|
Line
Link Here
|
|
sel type base lim/bot |
|
sel type base lim/bot |
| 1 |
---- ---- -------- -------- |
1 |
---- ---- -------- -------- |
| 2 |
- exception record -- |
|
|
| 3 |
Exception Code: c0000005 (access violation) |
2 |
Exception Code: c0000005 (access violation) |
| 4 |
Exception Info: 00000000 |
3 |
Exception Info: 00000000 |
| 5 |
ffffffff |
4 |
ffffffff |
| 6 |
016f:004c8577 90 nop |
5 |
016f:004c8577 90 nop |
| 7 |
016f:004c8578 90 nop |
6 |
016f:004c8578 90 nop |
| 8 |
016f:004c8579 90 nop |
7 |
016f:004c8579 90 nop |
| 9 |
016f:004c857a 90 nop |
8 |
016f:004c857a 90 nop |
| 10 |
016f:004c857b 90 nop |
9 |
016f:004c857b 90 nop |
| 11 |
016f:004c857c 90 nop |
10 |
016f:004c857c 90 nop |
| 12 |
016f:004c857d 90 nop |
11 |
016f:004c857d 90 nop |
| 13 |
016f:004c857e 90 nop |
12 |
016f:004c857e 90 nop |
| 14 |
016f:004c857f 90 nop |
13 |
016f:004c857f 90 nop |
| 15 |
016f:004c8580 8b442404 mov eax,dword ptr [esp+04] |
14 |
016f:004c8580 8b442404 mov eax,dword ptr [esp+04] |
| 16 |
016f:004c8587 c3 retd |
15 |
016f:004c8587 c3 retd |
| 17 |
016f:004c8588 90 nop |
16 |
016f:004c8588 90 nop |
| 18 |
016f:004c8589 90 nop |
17 |
016f:004c8589 90 nop |
| 19 |
016f:004c858a 90 nop |
18 |
016f:004c858a 90 nop |
| 20 |
016f:004c858b 90 nop |
19 |
016f:004c858b 90 nop |
| 21 |
016f:004c858c 90 nop |
20 |
016f:004c858c 90 nop |
| 22 |
016f:004c858d 90 nop |
21 |
016f:004c858d 90 nop |
| 23 |
016f:004c858e 90 nop |
22 |
016f:004c858e 90 nop |
| 24 |
016f:004c858f 90 nop |
23 |
016f:004c858f 90 nop |
| 25 |
016f:004c8590 8b442404 mov eax,dword ptr [esp+04] |
24 |
016f:004c8590 8b442404 mov eax,dword ptr [esp+04] |
| 26 |
------------------- |
|
|
| 27 |
- stack summary -- |
| 28 |
(00f000ff,87c80000,33f000e9,33f000ff, |
25 |
(00f000ff,87c80000,33f000e9,33f000ff, |
| 29 |
33f000ff,33f000ff,57f000ff,8ff000ef) |
26 |
33f000ff,33f000ff,57f000ff,8ff000ef) |
| 30 |
- stack trace -- |
|
|
| 31 |
(00f000ff,87c80000,33f000e9,33f000ff, |
27 |
(00f000ff,87c80000,33f000e9,33f000ff, |
| 32 |
33f000ff,33f000ff,57f000ff,8ff000ef) |
28 |
33f000ff,33f000ff,57f000ff,8ff000ef) |
| 33 |
016f:004c8577 90 nop |
29 |
016f:004c8577 90 nop |
| 34 |
016f:004c8578 90 nop |
30 |
016f:004c8578 90 nop |
| 35 |
016f:004c8579 90 nop |
31 |
016f:004c8579 90 nop |
| 36 |
016f:004c857a 90 nop |
32 |
016f:004c857a 90 nop |
| 37 |
016f:004c857b 90 nop |
33 |
016f:004c857b 90 nop |
| 38 |
016f:004c857c 90 nop |
34 |
016f:004c857c 90 nop |
| 39 |
016f:004c857d 90 nop |
35 |
016f:004c857d 90 nop |
| 40 |
016f:004c857e 90 nop |
36 |
016f:004c857e 90 nop |
| 41 |
016f:004c857f 90 nop |
37 |
016f:004c857f 90 nop |
| 42 |
016f:004c8580 8b442404 mov eax,dword ptr [esp+04] |
38 |
016f:004c8580 8b442404 mov eax,dword ptr [esp+04] |
| 43 |
016f:004c8587 c3 retd |
39 |
016f:004c8587 c3 retd |
| 44 |
016f:004c8588 90 nop |
40 |
016f:004c8588 90 nop |
| 45 |
016f:004c8589 90 nop |
41 |
016f:004c8589 90 nop |
| 46 |
016f:004c858a 90 nop |
42 |
016f:004c858a 90 nop |
| 47 |
016f:004c858b 90 nop |
43 |
016f:004c858b 90 nop |
| 48 |
016f:004c858c 90 nop |
44 |
016f:004c858c 90 nop |
| 49 |
016f:004c858d 90 nop |
45 |
016f:004c858d 90 nop |
| 50 |
016f:004c858e 90 nop |
46 |
016f:004c858e 90 nop |
| 51 |
016f:004c858f 90 nop |
47 |
016f:004c858f 90 nop |
| 52 |
016f:004c8590 8b442404 mov eax,dword ptr [esp+04] |
48 |
016f:004c8590 8b442404 mov eax,dword ptr [esp+04] |
| 53 |
------------------- |
|
|
| 54 |
- stack dump -- |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c5bca 57 push edi |
9 |
016f:004c5bca 57 push edi |
| 4 |
016f:004c5bcb 6866450000 push 00004566 |
10 |
016f:004c5bcb 6866450000 push 00004566 |
| 5 |
016f:004c5bd0 33c0 xor eax,eax |
11 |
016f:004c5bd0 33c0 xor eax,eax |
| 6 |
016f:004c5bd2 6a4c push +4c |
12 |
016f:004c5bd2 6a4c push +4c |
| 7 |
016f:004c5bd4 56 push esi |
13 |
016f:004c5bd4 56 push esi |
| 8 |
016f:004c5bd5 89442424 mov dword ptr [esp+24],eax |
14 |
016f:004c5bd5 89442424 mov dword ptr [esp+24],eax |
| 9 |
016f:004c5bd9 8944241c mov dword ptr [esp+1c],eax |
15 |
016f:004c5bd9 8944241c mov dword ptr [esp+1c],eax |
| 10 |
016f:004c5bdd 89442420 mov dword ptr [esp+20],eax |
16 |
016f:004c5bdd 89442420 mov dword ptr [esp+20],eax |
| 11 |
016f:004c5be1 bd15000000 mov ebp,00000015 |
17 |
016f:004c5be1 bd15000000 mov ebp,00000015 |
| 12 |
016f:004c5be6 e895290000 call 004c8580 = SAL3.DLL!rtl_uString_getLength |
18 |
016f:004c5be6 e895290000 call 004c8580 = SAL3.DLL!rtl_uString_getLength |
| 13 |
016f:004c5bee 50 push eax |
19 |
016f:004c5bee 50 push eax |
| 14 |
016f:004c5bef 56 push esi |
20 |
016f:004c5bef 56 push esi |
| 15 |
016f:004c5bf0 e89b290000 call 004c8590 = SAL3.DLL!rtl_uString_getStr |
21 |
016f:004c5bf0 e89b290000 call 004c8590 = SAL3.DLL!rtl_uString_getStr |
| 16 |
016f:004c5bf5 83c404 add esp,+04 |
22 |
016f:004c5bf5 83c404 add esp,+04 |
| 17 |
016f:004c5bf8 50 push eax |
23 |
016f:004c5bf8 50 push eax |
| 18 |
016f:004c5bf9 8d442428 lea eax,[esp+28] |
24 |
016f:004c5bf9 8d442428 lea eax,[esp+28] |
| 19 |
016f:004c5bfd 50 push eax |
25 |
016f:004c5bfd 50 push eax |
| 20 |
016f:004c5bfe e86d810000 call 004cdd70 = SAL3.DLL!rtl_uString2String |
26 |
016f:004c5bfe e86d810000 call 004cdd70 = SAL3.DLL!rtl_uString2String |
| 21 |
016f:004c5c03 8b54242c mov edx,dword ptr [esp+2c] |
27 |
016f:004c5c03 8b54242c mov edx,dword ptr [esp+2c] |
| 22 |
016f:004c5c07 8d4c2424 lea ecx,[esp+24] |
28 |
016f:004c5c07 8d4c2424 lea ecx,[esp+24] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
8 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c5e4c 90 nop |
9 |
016f:004c5e4c 90 nop |
| 4 |
016f:004c5e4d 90 nop |
10 |
016f:004c5e4d 90 nop |
| 5 |
016f:004c5e4e 90 nop |
11 |
016f:004c5e4e 90 nop |
| 6 |
016f:004c5e4f 90 nop |
12 |
016f:004c5e4f 90 nop |
| 7 |
016f:004c5e50 8b442408 mov eax,dword ptr [esp+08] |
13 |
016f:004c5e50 8b442408 mov eax,dword ptr [esp+08] |
| 8 |
016f:004c5e54 8b4c2404 mov ecx,dword ptr [esp+04] |
14 |
016f:004c5e54 8b4c2404 mov ecx,dword ptr [esp+04] |
| 9 |
016f:004c5e58 6a01 push +01 |
15 |
016f:004c5e58 6a01 push +01 |
| 10 |
016f:004c5e5a 50 push eax |
16 |
016f:004c5e5a 50 push eax |
| 11 |
016f:004c5e5b 51 push ecx |
17 |
016f:004c5e5b 51 push ecx |
| 12 |
016f:004c5e5c e85ffdffff call 004c5bc0 = SAL3.DLL:.text+0x4bc0 |
18 |
016f:004c5e5c e85ffdffff call 004c5bc0 = SAL3.DLL:.text+0x4bc0 |
| 13 |
016f:004c5e64 c3 retd |
19 |
016f:004c5e64 c3 retd |
| 14 |
016f:004c5e65 90 nop |
20 |
016f:004c5e65 90 nop |
| 15 |
016f:004c5e66 90 nop |
21 |
016f:004c5e66 90 nop |
| 16 |
016f:004c5e67 90 nop |
22 |
016f:004c5e67 90 nop |
| 17 |
016f:004c5e68 90 nop |
23 |
016f:004c5e68 90 nop |
| 18 |
016f:004c5e69 90 nop |
24 |
016f:004c5e69 90 nop |
| 19 |
016f:004c5e6a 90 nop |
25 |
016f:004c5e6a 90 nop |
| 20 |
016f:004c5e6b 90 nop |
26 |
016f:004c5e6b 90 nop |
| 21 |
016f:004c5e6c 90 nop |
27 |
016f:004c5e6c 90 nop |
| 22 |
016f:004c5e6d 90 nop |
28 |
016f:004c5e6d 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004d67f0 8d4c240c lea ecx,[esp+0c] |
9 |
016f:004d67f0 8d4c240c lea ecx,[esp+0c] |
| 4 |
016f:004d67f4 55 push ebp |
10 |
016f:004d67f4 55 push ebp |
| 5 |
016f:004d67f5 51 push ecx |
11 |
016f:004d67f5 51 push ecx |
| 6 |
016f:004d67f6 e8551dffff call 004c8550 = SAL3.DLL!rtl_uString_assign |
12 |
016f:004d67f6 e8551dffff call 004c8550 = SAL3.DLL!rtl_uString_assign |
| 7 |
016f:004d67fb 83c408 add esp,+08 |
13 |
016f:004d67fb 83c408 add esp,+08 |
| 8 |
016f:004d67fe 8b44240c mov eax,dword ptr [esp+0c] |
14 |
016f:004d67fe 8b44240c mov eax,dword ptr [esp+0c] |
| 9 |
016f:004d6802 8d54240c lea edx,[esp+0c] |
15 |
016f:004d6802 8d54240c lea edx,[esp+0c] |
| 10 |
016f:004d6806 52 push edx |
16 |
016f:004d6806 52 push edx |
| 11 |
016f:004d6807 50 push eax |
17 |
016f:004d6807 50 push eax |
| 12 |
016f:004d6808 e843f6feff call 004c5e50 = SAL3.DLL!osl_getSystemPathFromFileURL |
18 |
016f:004d6808 e843f6feff call 004c5e50 = SAL3.DLL!osl_getSystemPathFromFileURL |
| 13 |
016f:004d6811 83c408 add esp,+08 |
19 |
016f:004d6811 83c408 add esp,+08 |
| 14 |
016f:004d6814 f6c301 test bl,01 |
20 |
016f:004d6814 f6c301 test bl,01 |
| 15 |
016f:004d6817 752c jnz 004d6845 = SAL3.DLL:.text+0x15845 |
21 |
016f:004d6817 752c jnz 004d6845 = SAL3.DLL:.text+0x15845 |
| 16 |
016f:004d6819 8b4c240c mov ecx,dword ptr [esp+0c] |
22 |
016f:004d6819 8b4c240c mov ecx,dword ptr [esp+0c] |
| 17 |
016f:004d681d 53 push ebx |
23 |
016f:004d681d 53 push ebx |
| 18 |
016f:004d681e 51 push ecx |
24 |
016f:004d681e 51 push ecx |
| 19 |
016f:004d681f e8ec110000 call 004d7a10 = SAL3.DLL:.text+0x16a10 |
25 |
016f:004d681f e8ec110000 call 004d7a10 = SAL3.DLL:.text+0x16a10 |
| 20 |
016f:004d6824 8bf8 mov edi,eax |
26 |
016f:004d6824 8bf8 mov edi,eax |
| 21 |
016f:004d6826 83c408 add esp,+08 |
27 |
016f:004d6826 83c408 add esp,+08 |
| 22 |
016f:004d6829 85ff test edi,edi |
28 |
016f:004d6829 85ff test edi,edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c209bfa 7409 jz 1c209c05 = VOS2MSC.DLL:.text+0x8c05 |
9 |
016f:1c209bfa 7409 jz 1c209c05 = VOS2MSC.DLL:.text+0x8c05 |
| 4 |
016f:1c209bfc 56 push esi |
10 |
016f:1c209bfc 56 push esi |
| 5 |
016f:1c209bfd e82e000000 call 1c209c30 = VOS2MSC.DLL!234 |
11 |
016f:1c209bfd e82e000000 call 1c209c30 = VOS2MSC.DLL!234 |
| 6 |
016f:1c209c02 83c404 add esp,+04 |
12 |
016f:1c209c02 83c404 add esp,+04 |
| 7 |
016f:1c209c05 8b4c240c mov ecx,dword ptr [esp+0c] |
13 |
016f:1c209c05 8b4c240c mov ecx,dword ptr [esp+0c] |
| 8 |
016f:1c209c09 8b442410 mov eax,dword ptr [esp+10] |
14 |
016f:1c209c09 8b442410 mov eax,dword ptr [esp+10] |
| 9 |
016f:1c209c0d 50 push eax |
15 |
016f:1c209c0d 50 push eax |
| 10 |
016f:1c209c0e 8b11 mov edx,dword ptr [ecx] |
16 |
016f:1c209c0e 8b11 mov edx,dword ptr [ecx] |
| 11 |
016f:1c209c10 52 push edx |
17 |
016f:1c209c10 52 push edx |
| 12 |
016f:1c209c11 e8262b0000 call 1c20c73c = SAL3.DLL!osl_openProfile |
18 |
016f:1c209c11 e8262b0000 call 1c20c73c = SAL3.DLL!osl_openProfile |
| 13 |
016f:1c209c19 33c9 xor ecx,ecx |
19 |
016f:1c209c19 33c9 xor ecx,ecx |
| 14 |
016f:1c209c1b 85c0 test eax,eax |
20 |
016f:1c209c1b 85c0 test eax,eax |
| 15 |
016f:1c209c1d 0f95c1 setnz cl |
21 |
016f:1c209c1d 0f95c1 setnz cl |
| 16 |
016f:1c209c20 894604 mov dword ptr [esi+04],eax |
22 |
016f:1c209c20 894604 mov dword ptr [esi+04],eax |
| 17 |
016f:1c209c23 8ac1 mov al,cl |
23 |
016f:1c209c23 8ac1 mov al,cl |
| 18 |
016f:1c209c25 5e pop esi |
24 |
016f:1c209c25 5e pop esi |
| 19 |
016f:1c209c26 c3 retd |
25 |
016f:1c209c26 c3 retd |
| 20 |
016f:1c209c27 90 nop |
26 |
016f:1c209c27 90 nop |
| 21 |
016f:1c209c28 90 nop |
27 |
016f:1c209c28 90 nop |
| 22 |
016f:1c209c29 90 nop |
28 |
016f:1c209c29 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
8 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c209b70 8b442408 mov eax,dword ptr [esp+08] |
9 |
016f:1c209b70 8b442408 mov eax,dword ptr [esp+08] |
| 4 |
016f:1c209b74 56 push esi |
10 |
016f:1c209b74 56 push esi |
| 5 |
016f:1c209b75 8bf1 mov esi,ecx |
11 |
016f:1c209b75 8bf1 mov esi,ecx |
| 6 |
016f:1c209b77 50 push eax |
12 |
016f:1c209b77 50 push eax |
| 7 |
016f:1c209b78 8b4c240c mov ecx,dword ptr [esp+0c] |
13 |
016f:1c209b78 8b4c240c mov ecx,dword ptr [esp+0c] |
| 8 |
016f:1c209b7c 51 push ecx |
14 |
016f:1c209b7c 51 push ecx |
| 9 |
016f:1c209b7d 56 push esi |
15 |
016f:1c209b7d 56 push esi |
| 10 |
016f:1c209b7e c7460400000000 mov dword ptr [esi+04],00000000 |
16 |
016f:1c209b7e c7460400000000 mov dword ptr [esi+04],00000000 |
| 11 |
016f:1c209b85 c70698d6201c mov dword ptr [esi],1c20d698 |
17 |
016f:1c209b85 c70698d6201c mov dword ptr [esi],1c20d698 |
| 12 |
016f:1c209b8b e860000000 call 1c209bf0 = VOS2MSC.DLL!239 |
18 |
016f:1c209b8b e860000000 call 1c209bf0 = VOS2MSC.DLL!239 |
| 13 |
016f:1c209b93 8bc6 mov eax,esi |
19 |
016f:1c209b93 8bc6 mov eax,esi |
| 14 |
016f:1c209b95 5e pop esi |
20 |
016f:1c209b95 5e pop esi |
| 15 |
016f:1c209b96 c20800 retd 0008 |
21 |
016f:1c209b96 c20800 retd 0008 |
| 16 |
016f:1c209b99 90 nop |
22 |
016f:1c209b99 90 nop |
| 17 |
016f:1c209b9a 90 nop |
23 |
016f:1c209b9a 90 nop |
| 18 |
016f:1c209b9b 90 nop |
24 |
016f:1c209b9b 90 nop |
| 19 |
016f:1c209b9c 90 nop |
25 |
016f:1c209b9c 90 nop |
| 20 |
016f:1c209b9d 90 nop |
26 |
016f:1c209b9d 90 nop |
| 21 |
016f:1c209b9e 90 nop |
27 |
016f:1c209b9e 90 nop |
| 22 |
016f:1c209b9f 90 nop |
28 |
016f:1c209b9f 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c3735 51 push ecx |
9 |
016f:010c3735 51 push ecx |
| 4 |
016f:010c3736 e8055a0000 call 010c9140 = SAL3.DLL!rtl_uString_release |
10 |
016f:010c3736 e8055a0000 call 010c9140 = SAL3.DLL!rtl_uString_release |
| 5 |
016f:010c373b 83c40c add esp,+0c |
11 |
016f:010c373b 83c40c add esp,+0c |
| 6 |
016f:010c373e 8d4c2410 lea ecx,[esp+10] |
12 |
016f:010c373e 8d4c2410 lea ecx,[esp+10] |
| 7 |
016f:010c3742 e8c7580000 call 010c900e = TL641MI.DLL!242 |
13 |
016f:010c3742 e8c7580000 call 010c900e = TL641MI.DLL!242 |
| 8 |
016f:010c3747 8d542414 lea edx,[esp+14] |
14 |
016f:010c3747 8d542414 lea edx,[esp+14] |
| 9 |
016f:010c374b 55 push ebp |
15 |
016f:010c374b 55 push ebp |
| 10 |
016f:010c374c 52 push edx |
16 |
016f:010c374c 52 push edx |
| 11 |
016f:010c374d 8d4c2428 lea ecx,[esp+28] |
17 |
016f:010c374d 8d4c2428 lea ecx,[esp+28] |
| 12 |
016f:010c3751 e804580000 call 010c8f5a = VOS2MSC.DLL!227 |
18 |
016f:010c3751 e804580000 call 010c8f5a = VOS2MSC.DLL!227 |
| 13 |
016f:010c3757 55 push ebp |
19 |
016f:010c3757 55 push ebp |
| 14 |
016f:010c3758 8d442428 lea eax,[esp+28] |
20 |
016f:010c3758 8d442428 lea eax,[esp+28] |
| 15 |
016f:010c375c 6840b60c01 push 010cb640 |
21 |
016f:010c375c 6840b60c01 push 010cb640 |
| 16 |
016f:010c3761 50 push eax |
22 |
016f:010c3761 50 push eax |
| 17 |
016f:010c3762 e817580000 call 010c8f7e = VOS2MSC.DLL!237 |
23 |
016f:010c3762 e817580000 call 010c8f7e = VOS2MSC.DLL!237 |
| 18 |
016f:010c3767 8bf0 mov esi,eax |
24 |
016f:010c3767 8bf0 mov esi,eax |
| 19 |
016f:010c3769 56 push esi |
25 |
016f:010c3769 56 push esi |
| 20 |
016f:010c376a e887580000 call 010c8ff6 = TL641MI.DLL!20 |
26 |
016f:010c376a e887580000 call 010c8ff6 = TL641MI.DLL!20 |
| 21 |
016f:010c376f 8bf8 mov edi,eax |
27 |
016f:010c376f 8bf8 mov edi,eax |
| 22 |
016f:010c3771 56 push esi |
28 |
016f:010c3771 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
8 |
-> 85 02 00 00 00 00 00 00 00 00 00 00 77 39 78 75 ............w9xu |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 50 9b 20 1c 70 9c 20 1c a0 9c 20 1c c0 9c 20 1c P. .p. ... ... . |
8 |
-> 50 9b 20 1c 70 9c 20 1c a0 9c 20 1c c0 9c 20 1c P. .p. ... ... . |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. |
8 |
-> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e37 b801000000 mov eax,00000001 |
9 |
016f:1c832e37 b801000000 mov eax,00000001 |
| 4 |
016f:1c832e3c 89442400 mov dword ptr [esp],eax |
10 |
016f:1c832e3c 89442400 mov dword ptr [esp],eax |
| 5 |
016f:1c832e40 3bc8 cmp ecx,eax |
11 |
016f:1c832e40 3bc8 cmp ecx,eax |
| 6 |
016f:1c832e42 8d442400 lea eax,[esp] |
12 |
016f:1c832e42 8d442400 lea eax,[esp] |
| 7 |
016f:1c832e46 7204 jc 1c832e4c = TL641MI.DLL:.text+0x31e4c |
13 |
016f:1c832e46 7204 jc 1c832e4c = TL641MI.DLL:.text+0x31e4c |
| 8 |
016f:1c832e48 8d442414 lea eax,[esp+14] |
14 |
016f:1c832e48 8d442414 lea eax,[esp+14] |
| 9 |
016f:1c832e4c 56 push esi |
15 |
016f:1c832e4c 56 push esi |
| 10 |
016f:1c832e4d 8b30 mov esi,dword ptr [eax] |
16 |
016f:1c832e4d 8b30 mov esi,dword ptr [eax] |
| 11 |
016f:1c832e4f 56 push esi |
17 |
016f:1c832e4f 56 push esi |
| 12 |
016f:1c832e50 e8c10e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory |
18 |
016f:1c832e50 e8c10e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory |
| 13 |
016f:1c832e58 85c0 test eax,eax |
19 |
016f:1c832e58 85c0 test eax,eax |
| 14 |
016f:1c832e5a 7518 jnz 1c832e74 = TL641MI.DLL:.text+0x31e74 |
20 |
016f:1c832e5a 7518 jnz 1c832e74 = TL641MI.DLL:.text+0x31e74 |
| 15 |
016f:1c832e5c a15824861c mov eax,dword ptr [1c862458] |
21 |
016f:1c832e5c a15824861c mov eax,dword ptr [1c862458] |
| 16 |
016f:1c832e61 85c0 test eax,eax |
22 |
016f:1c832e61 85c0 test eax,eax |
| 17 |
016f:1c832e63 7414 jz 1c832e79 = TL641MI.DLL:.text+0x31e79 |
23 |
016f:1c832e63 7414 jz 1c832e79 = TL641MI.DLL:.text+0x31e79 |
| 18 |
016f:1c832e65 ffd0 call eax |
24 |
016f:1c832e65 ffd0 call eax |
| 19 |
016f:1c832e67 56 push esi |
25 |
016f:1c832e67 56 push esi |
| 20 |
016f:1c832e68 e8a90e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory |
26 |
016f:1c832e68 e8a90e0200 call 1c853d16 = SAL3.DLL!rtl_allocateMemory |
| 21 |
016f:1c832e6d 83c404 add esp,+04 |
27 |
016f:1c832e6d 83c404 add esp,+04 |
| 22 |
016f:1c832e70 85c0 test eax,eax |
28 |
016f:1c832e70 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780283e2 3bc2 cmp eax,edx |
9 |
016f:780283e2 3bc2 cmp eax,edx |
| 4 |
016f:780283e4 75f5 jnz 780283db = MSVCRT.DLL:.text+0x273db |
10 |
016f:780283e4 75f5 jnz 780283db = MSVCRT.DLL:.text+0x273db |
| 5 |
016f:780283e6 668b08 mov cx,word ptr [eax] |
11 |
016f:780283e6 668b08 mov cx,word ptr [eax] |
| 6 |
016f:780283e9 662bce sub cx,si |
12 |
016f:780283e9 662bce sub cx,si |
| 7 |
016f:780283ec 5e pop esi |
13 |
016f:780283ec 5e pop esi |
| 8 |
016f:780283ed 66f7d9 neg cx |
14 |
016f:780283ed 66f7d9 neg cx |
| 9 |
016f:780283f0 1bc9 sbb ecx,ecx |
15 |
016f:780283f0 1bc9 sbb ecx,ecx |
| 10 |
016f:780283f2 f7d1 not ecx |
16 |
016f:780283f2 f7d1 not ecx |
| 11 |
016f:780283f4 23c1 and eax,ecx |
17 |
016f:780283f4 23c1 and eax,ecx |
| 12 |
016f:780283f6 c3 retd |
18 |
016f:780283f6 c3 retd |
| 13 |
016f:780283fb 53 push ebx |
19 |
016f:780283fb 53 push ebx |
| 14 |
016f:780283fc 56 push esi |
20 |
016f:780283fc 56 push esi |
| 15 |
016f:780283fd 57 push edi |
21 |
016f:780283fd 57 push edi |
| 16 |
016f:780283fe 668b08 mov cx,word ptr [eax] |
22 |
016f:780283fe 668b08 mov cx,word ptr [eax] |
| 17 |
016f:78028401 6685c9 test cx,cx |
23 |
016f:78028401 6685c9 test cx,cx |
| 18 |
016f:78028404 7429 jz 7802842f = MSVCRT.DLL:.text+0x2742f |
24 |
016f:78028404 7429 jz 7802842f = MSVCRT.DLL:.text+0x2742f |
| 19 |
016f:78028406 8b5c2414 mov ebx,dword ptr [esp+14] |
25 |
016f:78028406 8b5c2414 mov ebx,dword ptr [esp+14] |
| 20 |
016f:7802840a 668b3b mov di,word ptr [ebx] |
26 |
016f:7802840a 668b3b mov di,word ptr [ebx] |
| 21 |
016f:7802840d 663bf9 cmp di,cx |
27 |
016f:7802840d 663bf9 cmp di,cx |
| 22 |
016f:78028410 8bf3 mov esi,ebx |
28 |
016f:78028410 8bf3 mov esi,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b f8 85 ff 74 4c bb 10 96 f6 bf 53 e8 d6 6d 00 ....tL.....S..m. |
8 |
-> 8b f8 85 ff 74 4c bb 10 96 f6 bf 53 e8 d6 6d 00 ....tL.....S..m. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 f4 00 00 00 00 00 00 a1 ef 00 00 00 00 00 00 ................ |
8 |
-> b8 f4 00 00 00 00 00 00 a1 ef 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80e4d5 85db test ebx,ebx |
9 |
016f:1c80e4d5 85db test ebx,ebx |
| 4 |
016f:1c80e4d7 740c jz 1c80e4e5 = TL641MI.DLL:.text+0xd4e5 |
10 |
016f:1c80e4d7 740c jz 1c80e4e5 = TL641MI.DLL:.text+0xd4e5 |
| 5 |
016f:1c80e4d9 8b442440 mov eax,dword ptr [esp+40] |
11 |
016f:1c80e4d9 8b442440 mov eax,dword ptr [esp+40] |
| 6 |
016f:1c80e4dd 8bce mov ecx,esi |
12 |
016f:1c80e4dd 8bce mov ecx,esi |
| 7 |
016f:1c80e4df 50 push eax |
13 |
016f:1c80e4df 50 push eax |
| 8 |
016f:1c80e4e0 e80b56ffff call 1c803af0 = TL641MI.DLL!155 |
14 |
016f:1c80e4e0 e80b56ffff call 1c803af0 = TL641MI.DLL!155 |
| 9 |
016f:1c80e4e5 8d4c2424 lea ecx,[esp+24] |
15 |
016f:1c80e4e5 8d4c2424 lea ecx,[esp+24] |
| 10 |
016f:1c80e4e9 e8c2f8ffff call 1c80ddb0 = TL641MI.DLL:.text+0xcdb0 |
16 |
016f:1c80e4e9 e8c2f8ffff call 1c80ddb0 = TL641MI.DLL:.text+0xcdb0 |
| 11 |
016f:1c80e4ee 8d4c2410 lea ecx,[esp+10] |
17 |
016f:1c80e4ee 8d4c2410 lea ecx,[esp+10] |
| 12 |
016f:1c80e4f2 e8b955ffff call 1c803ab0 = TL641MI.DLL!149 |
18 |
016f:1c80e4f2 e8b955ffff call 1c803ab0 = TL641MI.DLL!149 |
| 13 |
016f:1c80e4f8 5e pop esi |
19 |
016f:1c80e4f8 5e pop esi |
| 14 |
016f:1c80e4f9 8bc3 mov eax,ebx |
20 |
016f:1c80e4f9 8bc3 mov eax,ebx |
| 15 |
016f:1c80e4fb 5d pop ebp |
21 |
016f:1c80e4fb 5d pop ebp |
| 16 |
016f:1c80e4fc 5b pop ebx |
22 |
016f:1c80e4fc 5b pop ebx |
| 17 |
016f:1c80e4fd 83c42c add esp,+2c |
23 |
016f:1c80e4fd 83c42c add esp,+2c |
| 18 |
016f:1c80e500 c20800 retd 0008 |
24 |
016f:1c80e500 c20800 retd 0008 |
| 19 |
016f:1c80e503 90 nop |
25 |
016f:1c80e503 90 nop |
| 20 |
016f:1c80e504 90 nop |
26 |
016f:1c80e504 90 nop |
| 21 |
016f:1c80e505 90 nop |
27 |
016f:1c80e505 90 nop |
| 22 |
016f:1c80e506 90 nop |
28 |
016f:1c80e506 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
| 24 |
... |
29 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a4e6 2bfb sub edi,ebx |
9 |
016f:bff6a4e6 2bfb sub edi,ebx |
| 4 |
016f:bff6a4e8 57 push edi |
10 |
016f:bff6a4e8 57 push edi |
| 5 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
11 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
| 6 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
13 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
| 8 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
14 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
| 9 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
15 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
| 10 |
016f:bff6a4f8 50 push eax |
16 |
016f:bff6a4f8 50 push eax |
| 11 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
18 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 13 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
19 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 14 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
20 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 15 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
21 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 16 |
016f:bff6a50d 50 push eax |
22 |
016f:bff6a50d 50 push eax |
| 17 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
23 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 18 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
24 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 19 |
016f:bff6a514 50 push eax |
25 |
016f:bff6a514 50 push eax |
| 20 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
26 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 21 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
27 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 22 |
016f:bff6a51d 85c0 test eax,eax |
28 |
016f:bff6a51d 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a6ab 56 push esi |
9 |
016f:bff6a6ab 56 push esi |
| 4 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
10 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
| 5 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
11 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
| 6 |
016f:bff6a6b4 85c0 test eax,eax |
12 |
016f:bff6a6b4 85c0 test eax,eax |
| 7 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
13 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 8 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
14 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
| 9 |
016f:bff6a6bb 56 push esi |
15 |
016f:bff6a6bb 56 push esi |
| 10 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
16 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
| 11 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
17 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
| 12 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
19 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
| 14 |
016f:bff6a6cd 6a08 push +08 |
20 |
016f:bff6a6cd 6a08 push +08 |
| 15 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
21 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 16 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
22 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 17 |
016f:bff6a6d6 6a08 push +08 |
23 |
016f:bff6a6d6 6a08 push +08 |
| 18 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
24 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 19 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
25 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 20 |
016f:bff6a6df 6a10 push +10 |
26 |
016f:bff6a6df 6a10 push +10 |
| 21 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
27 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
| 22 |
016f:bff6a6e4 680a000100 push 0001000a |
28 |
016f:bff6a6e4 680a000100 push 0001000a |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6cfa6 740a jz bff6cfb2 = KERNEL32.DLL:.text+0x3fb2 |
9 |
016f:bff6cfa6 740a jz bff6cfb2 = KERNEL32.DLL:.text+0x3fb2 |
| 4 |
016f:bff6cfa8 ff7508 push dword ptr [ebp+08] |
10 |
016f:bff6cfa8 ff7508 push dword ptr [ebp+08] |
| 5 |
016f:bff6cfab e8b5ffffff call bff6cf65 = KERNEL32.DLL:.text+0x3f65 |
11 |
016f:bff6cfab e8b5ffffff call bff6cf65 = KERNEL32.DLL:.text+0x3f65 |
| 6 |
016f:bff6cfb0 eb13 jmp bff6cfc5 = KERNEL32.DLL:.text+0x3fc5 |
12 |
016f:bff6cfb0 eb13 jmp bff6cfc5 = KERNEL32.DLL:.text+0x3fc5 |
| 7 |
016f:bff6cfb2 6a01 push +01 |
13 |
016f:bff6cfb2 6a01 push +01 |
| 8 |
016f:bff6cfb4 8b4508 mov eax,dword ptr [ebp+08] |
14 |
016f:bff6cfb4 8b4508 mov eax,dword ptr [ebp+08] |
| 9 |
016f:bff6cfb7 83c004 add eax,+04 |
15 |
016f:bff6cfb7 83c004 add eax,+04 |
| 10 |
016f:bff6cfba 50 push eax |
16 |
016f:bff6cfba 50 push eax |
| 11 |
016f:bff6cfbb 6805000100 push 00010005 |
17 |
016f:bff6cfbb 6805000100 push 00010005 |
| 12 |
016f:bff6cfc0 e80f44ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff6cfc0 e80f44ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6cfc8 837dfc00 cmp dword ptr [ebp-04],+00 |
19 |
016f:bff6cfc8 837dfc00 cmp dword ptr [ebp-04],+00 |
| 14 |
016f:bff6cfcc 7405 jz bff6cfd3 = KERNEL32.DLL:.text+0x3fd3 |
20 |
016f:bff6cfcc 7405 jz bff6cfd3 = KERNEL32.DLL:.text+0x3fd3 |
| 15 |
016f:bff6cfce 8b45fc mov eax,dword ptr [ebp-04] |
21 |
016f:bff6cfce 8b45fc mov eax,dword ptr [ebp-04] |
| 16 |
016f:bff6cfd1 8818 mov byte ptr [eax],bl |
22 |
016f:bff6cfd1 8818 mov byte ptr [eax],bl |
| 17 |
016f:bff6cfd3 8b45fc mov eax,dword ptr [ebp-04] |
23 |
016f:bff6cfd3 8b45fc mov eax,dword ptr [ebp-04] |
| 18 |
016f:bff6cfd6 5b pop ebx |
24 |
016f:bff6cfd6 5b pop ebx |
| 19 |
016f:bff6cfd7 8be5 mov esp,ebp |
25 |
016f:bff6cfd7 8be5 mov esp,ebp |
| 20 |
016f:bff6cfd9 5d pop ebp |
26 |
016f:bff6cfd9 5d pop ebp |
| 21 |
016f:bff6cfda c20800 retd 0008 |
27 |
016f:bff6cfda c20800 retd 0008 |
| 22 |
016f:bff6cfdd 8b442404 mov eax,dword ptr [esp+04] |
28 |
016f:bff6cfdd 8b442404 mov eax,dword ptr [esp+04] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6dc5e 8b5510 mov edx,dword ptr [ebp+10] |
9 |
016f:bff6dc5e 8b5510 mov edx,dword ptr [ebp+10] |
| 4 |
016f:bff6dc61 52 push edx |
10 |
016f:bff6dc61 52 push edx |
| 5 |
016f:bff6dc62 8b4844 mov ecx,dword ptr [eax+44] |
11 |
016f:bff6dc62 8b4844 mov ecx,dword ptr [eax+44] |
| 6 |
016f:bff6dc65 8954f908 mov dword ptr [ecx+edi*8+08],edx |
12 |
016f:bff6dc65 8954f908 mov dword ptr [ecx+edi*8+08],edx |
| 7 |
016f:bff6dc69 8b4844 mov ecx,dword ptr [eax+44] |
13 |
016f:bff6dc69 8b4844 mov ecx,dword ptr [eax+44] |
| 8 |
016f:bff6dc6c 8b4514 mov eax,dword ptr [ebp+14] |
14 |
016f:bff6dc6c 8b4514 mov eax,dword ptr [ebp+14] |
| 9 |
016f:bff6dc6f 8944f904 mov dword ptr [ecx+edi*8+04],eax |
15 |
016f:bff6dc6f 8944f904 mov dword ptr [ecx+edi*8+04],eax |
| 10 |
016f:bff6dc73 e865f3ffff call bff6cfdd = KERNEL32.DLL:.text+0x3fdd |
16 |
016f:bff6dc73 e865f3ffff call bff6cfdd = KERNEL32.DLL:.text+0x3fdd |
| 11 |
016f:bff6dc78 ff3520bdfbbf push dword ptr [bffbbd20] |
17 |
016f:bff6dc78 ff3520bdfbbf push dword ptr [bffbbd20] |
| 12 |
016f:bff6dc7e e84265ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6dc7e e84265ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff6dc85 5f pop edi |
19 |
016f:bff6dc85 5f pop edi |
| 14 |
016f:bff6dc86 5e pop esi |
20 |
016f:bff6dc86 5e pop esi |
| 15 |
016f:bff6dc87 5d pop ebp |
21 |
016f:bff6dc87 5d pop ebp |
| 16 |
016f:bff6dc88 c21000 retd 0010 |
22 |
016f:bff6dc88 c21000 retd 0010 |
| 17 |
016f:bff6dc8b 55 push ebp |
23 |
016f:bff6dc8b 55 push ebp |
| 18 |
016f:bff6dc8c 8bec mov ebp,esp |
24 |
016f:bff6dc8c 8bec mov ebp,esp |
| 19 |
016f:bff6dc8e 56 push esi |
25 |
016f:bff6dc8e 56 push esi |
| 20 |
016f:bff6dc8f ff7508 push dword ptr [ebp+08] |
26 |
016f:bff6dc8f ff7508 push dword ptr [ebp+08] |
| 21 |
016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 |
27 |
016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 |
| 22 |
016f:bff6dc97 83f8ff cmp eax,-01 |
28 |
016f:bff6dc97 83f8ff cmp eax,-01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6dc8f ff7508 push dword ptr [ebp+08] |
9 |
016f:bff6dc8f ff7508 push dword ptr [ebp+08] |
| 4 |
016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 |
10 |
016f:bff6dc92 e8bc560100 call bff83353 = KERNEL32.DLL:.text+0x1a353 |
| 5 |
016f:bff6dc97 83f8ff cmp eax,-01 |
11 |
016f:bff6dc97 83f8ff cmp eax,-01 |
| 6 |
016f:bff6dc9a 8bf0 mov esi,eax |
12 |
016f:bff6dc9a 8bf0 mov esi,eax |
| 7 |
016f:bff6dc9c 740f jz bff6dcad = KERNEL32.DLL:.text+0x4cad |
13 |
016f:bff6dc9c 740f jz bff6dcad = KERNEL32.DLL:.text+0x4cad |
| 8 |
016f:bff6dc9e ff7510 push dword ptr [ebp+10] |
14 |
016f:bff6dc9e ff7510 push dword ptr [ebp+10] |
| 9 |
016f:bff6dca1 ff750c push dword ptr [ebp+0c] |
15 |
016f:bff6dca1 ff750c push dword ptr [ebp+0c] |
| 10 |
016f:bff6dca4 56 push esi |
16 |
016f:bff6dca4 56 push esi |
| 11 |
016f:bff6dca5 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6dca5 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6dca8 e88fffffff call bff6dc3c = KERNEL32.DLL:.text+0x4c3c |
18 |
016f:bff6dca8 e88fffffff call bff6dc3c = KERNEL32.DLL:.text+0x4c3c |
| 13 |
016f:bff6dcaf 5e pop esi |
19 |
016f:bff6dcaf 5e pop esi |
| 14 |
016f:bff6dcb0 5d pop ebp |
20 |
016f:bff6dcb0 5d pop ebp |
| 15 |
016f:bff6dcb1 c20c00 retd 000c |
21 |
016f:bff6dcb1 c20c00 retd 000c |
| 16 |
016f:bff6dcb4 8b442404 mov eax,dword ptr [esp+04] |
22 |
016f:bff6dcb4 8b442404 mov eax,dword ptr [esp+04] |
| 17 |
016f:bff6dcb8 53 push ebx |
23 |
016f:bff6dcb8 53 push ebx |
| 18 |
016f:bff6dcb9 56 push esi |
24 |
016f:bff6dcb9 56 push esi |
| 19 |
016f:bff6dcba 8bc8 mov ecx,eax |
25 |
016f:bff6dcba 8bc8 mov ecx,eax |
| 20 |
016f:bff6dcbc 33f6 xor esi,esi |
26 |
016f:bff6dcbc 33f6 xor esi,esi |
| 21 |
016f:bff6dcbe 803800 cmp byte ptr [eax],00 |
27 |
016f:bff6dcbe 803800 cmp byte ptr [eax],00 |
| 22 |
016f:bff6dcc1 743a jz bff6dcfd = KERNEL32.DLL:.text+0x4cfd |
28 |
016f:bff6dcc1 743a jz bff6dcfd = KERNEL32.DLL:.text+0x4cfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6f679 bbffffffff mov ebx,ffffffff |
9 |
016f:bff6f679 bbffffffff mov ebx,ffffffff |
| 4 |
016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 |
10 |
016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 |
| 5 |
016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 |
11 |
016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 |
| 6 |
016f:bff6f684 6a00 push +00 |
12 |
016f:bff6f684 6a00 push +00 |
| 7 |
016f:bff6f686 ff75f8 push dword ptr [ebp-08] |
13 |
016f:bff6f686 ff75f8 push dword ptr [ebp-08] |
| 8 |
016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e |
14 |
016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e |
| 9 |
016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
15 |
016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 10 |
016f:bff6f693 8b08 mov ecx,dword ptr [eax] |
16 |
016f:bff6f693 8b08 mov ecx,dword ptr [eax] |
| 11 |
016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 |
17 |
016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 |
| 12 |
016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6f6a0 5f pop edi |
19 |
016f:bff6f6a0 5f pop edi |
| 14 |
016f:bff6f6a1 5e pop esi |
20 |
016f:bff6f6a1 5e pop esi |
| 15 |
016f:bff6f6a2 5b pop ebx |
21 |
016f:bff6f6a2 5b pop ebx |
| 16 |
016f:bff6f6a3 8be5 mov esp,ebp |
22 |
016f:bff6f6a3 8be5 mov esp,ebp |
| 17 |
016f:bff6f6a5 5d pop ebp |
23 |
016f:bff6f6a5 5d pop ebp |
| 18 |
016f:bff6f6a6 c21c00 retd 001c |
24 |
016f:bff6f6a6 c21c00 retd 001c |
| 19 |
016f:bff6f6a9 ff7514 push dword ptr [ebp+14] |
25 |
016f:bff6f6a9 ff7514 push dword ptr [ebp+14] |
| 20 |
016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb |
26 |
016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb |
| 21 |
016f:bff6f6b1 83f8ff cmp eax,-01 |
27 |
016f:bff6f6b1 83f8ff cmp eax,-01 |
| 22 |
016f:bff6f6b4 8bf0 mov esi,eax |
28 |
016f:bff6f6b4 8bf0 mov esi,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 3f 24 53 65 71 75 65 6e 63 65 40 56 54 79 70 65 ?$Sequence@VType |
8 |
-> 3f 24 53 65 71 75 65 6e 63 65 40 56 54 79 70 65 ?$Sequence@VType |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6f679 bbffffffff mov ebx,ffffffff |
9 |
016f:bff6f679 bbffffffff mov ebx,ffffffff |
| 4 |
016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 |
10 |
016f:bff6f67e 837de400 cmp dword ptr [ebp-1c],+00 |
| 5 |
016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 |
11 |
016f:bff6f682 7415 jz bff6f699 = KERNEL32.DLL:.text+0x6699 |
| 6 |
016f:bff6f684 6a00 push +00 |
12 |
016f:bff6f684 6a00 push +00 |
| 7 |
016f:bff6f686 ff75f8 push dword ptr [ebp-08] |
13 |
016f:bff6f686 ff75f8 push dword ptr [ebp-08] |
| 8 |
016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e |
14 |
016f:bff6f689 e8c0e70100 call bff8de4e = KERNEL32.DLL:.text+0x24e4e |
| 9 |
016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
15 |
016f:bff6f68e a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 10 |
016f:bff6f693 8b08 mov ecx,dword ptr [eax] |
16 |
016f:bff6f693 8b08 mov ecx,dword ptr [eax] |
| 11 |
016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 |
17 |
016f:bff6f695 80614df9 and byte ptr [ecx+4d],f9 |
| 12 |
016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6f699 e80fadffff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6f6a0 5f pop edi |
19 |
016f:bff6f6a0 5f pop edi |
| 14 |
016f:bff6f6a1 5e pop esi |
20 |
016f:bff6f6a1 5e pop esi |
| 15 |
016f:bff6f6a2 5b pop ebx |
21 |
016f:bff6f6a2 5b pop ebx |
| 16 |
016f:bff6f6a3 8be5 mov esp,ebp |
22 |
016f:bff6f6a3 8be5 mov esp,ebp |
| 17 |
016f:bff6f6a5 5d pop ebp |
23 |
016f:bff6f6a5 5d pop ebp |
| 18 |
016f:bff6f6a6 c21c00 retd 001c |
24 |
016f:bff6f6a6 c21c00 retd 001c |
| 19 |
016f:bff6f6a9 ff7514 push dword ptr [ebp+14] |
25 |
016f:bff6f6a9 ff7514 push dword ptr [ebp+14] |
| 20 |
016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb |
26 |
016f:bff6f6ac e82ae9ffff call bff6dfdb = KERNEL32.DLL:.text+0x4fdb |
| 21 |
016f:bff6f6b1 83f8ff cmp eax,-01 |
27 |
016f:bff6f6b1 83f8ff cmp eax,-01 |
| 22 |
016f:bff6f6b4 8bf0 mov esi,eax |
28 |
016f:bff6f6b4 8bf0 mov esi,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004ceb3c 8b542420 mov edx,dword ptr [esp+20] |
9 |
016f:004ceb3c 8b542420 mov edx,dword ptr [esp+20] |
| 4 |
016f:004ceb40 51 push ecx |
10 |
016f:004ceb40 51 push ecx |
| 5 |
016f:004ceb41 8b4c2420 mov ecx,dword ptr [esp+20] |
11 |
016f:004ceb41 8b4c2420 mov ecx,dword ptr [esp+20] |
| 6 |
016f:004ceb45 52 push edx |
12 |
016f:004ceb45 52 push edx |
| 7 |
016f:004ceb46 8b542420 mov edx,dword ptr [esp+20] |
13 |
016f:004ceb46 8b542420 mov edx,dword ptr [esp+20] |
| 8 |
016f:004ceb4a 51 push ecx |
14 |
016f:004ceb4a 51 push ecx |
| 9 |
016f:004ceb4b 8b08 mov ecx,dword ptr [eax] |
15 |
016f:004ceb4b 8b08 mov ecx,dword ptr [eax] |
| 10 |
016f:004ceb4d 52 push edx |
16 |
016f:004ceb4d 52 push edx |
| 11 |
016f:004ceb4e 51 push ecx |
17 |
016f:004ceb4e 51 push ecx |
| 12 |
016f:004ceb4f ff5008 call dword ptr [eax+08] |
18 |
016f:004ceb4f ff5008 call dword ptr [eax+08] |
| 13 |
016f:004ceb55 c3 retd |
19 |
016f:004ceb55 c3 retd |
| 14 |
016f:004ceb56 90 nop |
20 |
016f:004ceb56 90 nop |
| 15 |
016f:004ceb57 90 nop |
21 |
016f:004ceb57 90 nop |
| 16 |
016f:004ceb58 90 nop |
22 |
016f:004ceb58 90 nop |
| 17 |
016f:004ceb59 90 nop |
23 |
016f:004ceb59 90 nop |
| 18 |
016f:004ceb5a 90 nop |
24 |
016f:004ceb5a 90 nop |
| 19 |
016f:004ceb5b 90 nop |
25 |
016f:004ceb5b 90 nop |
| 20 |
016f:004ceb5c 90 nop |
26 |
016f:004ceb5c 90 nop |
| 21 |
016f:004ceb5d 90 nop |
27 |
016f:004ceb5d 90 nop |
| 22 |
016f:004ceb5e 90 nop |
28 |
016f:004ceb5e 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004cde62 8b4c2444 mov ecx,dword ptr [esp+44] |
9 |
016f:004cde62 8b4c2444 mov ecx,dword ptr [esp+44] |
| 4 |
016f:004cde66 52 push edx |
10 |
016f:004cde66 52 push edx |
| 5 |
016f:004cde67 8d4708 lea eax,[edi+08] |
11 |
016f:004cde67 8d4708 lea eax,[edi+08] |
| 6 |
016f:004cde6a 56 push esi |
12 |
016f:004cde6a 56 push esi |
| 7 |
016f:004cde6b 50 push eax |
13 |
016f:004cde6b 50 push eax |
| 8 |
016f:004cde6c 53 push ebx |
14 |
016f:004cde6c 53 push ebx |
| 9 |
016f:004cde6d 55 push ebp |
15 |
016f:004cde6d 55 push ebp |
| 10 |
016f:004cde6e 6a00 push +00 |
16 |
016f:004cde6e 6a00 push +00 |
| 11 |
016f:004cde70 51 push ecx |
17 |
016f:004cde70 51 push ecx |
| 12 |
016f:004cde71 e87a0c0000 call 004ceaf0 = SAL3.DLL!rtl_convertUnicodeToText |
18 |
016f:004cde71 e87a0c0000 call 004ceaf0 = SAL3.DLL!rtl_convertUnicodeToText |
| 13 |
016f:004cde78 8a44245c mov al,byte ptr [esp+5c] |
19 |
016f:004cde78 8a44245c mov al,byte ptr [esp+5c] |
| 14 |
016f:004cde7c 83c42c add esp,+2c |
20 |
016f:004cde7c 83c42c add esp,+2c |
| 15 |
016f:004cde7f a804 test al,04 |
21 |
016f:004cde7f a804 test al,04 |
| 16 |
016f:004cde81 745b jz 004cdede = SAL3.DLL:.text+0xcede |
22 |
016f:004cde81 745b jz 004cdede = SAL3.DLL:.text+0xcede |
| 17 |
016f:004cde83 8b542410 mov edx,dword ptr [esp+10] |
23 |
016f:004cde83 8b542410 mov edx,dword ptr [esp+10] |
| 18 |
016f:004cde87 42 inc edx |
24 |
016f:004cde87 42 inc edx |
| 19 |
016f:004cde88 89542410 mov dword ptr [esp+10],edx |
25 |
016f:004cde88 89542410 mov dword ptr [esp+10],edx |
| 20 |
016f:004cde8c 57 push edi |
26 |
016f:004cde8c 57 push edi |
| 21 |
016f:004cde8d e8de3effff call 004c1d70 = SAL3.DLL!rtl_freeMemory |
27 |
016f:004cde8d e8de3effff call 004c1d70 = SAL3.DLL!rtl_freeMemory |
| 22 |
016f:004cde92 8b742418 mov esi,dword ptr [esp+18] |
28 |
016f:004cde92 8b742418 mov esi,dword ptr [esp+18] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... |
8 |
-> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004cdf07 57 push edi |
9 |
016f:004cdf07 57 push edi |
| 4 |
016f:004cdf08 e8633effff call 004c1d70 = SAL3.DLL!rtl_freeMemory |
10 |
016f:004cdf08 e8633effff call 004c1d70 = SAL3.DLL!rtl_freeMemory |
| 5 |
016f:004cdf0d 83c404 add esp,+04 |
11 |
016f:004cdf0d 83c404 add esp,+04 |
| 6 |
016f:004cdf10 8bfb mov edi,ebx |
12 |
016f:004cdf10 8bfb mov edi,ebx |
| 7 |
016f:004cdf12 eb08 jmp 004cdf1c = SAL3.DLL:.text+0xcf1c |
13 |
016f:004cdf12 eb08 jmp 004cdf1c = SAL3.DLL:.text+0xcf1c |
| 8 |
016f:004cdf14 896f04 mov dword ptr [edi+04],ebp |
14 |
016f:004cdf14 896f04 mov dword ptr [edi+04],ebp |
| 9 |
016f:004cdf17 c6442f0800 mov byte ptr [edi+ebp+08],00 |
15 |
016f:004cdf17 c6442f0800 mov byte ptr [edi+ebp+08],00 |
| 10 |
016f:004cdf1c 8b442434 mov eax,dword ptr [esp+34] |
16 |
016f:004cdf1c 8b442434 mov eax,dword ptr [esp+34] |
| 11 |
016f:004cdf20 50 push eax |
17 |
016f:004cdf20 50 push eax |
| 12 |
016f:004cdf21 e85a0b0000 call 004cea80 = SAL3.DLL!rtl_destroyUnicodeToTextConverter |
18 |
016f:004cdf21 e85a0b0000 call 004cea80 = SAL3.DLL!rtl_destroyUnicodeToTextConverter |
| 13 |
016f:004cdf2a 83c404 add esp,+04 |
19 |
016f:004cdf2a 83c404 add esp,+04 |
| 14 |
016f:004cdf2d 85ff test edi,edi |
20 |
016f:004cdf2d 85ff test edi,edi |
| 15 |
016f:004cdf2f 8938 mov dword ptr [eax],edi |
21 |
016f:004cdf2f 8938 mov dword ptr [eax],edi |
| 16 |
016f:004cdf31 740d jz 004cdf40 = SAL3.DLL:.text+0xcf40 |
22 |
016f:004cdf31 740d jz 004cdf40 = SAL3.DLL:.text+0xcf40 |
| 17 |
016f:004cdf33 85ed test ebp,ebp |
23 |
016f:004cdf33 85ed test ebp,ebp |
| 18 |
016f:004cdf35 7509 jnz 004cdf40 = SAL3.DLL:.text+0xcf40 |
24 |
016f:004cdf35 7509 jnz 004cdf40 = SAL3.DLL:.text+0xcf40 |
| 19 |
016f:004cdf37 50 push eax |
25 |
016f:004cdf37 50 push eax |
| 20 |
016f:004cdf38 e893f6ffff call 004cd5d0 = SAL3.DLL!rtl_string_new |
26 |
016f:004cdf38 e893f6ffff call 004cd5d0 = SAL3.DLL!rtl_string_new |
| 21 |
016f:004cdf3d 83c404 add esp,+04 |
27 |
016f:004cdf3d 83c404 add esp,+04 |
| 22 |
016f:004cdf40 5f pop edi |
28 |
016f:004cdf40 5f pop edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... |
8 |
-> e8 21 55 00 70 44 4d 00 80 45 4d 00 00 00 00 00 .!U.pDM..EM..... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
| 24 |
... |
29 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
| 24 |
... |
29 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
| 24 |
... |
29 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c803aa9 c20400 retd 0004 |
9 |
016f:1c803aa9 c20400 retd 0004 |
| 4 |
016f:1c803aac 90 nop |
10 |
016f:1c803aac 90 nop |
| 5 |
016f:1c803aad 90 nop |
11 |
016f:1c803aad 90 nop |
| 6 |
016f:1c803aae 90 nop |
12 |
016f:1c803aae 90 nop |
| 7 |
016f:1c803aaf 90 nop |
13 |
016f:1c803aaf 90 nop |
| 8 |
016f:1c803ab0 8b01 mov eax,dword ptr [ecx] |
14 |
016f:1c803ab0 8b01 mov eax,dword ptr [ecx] |
| 9 |
016f:1c803ab2 50 push eax |
15 |
016f:1c803ab2 50 push eax |
| 10 |
016f:1c803ab3 833801 cmp dword ptr [eax],+01 |
16 |
016f:1c803ab3 833801 cmp dword ptr [eax],+01 |
| 11 |
016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 |
17 |
016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 |
| 12 |
016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c803ac0 c3 retd |
19 |
016f:1c803ac0 c3 retd |
| 14 |
016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 |
20 |
016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 |
| 15 |
016f:1c803ac6 59 pop ecx |
21 |
016f:1c803ac6 59 pop ecx |
| 16 |
016f:1c803ac7 c3 retd |
22 |
016f:1c803ac7 c3 retd |
| 17 |
016f:1c803ac8 90 nop |
23 |
016f:1c803ac8 90 nop |
| 18 |
016f:1c803ac9 90 nop |
24 |
016f:1c803ac9 90 nop |
| 19 |
016f:1c803aca 90 nop |
25 |
