3x33334 4 44)4<4O4Y44444445#5Q5d5z5|556P6666?7o777 8=8q888919b999':w:y:::::;+;>;Q;d;;;;"<y<<<<=&=U=======P>c>v>>>>>>>6?e??@&@0@@@AA"A5A?ARA\AoAAAAAAACBVB`BBCeCxCCCCCD%D8DKD^DqD{DDDDDDDD EE0ECEVEiE|EEEEE;FNFFFG"G,G?GIGxGG&HUHHHH IOIbIxIzIIJPJJJKIKyKK L%LYLLL0MdMMM-NpNNNN OOO$O{OOOVܕU~(a;~ IKace&y̚rśDߜ#\ԝ>pמ*,BDFY=mDyޡBm?~ޣ&(*=-CEuƥK֦'fIݨg*iتڪKyЫ:M`j}Ӭ&Nvڭ :jCr9|FȱʱNat~ʲݲ wγ&<>ŴC9c6o÷I̸.qs1DZ\ P$rOܽg  !4Ŀ׿02f&VHe%Y=v(;QS ^W8q2f6i/B:j3vp b[OQgik,?DWjo gL~b0`F+-CEGv"e)Y#?xJm)+-X6gJ.Jz#W!d2^q3cXNw38j]?!d)RB{SUkmo*Z!dnj@pCE[]_ruXJzOi.|&O-/1Do${<lNd)Y'WU  . 0 `    X    F     a   ) ]   -rth79b&OM ACY[]pZEu1Z+[:FF O>@i)+-@mA o   P!c!!!B"o"""0#_#r#### $_$$$%D%y%%&"&V&&&'?'s'''(,((((((($)S)))0*_*r*****+M+++,7,v,,,-G-w---.W....//'/)/+/Y////0 0B00001)1Q1y1112J2s22223L3333 4 4#4%4'4:4M4}444445G5556d666%7B7v77 8;88899999 ::$:&:(:N::::::T;;<W<<<0===+>G>w>>>3???J@@AlAAAAAAA&B9BOBQBBBCWCCC DQ- M`vx;k'W0dN8 X k      B!!!"F"z""#_#x### $<$l$$$$!%I%q%s%%%%%%%%%&v&&& ':'o''(V(r((()F)))*F*****+++n+++++,L,},,,.-`---D.`... /9/m///070z0000005111 272223'3=3?3g33334/4W444555e55556.6b6667R7T7j7l7n777888F8n8889E999 :P:k:::;4;{;;;;<C<k<m<<<<<=e=x=====>O>>>?D????/@H@@@ A[AAA BWBBB CC%C'C)CCCCC)DDDDDKEzEEEEE)FZFFF G=GGG!H=HmHHHIJIzIIIJWJJJJJJKiKKKLkLLLMMMDMlMMMM N4NwNNNOBOkOOOO P?PPPP/Q1QGQIQKQQQQQQ(R\RRRR SPSSSTTKT{TTT(UqUUU4VfVVVVVV'W:WMWWWWWWW>XQXdXwXXXXXXXXYfYyYYYYYYYYZ$Z7ZpZZZZ[[j[}[[[[[[ \"\$\V\\\,]^]]]]&^^^^^%_w___-`]````` aaaha{aabb+b-b_bbb;ctcccdMdddd7eeee1fzffgeggggggg hh2hEhwhhhhhidiii j`jjj%kDkkk lJllll3mymmmmnnn,n]npnnnn oRooo(p[pppGqeqqqrBrrrrrs6sfssssss t`tstttttt uMuuuvFvvvvv2wOwxwwwxkxxx4ydyyyyyyyzz,z?zzzzzz{A{i{{{|L|||} }T}}}}}%~M~u~~~024GZmb3sŁ>rĂeǃ PۄACY[] b6y%U͈-aډ*m135  T،8iZwݎ$kˏ$Ltː"yϑ'l:zޓ%j Q֕Z(*@BDW5H^` 1YߙXuƚ*mܛbߜR՝%n$m͟Go7_ӡաס.)<RTԣZ֤?ɥj̦0a:} dnIj3g֬ <׭ ]G mİװ02< ;o޳d3eĵ(XZprt˶"Re{}ƷAq:"R{˺C 68:k¼I\rt+lξg:n)]i#z'=?P2b =m&Nv71${DWj _(XFc#S$LNdfhH+jh>D?suN=<lLGw1bu&oG7zX4z "5H[n/B 3cv1t4d;k(k&(*.#S?o!>r2b 35KMO#6I&9OQDt-l =m q4eg}02ZZ+s<q,.DFH[ 9jM1 M } & Z    $ g      " y      8 {   ?    K c    % N   ' Y        H w & W  :  : j  G w  T          C l   7 g    J g    P    # K s          3 I K     C w    e     J z    [       A     B U k m    0 q    R     S    8    4 6 L N P c      F C! ! ! " :" " " " ## q# # # $ U$ $ $ % Q% S% i% k% m% % % % % & ;& k& & & 6' y' ' ' 7( T( }( ( ( ( ) E) ) ) * S* * * * * * * * + + 1+ 3+ g+ + + 0, s, , , - 3- r- - - . =. . . . 