016f:1c803aca 90 nop |
| 20 |
016f:1c803acb 90 nop |
26 |
016f:1c803acb 90 nop |
| 21 |
016f:1c803acc 90 nop |
27 |
016f:1c803acc 90 nop |
| 22 |
016f:1c803acd 90 nop |
28 |
016f:1c803acd 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80ed7f 7419 jz 1c80ed9a = TL641MI.DLL:.text+0xdd9a |
9 |
016f:1c80ed7f 7419 jz 1c80ed9a = TL641MI.DLL:.text+0xdd9a |
| 4 |
016f:1c80ed81 8d4e10 lea ecx,[esi+10] |
10 |
016f:1c80ed81 8d4e10 lea ecx,[esi+10] |
| 5 |
016f:1c80ed84 e857670100 call 1c8254e0 = TL641MI.DLL!242 |
11 |
016f:1c80ed84 e857670100 call 1c8254e0 = TL641MI.DLL!242 |
| 6 |
016f:1c80ed89 8d4e0c lea ecx,[esi+0c] |
12 |
016f:1c80ed89 8d4e0c lea ecx,[esi+0c] |
| 7 |
016f:1c80ed8c e84f670100 call 1c8254e0 = TL641MI.DLL!242 |
13 |
016f:1c80ed8c e84f670100 call 1c8254e0 = TL641MI.DLL!242 |
| 8 |
016f:1c80ed91 56 push esi |
14 |
016f:1c80ed91 56 push esi |
| 9 |
016f:1c80ed92 e809410200 call 1c832ea0 = TL641MI.DLL!21 |
15 |
016f:1c80ed92 e809410200 call 1c832ea0 = TL641MI.DLL!21 |
| 10 |
016f:1c80ed97 83c404 add esp,+04 |
16 |
016f:1c80ed97 83c404 add esp,+04 |
| 11 |
016f:1c80ed9a 8d4f04 lea ecx,[edi+04] |
17 |
016f:1c80ed9a 8d4f04 lea ecx,[edi+04] |
| 12 |
016f:1c80ed9d e80e4dffff call 1c803ab0 = TL641MI.DLL!149 |
18 |
016f:1c80ed9d e80e4dffff call 1c803ab0 = TL641MI.DLL!149 |
| 13 |
016f:1c80eda3 5e pop esi |
19 |
016f:1c80eda3 5e pop esi |
| 14 |
016f:1c80eda4 c3 retd |
20 |
016f:1c80eda4 c3 retd |
| 15 |
016f:1c80eda5 90 nop |
21 |
016f:1c80eda5 90 nop |
| 16 |
016f:1c80eda6 90 nop |
22 |
016f:1c80eda6 90 nop |
| 17 |
016f:1c80eda7 90 nop |
23 |
016f:1c80eda7 90 nop |
| 18 |
016f:1c80eda8 90 nop |
24 |
016f:1c80eda8 90 nop |
| 19 |
016f:1c80eda9 90 nop |
25 |
016f:1c80eda9 90 nop |
| 20 |
016f:1c80edaa 90 nop |
26 |
016f:1c80edaa 90 nop |
| 21 |
016f:1c80edab 90 nop |
27 |
016f:1c80edab 90 nop |
| 22 |
016f:1c80edac 90 nop |
28 |
016f:1c80edac 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0043e077 8d4c2454 lea ecx,[esp+54] |
9 |
016f:0043e077 8d4c2454 lea ecx,[esp+54] |
| 4 |
016f:0043e07b c68424b800000006 mov byte ptr [esp+000000b8],06 |
10 |
016f:0043e07b c68424b800000006 mov byte ptr [esp+000000b8],06 |
| 5 |
016f:0043e083 e892c90300 call 0047aa1a = TL641MI.DLL!1168 |
11 |
016f:0043e083 e892c90300 call 0047aa1a = TL641MI.DLL!1168 |
| 6 |
016f:0043e088 8d4c2418 lea ecx,[esp+18] |
12 |
016f:0043e088 8d4c2418 lea ecx,[esp+18] |
| 7 |
016f:0043e08c c68424b800000003 mov byte ptr [esp+000000b8],03 |
13 |
016f:0043e08c c68424b800000003 mov byte ptr [esp+000000b8],03 |
| 8 |
016f:0043e094 e8c9c90300 call 0047aa62 = TL641MI.DLL!662 |
14 |
016f:0043e094 e8c9c90300 call 0047aa62 = TL641MI.DLL!662 |
| 9 |
016f:0043e099 8d4c242c lea ecx,[esp+2c] |
15 |
016f:0043e099 8d4c242c lea ecx,[esp+2c] |
| 10 |
016f:0043e09d c68424b800000000 mov byte ptr [esp+000000b8],00 |
16 |
016f:0043e09d c68424b800000000 mov byte ptr [esp+000000b8],00 |
| 11 |
016f:0043e0a5 e8b8c90300 call 0047aa62 = TL641MI.DLL!662 |
17 |
016f:0043e0a5 e8b8c90300 call 0047aa62 = TL641MI.DLL!662 |
| 12 |
016f:0043e0b1 8bc6 mov eax,esi |
18 |
016f:0043e0b1 8bc6 mov eax,esi |
| 13 |
016f:0043e0b3 5e pop esi |
19 |
016f:0043e0b3 5e pop esi |
| 14 |
016f:0043e0b4 64890d00000000 mov dword ptr fs:[00000000],ecx |
20 |
016f:0043e0b4 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 15 |
016f:0043e0bb 81c4b8000000 add esp,000000b8 |
21 |
016f:0043e0bb 81c4b8000000 add esp,000000b8 |
| 16 |
016f:0043e0c1 c20400 retd 0004 |
22 |
016f:0043e0c1 c20400 retd 0004 |
| 17 |
016f:0043e0c4 90 nop |
23 |
016f:0043e0c4 90 nop |
| 18 |
016f:0043e0c5 90 nop |
24 |
016f:0043e0c5 90 nop |
| 19 |
016f:0043e0c6 90 nop |
25 |
016f:0043e0c6 90 nop |
| 20 |
016f:0043e0c7 90 nop |
26 |
016f:0043e0c7 90 nop |
| 21 |
016f:0043e0c8 90 nop |
27 |
016f:0043e0c8 90 nop |
| 22 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 90 c1 82 1c 30 c2 82 1c 80 c2 82 1c d0 c2 82 1c ....0........... |
8 |
-> 90 c1 82 1c 30 c2 82 1c 80 c2 82 1c d0 c2 82 1c ....0........... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> e8 63 3e ff ff 83 c4 04 8b fb eb 08 89 6f 04 c6 .c>..........o.. |
8 |
-> e8 63 3e ff ff 83 c4 04 8b fb eb 08 89 6f 04 c6 .c>..........o.. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c803aca 90 nop |
9 |
016f:1c803aca 90 nop |
| 4 |
016f:1c803acb 90 nop |
10 |
016f:1c803acb 90 nop |
| 5 |
016f:1c803acc 90 nop |
11 |
016f:1c803acc 90 nop |
| 6 |
016f:1c803acd 90 nop |
12 |
016f:1c803acd 90 nop |
| 7 |
016f:1c803ace 90 nop |
13 |
016f:1c803ace 90 nop |
| 8 |
016f:1c803acf 90 nop |
14 |
016f:1c803acf 90 nop |
| 9 |
016f:1c803ad0 56 push esi |
15 |
016f:1c803ad0 56 push esi |
| 10 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
16 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
| 11 |
016f:1c803ad5 56 push esi |
17 |
016f:1c803ad5 56 push esi |
| 12 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
18 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
| 13 |
016f:1c803ade 85c0 test eax,eax |
19 |
016f:1c803ade 85c0 test eax,eax |
| 14 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
20 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
| 15 |
016f:1c803ae2 56 push esi |
21 |
016f:1c803ae2 56 push esi |
| 16 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
22 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 17 |
016f:1c803ae8 83c404 add esp,+04 |
23 |
016f:1c803ae8 83c404 add esp,+04 |
| 18 |
016f:1c803aeb 5e pop esi |
24 |
016f:1c803aeb 5e pop esi |
| 19 |
016f:1c803aec c3 retd |
25 |
016f:1c803aec c3 retd |
| 20 |
016f:1c803aed 90 nop |
26 |
016f:1c803aed 90 nop |
| 21 |
016f:1c803aee 90 nop |
27 |
016f:1c803aee 90 nop |
| 22 |
016f:1c803aef 90 nop |
28 |
016f:1c803aef 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c803aca 90 nop |
9 |
016f:1c803aca 90 nop |
| 4 |
016f:1c803acb 90 nop |
10 |
016f:1c803acb 90 nop |
| 5 |
016f:1c803acc 90 nop |
11 |
016f:1c803acc 90 nop |
| 6 |
016f:1c803acd 90 nop |
12 |
016f:1c803acd 90 nop |
| 7 |
016f:1c803ace 90 nop |
13 |
016f:1c803ace 90 nop |
| 8 |
016f:1c803acf 90 nop |
14 |
016f:1c803acf 90 nop |
| 9 |
016f:1c803ad0 56 push esi |
15 |
016f:1c803ad0 56 push esi |
| 10 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
16 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
| 11 |
016f:1c803ad5 56 push esi |
17 |
016f:1c803ad5 56 push esi |
| 12 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
18 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
| 13 |
016f:1c803ade 85c0 test eax,eax |
19 |
016f:1c803ade 85c0 test eax,eax |
| 14 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
20 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
| 15 |
016f:1c803ae2 56 push esi |
21 |
016f:1c803ae2 56 push esi |
| 16 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
22 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 17 |
016f:1c803ae8 83c404 add esp,+04 |
23 |
016f:1c803ae8 83c404 add esp,+04 |
| 18 |
016f:1c803aeb 5e pop esi |
24 |
016f:1c803aeb 5e pop esi |
| 19 |
016f:1c803aec c3 retd |
25 |
016f:1c803aec c3 retd |
| 20 |
016f:1c803aed 90 nop |
26 |
016f:1c803aed 90 nop |
| 21 |
016f:1c803aee 90 nop |
27 |
016f:1c803aee 90 nop |
| 22 |
016f:1c803aef 90 nop |
28 |
016f:1c803aef 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c803aae 90 nop |
9 |
016f:1c803aae 90 nop |
| 4 |
016f:1c803aaf 90 nop |
10 |
016f:1c803aaf 90 nop |
| 5 |
016f:1c803ab0 8b01 mov eax,dword ptr [ecx] |
11 |
016f:1c803ab0 8b01 mov eax,dword ptr [ecx] |
| 6 |
016f:1c803ab2 50 push eax |
12 |
016f:1c803ab2 50 push eax |
| 7 |
016f:1c803ab3 833801 cmp dword ptr [eax],+01 |
13 |
016f:1c803ab3 833801 cmp dword ptr [eax],+01 |
| 8 |
016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 |
14 |
016f:1c803ab6 7509 jnz 1c803ac1 = TL641MI.DLL:.text+0x2ac1 |
| 9 |
016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
15 |
016f:1c803ab8 e85f020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 10 |
016f:1c803abd 83c404 add esp,+04 |
16 |
016f:1c803abd 83c404 add esp,+04 |
| 11 |
016f:1c803ac0 c3 retd |
17 |
016f:1c803ac0 c3 retd |
| 12 |
016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 |
18 |
016f:1c803ac1 e80a000000 call 1c803ad0 = TL641MI.DLL:.text+0x2ad0 |
| 13 |
016f:1c803ac7 c3 retd |
19 |
016f:1c803ac7 c3 retd |
| 14 |
016f:1c803ac8 90 nop |
20 |
016f:1c803ac8 90 nop |
| 15 |
016f:1c803ac9 90 nop |
21 |
016f:1c803ac9 90 nop |
| 16 |
016f:1c803aca 90 nop |
22 |
016f:1c803aca 90 nop |
| 17 |
016f:1c803acb 90 nop |
23 |
016f:1c803acb 90 nop |
| 18 |
016f:1c803acc 90 nop |
24 |
016f:1c803acc 90 nop |
| 19 |
016f:1c803acd 90 nop |
25 |
016f:1c803acd 90 nop |
| 20 |
016f:1c803ace 90 nop |
26 |
016f:1c803ace 90 nop |
| 21 |
016f:1c803acf 90 nop |
27 |
016f:1c803acf 90 nop |
| 22 |
016f:1c803ad0 56 push esi |
28 |
016f:1c803ad0 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b 4c 24 10 8b c6 5e 64 89 0d 00 00 00 00 83 c4 .L$...^d........ |
8 |
-> 8b 4c 24 10 8b c6 5e 64 89 0d 00 00 00 00 83 c4 .L$...^d........ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c803aca 90 nop |
9 |
016f:1c803aca 90 nop |
| 4 |
016f:1c803acb 90 nop |
10 |
016f:1c803acb 90 nop |
| 5 |
016f:1c803acc 90 nop |
11 |
016f:1c803acc 90 nop |
| 6 |
016f:1c803acd 90 nop |
12 |
016f:1c803acd 90 nop |
| 7 |
016f:1c803ace 90 nop |
13 |
016f:1c803ace 90 nop |
| 8 |
016f:1c803acf 90 nop |
14 |
016f:1c803acf 90 nop |
| 9 |
016f:1c803ad0 56 push esi |
15 |
016f:1c803ad0 56 push esi |
| 10 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
16 |
016f:1c803ad1 8b742408 mov esi,dword ptr [esp+08] |
| 11 |
016f:1c803ad5 56 push esi |
17 |
016f:1c803ad5 56 push esi |
| 12 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
18 |
016f:1c803ad6 e847020500 call 1c853d22 = SAL3.DLL!osl_decrementInterlockedCount |
| 13 |
016f:1c803ade 85c0 test eax,eax |
19 |
016f:1c803ade 85c0 test eax,eax |
| 14 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
20 |
016f:1c803ae0 7509 jnz 1c803aeb = TL641MI.DLL:.text+0x2aeb |
| 15 |
016f:1c803ae2 56 push esi |
21 |
016f:1c803ae2 56 push esi |
| 16 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
22 |
016f:1c803ae3 e834020500 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 17 |
016f:1c803ae8 83c404 add esp,+04 |
23 |
016f:1c803ae8 83c404 add esp,+04 |
| 18 |
016f:1c803aeb 5e pop esi |
24 |
016f:1c803aeb 5e pop esi |
| 19 |
016f:1c803aec c3 retd |
25 |
016f:1c803aec c3 retd |
| 20 |
016f:1c803aed 90 nop |
26 |
016f:1c803aed 90 nop |
| 21 |
016f:1c803aee 90 nop |
27 |
016f:1c803aee 90 nop |
| 22 |
016f:1c803aef 90 nop |
28 |
016f:1c803aef 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80388d 90 nop |
9 |
016f:1c80388d 90 nop |
| 4 |
016f:1c80388e 90 nop |
10 |
016f:1c80388e 90 nop |
| 5 |
016f:1c80388f 90 nop |
11 |
016f:1c80388f 90 nop |
| 6 |
016f:1c803890 56 push esi |
12 |
016f:1c803890 56 push esi |
| 7 |
016f:1c803891 57 push edi |
13 |
016f:1c803891 57 push edi |
| 8 |
016f:1c803892 8b7c240c mov edi,dword ptr [esp+0c] |
14 |
016f:1c803892 8b7c240c mov edi,dword ptr [esp+0c] |
| 9 |
016f:1c803896 8bf1 mov esi,ecx |
15 |
016f:1c803896 8bf1 mov esi,ecx |
| 10 |
016f:1c803898 8b07 mov eax,dword ptr [edi] |
16 |
016f:1c803898 8b07 mov eax,dword ptr [edi] |
| 11 |
016f:1c80389a 50 push eax |
17 |
016f:1c80389a 50 push eax |
| 12 |
016f:1c80389b e870040500 call 1c853d10 = SAL3.DLL!osl_incrementInterlockedCount |
18 |
016f:1c80389b e870040500 call 1c853d10 = SAL3.DLL!osl_incrementInterlockedCount |
| 13 |
016f:1c8038a2 83c404 add esp,+04 |
19 |
016f:1c8038a2 83c404 add esp,+04 |
| 14 |
016f:1c8038a5 890e mov dword ptr [esi],ecx |
20 |
016f:1c8038a5 890e mov dword ptr [esi],ecx |
| 15 |
016f:1c8038a7 8bc6 mov eax,esi |
21 |
016f:1c8038a7 8bc6 mov eax,esi |
| 16 |
016f:1c8038a9 5f pop edi |
22 |
016f:1c8038a9 5f pop edi |
| 17 |
016f:1c8038aa 5e pop esi |
23 |
016f:1c8038aa 5e pop esi |
| 18 |
016f:1c8038ab c20400 retd 0004 |
24 |
016f:1c8038ab c20400 retd 0004 |
| 19 |
016f:1c8038ae 90 nop |
25 |
016f:1c8038ae 90 nop |
| 20 |
016f:1c8038af 90 nop |
26 |
016f:1c8038af 90 nop |
| 21 |
016f:1c8038b0 8b442404 mov eax,dword ptr [esp+04] |
27 |
016f:1c8038b0 8b442404 mov eax,dword ptr [esp+04] |
| 22 |
016f:1c8038b4 53 push ebx |
28 |
016f:1c8038b4 53 push ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c1d92 8d4c243c lea ecx,[esp+3c] |
9 |
016f:010c1d92 8d4c243c lea ecx,[esp+3c] |
| 4 |
016f:010c1d96 50 push eax |
10 |
016f:010c1d96 50 push eax |
| 5 |
016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 |
11 |
016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 |
| 6 |
016f:010c1d9c 8d4c2414 lea ecx,[esp+14] |
12 |
016f:010c1d9c 8d4c2414 lea ecx,[esp+14] |
| 7 |
016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 |
13 |
016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 |
| 8 |
016f:010c1da5 51 push ecx |
14 |
016f:010c1da5 51 push ecx |
| 9 |
016f:010c1da6 8d442440 lea eax,[esp+40] |
15 |
016f:010c1da6 8d442440 lea eax,[esp+40] |
| 10 |
016f:010c1daa 8bcc mov ecx,esp |
16 |
016f:010c1daa 8bcc mov ecx,esp |
| 11 |
016f:010c1dac 50 push eax |
17 |
016f:010c1dac 50 push eax |
| 12 |
016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 |
18 |
016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 |
| 13 |
016f:010c1db7 8b4c2448 mov ecx,dword ptr [esp+48] |
19 |
016f:010c1db7 8b4c2448 mov ecx,dword ptr [esp+48] |
| 14 |
016f:010c1dbb 51 push ecx |
20 |
016f:010c1dbb 51 push ecx |
| 15 |
016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
21 |
016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
| 16 |
016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] |
22 |
016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] |
| 17 |
016f:010c1dc5 52 push edx |
23 |
016f:010c1dc5 52 push edx |
| 18 |
016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
24 |
016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
| 19 |
016f:010c1dcb 83c40c add esp,+0c |
25 |
016f:010c1dcb 83c40c add esp,+0c |
| 20 |
016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e |
26 |
016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e |
| 21 |
016f:010c1dd3 8bce mov ecx,esi |
27 |
016f:010c1dd3 8bce mov ecx,esi |
| 22 |
016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 |
28 |
016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c1d96 50 push eax |
9 |
016f:010c1d96 50 push eax |
| 4 |
016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 |
10 |
016f:010c1d97 e878720000 call 010c9014 = TL641MI.DLL!155 |
| 5 |
016f:010c1d9c 8d4c2414 lea ecx,[esp+14] |
11 |
016f:010c1d9c 8d4c2414 lea ecx,[esp+14] |
| 6 |
016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 |
12 |
016f:010c1da0 e85d720000 call 010c9002 = TL641MI.DLL!149 |
| 7 |
016f:010c1da5 51 push ecx |
13 |
016f:010c1da5 51 push ecx |
| 8 |
016f:010c1da6 8d442440 lea eax,[esp+40] |
14 |
016f:010c1da6 8d442440 lea eax,[esp+40] |
| 9 |
016f:010c1daa 8bcc mov ecx,esp |
15 |
016f:010c1daa 8bcc mov ecx,esp |
| 10 |
016f:010c1dac 50 push eax |
16 |
016f:010c1dac 50 push eax |
| 11 |
016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 |
17 |
016f:010c1dad e8ce720000 call 010c9080 = TL641MI.DLL!137 |
| 12 |
016f:010c1db2 e829190000 call 010c36e0 = JVM641MI.DLL:.text+0x26e0 |
18 |
016f:010c1db2 e829190000 call 010c36e0 = JVM641MI.DLL:.text+0x26e0 |
| 13 |
016f:010c1dbb 51 push ecx |
19 |
016f:010c1dbb 51 push ecx |
| 14 |
016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
20 |
016f:010c1dbc e87f730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
| 15 |
016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] |
21 |
016f:010c1dc1 8b542424 mov edx,dword ptr [esp+24] |
| 16 |
016f:010c1dc5 52 push edx |
22 |
016f:010c1dc5 52 push edx |
| 17 |
016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
23 |
016f:010c1dc6 e875730000 call 010c9140 = SAL3.DLL!rtl_uString_release |
| 18 |
016f:010c1dcb 83c40c add esp,+0c |
24 |
016f:010c1dcb 83c40c add esp,+0c |
| 19 |
016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e |
25 |
016f:010c1dce e93b020000 jmp 010c200e = JVM641MI.DLL:.text+0x100e |
| 20 |
016f:010c1dd3 8bce mov ecx,esi |
26 |
016f:010c1dd3 8bce mov ecx,esi |
| 21 |
016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 |
27 |
016f:010c1dd5 e8c8710000 call 010c8fa2 = SET641MI.DLL!1843 |
| 22 |
016f:010c1dda 50 push eax |
28 |
016f:010c1dda 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c669d 90 nop |
9 |
016f:004c669d 90 nop |
| 4 |
016f:004c669e 90 nop |
10 |
016f:004c669e 90 nop |
| 5 |
016f:004c669f 90 nop |
11 |
016f:004c669f 90 nop |
| 6 |
016f:004c66a0 56 push esi |
12 |
016f:004c66a0 56 push esi |
| 7 |
016f:004c66a1 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:004c66a1 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:004c66a5 57 push edi |
14 |
016f:004c66a5 57 push edi |
| 9 |
016f:004c66a6 6a5c push +5c |
15 |
016f:004c66a6 6a5c push +5c |
| 10 |
016f:004c66a8 56 push esi |
16 |
016f:004c66a8 56 push esi |
| 11 |
016f:004c66a9 33ff xor edi,edi |
17 |
016f:004c66a9 33ff xor edi,edi |
| 12 |
016f:004c66ab ff1578624e00 call dword ptr [004e6278] -> MSVCRT.DLL!wcsrchr |
18 |
016f:004c66ab ff1578624e00 call dword ptr [004e6278] -> MSVCRT.DLL!wcsrchr |
| 13 |
016f:004c66b4 3bc7 cmp eax,edi |
19 |
016f:004c66b4 3bc7 cmp eax,edi |
| 14 |
016f:004c66b6 742c jz 004c66e4 = SAL3.DLL:.text+0x56e4 |
20 |
016f:004c66b6 742c jz 004c66e4 = SAL3.DLL:.text+0x56e4 |
| 15 |
016f:004c66b8 66397802 cmp word ptr [eax+02],di |
21 |
016f:004c66b8 66397802 cmp word ptr [eax+02],di |
| 16 |
016f:004c66bc 7518 jnz 004c66d6 = SAL3.DLL:.text+0x56d6 |
22 |
016f:004c66bc 7518 jnz 004c66d6 = SAL3.DLL:.text+0x56d6 |
| 17 |
016f:004c66be 3bc6 cmp eax,esi |
23 |
016f:004c66be 3bc6 cmp eax,esi |
| 18 |
016f:004c66c0 7622 jbe 004c66e4 = SAL3.DLL:.text+0x56e4 |
24 |
016f:004c66c0 7622 jbe 004c66e4 = SAL3.DLL:.text+0x56e4 |
| 19 |
016f:004c66c2 668378fe3a cmp word ptr [eax-02],+3a |
25 |
016f:004c66c2 668378fe3a cmp word ptr [eax-02],+3a |
| 20 |
016f:004c66c7 741b jz 004c66e4 = SAL3.DLL:.text+0x56e4 |
26 |
016f:004c66c7 741b jz 004c66e4 = SAL3.DLL:.text+0x56e4 |
| 21 |
016f:004c66c9 668938 mov word ptr [eax],di |
27 |
016f:004c66c9 668938 mov word ptr [eax],di |
| 22 |
016f:004c66cc 5f pop edi |
28 |
016f:004c66cc 5f pop edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c66ee 90 nop |
9 |
016f:004c66ee 90 nop |
| 4 |
016f:004c66ef 90 nop |
10 |
016f:004c66ef 90 nop |
| 5 |
016f:004c66f0 56 push esi |
11 |
016f:004c66f0 56 push esi |
| 6 |
016f:004c66f1 8b742408 mov esi,dword ptr [esp+08] |
12 |
016f:004c66f1 8b742408 mov esi,dword ptr [esp+08] |
| 7 |
016f:004c66f5 57 push edi |
13 |
016f:004c66f5 57 push edi |
| 8 |
016f:004c66f6 33ff xor edi,edi |
14 |
016f:004c66f6 33ff xor edi,edi |
| 9 |
016f:004c66f8 85f6 test esi,esi |
15 |
016f:004c66f8 85f6 test esi,esi |
| 10 |
016f:004c66fa 7432 jz 004c672e = SAL3.DLL:.text+0x572e |
16 |
016f:004c66fa 7432 jz 004c672e = SAL3.DLL:.text+0x572e |
| 11 |
016f:004c66fc 56 push esi |
17 |
016f:004c66fc 56 push esi |
| 12 |
016f:004c66fd ff158c624e00 call dword ptr [004e628c] -> MSVCRT.DLL!wcslen |
18 |
016f:004c66fd ff158c624e00 call dword ptr [004e628c] -> MSVCRT.DLL!wcslen |
| 13 |
016f:004c6706 85c0 test eax,eax |
19 |
016f:004c6706 85c0 test eax,eax |
| 14 |
016f:004c6708 740f jz 004c6719 = SAL3.DLL:.text+0x5719 |
20 |
016f:004c6708 740f jz 004c6719 = SAL3.DLL:.text+0x5719 |
| 15 |
016f:004c670a 66837c46fe5c cmp word ptr [esi+eax*2-02],+5c |
21 |
016f:004c670a 66837c46fe5c cmp word ptr [esi+eax*2-02],+5c |
| 16 |
016f:004c6710 741c jz 004c672e = SAL3.DLL:.text+0x572e |
22 |
016f:004c6710 741c jz 004c672e = SAL3.DLL:.text+0x572e |
| 17 |
016f:004c6712 3d03010000 cmp eax,00000103 |
23 |
016f:004c6712 3d03010000 cmp eax,00000103 |
| 18 |
016f:004c6717 7d15 jge 004c672e = SAL3.DLL:.text+0x572e |
24 |
016f:004c6717 7d15 jge 004c672e = SAL3.DLL:.text+0x572e |
| 19 |
016f:004c6719 8d0446 lea eax,[esi+eax*2] |
25 |
016f:004c6719 8d0446 lea eax,[esi+eax*2] |
| 20 |
016f:004c671c 5f pop edi |
26 |
016f:004c671c 5f pop edi |
| 21 |
016f:004c671d 5e pop esi |
27 |
016f:004c671d 5e pop esi |
| 22 |
016f:004c671e 66c7005c00 mov word ptr [eax],005c |
28 |
016f:004c671e 66c7005c00 mov word ptr [eax],005c |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c681c 50 push eax |
9 |
016f:004c681c 50 push eax |
| 4 |
016f:004c681d ff1574624e00 call dword ptr [004e6274] -> MSVCRT.DLL!_wcsupr |
10 |
016f:004c681d ff1574624e00 call dword ptr [004e6274] -> MSVCRT.DLL!_wcsupr |
| 5 |
016f:004c6823 83c404 add esp,+04 |
11 |
016f:004c6823 83c404 add esp,+04 |
| 6 |
016f:004c6826 8bb42470040000 mov esi,dword ptr [esp+00000470] |
12 |
016f:004c6826 8bb42470040000 mov esi,dword ptr [esp+00000470] |
| 7 |
016f:004c682d 8d4c2410 lea ecx,[esp+10] |
13 |
016f:004c682d 8d4c2410 lea ecx,[esp+10] |
| 8 |
016f:004c6831 51 push ecx |
14 |
016f:004c6831 51 push ecx |
| 9 |
016f:004c6832 56 push esi |
15 |
016f:004c6832 56 push esi |
| 10 |
016f:004c6833 ff1588624e00 call dword ptr [004e6288] -> MSVCRT.DLL!wcscpy |
16 |
016f:004c6833 ff1588624e00 call dword ptr [004e6288] -> MSVCRT.DLL!wcscpy |
| 11 |
016f:004c6839 56 push esi |
17 |
016f:004c6839 56 push esi |
| 12 |
016f:004c683a ffd5 call ebp |
18 |
016f:004c683a ffd5 call ebp |
| 13 |
016f:004c683f 5f pop edi |
19 |
016f:004c683f 5f pop edi |
| 14 |
016f:004c6840 5e pop esi |
20 |
016f:004c6840 5e pop esi |
| 15 |
016f:004c6841 5d pop ebp |
21 |
016f:004c6841 5d pop ebp |
| 16 |
016f:004c6842 5b pop ebx |
22 |
016f:004c6842 5b pop ebx |
| 17 |
016f:004c6843 81c458040000 add esp,00000458 |
23 |
016f:004c6843 81c458040000 add esp,00000458 |
| 18 |
016f:004c6849 c20c00 retd 000c |
24 |
016f:004c6849 c20c00 retd 000c |
| 19 |
016f:004c684c 90 nop |
25 |
016f:004c684c 90 nop |
| 20 |
016f:004c684d 90 nop |
26 |
016f:004c684d 90 nop |
| 21 |
016f:004c684e 90 nop |
27 |
016f:004c684e 90 nop |
| 22 |
016f:004c684f 90 nop |
28 |
016f:004c684f 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780115eb 41 inc ecx |
9 |
016f:780115eb 41 inc ecx |
| 4 |
016f:780115ec 6685d2 test dx,dx |
10 |
016f:780115ec 6685d2 test dx,dx |
| 5 |
016f:780115ef 740a jz 780115fb = MSVCRT.DLL:.text+0x105fb |
11 |
016f:780115ef 740a jz 780115fb = MSVCRT.DLL:.text+0x105fb |
| 6 |
016f:780115f1 668b11 mov dx,word ptr [ecx] |
12 |
016f:780115f1 668b11 mov dx,word ptr [ecx] |
| 7 |
016f:780115f4 668916 mov word ptr [esi],dx |
13 |
016f:780115f4 668916 mov word ptr [esi],dx |
| 8 |
016f:780115f7 46 inc esi |
14 |
016f:780115f7 46 inc esi |
| 9 |
016f:780115f8 46 inc esi |
15 |
016f:780115f8 46 inc esi |
| 10 |
016f:780115f9 ebef jmp 780115ea = MSVCRT.DLL:.text+0x105ea |
16 |
016f:780115f9 ebef jmp 780115ea = MSVCRT.DLL:.text+0x105ea |
| 11 |
016f:780115fb 5e pop esi |
17 |
016f:780115fb 5e pop esi |
| 12 |
016f:780115fc c3 retd |
18 |
016f:780115fc c3 retd |
| 13 |
016f:78011601 66833900 cmp word ptr [ecx],+00 |
19 |
016f:78011601 66833900 cmp word ptr [ecx],+00 |
| 14 |
016f:78011605 8d4102 lea eax,[ecx+02] |
20 |
016f:78011605 8d4102 lea eax,[ecx+02] |
| 15 |
016f:78011608 740a jz 78011614 = MSVCRT.DLL:.text+0x10614 |
21 |
016f:78011608 740a jz 78011614 = MSVCRT.DLL:.text+0x10614 |
| 16 |
016f:7801160a 668b10 mov dx,word ptr [eax] |
22 |
016f:7801160a 668b10 mov dx,word ptr [eax] |
| 17 |
016f:7801160d 40 inc eax |
23 |
016f:7801160d 40 inc eax |
| 18 |
016f:7801160e 40 inc eax |
24 |
016f:7801160e 40 inc eax |
| 19 |
016f:7801160f 6685d2 test dx,dx |
25 |
016f:7801160f 6685d2 test dx,dx |
| 20 |
016f:78011612 75f6 jnz 7801160a = MSVCRT.DLL:.text+0x1060a |
26 |
016f:78011612 75f6 jnz 7801160a = MSVCRT.DLL:.text+0x1060a |
| 21 |
016f:78011614 2bc1 sub eax,ecx |
27 |
016f:78011614 2bc1 sub eax,ecx |
| 22 |
016f:78011616 d1f8 sar eax,EvIa |
28 |
016f:78011616 d1f8 sar eax,EvIa |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
-> ff ff 83 c4 04 3b fe 8b e8 7e 22 8d 53 08 56 8d .....;....".S.V. |
8 |
-> ff ff 83 c4 04 3b fe 8b e8 7e 22 8d 53 08 56 8d .....;....".S.V. |
|
Line 1
Link Here
|
| 1 |
-> 41 72 49 72 4a 72 6c 72 70 72 73 72 6e 72 ca 72 ArIrJrlrprsrnr.r |
8 |
-> 41 72 49 72 4a 72 6c 72 70 72 73 72 6e 72 ca 72 ArIrJrlrprsrnr.r |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 0d 00 00 00 5b 00 24 00 24 00 2d .........[.$.$.- |
8 |
-> 00 00 00 00 00 0d 00 00 00 5b 00 24 00 24 00 2d .........[.$.$.- |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 3b 61 3c 61 3d 61 3e 61 3f 61 40 61 41 61 42 61 ;a<a=a>a?a@aAaBa |
8 |
-> 3b 61 3c 61 3d 61 3e 61 3f 61 40 61 41 61 42 61 ;a<a=a>a?a@aAaBa |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
8 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff62857 33ff xor edi,edi |
9 |
016f:bff62857 33ff xor edi,edi |
| 4 |
016f:bff62859 8ee6 mov fs,si |
10 |
016f:bff62859 8ee6 mov fs,si |
| 5 |
016f:bff6285b 8eef mov gs,di |
11 |
016f:bff6285b 8eef mov gs,di |
| 6 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
12 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
| 7 |
016f:bff62865 6683eb01 sub bx,+01 |
13 |
016f:bff62865 6683eb01 sub bx,+01 |
| 8 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
14 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
| 9 |
016f:bff6286b 8bf0 mov esi,eax |
15 |
016f:bff6286b 8bf0 mov esi,eax |
| 10 |
016f:bff6286d 8bfa mov edi,edx |
16 |
016f:bff6286d 8bfa mov edi,edx |
| 11 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
18 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
| 13 |
016f:bff6287c 8bc6 mov eax,esi |
19 |
016f:bff6287c 8bc6 mov eax,esi |
| 14 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
20 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 15 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
21 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
| 16 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
22 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
| 17 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
23 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
| 18 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
24 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
| 19 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
25 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
| 20 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
26 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
| 21 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
27 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
| 22 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
28 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff62857 33ff xor edi,edi |
9 |
016f:bff62857 33ff xor edi,edi |
| 4 |
016f:bff62859 8ee6 mov fs,si |
10 |
016f:bff62859 8ee6 mov fs,si |
| 5 |
016f:bff6285b 8eef mov gs,di |
11 |
016f:bff6285b 8eef mov gs,di |
| 6 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
12 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
| 7 |
016f:bff62865 6683eb01 sub bx,+01 |
13 |
016f:bff62865 6683eb01 sub bx,+01 |
| 8 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
14 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
| 9 |
016f:bff6286b 8bf0 mov esi,eax |
15 |
016f:bff6286b 8bf0 mov esi,eax |
| 10 |
016f:bff6286d 8bfa mov edi,edx |
16 |
016f:bff6286d 8bfa mov edi,edx |
| 11 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
18 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
| 13 |
016f:bff6287c 8bc6 mov eax,esi |
19 |
016f:bff6287c 8bc6 mov eax,esi |
| 14 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
20 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 15 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
21 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
| 16 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
22 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
| 17 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
23 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
| 18 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
24 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
| 19 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
25 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
| 20 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
26 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
| 21 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
27 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
| 22 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
28 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff430a8 b12b mov cl,2b |
9 |
016f:bff430a8 b12b mov cl,2b |
| 4 |
016f:bff430aa 55 push ebp |
10 |
016f:bff430aa 55 push ebp |
| 5 |
016f:bff430ab 8bec mov ebp,esp |
11 |
016f:bff430ab 8bec mov ebp,esp |
| 6 |
016f:bff430ad 51 push ecx |
12 |
016f:bff430ad 51 push ecx |
| 7 |
016f:bff430ae 83ec3c sub esp,+3c |
13 |
016f:bff430ae 83ec3c sub esp,+3c |
| 8 |
016f:bff430b1 66ff7508 push word ptr [ebp+08] |
14 |
016f:bff430b1 66ff7508 push word ptr [ebp+08] |
| 9 |
016f:bff430b5 ff750c push dword ptr [ebp+0c] |
15 |
016f:bff430b5 ff750c push dword ptr [ebp+0c] |
| 10 |
016f:bff430b8 ff7510 push dword ptr [ebp+10] |
16 |
016f:bff430b8 ff7510 push dword ptr [ebp+10] |
| 11 |
016f:bff430bb ff7514 push dword ptr [ebp+14] |
17 |
016f:bff430bb ff7514 push dword ptr [ebp+14] |
| 12 |
016f:bff430be ff15bf27f4bf call dword ptr [bff427bf] -> USER32.DLL:.data+0x474 |
18 |
016f:bff430be ff15bf27f4bf call dword ptr [bff427bf] -> USER32.DLL:.data+0x474 |
| 13 |
016f:bff430c7 0facd010 shrd eax,edx,10 |
19 |
016f:bff430c7 0facd010 shrd eax,edx,10 |
| 14 |
016f:bff430cb c9 leave |
20 |
016f:bff430cb c9 leave |
| 15 |
016f:bff430cc c21000 retd 0010 |
21 |
016f:bff430cc c21000 retd 0010 |
| 16 |
016f:bff430cf b129 mov cl,29 |
22 |
016f:bff430cf b129 mov cl,29 |
| 17 |
016f:bff430d1 55 push ebp |
23 |
016f:bff430d1 55 push ebp |
| 18 |
016f:bff430d2 8bec mov ebp,esp |
24 |
016f:bff430d2 8bec mov ebp,esp |
| 19 |
016f:bff430d4 51 push ecx |
25 |
016f:bff430d4 51 push ecx |
| 20 |
016f:bff430d5 83ec3c sub esp,+3c |
26 |
016f:bff430d5 83ec3c sub esp,+3c |
| 21 |
016f:bff430d8 66ff7508 push word ptr [ebp+08] |
27 |
016f:bff430d8 66ff7508 push word ptr [ebp+08] |
| 22 |
016f:bff430dc ff750c push dword ptr [ebp+0c] |
28 |
016f:bff430dc ff750c push dword ptr [ebp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff41bad b179 mov cl,79 |
9 |
016f:bff41bad b179 mov cl,79 |
| 4 |
016f:bff41baf eb02 jmp bff41bb3 = USER32.DLL:.text+0xbb3 |
10 |
016f:bff41baf eb02 jmp bff41bb3 = USER32.DLL:.text+0xbb3 |
| 5 |
016f:bff41bb1 b162 mov cl,62 |
11 |
016f:bff41bb1 b162 mov cl,62 |
| 6 |
016f:bff41bb3 55 push ebp |
12 |
016f:bff41bb3 55 push ebp |
| 7 |
016f:bff41bb4 8bec mov ebp,esp |
13 |
016f:bff41bb4 8bec mov ebp,esp |
| 8 |
016f:bff41bb6 51 push ecx |
14 |
016f:bff41bb6 51 push ecx |
| 9 |
016f:bff41bb7 83ec3c sub esp,+3c |
15 |
016f:bff41bb7 83ec3c sub esp,+3c |
| 10 |
016f:bff41bba 66ff7508 push word ptr [ebp+08] |
16 |
016f:bff41bba 66ff7508 push word ptr [ebp+08] |
| 11 |
016f:bff41bbe ff750c push dword ptr [ebp+0c] |
17 |
016f:bff41bbe ff750c push dword ptr [ebp+0c] |
| 12 |
016f:bff41bc1 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
18 |
016f:bff41bc1 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
| 13 |
016f:bff41bc8 c9 leave |
19 |
016f:bff41bc8 c9 leave |
| 14 |
016f:bff41bc9 c20800 retd 0008 |
20 |
016f:bff41bc9 c20800 retd 0008 |
| 15 |
016f:bff41bcc b15e mov cl,5e |
21 |
016f:bff41bcc b15e mov cl,5e |
| 16 |
016f:bff41bce eb0a jmp bff41bda = USER32.DLL:.text+0xbda |
22 |
016f:bff41bce eb0a jmp bff41bda = USER32.DLL:.text+0xbda |
| 17 |
016f:bff41bd0 b1d5 mov cl,d5 |
23 |
016f:bff41bd0 b1d5 mov cl,d5 |
| 18 |
016f:bff41bd2 eb06 jmp bff41bda = USER32.DLL:.text+0xbda |
24 |
016f:bff41bd2 eb06 jmp bff41bda = USER32.DLL:.text+0xbda |
| 19 |
016f:bff41bd4 b1b5 mov cl,b5 |
25 |
016f:bff41bd4 b1b5 mov cl,b5 |
| 20 |
016f:bff41bd6 eb02 jmp bff41bda = USER32.DLL:.text+0xbda |
26 |
016f:bff41bd6 eb02 jmp bff41bda = USER32.DLL:.text+0xbda |
| 21 |
016f:bff41bd8 b15f mov cl,5f |
27 |
016f:bff41bd8 b15f mov cl,5f |
| 22 |
016f:bff41bda 55 push ebp |
28 |
016f:bff41bda 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6e4eab 85c0 test eax,eax |
9 |
016f:1c6e4eab 85c0 test eax,eax |
| 4 |
016f:1c6e4ead 7409 jz 1c6e4eb8 = VCL641MI.DLL:.text+0xe3eb8 |
10 |
016f:1c6e4ead 7409 jz 1c6e4eb8 = VCL641MI.DLL:.text+0xe3eb8 |
| 5 |
016f:1c6e4eaf 50 push eax |
11 |
016f:1c6e4eaf 50 push eax |
| 6 |
016f:1c6e4eb0 6a00 push +00 |
12 |
016f:1c6e4eb0 6a00 push +00 |
| 7 |
016f:1c6e4eb2 ff15d4f36f1c call dword ptr [1c6ff3d4] -> USER32.DLL!KillTimer |
13 |
016f:1c6e4eb2 ff15d4f36f1c call dword ptr [1c6ff3d4] -> USER32.DLL!KillTimer |
| 8 |
016f:1c6e4eb8 68104f6e1c push 1c6e4f10 |
14 |
016f:1c6e4eb8 68104f6e1c push 1c6e4f10 |
| 9 |
016f:1c6e4ebd 57 push edi |
15 |
016f:1c6e4ebd 57 push edi |
| 10 |
016f:1c6e4ebe 6a00 push +00 |
16 |
016f:1c6e4ebe 6a00 push +00 |
| 11 |
016f:1c6e4ec0 6a00 push +00 |
17 |
016f:1c6e4ec0 6a00 push +00 |
| 12 |
016f:1c6e4ec2 ff15d0f36f1c call dword ptr [1c6ff3d0] -> USER32.DLL!SetTimer |
18 |
016f:1c6e4ec2 ff15d0f36f1c call dword ptr [1c6ff3d0] -> USER32.DLL!SetTimer |
| 13 |
016f:1c6e4ecb 5f pop edi |
19 |
016f:1c6e4ecb 5f pop edi |
| 14 |
016f:1c6e4ecc 5e pop esi |
20 |
016f:1c6e4ecc 5e pop esi |
| 15 |
016f:1c6e4ecd c3 retd |
21 |
016f:1c6e4ecd c3 retd |
| 16 |
016f:1c6e4ece 90 nop |
22 |
016f:1c6e4ece 90 nop |
| 17 |
016f:1c6e4ecf 90 nop |
23 |
016f:1c6e4ecf 90 nop |
| 18 |
016f:1c6e4ed0 a188ca711c mov eax,dword ptr [1c71ca88] |
24 |
016f:1c6e4ed0 a188ca711c mov eax,dword ptr [1c71ca88] |
| 19 |
016f:1c6e4ed5 56 push esi |
25 |
016f:1c6e4ed5 56 push esi |
| 20 |
016f:1c6e4ed6 8b30 mov esi,dword ptr [eax] |
26 |
016f:1c6e4ed6 8b30 mov esi,dword ptr [eax] |
| 21 |
016f:1c6e4ed8 8b4630 mov eax,dword ptr [esi+30] |
27 |
016f:1c6e4ed8 8b4630 mov eax,dword ptr [esi+30] |
| 22 |
016f:1c6e4edb 85c0 test eax,eax |
28 |
016f:1c6e4edb 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
8 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dcd44 83c410 add esp,+10 |
9 |
016f:1c6dcd44 83c410 add esp,+10 |
| 4 |
016f:1c6dcd47 8bc6 mov eax,esi |
10 |
016f:1c6dcd47 8bc6 mov eax,esi |
| 5 |
016f:1c6dcd49 5f pop edi |
11 |
016f:1c6dcd49 5f pop edi |
| 6 |
016f:1c6dcd4a c70100000000 mov dword ptr [ecx],00000000 |
12 |
016f:1c6dcd4a c70100000000 mov dword ptr [ecx],00000000 |
| 7 |
016f:1c6dcd50 5e pop esi |
13 |
016f:1c6dcd50 5e pop esi |
| 8 |
016f:1c6dcd51 c21400 retd 0014 |
14 |
016f:1c6dcd51 c21400 retd 0014 |
| 9 |
016f:1c6dcd54 8b542418 mov edx,dword ptr [esp+18] |
15 |
016f:1c6dcd54 8b542418 mov edx,dword ptr [esp+18] |
| 10 |
016f:1c6dcd58 6a00 push +00 |
16 |
016f:1c6dcd58 6a00 push +00 |
| 11 |
016f:1c6dcd5a 52 push edx |
17 |
016f:1c6dcd5a 52 push edx |
| 12 |
016f:1c6dcd5b e820810000 call 1c6e4e80 = VCL641MI.DLL:.text+0xe3e80 |
18 |
016f:1c6dcd5b e820810000 call 1c6e4e80 = VCL641MI.DLL:.text+0xe3e80 |
| 13 |
016f:1c6dcd64 83c408 add esp,+08 |
19 |
016f:1c6dcd64 83c408 add esp,+08 |
| 14 |
016f:1c6dcd67 c70000000000 mov dword ptr [eax],00000000 |
20 |
016f:1c6dcd67 c70000000000 mov dword ptr [eax],00000000 |
| 15 |
016f:1c6dcd6d 8bc6 mov eax,esi |
21 |
016f:1c6dcd6d 8bc6 mov eax,esi |
| 16 |
016f:1c6dcd6f 5f pop edi |
22 |
016f:1c6dcd6f 5f pop edi |
| 17 |
016f:1c6dcd70 5e pop esi |
23 |
016f:1c6dcd70 5e pop esi |
| 18 |
016f:1c6dcd71 c21400 retd 0014 |
24 |
016f:1c6dcd71 c21400 retd 0014 |
| 19 |
016f:1c6dcd74 8b0d88ca711c mov ecx,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
25 |
016f:1c6dcd74 8b0d88ca711c mov ecx,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
| 20 |
016f:1c6dcd7a 8b542414 mov edx,dword ptr [esp+14] |
26 |
016f:1c6dcd7a 8b542414 mov edx,dword ptr [esp+14] |
| 21 |
016f:1c6dcd7e 52 push edx |
27 |
016f:1c6dcd7e 52 push edx |
| 22 |
016f:1c6dcd7f 8b01 mov eax,dword ptr [ecx] |
28 |
016f:1c6dcd7f 8b01 mov eax,dword ptr [ecx] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dced0 8d44240c lea eax,[esp+0c] |
9 |
016f:1c6dced0 8d44240c lea eax,[esp+0c] |
| 4 |
016f:1c6dced4 57 push edi |
10 |
016f:1c6dced4 57 push edi |
| 5 |
016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] |
11 |
016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] |
| 6 |
016f:1c6dced9 50 push eax |
12 |
016f:1c6dced9 50 push eax |
| 7 |
016f:1c6dceda 56 push esi |
13 |
016f:1c6dceda 56 push esi |
| 8 |
016f:1c6dcedb 57 push edi |
14 |
016f:1c6dcedb 57 push edi |
| 9 |
016f:1c6dcedc 53 push ebx |
15 |
016f:1c6dcedc 53 push ebx |
| 10 |
016f:1c6dcedd 55 push ebp |
16 |
016f:1c6dcedd 55 push ebp |
| 11 |
016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 |
17 |
016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 |
| 12 |
016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 |
18 |
016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 |
| 13 |
016f:1c6dceef 89442424 mov dword ptr [esp+24],eax |
19 |
016f:1c6dceef 89442424 mov dword ptr [esp+24],eax |
| 14 |
016f:1c6dcef3 85c9 test ecx,ecx |
20 |
016f:1c6dcef3 85c9 test ecx,ecx |
| 15 |
016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 |
21 |
016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 |
| 16 |
016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] |
22 |
016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] |
| 17 |
016f:1c6dcefb 51 push ecx |
23 |
016f:1c6dcefb 51 push ecx |
| 18 |
016f:1c6dcefc 56 push esi |
24 |
016f:1c6dcefc 56 push esi |
| 19 |
016f:1c6dcefd 57 push edi |
25 |
016f:1c6dcefd 57 push edi |
| 20 |
016f:1c6dcefe 53 push ebx |
26 |
016f:1c6dcefe 53 push ebx |
| 21 |
016f:1c6dceff 55 push ebp |
27 |
016f:1c6dceff 55 push ebp |
| 22 |
016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 |
28 |
016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
9 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
| 4 |
016f:bff641ad 90 nop |
10 |
016f:bff641ad 90 nop |
| 5 |
016f:bff641ae c3 retd |
11 |
016f:bff641ae c3 retd |
| 6 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
12 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
| 7 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
13 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
| 8 |
016f:bff641b4 52 push edx |
14 |
016f:bff641b4 52 push edx |
| 9 |
016f:bff641b5 51 push ecx |
15 |
016f:bff641b5 51 push ecx |
| 10 |
016f:bff641b6 52 push edx |
16 |
016f:bff641b6 52 push edx |
| 11 |
016f:bff641b7 681d002a00 push 002a001d |
17 |
016f:bff641b7 681d002a00 push 002a001d |
| 12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff641c2 5a pop edx |
19 |
016f:bff641c2 5a pop edx |
| 14 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
20 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 15 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
21 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 16 |
016f:bff641c9 50 push eax |
22 |
016f:bff641c9 50 push eax |
| 17 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
23 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 18 |
016f:bff641cf 58 pop eax |
24 |
016f:bff641cf 58 pop eax |
| 19 |
016f:bff641d0 c20400 retd 0004 |
25 |
016f:bff641d0 c20400 retd 0004 |
| 20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
26 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
27 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
28 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
9 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 4 |
016f:bff61809 c3 retd |
10 |
016f:bff61809 c3 retd |
| 5 |
016f:bff6180a 52 push edx |
11 |
016f:bff6180a 52 push edx |
| 6 |
016f:bff6180b 50 push eax |
12 |
016f:bff6180b 50 push eax |
| 7 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
13 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
| 8 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
14 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
| 9 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
15 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
| 10 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
16 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
| 11 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
18 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 13 |
016f:bff6182e 58 pop eax |
19 |
016f:bff6182e 58 pop eax |
| 14 |
016f:bff6182f 5a pop edx |
20 |
016f:bff6182f 5a pop edx |
| 15 |
016f:bff61830 c3 retd |
21 |
016f:bff61830 c3 retd |
| 16 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
22 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
| 17 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
23 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
| 18 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
24 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
| 19 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
25 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
| 20 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
26 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 21 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
27 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 22 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
28 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ |
8 |
-> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6151d 660bff or di,di |
9 |
016f:bff6151d 660bff or di,di |
| 4 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
10 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
| 5 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
11 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 6 |
016f:bff61527 ff30 push dword ptr [eax] |
12 |
016f:bff61527 ff30 push dword ptr [eax] |
| 7 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
13 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
| 8 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
14 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
| 9 |
016f:bff61536 6683ef01 sub di,+01 |
15 |
016f:bff61536 6683ef01 sub di,+01 |
| 10 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
16 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
| 11 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff6154f 8bc6 mov eax,esi |
19 |
016f:bff6154f 8bc6 mov eax,esi |
| 14 |
016f:bff61551 0fb6cb movzx ecx,bl |
20 |
016f:bff61551 0fb6cb movzx ecx,bl |
| 15 |
016f:bff61554 5f pop edi |
21 |
016f:bff61554 5f pop edi |
| 16 |
016f:bff61555 5e pop esi |
22 |
016f:bff61555 5e pop esi |
| 17 |
016f:bff61556 5b pop ebx |
23 |
016f:bff61556 5b pop ebx |
| 18 |
016f:bff61557 5d pop ebp |
24 |
016f:bff61557 5d pop ebp |
| 19 |
016f:bff61558 5a pop edx |
25 |
016f:bff61558 5a pop edx |
| 20 |
016f:bff61559 03e1 add esp,ecx |
26 |
016f:bff61559 03e1 add esp,ecx |
| 21 |
016f:bff6155b ffe2 jmp edx |
27 |
016f:bff6155b ffe2 jmp edx |
| 22 |
016f:bff6155d 55 push ebp |
28 |
016f:bff6155d 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
8 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ec743 c3 retd |
9 |
016f:1c6ec743 c3 retd |
| 4 |
016f:1c6ec744 8b4c2410 mov ecx,dword ptr [esp+10] |
10 |
016f:1c6ec744 8b4c2410 mov ecx,dword ptr [esp+10] |
| 5 |
016f:1c6ec748 8b54240c mov edx,dword ptr [esp+0c] |
11 |
016f:1c6ec748 8b54240c mov edx,dword ptr [esp+0c] |
| 6 |
016f:1c6ec74c 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:1c6ec74c 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:1c6ec750 51 push ecx |
13 |
016f:1c6ec750 51 push ecx |
| 8 |
016f:1c6ec751 8b4c2408 mov ecx,dword ptr [esp+08] |
14 |
016f:1c6ec751 8b4c2408 mov ecx,dword ptr [esp+08] |
| 9 |
016f:1c6ec755 52 push edx |
15 |
016f:1c6ec755 52 push edx |
| 10 |
016f:1c6ec756 50 push eax |
16 |
016f:1c6ec756 50 push eax |
| 11 |
016f:1c6ec757 51 push ecx |
17 |
016f:1c6ec757 51 push ecx |
| 12 |
016f:1c6ec758 ff15e8f36f1c call dword ptr [1c6ff3e8] -> USER32.DLL!SendMessageA |
18 |
016f:1c6ec758 ff15e8f36f1c call dword ptr [1c6ff3e8] -> USER32.DLL!SendMessageA |
| 13 |
016f:1c6ec75f 90 nop |
19 |
016f:1c6ec75f 90 nop |
| 14 |
016f:1c6ec760 a15cd3711c mov eax,dword ptr [1c71d35c] |
20 |
016f:1c6ec760 a15cd3711c mov eax,dword ptr [1c71d35c] |
| 15 |
016f:1c6ec765 85c0 test eax,eax |
21 |
016f:1c6ec765 85c0 test eax,eax |
| 16 |
016f:1c6ec767 741b jz 1c6ec784 = VCL641MI.DLL:.text+0xeb784 |
22 |
016f:1c6ec767 741b jz 1c6ec784 = VCL641MI.DLL:.text+0xeb784 |
| 17 |
016f:1c6ec769 8b442410 mov eax,dword ptr [esp+10] |
23 |
016f:1c6ec769 8b442410 mov eax,dword ptr [esp+10] |
| 18 |
016f:1c6ec76d 8b4c240c mov ecx,dword ptr [esp+0c] |
24 |
016f:1c6ec76d 8b4c240c mov ecx,dword ptr [esp+0c] |
| 19 |
016f:1c6ec771 8b542408 mov edx,dword ptr [esp+08] |
25 |
016f:1c6ec771 8b542408 mov edx,dword ptr [esp+08] |
| 20 |
016f:1c6ec775 50 push eax |
26 |
016f:1c6ec775 50 push eax |
| 21 |
016f:1c6ec776 8b442408 mov eax,dword ptr [esp+08] |
27 |
016f:1c6ec776 8b442408 mov eax,dword ptr [esp+08] |
| 22 |
016f:1c6ec77a 51 push ecx |
28 |
016f:1c6ec77a 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c67d94e 48 dec eax |
9 |
016f:1c67d94e 48 dec eax |
| 4 |
016f:1c67d94f 8906 mov dword ptr [esi],eax |
10 |
016f:1c67d94f 8906 mov dword ptr [esi],eax |
| 5 |
016f:1c67d951 5e pop esi |
11 |
016f:1c67d951 5e pop esi |
| 6 |
016f:1c67d952 c3 retd |
12 |
016f:1c67d952 c3 retd |
| 7 |
016f:1c67d953 85f6 test esi,esi |
13 |
016f:1c67d953 85f6 test esi,esi |
| 8 |
016f:1c67d955 7410 jz 1c67d967 = VCL641MI.DLL:.text+0x7c967 |
14 |
016f:1c67d955 7410 jz 1c67d967 = VCL641MI.DLL:.text+0x7c967 |
| 9 |
016f:1c67d957 8bce mov ecx,esi |
15 |
016f:1c67d957 8bce mov ecx,esi |
| 10 |
016f:1c67d959 e802f7ffff call 1c67d060 = VCL641MI.DLL:.text+0x7c060 |
16 |
016f:1c67d959 e802f7ffff call 1c67d060 = VCL641MI.DLL:.text+0x7c060 |
| 11 |
016f:1c67d95e 56 push esi |
17 |
016f:1c67d95e 56 push esi |
| 12 |
016f:1c67d95f e808770700 call 1c6f506c = TL641MI.DLL!21 |
18 |
016f:1c67d95f e808770700 call 1c6f506c = TL641MI.DLL!21 |
| 13 |
016f:1c67d967 5e pop esi |
19 |
016f:1c67d967 5e pop esi |
| 14 |
016f:1c67d968 c3 retd |
20 |
016f:1c67d968 c3 retd |
| 15 |
016f:1c67d969 90 nop |
21 |
016f:1c67d969 90 nop |
| 16 |
016f:1c67d96a 90 nop |
22 |
016f:1c67d96a 90 nop |
| 17 |
016f:1c67d96b 90 nop |
23 |
016f:1c67d96b 90 nop |
| 18 |
016f:1c67d96c 90 nop |
24 |
016f:1c67d96c 90 nop |
| 19 |
016f:1c67d96d 90 nop |
25 |
016f:1c67d96d 90 nop |
| 20 |
016f:1c67d96e 90 nop |
26 |
016f:1c67d96e 90 nop |
| 21 |
016f:1c67d96f 90 nop |
27 |
016f:1c67d96f 90 nop |
| 22 |
016f:1c67d970 8b542404 mov edx,dword ptr [esp+04] |
28 |
016f:1c67d970 8b542404 mov edx,dword ptr [esp+04] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6acd5e 8d4c2430 lea ecx,[esp+30] |
9 |
016f:1c6acd5e 8d4c2430 lea ecx,[esp+30] |
| 4 |
016f:1c6acd62 e8490bfdff call 1c67d8b0 = VCL641MI.DLL!2530 |
10 |
016f:1c6acd62 e8490bfdff call 1c67d8b0 = VCL641MI.DLL!2530 |
| 5 |
016f:1c6acd67 8b4c2428 mov ecx,dword ptr [esp+28] |
11 |
016f:1c6acd67 8b4c2428 mov ecx,dword ptr [esp+28] |
| 6 |
016f:1c6acd6b 8d44242c lea eax,[esp+2c] |
12 |
016f:1c6acd6b 8d44242c lea eax,[esp+2c] |
| 7 |
016f:1c6acd6f 50 push eax |
13 |
016f:1c6acd6f 50 push eax |
| 8 |
016f:1c6acd70 c744242400000000 mov dword ptr [esp+24],00000000 |
14 |
016f:1c6acd70 c744242400000000 mov dword ptr [esp+24],00000000 |
| 9 |
016f:1c6acd78 e8834dffff call 1c6a1b00 = VCL641MI.DLL:.text+0xa0b00 |
15 |
016f:1c6acd78 e8834dffff call 1c6a1b00 = VCL641MI.DLL:.text+0xa0b00 |
| 10 |
016f:1c6acd7d 8d4c242c lea ecx,[esp+2c] |
16 |
016f:1c6acd7d 8d4c242c lea ecx,[esp+2c] |
| 11 |
016f:1c6acd81 c7442420ffffffff mov dword ptr [esp+20],ffffffff |
17 |
016f:1c6acd81 c7442420ffffffff mov dword ptr [esp+20],ffffffff |
| 12 |
016f:1c6acd89 e8b20bfdff call 1c67d940 = VCL641MI.DLL!2534 |
18 |
016f:1c6acd89 e8b20bfdff call 1c67d940 = VCL641MI.DLL!2534 |
| 13 |
016f:1c6acd92 5e pop esi |
19 |
016f:1c6acd92 5e pop esi |
| 14 |
016f:1c6acd93 5d pop ebp |
20 |
016f:1c6acd93 5d pop ebp |
| 15 |
016f:1c6acd94 64890d00000000 mov dword ptr fs:[00000000],ecx |
21 |
016f:1c6acd94 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 16 |
016f:1c6acd9b 83c41c add esp,+1c |
22 |
016f:1c6acd9b 83c41c add esp,+1c |
| 17 |
016f:1c6acd9e c3 retd |
23 |
016f:1c6acd9e c3 retd |
| 18 |
016f:1c6acd9f 90 nop |
24 |
016f:1c6acd9f 90 nop |
| 19 |
016f:1c6acda0 83ec08 sub esp,+08 |
25 |
016f:1c6acda0 83ec08 sub esp,+08 |
| 20 |
016f:1c6acda3 56 push esi |
26 |
016f:1c6acda3 56 push esi |
| 21 |
016f:1c6acda4 8b742410 mov esi,dword ptr [esp+10] |
27 |
016f:1c6acda4 8b742410 mov esi,dword ptr [esp+10] |
| 22 |
016f:1c6acda8 8b86f4000000 mov eax,dword ptr [esi+000000f4] |
28 |
016f:1c6acda8 8b86f4000000 mov eax,dword ptr [esi+000000f4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff45525 740b jz bff45532 = USER32.DLL:.text+0x4532 |
9 |
016f:bff45525 740b jz bff45532 = USER32.DLL:.text+0x4532 |
| 4 |
016f:bff45527 b904000000 mov ecx,00000004 |
10 |
016f:bff45527 b904000000 mov ecx,00000004 |
| 5 |
016f:bff4552c fc cld |
11 |
016f:bff4552c fc cld |
| 6 |
016f:bff4552d 1e push ds |
12 |
016f:bff4552d 1e push ds |
| 7 |
016f:bff4552e 07 pop es |
13 |
016f:bff4552e 07 pop es |
| 8 |
016f:bff4552f f3ab rep stos dword ptr es:[edi],eax |
14 |
016f:bff4552f f3ab rep stos dword ptr es:[edi],eax |
| 9 |
016f:bff45531 48 dec eax |
15 |
016f:bff45531 48 dec eax |
| 10 |
016f:bff45532 5f pop edi |
16 |
016f:bff45532 5f pop edi |
| 11 |
016f:bff45533 c9 leave |
17 |
016f:bff45533 c9 leave |
| 12 |
016f:bff45534 c20400 retd 0004 |
18 |
016f:bff45534 c20400 retd 0004 |
| 13 |
016f:bff45538 8bec mov ebp,esp |
19 |
016f:bff45538 8bec mov ebp,esp |
| 14 |
016f:bff4553a 56 push esi |
20 |
016f:bff4553a 56 push esi |
| 15 |
016f:bff4553b 57 push edi |
21 |
016f:bff4553b 57 push edi |
| 16 |
016f:bff4553c 33c0 xor eax,eax |
22 |
016f:bff4553c 33c0 xor eax,eax |
| 17 |
016f:bff4553e 8b7d08 mov edi,dword ptr [ebp+08] |
23 |
016f:bff4553e 8b7d08 mov edi,dword ptr [ebp+08] |
| 18 |
016f:bff45541 0bff or edi,edi |
24 |
016f:bff45541 0bff or edi,edi |
| 19 |
016f:bff45543 7412 jz bff45557 = USER32.DLL:.text+0x4557 |
25 |
016f:bff45543 7412 jz bff45557 = USER32.DLL:.text+0x4557 |
| 20 |
016f:bff45545 8b750c mov esi,dword ptr [ebp+0c] |
26 |
016f:bff45545 8b750c mov esi,dword ptr [ebp+0c] |
| 21 |
016f:bff45548 0bf6 or esi,esi |
27 |
016f:bff45548 0bf6 or esi,esi |
| 22 |
016f:bff4554a 740b jz bff45557 = USER32.DLL:.text+0x4557 |
28 |
016f:bff4554a 740b jz bff45557 = USER32.DLL:.text+0x4557 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 f8 c4 70 1c e9 74 ca ff ff cc cc cc cc cc cc ...p..t......... |
8 |
-> b8 f8 c4 70 1c e9 74 ca ff ff cc cc cc cc cc cc ...p..t......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ac2f9 894c2414 mov dword ptr [esp+14],ecx |
9 |
016f:1c6ac2f9 894c2414 mov dword ptr [esp+14],ecx |
| 4 |
016f:1c6ac2fd 8d4430ff lea eax,[eax+esi-01] |
10 |
016f:1c6ac2fd 8d4430ff lea eax,[eax+esi-01] |
| 5 |
016f:1c6ac301 7505 jnz 1c6ac308 = VCL641MI.DLL:.text+0xab308 |
11 |
016f:1c6ac301 7505 jnz 1c6ac308 = VCL641MI.DLL:.text+0xab308 |
| 6 |
016f:1c6ac303 b80180ffff mov eax,ffff8001 |
12 |
016f:1c6ac303 b80180ffff mov eax,ffff8001 |
| 7 |
016f:1c6ac308 8b542430 mov edx,dword ptr [esp+30] |
13 |
016f:1c6ac308 8b542430 mov edx,dword ptr [esp+30] |
| 8 |
016f:1c6ac30c 8d4c240c lea ecx,[esp+0c] |
14 |
016f:1c6ac30c 8d4c240c lea ecx,[esp+0c] |
| 9 |
016f:1c6ac310 51 push ecx |
15 |
016f:1c6ac310 51 push ecx |
| 10 |
016f:1c6ac311 52 push edx |
16 |
016f:1c6ac311 52 push edx |
| 11 |
016f:1c6ac312 89442420 mov dword ptr [esp+20],eax |
17 |
016f:1c6ac312 89442420 mov dword ptr [esp+20],eax |
| 12 |
016f:1c6ac316 e8b5090000 call 1c6accd0 = VCL641MI.DLL:.text+0xabcd0 |
18 |
016f:1c6ac316 e8b5090000 call 1c6accd0 = VCL641MI.DLL:.text+0xabcd0 |
| 13 |
016f:1c6ac31e 8bc3 mov eax,ebx |
19 |
016f:1c6ac31e 8bc3 mov eax,ebx |
| 14 |
016f:1c6ac320 5f pop edi |
20 |
016f:1c6ac320 5f pop edi |
| 15 |
016f:1c6ac321 5e pop esi |
21 |
016f:1c6ac321 5e pop esi |
| 16 |
016f:1c6ac322 5b pop ebx |
22 |
016f:1c6ac322 5b pop ebx |
| 17 |
016f:1c6ac323 83c420 add esp,+20 |
23 |
016f:1c6ac323 83c420 add esp,+20 |
| 18 |
016f:1c6ac326 c3 retd |
24 |
016f:1c6ac326 c3 retd |
| 19 |
016f:1c6ac327 8b442430 mov eax,dword ptr [esp+30] |
25 |
016f:1c6ac327 8b442430 mov eax,dword ptr [esp+30] |
| 20 |
016f:1c6ac32b b908000000 mov ecx,00000008 |
26 |
016f:1c6ac32b b908000000 mov ecx,00000008 |
| 21 |
016f:1c6ac330 8d7c240c lea edi,[esp+0c] |
27 |
016f:1c6ac330 8d7c240c lea edi,[esp+0c] |
| 22 |
016f:1c6ac334 8bb0f8000000 mov esi,dword ptr [eax+000000f8] |
28 |
016f:1c6ac334 8bb0f8000000 mov esi,dword ptr [eax+000000f8] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
9 |
016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
| 4 |
016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] |
10 |
016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] |
| 5 |
016f:004c23f3 48 dec eax |
11 |
016f:004c23f3 48 dec eax |
| 6 |
016f:004c23f4 894618 mov dword ptr [esi+18],eax |
12 |
016f:004c23f4 894618 mov dword ptr [esi+18],eax |
| 7 |
016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 |
13 |
016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 |
| 8 |
016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 |
14 |
016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 |
| 9 |
016f:004c2400 68f0916500 push 006591f0 |
15 |
016f:004c2400 68f0916500 push 006591f0 |
| 10 |
016f:004c2405 ffd7 call edi |
16 |
016f:004c2405 ffd7 call edi |
| 11 |
016f:004c2407 56 push esi |
17 |
016f:004c2407 56 push esi |
| 12 |
016f:004c2408 ffd7 call edi |
18 |
016f:004c2408 ffd7 call edi |
| 13 |
016f:004c240b b001 mov al,01 |
19 |
016f:004c240b b001 mov al,01 |
| 14 |
016f:004c240d 5e pop esi |
20 |
016f:004c240d 5e pop esi |
| 15 |
016f:004c240e c3 retd |
21 |
016f:004c240e c3 retd |
| 16 |
016f:004c240f 90 nop |
22 |
016f:004c240f 90 nop |
| 17 |
016f:004c2410 b878966500 mov eax,00659678 |
23 |
016f:004c2410 b878966500 mov eax,00659678 |
| 18 |
016f:004c2415 c3 retd |
24 |
016f:004c2415 c3 retd |
| 19 |
016f:004c2416 90 nop |
25 |
016f:004c2416 90 nop |
| 20 |
016f:004c2417 90 nop |
26 |
016f:004c2417 90 nop |
| 21 |
016f:004c2418 90 nop |
27 |
016f:004c2418 90 nop |
| 22 |
016f:004c2419 90 nop |
28 |
016f:004c2419 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c20921a 90 nop |
9 |
016f:1c20921a 90 nop |
| 4 |
016f:1c20921b 90 nop |
10 |
016f:1c20921b 90 nop |
| 5 |
016f:1c20921c 90 nop |
11 |
016f:1c20921c 90 nop |
| 6 |
016f:1c20921d 90 nop |
12 |
016f:1c20921d 90 nop |
| 7 |
016f:1c20921e 90 nop |
13 |
016f:1c20921e 90 nop |
| 8 |
016f:1c20921f 90 nop |
14 |
016f:1c20921f 90 nop |
| 9 |
016f:1c209220 8b442404 mov eax,dword ptr [esp+04] |
15 |
016f:1c209220 8b442404 mov eax,dword ptr [esp+04] |
| 10 |
016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] |
16 |
016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] |
| 11 |
016f:1c209227 51 push ecx |
17 |
016f:1c209227 51 push ecx |
| 12 |
016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex |
18 |
016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex |
| 13 |
016f:1c20922e c3 retd |
19 |
016f:1c20922e c3 retd |
| 14 |
016f:1c20922f 90 nop |
20 |
016f:1c20922f 90 nop |
| 15 |
016f:1c209230 83e904 sub ecx,+04 |
21 |
016f:1c209230 83e904 sub ecx,+04 |
| 16 |
016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 |
22 |
016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 |
| 17 |
016f:1c209238 cc int 3 |
23 |
016f:1c209238 cc int 3 |
| 18 |
016f:1c209239 cc int 3 |
24 |
016f:1c209239 cc int 3 |
| 19 |
016f:1c20923a cc int 3 |
25 |
016f:1c20923a cc int 3 |
| 20 |
016f:1c20923b cc int 3 |
26 |
016f:1c20923b cc int 3 |
| 21 |
016f:1c20923c cc int 3 |
27 |
016f:1c20923c cc int 3 |
| 22 |
016f:1c20923d cc int 3 |
28 |
016f:1c20923d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 |
9 |
016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 |
| 4 |
016f:1c6dc3c6 83c404 add esp,+04 |
10 |
016f:1c6dc3c6 83c404 add esp,+04 |
| 5 |
016f:1c6dc3c9 5e pop esi |
11 |
016f:1c6dc3c9 5e pop esi |
| 6 |
016f:1c6dc3ca c3 retd |
12 |
016f:1c6dc3ca c3 retd |
| 7 |
016f:1c6dc3cb 83f801 cmp eax,+01 |
13 |
016f:1c6dc3cb 83f801 cmp eax,+01 |
| 8 |
016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 |
14 |
016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 |
| 9 |
016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 |
15 |
016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 |
| 10 |
016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] |
16 |
016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] |
| 11 |
016f:1c6dc3da 56 push esi |
17 |
016f:1c6dc3da 56 push esi |
| 12 |
016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 |
18 |
016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 |
| 13 |
016f:1c6dc3e3 5e pop esi |
19 |
016f:1c6dc3e3 5e pop esi |
| 14 |
016f:1c6dc3e4 c3 retd |
20 |
016f:1c6dc3e4 c3 retd |
| 15 |
016f:1c6dc3e5 90 nop |
21 |
016f:1c6dc3e5 90 nop |
| 16 |
016f:1c6dc3e6 90 nop |
22 |
016f:1c6dc3e6 90 nop |
| 17 |
016f:1c6dc3e7 90 nop |
23 |
016f:1c6dc3e7 90 nop |
| 18 |
016f:1c6dc3e8 90 nop |
24 |
016f:1c6dc3e8 90 nop |
| 19 |
016f:1c6dc3e9 90 nop |
25 |
016f:1c6dc3e9 90 nop |
| 20 |
016f:1c6dc3ea 90 nop |
26 |
016f:1c6dc3ea 90 nop |
| 21 |
016f:1c6dc3eb 90 nop |
27 |
016f:1c6dc3eb 90 nop |
| 22 |
016f:1c6dc3ec 90 nop |
28 |
016f:1c6dc3ec 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dc576 8b08 mov ecx,dword ptr [eax] |
9 |
016f:1c6dc576 8b08 mov ecx,dword ptr [eax] |
| 4 |
016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] |
10 |
016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] |
| 5 |
016f:1c6dc57b 85f6 test esi,esi |
11 |
016f:1c6dc57b 85f6 test esi,esi |
| 6 |
016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 |
12 |
016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 |
| 7 |
016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush |
13 |
016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush |
| 8 |
016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] |
14 |
016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] |
| 9 |
016f:1c6dc588 83c004 add eax,+04 |
15 |
016f:1c6dc588 83c004 add eax,+04 |
| 10 |
016f:1c6dc58b 50 push eax |
16 |
016f:1c6dc58b 50 push eax |
| 11 |
016f:1c6dc58c 8b10 mov edx,dword ptr [eax] |
17 |
016f:1c6dc58c 8b10 mov edx,dword ptr [eax] |
| 12 |
016f:1c6dc58e ff5208 call dword ptr [edx+08] |
18 |
016f:1c6dc58e ff5208 call dword ptr [edx+08] |
| 13 |
016f:1c6dc594 5e pop esi |
19 |
016f:1c6dc594 5e pop esi |
| 14 |
016f:1c6dc595 c3 retd |
20 |
016f:1c6dc595 c3 retd |
| 15 |
016f:1c6dc596 90 nop |
21 |
016f:1c6dc596 90 nop |
| 16 |
016f:1c6dc597 90 nop |
22 |
016f:1c6dc597 90 nop |
| 17 |
016f:1c6dc598 90 nop |
23 |
016f:1c6dc598 90 nop |
| 18 |
016f:1c6dc599 90 nop |
24 |
016f:1c6dc599 90 nop |
| 19 |
016f:1c6dc59a 90 nop |
25 |
016f:1c6dc59a 90 nop |
| 20 |
016f:1c6dc59b 90 nop |
26 |
016f:1c6dc59b 90 nop |
| 21 |
016f:1c6dc59c 90 nop |
27 |
016f:1c6dc59c 90 nop |
| 22 |
016f:1c6dc59d 90 nop |
28 |
016f:1c6dc59d 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c631566 85c0 test eax,eax |
9 |
016f:1c631566 85c0 test eax,eax |
| 4 |
016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 |
10 |
016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 |
| 5 |
016f:1c63156a 8b0e mov ecx,dword ptr [esi] |
11 |
016f:1c63156a 8b0e mov ecx,dword ptr [esi] |
| 6 |
016f:1c63156c 50 push eax |
12 |
016f:1c63156c 50 push eax |
| 7 |
016f:1c63156d 51 push ecx |
13 |
016f:1c63156d 51 push ecx |
| 8 |
016f:1c63156e ffd3 call ebx |
14 |
016f:1c63156e ffd3 call ebx |
| 9 |
016f:1c631570 8a442413 mov al,byte ptr [esp+13] |
15 |
016f:1c631570 8a442413 mov al,byte ptr [esp+13] |
| 10 |
016f:1c631574 84c0 test al,al |
16 |
016f:1c631574 84c0 test al,al |
| 11 |
016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d |
17 |
016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d |
| 12 |
016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
18 |
016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
| 13 |
016f:1c63157e 5e pop esi |
19 |
016f:1c63157e 5e pop esi |
| 14 |
016f:1c63157f 5d pop ebp |
20 |
016f:1c63157f 5d pop ebp |
| 15 |
016f:1c631580 5b pop ebx |
21 |
016f:1c631580 5b pop ebx |
| 16 |
016f:1c631581 83c464 add esp,+64 |
22 |
016f:1c631581 83c464 add esp,+64 |
| 17 |
016f:1c631584 c3 retd |
23 |
016f:1c631584 c3 retd |
| 18 |
016f:1c631585 90 nop |
24 |
016f:1c631585 90 nop |
| 19 |
016f:1c631586 90 nop |
25 |
016f:1c631586 90 nop |
| 20 |
016f:1c631587 90 nop |
26 |
016f:1c631587 90 nop |
| 21 |
016f:1c631588 90 nop |
27 |
016f:1c631588 90 nop |
| 22 |
016f:1c631589 90 nop |
28 |
016f:1c631589 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff629fd 33ff xor edi,edi |
9 |
016f:bff629fd 33ff xor edi,edi |
| 4 |
016f:bff629ff 8ee6 mov fs,si |
10 |
016f:bff629ff 8ee6 mov fs,si |
| 5 |
016f:bff62a01 8eef mov gs,di |
11 |
016f:bff62a01 8eef mov gs,di |
| 6 |
016f:bff62a03 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
12 |
016f:bff62a03 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
| 7 |
016f:bff62a0b 6683eb01 sub bx,+01 |
13 |
016f:bff62a0b 6683eb01 sub bx,+01 |
| 8 |
016f:bff62a0f 7313 jnc bff62a24 = KERNEL32.DLL:_FREQASM+0x1a24 |
14 |
016f:bff62a0f 7313 jnc bff62a24 = KERNEL32.DLL:_FREQASM+0x1a24 |
| 9 |
016f:bff62a11 8bf0 mov esi,eax |
15 |
016f:bff62a11 8bf0 mov esi,eax |
| 10 |
016f:bff62a13 8bfa mov edi,edx |
16 |
016f:bff62a13 8bfa mov edi,edx |
| 11 |
016f:bff62a15 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff62a15 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff62a1b e8bc170000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
18 |
016f:bff62a1b e8bc170000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
| 13 |
016f:bff62a22 8bc6 mov eax,esi |
19 |
016f:bff62a22 8bc6 mov eax,esi |
| 14 |
016f:bff62a24 6664891d1e000000 mov word ptr fs:[0000001e],bx |
20 |
016f:bff62a24 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 15 |
016f:bff62a2c 648b1d00000000 mov ebx,dword ptr fs:[00000000] |
21 |
016f:bff62a2c 648b1d00000000 mov ebx,dword ptr fs:[00000000] |
| 16 |
016f:bff62a33 895dd4 mov dword ptr [ebp-2c],ebx |
22 |
016f:bff62a33 895dd4 mov dword ptr [ebp-2c],ebx |
| 17 |
016f:bff62a36 8d5dd4 lea ebx,[ebp-2c] |
23 |
016f:bff62a36 8d5dd4 lea ebx,[ebp-2c] |
| 18 |
016f:bff62a39 64891d00000000 mov dword ptr fs:[00000000],ebx |
24 |
016f:bff62a39 64891d00000000 mov dword ptr fs:[00000000],ebx |
| 19 |
016f:bff62a40 fc cld |
25 |
016f:bff62a40 fc cld |
| 20 |
016f:bff62a41 ff65dc jmp dword ptr [ebp-24] |
26 |
016f:bff62a41 ff65dc jmp dword ptr [ebp-24] |
| 21 |
016f:bff62a44 8f45dc pop dword ptr [ebp-24] |
27 |
016f:bff62a44 8f45dc pop dword ptr [ebp-24] |
| 22 |
016f:bff62a47 ff35a0b7fbbf push dword ptr [bffbb7a0] |
28 |
016f:bff62a47 ff35a0b7fbbf push dword ptr [bffbb7a0] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff62857 33ff xor edi,edi |
9 |
016f:bff62857 33ff xor edi,edi |
| 4 |
016f:bff62859 8ee6 mov fs,si |
10 |
016f:bff62859 8ee6 mov fs,si |
| 5 |
016f:bff6285b 8eef mov gs,di |
11 |
016f:bff6285b 8eef mov gs,di |
| 6 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
12 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
| 7 |
016f:bff62865 6683eb01 sub bx,+01 |
13 |
016f:bff62865 6683eb01 sub bx,+01 |
| 8 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
14 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
| 9 |
016f:bff6286b 8bf0 mov esi,eax |
15 |
016f:bff6286b 8bf0 mov esi,eax |
| 10 |
016f:bff6286d 8bfa mov edi,edx |
16 |
016f:bff6286d 8bfa mov edi,edx |
| 11 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
18 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
| 13 |
016f:bff6287c 8bc6 mov eax,esi |
19 |
016f:bff6287c 8bc6 mov eax,esi |
| 14 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
20 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 15 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
21 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
| 16 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
22 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
| 17 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
23 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
| 18 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
24 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
| 19 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
25 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
| 20 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
26 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
| 21 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
27 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
| 22 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
28 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63031b 56 push esi |
9 |
016f:1c63031b 56 push esi |
| 4 |
016f:1c63031c e85f1a0000 call 1c631d80 = VCL641MI.DLL:.text+0x30d80 |
10 |
016f:1c63031c e85f1a0000 call 1c631d80 = VCL641MI.DLL:.text+0x30d80 |
| 5 |
016f:1c630321 83c408 add esp,+08 |
11 |
016f:1c630321 83c408 add esp,+08 |
| 6 |
016f:1c630324 85c0 test eax,eax |
12 |
016f:1c630324 85c0 test eax,eax |
| 7 |
016f:1c630326 0f8458030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 |
13 |
016f:1c630326 0f8458030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 |
| 8 |
016f:1c63032c e94d030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
14 |
016f:1c63032c e94d030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 9 |
016f:1c630331 894c2410 mov dword ptr [esp+10],ecx |
15 |
016f:1c630331 894c2410 mov dword ptr [esp+10],ecx |
| 10 |
016f:1c630335 e944030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
16 |
016f:1c630335 e944030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 11 |
016f:1c63033a 56 push esi |
17 |
016f:1c63033a 56 push esi |
| 12 |
016f:1c63033b e810110000 call 1c631450 = VCL641MI.DLL:.text+0x30450 |
18 |
016f:1c63033b e810110000 call 1c631450 = VCL641MI.DLL:.text+0x30450 |
| 13 |
016f:1c630343 e936030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
19 |
016f:1c630343 e936030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 14 |
016f:1c630348 6685ed test bp,bp |
20 |
016f:1c630348 6685ed test bp,bp |
| 15 |
016f:1c63034b 0f8433030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 |
21 |
016f:1c63034b 0f8433030000 jz 1c630684 = VCL641MI.DLL:.text+0x2f684 |
| 16 |
016f:1c630351 6a00 push +00 |
22 |
016f:1c630351 6a00 push +00 |
| 17 |
016f:1c630353 6a00 push +00 |
23 |
016f:1c630353 6a00 push +00 |
| 18 |
016f:1c630355 688b040000 push 0000048b |
24 |
016f:1c630355 688b040000 push 0000048b |
| 19 |
016f:1c63035a 56 push esi |
25 |
016f:1c63035a 56 push esi |
| 20 |
016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 |
26 |
016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 |
| 21 |
016f:1c630360 83c410 add esp,+10 |
27 |
016f:1c630360 83c410 add esp,+10 |
| 22 |
016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
28 |
016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
9 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
| 4 |
016f:1c632944 57 push edi |
10 |
016f:1c632944 57 push edi |
| 5 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
11 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
| 6 |
016f:1c632949 50 push eax |
12 |
016f:1c632949 50 push eax |
| 7 |
016f:1c63294a 56 push esi |
13 |
016f:1c63294a 56 push esi |
| 8 |
016f:1c63294b 57 push edi |
14 |
016f:1c63294b 57 push edi |
| 9 |
016f:1c63294c 53 push ebx |
15 |
016f:1c63294c 53 push ebx |
| 10 |
016f:1c63294d 55 push ebp |
16 |
016f:1c63294d 55 push ebp |
| 11 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
17 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 12 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
18 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 13 |
016f:1c63295f 85c9 test ecx,ecx |
19 |
016f:1c63295f 85c9 test ecx,ecx |
| 14 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
20 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 15 |
016f:1c632963 56 push esi |
21 |
016f:1c632963 56 push esi |
| 16 |
016f:1c632964 57 push edi |
22 |
016f:1c632964 57 push edi |
| 17 |
016f:1c632965 53 push ebx |
23 |
016f:1c632965 53 push ebx |
| 18 |
016f:1c632966 55 push ebp |
24 |
016f:1c632966 55 push ebp |
| 19 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
25 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 20 |
016f:1c63296d 5f pop edi |
26 |
016f:1c63296d 5f pop edi |
| 21 |
016f:1c63296e 5e pop esi |
27 |
016f:1c63296e 5e pop esi |
| 22 |
016f:1c63296f 5d pop ebp |
28 |
016f:1c63296f 5d pop ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
9 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
| 4 |
016f:bff641ad 90 nop |
10 |
016f:bff641ad 90 nop |
| 5 |
016f:bff641ae c3 retd |
11 |
016f:bff641ae c3 retd |
| 6 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
12 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
| 7 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
13 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
| 8 |
016f:bff641b4 52 push edx |
14 |
016f:bff641b4 52 push edx |
| 9 |
016f:bff641b5 51 push ecx |
15 |
016f:bff641b5 51 push ecx |
| 10 |
016f:bff641b6 52 push edx |
16 |
016f:bff641b6 52 push edx |
| 11 |
016f:bff641b7 681d002a00 push 002a001d |
17 |
016f:bff641b7 681d002a00 push 002a001d |
| 12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff641c2 5a pop edx |
19 |
016f:bff641c2 5a pop edx |
| 14 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
20 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 15 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
21 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 16 |
016f:bff641c9 50 push eax |
22 |
016f:bff641c9 50 push eax |
| 17 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
23 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 18 |
016f:bff641cf 58 pop eax |
24 |
016f:bff641cf 58 pop eax |
| 19 |
016f:bff641d0 c20400 retd 0004 |
25 |
016f:bff641d0 c20400 retd 0004 |
| 20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
26 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
27 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
28 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
9 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 4 |
016f:bff61809 c3 retd |
10 |
016f:bff61809 c3 retd |
| 5 |
016f:bff6180a 52 push edx |
11 |
016f:bff6180a 52 push edx |
| 6 |
016f:bff6180b 50 push eax |
12 |
016f:bff6180b 50 push eax |
| 7 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
13 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
| 8 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
14 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
| 9 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
15 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
| 10 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
16 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
| 11 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
18 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 13 |
016f:bff6182e 58 pop eax |
19 |
016f:bff6182e 58 pop eax |
| 14 |
016f:bff6182f 5a pop edx |
20 |
016f:bff6182f 5a pop edx |
| 15 |
016f:bff61830 c3 retd |
21 |
016f:bff61830 c3 retd |
| 16 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
22 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
| 17 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
23 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
| 18 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
24 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
| 19 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
25 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
| 20 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
26 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 21 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
27 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 22 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
28 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
8 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff8bae5 b14e mov cl,4e |
9 |
016f:bff8bae5 b14e mov cl,4e |
| 4 |
016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
10 |
016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
| 5 |
016f:bff8bae9 b14d mov cl,4d |
11 |
016f:bff8bae9 b14d mov cl,4d |
| 6 |
016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
12 |
016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
| 7 |
016f:bff8baed b13e mov cl,3e |
13 |
016f:bff8baed b13e mov cl,3e |
| 8 |
016f:bff8baef 55 push ebp |
14 |
016f:bff8baef 55 push ebp |
| 9 |
016f:bff8baf0 8bec mov ebp,esp |
15 |
016f:bff8baf0 8bec mov ebp,esp |
| 10 |
016f:bff8baf2 51 push ecx |
16 |
016f:bff8baf2 51 push ecx |
| 11 |
016f:bff8baf3 83ec3c sub esp,+3c |
17 |
016f:bff8baf3 83ec3c sub esp,+3c |
| 12 |
016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 |
18 |
016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 |
| 13 |
016f:bff8bafd c3 retd |
19 |
016f:bff8bafd c3 retd |
| 14 |
016f:bff8bafe b101 mov cl,01 |
20 |
016f:bff8bafe b101 mov cl,01 |
| 15 |
016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
21 |
016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
| 16 |
016f:bff8bb02 b14f mov cl,4f |
22 |
016f:bff8bb02 b14f mov cl,4f |
| 17 |
016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
23 |
016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
| 18 |
016f:bff8bb06 b105 mov cl,05 |
24 |
016f:bff8bb06 b105 mov cl,05 |
| 19 |
016f:bff8bb08 55 push ebp |
25 |
016f:bff8bb08 55 push ebp |
| 20 |
016f:bff8bb09 8bec mov ebp,esp |
26 |
016f:bff8bb09 8bec mov ebp,esp |
| 21 |
016f:bff8bb0b 51 push ecx |
27 |
016f:bff8bb0b 51 push ecx |
| 22 |
016f:bff8bb0c 83ec3c sub esp,+3c |
28 |
016f:bff8bb0c 83ec3c sub esp,+3c |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6151d 660bff or di,di |
9 |
016f:bff6151d 660bff or di,di |
| 4 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
10 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
| 5 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
11 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 6 |
016f:bff61527 ff30 push dword ptr [eax] |
12 |
016f:bff61527 ff30 push dword ptr [eax] |
| 7 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
13 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
| 8 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
14 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
| 9 |
016f:bff61536 6683ef01 sub di,+01 |
15 |
016f:bff61536 6683ef01 sub di,+01 |
| 10 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
16 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
| 11 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff6154f 8bc6 mov eax,esi |
19 |
016f:bff6154f 8bc6 mov eax,esi |
| 14 |
016f:bff61551 0fb6cb movzx ecx,bl |
20 |
016f:bff61551 0fb6cb movzx ecx,bl |
| 15 |
016f:bff61554 5f pop edi |
21 |
016f:bff61554 5f pop edi |
| 16 |
016f:bff61555 5e pop esi |
22 |
016f:bff61555 5e pop esi |
| 17 |
016f:bff61556 5b pop ebx |
23 |
016f:bff61556 5b pop ebx |
| 18 |
016f:bff61557 5d pop ebp |
24 |
016f:bff61557 5d pop ebp |
| 19 |
016f:bff61558 5a pop edx |
25 |
016f:bff61558 5a pop edx |
| 20 |
016f:bff61559 03e1 add esp,ecx |
26 |
016f:bff61559 03e1 add esp,ecx |
| 21 |
016f:bff6155b ffe2 jmp edx |
27 |
016f:bff6155b ffe2 jmp edx |
| 22 |
016f:bff6155d 55 push ebp |
28 |
016f:bff6155d 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ec703 c3 retd |
9 |
016f:1c6ec703 c3 retd |
| 4 |
016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] |
10 |
016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] |
| 5 |
016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] |
11 |
016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] |
| 6 |
016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:1c6ec710 51 push ecx |
13 |
016f:1c6ec710 51 push ecx |
| 8 |
016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] |
14 |
016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] |
| 9 |
016f:1c6ec715 52 push edx |
15 |
016f:1c6ec715 52 push edx |
| 10 |
016f:1c6ec716 50 push eax |
16 |
016f:1c6ec716 50 push eax |
| 11 |
016f:1c6ec717 51 push ecx |
17 |
016f:1c6ec717 51 push ecx |
| 12 |
016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA |
18 |
016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA |
| 13 |
016f:1c6ec71f 90 nop |
19 |
016f:1c6ec71f 90 nop |
| 14 |
016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] |
20 |
016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] |
| 15 |
016f:1c6ec725 85c0 test eax,eax |
21 |
016f:1c6ec725 85c0 test eax,eax |
| 16 |
016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 |
22 |
016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 |
| 17 |
016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] |
23 |
016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] |
| 18 |
016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] |
24 |
016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] |
| 19 |
016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] |
25 |
016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] |
| 20 |
016f:1c6ec735 50 push eax |
26 |
016f:1c6ec735 50 push eax |
| 21 |
016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] |
27 |
016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] |
| 22 |
016f:1c6ec73a 51 push ecx |
28 |
016f:1c6ec73a 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c62d67d 90 nop |
9 |
016f:1c62d67d 90 nop |
| 4 |
016f:1c62d67e 90 nop |
10 |
016f:1c62d67e 90 nop |
| 5 |
016f:1c62d67f 90 nop |
11 |
016f:1c62d67f 90 nop |
| 6 |
016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] |
12 |
016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] |
| 7 |
016f:1c62d684 8b09 mov ecx,dword ptr [ecx] |
13 |
016f:1c62d684 8b09 mov ecx,dword ptr [ecx] |
| 8 |
016f:1c62d686 50 push eax |
14 |
016f:1c62d686 50 push eax |
| 9 |
016f:1c62d687 6a00 push +00 |
15 |
016f:1c62d687 6a00 push +00 |
| 10 |
016f:1c62d689 6882040000 push 00000482 |
16 |
016f:1c62d689 6882040000 push 00000482 |
| 11 |
016f:1c62d68e 51 push ecx |
17 |
016f:1c62d68e 51 push ecx |
| 12 |
016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 |
18 |
016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 |
| 13 |
016f:1c62d697 c20400 retd 0004 |
19 |
016f:1c62d697 c20400 retd 0004 |
| 14 |
016f:1c62d69a 90 nop |
20 |
016f:1c62d69a 90 nop |
| 15 |
016f:1c62d69b 90 nop |
21 |
016f:1c62d69b 90 nop |
| 16 |
016f:1c62d69c 90 nop |
22 |
016f:1c62d69c 90 nop |
| 17 |
016f:1c62d69d 90 nop |
23 |
016f:1c62d69d 90 nop |
| 18 |
016f:1c62d69e 90 nop |
24 |
016f:1c62d69e 90 nop |
| 19 |
016f:1c62d69f 90 nop |
25 |
016f:1c62d69f 90 nop |
| 20 |
016f:1c62d6a0 56 push esi |
26 |
016f:1c62d6a0 56 push esi |
| 21 |
016f:1c62d6a1 57 push edi |
27 |
016f:1c62d6a1 57 push edi |
| 22 |
016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] |
28 |
016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c61db17 8b7c240c mov edi,dword ptr [esp+0c] |
9 |
016f:1c61db17 8b7c240c mov edi,dword ptr [esp+0c] |
| 4 |
016f:1c61db1b 894608 mov dword ptr [esi+08],eax |
10 |
016f:1c61db1b 894608 mov dword ptr [esi+08],eax |
| 5 |
016f:1c61db1e c7460c00000000 mov dword ptr [esi+0c],00000000 |
11 |
016f:1c61db1e c7460c00000000 mov dword ptr [esi+0c],00000000 |
| 6 |
016f:1c61db25 c6461801 mov byte ptr [esi+18],01 |
12 |
016f:1c61db25 c6461801 mov byte ptr [esi+18],01 |
| 7 |
016f:1c61db29 8937 mov dword ptr [edi],esi |
13 |
016f:1c61db29 8937 mov dword ptr [edi],esi |
| 8 |
016f:1c61db2b e830f90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 |
14 |
016f:1c61db2b e830f90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 |
| 9 |
016f:1c61db30 8b80f8000000 mov eax,dword ptr [eax+000000f8] |
15 |
016f:1c61db30 8b80f8000000 mov eax,dword ptr [eax+000000f8] |
| 10 |
016f:1c61db36 56 push esi |
16 |
016f:1c61db36 56 push esi |
| 11 |
016f:1c61db37 8bc8 mov ecx,eax |
17 |
016f:1c61db37 8bc8 mov ecx,eax |
| 12 |
016f:1c61db39 e842fb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 |
18 |
016f:1c61db39 e842fb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 |
| 13 |
016f:1c61db40 7405 jz 1c61db47 = VCL641MI.DLL:.text+0x1cb47 |
19 |
016f:1c61db40 7405 jz 1c61db47 = VCL641MI.DLL:.text+0x1cb47 |
| 14 |
016f:1c61db42 5f pop edi |
20 |
016f:1c61db42 5f pop edi |
| 15 |
016f:1c61db43 b001 mov al,01 |
21 |
016f:1c61db43 b001 mov al,01 |
| 16 |
016f:1c61db45 5e pop esi |
22 |
016f:1c61db45 5e pop esi |
| 17 |
016f:1c61db46 c3 retd |
23 |
016f:1c61db46 c3 retd |
| 18 |
016f:1c61db47 56 push esi |
24 |
016f:1c61db47 56 push esi |
| 19 |
016f:1c61db48 c70700000000 mov dword ptr [edi],00000000 |
25 |
016f:1c61db48 c70700000000 mov dword ptr [edi],00000000 |
| 20 |
016f:1c61db4e e819750d00 call 1c6f506c = TL641MI.DLL!21 |
26 |
016f:1c61db4e e819750d00 call 1c6f506c = TL641MI.DLL!21 |
| 21 |
016f:1c61db53 83c404 add esp,+04 |
27 |
016f:1c61db53 83c404 add esp,+04 |
| 22 |
016f:1c61db56 32c0 xor al,al |
28 |
016f:1c61db56 32c0 xor al,al |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6acdcc 0f94c1 setz cl |
9 |
016f:1c6acdcc 0f94c1 setz cl |
| 4 |
016f:1c6acdcf 8888a2000000 mov byte ptr [eax+000000a2],cl |
10 |
016f:1c6acdcf 8888a2000000 mov byte ptr [eax+000000a2],cl |
| 5 |
016f:1c6acdd5 8b86f4000000 mov eax,dword ptr [esi+000000f4] |
11 |
016f:1c6acdd5 8b86f4000000 mov eax,dword ptr [esi+000000f4] |
| 6 |
016f:1c6acddb 8d542408 lea edx,[esp+08] |
12 |
016f:1c6acddb 8d542408 lea edx,[esp+08] |
| 7 |
016f:1c6acddf 83c06c add eax,+6c |
13 |
016f:1c6acddf 83c06c add eax,+6c |
| 8 |
016f:1c6acde2 52 push edx |
14 |
016f:1c6acde2 52 push edx |
| 9 |
016f:1c6acde3 50 push eax |
15 |
016f:1c6acde3 50 push eax |
| 10 |
016f:1c6acde4 89742410 mov dword ptr [esp+10],esi |
16 |
016f:1c6acde4 89742410 mov dword ptr [esp+10],esi |
| 11 |
016f:1c6acde8 c744241400be6a1c mov dword ptr [esp+14],1c6abe00 |
17 |
016f:1c6acde8 c744241400be6a1c mov dword ptr [esp+14],1c6abe00 |
| 12 |
016f:1c6acdf0 e8db0cf7ff call 1c61dad0 = VCL641MI.DLL!383 |
18 |
016f:1c6acdf0 e8db0cf7ff call 1c61dad0 = VCL641MI.DLL!383 |
| 13 |
016f:1c6acdfb 83c40c add esp,+0c |
19 |
016f:1c6acdfb 83c40c add esp,+0c |
| 14 |
016f:1c6acdfe 8b4128 mov eax,dword ptr [ecx+28] |
20 |
016f:1c6acdfe 8b4128 mov eax,dword ptr [ecx+28] |
| 15 |
016f:1c6ace01 85c0 test eax,eax |
21 |
016f:1c6ace01 85c0 test eax,eax |
| 16 |
016f:1c6ace03 7413 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 |
22 |
016f:1c6ace03 7413 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 |
| 17 |
016f:1c6ace05 8b8058010000 mov eax,dword ptr [eax+00000158] |
23 |
016f:1c6ace05 8b8058010000 mov eax,dword ptr [eax+00000158] |
| 18 |
016f:1c6ace0b 85c0 test eax,eax |
24 |
016f:1c6ace0b 85c0 test eax,eax |
| 19 |
016f:1c6ace0d 7409 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 |
25 |
016f:1c6ace0d 7409 jz 1c6ace18 = VCL641MI.DLL:.text+0xabe18 |
| 20 |
016f:1c6ace0f 6a01 push +01 |
26 |
016f:1c6ace0f 6a01 push +01 |
| 21 |
016f:1c6ace11 8bc8 mov ecx,eax |
27 |
016f:1c6ace11 8bc8 mov ecx,eax |
| 22 |
016f:1c6ace13 e848d6f8ff call 1c63a460 = VCL641MI.DLL:.text+0x39460 |
28 |
016f:1c6ace13 e848d6f8ff call 1c63a460 = VCL641MI.DLL:.text+0x39460 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
8 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ac3c8 83c414 add esp,+14 |
9 |
016f:1c6ac3c8 83c414 add esp,+14 |
| 4 |
016f:1c6ac3cb 8bc3 mov eax,ebx |
10 |
016f:1c6ac3cb 8bc3 mov eax,ebx |
| 5 |
016f:1c6ac3cd 5f pop edi |
11 |
016f:1c6ac3cd 5f pop edi |
| 6 |
016f:1c6ac3ce 5e pop esi |
12 |
016f:1c6ac3ce 5e pop esi |
| 7 |
016f:1c6ac3cf 5b pop ebx |
13 |
016f:1c6ac3cf 5b pop ebx |
| 8 |
016f:1c6ac3d0 83c420 add esp,+20 |
14 |
016f:1c6ac3d0 83c420 add esp,+20 |
| 9 |
016f:1c6ac3d3 c3 retd |