5/ i/ / 0 ?0 A0 W0 Y0 [0 0 1 1 s1 1 1 1 1 1 .2 2 2 2 I3 3 3 3 >4 [4 4 4 75 5 5 6 i6 6 7 I7 y7 {7 7 7 7 7 7 8 %8 |8 8 8 8 8 8 8 69 f9 9 9 : 9: i: : : 3; P; ; ; < I< y< < < 7= g= = = = = = = = > > s> > !? 4? ? ? ? '@ :@ P@ R@ @ @ ,A eA A A !B gB B B C PC C C C D @D qD D D E 5E 7E ME OE QE dE wE E E E F ^F F F F F F G rG G G %H UH H H =I ZI I I J hJ J J K nK K L iL kL L L L L L L L M M M JM }M M M (N lN N N O MO kO O O P KP {P P P 0Q vQ Q Q Q Q Q Q MR R R R R S ES S S !T fT T T /U cU U U U 5V V V W fW W W &X OX yX {X X X X X X X X X Y Y -Y @Y SY fY yY Y Y Y Y 9Z Z Z Z Z Z Z F[ Y[ l[ [ [ [ [ [ [ R\ e\ x\ \ \ \ \ \ \ \ ] ] -] @] S] f] y] ] ] ] ^ :^ ^ ^ ^ ^ ^ R_ _ ` ` &` }` ` ` >a na a a a a b db b b 1c Zc c c -d Jd sd d d d e ;e ce e e e f f f f f vf f f f f g Hg g g h Ph h h i Vi si i i j pj j j "k Vk k k k k k k k Rl l l l l m m im m m #n Yn n n o Oo o o o &p Op wp p p p q ?q gq q q q q q r 2r Er Xr r r r r s +s As Cs s s s %t Ut t t t -u u u u v Vv v v *w Zw w w w x x 6x 8x :x Mx `x x x =y Py cy vy y y Tz gz z z { 0{ F{ H{ p{ { { { R| | | } d} } } ~ B~ ~ ~  4 d   9 Ӏ * V i  B  3 g  W ل Q Ӆ  J z dž Ɇ ߆ M ` s ҇  1 ] p Ј  4 d ĉ ! f ؊  O ֋  N ܌ K M c e g z Ѝ  / B U h  ; k ˏ $ X Ɛ ߐ  R L Ԓ  C ē Γ   - @ S f y Ŕ I \ o Ε   $ 7 J T g z Ɩ ٖ  /  Z = p ™  C s E b ɛ  Z ؜  k ҝ $ & < > @ S f y Ş ؞   . A T g z П  / B L _ r ɠ ܠ 3 F u ԡ  G ͢  J z & w ? o % d    \ Ƨ  0 _ r 1 t 4 d  a ) Y ߬  N ӭ խ F î  q ȯ ۯ E J y  n в  S 7 S ' W ʵ  = } Ƕ ɶ ˶ # % W + n  D ڹ * { 0 i һ  T  e x Ͻ & V i  Ҿ  : ˿ : }  . b  S Z . ! 4 J L | ' W  N " g T * ~  g B  X  H d  M } 6 f  h  A T j l  F v 4 d  @ y  B j 9 Q % c % y > n  < l    j }  N ~ , ` P i  J ~  O   . 0 2 ^ : M c e ;  l ) D t  E / _  $ & u  l & i  f H  5 ^  k ~ c v R < h { = m  b  ( X =  B  t ! # W  B r ? Y  F { ( p   * , |  J z  - |    1 z   # h        N a w y   ( k   * m    ^    I y    D t v  [ n  e  & Q 7 $ L t    @ i     B       ! # z  ( U    B U k m     5 ]    3 L     ! a   " R { }         > f     . V     > f     . g        & ( w    7 g   ) w    X    ^ ! ! T! V! X! {! ! ! <" O" b" " " " 6# # # # $ $ '$ :$ D$ W$ j$ }$ $ $ 5% % % & <& & & & .' A' W' Y' ' ' ( \( ( ( ) Z) ) ) * R* * * @+ i+ + + 0, `, , , , - - - )- - - - - - - - @. . . E/ / / / / / -0 |0 0 0 $1 X1 1 1 2 42 N2 ~2 2 2 3 L3 3 3 4 @4 p4 4 4 4 4 4 4 4 5 5 V5 5 5 5 =6 m6 6 6 -7 ~7 7 7 8 38 c8 8 8 8 (9 \9 9 9 9 9 9 9 : [: n: : : : ; r; ; ; < ]< < < < < < '= y= = = > [> > > D? a? ? ? @ J@ @ @ %A hA A A KB MB cB eB gB B B (C ;C EC XC kC C C C C RD eD xD D D D D D 8E hE E E ?F F F #G bG G G G H dH H H I ZI I I J dJ fJ |J ~J J J i