15 |
016f:1c6ac3d3 c3 retd |
| 10 |
016f:1c6ac3d4 8b442430 mov eax,dword ptr [esp+30] |
16 |
016f:1c6ac3d4 8b442430 mov eax,dword ptr [esp+30] |
| 11 |
016f:1c6ac3d8 50 push eax |
17 |
016f:1c6ac3d8 50 push eax |
| 12 |
016f:1c6ac3d9 e8c2090000 call 1c6acda0 = VCL641MI.DLL:.text+0xabda0 |
18 |
016f:1c6ac3d9 e8c2090000 call 1c6acda0 = VCL641MI.DLL:.text+0xabda0 |
| 13 |
016f:1c6ac3e1 8bc3 mov eax,ebx |
19 |
016f:1c6ac3e1 8bc3 mov eax,ebx |
| 14 |
016f:1c6ac3e3 5f pop edi |
20 |
016f:1c6ac3e3 5f pop edi |
| 15 |
016f:1c6ac3e4 5e pop esi |
21 |
016f:1c6ac3e4 5e pop esi |
| 16 |
016f:1c6ac3e5 5b pop ebx |
22 |
016f:1c6ac3e5 5b pop ebx |
| 17 |
016f:1c6ac3e6 83c420 add esp,+20 |
23 |
016f:1c6ac3e6 83c420 add esp,+20 |
| 18 |
016f:1c6ac3e9 c3 retd |
24 |
016f:1c6ac3e9 c3 retd |
| 19 |
016f:1c6ac3ea 8b4c2430 mov ecx,dword ptr [esp+30] |
25 |
016f:1c6ac3ea 8b4c2430 mov ecx,dword ptr [esp+30] |
| 20 |
016f:1c6ac3ee 51 push ecx |
26 |
016f:1c6ac3ee 51 push ecx |
| 21 |
016f:1c6ac3ef e82c0a0000 call 1c6ace20 = VCL641MI.DLL:.text+0xabe20 |
27 |
016f:1c6ac3ef e82c0a0000 call 1c6ace20 = VCL641MI.DLL:.text+0xabe20 |
| 22 |
016f:1c6ac3f4 83c404 add esp,+04 |
28 |
016f:1c6ac3f4 83c404 add esp,+04 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
9 |
016f:004c23ea ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
| 4 |
016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] |
10 |
016f:004c23f0 8b4618 mov eax,dword ptr [esi+18] |
| 5 |
016f:004c23f3 48 dec eax |
11 |
016f:004c23f3 48 dec eax |
| 6 |
016f:004c23f4 894618 mov dword ptr [esi+18],eax |
12 |
016f:004c23f4 894618 mov dword ptr [esi+18],eax |
| 7 |
016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 |
13 |
016f:004c23f7 7507 jnz 004c2400 = SAL3.DLL:.text+0x1400 |
| 8 |
016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 |
14 |
016f:004c23f9 c7461c00000000 mov dword ptr [esi+1c],00000000 |
| 9 |
016f:004c2400 68f0916500 push 006591f0 |
15 |
016f:004c2400 68f0916500 push 006591f0 |
| 10 |
016f:004c2405 ffd7 call edi |
16 |
016f:004c2405 ffd7 call edi |
| 11 |
016f:004c2407 56 push esi |
17 |
016f:004c2407 56 push esi |
| 12 |
016f:004c2408 ffd7 call edi |
18 |
016f:004c2408 ffd7 call edi |
| 13 |
016f:004c240b b001 mov al,01 |
19 |
016f:004c240b b001 mov al,01 |
| 14 |
016f:004c240d 5e pop esi |
20 |
016f:004c240d 5e pop esi |
| 15 |
016f:004c240e c3 retd |
21 |
016f:004c240e c3 retd |
| 16 |
016f:004c240f 90 nop |
22 |
016f:004c240f 90 nop |
| 17 |
016f:004c2410 b878966500 mov eax,00659678 |
23 |
016f:004c2410 b878966500 mov eax,00659678 |
| 18 |
016f:004c2415 c3 retd |
24 |
016f:004c2415 c3 retd |
| 19 |
016f:004c2416 90 nop |
25 |
016f:004c2416 90 nop |
| 20 |
016f:004c2417 90 nop |
26 |
016f:004c2417 90 nop |
| 21 |
016f:004c2418 90 nop |
27 |
016f:004c2418 90 nop |
| 22 |
016f:004c2419 90 nop |
28 |
016f:004c2419 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c20921a 90 nop |
9 |
016f:1c20921a 90 nop |
| 4 |
016f:1c20921b 90 nop |
10 |
016f:1c20921b 90 nop |
| 5 |
016f:1c20921c 90 nop |
11 |
016f:1c20921c 90 nop |
| 6 |
016f:1c20921d 90 nop |
12 |
016f:1c20921d 90 nop |
| 7 |
016f:1c20921e 90 nop |
13 |
016f:1c20921e 90 nop |
| 8 |
016f:1c20921f 90 nop |
14 |
016f:1c20921f 90 nop |
| 9 |
016f:1c209220 8b442404 mov eax,dword ptr [esp+04] |
15 |
016f:1c209220 8b442404 mov eax,dword ptr [esp+04] |
| 10 |
016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] |
16 |
016f:1c209224 8b4804 mov ecx,dword ptr [eax+04] |
| 11 |
016f:1c209227 51 push ecx |
17 |
016f:1c209227 51 push ecx |
| 12 |
016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex |
18 |
016f:1c209228 e8e5340000 call 1c20c712 = SAL3.DLL!osl_releaseMutex |
| 13 |
016f:1c20922e c3 retd |
19 |
016f:1c20922e c3 retd |
| 14 |
016f:1c20922f 90 nop |
20 |
016f:1c20922f 90 nop |
| 15 |
016f:1c209230 83e904 sub ecx,+04 |
21 |
016f:1c209230 83e904 sub ecx,+04 |
| 16 |
016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 |
22 |
016f:1c209233 e958ffffff jmp 1c209190 = VOS2MSC.DLL!623 |
| 17 |
016f:1c209238 cc int 3 |
23 |
016f:1c209238 cc int 3 |
| 18 |
016f:1c209239 cc int 3 |
24 |
016f:1c209239 cc int 3 |
| 19 |
016f:1c20923a cc int 3 |
25 |
016f:1c20923a cc int 3 |
| 20 |
016f:1c20923b cc int 3 |
26 |
016f:1c20923b cc int 3 |
| 21 |
016f:1c20923c cc int 3 |
27 |
016f:1c20923c cc int 3 |
| 22 |
016f:1c20923d cc int 3 |
28 |
016f:1c20923d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 |
9 |
016f:1c6dc3c1 e888920100 call 1c6f564e = VOS2MSC.DLL!628 |
| 4 |
016f:1c6dc3c6 83c404 add esp,+04 |
10 |
016f:1c6dc3c6 83c404 add esp,+04 |
| 5 |
016f:1c6dc3c9 5e pop esi |
11 |
016f:1c6dc3c9 5e pop esi |
| 6 |
016f:1c6dc3ca c3 retd |
12 |
016f:1c6dc3ca c3 retd |
| 7 |
016f:1c6dc3cb 83f801 cmp eax,+01 |
13 |
016f:1c6dc3cb 83f801 cmp eax,+01 |
| 8 |
016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 |
14 |
016f:1c6dc3ce 7507 jnz 1c6dc3d7 = VCL641MI.DLL:.text+0xdb3d7 |
| 9 |
016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 |
15 |
016f:1c6dc3d0 c7461000000000 mov dword ptr [esi+10],00000000 |
| 10 |
016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] |
16 |
016f:1c6dc3d7 ff4e0c dec dword ptr [esi+0c] |
| 11 |
016f:1c6dc3da 56 push esi |
17 |
016f:1c6dc3da 56 push esi |
| 12 |
016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 |
18 |
016f:1c6dc3db e86e920100 call 1c6f564e = VOS2MSC.DLL!628 |
| 13 |
016f:1c6dc3e3 5e pop esi |
19 |
016f:1c6dc3e3 5e pop esi |
| 14 |
016f:1c6dc3e4 c3 retd |
20 |
016f:1c6dc3e4 c3 retd |
| 15 |
016f:1c6dc3e5 90 nop |
21 |
016f:1c6dc3e5 90 nop |
| 16 |
016f:1c6dc3e6 90 nop |
22 |
016f:1c6dc3e6 90 nop |
| 17 |
016f:1c6dc3e7 90 nop |
23 |
016f:1c6dc3e7 90 nop |
| 18 |
016f:1c6dc3e8 90 nop |
24 |
016f:1c6dc3e8 90 nop |
| 19 |
016f:1c6dc3e9 90 nop |
25 |
016f:1c6dc3e9 90 nop |
| 20 |
016f:1c6dc3ea 90 nop |
26 |
016f:1c6dc3ea 90 nop |
| 21 |
016f:1c6dc3eb 90 nop |
27 |
016f:1c6dc3eb 90 nop |
| 22 |
016f:1c6dc3ec 90 nop |
28 |
016f:1c6dc3ec 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dc576 8b08 mov ecx,dword ptr [eax] |
9 |
016f:1c6dc576 8b08 mov ecx,dword ptr [eax] |
| 4 |
016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] |
10 |
016f:1c6dc578 8b7144 mov esi,dword ptr [ecx+44] |
| 5 |
016f:1c6dc57b 85f6 test esi,esi |
11 |
016f:1c6dc57b 85f6 test esi,esi |
| 6 |
016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 |
12 |
016f:1c6dc57d 7415 jz 1c6dc594 = VCL641MI.DLL:.text+0xdb594 |
| 7 |
016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush |
13 |
016f:1c6dc57f ff1518f06f1c call dword ptr [1c6ff018] -> GDI32.DLL!GdiFlush |
| 8 |
016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] |
14 |
016f:1c6dc585 8b4610 mov eax,dword ptr [esi+10] |
| 9 |
016f:1c6dc588 83c004 add eax,+04 |
15 |
016f:1c6dc588 83c004 add eax,+04 |
| 10 |
016f:1c6dc58b 50 push eax |
16 |
016f:1c6dc58b 50 push eax |
| 11 |
016f:1c6dc58c 8b10 mov edx,dword ptr [eax] |
17 |
016f:1c6dc58c 8b10 mov edx,dword ptr [eax] |
| 12 |
016f:1c6dc58e ff5208 call dword ptr [edx+08] |
18 |
016f:1c6dc58e ff5208 call dword ptr [edx+08] |
| 13 |
016f:1c6dc594 5e pop esi |
19 |
016f:1c6dc594 5e pop esi |
| 14 |
016f:1c6dc595 c3 retd |
20 |
016f:1c6dc595 c3 retd |
| 15 |
016f:1c6dc596 90 nop |
21 |
016f:1c6dc596 90 nop |
| 16 |
016f:1c6dc597 90 nop |
22 |
016f:1c6dc597 90 nop |
| 17 |
016f:1c6dc598 90 nop |
23 |
016f:1c6dc598 90 nop |
| 18 |
016f:1c6dc599 90 nop |
24 |
016f:1c6dc599 90 nop |
| 19 |
016f:1c6dc59a 90 nop |
25 |
016f:1c6dc59a 90 nop |
| 20 |
016f:1c6dc59b 90 nop |
26 |
016f:1c6dc59b 90 nop |
| 21 |
016f:1c6dc59c 90 nop |
27 |
016f:1c6dc59c 90 nop |
| 22 |
016f:1c6dc59d 90 nop |
28 |
016f:1c6dc59d 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c631837 0f94c0 setz al |
9 |
016f:1c631837 0f94c0 setz al |
| 4 |
016f:1c63183a 888685000000 mov byte ptr [esi+00000085],al |
10 |
016f:1c63183a 888685000000 mov byte ptr [esi+00000085],al |
| 5 |
016f:1c631840 8b4e18 mov ecx,dword ptr [esi+18] |
11 |
016f:1c631840 8b4e18 mov ecx,dword ptr [esi+18] |
| 6 |
016f:1c631843 6a00 push +00 |
12 |
016f:1c631843 6a00 push +00 |
| 7 |
016f:1c631845 6a0a push +0a |
13 |
016f:1c631845 6a0a push +0a |
| 8 |
016f:1c631847 56 push esi |
14 |
016f:1c631847 56 push esi |
| 9 |
016f:1c631848 51 push ecx |
15 |
016f:1c631848 51 push ecx |
| 10 |
016f:1c631849 ff561c call dword ptr [esi+1c] |
16 |
016f:1c631849 ff561c call dword ptr [esi+1c] |
| 11 |
016f:1c63184c 83c410 add esp,+10 |
17 |
016f:1c63184c 83c410 add esp,+10 |
| 12 |
016f:1c63184f e81cad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
18 |
016f:1c63184f e81cad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
| 13 |
016f:1c631855 5e pop esi |
19 |
016f:1c631855 5e pop esi |
| 14 |
016f:1c631856 c3 retd |
20 |
016f:1c631856 c3 retd |
| 15 |
016f:1c631857 8b5618 mov edx,dword ptr [esi+18] |
21 |
016f:1c631857 8b5618 mov edx,dword ptr [esi+18] |
| 16 |
016f:1c63185a 6a00 push +00 |
22 |
016f:1c63185a 6a00 push +00 |
| 17 |
016f:1c63185c 6a0b push +0b |
23 |
016f:1c63185c 6a0b push +0b |
| 18 |
016f:1c63185e 56 push esi |
24 |
016f:1c63185e 56 push esi |
| 19 |
016f:1c63185f 52 push edx |
25 |
016f:1c63185f 52 push edx |
| 20 |
016f:1c631860 ff561c call dword ptr [esi+1c] |
26 |
016f:1c631860 ff561c call dword ptr [esi+1c] |
| 21 |
016f:1c631863 83c410 add esp,+10 |
27 |
016f:1c631863 83c410 add esp,+10 |
| 22 |
016f:1c631866 e805ad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
28 |
016f:1c631866 e805ad0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c630351 6a00 push +00 |
9 |
016f:1c630351 6a00 push +00 |
| 4 |
016f:1c630353 6a00 push +00 |
10 |
016f:1c630353 6a00 push +00 |
| 5 |
016f:1c630355 688b040000 push 0000048b |
11 |
016f:1c630355 688b040000 push 0000048b |
| 6 |
016f:1c63035a 56 push esi |
12 |
016f:1c63035a 56 push esi |
| 7 |
016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 |
13 |
016f:1c63035b e8c0c30b00 call 1c6ec720 = VCL641MI.DLL:.text+0xeb720 |
| 8 |
016f:1c630360 83c410 add esp,+10 |
14 |
016f:1c630360 83c410 add esp,+10 |
| 9 |
016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
15 |
016f:1c630363 e91c030000 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
| 10 |
016f:1c630368 ff154cf36f1c call dword ptr [1c6ff34c] -> USER32.DLL!DestroyCaret |
16 |
016f:1c630368 ff154cf36f1c call dword ptr [1c6ff34c] -> USER32.DLL!DestroyCaret |
| 11 |
016f:1c63036e 56 push esi |
17 |
016f:1c63036e 56 push esi |
| 12 |
016f:1c63036f e83c140000 call 1c6317b0 = VCL641MI.DLL:.text+0x307b0 |
18 |
016f:1c63036f e83c140000 call 1c6317b0 = VCL641MI.DLL:.text+0x307b0 |
| 13 |
016f:1c630377 e902030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
19 |
016f:1c630377 e902030000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 14 |
016f:1c63037c 56 push esi |
20 |
016f:1c63037c 56 push esi |
| 15 |
016f:1c63037d e80e150000 call 1c631890 = VCL641MI.DLL:.text+0x30890 |
21 |
016f:1c63037d e80e150000 call 1c631890 = VCL641MI.DLL:.text+0x30890 |
| 16 |
016f:1c630382 83c404 add esp,+04 |
22 |
016f:1c630382 83c404 add esp,+04 |
| 17 |
016f:1c630385 e9f4020000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
23 |
016f:1c630385 e9f4020000 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 18 |
016f:1c63038a a10cd5711c mov eax,dword ptr [1c71d50c] |
24 |
016f:1c63038a a10cd5711c mov eax,dword ptr [1c71d50c] |
| 19 |
016f:1c63038f 85c0 test eax,eax |
25 |
016f:1c63038f 85c0 test eax,eax |
| 20 |
016f:1c630391 751d jnz 1c6303b0 = VCL641MI.DLL:.text+0x2f3b0 |
26 |
016f:1c630391 751d jnz 1c6303b0 = VCL641MI.DLL:.text+0x2f3b0 |
| 21 |
016f:1c630393 56 push esi |
27 |
016f:1c630393 56 push esi |
| 22 |
016f:1c630394 890d0cd5711c mov dword ptr [1c71d50c],ecx |
28 |
016f:1c630394 890d0cd5711c mov dword ptr [1c71d50c],ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
9 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
| 4 |
016f:1c632944 57 push edi |
10 |
016f:1c632944 57 push edi |
| 5 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
11 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
| 6 |
016f:1c632949 50 push eax |
12 |
016f:1c632949 50 push eax |
| 7 |
016f:1c63294a 56 push esi |
13 |
016f:1c63294a 56 push esi |
| 8 |
016f:1c63294b 57 push edi |
14 |
016f:1c63294b 57 push edi |
| 9 |
016f:1c63294c 53 push ebx |
15 |
016f:1c63294c 53 push ebx |
| 10 |
016f:1c63294d 55 push ebp |
16 |
016f:1c63294d 55 push ebp |
| 11 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
17 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 12 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
18 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 13 |
016f:1c63295f 85c9 test ecx,ecx |
19 |
016f:1c63295f 85c9 test ecx,ecx |
| 14 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
20 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 15 |
016f:1c632963 56 push esi |
21 |
016f:1c632963 56 push esi |
| 16 |
016f:1c632964 57 push edi |
22 |
016f:1c632964 57 push edi |
| 17 |
016f:1c632965 53 push ebx |
23 |
016f:1c632965 53 push ebx |
| 18 |
016f:1c632966 55 push ebp |
24 |
016f:1c632966 55 push ebp |
| 19 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
25 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 20 |
016f:1c63296d 5f pop edi |
26 |
016f:1c63296d 5f pop edi |
| 21 |
016f:1c63296e 5e pop esi |
27 |
016f:1c63296e 5e pop esi |
| 22 |
016f:1c63296f 5d pop ebp |
28 |
016f:1c63296f 5d pop ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
9 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
| 4 |
016f:bff641ad 90 nop |
10 |
016f:bff641ad 90 nop |
| 5 |
016f:bff641ae c3 retd |
11 |
016f:bff641ae c3 retd |
| 6 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
12 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
| 7 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
13 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
| 8 |
016f:bff641b4 52 push edx |
14 |
016f:bff641b4 52 push edx |
| 9 |
016f:bff641b5 51 push ecx |
15 |
016f:bff641b5 51 push ecx |
| 10 |
016f:bff641b6 52 push edx |
16 |
016f:bff641b6 52 push edx |
| 11 |
016f:bff641b7 681d002a00 push 002a001d |
17 |
016f:bff641b7 681d002a00 push 002a001d |
| 12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff641c2 5a pop edx |
19 |
016f:bff641c2 5a pop edx |
| 14 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
20 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 15 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
21 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 16 |
016f:bff641c9 50 push eax |
22 |
016f:bff641c9 50 push eax |
| 17 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
23 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 18 |
016f:bff641cf 58 pop eax |
24 |
016f:bff641cf 58 pop eax |
| 19 |
016f:bff641d0 c20400 retd 0004 |
25 |
016f:bff641d0 c20400 retd 0004 |
| 20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
26 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
27 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
28 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
9 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 4 |
016f:bff61809 c3 retd |
10 |
016f:bff61809 c3 retd |
| 5 |
016f:bff6180a 52 push edx |
11 |
016f:bff6180a 52 push edx |
| 6 |
016f:bff6180b 50 push eax |
12 |
016f:bff6180b 50 push eax |
| 7 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
13 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
| 8 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
14 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
| 9 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
15 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
| 10 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
16 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
| 11 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
18 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 13 |
016f:bff6182e 58 pop eax |
19 |
016f:bff6182e 58 pop eax |
| 14 |
016f:bff6182f 5a pop edx |
20 |
016f:bff6182f 5a pop edx |
| 15 |
016f:bff61830 c3 retd |
21 |
016f:bff61830 c3 retd |
| 16 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
22 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
| 17 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
23 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
| 18 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
24 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
| 19 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
25 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
| 20 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
26 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 21 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
27 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 22 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
28 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
8 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
8 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 89 44 24 1c e8 9e 6a 0b 00 eb 56 6a 04 e8 b7 45 .D$...j...Vj...E |
8 |
-> 89 44 24 1c e8 9e 6a 0b 00 eb 56 6a 04 e8 b7 45 .D$...j...Vj...E |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
9 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
| 4 |
016f:bff641ad 90 nop |
10 |
016f:bff641ad 90 nop |
| 5 |
016f:bff641ae c3 retd |
11 |
016f:bff641ae c3 retd |
| 6 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
12 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
| 7 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
13 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
| 8 |
016f:bff641b4 52 push edx |
14 |
016f:bff641b4 52 push edx |
| 9 |
016f:bff641b5 51 push ecx |
15 |
016f:bff641b5 51 push ecx |
| 10 |
016f:bff641b6 52 push edx |
16 |
016f:bff641b6 52 push edx |
| 11 |
016f:bff641b7 681d002a00 push 002a001d |
17 |
016f:bff641b7 681d002a00 push 002a001d |
| 12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff641c2 5a pop edx |
19 |
016f:bff641c2 5a pop edx |
| 14 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
20 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 15 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
21 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 16 |
016f:bff641c9 50 push eax |
22 |
016f:bff641c9 50 push eax |
| 17 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
23 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 18 |
016f:bff641cf 58 pop eax |
24 |
016f:bff641cf 58 pop eax |
| 19 |
016f:bff641d0 c20400 retd 0004 |
25 |
016f:bff641d0 c20400 retd 0004 |
| 20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
26 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
27 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
28 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff43df9 006813 add byte ptr [eax+13],ch |
9 |
016f:bff43df9 006813 add byte ptr [eax+13],ch |
| 4 |
016f:bff43dfc 3ef4 ?hlt |
10 |
016f:bff43dfc 3ef4 ?hlt |
| 5 |
016f:bff43dfe bfff750666 mov edi,660675ff |
11 |
016f:bff43dfe bfff750666 mov edi,660675ff |
| 6 |
016f:bff43e03 bfffff6664 mov edi,6466ffff |
12 |
016f:bff43e03 bfffff6664 mov edi,6466ffff |
| 7 |
016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi |
13 |
016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi |
| 8 |
016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 |
14 |
016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 |
| 9 |
016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di |
15 |
016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di |
| 10 |
016f:bff43e1b 50 push eax |
16 |
016f:bff43e1b 50 push eax |
| 11 |
016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] |
17 |
016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] |
| 12 |
016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 |
18 |
016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 |
| 13 |
016f:bff43e28 2bf3 sub esi,ebx |
19 |
016f:bff43e28 2bf3 sub esi,ebx |
| 14 |
016f:bff43e2a 2beb sub ebp,ebx |
20 |
016f:bff43e2a 2beb sub ebp,ebx |
| 15 |
016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] |
21 |
016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] |
| 16 |
016f:bff43e30 6603f4 add si,sp |
22 |
016f:bff43e30 6603f4 add si,sp |
| 17 |
016f:bff43e33 6683ee04 sub si,+04 |
23 |
016f:bff43e33 6683ee04 sub si,+04 |
| 18 |
016f:bff43e37 6603ec add bp,sp |
24 |
016f:bff43e37 6603ec add bp,sp |
| 19 |
016f:bff43e3a 6683ed04 sub bp,+04 |
25 |
016f:bff43e3a 6683ed04 sub bp,+04 |
| 20 |
016f:bff43e3e 66cb retfd |
26 |
016f:bff43e3e 66cb retfd |
| 21 |
016f:bff43e40 ff750e push dword ptr [ebp+0e] |
27 |
016f:bff43e40 ff750e push dword ptr [ebp+0e] |
| 22 |
016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] |
28 |
016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff43df9 006813 add byte ptr [eax+13],ch |
9 |
016f:bff43df9 006813 add byte ptr [eax+13],ch |
| 4 |
016f:bff43dfc 3ef4 ?hlt |
10 |
016f:bff43dfc 3ef4 ?hlt |
| 5 |
016f:bff43dfe bfff750666 mov edi,660675ff |
11 |
016f:bff43dfe bfff750666 mov edi,660675ff |
| 6 |
016f:bff43e03 bfffff6664 mov edi,6466ffff |
12 |
016f:bff43e03 bfffff6664 mov edi,6466ffff |
| 7 |
016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi |
13 |
016f:bff43e08 873d1e000000 xchg dword ptr [0000001e],edi |
| 8 |
016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 |
14 |
016f:bff43e0e e903450000 jmp bff48316 = KERNEL32.DLL!51 |
| 9 |
016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di |
15 |
016f:bff43e13 6664893d1e000000 mov word ptr fs:[0000001e],di |
| 10 |
016f:bff43e1b 50 push eax |
16 |
016f:bff43e1b 50 push eax |
| 11 |
016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] |
17 |
016f:bff43e1c ff35e4d4f4bf push dword ptr [bff4d4e4] |
| 12 |
016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 |
18 |
016f:bff43e22 e8e3440000 call bff4830a = KERNEL32.DLL!97 |
| 13 |
016f:bff43e28 2bf3 sub esi,ebx |
19 |
016f:bff43e28 2bf3 sub esi,ebx |
| 14 |
016f:bff43e2a 2beb sub ebp,ebx |
20 |
016f:bff43e2a 2beb sub ebp,ebx |
| 15 |
016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] |
21 |
016f:bff43e2c 660fb223 lss sp,dword ptr [ebx] |
| 16 |
016f:bff43e30 6603f4 add si,sp |
22 |
016f:bff43e30 6603f4 add si,sp |
| 17 |
016f:bff43e33 6683ee04 sub si,+04 |
23 |
016f:bff43e33 6683ee04 sub si,+04 |
| 18 |
016f:bff43e37 6603ec add bp,sp |
24 |
016f:bff43e37 6603ec add bp,sp |
| 19 |
016f:bff43e3a 6683ed04 sub bp,+04 |
25 |
016f:bff43e3a 6683ed04 sub bp,+04 |
| 20 |
016f:bff43e3e 66cb retfd |
26 |
016f:bff43e3e 66cb retfd |
| 21 |
016f:bff43e40 ff750e push dword ptr [ebp+0e] |
27 |
016f:bff43e40 ff750e push dword ptr [ebp+0e] |
| 22 |
016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] |
28 |
016f:bff43e43 0fb74512 movzx eax,word ptr [ebp+12] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 90 90 6a ff 68 22 c0 48 00 64 a1 00 00 00 00 50 ..j.h".H.d.....P |
8 |
-> 90 90 6a ff 68 22 c0 48 00 64 a1 00 00 00 00 50 ..j.h".H.d.....P |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6151d 660bff or di,di |
9 |
016f:bff6151d 660bff or di,di |
| 4 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
10 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
| 5 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
11 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 6 |
016f:bff61527 ff30 push dword ptr [eax] |
12 |
016f:bff61527 ff30 push dword ptr [eax] |
| 7 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
13 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
| 8 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
14 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
| 9 |
016f:bff61536 6683ef01 sub di,+01 |
15 |
016f:bff61536 6683ef01 sub di,+01 |
| 10 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
16 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
| 11 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff6154f 8bc6 mov eax,esi |
19 |
016f:bff6154f 8bc6 mov eax,esi |
| 14 |
016f:bff61551 0fb6cb movzx ecx,bl |
20 |
016f:bff61551 0fb6cb movzx ecx,bl |
| 15 |
016f:bff61554 5f pop edi |
21 |
016f:bff61554 5f pop edi |
| 16 |
016f:bff61555 5e pop esi |
22 |
016f:bff61555 5e pop esi |
| 17 |
016f:bff61556 5b pop ebx |
23 |
016f:bff61556 5b pop ebx |
| 18 |
016f:bff61557 5d pop ebp |
24 |
016f:bff61557 5d pop ebp |
| 19 |
016f:bff61558 5a pop edx |
25 |
016f:bff61558 5a pop edx |
| 20 |
016f:bff61559 03e1 add esp,ecx |
26 |
016f:bff61559 03e1 add esp,ecx |
| 21 |
016f:bff6155b ffe2 jmp edx |
27 |
016f:bff6155b ffe2 jmp edx |
| 22 |
016f:bff6155d 55 push ebp |
28 |
016f:bff6155d 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
9 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 4 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
10 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 5 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
11 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
| 6 |
016f:1c63295f 85c9 test ecx,ecx |
12 |
016f:1c63295f 85c9 test ecx,ecx |
| 7 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
13 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 8 |
016f:1c632963 56 push esi |
14 |
016f:1c632963 56 push esi |
| 9 |
016f:1c632964 57 push edi |
15 |
016f:1c632964 57 push edi |
| 10 |
016f:1c632965 53 push ebx |
16 |
016f:1c632965 53 push ebx |
| 11 |
016f:1c632966 55 push ebp |
17 |
016f:1c632966 55 push ebp |
| 12 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
18 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 13 |
016f:1c63296e 5e pop esi |
19 |
016f:1c63296e 5e pop esi |
| 14 |
016f:1c63296f 5d pop ebp |
20 |
016f:1c63296f 5d pop ebp |
| 15 |
016f:1c632970 5b pop ebx |
21 |
016f:1c632970 5b pop ebx |
| 16 |
016f:1c632971 59 pop ecx |
22 |
016f:1c632971 59 pop ecx |
| 17 |
016f:1c632972 c21000 retd 0010 |
23 |
016f:1c632972 c21000 retd 0010 |
| 18 |
016f:1c632975 90 nop |
24 |
016f:1c632975 90 nop |
| 19 |
016f:1c632976 90 nop |
25 |
016f:1c632976 90 nop |
| 20 |
016f:1c632977 90 nop |
26 |
016f:1c632977 90 nop |
| 21 |
016f:1c632978 90 nop |
27 |
016f:1c632978 90 nop |
| 22 |
016f:1c632979 90 nop |
28 |
016f:1c632979 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
9 |
016f:bff641aa ff4204 inc dword ptr [edx+04] |
| 4 |
016f:bff641ad 90 nop |
10 |
016f:bff641ad 90 nop |
| 5 |
016f:bff641ae c3 retd |
11 |
016f:bff641ae c3 retd |
| 6 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
12 |
016f:bff641af 394208 cmp dword ptr [edx+08],eax |
| 7 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
13 |
016f:bff641b2 74f6 jz bff641aa = KERNEL32.DLL:_FREQASM+0x31aa |
| 8 |
016f:bff641b4 52 push edx |
14 |
016f:bff641b4 52 push edx |
| 9 |
016f:bff641b5 51 push ecx |
15 |
016f:bff641b5 51 push ecx |
| 10 |
016f:bff641b6 52 push edx |
16 |
016f:bff641b6 52 push edx |
| 11 |
016f:bff641b7 681d002a00 push 002a001d |
17 |
016f:bff641b7 681d002a00 push 002a001d |
| 12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff641c2 5a pop edx |
19 |
016f:bff641c2 5a pop edx |
| 14 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
20 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 15 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
21 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 16 |
016f:bff641c9 50 push eax |
22 |
016f:bff641c9 50 push eax |
| 17 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
23 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 18 |
016f:bff641cf 58 pop eax |
24 |
016f:bff641cf 58 pop eax |
| 19 |
016f:bff641d0 c20400 retd 0004 |
25 |
016f:bff641d0 c20400 retd 0004 |
| 20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
26 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
27 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
28 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
9 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 4 |
016f:bff61809 c3 retd |
10 |
016f:bff61809 c3 retd |
| 5 |
016f:bff6180a 52 push edx |
11 |
016f:bff6180a 52 push edx |
| 6 |
016f:bff6180b 50 push eax |
12 |
016f:bff6180b 50 push eax |
| 7 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
13 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
| 8 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
14 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
| 9 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
15 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
| 10 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
16 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
| 11 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
18 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 13 |
016f:bff6182e 58 pop eax |
19 |
016f:bff6182e 58 pop eax |
| 14 |
016f:bff6182f 5a pop edx |
20 |
016f:bff6182f 5a pop edx |
| 15 |
016f:bff61830 c3 retd |
21 |
016f:bff61830 c3 retd |
| 16 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
22 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
| 17 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
23 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
| 18 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
24 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
| 19 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
25 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
| 20 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
26 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 21 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
27 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 22 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
28 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
9 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 4 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
10 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 5 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
11 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
| 6 |
016f:1c63295f 85c9 test ecx,ecx |
12 |
016f:1c63295f 85c9 test ecx,ecx |
| 7 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
13 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 8 |
016f:1c632963 56 push esi |
14 |
016f:1c632963 56 push esi |
| 9 |
016f:1c632964 57 push edi |
15 |
016f:1c632964 57 push edi |
| 10 |
016f:1c632965 53 push ebx |
16 |
016f:1c632965 53 push ebx |
| 11 |
016f:1c632966 55 push ebp |
17 |
016f:1c632966 55 push ebp |
| 12 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
18 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 13 |
016f:1c63296e 5e pop esi |
19 |
016f:1c63296e 5e pop esi |
| 14 |
016f:1c63296f 5d pop ebp |
20 |
016f:1c63296f 5d pop ebp |
| 15 |
016f:1c632970 5b pop ebx |
21 |
016f:1c632970 5b pop ebx |
| 16 |
016f:1c632971 59 pop ecx |
22 |
016f:1c632971 59 pop ecx |
| 17 |
016f:1c632972 c21000 retd 0010 |
23 |
016f:1c632972 c21000 retd 0010 |
| 18 |
016f:1c632975 90 nop |
24 |
016f:1c632975 90 nop |
| 19 |
016f:1c632976 90 nop |
25 |
016f:1c632976 90 nop |
| 20 |
016f:1c632977 90 nop |
26 |
016f:1c632977 90 nop |
| 21 |
016f:1c632978 90 nop |
27 |
016f:1c632978 90 nop |
| 22 |
016f:1c632979 90 nop |
28 |
016f:1c632979 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
8 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
8 |
-> 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b 00 8b ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
9 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
| 4 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
10 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
| 5 |
016f:bff6b8c0 fb sti |
11 |
016f:bff6b8c0 fb sti |
| 6 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
12 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
| 7 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
13 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
| 8 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
14 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
| 9 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
15 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
| 10 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
18 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
| 13 |
016f:bff6b8de 85f6 test esi,esi |
19 |
016f:bff6b8de 85f6 test esi,esi |
| 14 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
20 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 15 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
21 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
| 16 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
22 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 17 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
23 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
| 18 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
24 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 19 |
016f:bff6b8f1 50 push eax |
25 |
016f:bff6b8f1 50 push eax |
| 20 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
26 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
| 21 |
016f:bff6b8f7 8bc6 mov eax,esi |
27 |
016f:bff6b8f7 8bc6 mov eax,esi |
| 22 |
016f:bff6b8f9 5e pop esi |
28 |
016f:bff6b8f9 5e pop esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
9 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
| 4 |
016f:bff6b8dc 8bf0 mov esi,eax |
10 |
016f:bff6b8dc 8bf0 mov esi,eax |
| 5 |
016f:bff6b8de 85f6 test esi,esi |
11 |
016f:bff6b8de 85f6 test esi,esi |
| 6 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
12 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 7 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
13 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
| 8 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
14 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 9 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
15 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
| 10 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
16 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 11 |
016f:bff6b8f1 50 push eax |
17 |
016f:bff6b8f1 50 push eax |
| 12 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff6b8f9 5e pop esi |
19 |
016f:bff6b8f9 5e pop esi |
| 14 |
016f:bff6b8fa 5d pop ebp |
20 |
016f:bff6b8fa 5d pop ebp |
| 15 |
016f:bff6b8fb c21000 retd 0010 |
21 |
016f:bff6b8fb c21000 retd 0010 |
| 16 |
016f:bff6b8fe 55 push ebp |
22 |
016f:bff6b8fe 55 push ebp |
| 17 |
016f:bff6b8ff 8bec mov ebp,esp |
23 |
016f:bff6b8ff 8bec mov ebp,esp |
| 18 |
016f:bff6b901 53 push ebx |
24 |
016f:bff6b901 53 push ebx |
| 19 |
016f:bff6b902 56 push esi |
25 |
016f:bff6b902 56 push esi |
| 20 |
016f:bff6b903 57 push edi |
26 |
016f:bff6b903 57 push edi |
| 21 |
016f:bff6b904 33ff xor edi,edi |
27 |
016f:bff6b904 33ff xor edi,edi |
| 22 |
016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 |
28 |
016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b96c 5b pop ebx |
9 |
016f:bff6b96c 5b pop ebx |
| 4 |
016f:bff6b96d c20800 retd 0008 |
10 |
016f:bff6b96d c20800 retd 0008 |
| 5 |
016f:bff6b970 55 push ebp |
11 |
016f:bff6b970 55 push ebp |
| 6 |
016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
12 |
016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 7 |
016f:bff6b976 8bec mov ebp,esp |
13 |
016f:bff6b976 8bec mov ebp,esp |
| 8 |
016f:bff6b978 ff742410 push dword ptr [esp+10] |
14 |
016f:bff6b978 ff742410 push dword ptr [esp+10] |
| 9 |
016f:bff6b97c ff750c push dword ptr [ebp+0c] |
15 |
016f:bff6b97c ff750c push dword ptr [ebp+0c] |
| 10 |
016f:bff6b97f ff7508 push dword ptr [ebp+08] |
16 |
016f:bff6b97f ff7508 push dword ptr [ebp+08] |
| 11 |
016f:bff6b982 ff30 push dword ptr [eax] |
17 |
016f:bff6b982 ff30 push dword ptr [eax] |
| 12 |
016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc |
18 |
016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc |
| 13 |
016f:bff6b98a c20c00 retd 000c |
19 |
016f:bff6b98a c20c00 retd 000c |
| 14 |
016f:bff6b98d 55 push ebp |
20 |
016f:bff6b98d 55 push ebp |
| 15 |
016f:bff6b98e 8bec mov ebp,esp |
21 |
016f:bff6b98e 8bec mov ebp,esp |
| 16 |
016f:bff6b990 50 push eax |
22 |
016f:bff6b990 50 push eax |
| 17 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
23 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 18 |
016f:bff6b996 50 push eax |
24 |
016f:bff6b996 50 push eax |
| 19 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
25 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
| 20 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
26 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
| 21 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
27 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
| 22 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
28 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b98e 8bec mov ebp,esp |
9 |
016f:bff6b98e 8bec mov ebp,esp |
| 4 |
016f:bff6b990 50 push eax |
10 |
016f:bff6b990 50 push eax |
| 5 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
11 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 6 |
016f:bff6b996 50 push eax |
12 |
016f:bff6b996 50 push eax |
| 7 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
13 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
| 8 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
14 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
| 9 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
15 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
| 10 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
16 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 11 |
016f:bff6b9a9 50 push eax |
17 |
016f:bff6b9a9 50 push eax |
| 12 |
016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff6b9b0 5d pop ebp |
19 |
016f:bff6b9b0 5d pop ebp |
| 14 |
016f:bff6b9b1 c20400 retd 0004 |
20 |
016f:bff6b9b1 c20400 retd 0004 |
| 15 |
016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] |
21 |
016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] |
| 16 |
016f:bff6b9ba 55 push ebp |
22 |
016f:bff6b9ba 55 push ebp |
| 17 |
016f:bff6b9bb 8bec mov ebp,esp |
23 |
016f:bff6b9bb 8bec mov ebp,esp |
| 18 |
016f:bff6b9bd 6aff push -01 |
24 |
016f:bff6b9bd 6aff push -01 |
| 19 |
016f:bff6b9bf 683092f6bf push bff69230 |
25 |
016f:bff6b9bf 683092f6bf push bff69230 |
| 20 |
016f:bff6b9c4 68201bfbbf push bffb1b20 |
26 |
016f:bff6b9c4 68201bfbbf push bffb1b20 |
| 21 |
016f:bff6b9c9 50 push eax |
27 |
016f:bff6b9c9 50 push eax |
| 22 |
016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff8307f e8ec88feff call bff6b970 = KERNEL32.DLL:.text+0x2970 |
9 |
016f:bff8307f e8ec88feff call bff6b970 = KERNEL32.DLL:.text+0x2970 |
| 4 |
016f:bff83084 3bc7 cmp eax,edi |
10 |
016f:bff83084 3bc7 cmp eax,edi |
| 5 |
016f:bff83086 8bf0 mov esi,eax |
11 |
016f:bff83086 8bf0 mov esi,eax |
| 6 |
016f:bff83088 740e jz bff83098 = KERNEL32.DLL:.text+0x1a098 |
12 |
016f:bff83088 740e jz bff83098 = KERNEL32.DLL:.text+0x1a098 |
| 7 |
016f:bff8308a 56 push esi |
13 |
016f:bff8308a 56 push esi |
| 8 |
016f:bff8308b e8b3010000 call bff83243 = KERNEL32.DLL:.text+0x1a243 |
14 |
016f:bff8308b e8b3010000 call bff83243 = KERNEL32.DLL:.text+0x1a243 |
| 9 |
016f:bff83090 8bf8 mov edi,eax |
15 |
016f:bff83090 8bf8 mov edi,eax |
| 10 |
016f:bff83092 56 push esi |
16 |
016f:bff83092 56 push esi |
| 11 |
016f:bff83093 e8f588feff call bff6b98d = KERNEL32.DLL:.text+0x298d |
17 |
016f:bff83093 e8f588feff call bff6b98d = KERNEL32.DLL:.text+0x298d |
| 12 |
016f:bff83098 e81073feff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff83098 e81073feff call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff8309f 5f pop edi |
19 |
016f:bff8309f 5f pop edi |
| 14 |
016f:bff830a0 5e pop esi |
20 |
016f:bff830a0 5e pop esi |
| 15 |
016f:bff830a1 c20400 retd 0004 |
21 |
016f:bff830a1 c20400 retd 0004 |
| 16 |
016f:bff830a4 56 push esi |
22 |
016f:bff830a4 56 push esi |
| 17 |
016f:bff830a5 57 push edi |
23 |
016f:bff830a5 57 push edi |
| 18 |
016f:bff830a6 33ff xor edi,edi |
24 |
016f:bff830a6 33ff xor edi,edi |
| 19 |
016f:bff830a8 e85b73feff call bff6a408 = KERNEL32.DLL:.text+0x1408 |
25 |
016f:bff830a8 e85b73feff call bff6a408 = KERNEL32.DLL:.text+0x1408 |
| 20 |
016f:bff830ad 57 push edi |
26 |
016f:bff830ad 57 push edi |
| 21 |
016f:bff830ae 6802000080 push 80000002 |
27 |
016f:bff830ae 6802000080 push 80000002 |
| 22 |
016f:bff830b3 ff742414 push dword ptr [esp+14] |
28 |
016f:bff830b3 ff742414 push dword ptr [esp+14] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff84491 8bd0 mov edx,eax |
9 |
016f:bff84491 8bd0 mov edx,eax |
| 4 |
016f:bff84493 c1c210 rol edx,10 |
10 |
016f:bff84493 c1c210 rol edx,10 |
| 5 |
016f:bff84496 e935fcffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 |
11 |
016f:bff84496 e935fcffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 |
| 6 |
016f:bff8449b ff7316 push dword ptr [ebx+16] |
12 |
016f:bff8449b ff7316 push dword ptr [ebx+16] |
| 7 |
016f:bff8449e e839ecffff call bff830dc = KERNEL32.DLL!ResetEvent |
13 |
016f:bff8449e e839ecffff call bff830dc = KERNEL32.DLL!ResetEvent |
| 8 |
016f:bff844a3 8bd0 mov edx,eax |
14 |
016f:bff844a3 8bd0 mov edx,eax |
| 9 |
016f:bff844a5 c1c210 rol edx,10 |
15 |
016f:bff844a5 c1c210 rol edx,10 |
| 10 |
016f:bff844a8 e9f3fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
16 |
016f:bff844a8 e9f3fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
| 11 |
016f:bff844ad ff7316 push dword ptr [ebx+16] |
17 |
016f:bff844ad ff7316 push dword ptr [ebx+16] |
| 12 |
016f:bff844b0 e8b7ebffff call bff8306c = KERNEL32.DLL!SetEvent |
18 |
016f:bff844b0 e8b7ebffff call bff8306c = KERNEL32.DLL!SetEvent |
| 13 |
016f:bff844b7 c1c210 rol edx,10 |
19 |
016f:bff844b7 c1c210 rol edx,10 |
| 14 |
016f:bff844ba e9e1fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
20 |
016f:bff844ba e9e1fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
| 15 |
016f:bff844bf e893d4ffff call bff81957 = KERNEL32.DLL:.text+0x18957 |
21 |
016f:bff844bf e893d4ffff call bff81957 = KERNEL32.DLL:.text+0x18957 |
| 16 |
016f:bff844c4 e9c7fbffff jmp bff84090 = KERNEL32.DLL:.text+0x1b090 |
22 |
016f:bff844c4 e9c7fbffff jmp bff84090 = KERNEL32.DLL:.text+0x1b090 |
| 17 |
016f:bff844c9 ff7316 push dword ptr [ebx+16] |
23 |
016f:bff844c9 ff7316 push dword ptr [ebx+16] |
| 18 |
016f:bff844cc e814d3fdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff844cc e814d3fdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff844d1 e883a0ffff call bff7e559 = KERNEL32.DLL!FreeLibrary |
25 |
016f:bff844d1 e883a0ffff call bff7e559 = KERNEL32.DLL!FreeLibrary |
| 20 |
016f:bff844d6 e82fd3fdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff844d6 e82fd3fdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff844db e9c0fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
27 |
016f:bff844db e9c0fbffff jmp bff840a0 = KERNEL32.DLL:.text+0x1b0a0 |
| 22 |
016f:bff844e0 33c0 xor eax,eax |
28 |
016f:bff844e0 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
8 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6fcf0b cc int 3 |
9 |
016f:1c6fcf0b cc int 3 |
| 4 |
016f:1c6fcf0c cc int 3 |
10 |
016f:1c6fcf0c cc int 3 |
| 5 |
016f:1c6fcf0d cc int 3 |
11 |
016f:1c6fcf0d cc int 3 |
| 6 |
016f:1c6fcf0e cc int 3 |
12 |
016f:1c6fcf0e cc int 3 |
| 7 |
016f:1c6fcf0f cc int 3 |
13 |
016f:1c6fcf0f cc int 3 |
| 8 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
14 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
| 9 |
016f:1c6fcf13 50 push eax |
15 |
016f:1c6fcf13 50 push eax |
| 10 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
16 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
| 11 |
016f:1c6fcf19 59 pop ecx |
17 |
016f:1c6fcf19 59 pop ecx |
| 12 |
016f:1c6fcf1a c3 retd |
18 |
016f:1c6fcf1a c3 retd |
| 13 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
19 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
| 14 |
016f:1c6fcf25 cc int 3 |
20 |
016f:1c6fcf25 cc int 3 |
| 15 |
016f:1c6fcf26 cc int 3 |
21 |
016f:1c6fcf26 cc int 3 |
| 16 |
016f:1c6fcf27 cc int 3 |
22 |
016f:1c6fcf27 cc int 3 |
| 17 |
016f:1c6fcf28 cc int 3 |
23 |
016f:1c6fcf28 cc int 3 |
| 18 |
016f:1c6fcf29 cc int 3 |
24 |
016f:1c6fcf29 cc int 3 |
| 19 |
016f:1c6fcf2a cc int 3 |
25 |
016f:1c6fcf2a cc int 3 |
| 20 |
016f:1c6fcf2b cc int 3 |
26 |
016f:1c6fcf2b cc int 3 |
| 21 |
016f:1c6fcf2c cc int 3 |
27 |
016f:1c6fcf2c cc int 3 |
| 22 |
016f:1c6fcf2d cc int 3 |
28 |
016f:1c6fcf2d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a0a97 0ad3 or dl,bl |
9 |
016f:1c6a0a97 0ad3 or dl,bl |
| 4 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
10 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
| 5 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
11 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
| 6 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
12 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
| 7 |
016f:1c6a0aab 85f6 test esi,esi |
13 |
016f:1c6a0aab 85f6 test esi,esi |
| 8 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
14 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 9 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
15 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
| 10 |
016f:1c6a0ab3 57 push edi |
16 |
016f:1c6a0ab3 57 push edi |
| 11 |
016f:1c6a0ab4 8bce mov ecx,esi |
17 |
016f:1c6a0ab4 8bce mov ecx,esi |
| 12 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
18 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
| 13 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
19 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
| 14 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
20 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
| 15 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
21 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 16 |
016f:1c6a0ac9 85f6 test esi,esi |
22 |
016f:1c6a0ac9 85f6 test esi,esi |
| 17 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
23 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
| 18 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
24 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
| 19 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
25 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 20 |
016f:1c6a0ad3 90 nop |
26 |
016f:1c6a0ad3 90 nop |
| 21 |
016f:1c6a0ad4 90 nop |
27 |
016f:1c6a0ad4 90 nop |
| 22 |
016f:1c6a0ad5 90 nop |
28 |
016f:1c6a0ad5 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
9 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 4 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
10 |
016f:bff6422e 6664ff0d1e000000 dec word ptr fs:[0000001e] |
| 5 |
016f:bff64236 5a pop edx |
11 |
016f:bff64236 5a pop edx |
| 6 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
12 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 7 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
13 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 8 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
14 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 9 |
016f:bff6423e 52 push edx |
15 |
016f:bff6423e 52 push edx |
| 10 |
016f:bff6423f 52 push edx |
16 |
016f:bff6423f 52 push edx |
| 11 |
016f:bff64240 681e002a00 push 002a001e |
17 |
016f:bff64240 681e002a00 push 002a001e |
| 12 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
19 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 14 |
016f:bff6424d 681c002a00 push 002a001c |
20 |
016f:bff6424d 681c002a00 push 002a001c |
| 15 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
21 |
016f:bff64252 e87dd1ffff call bff613d4 = KERNEL32.DLL!1 |
| 16 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
22 |
016f:bff64257 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 17 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
23 |
016f:bff6425c 8b00 mov eax,dword ptr [eax] |
| 18 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
24 |
016f:bff6425e 0fba704c07 btr dword ptr [eax+4c],07 |
| 19 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
25 |
016f:bff64263 73a9 jnc bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 20 |
016f:bff64265 8d400c lea eax,[eax+0c] |
26 |
016f:bff64265 8d400c lea eax,[eax+0c] |
| 21 |
016f:bff64268 50 push eax |
27 |
016f:bff64268 50 push eax |
| 22 |
016f:bff64269 6a00 push +00 |
28 |
016f:bff64269 6a00 push +00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6fcf0b cc int 3 |
9 |
016f:1c6fcf0b cc int 3 |
| 4 |
016f:1c6fcf0c cc int 3 |
10 |
016f:1c6fcf0c cc int 3 |
| 5 |
016f:1c6fcf0d cc int 3 |
11 |
016f:1c6fcf0d cc int 3 |
| 6 |
016f:1c6fcf0e cc int 3 |
12 |
016f:1c6fcf0e cc int 3 |
| 7 |
016f:1c6fcf0f cc int 3 |
13 |
016f:1c6fcf0f cc int 3 |
| 8 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
14 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
| 9 |
016f:1c6fcf13 50 push eax |
15 |
016f:1c6fcf13 50 push eax |
| 10 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
16 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
| 11 |
016f:1c6fcf19 59 pop ecx |
17 |
016f:1c6fcf19 59 pop ecx |
| 12 |
016f:1c6fcf1a c3 retd |
18 |
016f:1c6fcf1a c3 retd |
| 13 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
19 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
| 14 |
016f:1c6fcf25 cc int 3 |
20 |
016f:1c6fcf25 cc int 3 |
| 15 |
016f:1c6fcf26 cc int 3 |
21 |
016f:1c6fcf26 cc int 3 |
| 16 |
016f:1c6fcf27 cc int 3 |
22 |
016f:1c6fcf27 cc int 3 |
| 17 |
016f:1c6fcf28 cc int 3 |
23 |
016f:1c6fcf28 cc int 3 |
| 18 |
016f:1c6fcf29 cc int 3 |
24 |
016f:1c6fcf29 cc int 3 |
| 19 |
016f:1c6fcf2a cc int 3 |
25 |
016f:1c6fcf2a cc int 3 |
| 20 |
016f:1c6fcf2b cc int 3 |
26 |
016f:1c6fcf2b cc int 3 |
| 21 |
016f:1c6fcf2c cc int 3 |
27 |
016f:1c6fcf2c cc int 3 |
| 22 |
016f:1c6fcf2d cc int 3 |
28 |
016f:1c6fcf2d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a0a97 0ad3 or dl,bl |
9 |
016f:1c6a0a97 0ad3 or dl,bl |
| 4 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
10 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
| 5 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
11 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
| 6 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
12 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
| 7 |
016f:1c6a0aab 85f6 test esi,esi |
13 |
016f:1c6a0aab 85f6 test esi,esi |
| 8 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
14 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 9 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
15 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
| 10 |
016f:1c6a0ab3 57 push edi |
16 |
016f:1c6a0ab3 57 push edi |
| 11 |
016f:1c6a0ab4 8bce mov ecx,esi |
17 |
016f:1c6a0ab4 8bce mov ecx,esi |
| 12 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
18 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
| 13 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
19 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
| 14 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
20 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
| 15 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
21 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 16 |
016f:1c6a0ac9 85f6 test esi,esi |
22 |
016f:1c6a0ac9 85f6 test esi,esi |
| 17 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
23 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
| 18 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
24 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
| 19 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
25 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 20 |
016f:1c6a0ad3 90 nop |
26 |
016f:1c6a0ad3 90 nop |
| 21 |
016f:1c6a0ad4 90 nop |
27 |
016f:1c6a0ad4 90 nop |
| 22 |
016f:1c6a0ad5 90 nop |
28 |
016f:1c6a0ad5 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff420c4 b14e mov cl,4e |
9 |
016f:bff420c4 b14e mov cl,4e |
| 4 |
016f:bff420c6 eb02 jmp bff420ca = USER32.DLL:.text+0x10ca |
10 |
016f:bff420c6 eb02 jmp bff420ca = USER32.DLL:.text+0x10ca |
| 5 |
016f:bff420c8 b145 mov cl,45 |
11 |
016f:bff420c8 b145 mov cl,45 |
| 6 |
016f:bff420ca 55 push ebp |
12 |
016f:bff420ca 55 push ebp |
| 7 |
016f:bff420cb 8bec mov ebp,esp |
13 |
016f:bff420cb 8bec mov ebp,esp |
| 8 |
016f:bff420cd 51 push ecx |
14 |
016f:bff420cd 51 push ecx |
| 9 |
016f:bff420ce 83ec3c sub esp,+3c |
15 |
016f:bff420ce 83ec3c sub esp,+3c |
| 10 |
016f:bff420d1 66ff7508 push word ptr [ebp+08] |
16 |
016f:bff420d1 66ff7508 push word ptr [ebp+08] |
| 11 |
016f:bff420d5 66ff750c push word ptr [ebp+0c] |
17 |
016f:bff420d5 66ff750c push word ptr [ebp+0c] |
| 12 |
016f:bff420d9 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
18 |
016f:bff420d9 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
| 13 |
016f:bff420e0 c9 leave |
19 |
016f:bff420e0 c9 leave |
| 14 |
016f:bff420e1 c20800 retd 0008 |
20 |
016f:bff420e1 c20800 retd 0008 |
| 15 |
016f:bff420e4 b135 mov cl,35 |
21 |
016f:bff420e4 b135 mov cl,35 |
| 16 |
016f:bff420e6 eb02 jmp bff420ea = USER32.DLL:.text+0x10ea |
22 |
016f:bff420e6 eb02 jmp bff420ea = USER32.DLL:.text+0x10ea |
| 17 |
016f:bff420e8 b17d mov cl,7d |
23 |
016f:bff420e8 b17d mov cl,7d |
| 18 |
016f:bff420ea 55 push ebp |
24 |
016f:bff420ea 55 push ebp |
| 19 |
016f:bff420eb 8bec mov ebp,esp |
25 |
016f:bff420eb 8bec mov ebp,esp |
| 20 |
016f:bff420ed 51 push ecx |
26 |
016f:bff420ed 51 push ecx |
| 21 |
016f:bff420ee 83ec3c sub esp,+3c |
27 |
016f:bff420ee 83ec3c sub esp,+3c |
| 22 |
016f:bff420f1 66ff7508 push word ptr [ebp+08] |
28 |
016f:bff420f1 66ff7508 push word ptr [ebp+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6fcf0b cc int 3 |
9 |
016f:1c6fcf0b cc int 3 |
| 4 |
016f:1c6fcf0c cc int 3 |
10 |
016f:1c6fcf0c cc int 3 |
| 5 |
016f:1c6fcf0d cc int 3 |
11 |
016f:1c6fcf0d cc int 3 |
| 6 |
016f:1c6fcf0e cc int 3 |
12 |
016f:1c6fcf0e cc int 3 |
| 7 |
016f:1c6fcf0f cc int 3 |
13 |
016f:1c6fcf0f cc int 3 |
| 8 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
14 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
| 9 |
016f:1c6fcf13 50 push eax |
15 |
016f:1c6fcf13 50 push eax |
| 10 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
16 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
| 11 |
016f:1c6fcf19 59 pop ecx |
17 |
016f:1c6fcf19 59 pop ecx |
| 12 |
016f:1c6fcf1a c3 retd |
18 |
016f:1c6fcf1a c3 retd |
| 13 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
19 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
| 14 |
016f:1c6fcf25 cc int 3 |
20 |
016f:1c6fcf25 cc int 3 |
| 15 |
016f:1c6fcf26 cc int 3 |
21 |
016f:1c6fcf26 cc int 3 |
| 16 |
016f:1c6fcf27 cc int 3 |
22 |
016f:1c6fcf27 cc int 3 |
| 17 |
016f:1c6fcf28 cc int 3 |
23 |
016f:1c6fcf28 cc int 3 |
| 18 |
016f:1c6fcf29 cc int 3 |
24 |
016f:1c6fcf29 cc int 3 |
| 19 |
016f:1c6fcf2a cc int 3 |
25 |
016f:1c6fcf2a cc int 3 |
| 20 |
016f:1c6fcf2b cc int 3 |
26 |
016f:1c6fcf2b cc int 3 |
| 21 |
016f:1c6fcf2c cc int 3 |
27 |
016f:1c6fcf2c cc int 3 |
| 22 |
016f:1c6fcf2d cc int 3 |
28 |
016f:1c6fcf2d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a0a97 0ad3 or dl,bl |
9 |
016f:1c6a0a97 0ad3 or dl,bl |
| 4 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
10 |
016f:1c6a0a99 888ee9000000 mov byte ptr [esi+000000e9],cl |
| 5 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
11 |
016f:1c6a0a9f 889600020000 mov byte ptr [esi+00000200],dl |
| 6 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
12 |
016f:1c6a0aa5 8bb61c010000 mov esi,dword ptr [esi+0000011c] |
| 7 |
016f:1c6a0aab 85f6 test esi,esi |
13 |
016f:1c6a0aab 85f6 test esi,esi |
| 8 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
14 |
016f:1c6a0aad 74c3 jz 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 9 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
15 |
016f:1c6a0aaf 8b7c2428 mov edi,dword ptr [esp+28] |
| 10 |
016f:1c6a0ab3 57 push edi |
16 |
016f:1c6a0ab3 57 push edi |
| 11 |
016f:1c6a0ab4 8bce mov ecx,esi |
17 |
016f:1c6a0ab4 8bce mov ecx,esi |
| 12 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
18 |
016f:1c6a0ab6 e8b5feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
| 13 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
19 |
016f:1c6a0abd 7504 jnz 1c6a0ac3 = VCL641MI.DLL:.text+0x9fac3 |
| 14 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
20 |
016f:1c6a0abf 88442413 mov byte ptr [esp+13],al |
| 15 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
21 |
016f:1c6a0ac3 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 16 |
016f:1c6a0ac9 85f6 test esi,esi |
22 |
016f:1c6a0ac9 85f6 test esi,esi |
| 17 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
23 |
016f:1c6a0acb 75e6 jnz 1c6a0ab3 = VCL641MI.DLL:.text+0x9fab3 |
| 18 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
24 |
016f:1c6a0acd 8a442413 mov al,byte ptr [esp+13] |
| 19 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
25 |
016f:1c6a0ad1 eb9f jmp 1c6a0a72 = VCL641MI.DLL:.text+0x9fa72 |
| 20 |
016f:1c6a0ad3 90 nop |
26 |
016f:1c6a0ad3 90 nop |
| 21 |
016f:1c6a0ad4 90 nop |
27 |
016f:1c6a0ad4 90 nop |
| 22 |
016f:1c6a0ad5 90 nop |
28 |
016f:1c6a0ad5 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 1c 00 1c 00 1f 00 1f 00 1f 00 1f 00 1f 00 1f ................ |
8 |
-> 00 1c 00 1c 00 1f 00 1f 00 1f 00 1f 00 1f 00 1f ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6fcf0b cc int 3 |
9 |
016f:1c6fcf0b cc int 3 |
| 4 |
016f:1c6fcf0c cc int 3 |
10 |
016f:1c6fcf0c cc int 3 |
| 5 |
016f:1c6fcf0d cc int 3 |
11 |
016f:1c6fcf0d cc int 3 |
| 6 |
016f:1c6fcf0e cc int 3 |
12 |
016f:1c6fcf0e cc int 3 |
| 7 |
016f:1c6fcf0f cc int 3 |
13 |
016f:1c6fcf0f cc int 3 |
| 8 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
14 |
016f:1c6fcf10 8b45f0 mov eax,dword ptr [ebp-10] |
| 9 |
016f:1c6fcf13 50 push eax |
15 |
016f:1c6fcf13 50 push eax |
| 10 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
16 |
016f:1c6fcf14 e85381ffff call 1c6f506c = TL641MI.DLL!21 |
| 11 |
016f:1c6fcf19 59 pop ecx |
17 |
016f:1c6fcf19 59 pop ecx |
| 12 |
016f:1c6fcf1a c3 retd |
18 |
016f:1c6fcf1a c3 retd |
| 13 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
19 |
016f:1c6fcf20 e971d6ffff jmp 1c6fa596 = MSVCRT.DLL!__CxxFrameHandler |
| 14 |
016f:1c6fcf25 cc int 3 |
20 |
016f:1c6fcf25 cc int 3 |
| 15 |
016f:1c6fcf26 cc int 3 |
21 |
016f:1c6fcf26 cc int 3 |
| 16 |
016f:1c6fcf27 cc int 3 |
22 |
016f:1c6fcf27 cc int 3 |
| 17 |
016f:1c6fcf28 cc int 3 |
23 |
016f:1c6fcf28 cc int 3 |
| 18 |
016f:1c6fcf29 cc int 3 |
24 |
016f:1c6fcf29 cc int 3 |
| 19 |
016f:1c6fcf2a cc int 3 |
25 |
016f:1c6fcf2a cc int 3 |
| 20 |
016f:1c6fcf2b cc int 3 |
26 |
016f:1c6fcf2b cc int 3 |
| 21 |
016f:1c6fcf2c cc int 3 |
27 |
016f:1c6fcf2c cc int 3 |
| 22 |
016f:1c6fcf2d cc int 3 |
28 |
016f:1c6fcf2d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a0add 90 nop |
9 |
016f:1c6a0add 90 nop |
| 4 |
016f:1c6a0ade 90 nop |
10 |
016f:1c6a0ade 90 nop |
| 5 |
016f:1c6a0adf 90 nop |
11 |
016f:1c6a0adf 90 nop |
| 6 |
016f:1c6a0ae0 53 push ebx |
12 |
016f:1c6a0ae0 53 push ebx |
| 7 |
016f:1c6a0ae1 56 push esi |
13 |
016f:1c6a0ae1 56 push esi |
| 8 |
016f:1c6a0ae2 57 push edi |
14 |
016f:1c6a0ae2 57 push edi |
| 9 |
016f:1c6a0ae3 8b7c2410 mov edi,dword ptr [esp+10] |
15 |
016f:1c6a0ae3 8b7c2410 mov edi,dword ptr [esp+10] |
| 10 |
016f:1c6a0ae7 8bf1 mov esi,ecx |
16 |
016f:1c6a0ae7 8bf1 mov esi,ecx |
| 11 |
016f:1c6a0ae9 57 push edi |
17 |
016f:1c6a0ae9 57 push edi |
| 12 |
016f:1c6a0aea e881feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
18 |
016f:1c6a0aea e881feffff call 1c6a0970 = VCL641MI.DLL:.text+0x9f970 |
| 13 |
016f:1c6a0af5 8ad8 mov bl,al |
19 |
016f:1c6a0af5 8ad8 mov bl,al |
| 14 |
016f:1c6a0af7 85f6 test esi,esi |
20 |
016f:1c6a0af7 85f6 test esi,esi |
| 15 |
016f:1c6a0af9 7418 jz 1c6a0b13 = VCL641MI.DLL:.text+0x9fb13 |
21 |
016f:1c6a0af9 7418 jz 1c6a0b13 = VCL641MI.DLL:.text+0x9fb13 |
| 16 |
016f:1c6a0afb 57 push edi |
22 |
016f:1c6a0afb 57 push edi |
| 17 |
016f:1c6a0afc 8bce mov ecx,esi |
23 |
016f:1c6a0afc 8bce mov ecx,esi |
| 18 |
016f:1c6a0afe e8ddffffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 |
24 |
016f:1c6a0afe e8ddffffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 |
| 19 |
016f:1c6a0b03 84c0 test al,al |
25 |
016f:1c6a0b03 84c0 test al,al |
| 20 |
016f:1c6a0b05 7502 jnz 1c6a0b09 = VCL641MI.DLL:.text+0x9fb09 |
26 |
016f:1c6a0b05 7502 jnz 1c6a0b09 = VCL641MI.DLL:.text+0x9fb09 |
| 21 |
016f:1c6a0b07 32db xor bl,bl |
27 |
016f:1c6a0b07 32db xor bl,bl |
| 22 |
016f:1c6a0b09 8bb630010000 mov esi,dword ptr [esi+00000130] |
28 |
016f:1c6a0b09 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a0b9c 75e8 jnz 1c6a0b86 = VCL641MI.DLL:.text+0x9fb86 |
9 |
016f:1c6a0b9c 75e8 jnz 1c6a0b86 = VCL641MI.DLL:.text+0x9fb86 |
| 4 |
016f:1c6a0b9e 8ac3 mov al,bl |
10 |
016f:1c6a0b9e 8ac3 mov al,bl |
| 5 |
016f:1c6a0ba0 5f pop edi |
11 |
016f:1c6a0ba0 5f pop edi |
| 6 |
016f:1c6a0ba1 5b pop ebx |
12 |
016f:1c6a0ba1 5b pop ebx |
| 7 |
016f:1c6a0ba2 5e pop esi |
13 |
016f:1c6a0ba2 5e pop esi |
| 8 |
016f:1c6a0ba3 c20400 retd 0004 |
14 |
016f:1c6a0ba3 c20400 retd 0004 |
| 9 |
016f:1c6a0ba6 8b442408 mov eax,dword ptr [esp+08] |
15 |
016f:1c6a0ba6 8b442408 mov eax,dword ptr [esp+08] |
| 10 |
016f:1c6a0baa 8b8e04010000 mov ecx,dword ptr [esi+00000104] |
16 |
016f:1c6a0baa 8b8e04010000 mov ecx,dword ptr [esi+00000104] |
| 11 |
016f:1c6a0bb0 50 push eax |
17 |
016f:1c6a0bb0 50 push eax |
| 12 |
016f:1c6a0bb1 e82affffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 |
18 |
016f:1c6a0bb1 e82affffff call 1c6a0ae0 = VCL641MI.DLL:.text+0x9fae0 |
| 13 |
016f:1c6a0bb7 c20400 retd 0004 |
19 |
016f:1c6a0bb7 c20400 retd 0004 |
| 14 |
016f:1c6a0bba 90 nop |
20 |
016f:1c6a0bba 90 nop |
| 15 |
016f:1c6a0bbb 90 nop |
21 |
016f:1c6a0bbb 90 nop |
| 16 |
016f:1c6a0bbc 90 nop |
22 |
016f:1c6a0bbc 90 nop |
| 17 |
016f:1c6a0bbd 90 nop |
23 |
016f:1c6a0bbd 90 nop |
| 18 |
016f:1c6a0bbe 90 nop |
24 |
016f:1c6a0bbe 90 nop |
| 19 |
016f:1c6a0bbf 90 nop |
25 |
016f:1c6a0bbf 90 nop |
| 20 |
016f:1c6a0bc0 56 push esi |
26 |
016f:1c6a0bc0 56 push esi |
| 21 |
016f:1c6a0bc1 8bf1 mov esi,ecx |
27 |
016f:1c6a0bc1 8bf1 mov esi,ecx |
| 22 |
016f:1c6a0bc3 f6860002000010 test byte ptr [esi+00000200],10 |
28 |
016f:1c6a0bc3 f6860002000010 test byte ptr [esi+00000200],10 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a67fd 740c jz 1c6a680b = VCL641MI.DLL:.text+0xa580b |
9 |
016f:1c6a67fd 740c jz 1c6a680b = VCL641MI.DLL:.text+0xa580b |
| 4 |
016f:1c6a67ff 8d54241c lea edx,[esp+1c] |
10 |
016f:1c6a67ff 8d54241c lea edx,[esp+1c] |
| 5 |
016f:1c6a6803 8bce mov ecx,esi |
11 |
016f:1c6a6803 8bce mov ecx,esi |
| 6 |
016f:1c6a6805 52 push edx |
12 |
016f:1c6a6805 52 push edx |
| 7 |
016f:1c6a6806 e8a5b3ffff call 1c6a1bb0 = VCL641MI.DLL:.text+0xa0bb0 |
13 |
016f:1c6a6806 e8a5b3ffff call 1c6a1bb0 = VCL641MI.DLL:.text+0xa0bb0 |
| 8 |
016f:1c6a680b 8bce mov ecx,esi |
14 |
016f:1c6a680b 8bce mov ecx,esi |
| 9 |
016f:1c6a680d e81ed2ffff call 1c6a3a30 = VCL641MI.DLL:.text+0xa2a30 |
15 |
016f:1c6a680d e81ed2ffff call 1c6a3a30 = VCL641MI.DLL:.text+0xa2a30 |
| 10 |
016f:1c6a6812 8d4c241c lea ecx,[esp+1c] |
16 |
016f:1c6a6812 8d4c241c lea ecx,[esp+1c] |
| 11 |
016f:1c6a6816 c7442414ffffffff mov dword ptr [esp+14],ffffffff |
17 |
016f:1c6a6816 c7442414ffffffff mov dword ptr [esp+14],ffffffff |
| 12 |
016f:1c6a681e e81d71fdff call 1c67d940 = VCL641MI.DLL!2534 |
18 |
016f:1c6a681e e81d71fdff call 1c67d940 = VCL641MI.DLL!2534 |
| 13 |
016f:1c6a6828 f6860002000002 test byte ptr [esi+00000200],02 |
19 |
016f:1c6a6828 f6860002000002 test byte ptr [esi+00000200],02 |
| 14 |
016f:1c6a682f 7407 jz 1c6a6838 = VCL641MI.DLL:.text+0xa5838 |
20 |
016f:1c6a682f 7407 jz 1c6a6838 = VCL641MI.DLL:.text+0xa5838 |
| 15 |
016f:1c6a6831 8bce mov ecx,esi |
21 |
016f:1c6a6831 8bce mov ecx,esi |
| 16 |
016f:1c6a6833 e8a88dffff call 1c69f5e0 = VCL641MI.DLL:.text+0x9e5e0 |
22 |
016f:1c6a6833 e8a88dffff call 1c69f5e0 = VCL641MI.DLL:.text+0x9e5e0 |
| 17 |
016f:1c6a6838 f6860002000004 test byte ptr [esi+00000200],04 |
23 |
016f:1c6a6838 f6860002000004 test byte ptr [esi+00000200],04 |
| 18 |
016f:1c6a683f 7407 jz 1c6a6848 = VCL641MI.DLL:.text+0xa5848 |
24 |
016f:1c6a683f 7407 jz 1c6a6848 = VCL641MI.DLL:.text+0xa5848 |
| 19 |
016f:1c6a6841 8bce mov ecx,esi |
25 |
016f:1c6a6841 8bce mov ecx,esi |
| 20 |
016f:1c6a6843 e8588dffff call 1c69f5a0 = VCL641MI.DLL:.text+0x9e5a0 |
26 |
016f:1c6a6843 e8588dffff call 1c69f5a0 = VCL641MI.DLL:.text+0x9e5a0 |
| 21 |
016f:1c6a6848 8b06 mov eax,dword ptr [esi] |
27 |
016f:1c6a6848 8b06 mov eax,dword ptr [esi] |
| 22 |
016f:1c6a684a 6a02 push +02 |
28 |
016f:1c6a684a 6a02 push +02 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 30 be 70 1c e9 24 cf ff ff cc cc cc cc cc cc .0.p..$......... |
8 |
-> b8 30 be 70 1c e9 24 cf ff ff cc cc cc cc cc cc .0.p..$......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c0024fa 888e3a110000 mov byte ptr [esi+0000113a],cl |
9 |
016f:1c0024fa 888e3a110000 mov byte ptr [esi+0000113a],cl |
| 4 |
016f:1c002500 8ac8 mov cl,al |
10 |
016f:1c002500 8ac8 mov cl,al |
| 5 |
016f:1c002502 80e104 and cl,04 |
11 |
016f:1c002502 80e104 and cl,04 |
| 6 |
016f:1c002505 2408 and al,08 |
12 |
016f:1c002505 2408 and al,08 |
| 7 |
016f:1c002507 888e3c110000 mov byte ptr [esi+0000113c],cl |
13 |
016f:1c002507 888e3c110000 mov byte ptr [esi+0000113c],cl |
| 8 |
016f:1c00250d 6a00 push +00 |
14 |
016f:1c00250d 6a00 push +00 |
| 9 |
016f:1c00250f 8bce mov ecx,esi |
15 |
016f:1c00250f 8bce mov ecx,esi |
| 10 |
016f:1c002511 88963b110000 mov byte ptr [esi+0000113b],dl |
16 |
016f:1c002511 88963b110000 mov byte ptr [esi+0000113b],dl |
| 11 |
016f:1c002517 88863d110000 mov byte ptr [esi+0000113d],al |
17 |
016f:1c002517 88863d110000 mov byte ptr [esi+0000113d],al |
| 12 |
016f:1c00251d e8be5e0000 call 1c0083e0 = VCL641MI.DLL!3838 |
18 |
016f:1c00251d e8be5e0000 call 1c0083e0 = VCL641MI.DLL!3838 |
| 13 |
016f:1c002524 8b8c24ac020000 mov ecx,dword ptr [esp+000002ac] |
19 |
016f:1c002524 8b8c24ac020000 mov ecx,dword ptr [esp+000002ac] |
| 14 |
016f:1c00252b 5e pop esi |
20 |
016f:1c00252b 5e pop esi |
| 15 |
016f:1c00252c 64890d00000000 mov dword ptr fs:[00000000],ecx |
21 |
016f:1c00252c 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 16 |
016f:1c002533 81c4b4020000 add esp,000002b4 |
22 |
016f:1c002533 81c4b4020000 add esp,000002b4 |
| 17 |
016f:1c002539 c20400 retd 0004 |
23 |
016f:1c002539 c20400 retd 0004 |
| 18 |
016f:1c00253c 90 nop |
24 |
016f:1c00253c 90 nop |
| 19 |
016f:1c00253d 90 nop |
25 |
016f:1c00253d 90 nop |
| 20 |
016f:1c00253e 90 nop |
26 |
016f:1c00253e 90 nop |
| 21 |
016f:1c00253f 90 nop |
27 |
016f:1c00253f 90 nop |
| 22 |
016f:1c002540 e9a35f0000 jmp 1c0084e8 = VCL641MI.DLL!3240 |
28 |
016f:1c002540 e9a35f0000 jmp 1c0084e8 = VCL641MI.DLL!3240 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff644fd eb04 jmp bff64503 = KERNEL32.DLL:_FREQASM+0x3503 |
9 |
016f:bff644fd eb04 jmp bff64503 = KERNEL32.DLL:_FREQASM+0x3503 |
| 4 |
016f:bff644ff 804b7401 or byte ptr [ebx+74],01 |
10 |
016f:bff644ff 804b7401 or byte ptr [ebx+74],01 |
| 5 |
016f:bff64503 33c9 xor ecx,ecx |
11 |
016f:bff64503 33c9 xor ecx,ecx |
| 6 |
016f:bff64505 f6451402 test byte ptr [ebp+14],02 |
12 |
016f:bff64505 f6451402 test byte ptr [ebp+14],02 |
| 7 |
016f:bff64509 7403 jz bff6450e = KERNEL32.DLL:_FREQASM+0x350e |
13 |
016f:bff64509 7403 jz bff6450e = KERNEL32.DLL:_FREQASM+0x350e |
| 8 |
016f:bff6450b 80c908 or cl,08 |
14 |
016f:bff6450b 80c908 or cl,08 |
| 9 |
016f:bff6450e ff750c push dword ptr [ebp+0c] |
15 |
016f:bff6450e ff750c push dword ptr [ebp+0c] |
| 10 |
016f:bff64511 51 push ecx |
16 |
016f:bff64511 51 push ecx |
| 11 |
016f:bff64512 ff737c push dword ptr [ebx+7c] |
17 |
016f:bff64512 ff737c push dword ptr [ebx+7c] |
| 12 |
016f:bff64515 e8dc4c0100 call bff791f6 = KERNEL32.DLL:.text+0x101f6 |
18 |
016f:bff64515 e8dc4c0100 call bff791f6 = KERNEL32.DLL:.text+0x101f6 |
| 13 |
016f:bff6451c 741e jz bff6453c = KERNEL32.DLL:_FREQASM+0x353c |
19 |
016f:bff6451c 741e jz bff6453c = KERNEL32.DLL:_FREQASM+0x353c |
| 14 |
016f:bff6451e 2b436c sub eax,dword ptr [ebx+6c] |
20 |
016f:bff6451e 2b436c sub eax,dword ptr [ebx+6c] |
| 15 |
016f:bff64521 8b4d10 mov ecx,dword ptr [ebp+10] |
21 |
016f:bff64521 8b4d10 mov ecx,dword ptr [ebp+10] |
| 16 |
016f:bff64524 0bc9 or ecx,ecx |
22 |
016f:bff64524 0bc9 or ecx,ecx |
| 17 |
016f:bff64526 7805 js bff6452d = KERNEL32.DLL:_FREQASM+0x352d |
23 |
016f:bff64526 7805 js bff6452d = KERNEL32.DLL:_FREQASM+0x352d |
| 18 |
016f:bff64528 8b55fc mov edx,dword ptr [ebp-04] |
24 |
016f:bff64528 8b55fc mov edx,dword ptr [ebp-04] |
| 19 |
016f:bff6452b 8902 mov dword ptr [edx],eax |
25 |
016f:bff6452b 8902 mov dword ptr [edx],eax |
| 20 |
016f:bff6452d 2eff148d6048f6bf call dword ptr ss:[ecx*4+bff64860] |
26 |
016f:bff6452d 2eff148d6048f6bf call dword ptr ss:[ecx*4+bff64860] |
| 21 |
016f:bff64535 5b pop ebx |
27 |
016f:bff64535 5b pop ebx |
| 22 |
016f:bff64536 5f pop edi |
28 |
016f:bff64536 5f pop edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 .........0...... |
8 |
-> 04 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 .........0...... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 89 3a b1 3a c9 3a e9 3a 0c 3b 2c 3b 49 3b 69 3b .:.:.:.:.;,;I;i; |
8 |
-> 89 3a b1 3a c9 3a e9 3a 0c 3b 2c 3b 49 3b 69 3b .:.:.:.:.;,;I;i; |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> dc 6c ff ff 8b 17 52 e8 b6 a7 06 00 8b 4c 24 24 .l....R......L$$ |
8 |
-> dc 6c ff ff 8b 17 52 e8 b6 a7 06 00 8b 4c 24 24 .l....R......L$$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 04 39 08 39 0c 39 10 39 14 39 18 39 1c 39 20 39 .9.9.9.9.9.9.9 9 |
8 |
-> 04 39 08 39 0c 39 10 39 14 39 18 39 1c 39 20 39 .9.9.9.9.9.9.9 9 |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
------------------- |
|
|
| 2 |
016f:c161f374 8d0491 lea eax,[ecx+edx*4] |
8 |
016f:c161f374 8d0491 lea eax,[ecx+edx*4] |
| 3 |
016f:c161f377 8b0d3cc861c1 mov ecx,dword ptr [c161c83c] |
9 |
016f:c161f377 8b0d3cc861c1 mov ecx,dword ptr [c161c83c] |
| 4 |
016f:c161f37d 8b915c050000 mov edx,dword ptr [ecx+0000055c] |
10 |
016f:c161f37d 8b915c050000 mov edx,dword ptr [ecx+0000055c] |
| 5 |
016f:c161f383 89420c mov dword ptr [edx+0c],eax |
11 |
016f:c161f383 89420c mov dword ptr [edx+0c],eax |
| 6 |
016f:c161f386 8b45f4 mov eax,dword ptr [ebp-0c] |
12 |
016f:c161f386 8b45f4 mov eax,dword ptr [ebp-0c] |
| 7 |
016f:c161f389 8b4e08 mov ecx,dword ptr [esi+08] |
13 |
016f:c161f389 8b4e08 mov ecx,dword ptr [esi+08] |
| 8 |
016f:c161f38c 50 push eax |
14 |
016f:c161f38c 50 push eax |
| 9 |
016f:c161f38d 51 push ecx |
15 |
016f:c161f38d 51 push ecx |
| 10 |
016f:c161f38e 57 push edi |
16 |
016f:c161f38e 57 push edi |
| 11 |
016f:c161f38f e85c770100 call c1636af0 |
17 |
016f:c161f38f e85c770100 call c1636af0 |
| 12 |
016f:c161f39a 8bd8 mov ebx,eax |
18 |
016f:c161f39a 8bd8 mov ebx,eax |
| 13 |
016f:c161f39c 83c40c add esp,+0c |
19 |
016f:c161f39c 83c40c add esp,+0c |
| 14 |
016f:c161f39f 81e3fffffeff and ebx,fffeffff |
20 |
016f:c161f39f 81e3fffffeff and ebx,fffeffff |
| 15 |
016f:c161f3a5 8b825c050000 mov eax,dword ptr [edx+0000055c] |
21 |
016f:c161f3a5 8b825c050000 mov eax,dword ptr [edx+0000055c] |
| 16 |
016f:c161f3ab 8b5028 mov edx,dword ptr [eax+28] |
22 |
016f:c161f3ab 8b5028 mov edx,dword ptr [eax+28] |
| 17 |
016f:c161f3ae 8b480c mov ecx,dword ptr [eax+0c] |
23 |
016f:c161f3ae 8b480c mov ecx,dword ptr [eax+0c] |
| 18 |
016f:c161f3b1 83c204 add edx,+04 |
24 |
016f:c161f3b1 83c204 add edx,+04 |
| 19 |
016f:c161f3b4 895028 mov dword ptr [eax+28],edx |
25 |
016f:c161f3b4 895028 mov dword ptr [eax+28],edx |
| 20 |
016f:c161f3b7 a13cc861c1 mov eax,dword ptr [c161c83c] |
26 |
016f:c161f3b7 a13cc861c1 mov eax,dword ptr [c161c83c] |
| 21 |
016f:c161f3bc 8b905c050000 mov edx,dword ptr [eax+0000055c] |
27 |
016f:c161f3bc 8b905c050000 mov edx,dword ptr [eax+0000055c] |
| 22 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
------------------- |
|
|
| 2 |
016f:c161da70 5e pop esi |
8 |
016f:c161da70 5e pop esi |
| 3 |
016f:c161da71 5b pop ebx |
9 |
016f:c161da71 5b pop ebx |
| 4 |
016f:c161da72 8be5 mov esp,ebp |
10 |
016f:c161da72 8be5 mov esp,ebp |
| 5 |
016f:c161da74 5d pop ebp |
11 |
016f:c161da74 5d pop ebp |
| 6 |
016f:c161da75 c3 retd |
12 |
016f:c161da75 c3 retd |
| 7 |
016f:c161da76 51 push ecx |
13 |
016f:c161da76 51 push ecx |
| 8 |
016f:c161da77 8b4d08 mov ecx,dword ptr [ebp+08] |
14 |
016f:c161da77 8b4d08 mov ecx,dword ptr [ebp+08] |
| 9 |
016f:c161da7a 51 push ecx |
15 |
016f:c161da7a 51 push ecx |
| 10 |
016f:c161da7b 52 push edx |
16 |
016f:c161da7b 52 push edx |
| 11 |
016f:c161da7c e85f140000 call c161eee0 |
17 |
016f:c161da7c e85f140000 call c161eee0 |
| 12 |
016f:c161da84 5f pop edi |
18 |
016f:c161da84 5f pop edi |
| 13 |
016f:c161da85 5e pop esi |
19 |
016f:c161da85 5e pop esi |
| 14 |
016f:c161da86 5b pop ebx |
20 |
016f:c161da86 5b pop ebx |
| 15 |
016f:c161da87 8be5 mov esp,ebp |
21 |
016f:c161da87 8be5 mov esp,ebp |
| 16 |
016f:c161da89 5d pop ebp |
22 |
016f:c161da89 5d pop ebp |
| 17 |
016f:c161da8a c3 retd |
23 |
016f:c161da8a c3 retd |
| 18 |
016f:c161da8b 8b4508 mov eax,dword ptr [ebp+08] |
24 |
016f:c161da8b 8b4508 mov eax,dword ptr [ebp+08] |
| 19 |
016f:c161da8e 6a00 push +00 |
25 |
016f:c161da8e 6a00 push +00 |
| 20 |
016f:c161da90 50 push eax |
26 |
016f:c161da90 50 push eax |
| 21 |
016f:c161da91 52 push edx |
27 |
016f:c161da91 52 push edx |
| 22 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
------------------- |
|
|
| 2 |
016f:c163a6de 017613 add dword ptr [esi+13],esi |
8 |
016f:c163a6de 017613 add dword ptr [esi+13],esi |
| 3 |
016f:c163a6e1 a1d09f61c1 mov eax,dword ptr [c1619fd0] |
9 |
016f:c163a6e1 a1d09f61c1 mov eax,dword ptr [c1619fd0] |
| 4 |
016f:c163a6e6 50 push eax |
10 |
016f:c163a6e6 50 push eax |
| 5 |
016f:c163a6e7 e874450000 call c163ec60 |
11 |
016f:c163a6e7 e874450000 call c163ec60 |
| 6 |
016f:c163a6ec 83c404 add esp,+04 |
12 |
016f:c163a6ec 83c404 add esp,+04 |
| 7 |
016f:c163a6ef a33cc861c1 mov dword ptr [c161c83c],eax |
13 |
016f:c163a6ef a33cc861c1 mov dword ptr [c161c83c],eax |
| 8 |
016f:c163a6f4 c70540c861c100000000 mov dword ptr [c161c840],00000000 |
14 |
016f:c163a6f4 c70540c861c100000000 mov dword ptr [c161c840],00000000 |
| 9 |
016f:c163a6fe 8b4d0c mov ecx,dword ptr [ebp+0c] |
15 |
016f:c163a6fe 8b4d0c mov ecx,dword ptr [ebp+0c] |
| 10 |
016f:c163a701 51 push ecx |
16 |
016f:c163a701 51 push ecx |
| 11 |
016f:c163a702 e8c931feff call c161d8d0 |
17 |
016f:c163a702 e8c931feff call c161d8d0 |
| 12 |
016f:c163a70a 89450c mov dword ptr [ebp+0c],eax |
18 |
016f:c163a70a 89450c mov dword ptr [ebp+0c],eax |
| 13 |
016f:c163a70d 833d40c861c100 cmp dword ptr [c161c840],+00 |
19 |
016f:c163a70d 833d40c861c100 cmp dword ptr [c161c840],+00 |
| 14 |
016f:c163a714 740c jz c163a722 |
20 |
016f:c163a714 740c jz c163a722 |
| 15 |
016f:c163a716 8b5508 mov edx,dword ptr [ebp+08] |
21 |
016f:c163a716 8b5508 mov edx,dword ptr [ebp+08] |
| 16 |
016f:c163a719 81ca00000080 or edx,80000000 |
22 |
016f:c163a719 81ca00000080 or edx,80000000 |
| 17 |
016f:c163a71f 895508 mov dword ptr [ebp+08],edx |
23 |
016f:c163a71f 895508 mov dword ptr [ebp+08],edx |
| 18 |
016f:c163a722 8b4508 mov eax,dword ptr [ebp+08] |
24 |
016f:c163a722 8b4508 mov eax,dword ptr [ebp+08] |
| 19 |
016f:c163a725 8be5 mov esp,ebp |
25 |
016f:c163a725 8be5 mov esp,ebp |
| 20 |
016f:c163a727 5d pop ebp |
26 |
016f:c163a727 5d pop ebp |
| 21 |
016f:c163a728 cb retfd |
27 |
016f:c163a728 cb retfd |
| 22 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
8 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff45cd8 d1e1 shl ecx,EvIa |
9 |
016f:bff45cd8 d1e1 shl ecx,EvIa |
| 4 |
016f:bff45cda c1ea04 shr edx,04 |
10 |
016f:bff45cda c1ea04 shr edx,04 |
| 5 |
016f:bff45cdd c1e202 shl edx,02 |
11 |
016f:bff45cdd c1e202 shl edx,02 |
| 6 |
016f:bff45ce0 8b82c55bf4bf mov eax,dword ptr [edx+bff45bc5] |
12 |
016f:bff45ce0 8b82c55bf4bf mov eax,dword ptr [edx+bff45bc5] |
| 7 |
016f:bff45ce6 d3e8 shr eax,cl |
13 |
016f:bff45ce6 d3e8 shr eax,cl |
| 8 |
016f:bff45ce8 83e003 and eax,+03 |
14 |
016f:bff45ce8 83e003 and eax,+03 |
| 9 |
016f:bff45ceb c1e002 shl eax,02 |
15 |
016f:bff45ceb c1e002 shl eax,02 |
| 10 |
016f:bff45cee c20400 retd 0004 |
16 |
016f:bff45cee c20400 retd 0004 |
| 11 |
016f:bff45cf1 ff742408 push dword ptr [esp+08] |
17 |
016f:bff45cf1 ff742408 push dword ptr [esp+08] |
| 12 |
016f:bff45cf5 e8cbffffff call bff45cc5 = USER32.DLL:.text+0x4cc5 |
18 |
016f:bff45cf5 e8cbffffff call bff45cc5 = USER32.DLL:.text+0x4cc5 |
| 13 |
016f:bff45cfc 33c0 xor eax,eax |
19 |
016f:bff45cfc 33c0 xor eax,eax |
| 14 |
016f:bff45cfe 2effa2055df4bf jmp dword ptr ss:[edx+bff45d05] |
20 |
016f:bff45cfe 2effa2055df4bf jmp dword ptr ss:[edx+bff45d05] |
| 15 |
016f:bff45d05 195df4 sbb dword ptr [ebp-0c],ebx |
21 |
016f:bff45d05 195df4 sbb dword ptr [ebp-0c],ebx |
| 16 |
016f:bff45d08 bf185df4bf mov edi,bff45d18 |
22 |
016f:bff45d08 bf185df4bf mov edi,bff45d18 |
| 17 |
016f:bff45d0d 155df4bf1c adc eax,1cbff45d |
23 |
016f:bff45d0d 155df4bf1c adc eax,1cbff45d |
| 18 |
016f:bff45d12 5d pop ebp |
24 |
016f:bff45d12 5d pop ebp |
| 19 |
016f:bff45d13 f4 hlt |
25 |
016f:bff45d13 f4 hlt |
| 20 |
016f:bff45d14 bf48eb0140 mov edi,4001eb48 |
26 |
016f:bff45d14 bf48eb0140 mov edi,4001eb48 |
| 21 |
016f:bff45d19 c21000 retd 0010 |
27 |
016f:bff45d19 c21000 retd 0010 |
| 22 |
016f:bff45d1c 58 pop eax |
28 |
016f:bff45d1c 58 pop eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 73 65 72 33 32 57 69 6e 64 6f 77 48 61 6e 64 User32WindowHand |
8 |
-> 55 73 65 72 33 32 57 69 6e 64 6f 77 48 61 6e 64 User32WindowHand |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
9 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
| 4 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
10 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
| 5 |
016f:bff6b46f 6800020000 push 00000200 |
11 |
016f:bff6b46f 6800020000 push 00000200 |
| 6 |
016f:bff6b474 51 push ecx |
12 |
016f:bff6b474 51 push ecx |
| 7 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
13 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
| 8 |
016f:bff6b478 56 push esi |
14 |
016f:bff6b478 56 push esi |
| 9 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
15 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 10 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b481 56 push esi |
17 |
016f:bff6b481 56 push esi |
| 12 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6b48c 5f pop edi |
19 |
016f:bff6b48c 5f pop edi |
| 14 |
016f:bff6b48d 5e pop esi |
20 |
016f:bff6b48d 5e pop esi |
| 15 |
016f:bff6b48e 5b pop ebx |
21 |
016f:bff6b48e 5b pop ebx |
| 16 |
016f:bff6b48f 8be5 mov esp,ebp |
22 |
016f:bff6b48f 8be5 mov esp,ebp |
| 17 |
016f:bff6b491 5d pop ebp |
23 |
016f:bff6b491 5d pop ebp |
| 18 |
016f:bff6b492 c20c00 retd 000c |
24 |
016f:bff6b492 c20c00 retd 000c |
| 19 |
016f:bff6b495 55 push ebp |
25 |
016f:bff6b495 55 push ebp |
| 20 |
016f:bff6b496 8bec mov ebp,esp |
26 |
016f:bff6b496 8bec mov ebp,esp |
| 21 |
016f:bff6b498 83ec04 sub esp,+04 |
27 |
016f:bff6b498 83ec04 sub esp,+04 |
| 22 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
28 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
9 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
| 4 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
10 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
| 5 |
016f:bff6b46f 6800020000 push 00000200 |
11 |
016f:bff6b46f 6800020000 push 00000200 |
| 6 |
016f:bff6b474 51 push ecx |
12 |
016f:bff6b474 51 push ecx |
| 7 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
13 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
| 8 |
016f:bff6b478 56 push esi |
14 |
016f:bff6b478 56 push esi |
| 9 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
15 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 10 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b481 56 push esi |
17 |
016f:bff6b481 56 push esi |
| 12 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6b48c 5f pop edi |
19 |
016f:bff6b48c 5f pop edi |
| 14 |
016f:bff6b48d 5e pop esi |
20 |
016f:bff6b48d 5e pop esi |
| 15 |
016f:bff6b48e 5b pop ebx |
21 |
016f:bff6b48e 5b pop ebx |
| 16 |
016f:bff6b48f 8be5 mov esp,ebp |
22 |
016f:bff6b48f 8be5 mov esp,ebp |
| 17 |
016f:bff6b491 5d pop ebp |
23 |
016f:bff6b491 5d pop ebp |
| 18 |
016f:bff6b492 c20c00 retd 000c |
24 |
016f:bff6b492 c20c00 retd 000c |
| 19 |
016f:bff6b495 55 push ebp |
25 |
016f:bff6b495 55 push ebp |
| 20 |
016f:bff6b496 8bec mov ebp,esp |
26 |
016f:bff6b496 8bec mov ebp,esp |
| 21 |
016f:bff6b498 83ec04 sub esp,+04 |
27 |
016f:bff6b498 83ec04 sub esp,+04 |
| 22 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
28 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6464f 17 pop ss |
9 |
016f:bff6464f 17 pop ss |
| 4 |
016f:bff64650 816b7000100000 sub dword ptr [ebx+70],00001000 |
10 |
016f:bff64650 816b7000100000 sub dword ptr [ebx+70],00001000 |
| 5 |
016f:bff64657 66c70419ffff mov word ptr [ecx+ebx],ffff |
11 |
016f:bff64657 66c70419ffff mov word ptr [ecx+ebx],ffff |
| 6 |
016f:bff6465d 83e902 sub ecx,+02 |
12 |
016f:bff6465d 83e902 sub ecx,+02 |
| 7 |
016f:bff64660 2d00100000 sub eax,00001000 |
13 |
016f:bff64660 2d00100000 sub eax,00001000 |
| 8 |
016f:bff64665 eba7 jmp bff6460e = KERNEL32.DLL:_FREQASM+0x360e |
14 |
016f:bff64665 eba7 jmp bff6460e = KERNEL32.DLL:_FREQASM+0x360e |
| 9 |
016f:bff64667 ff75f8 push dword ptr [ebp-08] |
15 |
016f:bff64667 ff75f8 push dword ptr [ebp-08] |
| 10 |
016f:bff6466a 6a00 push +00 |
16 |
016f:bff6466a 6a00 push +00 |
| 11 |
016f:bff6466c ff737c push dword ptr [ebx+7c] |
17 |
016f:bff6466c ff737c push dword ptr [ebx+7c] |
| 12 |
016f:bff6466f e871040000 call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 |
18 |
016f:bff6466f e871040000 call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 |
| 13 |
016f:bff64675 5f pop edi |
19 |
016f:bff64675 5f pop edi |
| 14 |
016f:bff64676 5e pop esi |
20 |
016f:bff64676 5e pop esi |
| 15 |
016f:bff64677 c9 leave |
21 |
016f:bff64677 c9 leave |
| 16 |
016f:bff64678 c20c00 retd 000c |
22 |
016f:bff64678 c20c00 retd 000c |
| 17 |
016f:bff6467b 90 nop |
23 |
016f:bff6467b 90 nop |
| 18 |
016f:bff6467c 55 push ebp |
24 |
016f:bff6467c 55 push ebp |
| 19 |
016f:bff6467d 8bec mov ebp,esp |
25 |
016f:bff6467d 8bec mov ebp,esp |
| 20 |
016f:bff6467f 56 push esi |
26 |
016f:bff6467f 56 push esi |
| 21 |
016f:bff64680 57 push edi |
27 |
016f:bff64680 57 push edi |
| 22 |
016f:bff64681 53 push ebx |
28 |
016f:bff64681 53 push ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff84576 0fb74316 movzx eax,word ptr [ebx+16] |
9 |
016f:bff84576 0fb74316 movzx eax,word ptr [ebx+16] |
| 4 |
016f:bff8457a 50 push eax |
10 |
016f:bff8457a 50 push eax |
| 5 |
016f:bff8457b ff7318 push dword ptr [ebx+18] |
11 |
016f:bff8457b ff7318 push dword ptr [ebx+18] |
| 6 |
016f:bff8457e e83101feff call bff646b4 = KERNEL32.DLL:_FREQASM+0x36b4 |
12 |
016f:bff8457e e83101feff call bff646b4 = KERNEL32.DLL:_FREQASM+0x36b4 |
| 7 |
016f:bff84583 e920fbffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
13 |
016f:bff84583 e920fbffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 8 |
016f:bff84588 0fbf4316 movsx eax,word ptr [ebx+16] |
14 |
016f:bff84588 0fbf4316 movsx eax,word ptr [ebx+16] |
| 9 |
016f:bff8458c 50 push eax |
15 |
016f:bff8458c 50 push eax |
| 10 |
016f:bff8458d ff7318 push dword ptr [ebx+18] |
16 |
016f:bff8458d ff7318 push dword ptr [ebx+18] |
| 11 |
016f:bff84590 ff731c push dword ptr [ebx+1c] |
17 |
016f:bff84590 ff731c push dword ptr [ebx+1c] |
| 12 |
016f:bff84593 e81c00feff call bff645b4 = KERNEL32.DLL:_FREQASM+0x35b4 |
18 |
016f:bff84593 e81c00feff call bff645b4 = KERNEL32.DLL:_FREQASM+0x35b4 |
| 13 |
016f:bff8459d 0fbf4316 movsx eax,word ptr [ebx+16] |
19 |
016f:bff8459d 0fbf4316 movsx eax,word ptr [ebx+16] |
| 14 |
016f:bff845a1 50 push eax |
20 |
016f:bff845a1 50 push eax |
| 15 |
016f:bff845a2 ff7318 push dword ptr [ebx+18] |
21 |
016f:bff845a2 ff7318 push dword ptr [ebx+18] |
| 16 |
016f:bff845a5 ff731c push dword ptr [ebx+1c] |
22 |
016f:bff845a5 ff731c push dword ptr [ebx+1c] |
| 17 |
016f:bff845a8 e85b5e0000 call bff8a408 = KERNEL32.DLL:.text+0x21408 |
23 |
016f:bff845a8 e85b5e0000 call bff8a408 = KERNEL32.DLL:.text+0x21408 |
| 18 |
016f:bff845ad 8bd0 mov edx,eax |
24 |
016f:bff845ad 8bd0 mov edx,eax |
| 19 |
016f:bff845af c1c210 rol edx,10 |
25 |
016f:bff845af c1c210 rol edx,10 |
| 20 |
016f:bff845b2 e901fbffff jmp bff840b8 = KERNEL32.DLL:.text+0x1b0b8 |
26 |
016f:bff845b2 e901fbffff jmp bff840b8 = KERNEL32.DLL:.text+0x1b0b8 |
| 21 |
016f:bff845b7 0fbf4316 movsx eax,word ptr [ebx+16] |
27 |
016f:bff845b7 0fbf4316 movsx eax,word ptr [ebx+16] |
| 22 |
016f:bff845bb 50 push eax |
28 |
016f:bff845bb 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 08 0f 84 59 01 00 00 8b 4b 04 8b 76 4c 8b f8 8b ...Y....K..vL... |
8 |
-> 08 0f 84 59 01 00 00 8b 4b 04 8b 76 4c 8b f8 8b ...Y....K..vL... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff62857 33ff xor edi,edi |
9 |
016f:bff62857 33ff xor edi,edi |
| 4 |
016f:bff62859 8ee6 mov fs,si |
10 |
016f:bff62859 8ee6 mov fs,si |
| 5 |
016f:bff6285b 8eef mov gs,di |
11 |
016f:bff6285b 8eef mov gs,di |
| 6 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
12 |
016f:bff6285d 66648b1d1e000000 mov bx,word ptr fs:[0000001e] |
| 7 |
016f:bff62865 6683eb01 sub bx,+01 |
13 |
016f:bff62865 6683eb01 sub bx,+01 |
| 8 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
14 |
016f:bff62869 7313 jnc bff6287e = KERNEL32.DLL:_FREQASM+0x187e |
| 9 |
016f:bff6286b 8bf0 mov esi,eax |
15 |
016f:bff6286b 8bf0 mov esi,eax |
| 10 |
016f:bff6286d 8bfa mov edi,edx |
16 |
016f:bff6286d 8bfa mov edi,edx |
| 11 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6286f 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
18 |
016f:bff62875 e862190000 call bff641dc = KERNEL32.DLL:_FREQASM+0x31dc |
| 13 |
016f:bff6287c 8bc6 mov eax,esi |
19 |
016f:bff6287c 8bc6 mov eax,esi |
| 14 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
20 |
016f:bff6287e 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 15 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
21 |
016f:bff62886 8b5dfc mov ebx,dword ptr [ebp-04] |
| 16 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
22 |
016f:bff62889 8b75f8 mov esi,dword ptr [ebp-08] |
| 17 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
23 |
016f:bff6288c 8b7df4 mov edi,dword ptr [ebp-0c] |
| 18 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
24 |
016f:bff6288f ff65dc jmp dword ptr [ebp-24] |
| 19 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
25 |
016f:bff62892 6664a10e000000 mov ax,word ptr fs:[0000000e] |
| 20 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
26 |
016f:bff62899 668945da mov word ptr [ebp-26],ax |
| 21 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
27 |
016f:bff6289d 8f45dc pop dword ptr [ebp-24] |
| 22 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
28 |
016f:bff628a0 ff35a4b7fbbf push dword ptr [bffbb7a4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff1252e b150 mov cl,50 |
9 |
016f:bff1252e b150 mov cl,50 |
| 4 |
016f:bff12530 eb02 jmp bff12534 = GDI32.DLL:.text+0x1534 |
10 |
016f:bff12530 eb02 jmp bff12534 = GDI32.DLL:.text+0x1534 |
| 5 |
016f:bff12532 b14c mov cl,4c |
11 |
016f:bff12532 b14c mov cl,4c |
| 6 |
016f:bff12534 55 push ebp |
12 |
016f:bff12534 55 push ebp |
| 7 |
016f:bff12535 8bec mov ebp,esp |
13 |
016f:bff12535 8bec mov ebp,esp |
| 8 |
016f:bff12537 51 push ecx |
14 |
016f:bff12537 51 push ecx |
| 9 |
016f:bff12538 83ec3c sub esp,+3c |
15 |
016f:bff12538 83ec3c sub esp,+3c |
| 10 |
016f:bff1253b 66ff7508 push word ptr [ebp+08] |
16 |
016f:bff1253b 66ff7508 push word ptr [ebp+08] |
| 11 |
016f:bff1253f 66ff750c push word ptr [ebp+0c] |
17 |
016f:bff1253f 66ff750c push word ptr [ebp+0c] |
| 12 |
016f:bff12543 ff15c617f1bf call dword ptr [bff117c6] -> GDI32.DLL:.data+0x268 |
18 |
016f:bff12543 ff15c617f1bf call dword ptr [bff117c6] -> GDI32.DLL:.data+0x268 |
| 13 |
016f:bff1254c c9 leave |
19 |
016f:bff1254c c9 leave |
| 14 |
016f:bff1254d c20800 retd 0008 |
20 |
016f:bff1254d c20800 retd 0008 |
| 15 |
016f:bff12550 b133 mov cl,33 |
21 |
016f:bff12550 b133 mov cl,33 |
| 16 |
016f:bff12552 55 push ebp |
22 |
016f:bff12552 55 push ebp |
| 17 |
016f:bff12553 8bec mov ebp,esp |
23 |
016f:bff12553 8bec mov ebp,esp |
| 18 |
016f:bff12555 51 push ecx |
24 |
016f:bff12555 51 push ecx |
| 19 |
016f:bff12556 83ec3c sub esp,+3c |
25 |
016f:bff12556 83ec3c sub esp,+3c |
| 20 |
016f:bff12559 e846720000 call bff197a4 = KERNEL32.DLL!SMapLS_IP_EBP_8 |
26 |
016f:bff12559 e846720000 call bff197a4 = KERNEL32.DLL!SMapLS_IP_EBP_8 |
| 21 |
016f:bff1255e 50 push eax |
27 |
016f:bff1255e 50 push eax |
| 22 |
016f:bff1255f 66ff750c push word ptr [ebp+0c] |
28 |
016f:bff1255f 66ff750c push word ptr [ebp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff42511 eb06 jmp bff42519 = USER32.DLL:.text+0x1519 |
9 |
016f:bff42511 eb06 jmp bff42519 = USER32.DLL:.text+0x1519 |
| 4 |
016f:bff42513 b141 mov cl,41 |
10 |
016f:bff42513 b141 mov cl,41 |
| 5 |
016f:bff42515 eb02 jmp bff42519 = USER32.DLL:.text+0x1519 |
11 |
016f:bff42515 eb02 jmp bff42519 = USER32.DLL:.text+0x1519 |
| 6 |
016f:bff42517 b112 mov cl,12 |
12 |
016f:bff42517 b112 mov cl,12 |
| 7 |
016f:bff42519 55 push ebp |
13 |
016f:bff42519 55 push ebp |
| 8 |
016f:bff4251a 8bec mov ebp,esp |
14 |
016f:bff4251a 8bec mov ebp,esp |
| 9 |
016f:bff4251c 51 push ecx |
15 |
016f:bff4251c 51 push ecx |
| 10 |
016f:bff4251d 83ec3c sub esp,+3c |
16 |
016f:bff4251d 83ec3c sub esp,+3c |
| 11 |
016f:bff42520 66ff7508 push word ptr [ebp+08] |
17 |
016f:bff42520 66ff7508 push word ptr [ebp+08] |
| 12 |
016f:bff42524 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
18 |
016f:bff42524 ff15d612f4bf call dword ptr [bff412d6] -> USER32.DLL:.data+0x400 |
| 13 |
016f:bff4252b c9 leave |
19 |
016f:bff4252b c9 leave |
| 14 |
016f:bff4252c c20400 retd 0004 |
20 |
016f:bff4252c c20400 retd 0004 |
| 15 |
016f:bff4252f b10f mov cl,0f |
21 |
016f:bff4252f b10f mov cl,0f |
| 16 |
016f:bff42531 eb06 jmp bff42539 = USER32.DLL:.text+0x1539 |
22 |
016f:bff42531 eb06 jmp bff42539 = USER32.DLL:.text+0x1539 |
| 17 |
016f:bff42533 b153 mov cl,53 |
23 |
016f:bff42533 b153 mov cl,53 |
| 18 |
016f:bff42535 eb02 jmp bff42539 = USER32.DLL:.text+0x1539 |
24 |
016f:bff42535 eb02 jmp bff42539 = USER32.DLL:.text+0x1539 |
| 19 |
016f:bff42537 b152 mov cl,52 |
25 |
016f:bff42537 b152 mov cl,52 |
| 20 |
016f:bff42539 55 push ebp |
26 |
016f:bff42539 55 push ebp |
| 21 |
016f:bff4253a 8bec mov ebp,esp |
27 |
016f:bff4253a 8bec mov ebp,esp |
| 22 |
016f:bff4253c 51 push ecx |
28 |
016f:bff4253c 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dcddd 5f pop edi |
9 |
016f:1c6dcddd 5f pop edi |
| 4 |
016f:1c6dcdde 5e pop esi |
10 |
016f:1c6dcdde 5e pop esi |
| 5 |
016f:1c6dcddf c21400 retd 0014 |
11 |
016f:1c6dcddf c21400 retd 0014 |
| 6 |
016f:1c6dcde2 8b7c2418 mov edi,dword ptr [esp+18] |
12 |
016f:1c6dcde2 8b7c2418 mov edi,dword ptr [esp+18] |
| 7 |
016f:1c6dcde6 85ff test edi,edi |
13 |
016f:1c6dcde6 85ff test edi,edi |
| 8 |
016f:1c6dcde8 7410 jz 1c6dcdfa = VCL641MI.DLL:.text+0xdbdfa |
14 |
016f:1c6dcde8 7410 jz 1c6dcdfa = VCL641MI.DLL:.text+0xdbdfa |
| 9 |
016f:1c6dcdea 8bcf mov ecx,edi |
15 |
016f:1c6dcdea 8bcf mov ecx,edi |
| 10 |
016f:1c6dcdec e84f040100 call 1c6ed240 = VCL641MI.DLL:.text+0xec240 |
16 |
016f:1c6dcdec e84f040100 call 1c6ed240 = VCL641MI.DLL:.text+0xec240 |
| 11 |
016f:1c6dcdf1 57 push edi |
17 |
016f:1c6dcdf1 57 push edi |
| 12 |
016f:1c6dcdf2 e875820100 call 1c6f506c = TL641MI.DLL!21 |
18 |
016f:1c6dcdf2 e875820100 call 1c6f506c = TL641MI.DLL!21 |
| 13 |
016f:1c6dcdfa 8b4c241c mov ecx,dword ptr [esp+1c] |
19 |
016f:1c6dcdfa 8b4c241c mov ecx,dword ptr [esp+1c] |
| 14 |
016f:1c6dcdfe 8bc6 mov eax,esi |
20 |
016f:1c6dcdfe 8bc6 mov eax,esi |
| 15 |
016f:1c6dce00 5f pop edi |
21 |
016f:1c6dce00 5f pop edi |
| 16 |
016f:1c6dce01 5e pop esi |
22 |
016f:1c6dce01 5e pop esi |
| 17 |
016f:1c6dce02 c70100000000 mov dword ptr [ecx],00000000 |
23 |
016f:1c6dce02 c70100000000 mov dword ptr [ecx],00000000 |
| 18 |
016f:1c6dce08 c21400 retd 0014 |
24 |
016f:1c6dce08 c21400 retd 0014 |
| 19 |
016f:1c6dce0b 8b4c2418 mov ecx,dword ptr [esp+18] |
25 |
016f:1c6dce0b 8b4c2418 mov ecx,dword ptr [esp+18] |
| 20 |
016f:1c6dce0f e85c7d0100 call 1c6f4b70 = VCL641MI.DLL:.text+0xf3b70 |
26 |
016f:1c6dce0f e85c7d0100 call 1c6f4b70 = VCL641MI.DLL:.text+0xf3b70 |
| 21 |
016f:1c6dce14 8b54241c mov edx,dword ptr [esp+1c] |
27 |
016f:1c6dce14 8b54241c mov edx,dword ptr [esp+1c] |
| 22 |
016f:1c6dce18 25ff000000 and eax,000000ff |
28 |
016f:1c6dce18 25ff000000 and eax,000000ff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dced0 8d44240c lea eax,[esp+0c] |
9 |
016f:1c6dced0 8d44240c lea eax,[esp+0c] |
| 4 |
016f:1c6dced4 57 push edi |
10 |
016f:1c6dced4 57 push edi |
| 5 |
016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] |
11 |
016f:1c6dced5 8b7c2420 mov edi,dword ptr [esp+20] |
| 6 |
016f:1c6dced9 50 push eax |
12 |
016f:1c6dced9 50 push eax |
| 7 |
016f:1c6dceda 56 push esi |
13 |
016f:1c6dceda 56 push esi |
| 8 |
016f:1c6dcedb 57 push edi |
14 |
016f:1c6dcedb 57 push edi |
| 9 |
016f:1c6dcedc 53 push ebx |
15 |
016f:1c6dcedc 53 push ebx |
| 10 |
016f:1c6dcedd 55 push ebp |
16 |
016f:1c6dcedd 55 push ebp |
| 11 |
016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 |
17 |
016f:1c6dcede c744242401000000 mov dword ptr [esp+24],00000001 |
| 12 |
016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 |
18 |
016f:1c6dcee6 e8c5fdffff call 1c6dccb0 = VCL641MI.DLL:.text+0xdbcb0 |
| 13 |
016f:1c6dceef 89442424 mov dword ptr [esp+24],eax |
19 |
016f:1c6dceef 89442424 mov dword ptr [esp+24],eax |
| 14 |
016f:1c6dcef3 85c9 test ecx,ecx |
20 |
016f:1c6dcef3 85c9 test ecx,ecx |
| 15 |
016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 |
21 |
016f:1c6dcef5 742b jz 1c6dcf22 = VCL641MI.DLL:.text+0xdbf22 |
| 16 |
016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] |
22 |
016f:1c6dcef7 8d4c2424 lea ecx,[esp+24] |
| 17 |
016f:1c6dcefb 51 push ecx |
23 |
016f:1c6dcefb 51 push ecx |
| 18 |
016f:1c6dcefc 56 push esi |
24 |
016f:1c6dcefc 56 push esi |
| 19 |
016f:1c6dcefd 57 push edi |
25 |
016f:1c6dcefd 57 push edi |
| 20 |
016f:1c6dcefe 53 push ebx |
26 |
016f:1c6dcefe 53 push ebx |
| 21 |
016f:1c6dceff 55 push ebp |
27 |
016f:1c6dceff 55 push ebp |
| 22 |
016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 |
28 |
016f:1c6dcf00 e8cb5af5ff call 1c6329d0 = VCL641MI.DLL:.text+0x319d0 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
9 |
016f:bff617ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 4 |
016f:bff61809 c3 retd |
10 |
016f:bff61809 c3 retd |
| 5 |
016f:bff6180a 52 push edx |
11 |
016f:bff6180a 52 push edx |
| 6 |
016f:bff6180b 50 push eax |
12 |
016f:bff6180b 50 push eax |
| 7 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
13 |
016f:bff6180c a1f8bcfbbf mov eax,dword ptr [bffbbcf8] |
| 8 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
14 |
016f:bff61811 8b00 mov eax,dword ptr [eax] |
| 9 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
15 |
016f:bff61813 390598b4fbbf cmp dword ptr [bffbb498],eax |
| 10 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
16 |
016f:bff61819 7413 jz bff6182e = KERNEL32.DLL:_FREQASM+0x82e |
| 11 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6181b 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
18 |
016f:bff61821 e869290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 13 |
016f:bff6182e 58 pop eax |
19 |
016f:bff6182e 58 pop eax |
| 14 |
016f:bff6182f 5a pop edx |
20 |
016f:bff6182f 5a pop edx |
| 15 |
016f:bff61830 c3 retd |
21 |
016f:bff61830 c3 retd |
| 16 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
22 |
016f:bff61831 ff7316 push dword ptr [ebx+16] |
| 17 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
23 |
016f:bff61834 ff731a push dword ptr [ebx+1a] |
| 18 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
24 |
016f:bff61837 ff731e push dword ptr [ebx+1e] |
| 19 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
25 |
016f:bff6183a ff7322 push dword ptr [ebx+22] |
| 20 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
26 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 21 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
27 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 22 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
28 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f0 00 00 00 00 00 00 00 40 57 65 00 40 57 65 00 ........@We.@We. |
8 |
-> f0 00 00 00 00 00 00 00 40 57 65 00 40 57 65 00 ........@We.@We. |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0f 84 b5 02 01 00 8b 08 50 ff 51 04 8b 46 50 85 ........P.Q..FP. |
8 |
-> 0f 84 b5 02 01 00 8b 08 50 ff 51 04 8b 46 50 85 ........P.Q..FP. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fea3625 ffd1 call ecx |
9 |
016f:7fea3625 ffd1 call ecx |
| 4 |
016f:7fea362c 66f3ab rep stos word ptr es:[edi],ax |
10 |
016f:7fea362c 66f3ab rep stos word ptr es:[edi],ax |
| 5 |
016f:7fea362f 33c0 xor eax,eax |
11 |
016f:7fea362f 33c0 xor eax,eax |
| 6 |
016f:7fea3631 5f pop edi |
12 |
016f:7fea3631 5f pop edi |
| 7 |
016f:7fea3632 5e pop esi |
13 |
016f:7fea3632 5e pop esi |
| 8 |
016f:7fea3633 c9 leave |
14 |
016f:7fea3633 c9 leave |
| 9 |
016f:7fea3634 c20400 retd 0004 |
15 |
016f:7fea3634 c20400 retd 0004 |
| 10 |
016f:7fea3637 83ec0c sub esp,+0c |
16 |
016f:7fea3637 83ec0c sub esp,+0c |
| 11 |
016f:7fea363a 53 push ebx |
17 |
016f:7fea363a 53 push ebx |
| 12 |
016f:7fea363b 55 push ebp |
18 |
016f:7fea363b 55 push ebp |
| 13 |
016f:7fea363c 56 push esi |
19 |
016f:7fea363c 56 push esi |
| 14 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
------------------- |
|
|
| 2 |
016f:800dfffa f0 ?db f0 |
8 |
016f:800dfffa f0 ?db f0 |
| 3 |
016f:800dfffb e803005389 call 09610003 |
9 |
016f:800dfffb e803005389 call 09610003 |
| 4 |
016f:800e0002 0300 add eax,dword ptr [eax] |
10 |
016f:800e0002 0300 add eax,dword ptr [eax] |
| 5 |
016f:800e0004 c45350 les edx,fword ptr [ebx+50] |
11 |
016f:800e0004 c45350 les edx,fword ptr [ebx+50] |
| 6 |
016f:800e0007 6a03 push +03 |
12 |
016f:800e0007 6a03 push +03 |
| 7 |
016f:800e0009 6a01 push +01 |
13 |
016f:800e0009 6a01 push +01 |
| 8 |
016f:800e000b 897dc4 mov dword ptr [ebp-3c],edi |
14 |
016f:800e000b 897dc4 mov dword ptr [ebp-3c],edi |
| 9 |
016f:800e000e 8975c8 mov dword ptr [ebp-38],esi |
15 |
016f:800e000e 8975c8 mov dword ptr [ebp-38],esi |
| 10 |
016f:800e0011 685c1000c0 push c000105c |
16 |
016f:800e0011 685c1000c0 push c000105c |
| 11 |
016f:800e0016 eb33 jmp 800e004b |
17 |
016f:800e0016 eb33 jmp 800e004b |
| 12 |
016f:800e0018 8b45fc mov eax,dword ptr [ebp-04] |
18 |
016f:800e0018 8b45fc mov eax,dword ptr [ebp-04] |
| 13 |
016f:800e001b 8b4df0 mov ecx,dword ptr [ebp-10] |
19 |
016f:800e001b 8b4df0 mov ecx,dword ptr [ebp-10] |
| 14 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
8 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
9 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
| 4 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
10 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
| 5 |
016f:bff6b46f 6800020000 push 00000200 |
11 |
016f:bff6b46f 6800020000 push 00000200 |
| 6 |
016f:bff6b474 51 push ecx |
12 |
016f:bff6b474 51 push ecx |
| 7 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
13 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
| 8 |
016f:bff6b478 56 push esi |
14 |
016f:bff6b478 56 push esi |
| 9 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
15 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 10 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b481 56 push esi |
17 |
016f:bff6b481 56 push esi |
| 12 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6b48c 5f pop edi |
19 |
016f:bff6b48c 5f pop edi |
| 14 |
016f:bff6b48d 5e pop esi |
20 |
016f:bff6b48d 5e pop esi |
| 15 |
016f:bff6b48e 5b pop ebx |
21 |
016f:bff6b48e 5b pop ebx |
| 16 |
016f:bff6b48f 8be5 mov esp,ebp |
22 |
016f:bff6b48f 8be5 mov esp,ebp |
| 17 |
016f:bff6b491 5d pop ebp |
23 |
016f:bff6b491 5d pop ebp |
| 18 |
016f:bff6b492 c20c00 retd 000c |
24 |
016f:bff6b492 c20c00 retd 000c |
| 19 |
016f:bff6b495 55 push ebp |
25 |
016f:bff6b495 55 push ebp |
| 20 |
016f:bff6b496 8bec mov ebp,esp |
26 |
016f:bff6b496 8bec mov ebp,esp |
| 21 |
016f:bff6b498 83ec04 sub esp,+04 |
27 |
016f:bff6b498 83ec04 sub esp,+04 |
| 22 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
28 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
8 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7800b30c 59 pop ecx |
9 |
016f:7800b30c 59 pop ecx |
| 4 |
016f:7800b30d 59 pop ecx |
10 |
016f:7800b30d 59 pop ecx |
| 5 |
016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 |
11 |
016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 |
| 6 |
016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 |
12 |
016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 |
| 7 |
016f:7800b317 837de400 cmp dword ptr [ebp-1c],+00 |
13 |
016f:7800b317 837de400 cmp dword ptr [ebp-1c],+00 |
| 8 |
016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 |
14 |
016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 |
| 9 |
016f:7800b321 ff7508 push dword ptr [ebp+08] |
15 |
016f:7800b321 ff7508 push dword ptr [ebp+08] |
| 10 |
016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 |
16 |
016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 |
| 11 |
016f:7800b329 6a09 push +09 |
17 |
016f:7800b329 6a09 push +09 |
| 12 |
016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock |
18 |
016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock |
| 13 |
016f:7800b331 c3 retd |
19 |
016f:7800b331 c3 retd |
| 14 |
016f:7800b332 6a09 push +09 |
20 |
016f:7800b332 6a09 push +09 |
| 15 |
016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock |
21 |
016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock |
| 16 |
016f:7800b339 59 pop ecx |
22 |
016f:7800b339 59 pop ecx |
| 17 |
016f:7800b33a c745fc01000000 mov dword ptr [ebp-04],00000001 |
23 |
016f:7800b33a c745fc01000000 mov dword ptr [ebp-04],00000001 |
| 18 |
016f:7800b341 8d45e0 lea eax,[ebp-20] |
24 |
016f:7800b341 8d45e0 lea eax,[ebp-20] |
| 19 |
016f:7800b344 50 push eax |
25 |
016f:7800b344 50 push eax |
| 20 |
016f:7800b345 8d45d8 lea eax,[ebp-28] |
26 |
016f:7800b345 8d45d8 lea eax,[ebp-28] |
| 21 |
016f:7800b348 50 push eax |
27 |
016f:7800b348 50 push eax |
| 22 |
016f:7800b349 56 push esi |
28 |
016f:7800b349 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7800b2fe 8945e4 mov dword ptr [ebp-1c],eax |
9 |
016f:7800b2fe 8945e4 mov dword ptr [ebp-1c],eax |
| 4 |
016f:7800b301 85c0 test eax,eax |
10 |
016f:7800b301 85c0 test eax,eax |
| 5 |
016f:7800b303 7409 jz 7800b30e = MSVCRT.DLL:.text+0xa30e |
11 |
016f:7800b303 7409 jz 7800b30e = MSVCRT.DLL:.text+0xa30e |
| 6 |
016f:7800b305 56 push esi |
12 |
016f:7800b305 56 push esi |
| 7 |
016f:7800b306 50 push eax |
13 |
016f:7800b306 50 push eax |
| 8 |
016f:7800b307 e886050000 call 7800b892 = MSVCRT.DLL:.text+0xa892 |
14 |
016f:7800b307 e886050000 call 7800b892 = MSVCRT.DLL:.text+0xa892 |
| 9 |
016f:7800b30c 59 pop ecx |
15 |
016f:7800b30c 59 pop ecx |
| 10 |
016f:7800b30d 59 pop ecx |
16 |
016f:7800b30d 59 pop ecx |
| 11 |
016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:7800b30e 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 |
18 |
016f:7800b312 e812000000 call 7800b329 = MSVCRT.DLL:.text+0xa329 |
| 13 |
016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 |
19 |
016f:7800b31b 0f85716affff jnz 78001d92 = MSVCRT.DLL:.text+0xd92 |
| 14 |
016f:7800b321 ff7508 push dword ptr [ebp+08] |
20 |
016f:7800b321 ff7508 push dword ptr [ebp+08] |
| 15 |
016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 |
21 |
016f:7800b324 e95b6affff jmp 78001d84 = MSVCRT.DLL:.text+0xd84 |
| 16 |
016f:7800b329 6a09 push +09 |
22 |
016f:7800b329 6a09 push +09 |
| 17 |
016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock |
23 |
016f:7800b32b e86f63ffff call 7800169f = MSVCRT.DLL!_unlock |
| 18 |
016f:7800b330 59 pop ecx |
24 |
016f:7800b330 59 pop ecx |
| 19 |
016f:7800b331 c3 retd |
25 |
016f:7800b331 c3 retd |
| 20 |
016f:7800b332 6a09 push +09 |
26 |
016f:7800b332 6a09 push +09 |
| 21 |
016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock |
27 |
016f:7800b334 e80b63ffff call 78001644 = MSVCRT.DLL!_lock |
| 22 |
016f:7800b339 59 pop ecx |
28 |
016f:7800b339 59 pop ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
8 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
8 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 36 97 f7 bf 3c 97 f7 bf 00 00 00 00 ....6...<....... |
8 |
-> ff ff ff ff 36 97 f7 bf 3c 97 f7 bf 00 00 00 00 ....6...<....... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
8 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 00 00 00 00 29 b3 00 78 ff ff ff ff ........)..x.... |
8 |
-> ff ff ff ff 00 00 00 00 29 b3 00 78 ff ff ff ff ........)..x.... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c22ce 90 nop |
9 |
016f:004c22ce 90 nop |
| 4 |
016f:004c22cf 90 nop |
10 |
016f:004c22cf 90 nop |
| 5 |
016f:004c22d0 56 push esi |
11 |
016f:004c22d0 56 push esi |
| 6 |
016f:004c22d1 8b742408 mov esi,dword ptr [esp+08] |
12 |
016f:004c22d1 8b742408 mov esi,dword ptr [esp+08] |
| 7 |
016f:004c22d5 85f6 test esi,esi |
13 |
016f:004c22d5 85f6 test esi,esi |
| 8 |
016f:004c22d7 7411 jz 004c22ea = SAL3.DLL:.text+0x12ea |
14 |
016f:004c22d7 7411 jz 004c22ea = SAL3.DLL:.text+0x12ea |
| 9 |
016f:004c22d9 56 push esi |
15 |
016f:004c22d9 56 push esi |
| 10 |
016f:004c22da ff15ec614e00 call dword ptr [004e61ec] -> KERNEL32.DLL!DeleteCriticalSection |
16 |
016f:004c22da ff15ec614e00 call dword ptr [004e61ec] -> KERNEL32.DLL!DeleteCriticalSection |
| 11 |
016f:004c22e0 56 push esi |
17 |
016f:004c22e0 56 push esi |
| 12 |
016f:004c22e1 ff15a8624e00 call dword ptr [004e62a8] -> MSVCRT.DLL!free |
18 |
016f:004c22e1 ff15a8624e00 call dword ptr [004e62a8] -> MSVCRT.DLL!free |
| 13 |
016f:004c22ea 5e pop esi |
19 |
016f:004c22ea 5e pop esi |
| 14 |
016f:004c22eb c3 retd |
20 |
016f:004c22eb c3 retd |
| 15 |
016f:004c22ec 90 nop |
21 |
016f:004c22ec 90 nop |
| 16 |
016f:004c22ed 90 nop |
22 |
016f:004c22ed 90 nop |
| 17 |
016f:004c22ee 90 nop |
23 |
016f:004c22ee 90 nop |
| 18 |
016f:004c22ef 90 nop |
24 |
016f:004c22ef 90 nop |
| 19 |
016f:004c22f0 a1e0586500 mov eax,dword ptr [006558e0] |
25 |
016f:004c22f0 a1e0586500 mov eax,dword ptr [006558e0] |
| 20 |
016f:004c22f5 85c0 test eax,eax |
26 |
016f:004c22f5 85c0 test eax,eax |
| 21 |
016f:004c22f7 755c jnz 004c2355 = SAL3.DLL:.text+0x1355 |
27 |
016f:004c22f7 755c jnz 004c2355 = SAL3.DLL:.text+0x1355 |
| 22 |
016f:004c22f9 53 push ebx |
28 |
016f:004c22f9 53 push ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c64dd2b 663d0100 cmp ax,0001 |
9 |
016f:1c64dd2b 663d0100 cmp ax,0001 |
| 4 |
016f:1c64dd2f 751f jnz 1c64dd50 = VCL641MI.DLL:.text+0x4cd50 |
10 |
016f:1c64dd2f 751f jnz 1c64dd50 = VCL641MI.DLL:.text+0x4cd50 |
| 5 |
016f:1c64dd31 85f6 test esi,esi |
11 |
016f:1c64dd31 85f6 test esi,esi |
| 6 |
016f:1c64dd33 741f jz 1c64dd54 = VCL641MI.DLL:.text+0x4cd54 |
12 |
016f:1c64dd33 741f jz 1c64dd54 = VCL641MI.DLL:.text+0x4cd54 |
| 7 |
016f:1c64dd35 8d4e08 lea ecx,[esi+08] |
13 |
016f:1c64dd35 8d4e08 lea ecx,[esi+08] |
| 8 |
016f:1c64dd38 e829730a00 call 1c6f5066 = TL641MI.DLL!242 |
14 |
016f:1c64dd38 e829730a00 call 1c6f5066 = TL641MI.DLL!242 |
| 9 |
016f:1c64dd3d 8d4e04 lea ecx,[esi+04] |
15 |
016f:1c64dd3d 8d4e04 lea ecx,[esi+04] |
| 10 |
016f:1c64dd40 e821730a00 call 1c6f5066 = TL641MI.DLL!242 |
16 |
016f:1c64dd40 e821730a00 call 1c6f5066 = TL641MI.DLL!242 |
| 11 |
016f:1c64dd45 56 push esi |
17 |
016f:1c64dd45 56 push esi |
| 12 |
016f:1c64dd46 e821730a00 call 1c6f506c = TL641MI.DLL!21 |
18 |
016f:1c64dd46 e821730a00 call 1c6f506c = TL641MI.DLL!21 |
| 13 |
016f:1c64dd4e 5e pop esi |
19 |
016f:1c64dd4e 5e pop esi |
| 14 |
016f:1c64dd4f c3 retd |
20 |
016f:1c64dd4f c3 retd |
| 15 |
016f:1c64dd50 48 dec eax |
21 |
016f:1c64dd50 48 dec eax |
| 16 |
016f:1c64dd51 668906 mov word ptr [esi],ax |
22 |
016f:1c64dd51 668906 mov word ptr [esi],ax |
| 17 |
016f:1c64dd54 5e pop esi |
23 |
016f:1c64dd54 5e pop esi |
| 18 |
016f:1c64dd55 c3 retd |
24 |
016f:1c64dd55 c3 retd |
| 19 |
016f:1c64dd56 90 nop |
25 |
016f:1c64dd56 90 nop |
| 20 |
016f:1c64dd57 90 nop |
26 |
016f:1c64dd57 90 nop |
| 21 |
016f:1c64dd58 90 nop |
27 |
016f:1c64dd58 90 nop |
| 22 |
016f:1c64dd59 90 nop |
28 |
016f:1c64dd59 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c67689f 8d8ecc000000 lea ecx,[esi+000000cc] |
9 |
016f:1c67689f 8d8ecc000000 lea ecx,[esi+000000cc] |
| 4 |
016f:1c6768a5 c644241c02 mov byte ptr [esp+1c],02 |
10 |
016f:1c6768a5 c644241c02 mov byte ptr [esp+1c],02 |
| 5 |
016f:1c6768aa e881750200 call 1c69de30 = VCL641MI.DLL!2597 |
11 |
016f:1c6768aa e881750200 call 1c69de30 = VCL641MI.DLL!2597 |
| 6 |
016f:1c6768af 8d8eb4000000 lea ecx,[esi+000000b4] |
12 |
016f:1c6768af 8d8eb4000000 lea ecx,[esi+000000b4] |
| 7 |
016f:1c6768b5 c644241c01 mov byte ptr [esp+1c],01 |
13 |
016f:1c6768b5 c644241c01 mov byte ptr [esp+1c],01 |
| 8 |
016f:1c6768ba e86174fdff call 1c64dd20 = VCL641MI.DLL!937 |
14 |
016f:1c6768ba e86174fdff call 1c64dd20 = VCL641MI.DLL!937 |
| 9 |
016f:1c6768bf 8d8ea8000000 lea ecx,[esi+000000a8] |
15 |
016f:1c6768bf 8d8ea8000000 lea ecx,[esi+000000a8] |
| 10 |
016f:1c6768c5 c644241c00 mov byte ptr [esp+1c],00 |
16 |
016f:1c6768c5 c644241c00 mov byte ptr [esp+1c],00 |
| 11 |
016f:1c6768ca e871700000 call 1c67d940 = VCL641MI.DLL!2534 |
17 |
016f:1c6768ca e871700000 call 1c67d940 = VCL641MI.DLL!2534 |
| 12 |
016f:1c6768d3 5f pop edi |
18 |
016f:1c6768d3 5f pop edi |
| 13 |
016f:1c6768d4 5e pop esi |
19 |
016f:1c6768d4 5e pop esi |
| 14 |
016f:1c6768d5 64890d00000000 mov dword ptr fs:[00000000],ecx |
20 |
016f:1c6768d5 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 15 |
016f:1c6768dc 83c418 add esp,+18 |
21 |
016f:1c6768dc 83c418 add esp,+18 |
| 16 |
016f:1c6768df c3 retd |
22 |
016f:1c6768df c3 retd |
| 17 |
016f:1c6768e0 e98de70700 jmp 1c6f5072 = TL641MI.DLL!334 |
23 |
016f:1c6768e0 e98de70700 jmp 1c6f5072 = TL641MI.DLL!334 |
| 18 |
016f:1c6768e5 90 nop |
24 |
016f:1c6768e5 90 nop |
| 19 |
016f:1c6768e6 90 nop |
25 |
016f:1c6768e6 90 nop |
| 20 |
016f:1c6768e7 90 nop |
26 |
016f:1c6768e7 90 nop |
| 21 |
016f:1c6768e8 90 nop |
27 |
016f:1c6768e8 90 nop |
| 22 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 f8 a8 70 1c e9 d7 e1 ff ff cc 8b 4d f0 e9 18 ...p........M... |
8 |
-> b8 f8 a8 70 1c e9 d7 e1 ff ff cc 8b 4d f0 e9 18 ...p........M... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a4a30 05008d8e68 add eax,688e8d00 |
9 |
016f:1c6a4a30 05008d8e68 add eax,688e8d00 |
| 4 |
016f:1c6a4a35 0100 add dword ptr [eax],eax |
10 |
016f:1c6a4a35 0100 add dword ptr [eax],eax |
| 5 |
016f:1c6a4a37 00c6 add dh,al |
11 |
016f:1c6a4a37 00c6 add dh,al |
| 6 |
016f:1c6a4a39 45 inc ebp |
12 |
016f:1c6a4a39 45 inc ebp |
| 7 |
016f:1c6a4a3a fc cld |
13 |
016f:1c6a4a3a fc cld |
| 8 |
016f:1c6a4a3b 00e8 add al,ch |
14 |
016f:1c6a4a3b 00e8 add al,ch |
| 9 |
016f:1c6a4a3d 250605008b and eax,8b000506 |
15 |
016f:1c6a4a3d 250605008b and eax,8b000506 |
| 10 |
016f:1c6a4a42 ce into |
16 |
016f:1c6a4a42 ce into |
| 11 |
016f:1c6a4a43 c745fcffffffff mov dword ptr [ebp-04],ffffffff |
17 |
016f:1c6a4a43 c745fcffffffff mov dword ptr [ebp-04],ffffffff |
| 12 |
016f:1c6a4a4a e8411dfdff call 1c676790 = VCL641MI.DLL!2089 |
18 |
016f:1c6a4a4a e8411dfdff call 1c676790 = VCL641MI.DLL!2089 |
| 13 |
016f:1c6a4a52 5f pop edi |
19 |
016f:1c6a4a52 5f pop edi |
| 14 |
016f:1c6a4a53 5e pop esi |
20 |
016f:1c6a4a53 5e pop esi |
| 15 |
016f:1c6a4a54 64890d00000000 mov dword ptr fs:[00000000],ecx |
21 |
016f:1c6a4a54 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 16 |
016f:1c6a4a5b 5b pop ebx |
22 |
016f:1c6a4a5b 5b pop ebx |
| 17 |
016f:1c6a4a5c 8be5 mov esp,ebp |
23 |
016f:1c6a4a5c 8be5 mov esp,ebp |
| 18 |
016f:1c6a4a5e 5d pop ebp |
24 |
016f:1c6a4a5e 5d pop ebp |
| 19 |
016f:1c6a4a5f c3 retd |
25 |
016f:1c6a4a5f c3 retd |
| 20 |
016f:1c6a4a60 83ec10 sub esp,+10 |
26 |
016f:1c6a4a60 83ec10 sub esp,+10 |
| 21 |
016f:1c6a4a63 8b442414 mov eax,dword ptr [esp+14] |
27 |
016f:1c6a4a63 8b442414 mov eax,dword ptr [esp+14] |
| 22 |
016f:1c6a4a67 56 push esi |
28 |
016f:1c6a4a67 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 1f 00 00 00 00 00 00 00 10 66 07 01 60 5e 65 00 .........f..`^e. |
8 |
-> 1f 00 00 00 00 00 00 00 10 66 07 01 60 5e 65 00 .........f..`^e. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 20 bb 70 1c e9 13 d1 ff ff cc cc cc cc cc cc . .p............ |
8 |
-> b8 20 bb 70 1c e9 13 d1 ff ff cc cc cc cc cc cc . .p............ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:00413ed8 8d8e14050000 lea ecx,[esi+00000514] |
9 |
016f:00413ed8 8d8e14050000 lea ecx,[esi+00000514] |
| 4 |
016f:00413ede e82b710600 call 0047b00e = VCL641MI.DLL!3631 |
10 |
016f:00413ede e82b710600 call 0047b00e = VCL641MI.DLL!3631 |
| 5 |
016f:00413ee3 8d8e7c020000 lea ecx,[esi+0000027c] |
11 |
016f:00413ee3 8d8e7c020000 lea ecx,[esi+0000027c] |
| 6 |
016f:00413ee9 e87a740600 call 0047b368 = SVT641MI.DLL!3888 |
12 |
016f:00413ee9 e87a740600 call 0047b368 = SVT641MI.DLL!3888 |
| 7 |
016f:00413eee 8d8e78020000 lea ecx,[esi+00000278] |
13 |
016f:00413eee 8d8e78020000 lea ecx,[esi+00000278] |
| 8 |
016f:00413ef4 e88d6b0600 call 0047aa86 = TL641MI.DLL!242 |
14 |
016f:00413ef4 e88d6b0600 call 0047aa86 = TL641MI.DLL!242 |
| 9 |
016f:00413ef9 8d8e5c020000 lea ecx,[esi+0000025c] |
15 |
016f:00413ef9 8d8e5c020000 lea ecx,[esi+0000025c] |
| 10 |
016f:00413eff e804710600 call 0047b008 = VCL641MI.DLL!454 |
16 |
016f:00413eff e804710600 call 0047b008 = VCL641MI.DLL!454 |
| 11 |
016f:00413f04 8bce mov ecx,esi |
17 |
016f:00413f04 8bce mov ecx,esi |
| 12 |
016f:00413f06 e803710600 call 0047b00e = VCL641MI.DLL!3631 |
18 |
016f:00413f06 e803710600 call 0047b00e = VCL641MI.DLL!3631 |
| 13 |
016f:00413f0c c3 retd |
19 |
016f:00413f0c c3 retd |
| 14 |
016f:00413f0d 90 nop |
20 |
016f:00413f0d 90 nop |
| 15 |
016f:00413f0e 90 nop |
21 |
016f:00413f0e 90 nop |
| 16 |
016f:00413f0f 90 nop |
22 |
016f:00413f0f 90 nop |
| 17 |
016f:00413f10 53 push ebx |
23 |
016f:00413f10 53 push ebx |
| 18 |
016f:00413f11 56 push esi |
24 |
016f:00413f11 56 push esi |
| 19 |
016f:00413f12 57 push edi |
25 |
016f:00413f12 57 push edi |
| 20 |
016f:00413f13 8bf9 mov edi,ecx |
26 |
016f:00413f13 8bf9 mov edi,ecx |
| 21 |
016f:00413f15 33f6 xor esi,esi |
27 |
016f:00413f15 33f6 xor esi,esi |
| 22 |
016f:00413f17 8b8f1c110000 mov ecx,dword ptr [edi+0000111c] |
28 |
016f:00413f17 8b8f1c110000 mov ecx,dword ptr [edi+0000111c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c001b92 8d4c2424 lea ecx,[esp+24] |
9 |
016f:1c001b92 8d4c2424 lea ecx,[esp+24] |
| 4 |
016f:1c001b96 e8a50a0000 call 1c002640 = REG4MSDOC641MI.DLL:.text+0x1640 |
10 |
016f:1c001b96 e8a50a0000 call 1c002640 = REG4MSDOC641MI.DLL:.text+0x1640 |
| 5 |
016f:1c001b9b 84c0 test al,al |
11 |
016f:1c001b9b 84c0 test al,al |
| 6 |
016f:1c001b9d 7406 jz 1c001ba5 = REG4MSDOC641MI.DLL:.text+0xba5 |
12 |
016f:1c001b9d 7406 jz 1c001ba5 = REG4MSDOC641MI.DLL:.text+0xba5 |
| 7 |
016f:1c001b9f 8b07 mov eax,dword ptr [edi] |
13 |
016f:1c001b9f 8b07 mov eax,dword ptr [edi] |
| 8 |
016f:1c001ba1 0c08 or al,08 |
14 |
016f:1c001ba1 0c08 or al,08 |
| 9 |
016f:1c001ba3 8907 mov dword ptr [edi],eax |
15 |
016f:1c001ba3 8907 mov dword ptr [edi],eax |
| 10 |
016f:1c001ba5 8d4c2424 lea ecx,[esp+24] |
16 |
016f:1c001ba5 8d4c2424 lea ecx,[esp+24] |
| 11 |
016f:1c001ba9 c784246c110000ffffffff mov dword ptr [esp+0000116c],ffffffff |
17 |
016f:1c001ba9 c784246c110000ffffffff mov dword ptr [esp+0000116c],ffffffff |
| 12 |
016f:1c001bb4 e89b690000 call 1c008554 = SET641MI.DLL!2055 |
18 |
016f:1c001bb4 e89b690000 call 1c008554 = SET641MI.DLL!2055 |
| 13 |
016f:1c001bbd 5f pop edi |
19 |
016f:1c001bbd 5f pop edi |
| 14 |
016f:1c001bbe 5b pop ebx |
20 |
016f:1c001bbe 5b pop ebx |
| 15 |
016f:1c001bbf 8b8c245c110000 mov ecx,dword ptr [esp+0000115c] |
21 |
016f:1c001bbf 8b8c245c110000 mov ecx,dword ptr [esp+0000115c] |
| 16 |
016f:1c001bc6 64890d00000000 mov dword ptr fs:[00000000],ecx |
22 |
016f:1c001bc6 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 17 |
016f:1c001bcd 81c468110000 add esp,00001168 |
23 |
016f:1c001bcd 81c468110000 add esp,00001168 |
| 18 |
016f:1c001bd3 c3 retd |
24 |
016f:1c001bd3 c3 retd |
| 19 |
016f:1c001bd4 8b8c2464110000 mov ecx,dword ptr [esp+00001164] |
25 |
016f:1c001bd4 8b8c2464110000 mov ecx,dword ptr [esp+00001164] |
| 20 |
016f:1c001bdb 5f pop edi |
26 |
016f:1c001bdb 5f pop edi |
| 21 |
016f:1c001bdc b001 mov al,01 |
27 |
016f:1c001bdc b001 mov al,01 |
| 22 |
016f:1c001bde 5b pop ebx |
28 |
016f:1c001bde 5b pop ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 8d 8e 9c 10 00 00 8d 44 24 04 50 ff 52 5c 8d ........D$.P.R\. |
8 |
-> 00 8d 8e 9c 10 00 00 8d 44 24 04 50 ff 52 5c 8d ........D$.P.R\. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 7b 00 62 00 66 00 35 00 30 00 62 00 36 00 38 00 {.b.f.5.0.b.6.8. |
8 |
-> 7b 00 62 00 66 00 35 00 30 00 62 00 36 00 38 00 {.b.f.5.0.b.6.8. |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:70c2088c 837dfc00 cmp dword ptr [ebp-04],+00 |
9 |
016f:70c2088c 837dfc00 cmp dword ptr [ebp-04],+00 |
| 4 |
016f:70c20890 7405 jz 70c20897 = SHLWAPI.DLL:.text+0x4f897 |
10 |
016f:70c20890 7405 jz 70c20897 = SHLWAPI.DLL:.text+0x4f897 |
| 5 |
016f:70c20892 33c0 xor eax,eax |
11 |
016f:70c20892 33c0 xor eax,eax |
| 6 |
016f:70c20894 40 inc eax |
12 |
016f:70c20894 40 inc eax |
| 7 |
016f:70c20895 eb02 jmp 70c20899 = SHLWAPI.DLL:.text+0x4f899 |
13 |
016f:70c20895 eb02 jmp 70c20899 = SHLWAPI.DLL:.text+0x4f899 |
| 8 |
016f:70c20897 33c0 xor eax,eax |
14 |
016f:70c20897 33c0 xor eax,eax |
| 9 |
016f:70c20899 a3f4b2c270 mov dword ptr [70c2b2f4],eax |
15 |
016f:70c20899 a3f4b2c270 mov dword ptr [70c2b2f4],eax |
| 10 |
016f:70c2089e 5e pop esi |
16 |
016f:70c2089e 5e pop esi |
| 11 |
016f:70c2089f c9 leave |
17 |
016f:70c2089f c9 leave |
| 12 |
016f:70c208a0 c3 retd |
18 |
016f:70c208a0 c3 retd |
| 13 |
016f:70c208a2 33db xor ebx,ebx |
19 |
016f:70c208a2 33db xor ebx,ebx |
| 14 |
016f:70c208a4 56 push esi |
20 |
016f:70c208a4 56 push esi |
| 15 |
016f:70c208a5 43 inc ebx |
21 |
016f:70c208a5 43 inc ebx |
| 16 |
016f:70c208a6 833dacbcc27000 cmp dword ptr [70c2bcac],+00 |
22 |
016f:70c208a6 833dacbcc27000 cmp dword ptr [70c2bcac],+00 |
| 17 |
016f:70c208ad 57 push edi |
23 |
016f:70c208ad 57 push edi |
| 18 |
016f:70c208ae 752f jnz 70c208df = SHLWAPI.DLL:.text+0x4f8df |
24 |
016f:70c208ae 752f jnz 70c208df = SHLWAPI.DLL:.text+0x4f8df |
| 19 |
016f:70c208b0 8b35cc13bd70 mov esi,dword ptr [70bd13cc] -> KERNEL32.DLL!GetVersionExA |
25 |
016f:70c208b0 8b35cc13bd70 mov esi,dword ptr [70bd13cc] -> KERNEL32.DLL!GetVersionExA |
| 20 |
016f:70c208b6 bf10bcc270 mov edi,70c2bc10 |
26 |
016f:70c208b6 bf10bcc270 mov edi,70c2bc10 |
| 21 |
016f:70c208bb 57 push edi |
27 |
016f:70c208bb 57 push edi |
| 22 |
016f:70c208bc 891dacbcc270 mov dword ptr [70c2bcac],ebx |
28 |
016f:70c208bc 891dacbcc270 mov dword ptr [70c2bcac],ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:717189f0 ff154c187071 call dword ptr [7170184c] -> SHLWAPI.DLL!SHGetValueW |
9 |
016f:717189f0 ff154c187071 call dword ptr [7170184c] -> SHLWAPI.DLL!SHGetValueW |
| 4 |
016f:717189f6 85c0 test eax,eax |
10 |
016f:717189f6 85c0 test eax,eax |
| 5 |
016f:717189f8 7517 jnz 71718a11 = SHDOCVW.DLL:.text+0x17a11 |
11 |
016f:717189f8 7517 jnz 71718a11 = SHDOCVW.DLL:.text+0x17a11 |
| 6 |
016f:717189fa 68188a7171 push 71718a18 |
12 |
016f:717189fa 68188a7171 push 71718a18 |
| 7 |
016f:717189ff 8d45ac lea eax,[ebp-54] |
13 |
016f:717189ff 8d45ac lea eax,[ebp-54] |
| 8 |
016f:71718a02 50 push eax |
14 |
016f:71718a02 50 push eax |
| 9 |
016f:71718a03 ff1550187071 call dword ptr [71701850] -> SHLWAPI.DLL!StrCmpIW |
15 |
016f:71718a03 ff1550187071 call dword ptr [71701850] -> SHLWAPI.DLL!StrCmpIW |
| 10 |
016f:71718a09 85c0 test eax,eax |
16 |
016f:71718a09 85c0 test eax,eax |
| 11 |
016f:71718a0b 0f8599f00100 jnz 71737aaa = SHDOCVW.DLL:.text+0x36aaa |
17 |
016f:71718a0b 0f8599f00100 jnz 71737aaa = SHDOCVW.DLL:.text+0x36aaa |
| 12 |
016f:71718a11 e82c650100 call 7172ef42 = SHDOCVW.DLL:.text+0x2df42 |
18 |
016f:71718a11 e82c650100 call 7172ef42 = SHDOCVW.DLL:.text+0x2df42 |
| 13 |
016f:71718a18 7b00 jnp 71718a1a = SHDOCVW.DLL:.text+0x17a1a |
19 |
016f:71718a18 7b00 jnp 71718a1a = SHDOCVW.DLL:.text+0x17a1a |
| 14 |
016f:71718a1a 45 inc ebp |
20 |
016f:71718a1a 45 inc ebp |
| 15 |
016f:71718a1b 004100 add byte ptr [ecx],al |
21 |
016f:71718a1b 004100 add byte ptr [ecx],al |
| 16 |
016f:71718a1e 42 inc edx |
22 |
016f:71718a1e 42 inc edx |
| 17 |
016f:71718a1f 0032 add byte ptr [edx],dh |
23 |
016f:71718a1f 0032 add byte ptr [edx],dh |
| 18 |
016f:71718a21 0032 add byte ptr [edx],dh |
24 |
016f:71718a21 0032 add byte ptr [edx],dh |
| 19 |
016f:71718a23 004100 add byte ptr [ecx],al |
25 |
016f:71718a23 004100 add byte ptr [ecx],al |
| 20 |
016f:71718a26 43 inc ebx |
26 |
016f:71718a26 43 inc ebx |
| 21 |
016f:71718a27 0030 add byte ptr [eax],dh |
27 |
016f:71718a27 0030 add byte ptr [eax],dh |
| 22 |
016f:71718a29 002d00330030 add byte ptr [30003300],ch |
28 |
016f:71718a29 002d00330030 add byte ptr [30003300],ch |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 83 ec 34 53 56 57 8d 45 e0 89 65 f0 33 .....4SVW.E..e.3 |
8 |
-> 00 00 00 83 ec 34 53 56 57 8d 45 e0 89 65 f0 33 .....4SVW.E..e.3 |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 68 e0 55 4a 00 52 e8 b7 aa 04 00 83 c4 08 8d 4c h.UJ.R.........L |
8 |
-> 68 e0 55 4a 00 52 e8 b7 aa 04 00 83 c4 08 8d 4c h.UJ.R.........L |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f0 c6 44 24 20 02 e8 27 aa 06 00 85 f6 0f 84 09 ..D$ ..'........ |
8 |
-> f0 c6 44 24 20 02 e8 27 aa 06 00 85 f6 0f 84 09 ..D$ ..'........ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:007d0020 8d4c2428 lea ecx,[esp+28] |
9 |
016f:007d0020 8d4c2428 lea ecx,[esp+28] |
| 4 |
016f:007d0024 6868fc8300 push 0083fc68 |
10 |
016f:007d0024 6868fc8300 push 0083fc68 |
| 5 |
016f:007d0029 51 push ecx |
11 |
016f:007d0029 51 push ecx |
| 6 |
016f:007d002a 89742430 mov dword ptr [esp+30],esi |
12 |
016f:007d002a 89742430 mov dword ptr [esp+30],esi |
| 7 |
016f:007d002e e8df470500 call 00824812 = SAL3.DLL!rtl_string2UString |
13 |
016f:007d002e e8df470500 call 00824812 = SAL3.DLL!rtl_string2UString |
| 8 |
016f:007d0033 8b542430 mov edx,dword ptr [esp+30] |
14 |
016f:007d0033 8b542430 mov edx,dword ptr [esp+30] |
| 9 |
016f:007d0037 8d442418 lea eax,[esp+18] |
15 |
016f:007d0037 8d442418 lea eax,[esp+18] |
| 10 |
016f:007d003b 52 push edx |
16 |
016f:007d003b 52 push edx |
| 11 |
016f:007d003c 50 push eax |
17 |
016f:007d003c 50 push eax |
| 12 |
016f:007d003d e8be470500 call 00824800 = SAL3.DLL!rtl_uString_assign |
18 |
016f:007d003d e8be470500 call 00824800 = SAL3.DLL!rtl_uString_assign |
| 13 |
016f:007d0046 51 push ecx |
19 |
016f:007d0046 51 push ecx |
| 14 |
016f:007d0047 eb62 jmp 007d00ab = SVL641MI.DLL:.text+0xf0ab |
20 |
016f:007d0047 eb62 jmp 007d00ab = SVL641MI.DLL:.text+0xf0ab |
| 15 |
016f:007d0049 6833030000 push 00000333 |
21 |
016f:007d0049 6833030000 push 00000333 |
| 16 |
016f:007d004e 6a0b push +0b |
22 |
016f:007d004e 6a0b push +0b |
| 17 |
016f:007d0050 6a16 push +16 |
23 |
016f:007d0050 6a16 push +16 |
| 18 |
016f:007d0052 8d54242c lea edx,[esp+2c] |
24 |
016f:007d0052 8d54242c lea edx,[esp+2c] |
| 19 |
016f:007d0056 6880fc8300 push 0083fc80 |
25 |
016f:007d0056 6880fc8300 push 0083fc80 |
| 20 |
016f:007d005b 52 push edx |
26 |
016f:007d005b 52 push edx |
| 21 |
016f:007d005c 89742434 mov dword ptr [esp+34],esi |
27 |
016f:007d005c 89742434 mov dword ptr [esp+34],esi |
| 22 |
016f:007d0060 e8ad470500 call 00824812 = SAL3.DLL!rtl_string2UString |
28 |
016f:007d0060 e8ad470500 call 00824812 = SAL3.DLL!rtl_string2UString |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
9 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
| 4 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
10 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
| 5 |
016f:bff6b8c0 fb sti |
11 |
016f:bff6b8c0 fb sti |
| 6 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
12 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
| 7 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
13 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
| 8 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
14 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
| 9 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
15 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
| 10 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
18 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
| 13 |
016f:bff6b8de 85f6 test esi,esi |
19 |
016f:bff6b8de 85f6 test esi,esi |
| 14 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
20 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 15 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
21 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
| 16 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
22 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 17 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
23 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
| 18 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
24 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 19 |
016f:bff6b8f1 50 push eax |
25 |
016f:bff6b8f1 50 push eax |
| 20 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
26 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
| 21 |
016f:bff6b8f7 8bc6 mov eax,esi |
27 |
016f:bff6b8f7 8bc6 mov eax,esi |
| 22 |
016f:bff6b8f9 5e pop esi |
28 |
016f:bff6b8f9 5e pop esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> ff 85 f6 74 04 03 c6 eb 03 03 45 f4 83 45 0c 02 ...t......E..E.. |
8 |
-> ff 85 f6 74 04 03 c6 eb 03 03 45 f4 83 45 0c 02 ...t......E..E.. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 ................ |
8 |
-> 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 01 b5 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
8 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
8 |
-> a1 88 ca 71 1c 56 8b 30 e8 c3 b2 f4 ff 8b 46 34 ...q.V.0......F4 |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@....... |
8 |
-> b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@....... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> f8 85 c9 75 e2 e9 7d fc ff ff 8b 45 e8 83 45 e8 ...u..}....E..E. |
8 |
-> f8 85 c9 75 e2 e9 7d fc ff ff 8b 45 e8 83 45 e8 ...u..}....E..E. |
|
Line 1
Link Here
|
| 1 |
-> c0 ee 61 1c c0 ee 61 1c a0 01 62 1c 00 00 00 00 ..a...a...b..... |
8 |
-> c0 ee 61 1c c0 ee 61 1c a0 01 62 1c 00 00 00 00 ..a...a...b..... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
8 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ |
8 |
-> 00 d5 01 00 00 00 00 00 00 00 00 00 9c af 11 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
8 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f2fecf 83f9ff cmp ecx,-01 |
9 |
016f:65f2fecf 83f9ff cmp ecx,-01 |
| 4 |
016f:65f2fed2 0f84e2000000 jz 65f2ffba = OLE32.DLL:.text+0x2efba |
10 |
016f:65f2fed2 0f84e2000000 jz 65f2ffba = OLE32.DLL:.text+0x2efba |
| 5 |
016f:65f2fed8 8d45f8 lea eax,[ebp-08] |
11 |
016f:65f2fed8 8d45f8 lea eax,[ebp-08] |
| 6 |
016f:65f2fedb 50 push eax |
12 |
016f:65f2fedb 50 push eax |
| 7 |
016f:65f2fedc ff750c push dword ptr [ebp+0c] |
13 |
016f:65f2fedc ff750c push dword ptr [ebp+0c] |
| 8 |
016f:65f2fedf ff7508 push dword ptr [ebp+08] |
14 |
016f:65f2fedf ff7508 push dword ptr [ebp+08] |
| 9 |
016f:65f2fee2 ff7238 push dword ptr [edx+38] |
15 |
016f:65f2fee2 ff7238 push dword ptr [edx+38] |
| 10 |
016f:65f2fee5 51 push ecx |
16 |
016f:65f2fee5 51 push ecx |
| 11 |
016f:65f2fee6 8bce mov ecx,esi |
17 |
016f:65f2fee6 8bce mov ecx,esi |
| 12 |
016f:65f2fee8 e83d020000 call 65f3012a = OLE32.DLL:.text+0x2f12a |
18 |
016f:65f2fee8 e83d020000 call 65f3012a = OLE32.DLL:.text+0x2f12a |
| 13 |
016f:65f2fef0 8902 mov dword ptr [edx],eax |
19 |
016f:65f2fef0 8902 mov dword ptr [edx],eax |
| 14 |
016f:65f2fef2 8b7df8 mov edi,dword ptr [ebp-08] |
20 |
016f:65f2fef2 8b7df8 mov edi,dword ptr [ebp-08] |
| 15 |
016f:65f2fef5 83c608 add esi,+08 |
21 |
016f:65f2fef5 83c608 add esi,+08 |
| 16 |
016f:65f2fef8 56 push esi |
22 |
016f:65f2fef8 56 push esi |
| 17 |
016f:65f2fef9 ff15f813f065 call dword ptr [65f013f8] -> KERNEL32.DLL!LeaveCriticalSection |
23 |
016f:65f2fef9 ff15f813f065 call dword ptr [65f013f8] -> KERNEL32.DLL!LeaveCriticalSection |
| 18 |
016f:65f2feff 8bc7 mov eax,edi |
24 |
016f:65f2feff 8bc7 mov eax,edi |
| 19 |
016f:65f2ff01 5f pop edi |
25 |
016f:65f2ff01 5f pop edi |
| 20 |
016f:65f2ff02 5e pop esi |
26 |
016f:65f2ff02 5e pop esi |
| 21 |
016f:65f2ff03 5b pop ebx |
27 |
016f:65f2ff03 5b pop ebx |
| 22 |
016f:65f2ff04 8be5 mov esp,ebp |
28 |
016f:65f2ff04 8be5 mov esp,ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b c7 5f 5e 5b 8b e5 5d c2 18 00 ff 15 0c 14 f0 .._^[..]........ |
8 |
-> 8b c7 5f 5e 5b 8b e5 5d c2 18 00 ff 15 0c 14 f0 .._^[..]........ |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 54 a8 98 81 00 00 00 00 00 00 00 00 ....T........... |
8 |
-> 04 00 00 00 54 a8 98 81 00 00 00 00 00 00 00 00 ....T........... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 60 8e 64 1c 00 91 64 1c 70 94 64 1c 80 37 64 1c `.d...d.p.d..7d. |
8 |
-> 60 8e 64 1c 00 91 64 1c 70 94 64 1c 80 37 64 1c `.d...d.p.d..7d. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c631566 85c0 test eax,eax |
9 |
016f:1c631566 85c0 test eax,eax |
| 4 |
016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 |
10 |
016f:1c631568 7406 jz 1c631570 = VCL641MI.DLL:.text+0x30570 |
| 5 |
016f:1c63156a 8b0e mov ecx,dword ptr [esi] |
11 |
016f:1c63156a 8b0e mov ecx,dword ptr [esi] |
| 6 |
016f:1c63156c 50 push eax |
12 |
016f:1c63156c 50 push eax |
| 7 |
016f:1c63156d 51 push ecx |
13 |
016f:1c63156d 51 push ecx |
| 8 |
016f:1c63156e ffd3 call ebx |
14 |
016f:1c63156e ffd3 call ebx |
| 9 |
016f:1c631570 8a442413 mov al,byte ptr [esp+13] |
15 |
016f:1c631570 8a442413 mov al,byte ptr [esp+13] |
| 10 |
016f:1c631574 84c0 test al,al |
16 |
016f:1c631574 84c0 test al,al |
| 11 |
016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d |
17 |
016f:1c631576 7405 jz 1c63157d = VCL641MI.DLL:.text+0x3057d |
| 12 |
016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
18 |
016f:1c631578 e8f3af0a00 call 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
| 13 |
016f:1c63157e 5e pop esi |
19 |
016f:1c63157e 5e pop esi |
| 14 |
016f:1c63157f 5d pop ebp |
20 |
016f:1c63157f 5d pop ebp |
| 15 |
016f:1c631580 5b pop ebx |
21 |
016f:1c631580 5b pop ebx |
| 16 |
016f:1c631581 83c464 add esp,+64 |
22 |
016f:1c631581 83c464 add esp,+64 |
| 17 |
016f:1c631584 c3 retd |
23 |
016f:1c631584 c3 retd |
| 18 |
016f:1c631585 90 nop |
24 |
016f:1c631585 90 nop |
| 19 |
016f:1c631586 90 nop |
25 |
016f:1c631586 90 nop |
| 20 |
016f:1c631587 90 nop |
26 |
016f:1c631587 90 nop |
| 21 |
016f:1c631588 90 nop |
27 |
016f:1c631588 90 nop |
| 22 |
016f:1c631589 90 nop |
28 |
016f:1c631589 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fbd3a6b be00200000 mov esi,00002000 |
9 |
016f:7fbd3a6b be00200000 mov esi,00002000 |
| 4 |
016f:7fbd3a70 57 push edi |
10 |
016f:7fbd3a70 57 push edi |
| 5 |
016f:7fbd3a71 56 push esi |
11 |
016f:7fbd3a71 56 push esi |
| 6 |
016f:7fbd3a72 ff15ac1abd7f call dword ptr [7fbd1aac] -> SHLWAPI.DLL!461 |
12 |
016f:7fbd3a72 ff15ac1abd7f call dword ptr [7fbd1aac] -> SHLWAPI.DLL!461 |
| 7 |
016f:7fbd3a78 85c6 test esi,eax |
13 |
016f:7fbd3a78 85c6 test esi,eax |
| 8 |
016f:7fbd3a7a 7506 jnz 7fbd3a82 = SHELL32.DLL:.text+0x2a82 |
14 |
016f:7fbd3a7a 7506 jnz 7fbd3a82 = SHELL32.DLL:.text+0x2a82 |
| 9 |
016f:7fbd3a7c 8b4518 mov eax,dword ptr [ebp+18] |
15 |
016f:7fbd3a7c 8b4518 mov eax,dword ptr [ebp+18] |
| 10 |
016f:7fbd3a7f 832000 and dword ptr [eax],+00 |
16 |
016f:7fbd3a7f 832000 and dword ptr [eax],+00 |
| 11 |
016f:7fbd3a82 ff750c push dword ptr [ebp+0c] |
17 |
016f:7fbd3a82 ff750c push dword ptr [ebp+0c] |
| 12 |
016f:7fbd3a85 e8eee4ffff call 7fbd1f78 = SHELL32.DLL:.text+0xf78 |
18 |
016f:7fbd3a85 e8eee4ffff call 7fbd1f78 = SHELL32.DLL:.text+0xf78 |
| 13 |
016f:7fbd3a8c 85ff test edi,edi |
19 |
016f:7fbd3a8c 85ff test edi,edi |
| 14 |
016f:7fbd3a8e 897df4 mov dword ptr [ebp-0c],edi |
20 |
016f:7fbd3a8e 897df4 mov dword ptr [ebp-0c],edi |
| 15 |
016f:7fbd3a91 0f8429550a00 jz 7fc78fc0 = SHELL32.DLL:.text+0xa7fc0 |
21 |
016f:7fbd3a91 0f8429550a00 jz 7fc78fc0 = SHELL32.DLL:.text+0xa7fc0 |
| 16 |
016f:7fbd3a97 57 push edi |
22 |
016f:7fbd3a97 57 push edi |
| 17 |
016f:7fbd3a98 e896f8ffff call 7fbd3333 = SHELL32.DLL:.text+0x2333 |
23 |
016f:7fbd3a98 e896f8ffff call 7fbd3333 = SHELL32.DLL:.text+0x2333 |
| 18 |
016f:7fbd3a9d 85c0 test eax,eax |
24 |
016f:7fbd3a9d 85c0 test eax,eax |
| 19 |
016f:7fbd3a9f 7442 jz 7fbd3ae3 = SHELL32.DLL:.text+0x2ae3 |
25 |
016f:7fbd3a9f 7442 jz 7fbd3ae3 = SHELL32.DLL:.text+0x2ae3 |
| 20 |
016f:7fbd3aa1 8b4508 mov eax,dword ptr [ebp+08] |
26 |
016f:7fbd3aa1 8b4508 mov eax,dword ptr [ebp+08] |
| 21 |
016f:7fbd3aa4 8d70f0 lea esi,[eax-10] |
27 |
016f:7fbd3aa4 8d70f0 lea esi,[eax-10] |
| 22 |
016f:7fbd3aa7 8d45f8 lea eax,[ebp-08] |
28 |
016f:7fbd3aa7 8d45f8 lea eax,[ebp-08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fbd3377 ff7508 push dword ptr [ebp+08] |
9 |
016f:7fbd3377 ff7508 push dword ptr [ebp+08] |
| 4 |
016f:7fbd337a ff153414bd7f call dword ptr [7fbd1434] -> USER32.DLL!CharPrevA |
10 |
016f:7fbd337a ff153414bd7f call dword ptr [7fbd1434] -> USER32.DLL!CharPrevA |
| 5 |
016f:7fbd3380 80385c cmp byte ptr [eax],5c |
11 |
016f:7fbd3380 80385c cmp byte ptr [eax],5c |
| 6 |
016f:7fbd3383 7404 jz 7fbd3389 = SHELL32.DLL:.text+0x2389 |
12 |
016f:7fbd3383 7404 jz 7fbd3389 = SHELL32.DLL:.text+0x2389 |
| 7 |
016f:7fbd3385 c6065c mov byte ptr [esi],5c |
13 |
016f:7fbd3385 c6065c mov byte ptr [esi],5c |
| 8 |
016f:7fbd3388 46 inc esi |
14 |
016f:7fbd3388 46 inc esi |
| 9 |
016f:7fbd3389 8d85f8feffff lea eax,[ebp-00000108] |
15 |
016f:7fbd3389 8d85f8feffff lea eax,[ebp-00000108] |
| 10 |
016f:7fbd338f 50 push eax |
16 |
016f:7fbd338f 50 push eax |
| 11 |
016f:7fbd3390 56 push esi |
17 |
016f:7fbd3390 56 push esi |
| 12 |
016f:7fbd3391 ff152417bd7f call dword ptr [7fbd1724] -> KERNEL32.DLL!lstrcpy |
18 |
016f:7fbd3391 ff152417bd7f call dword ptr [7fbd1724] -> KERNEL32.DLL!lstrcpy |
| 13 |
016f:7fbd339a 03750c add esi,dword ptr [ebp+0c] |
19 |
016f:7fbd339a 03750c add esi,dword ptr [ebp+0c] |
| 14 |
016f:7fbd339d 03f8 add edi,eax |
20 |
016f:7fbd339d 03f8 add edi,eax |
| 15 |
016f:7fbd339f 85ff test edi,edi |
21 |
016f:7fbd339f 85ff test edi,edi |
| 16 |
016f:7fbd33a1 7440 jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 |
22 |
016f:7fbd33a1 7440 jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 |
| 17 |
016f:7fbd33a3 66833f00 cmp word ptr [edi],+00 |
23 |
016f:7fbd33a3 66833f00 cmp word ptr [edi],+00 |
| 18 |
016f:7fbd33a7 743a jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 |
24 |
016f:7fbd33a7 743a jz 7fbd33e3 = SHELL32.DLL:.text+0x23e3 |
| 19 |
016f:7fbd33a9 8d85f8feffff lea eax,[ebp-00000108] |
25 |
016f:7fbd33a9 8d85f8feffff lea eax,[ebp-00000108] |
| 20 |
016f:7fbd33af 53 push ebx |
26 |
016f:7fbd33af 53 push ebx |
| 21 |
016f:7fbd33b0 50 push eax |
27 |
016f:7fbd33b0 50 push eax |
| 22 |
016f:7fbd33b1 57 push edi |
28 |
016f:7fbd33b1 57 push edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fbd7b58 0f849f000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
9 |
016f:7fbd7b58 0f849f000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
| 4 |
016f:7fbd7b5e 85c0 test eax,eax |
10 |
016f:7fbd7b5e 85c0 test eax,eax |
| 5 |
016f:7fbd7b60 0f8497000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
11 |
016f:7fbd7b60 0f8497000000 jz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
| 6 |
016f:7fbd7b66 57 push edi |
12 |
016f:7fbd7b66 57 push edi |
| 7 |
016f:7fbd7b67 8bcb mov ecx,ebx |
13 |
016f:7fbd7b67 8bcb mov ecx,ebx |
| 8 |
016f:7fbd7b69 e8e0000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e |
14 |
016f:7fbd7b69 e8e0000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e |
| 9 |
016f:7fbd7b6e ff75f4 push dword ptr [ebp-0c] |
15 |
016f:7fbd7b6e ff75f4 push dword ptr [ebp-0c] |
| 10 |
016f:7fbd7b71 8bcb mov ecx,ebx |
16 |
016f:7fbd7b71 8bcb mov ecx,ebx |
| 11 |
016f:7fbd7b73 8845fb mov byte ptr [ebp-05],al |
17 |
016f:7fbd7b73 8845fb mov byte ptr [ebp-05],al |
| 12 |
016f:7fbd7b76 e8d3000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e |
18 |
016f:7fbd7b76 e8d3000000 call 7fbd7c4e = SHELL32.DLL:.text+0x6c4e |
| 13 |
016f:7fbd7b7f 0fb6c0 movzx eax,al |
19 |
016f:7fbd7b7f 0fb6c0 movzx eax,al |
| 14 |
016f:7fbd7b82 2bf0 sub esi,eax |
20 |
016f:7fbd7b82 2bf0 sub esi,eax |
| 15 |
016f:7fbd7b84 7577 jnz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
21 |
016f:7fbd7b84 7577 jnz 7fbd7bfd = SHELL32.DLL:.text+0x6bfd |
| 16 |
016f:7fbd7b86 57 push edi |
22 |
016f:7fbd7b86 57 push edi |
| 17 |
016f:7fbd7b87 8bcb mov ecx,ebx |
23 |
016f:7fbd7b87 8bcb mov ecx,ebx |
| 18 |
016f:7fbd7b89 e817b4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 |
24 |
016f:7fbd7b89 e817b4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 |
| 19 |
016f:7fbd7b8e ff75f4 push dword ptr [ebp-0c] |
25 |
016f:7fbd7b8e ff75f4 push dword ptr [ebp-0c] |
| 20 |
016f:7fbd7b91 8bcb mov ecx,ebx |
26 |
016f:7fbd7b91 8bcb mov ecx,ebx |
| 21 |
016f:7fbd7b93 8bf0 mov esi,eax |
27 |
016f:7fbd7b93 8bf0 mov esi,eax |
| 22 |
016f:7fbd7b95 e80bb4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 |
28 |
016f:7fbd7b95 e80bb4ffff call 7fbd2fa5 = SHELL32.DLL:.text+0x1fa5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
8 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fbd2387 ebe7 jmp 7fbd2370 = SHELL32.DLL:.text+0x1370 |
9 |
016f:7fbd2387 ebe7 jmp 7fbd2370 = SHELL32.DLL:.text+0x1370 |
| 4 |
016f:7fbd2389 836c240410 sub dword ptr [esp+04],+10 |
10 |
016f:7fbd2389 836c240410 sub dword ptr [esp+04],+10 |
| 5 |
016f:7fbd238e ff742404 push dword ptr [esp+04] |
11 |
016f:7fbd238e ff742404 push dword ptr [esp+04] |
| 6 |
016f:7fbd2392 e803000000 call 7fbd239a = SHELL32.DLL:.text+0x139a |
12 |
016f:7fbd2392 e803000000 call 7fbd239a = SHELL32.DLL:.text+0x139a |
| 7 |
016f:7fbd2397 c20400 retd 0004 |
13 |
016f:7fbd2397 c20400 retd 0004 |
| 8 |
016f:7fbd239a 8b442404 mov eax,dword ptr [esp+04] |
14 |
016f:7fbd239a 8b442404 mov eax,dword ptr [esp+04] |
| 9 |
016f:7fbd239e 8b400c mov eax,dword ptr [eax+0c] |
15 |
016f:7fbd239e 8b400c mov eax,dword ptr [eax+0c] |
| 10 |
016f:7fbd23a1 50 push eax |
16 |
016f:7fbd23a1 50 push eax |
| 11 |
016f:7fbd23a2 8b08 mov ecx,dword ptr [eax] |
17 |
016f:7fbd23a2 8b08 mov ecx,dword ptr [eax] |
| 12 |
016f:7fbd23a4 ff5104 call dword ptr [ecx+04] |
18 |
016f:7fbd23a4 ff5104 call dword ptr [ecx+04] |
| 13 |
016f:7fbd23aa 90 nop |
19 |
016f:7fbd23aa 90 nop |
| 14 |
016f:7fbd23ab 90 nop |
20 |
016f:7fbd23ab 90 nop |
| 15 |
016f:7fbd23ac 90 nop |
21 |
016f:7fbd23ac 90 nop |
| 16 |
016f:7fbd23ad 90 nop |
22 |
016f:7fbd23ad 90 nop |
| 17 |
016f:7fbd23ae 90 nop |
23 |
016f:7fbd23ae 90 nop |
| 18 |
016f:7fbd23af 90 nop |
24 |
016f:7fbd23af 90 nop |
| 19 |
016f:7fbd23b0 8c ?db 8c |
25 |
016f:7fbd23b0 8c ?db 8c |
| 20 |
016f:7fbd23b1 f6f2 div dl |
26 |
016f:7fbd23b1 f6f2 div dl |
| 21 |
016f:7fbd23b3 93 xchg eax,ebx |
27 |
016f:7fbd23b3 93 xchg eax,ebx |
| 22 |
016f:7fbd23b4 1b1dd311a30e sbb ebx,dword ptr [0ea311d3] |
28 |
016f:7fbd23b4 1b1dd311a30e sbb ebx,dword ptr [0ea311d3] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 33 eb 99 66 ff 46 04 eb 93 b8 10 23 bd 7f eb 93 3..f.F.....#.... |
8 |
-> 33 eb 99 66 ff 46 04 eb 93 b8 10 23 bd 7f eb 93 3..f.F.....#.... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f014bc 1b11 sbb edx,dword ptr [ecx] |
9 |
016f:65f014bc 1b11 sbb edx,dword ptr [ecx] |
| 4 |
016f:65f014be f9 stc |
10 |
016f:65f014be f9 stc |
| 5 |
016f:65f014bf bf00000000 mov edi,00000000 |
11 |
016f:65f014bf bf00000000 mov edi,00000000 |
| 6 |
016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:65f014c8 85c0 test eax,eax |
13 |
016f:65f014c8 85c0 test eax,eax |
| 8 |
016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db |
14 |
016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db |
| 9 |
016f:65f014cc 50 push eax |
15 |
016f:65f014cc 50 push eax |
| 10 |
016f:65f014cd 6a00 push +00 |
16 |
016f:65f014cd 6a00 push +00 |
| 11 |
016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] |
17 |
016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] |
| 12 |
016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree |
18 |
016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree |
| 13 |
016f:65f014de ff742408 push dword ptr [esp+08] |
19 |
016f:65f014de ff742408 push dword ptr [esp+08] |
| 14 |
016f:65f014e2 6a00 push +00 |
20 |
016f:65f014e2 6a00 push +00 |
| 15 |
016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] |
21 |
016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] |
| 16 |
016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc |
22 |
016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc |
| 17 |
016f:65f014f0 c20800 retd 0008 |
23 |
016f:65f014f0 c20800 retd 0008 |
| 18 |
016f:65f014f3 56 push esi |
24 |
016f:65f014f3 56 push esi |
| 19 |
016f:65f014f4 8bf1 mov esi,ecx |
25 |
016f:65f014f4 8bf1 mov esi,ecx |
| 20 |
016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 |
26 |
016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 |
| 21 |
016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 |
27 |
016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 |
| 22 |
016f:65f014fc 83c608 add esi,+08 |
28 |
016f:65f014fc 83c608 add esi,+08 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f01531 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc |
9 |
016f:65f01531 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc |
| 4 |
016f:65f01537 ff3510f0fa65 push dword ptr [65faf010] |
10 |
016f:65f01537 ff3510f0fa65 push dword ptr [65faf010] |
| 5 |
016f:65f0153d 8b01 mov eax,dword ptr [ecx] |
11 |
016f:65f0153d 8b01 mov eax,dword ptr [ecx] |
| 6 |
016f:65f0153f ff500c call dword ptr [eax+0c] |
12 |
016f:65f0153f ff500c call dword ptr [eax+0c] |
| 7 |
016f:65f01542 c20400 retd 0004 |
13 |
016f:65f01542 c20400 retd 0004 |
| 8 |
016f:65f01545 ff742404 push dword ptr [esp+04] |
14 |
016f:65f01545 ff742404 push dword ptr [esp+04] |
| 9 |
016f:65f01549 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc |
15 |
016f:65f01549 8b0d10f0fa65 mov ecx,dword ptr [65faf010] -> OLE32.DLL:.data+0xc |
| 10 |
016f:65f0154f ff3510f0fa65 push dword ptr [65faf010] |
16 |
016f:65f0154f ff3510f0fa65 push dword ptr [65faf010] |
| 11 |
016f:65f01555 8b01 mov eax,dword ptr [ecx] |
17 |
016f:65f01555 8b01 mov eax,dword ptr [ecx] |
| 12 |
016f:65f01557 ff5014 call dword ptr [eax+14] |
18 |
016f:65f01557 ff5014 call dword ptr [eax+14] |
| 13 |
016f:65f0155d ff742404 push dword ptr [esp+04] |
19 |
016f:65f0155d ff742404 push dword ptr [esp+04] |
| 14 |
016f:65f01561 e8c7ffffff call 65f0152d = OLE32.DLL!CoTaskMemAlloc |
20 |
016f:65f01561 e8c7ffffff call 65f0152d = OLE32.DLL!CoTaskMemAlloc |
| 15 |
016f:65f01566 c3 retd |
21 |
016f:65f01566 c3 retd |
| 16 |
016f:65f01567 ff742404 push dword ptr [esp+04] |
22 |
016f:65f01567 ff742404 push dword ptr [esp+04] |
| 17 |
016f:65f0156b e8d5ffffff call 65f01545 = OLE32.DLL!CoTaskMemFree |
23 |
016f:65f0156b e8d5ffffff call 65f01545 = OLE32.DLL!CoTaskMemFree |
| 18 |
016f:65f01570 c3 retd |
24 |
016f:65f01570 c3 retd |
| 19 |
016f:65f01571 56 push esi |
25 |
016f:65f01571 56 push esi |
| 20 |
016f:65f01572 8bf1 mov esi,ecx |
26 |
016f:65f01572 8bf1 mov esi,ecx |
| 21 |
016f:65f01574 ff155414f065 call dword ptr [65f01454] -> KERNEL32.DLL!GetCurrentThreadId |
27 |
016f:65f01574 ff155414f065 call dword ptr [65f01454] -> KERNEL32.DLL!GetCurrentThreadId |
| 22 |
016f:65f0157a 2b06 sub eax,dword ptr [esi] |
28 |
016f:65f0157a 2b06 sub eax,dword ptr [esi] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f014bc 1b11 sbb edx,dword ptr [ecx] |
9 |
016f:65f014bc 1b11 sbb edx,dword ptr [ecx] |
| 4 |
016f:65f014be f9 stc |
10 |
016f:65f014be f9 stc |
| 5 |
016f:65f014bf bf00000000 mov edi,00000000 |
11 |
016f:65f014bf bf00000000 mov edi,00000000 |
| 6 |
016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:65f014c4 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:65f014c8 85c0 test eax,eax |
13 |
016f:65f014c8 85c0 test eax,eax |
| 8 |
016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db |
14 |
016f:65f014ca 740f jz 65f014db = OLE32.DLL:.text+0x4db |
| 9 |
016f:65f014cc 50 push eax |
15 |
016f:65f014cc 50 push eax |
| 10 |
016f:65f014cd 6a00 push +00 |
16 |
016f:65f014cd 6a00 push +00 |
| 11 |
016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] |
17 |
016f:65f014cf ff3500f0fa65 push dword ptr [65faf000] |
| 12 |
016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree |
18 |
016f:65f014d5 ff15a812f065 call dword ptr [65f012a8] -> KERNEL32.DLL!HeapFree |
| 13 |
016f:65f014de ff742408 push dword ptr [esp+08] |
19 |
016f:65f014de ff742408 push dword ptr [esp+08] |
| 14 |
016f:65f014e2 6a00 push +00 |
20 |
016f:65f014e2 6a00 push +00 |
| 15 |
016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] |
21 |
016f:65f014e4 ff3500f0fa65 push dword ptr [65faf000] |
| 16 |
016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc |
22 |
016f:65f014ea ff155c14f065 call dword ptr [65f0145c] -> KERNEL32.DLL!HeapAlloc |
| 17 |
016f:65f014f0 c20800 retd 0008 |
23 |
016f:65f014f0 c20800 retd 0008 |
| 18 |
016f:65f014f3 56 push esi |
24 |
016f:65f014f3 56 push esi |
| 19 |
016f:65f014f4 8bf1 mov esi,ecx |
25 |
016f:65f014f4 8bf1 mov esi,ecx |
| 20 |
016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 |
26 |
016f:65f014f6 80790400 cmp byte ptr [ecx+04],00 |
| 21 |
016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 |
27 |
016f:65f014fa 740c jz 65f01508 = OLE32.DLL:.text+0x508 |
| 22 |
016f:65f014fc 83c608 add esi,+08 |
28 |
016f:65f014fc 83c608 add esi,+08 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> d8 8b 0e 8d 44 24 14 50 51 8b cf e8 f8 00 00 00 ....D$.PQ....... |
8 |
-> d8 8b 0e 8d 44 24 14 50 51 8b cf e8 f8 00 00 00 ....D$.PQ....... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b98e 8bec mov ebp,esp |
9 |
016f:bff6b98e 8bec mov ebp,esp |
| 4 |
016f:bff6b990 50 push eax |
10 |
016f:bff6b990 50 push eax |
| 5 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
11 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 6 |
016f:bff6b996 50 push eax |
12 |
016f:bff6b996 50 push eax |
| 7 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
13 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
| 8 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
14 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
| 9 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
15 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
| 10 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
16 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 11 |
016f:bff6b9a9 50 push eax |
17 |
016f:bff6b9a9 50 push eax |
| 12 |
016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6b9aa e81688ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff6b9b0 5d pop ebp |
19 |
016f:bff6b9b0 5d pop ebp |
| 14 |
016f:bff6b9b1 c20400 retd 0004 |
20 |
016f:bff6b9b1 c20400 retd 0004 |
| 15 |
016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] |
21 |
016f:bff6b9b4 64a100000000 mov eax,dword ptr fs:[00000000] |
| 16 |
016f:bff6b9ba 55 push ebp |
22 |
016f:bff6b9ba 55 push ebp |
| 17 |
016f:bff6b9bb 8bec mov ebp,esp |
23 |
016f:bff6b9bb 8bec mov ebp,esp |
| 18 |
016f:bff6b9bd 6aff push -01 |
24 |
016f:bff6b9bd 6aff push -01 |
| 19 |
016f:bff6b9bf 683092f6bf push bff69230 |
25 |
016f:bff6b9bf 683092f6bf push bff69230 |
| 20 |
016f:bff6b9c4 68201bfbbf push bffb1b20 |
26 |
016f:bff6b9c4 68201bfbbf push bffb1b20 |
| 21 |
016f:bff6b9c9 50 push eax |
27 |
016f:bff6b9c9 50 push eax |
| 22 |
016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6b9ca 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7fbd45ad 7435 jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
9 |
016f:7fbd45ad 7435 jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
| 4 |
016f:7fbd45af 85f6 test esi,esi |
10 |
016f:7fbd45af 85f6 test esi,esi |
| 5 |
016f:7fbd45b1 741f jz 7fbd45d2 = SHELL32.DLL:.text+0x35d2 |
11 |
016f:7fbd45b1 741f jz 7fbd45d2 = SHELL32.DLL:.text+0x35d2 |
| 6 |
016f:7fbd45b3 6804010000 push 00000104 |
12 |
016f:7fbd45b3 6804010000 push 00000104 |
| 7 |
016f:7fbd45b8 56 push esi |
13 |
016f:7fbd45b8 56 push esi |
| 8 |
016f:7fbd45b9 53 push ebx |
14 |
016f:7fbd45b9 53 push ebx |
| 9 |
016f:7fbd45ba ff15f416bd7f call dword ptr [7fbd16f4] -> KERNEL32.DLL!lstrcpyn |
15 |
016f:7fbd45ba ff15f416bd7f call dword ptr [7fbd16f4] -> KERNEL32.DLL!lstrcpyn |
| 10 |
016f:7fbd45c0 56 push esi |
16 |
016f:7fbd45c0 56 push esi |
| 11 |
016f:7fbd45c1 57 push edi |
17 |
016f:7fbd45c1 57 push edi |
| 12 |
016f:7fbd45c2 e8d1d9ffff call 7fbd1f98 = SHELL32.DLL:.text+0xf98 |
18 |
016f:7fbd45c2 e8d1d9ffff call 7fbd1f98 = SHELL32.DLL:.text+0xf98 |
| 13 |
016f:7fbd45c9 8bc6 mov eax,esi |
19 |
016f:7fbd45c9 8bc6 mov eax,esi |
| 14 |
016f:7fbd45cb 5f pop edi |
20 |
016f:7fbd45cb 5f pop edi |
| 15 |
016f:7fbd45cc 5e pop esi |
21 |
016f:7fbd45cc 5e pop esi |
| 16 |
016f:7fbd45cd 5b pop ebx |
22 |
016f:7fbd45cd 5b pop ebx |
| 17 |
016f:7fbd45ce 5d pop ebp |
23 |
016f:7fbd45ce 5d pop ebp |
| 18 |
016f:7fbd45cf c21400 retd 0014 |
24 |
016f:7fbd45cf c21400 retd 0014 |
| 19 |
016f:7fbd45d2 83feff cmp esi,-01 |
25 |
016f:7fbd45d2 83feff cmp esi,-01 |
| 20 |
016f:7fbd45d5 740d jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
26 |
016f:7fbd45d5 740d jz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
| 21 |
016f:7fbd45d7 f64515c0 test byte ptr [ebp+15],c0 |
27 |
016f:7fbd45d7 f64515c0 test byte ptr [ebp+15],c0 |
| 22 |
016f:7fbd45db 7507 jnz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
28 |
016f:7fbd45db 7507 jnz 7fbd45e4 = SHELL32.DLL:.text+0x35e4 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 05 00 00 00 8c 23 00 00 c4 43 bd 7f 01 00 00 80 .....#...C...... |
8 |
-> 05 00 00 00 8c 23 00 00 c4 43 bd 7f 01 00 00 80 .....#...C...... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
8 |
-> 00 00 00 00 f8 e3 85 1c f8 e3 85 1c 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
| 2 |
... |
9 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8d 85 d4 fe ff ff 50 68 02 00 00 80 ff 15 10 10 ......Ph........ |
8 |
-> 8d 85 d4 fe ff ff 50 68 02 00 00 80 ff 15 10 10 ......Ph........ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
8 |
-> 8b 44 24 08 8b 4c 24 04 50 e8 02 00 00 00 c3 90 .D$..L$.P....... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 |
9 |
016f:bff6a501 eb36 jmp bff6a539 = KERNEL32.DLL:.text+0x1539 |
| 4 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
10 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 5 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
11 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 6 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
12 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 7 |
016f:bff6a50d 50 push eax |
13 |
016f:bff6a50d 50 push eax |
| 8 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
14 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 9 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
15 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 10 |
016f:bff6a514 50 push eax |
16 |
016f:bff6a514 50 push eax |
| 11 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
17 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 12 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
18 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 13 |
016f:bff6a51f 747d jz bff6a59e = KERNEL32.DLL:.text+0x159e |
19 |
016f:bff6a51f 747d jz bff6a59e = KERNEL32.DLL:.text+0x159e |
| 14 |
016f:bff6a521 8b4608 mov eax,dword ptr [esi+08] |
20 |
016f:bff6a521 8b4608 mov eax,dword ptr [esi+08] |
| 15 |
016f:bff6a524 8b4e04 mov ecx,dword ptr [esi+04] |
21 |
016f:bff6a524 8b4e04 mov ecx,dword ptr [esi+04] |
| 16 |
016f:bff6a527 8bdf mov ebx,edi |
22 |
016f:bff6a527 8bdf mov ebx,edi |
| 17 |
016f:bff6a529 894108 mov dword ptr [ecx+08],eax |
23 |
016f:bff6a529 894108 mov dword ptr [ecx+08],eax |
| 18 |
016f:bff6a52c 8b5604 mov edx,dword ptr [esi+04] |
24 |
016f:bff6a52c 8b5604 mov edx,dword ptr [esi+04] |
| 19 |
016f:bff6a52f 8b4608 mov eax,dword ptr [esi+08] |
25 |
016f:bff6a52f 8b4608 mov eax,dword ptr [esi+08] |
| 20 |
016f:bff6a532 895004 mov dword ptr [eax+04],edx |
26 |
016f:bff6a532 895004 mov dword ptr [eax+04],edx |
| 21 |
016f:bff6a535 80243efd and byte ptr [esi+edi],fd |
27 |
016f:bff6a535 80243efd and byte ptr [esi+edi],fd |
| 22 |
016f:bff6a539 837df000 cmp dword ptr [ebp-10],+00 |
28 |
016f:bff6a539 837df000 cmp dword ptr [ebp-10],+00 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
9 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
| 4 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
10 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
| 5 |
016f:bff6b46f 6800020000 push 00000200 |
11 |
016f:bff6b46f 6800020000 push 00000200 |
| 6 |
016f:bff6b474 51 push ecx |
12 |
016f:bff6b474 51 push ecx |
| 7 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
13 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
| 8 |
016f:bff6b478 56 push esi |
14 |
016f:bff6b478 56 push esi |
| 9 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
15 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 10 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b481 56 push esi |
17 |
016f:bff6b481 56 push esi |
| 12 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6b48c 5f pop edi |
19 |
016f:bff6b48c 5f pop edi |
| 14 |
016f:bff6b48d 5e pop esi |
20 |
016f:bff6b48d 5e pop esi |
| 15 |
016f:bff6b48e 5b pop ebx |
21 |
016f:bff6b48e 5b pop ebx |
| 16 |
016f:bff6b48f 8be5 mov esp,ebp |
22 |
016f:bff6b48f 8be5 mov esp,ebp |
| 17 |
016f:bff6b491 5d pop ebp |
23 |
016f:bff6b491 5d pop ebp |
| 18 |
016f:bff6b492 c20c00 retd 000c |
24 |
016f:bff6b492 c20c00 retd 000c |
| 19 |
016f:bff6b495 55 push ebp |
25 |
016f:bff6b495 55 push ebp |
| 20 |
016f:bff6b496 8bec mov ebp,esp |
26 |
016f:bff6b496 8bec mov ebp,esp |
| 21 |
016f:bff6b498 83ec04 sub esp,+04 |
27 |
016f:bff6b498 83ec04 sub esp,+04 |
| 22 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
28 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a4e6 2bfb sub edi,ebx |
9 |
016f:bff6a4e6 2bfb sub edi,ebx |
| 4 |
016f:bff6a4e8 57 push edi |
10 |
016f:bff6a4e8 57 push edi |
| 5 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
11 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
| 6 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
13 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
| 8 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
14 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
| 9 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
15 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
| 10 |
016f:bff6a4f8 50 push eax |
16 |
016f:bff6a4f8 50 push eax |
| 11 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
18 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 13 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
19 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 14 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
20 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 15 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
21 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 16 |
016f:bff6a50d 50 push eax |
22 |
016f:bff6a50d 50 push eax |
| 17 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
23 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 18 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
24 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 19 |
016f:bff6a514 50 push eax |
25 |
016f:bff6a514 50 push eax |
| 20 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
26 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 21 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
27 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 22 |
016f:bff6a51d 85c0 test eax,eax |
28 |
016f:bff6a51d 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a6ab 56 push esi |
9 |
016f:bff6a6ab 56 push esi |
| 4 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
10 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
| 5 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
11 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
| 6 |
016f:bff6a6b4 85c0 test eax,eax |
12 |
016f:bff6a6b4 85c0 test eax,eax |
| 7 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
13 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 8 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
14 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
| 9 |
016f:bff6a6bb 56 push esi |
15 |
016f:bff6a6bb 56 push esi |
| 10 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
16 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
| 11 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
17 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
| 12 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
19 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
| 14 |
016f:bff6a6cd 6a08 push +08 |
20 |
016f:bff6a6cd 6a08 push +08 |
| 15 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
21 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 16 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
22 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 17 |
016f:bff6a6d6 6a08 push +08 |
23 |
016f:bff6a6d6 6a08 push +08 |
| 18 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
24 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 19 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
25 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 20 |
016f:bff6a6df 6a10 push +10 |
26 |
016f:bff6a6df 6a10 push +10 |
| 21 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
27 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
| 22 |
016f:bff6a6e4 680a000100 push 0001000a |
28 |
016f:bff6a6e4 680a000100 push 0001000a |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff74d49 8d7001 lea esi,[eax+01] |
9 |
016f:bff74d49 8d7001 lea esi,[eax+01] |
| 4 |
016f:bff74d4c 56 push esi |
10 |
016f:bff74d4c 56 push esi |
| 5 |
016f:bff74d4d e829b9ffff call bff7067b = KERNEL32.DLL:.text+0x767b |
11 |
016f:bff74d4d e829b9ffff call bff7067b = KERNEL32.DLL:.text+0x767b |
| 6 |
016f:bff74d52 8bf8 mov edi,eax |
12 |
016f:bff74d52 8bf8 mov edi,eax |
| 7 |
016f:bff74d54 85ff test edi,edi |
13 |
016f:bff74d54 85ff test edi,edi |
| 8 |
016f:bff74d56 740b jz bff74d63 = KERNEL32.DLL:.text+0xbd63 |
14 |
016f:bff74d56 740b jz bff74d63 = KERNEL32.DLL:.text+0xbd63 |
| 9 |
016f:bff74d58 56 push esi |
15 |
016f:bff74d58 56 push esi |
| 10 |
016f:bff74d59 ff742410 push dword ptr [esp+10] |
16 |
016f:bff74d59 ff742410 push dword ptr [esp+10] |
| 11 |
016f:bff74d5d 57 push edi |
17 |
016f:bff74d5d 57 push edi |
| 12 |
016f:bff74d5e e86ac3feff call bff610cd = KERNEL32.DLL:_FREQASM+0xcd |
18 |
016f:bff74d5e e86ac3feff call bff610cd = KERNEL32.DLL:_FREQASM+0xcd |
| 13 |
016f:bff74d65 5f pop edi |
19 |
016f:bff74d65 5f pop edi |
| 14 |
016f:bff74d66 5e pop esi |
20 |
016f:bff74d66 5e pop esi |
| 15 |
016f:bff74d67 c3 retd |
21 |
016f:bff74d67 c3 retd |
| 16 |
016f:bff74d68 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
22 |
016f:bff74d68 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 17 |
016f:bff74d6d ff30 push dword ptr [eax] |
23 |
016f:bff74d6d ff30 push dword ptr [eax] |
| 18 |
016f:bff74d6f e893c2ffff call bff71007 = KERNEL32.DLL:.text+0x8007 |
24 |
016f:bff74d6f e893c2ffff call bff71007 = KERNEL32.DLL:.text+0x8007 |
| 19 |
016f:bff74d74 c3 retd |
25 |
016f:bff74d74 c3 retd |
| 20 |
016f:bff74d75 55 push ebp |
26 |
016f:bff74d75 55 push ebp |
| 21 |
016f:bff74d76 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
27 |
016f:bff74d76 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 22 |
016f:bff74d7b 8bec mov ebp,esp |
28 |
016f:bff74d7b 8bec mov ebp,esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff779bf 50 push eax |
9 |
016f:bff779bf 50 push eax |
| 4 |
016f:bff779c0 e8ab97feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 |
10 |
016f:bff779c0 e8ab97feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 |
| 5 |
016f:bff779c5 66894734 mov word ptr [edi+34],ax |
11 |
016f:bff779c5 66894734 mov word ptr [edi+34],ax |
| 6 |
016f:bff779c9 8d45f8 lea eax,[ebp-08] |
12 |
016f:bff779c9 8d45f8 lea eax,[ebp-08] |
| 7 |
016f:bff779cc 50 push eax |
13 |
016f:bff779cc 50 push eax |
| 8 |
016f:bff779cd ff7730 push dword ptr [edi+30] |
14 |
016f:bff779cd ff7730 push dword ptr [edi+30] |
| 9 |
016f:bff779d0 e8df62ffff call bff6dcb4 = KERNEL32.DLL:.text+0x4cb4 |
15 |
016f:bff779d0 e8df62ffff call bff6dcb4 = KERNEL32.DLL:.text+0x4cb4 |
| 10 |
016f:bff779d5 50 push eax |
16 |
016f:bff779d5 50 push eax |
| 11 |
016f:bff779d6 894736 mov dword ptr [edi+36],eax |
17 |
016f:bff779d6 894736 mov dword ptr [edi+36],eax |
| 12 |
016f:bff779d9 e89297feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 |
18 |
016f:bff779d9 e89297feff call bff61170 = KERNEL32.DLL:_FREQASM+0x170 |
| 13 |
016f:bff779e2 8b4d0c mov ecx,dword ptr [ebp+0c] |
19 |
016f:bff779e2 8b4d0c mov ecx,dword ptr [ebp+0c] |
| 14 |
016f:bff779e5 895f08 mov dword ptr [edi+08],ebx |
20 |
016f:bff779e5 895f08 mov dword ptr [edi+08],ebx |
| 15 |
016f:bff779e8 85f6 test esi,esi |
21 |
016f:bff779e8 85f6 test esi,esi |
| 16 |
016f:bff779ea 895f18 mov dword ptr [edi+18],ebx |
22 |
016f:bff779ea 895f18 mov dword ptr [edi+18],ebx |
| 17 |
016f:bff779ed 0fb75106 movzx edx,word ptr [ecx+06] |
23 |
016f:bff779ed 0fb75106 movzx edx,word ptr [ecx+06] |
| 18 |
016f:bff779f1 89571c mov dword ptr [edi+1c],edx |
24 |
016f:bff779f1 89571c mov dword ptr [edi+1c],edx |
| 19 |
016f:bff779f4 8b4134 mov eax,dword ptr [ecx+34] |
25 |
016f:bff779f4 8b4134 mov eax,dword ptr [ecx+34] |
| 20 |
016f:bff779f7 894724 mov dword ptr [edi+24],eax |
26 |
016f:bff779f7 894724 mov dword ptr [edi+24],eax |
| 21 |
016f:bff779fa 7513 jnz bff77a0f = KERNEL32.DLL:.text+0xea0f |
27 |
016f:bff779fa 7513 jnz bff77a0f = KERNEL32.DLL:.text+0xea0f |
| 22 |
016f:bff779fc 56 push esi |
28 |
016f:bff779fc 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 04 0d 19 00 ee 0c 19 00 dc 0c 19 00 d0 0c 19 00 ................ |
8 |
-> 04 0d 19 00 ee 0c 19 00 dc 0c 19 00 d0 0c 19 00 ................ |
|
Line 1
Link Here
|
| 1 |
-> 43 00 4f 00 4d 00 32 00 00 00 00 00 43 00 4f 00 C.O.M.2.....C.O. |
8 |
-> 43 00 4f 00 4d 00 32 00 00 00 00 00 43 00 4f 00 C.O.M.2.....C.O. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
8 |
-> 70 67 67 1c 10 b5 67 1c 60 c7 67 1c 80 c7 67 1c pgg...g.`.g...g. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780027f7 57 push edi |
9 |
016f:780027f7 57 push edi |
| 4 |
016f:780027f8 ff154c300378 call dword ptr [7803304c] -> KERNEL32.DLL!GetLastError |
10 |
016f:780027f8 ff154c300378 call dword ptr [7803304c] -> KERNEL32.DLL!GetLastError |
| 5 |
016f:780027fe ff3530b00378 push dword ptr [7803b030] |
11 |
016f:780027fe ff3530b00378 push dword ptr [7803b030] |
| 6 |
016f:78002804 8bf8 mov edi,eax |
12 |
016f:78002804 8bf8 mov edi,eax |
| 7 |
016f:78002806 ff1574300378 call dword ptr [78033074] -> KERNEL32.DLL!TlsGetValue |
13 |
016f:78002806 ff1574300378 call dword ptr [78033074] -> KERNEL32.DLL!TlsGetValue |
| 8 |
016f:7800280c 8bf0 mov esi,eax |
14 |
016f:7800280c 8bf0 mov esi,eax |
| 9 |
016f:7800280e 85f6 test esi,esi |
15 |
016f:7800280e 85f6 test esi,esi |
| 10 |
016f:78002810 0f843b7c0000 jz 7800a451 = MSVCRT.DLL:.text+0x9451 |
16 |
016f:78002810 0f843b7c0000 jz 7800a451 = MSVCRT.DLL:.text+0x9451 |
| 11 |
016f:78002816 57 push edi |
17 |
016f:78002816 57 push edi |
| 12 |
016f:78002817 ff1570300378 call dword ptr [78033070] -> KERNEL32.DLL!SetLastError |
18 |
016f:78002817 ff1570300378 call dword ptr [78033070] -> KERNEL32.DLL!SetLastError |
| 13 |
016f:7800281f 5f pop edi |
19 |
016f:7800281f 5f pop edi |
| 14 |
016f:78002820 5e pop esi |
20 |
016f:78002820 5e pop esi |
| 15 |
016f:78002821 c3 retd |
21 |
016f:78002821 c3 retd |
| 16 |
016f:78002822 55 push ebp |
22 |
016f:78002822 55 push ebp |
| 17 |
016f:78002823 8bec mov ebp,esp |
23 |
016f:78002823 8bec mov ebp,esp |
| 18 |
016f:78002825 6aff push -01 |
24 |
016f:78002825 6aff push -01 |
| 19 |
016f:78002827 6878340378 push 78033478 |
25 |
016f:78002827 6878340378 push 78033478 |
| 20 |
016f:7800282c 6811db0078 push 7800db11 |
26 |
016f:7800282c 6811db0078 push 7800db11 |
| 21 |
016f:78002831 64a100000000 mov eax,dword ptr fs:[00000000] |
27 |
016f:78002831 64a100000000 mov eax,dword ptr fs:[00000000] |
| 22 |
016f:78002837 50 push eax |
28 |
016f:78002837 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff667fe 8bec mov ebp,esp |
9 |
016f:bff667fe 8bec mov ebp,esp |
| 4 |
016f:bff66800 ff750c push dword ptr [ebp+0c] |
10 |
016f:bff66800 ff750c push dword ptr [ebp+0c] |
| 5 |
016f:bff66803 52 push edx |
11 |
016f:bff66803 52 push edx |
| 6 |
016f:bff66804 64ff3500000000 push dword ptr fs:[00000000] |
12 |
016f:bff66804 64ff3500000000 push dword ptr fs:[00000000] |
| 7 |
016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp |
13 |
016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp |
| 8 |
016f:bff66812 ff7514 push dword ptr [ebp+14] |
14 |
016f:bff66812 ff7514 push dword ptr [ebp+14] |
| 9 |
016f:bff66815 ff7510 push dword ptr [ebp+10] |
15 |
016f:bff66815 ff7510 push dword ptr [ebp+10] |
| 10 |
016f:bff66818 ff750c push dword ptr [ebp+0c] |
16 |
016f:bff66818 ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6681b ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6681b ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6681e ff5518 call dword ptr [ebp+18] |
18 |
016f:bff6681e ff5518 call dword ptr [ebp+18] |
| 13 |
016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] |
19 |
016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] |
| 14 |
016f:bff6682b c9 leave |
20 |
016f:bff6682b c9 leave |
| 15 |
016f:bff6682c c3 retd |
21 |
016f:bff6682c c3 retd |
| 16 |
016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] |
22 |
016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] |
| 17 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
23 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
| 18 |
016f:bff66838 b801000000 mov eax,00000001 |
24 |
016f:bff66838 b801000000 mov eax,00000001 |
| 19 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
25 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
| 20 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
26 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
| 21 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
27 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
| 22 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
28 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] |
9 |
016f:bff6682d 8b4c2404 mov ecx,dword ptr [esp+04] |
| 4 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
10 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
| 5 |
016f:bff66838 b801000000 mov eax,00000001 |
11 |
016f:bff66838 b801000000 mov eax,00000001 |
| 6 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
12 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
| 7 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
13 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
| 8 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
14 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
| 9 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
15 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
| 10 |
016f:bff6684a 8902 mov dword ptr [edx],eax |
16 |
016f:bff6684a 8902 mov dword ptr [edx],eax |
| 11 |
016f:bff6684c b802000000 mov eax,00000002 |
17 |
016f:bff6684c b802000000 mov eax,00000002 |
| 12 |
016f:bff66851 c3 retd |
18 |
016f:bff66851 c3 retd |
| 13 |
016f:bff66856 f7410406000000 test dword ptr [ecx+04],00000006 |
19 |
016f:bff66856 f7410406000000 test dword ptr [ecx+04],00000006 |
| 14 |
016f:bff6685d b801000000 mov eax,00000001 |
20 |
016f:bff6685d b801000000 mov eax,00000001 |
| 15 |
016f:bff66862 7412 jz bff66876 = KERNEL32.DLL:_FREQASM+0x5876 |
21 |
016f:bff66862 7412 jz bff66876 = KERNEL32.DLL:_FREQASM+0x5876 |
| 16 |
016f:bff66864 8b4c2408 mov ecx,dword ptr [esp+08] |
22 |
016f:bff66864 8b4c2408 mov ecx,dword ptr [esp+08] |
| 17 |
016f:bff66868 8b542410 mov edx,dword ptr [esp+10] |
23 |
016f:bff66868 8b542410 mov edx,dword ptr [esp+10] |
| 18 |
016f:bff6686c 8b4108 mov eax,dword ptr [ecx+08] |
24 |
016f:bff6686c 8b4108 mov eax,dword ptr [ecx+08] |
| 19 |
016f:bff6686f 8902 mov dword ptr [edx],eax |
25 |
016f:bff6686f 8902 mov dword ptr [edx],eax |
| 20 |
016f:bff66871 b803000000 mov eax,00000003 |
26 |
016f:bff66871 b803000000 mov eax,00000003 |
| 21 |
016f:bff66876 c3 retd |
27 |
016f:bff66876 c3 retd |
| 22 |
016f:bff66877 c3 retd |
28 |
016f:bff66877 c3 retd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff666d5 83c40c add esp,+0c |
9 |
016f:bff666d5 83c40c add esp,+0c |
| 4 |
016f:bff666d8 c9 leave |
10 |
016f:bff666d8 c9 leave |
| 5 |
016f:bff666d9 c3 retd |
11 |
016f:bff666d9 c3 retd |
| 6 |
016f:bff666da 55 push ebp |
12 |
016f:bff666da 55 push ebp |
| 7 |
016f:bff666db 8bec mov ebp,esp |
13 |
016f:bff666db 8bec mov ebp,esp |
| 8 |
016f:bff666dd 8b5d08 mov ebx,dword ptr [ebp+08] |
14 |
016f:bff666dd 8b5d08 mov ebx,dword ptr [ebp+08] |
| 9 |
016f:bff666e0 53 push ebx |
15 |
016f:bff666e0 53 push ebx |
| 10 |
016f:bff666e1 6a00 push +00 |
16 |
016f:bff666e1 6a00 push +00 |
| 11 |
016f:bff666e3 6815002a00 push 002a0015 |
17 |
016f:bff666e3 6815002a00 push 002a0015 |
| 12 |
016f:bff666e8 e8e7acffff call bff613d4 = KERNEL32.DLL!1 |
18 |
016f:bff666e8 e8e7acffff call bff613d4 = KERNEL32.DLL!1 |
| 13 |
016f:bff666ee 8bec mov ebp,esp |
19 |
016f:bff666ee 8bec mov ebp,esp |
| 14 |
016f:bff666f0 9c pushfd |
20 |
016f:bff666f0 9c pushfd |
| 15 |
016f:bff666f1 81eccc000000 sub esp,000000cc |
21 |
016f:bff666f1 81eccc000000 sub esp,000000cc |
| 16 |
016f:bff666f7 ff75fc push dword ptr [ebp-04] |
22 |
016f:bff666f7 ff75fc push dword ptr [ebp-04] |
| 17 |
016f:bff666fa 9d popfd |
23 |
016f:bff666fa 9d popfd |
| 18 |
016f:bff666fb 57 push edi |
24 |
016f:bff666fb 57 push edi |
| 19 |
016f:bff666fc 8dbd30ffffff lea edi,[ebp-000000d0] |
25 |
016f:bff666fc 8dbd30ffffff lea edi,[ebp-000000d0] |
| 20 |
016f:bff66702 6a04 push +04 |
26 |
016f:bff66702 6a04 push +04 |
| 21 |
016f:bff66704 55 push ebp |
27 |
016f:bff66704 55 push ebp |
| 22 |
016f:bff66705 57 push edi |
28 |
016f:bff66705 57 push edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff788c6 50 push eax |
9 |
016f:bff788c6 50 push eax |
| 4 |
016f:bff788c7 e8c263ffff call bff6ec8e = KERNEL32.DLL:.text+0x5c8e |
10 |
016f:bff788c7 e8c263ffff call bff6ec8e = KERNEL32.DLL:.text+0x5c8e |
| 5 |
016f:bff788cc 85c0 test eax,eax |
11 |
016f:bff788cc 85c0 test eax,eax |
| 6 |
016f:bff788ce 0f849b000000 jz bff7896f = KERNEL32.DLL:.text+0xf96f |
12 |
016f:bff788ce 0f849b000000 jz bff7896f = KERNEL32.DLL:.text+0xf96f |
| 7 |
016f:bff788d4 c745fc01000000 mov dword ptr [ebp-04],00000001 |
13 |
016f:bff788d4 c745fc01000000 mov dword ptr [ebp-04],00000001 |
| 8 |
016f:bff788db 395d08 cmp dword ptr [ebp+08],ebx |
14 |
016f:bff788db 395d08 cmp dword ptr [ebp+08],ebx |
| 9 |
016f:bff788de 750c jnz bff788ec = KERNEL32.DLL:.text+0xf8ec |
15 |
016f:bff788de 750c jnz bff788ec = KERNEL32.DLL:.text+0xf8ec |
| 10 |
016f:bff788e0 8d8588feffff lea eax,[ebp-00000178] |
16 |
016f:bff788e0 8d8588feffff lea eax,[ebp-00000178] |
| 11 |
016f:bff788e6 50 push eax |
17 |
016f:bff788e6 50 push eax |
| 12 |
016f:bff788e7 e8eeddfeff call bff666da = KERNEL32.DLL:_FREQASM+0x56da |
18 |
016f:bff788e7 e8eeddfeff call bff666da = KERNEL32.DLL:_FREQASM+0x56da |
| 13 |
016f:bff788f0 7411 jz bff78903 = KERNEL32.DLL:.text+0xf903 |
19 |
016f:bff788f0 7411 jz bff78903 = KERNEL32.DLL:.text+0xf903 |
| 14 |
016f:bff788f2 8b4304 mov eax,dword ptr [ebx+04] |
20 |
016f:bff788f2 8b4304 mov eax,dword ptr [ebx+04] |
| 15 |
016f:bff788f5 3d00000080 cmp eax,80000000 |
21 |
016f:bff788f5 3d00000080 cmp eax,80000000 |
| 16 |
016f:bff788fa 724f jc bff7894b = KERNEL32.DLL:.text+0xf94b |
22 |
016f:bff788fa 724f jc bff7894b = KERNEL32.DLL:.text+0xf94b |
| 17 |
016f:bff788fc 3dffffffbf cmp eax,bfffffff |
23 |
016f:bff788fc 3dffffffbf cmp eax,bfffffff |
| 18 |
016f:bff78901 7748 ja bff7894b = KERNEL32.DLL:.text+0xf94b |
24 |
016f:bff78901 7748 ja bff7894b = KERNEL32.DLL:.text+0xf94b |
| 19 |
016f:bff78903 8d4df8 lea ecx,[ebp-08] |
25 |
016f:bff78903 8d4df8 lea ecx,[ebp-08] |
| 20 |
016f:bff78906 8d9588feffff lea edx,[ebp-00000178] |
26 |
016f:bff78906 8d9588feffff lea edx,[ebp-00000178] |
| 21 |
016f:bff7890c ff7304 push dword ptr [ebx+04] |
27 |
016f:bff7890c ff7304 push dword ptr [ebx+04] |
| 22 |
016f:bff7890f 51 push ecx |
28 |
016f:bff7890f 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... |
8 |
-> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0041f9dd 90 nop |
9 |
016f:0041f9dd 90 nop |
| 4 |
016f:0041f9de 90 nop |
10 |
016f:0041f9de 90 nop |
| 5 |
016f:0041f9df 90 nop |
11 |
016f:0041f9df 90 nop |
| 6 |
016f:0041f9e0 83ec0c sub esp,+0c |
12 |
016f:0041f9e0 83ec0c sub esp,+0c |
| 7 |
016f:0041f9e3 53 push ebx |
13 |
016f:0041f9e3 53 push ebx |
| 8 |
016f:0041f9e4 55 push ebp |
14 |
016f:0041f9e4 55 push ebp |
| 9 |
016f:0041f9e5 56 push esi |
15 |
016f:0041f9e5 56 push esi |
| 10 |
016f:0041f9e6 57 push edi |
16 |
016f:0041f9e6 57 push edi |
| 11 |
016f:0041f9e7 8bd9 mov ebx,ecx |
17 |
016f:0041f9e7 8bd9 mov ebx,ecx |
| 12 |
016f:0041f9e9 e8c2ffffff call 0041f9b0 = SET641MI.DLL!1565 |
18 |
016f:0041f9e9 e8c2ffffff call 0041f9b0 = SET641MI.DLL!1565 |
| 13 |
016f:0041f9f1 dfe0 fstsw ax |
19 |
016f:0041f9f1 dfe0 fstsw ax |
| 14 |
016f:0041f9f3 f6c441 test ah,41 |
20 |
016f:0041f9f3 f6c441 test ah,41 |
| 15 |
016f:0041f9f6 0f85e4000000 jnz 0041fae0 = SET641MI.DLL:.text+0x1eae0 |
21 |
016f:0041f9f6 0f85e4000000 jnz 0041fae0 = SET641MI.DLL:.text+0x1eae0 |
| 16 |
016f:0041f9fc 8b6b08 mov ebp,dword ptr [ebx+08] |
22 |
016f:0041f9fc 8b6b08 mov ebp,dword ptr [ebx+08] |
| 17 |
016f:0041f9ff 8b7b10 mov edi,dword ptr [ebx+10] |
23 |
016f:0041f9ff 8b7b10 mov edi,dword ptr [ebx+10] |
| 18 |
016f:0041fa02 896c2410 mov dword ptr [esp+10],ebp |
24 |
016f:0041fa02 896c2410 mov dword ptr [esp+10],ebp |
| 19 |
016f:0041fa06 c744241400000000 mov dword ptr [esp+14],00000000 |
25 |
016f:0041fa06 c744241400000000 mov dword ptr [esp+14],00000000 |
| 20 |
016f:0041fa0e df6c2410 fild qword ptr [esp+10] |
26 |
016f:0041fa0e df6c2410 fild qword ptr [esp+10] |
| 21 |
016f:0041fa12 897c2418 mov dword ptr [esp+18],edi |
27 |
016f:0041fa12 897c2418 mov dword ptr [esp+18],edi |
| 22 |
016f:0041fa16 dc4b20 fmul qword ptr [ebx+20] |
28 |
016f:0041fa16 dc4b20 fmul qword ptr [ebx+20] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp |
9 |
016f:bff6680b 64892500000000 mov dword ptr fs:[00000000],esp |
| 4 |
016f:bff66812 ff7514 push dword ptr [ebp+14] |
10 |
016f:bff66812 ff7514 push dword ptr [ebp+14] |
| 5 |
016f:bff66815 ff7510 push dword ptr [ebp+10] |
11 |
016f:bff66815 ff7510 push dword ptr [ebp+10] |
| 6 |
016f:bff66818 ff750c push dword ptr [ebp+0c] |
12 |
016f:bff66818 ff750c push dword ptr [ebp+0c] |
| 7 |
016f:bff6681b ff7508 push dword ptr [ebp+08] |
13 |
016f:bff6681b ff7508 push dword ptr [ebp+08] |
| 8 |
016f:bff6681e ff5518 call dword ptr [ebp+18] |
14 |
016f:bff6681e ff5518 call dword ptr [ebp+18] |
| 9 |
016f:bff66821 83c410 add esp,+10 |
15 |
016f:bff66821 83c410 add esp,+10 |
| 10 |
016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] |
16 |
016f:bff66824 648f0500000000 pop dword ptr fs:[00000000] |
| 11 |
016f:bff6682b c9 leave |
17 |
016f:bff6682b c9 leave |
| 12 |
016f:bff6682c c3 retd |
18 |
016f:bff6682c c3 retd |
| 13 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
19 |
016f:bff66831 f7410406000000 test dword ptr [ecx+04],00000006 |
| 14 |
016f:bff66838 b801000000 mov eax,00000001 |
20 |
016f:bff66838 b801000000 mov eax,00000001 |
| 15 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
21 |
016f:bff6683d 7512 jnz bff66851 = KERNEL32.DLL:_FREQASM+0x5851 |
| 16 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
22 |
016f:bff6683f 8b4c2408 mov ecx,dword ptr [esp+08] |
| 17 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
23 |
016f:bff66843 8b542410 mov edx,dword ptr [esp+10] |
| 18 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
24 |
016f:bff66847 8b4108 mov eax,dword ptr [ecx+08] |
| 19 |
016f:bff6684a 8902 mov dword ptr [edx],eax |
25 |
016f:bff6684a 8902 mov dword ptr [edx],eax |
| 20 |
016f:bff6684c b802000000 mov eax,00000002 |
26 |
016f:bff6684c b802000000 mov eax,00000002 |
| 21 |
016f:bff66851 c3 retd |
27 |
016f:bff66851 c3 retd |
| 22 |
016f:bff66852 8b4c2404 mov ecx,dword ptr [esp+04] |
28 |
016f:bff66852 8b4c2404 mov ecx,dword ptr [esp+04] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bffb1a29 8bec mov ebp,esp |
9 |
016f:bffb1a29 8bec mov ebp,esp |
| 4 |
016f:bffb1a2b 53 push ebx |
10 |
016f:bffb1a2b 53 push ebx |
| 5 |
016f:bffb1a2c 56 push esi |
11 |
016f:bffb1a2c 56 push esi |
| 6 |
016f:bffb1a2d 57 push edi |
12 |
016f:bffb1a2d 57 push edi |
| 7 |
016f:bffb1a2e 55 push ebp |
13 |
016f:bffb1a2e 55 push ebp |
| 8 |
016f:bffb1a2f 6a00 push +00 |
14 |
016f:bffb1a2f 6a00 push +00 |
| 9 |
016f:bffb1a31 6a00 push +00 |
15 |
016f:bffb1a31 6a00 push +00 |
| 10 |
016f:bffb1a33 68401afbbf push bffb1a40 |
16 |
016f:bffb1a33 68401afbbf push bffb1a40 |
| 11 |
016f:bffb1a38 ff7508 push dword ptr [ebp+08] |
17 |
016f:bffb1a38 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind |
18 |
016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind |
| 13 |
016f:bffb1a41 5f pop edi |
19 |
016f:bffb1a41 5f pop edi |
| 14 |
016f:bffb1a42 5e pop esi |
20 |
016f:bffb1a42 5e pop esi |
| 15 |
016f:bffb1a43 5b pop ebx |
21 |
016f:bffb1a43 5b pop ebx |
| 16 |
016f:bffb1a44 8be5 mov esp,ebp |
22 |
016f:bffb1a44 8be5 mov esp,ebp |
| 17 |
016f:bffb1a46 5d pop ebp |
23 |
016f:bffb1a46 5d pop ebp |
| 18 |
016f:bffb1a47 c3 retd |
24 |
016f:bffb1a47 c3 retd |
| 19 |
016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] |
25 |
016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] |
| 20 |
016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 |
26 |
016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 |
| 21 |
016f:bffb1a53 b801000000 mov eax,00000001 |
27 |
016f:bffb1a53 b801000000 mov eax,00000001 |
| 22 |
016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 |
28 |
016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bffb1a29 8bec mov ebp,esp |
9 |
016f:bffb1a29 8bec mov ebp,esp |
| 4 |
016f:bffb1a2b 53 push ebx |
10 |
016f:bffb1a2b 53 push ebx |
| 5 |
016f:bffb1a2c 56 push esi |
11 |
016f:bffb1a2c 56 push esi |
| 6 |
016f:bffb1a2d 57 push edi |
12 |
016f:bffb1a2d 57 push edi |
| 7 |
016f:bffb1a2e 55 push ebp |
13 |
016f:bffb1a2e 55 push ebp |
| 8 |
016f:bffb1a2f 6a00 push +00 |
14 |
016f:bffb1a2f 6a00 push +00 |
| 9 |
016f:bffb1a31 6a00 push +00 |
15 |
016f:bffb1a31 6a00 push +00 |
| 10 |
016f:bffb1a33 68401afbbf push bffb1a40 |
16 |
016f:bffb1a33 68401afbbf push bffb1a40 |
| 11 |
016f:bffb1a38 ff7508 push dword ptr [ebp+08] |
17 |
016f:bffb1a38 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind |
18 |
016f:bffb1a3b e8b96dfcff call bff787f9 = KERNEL32.DLL!RtlUnwind |
| 13 |
016f:bffb1a41 5f pop edi |
19 |
016f:bffb1a41 5f pop edi |
| 14 |
016f:bffb1a42 5e pop esi |
20 |
016f:bffb1a42 5e pop esi |
| 15 |
016f:bffb1a43 5b pop ebx |
21 |
016f:bffb1a43 5b pop ebx |
| 16 |
016f:bffb1a44 8be5 mov esp,ebp |
22 |
016f:bffb1a44 8be5 mov esp,ebp |
| 17 |
016f:bffb1a46 5d pop ebp |
23 |
016f:bffb1a46 5d pop ebp |
| 18 |
016f:bffb1a47 c3 retd |
24 |
016f:bffb1a47 c3 retd |
| 19 |
016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] |
25 |
016f:bffb1a48 8b4c2404 mov ecx,dword ptr [esp+04] |
| 20 |
016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 |
26 |
016f:bffb1a4c f7410406000000 test dword ptr [ecx+04],00000006 |
| 21 |
016f:bffb1a53 b801000000 mov eax,00000001 |
27 |
016f:bffb1a53 b801000000 mov eax,00000001 |
| 22 |
016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 |
28 |
016f:bffb1a58 740f jz bffb1a69 = KERNEL32.DLL:.text+0x48a69 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a4e6 2bfb sub edi,ebx |
9 |
016f:bff6a4e6 2bfb sub edi,ebx |
| 4 |
016f:bff6a4e8 57 push edi |
10 |
016f:bff6a4e8 57 push edi |
| 5 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
11 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
| 6 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
13 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
| 8 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
14 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
| 9 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
15 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
| 10 |
016f:bff6a4f8 50 push eax |
16 |
016f:bff6a4f8 50 push eax |
| 11 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
18 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 13 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
19 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 14 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
20 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 15 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
21 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 16 |
016f:bff6a50d 50 push eax |
22 |
016f:bff6a50d 50 push eax |
| 17 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
23 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 18 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
24 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 19 |
016f:bff6a514 50 push eax |
25 |
016f:bff6a514 50 push eax |
| 20 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
26 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 21 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
27 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 22 |
016f:bff6a51d 85c0 test eax,eax |
28 |
016f:bff6a51d 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a6ab 56 push esi |
9 |
016f:bff6a6ab 56 push esi |
| 4 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
10 |
016f:bff6a6ac e8a6fdffff call bff6a457 = KERNEL32.DLL:.text+0x1457 |
| 5 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
11 |
016f:bff6a6b1 89450c mov dword ptr [ebp+0c],eax |
| 6 |
016f:bff6a6b4 85c0 test eax,eax |
12 |
016f:bff6a6b4 85c0 test eax,eax |
| 7 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
13 |
016f:bff6a6b6 7436 jz bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 8 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
14 |
016f:bff6a6b8 ff7510 push dword ptr [ebp+10] |
| 9 |
016f:bff6a6bb 56 push esi |
15 |
016f:bff6a6bb 56 push esi |
| 10 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
16 |
016f:bff6a6bc 0d000000a0 or eax,a0000000 |
| 11 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
17 |
016f:bff6a6c1 8903 mov dword ptr [ebx],eax |
| 12 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6a6c3 e888fbffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
19 |
016f:bff6a6cb eb49 jmp bff6a716 = KERNEL32.DLL:.text+0x1716 |
| 14 |
016f:bff6a6cd 6a08 push +08 |
20 |
016f:bff6a6cd 6a08 push +08 |
| 15 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
21 |
016f:bff6a6cf e82d240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 16 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
22 |
016f:bff6a6d4 eb18 jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 17 |
016f:bff6a6d6 6a08 push +08 |
23 |
016f:bff6a6d6 6a08 push +08 |
| 18 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
24 |
016f:bff6a6d8 e824240000 call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 19 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
25 |
016f:bff6a6dd eb0f jmp bff6a6ee = KERNEL32.DLL:.text+0x16ee |
| 20 |
016f:bff6a6df 6a10 push +10 |
26 |
016f:bff6a6df 6a10 push +10 |
| 21 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
27 |
016f:bff6a6e1 ff75fc push dword ptr [ebp-04] |
| 22 |
016f:bff6a6e4 680a000100 push 0001000a |
28 |
016f:bff6a6e4 680a000100 push 0001000a |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
8 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
9 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
| 4 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
10 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
| 5 |
016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 |
11 |
016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 |
| 6 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
12 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
| 7 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
13 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
| 8 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
14 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
| 9 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
15 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
| 10 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
16 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
| 11 |
016f:7801a8a4 6a09 push +09 |
17 |
016f:7801a8a4 6a09 push +09 |
| 12 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
18 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
| 13 |
016f:7801a8ac c3 retd |
19 |
016f:7801a8ac c3 retd |
| 14 |
016f:7801a8ad 6a09 push +09 |
20 |
016f:7801a8ad 6a09 push +09 |
| 15 |
016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock |
21 |
016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock |
| 16 |
016f:7801a8b4 59 pop ecx |
22 |
016f:7801a8b4 59 pop ecx |
| 17 |
016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 |
23 |
016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 |
| 18 |
016f:7801a8bc 8d45dc lea eax,[ebp-24] |
24 |
016f:7801a8bc 8d45dc lea eax,[ebp-24] |
| 19 |
016f:7801a8bf 50 push eax |
25 |
016f:7801a8bf 50 push eax |
| 20 |
016f:7801a8c0 8d45d4 lea eax,[ebp-2c] |
26 |
016f:7801a8c0 8d45d4 lea eax,[ebp-2c] |
| 21 |
016f:7801a8c3 50 push eax |
27 |
016f:7801a8c3 50 push eax |
| 22 |
016f:7801a8c4 ff7508 push dword ptr [ebp+08] |
28 |
016f:7801a8c4 ff7508 push dword ptr [ebp+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 |
9 |
016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 |
| 4 |
016f:7801a873 59 pop ecx |
10 |
016f:7801a873 59 pop ecx |
| 5 |
016f:7801a874 8945e0 mov dword ptr [ebp-20],eax |
11 |
016f:7801a874 8945e0 mov dword ptr [ebp-20],eax |
| 6 |
016f:7801a877 85c0 test eax,eax |
12 |
016f:7801a877 85c0 test eax,eax |
| 7 |
016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c |
13 |
016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c |
| 8 |
016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] |
14 |
016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] |
| 9 |
016f:7801a87e 83ee09 sub esi,+09 |
15 |
016f:7801a87e 83ee09 sub esi,+09 |
| 10 |
016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi |
16 |
016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi |
| 11 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
18 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
| 13 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
19 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
| 14 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
20 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
| 15 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
21 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
| 16 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
22 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
| 17 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
23 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
| 18 |
016f:7801a8a4 6a09 push +09 |
24 |
016f:7801a8a4 6a09 push +09 |
| 19 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
25 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
| 20 |
016f:7801a8ab 59 pop ecx |
26 |
016f:7801a8ab 59 pop ecx |
| 21 |
016f:7801a8ac c3 retd |
27 |
016f:7801a8ac c3 retd |
| 22 |
016f:7801a8ad 6a09 push +09 |
28 |
016f:7801a8ad 6a09 push +09 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. |
8 |
-> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. |
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7800b3b2 6a09 push +09 |
9 |
016f:7800b3b2 6a09 push +09 |
| 4 |
016f:7800b3b4 e88b62ffff call 78001644 = MSVCRT.DLL!_lock |
10 |
016f:7800b3b4 e88b62ffff call 78001644 = MSVCRT.DLL!_lock |
| 5 |
016f:7800b3b9 59 pop ecx |
11 |
016f:7800b3b9 59 pop ecx |
| 6 |
016f:7800b3ba 8365fc00 and dword ptr [ebp-04],+00 |
12 |
016f:7800b3ba 8365fc00 and dword ptr [ebp-04],+00 |
| 7 |
016f:7800b3be 56 push esi |
13 |
016f:7800b3be 56 push esi |
| 8 |
016f:7800b3bf e81a080000 call 7800bbde = MSVCRT.DLL:.text+0xabde |
14 |
016f:7800b3bf e81a080000 call 7800bbde = MSVCRT.DLL:.text+0xabde |
| 9 |
016f:7800b3c4 59 pop ecx |
15 |
016f:7800b3c4 59 pop ecx |
| 10 |
016f:7800b3c5 8945e4 mov dword ptr [ebp-1c],eax |
16 |
016f:7800b3c5 8945e4 mov dword ptr [ebp-1c],eax |
| 11 |
016f:7800b3c8 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:7800b3c8 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:7800b3cc e810000000 call 7800b3e1 = MSVCRT.DLL:.text+0xa3e1 |
18 |
016f:7800b3cc e810000000 call 7800b3e1 = MSVCRT.DLL:.text+0xa3e1 |
| 13 |
016f:7800b3d4 85c0 test eax,eax |
19 |
016f:7800b3d4 85c0 test eax,eax |
| 14 |
016f:7800b3d6 0f842b60ffff jz 78001407 = MSVCRT.DLL:.text+0x407 |
20 |
016f:7800b3d6 0f842b60ffff jz 78001407 = MSVCRT.DLL:.text+0x407 |
| 15 |
016f:7800b3dc e94560ffff jmp 78001426 = MSVCRT.DLL:.text+0x426 |
21 |
016f:7800b3dc e94560ffff jmp 78001426 = MSVCRT.DLL:.text+0x426 |
| 16 |
016f:7800b3e1 6a09 push +09 |
22 |
016f:7800b3e1 6a09 push +09 |
| 17 |
016f:7800b3e3 e8b762ffff call 7800169f = MSVCRT.DLL!_unlock |
23 |
016f:7800b3e3 e8b762ffff call 7800169f = MSVCRT.DLL!_unlock |
| 18 |
016f:7800b3e8 59 pop ecx |
24 |
016f:7800b3e8 59 pop ecx |
| 19 |
016f:7800b3e9 c3 retd |
25 |
016f:7800b3e9 c3 retd |
| 20 |
016f:7800b3ea 8b4508 mov eax,dword ptr [ebp+08] |
26 |
016f:7800b3ea 8b4508 mov eax,dword ptr [ebp+08] |
| 21 |
016f:7800b3ed 85c0 test eax,eax |
27 |
016f:7800b3ed 85c0 test eax,eax |
| 22 |
016f:7800b3ef 7449 jz 7800b43a = MSVCRT.DLL:.text+0xa43a |
28 |
016f:7800b3ef 7449 jz 7800b43a = MSVCRT.DLL:.text+0xa43a |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
8 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 00 00 00 00 a1 a8 01 78 ff ff ff ff ...........x.... |
8 |
-> ff ff ff ff 00 00 00 00 a1 a8 01 78 ff ff ff ff ...........x.... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... |
8 |
-> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780021cb 8bc6 mov eax,esi |
9 |
016f:780021cb 8bc6 mov eax,esi |
| 4 |
016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] |
10 |
016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] |
| 5 |
016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx |
11 |
016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 6 |
016f:780021d7 5f pop edi |
12 |
016f:780021d7 5f pop edi |
| 7 |
016f:780021d8 5e pop esi |
13 |
016f:780021d8 5e pop esi |
| 8 |
016f:780021d9 5b pop ebx |
14 |
016f:780021d9 5b pop ebx |
| 9 |
016f:780021da c9 leave |
15 |
016f:780021da c9 leave |
| 10 |
016f:780021db c3 retd |
16 |
016f:780021db c3 retd |
| 11 |
016f:780021dc 6a0d push +0d |
17 |
016f:780021dc 6a0d push +0d |
| 12 |
016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock |
18 |
016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock |
| 13 |
016f:780021e4 c3 retd |
19 |
016f:780021e4 c3 retd |
| 14 |
016f:780021e5 55 push ebp |
20 |
016f:780021e5 55 push ebp |
| 15 |
016f:780021e6 8bec mov ebp,esp |
21 |
016f:780021e6 8bec mov ebp,esp |
| 16 |
016f:780021e8 6aff push -01 |
22 |
016f:780021e8 6aff push -01 |
| 17 |
016f:780021ea 6808330378 push 78033308 |
23 |
016f:780021ea 6808330378 push 78033308 |
| 18 |
016f:780021ef 6811db0078 push 7800db11 |
24 |
016f:780021ef 6811db0078 push 7800db11 |
| 19 |
016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] |
25 |
016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] |
| 20 |
016f:780021fa 50 push eax |
26 |
016f:780021fa 50 push eax |
| 21 |
016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp |
27 |
016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp |
| 22 |
016f:78002202 83ec14 sub esp,+14 |
28 |
016f:78002202 83ec14 sub esp,+14 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 |
9 |
016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 |
| 4 |
016f:78002101 8b45e4 mov eax,dword ptr [ebp-1c] |
10 |
016f:78002101 8b45e4 mov eax,dword ptr [ebp-1c] |
| 5 |
016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] |
11 |
016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] |
| 6 |
016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx |
12 |
016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 7 |
016f:7800210e 5f pop edi |
13 |
016f:7800210e 5f pop edi |
| 8 |
016f:7800210f 5e pop esi |
14 |
016f:7800210f 5e pop esi |
| 9 |
016f:78002110 5b pop ebx |
15 |
016f:78002110 5b pop ebx |
| 10 |
016f:78002111 c9 leave |
16 |
016f:78002111 c9 leave |
| 11 |
016f:78002112 c3 retd |
17 |
016f:78002112 c3 retd |
| 12 |
016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc |
18 |
016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc |
| 13 |
016f:78002119 6a0d push +0d |
19 |
016f:78002119 6a0d push +0d |
| 14 |
016f:7800211b e824f5ffff call 78001644 = MSVCRT.DLL!_lock |
20 |
016f:7800211b e824f5ffff call 78001644 = MSVCRT.DLL!_lock |
| 15 |
016f:78002120 59 pop ecx |
21 |
016f:78002120 59 pop ecx |
| 16 |
016f:78002121 c3 retd |
22 |
016f:78002121 c3 retd |
| 17 |
016f:78002122 53 push ebx |
23 |
016f:78002122 53 push ebx |
| 18 |
016f:78002123 56 push esi |
24 |
016f:78002123 56 push esi |
| 19 |
016f:78002124 8b742410 mov esi,dword ptr [esp+10] |
25 |
016f:78002124 8b742410 mov esi,dword ptr [esp+10] |
| 20 |
016f:78002128 57 push edi |
26 |
016f:78002128 57 push edi |
| 21 |
016f:78002129 ff36 push dword ptr [esi] |
27 |
016f:78002129 ff36 push dword ptr [esi] |
| 22 |
016f:7800212b e84e000000 call 7800217e = MSVCRT.DLL!_msize |
28 |
016f:7800212b e84e000000 call 7800217e = MSVCRT.DLL!_msize |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780020db e839000000 call 78002119 = MSVCRT.DLL:.text+0x1119 |
9 |
016f:780020db e839000000 call 78002119 = MSVCRT.DLL:.text+0x1119 |
| 4 |
016f:780020e0 8365fc00 and dword ptr [ebp-04],+00 |
10 |
016f:780020e0 8365fc00 and dword ptr [ebp-04],+00 |
| 5 |
016f:780020e4 ff7510 push dword ptr [ebp+10] |
11 |
016f:780020e4 ff7510 push dword ptr [ebp+10] |
| 6 |
016f:780020e7 ff750c push dword ptr [ebp+0c] |
12 |
016f:780020e7 ff750c push dword ptr [ebp+0c] |
| 7 |
016f:780020ea ff7508 push dword ptr [ebp+08] |
13 |
016f:780020ea ff7508 push dword ptr [ebp+08] |
| 8 |
016f:780020ed e830000000 call 78002122 = MSVCRT.DLL:.text+0x1122 |
14 |
016f:780020ed e830000000 call 78002122 = MSVCRT.DLL:.text+0x1122 |
| 9 |
016f:780020f2 83c40c add esp,+0c |
15 |
016f:780020f2 83c40c add esp,+0c |
| 10 |
016f:780020f5 8945e4 mov dword ptr [ebp-1c],eax |
16 |
016f:780020f5 8945e4 mov dword ptr [ebp-1c],eax |
| 11 |
016f:780020f8 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:780020f8 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 |
18 |
016f:780020fc e812000000 call 78002113 = MSVCRT.DLL:.text+0x1113 |
| 13 |
016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] |
19 |
016f:78002104 8b4df0 mov ecx,dword ptr [ebp-10] |
| 14 |
016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx |
20 |
016f:78002107 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 15 |
016f:7800210e 5f pop edi |
21 |
016f:7800210e 5f pop edi |
| 16 |
016f:7800210f 5e pop esi |
22 |
016f:7800210f 5e pop esi |
| 17 |
016f:78002110 5b pop ebx |
23 |
016f:78002110 5b pop ebx |
| 18 |
016f:78002111 c9 leave |
24 |
016f:78002111 c9 leave |
| 19 |
016f:78002112 c3 retd |
25 |
016f:78002112 c3 retd |
| 20 |
016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc |
26 |
016f:78002113 e8c4000000 call 780021dc = MSVCRT.DLL:.text+0x11dc |
| 21 |
016f:78002118 c3 retd |
27 |
016f:78002118 c3 retd |
| 22 |
016f:78002119 6a0d push +0d |
28 |
016f:78002119 6a0d push +0d |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> d0 13 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
| 1 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
8 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
|
Line 1
Link Here
|
| 1 |
-> b8 b0 ff 06 10 e9 e2 fa ff ff cc cc cc cc cc cc ................ |
8 |
-> b8 b0 ff 06 10 e9 e2 fa ff ff cc cc cc cc cc cc ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
8 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 00 00 00 00 13 21 00 78 00 00 00 00 .........!.x.... |
8 |
-> ff ff ff ff 00 00 00 00 13 21 00 78 00 00 00 00 .........!.x.... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c92d6 833dd0c50c01ff cmp dword ptr [010cc5d0],-01 |
9 |
016f:010c92d6 833dd0c50c01ff cmp dword ptr [010cc5d0],-01 |
| 4 |
016f:010c92dd 750c jnz 010c92eb = JVM641MI.DLL:.text+0x82eb |
10 |
016f:010c92dd 750c jnz 010c92eb = JVM641MI.DLL:.text+0x82eb |
| 5 |
016f:010c92df ff742404 push dword ptr [esp+04] |
11 |
016f:010c92df ff742404 push dword ptr [esp+04] |
| 6 |
016f:010c92e3 ff153ca00c01 call dword ptr [010ca03c] -> MSVCRT.DLL!_onexit |
12 |
016f:010c92e3 ff153ca00c01 call dword ptr [010ca03c] -> MSVCRT.DLL!_onexit |
| 7 |
016f:010c92e9 59 pop ecx |
13 |
016f:010c92e9 59 pop ecx |
| 8 |
016f:010c92ea c3 retd |
14 |
016f:010c92ea c3 retd |
| 9 |
016f:010c92eb 68ccc50c01 push 010cc5cc |
15 |
016f:010c92eb 68ccc50c01 push 010cc5cc |
| 10 |
016f:010c92f0 68d0c50c01 push 010cc5d0 |
16 |
016f:010c92f0 68d0c50c01 push 010cc5d0 |
| 11 |
016f:010c92f5 ff74240c push dword ptr [esp+0c] |
17 |
016f:010c92f5 ff74240c push dword ptr [esp+0c] |
| 12 |
016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit |
18 |
016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit |
| 13 |
016f:010c9301 c3 retd |
19 |
016f:010c9301 c3 retd |
| 14 |
016f:010c9302 ff742404 push dword ptr [esp+04] |
20 |
016f:010c9302 ff742404 push dword ptr [esp+04] |
| 15 |
016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 |
21 |
016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 |
| 16 |
016f:010c930b f7d8 neg eax |
22 |
016f:010c930b f7d8 neg eax |
| 17 |
016f:010c930d 1bc0 sbb eax,eax |
23 |
016f:010c930d 1bc0 sbb eax,eax |
| 18 |
016f:010c930f 59 pop ecx |
24 |
016f:010c930f 59 pop ecx |
| 19 |
016f:010c9310 f7d8 neg eax |
25 |
016f:010c9310 f7d8 neg eax |
| 20 |
016f:010c9312 48 dec eax |
26 |
016f:010c9312 48 dec eax |
| 21 |
016f:010c9313 c3 retd |
27 |
016f:010c9313 c3 retd |
| 22 |
016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf |
28 |
016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
8 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
|
Line 1
Link Here
|
| 1 |
-> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. |
8 |
-> 50 40 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 P@.............. |
|
Line 1
Link Here
|
| 1 |
-> 64 40 bc 00 50 40 bc 00 00 00 00 00 00 00 00 00 d@..P@.......... |
8 |
-> 64 40 bc 00 50 40 bc 00 00 00 00 00 00 00 00 00 d@..P@.......... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c92e9 59 pop ecx |
9 |
016f:010c92e9 59 pop ecx |
| 4 |
016f:010c92ea c3 retd |
10 |
016f:010c92ea c3 retd |
| 5 |
016f:010c92eb 68ccc50c01 push 010cc5cc |
11 |
016f:010c92eb 68ccc50c01 push 010cc5cc |
| 6 |
016f:010c92f0 68d0c50c01 push 010cc5d0 |
12 |
016f:010c92f0 68d0c50c01 push 010cc5d0 |
| 7 |
016f:010c92f5 ff74240c push dword ptr [esp+0c] |
13 |
016f:010c92f5 ff74240c push dword ptr [esp+0c] |
| 8 |
016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit |
14 |
016f:010c92f9 e88a000000 call 010c9388 = MSVCRT.DLL!__dllonexit |
| 9 |
016f:010c92fe 83c40c add esp,+0c |
15 |
016f:010c92fe 83c40c add esp,+0c |
| 10 |
016f:010c9301 c3 retd |
16 |
016f:010c9301 c3 retd |
| 11 |
016f:010c9302 ff742404 push dword ptr [esp+04] |
17 |
016f:010c9302 ff742404 push dword ptr [esp+04] |
| 12 |
016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 |
18 |
016f:010c9306 e8cbffffff call 010c92d6 = JVM641MI.DLL:.text+0x82d6 |
| 13 |
016f:010c930d 1bc0 sbb eax,eax |
19 |
016f:010c930d 1bc0 sbb eax,eax |
| 14 |
016f:010c930f 59 pop ecx |
20 |
016f:010c930f 59 pop ecx |
| 15 |
016f:010c9310 f7d8 neg eax |
21 |
016f:010c9310 f7d8 neg eax |
| 16 |
016f:010c9312 48 dec eax |
22 |
016f:010c9312 48 dec eax |
| 17 |
016f:010c9313 c3 retd |
23 |
016f:010c9313 c3 retd |
| 18 |
016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf |
24 |
016f:010c9314 ff255ca00c01 jmp dword ptr [010ca05c] -> MSVCRT.DLL!fprintf |
| 19 |
016f:010c931a cc int 3 |
25 |
016f:010c931a cc int 3 |
| 20 |
016f:010c931b cc int 3 |
26 |
016f:010c931b cc int 3 |
| 21 |
016f:010c931c cc int 3 |
27 |
016f:010c931c cc int 3 |
| 22 |
016f:010c931d cc int 3 |
28 |
016f:010c931d cc int 3 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
8 |
-> b9 68 c5 0c 01 e9 04 7c 00 00 90 90 90 90 90 90 .h.....|........ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c13e0 b968c50c01 mov ecx,010cc568 |
9 |
016f:010c13e0 b968c50c01 mov ecx,010cc568 |
| 4 |
016f:010c13e5 e91e7c0000 jmp 010c9008 = TL641MI.DLL!241 |
10 |
016f:010c13e5 e91e7c0000 jmp 010c9008 = TL641MI.DLL!241 |
| 5 |
016f:010c13ea 90 nop |
11 |
016f:010c13ea 90 nop |
| 6 |
016f:010c13eb 90 nop |
12 |
016f:010c13eb 90 nop |
| 7 |
016f:010c13ec 90 nop |
13 |
016f:010c13ec 90 nop |
| 8 |
016f:010c13ed 90 nop |
14 |
016f:010c13ed 90 nop |
| 9 |
016f:010c13ee 90 nop |
15 |
016f:010c13ee 90 nop |
| 10 |
016f:010c13ef 90 nop |
16 |
016f:010c13ef 90 nop |
| 11 |
016f:010c13f0 6800140c01 push 010c1400 |
17 |
016f:010c13f0 6800140c01 push 010c1400 |
| 12 |
016f:010c13f5 e8087f0000 call 010c9302 = JVM641MI.DLL:.text+0x8302 |
18 |
016f:010c13f5 e8087f0000 call 010c9302 = JVM641MI.DLL:.text+0x8302 |
| 13 |
016f:010c13fb c3 retd |
19 |
016f:010c13fb c3 retd |
| 14 |
016f:010c13fc 90 nop |
20 |
016f:010c13fc 90 nop |
| 15 |
016f:010c13fd 90 nop |
21 |
016f:010c13fd 90 nop |
| 16 |
016f:010c13fe 90 nop |
22 |
016f:010c13fe 90 nop |
| 17 |
016f:010c13ff 90 nop |
23 |
016f:010c13ff 90 nop |
| 18 |
016f:010c1400 b968c50c01 mov ecx,010cc568 |
24 |
016f:010c1400 b968c50c01 mov ecx,010cc568 |
| 19 |
016f:010c1405 e9047c0000 jmp 010c900e = TL641MI.DLL!242 |
25 |
016f:010c1405 e9047c0000 jmp 010c900e = TL641MI.DLL!242 |
| 20 |
016f:010c140a 90 nop |
26 |
016f:010c140a 90 nop |
| 21 |
016f:010c140b 90 nop |
27 |
016f:010c140b 90 nop |
| 22 |
016f:010c140c 90 nop |
28 |
016f:010c140c 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff86092 fd std |
9 |
016f:bff86092 fd std |
| 4 |
016f:bff86093 ff8bc65f5ec2 dec dword ptr [ebx+c25e5fc6] |
10 |
016f:bff86093 ff8bc65f5ec2 dec dword ptr [ebx+c25e5fc6] |
| 5 |
016f:bff86099 0400 add al,00 |
11 |
016f:bff86099 0400 add al,00 |
| 6 |
016f:bff8609b ff742404 push dword ptr [esp+04] |
12 |
016f:bff8609b ff742404 push dword ptr [esp+04] |
| 7 |
016f:bff8609f e8b584ffff call bff7e559 = KERNEL32.DLL!FreeLibrary |
13 |
016f:bff8609f e8b584ffff call bff7e559 = KERNEL32.DLL!FreeLibrary |
| 8 |
016f:bff860a4 ff742408 push dword ptr [esp+08] |
14 |
016f:bff860a4 ff742408 push dword ptr [esp+08] |
| 9 |
016f:bff860a8 e8d542ffff call bff7a382 = KERNEL32.DLL!ExitThread |
15 |
016f:bff860a8 e8d542ffff call bff7a382 = KERNEL32.DLL!ExitThread |
| 10 |
016f:bff860ad c20800 retd 0008 |
16 |
016f:bff860ad c20800 retd 0008 |
| 11 |
016f:bff860b0 ff742404 push dword ptr [esp+04] |
17 |
016f:bff860b0 ff742404 push dword ptr [esp+04] |
| 12 |
016f:bff860b4 e87769feff call bff6ca30 = KERNEL32.DLL:.text+0x3a30 |
18 |
016f:bff860b4 e87769feff call bff6ca30 = KERNEL32.DLL:.text+0x3a30 |
| 13 |
016f:bff860bb 7417 jz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 |
19 |
016f:bff860bb 7417 jz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 |
| 14 |
016f:bff860bd 668b4814 mov cx,word ptr [eax+14] |
20 |
016f:bff860bd 668b4814 mov cx,word ptr [eax+14] |
| 15 |
016f:bff860c1 f6c120 test cl,20 |
21 |
016f:bff860c1 f6c120 test cl,20 |
| 16 |
016f:bff860c4 750e jnz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 |
22 |
016f:bff860c4 750e jnz bff860d4 = KERNEL32.DLL:.text+0x1d0d4 |
| 17 |
016f:bff860c6 80c940 or cl,40 |
23 |
016f:bff860c6 80c940 or cl,40 |
| 18 |
016f:bff860c9 66894814 mov word ptr [eax+14],cx |
24 |
016f:bff860c9 66894814 mov word ptr [eax+14],cx |
| 19 |
016f:bff860cd b801000000 mov eax,00000001 |
25 |
016f:bff860cd b801000000 mov eax,00000001 |
| 20 |
016f:bff860d2 eb09 jmp bff860dd = KERNEL32.DLL:.text+0x1d0dd |
26 |
016f:bff860d2 eb09 jmp bff860dd = KERNEL32.DLL:.text+0x1d0dd |
| 21 |
016f:bff860d4 6a1f push +1f |
27 |
016f:bff860d4 6a1f push +1f |
| 22 |
016f:bff860d6 e8266afeff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
28 |
016f:bff860d6 e8266afeff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c9350 ff2554a00c01 jmp dword ptr [010ca054] -> MSVCRT.DLL!_stat |
9 |
016f:010c9350 ff2554a00c01 jmp dword ptr [010ca054] -> MSVCRT.DLL!_stat |
| 4 |
016f:010c9356 ff2550a00c01 jmp dword ptr [010ca050] -> MSVCRT.DLL!free |
10 |
016f:010c9356 ff2550a00c01 jmp dword ptr [010ca050] -> MSVCRT.DLL!free |
| 5 |
016f:010c935c ff254ca00c01 jmp dword ptr [010ca04c] -> MSVCRT.DLL!_initterm |
11 |
016f:010c935c ff254ca00c01 jmp dword ptr [010ca04c] -> MSVCRT.DLL!_initterm |
| 6 |
016f:010c9362 ff2548a00c01 jmp dword ptr [010ca048] -> MSVCRT.DLL!malloc |
12 |
016f:010c9362 ff2548a00c01 jmp dword ptr [010ca048] -> MSVCRT.DLL!malloc |
| 7 |
016f:010c9368 837c240801 cmp dword ptr [esp+08],+01 |
13 |
016f:010c9368 837c240801 cmp dword ptr [esp+08],+01 |
| 8 |
016f:010c936d 7513 jnz 010c9382 = JVM641MI.DLL:.text+0x8382 |
14 |
016f:010c936d 7513 jnz 010c9382 = JVM641MI.DLL:.text+0x8382 |
| 9 |
016f:010c936f 833dd4c50c0100 cmp dword ptr [010cc5d4],+00 |
15 |
016f:010c936f 833dd4c50c0100 cmp dword ptr [010cc5d4],+00 |
| 10 |
016f:010c9376 750a jnz 010c9382 = JVM641MI.DLL:.text+0x8382 |
16 |
016f:010c9376 750a jnz 010c9382 = JVM641MI.DLL:.text+0x8382 |
| 11 |
016f:010c9378 ff742404 push dword ptr [esp+04] |
17 |
016f:010c9378 ff742404 push dword ptr [esp+04] |
| 12 |
016f:010c937c ff1514a00c01 call dword ptr [010ca014] -> KERNEL32.DLL!DisableThreadLibraryCalls |
18 |
016f:010c937c ff1514a00c01 call dword ptr [010ca014] -> KERNEL32.DLL!DisableThreadLibraryCalls |
| 13 |
016f:010c9384 58 pop eax |
19 |
016f:010c9384 58 pop eax |
| 14 |
016f:010c9385 c20c00 retd 000c |
20 |
016f:010c9385 c20c00 retd 000c |
| 15 |
016f:010c9388 ff2540a00c01 jmp dword ptr [010ca040] -> MSVCRT.DLL!__dllonexit |
21 |
016f:010c9388 ff2540a00c01 jmp dword ptr [010ca040] -> MSVCRT.DLL!__dllonexit |
| 16 |
016f:010c938e ff2534a00c01 jmp dword ptr [010ca034] -> KERNEL32.DLL!ReadFile |
22 |
016f:010c938e ff2534a00c01 jmp dword ptr [010ca034] -> KERNEL32.DLL!ReadFile |
| 17 |
016f:010c9394 ff2530a00c01 jmp dword ptr [010ca030] -> KERNEL32.DLL!CreateProcessA |
23 |
016f:010c9394 ff2530a00c01 jmp dword ptr [010ca030] -> KERNEL32.DLL!CreateProcessA |
| 18 |
016f:010c939a ff252ca00c01 jmp dword ptr [010ca02c] -> KERNEL32.DLL!CloseHandle |
24 |
016f:010c939a ff252ca00c01 jmp dword ptr [010ca02c] -> KERNEL32.DLL!CloseHandle |
| 19 |
016f:010c93a0 ff2528a00c01 jmp dword ptr [010ca028] -> KERNEL32.DLL!DuplicateHandle |
25 |
016f:010c93a0 ff2528a00c01 jmp dword ptr [010ca028] -> KERNEL32.DLL!DuplicateHandle |
| 20 |
016f:010c93a6 ff2524a00c01 jmp dword ptr [010ca024] -> KERNEL32.DLL!GetCurrentProcess |
26 |
016f:010c93a6 ff2524a00c01 jmp dword ptr [010ca024] -> KERNEL32.DLL!GetCurrentProcess |
| 21 |
016f:010c93ac ff2520a00c01 jmp dword ptr [010ca020] -> KERNEL32.DLL!SetStdHandle |
27 |
016f:010c93ac ff2520a00c01 jmp dword ptr [010ca020] -> KERNEL32.DLL!SetStdHandle |
| 22 |
016f:010c93b2 ff251ca00c01 jmp dword ptr [010ca01c] -> KERNEL32.DLL!CreatePipe |
28 |
016f:010c93b2 ff251ca00c01 jmp dword ptr [010ca01c] -> KERNEL32.DLL!CreatePipe |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:010c9273 53 push ebx |
9 |
016f:010c9273 53 push ebx |
| 4 |
016f:010c9274 e815ffffff call 010c918e = JVM641MI.DLL:.text+0x818e |
10 |
016f:010c9274 e815ffffff call 010c918e = JVM641MI.DLL:.text+0x818e |
| 5 |
016f:010c9279 85c0 test eax,eax |
11 |
016f:010c9279 85c0 test eax,eax |
| 6 |
016f:010c927b 7504 jnz 010c9281 = JVM641MI.DLL:.text+0x8281 |
12 |
016f:010c927b 7504 jnz 010c9281 = JVM641MI.DLL:.text+0x8281 |
| 7 |
016f:010c927d 33c0 xor eax,eax |
13 |
016f:010c927d 33c0 xor eax,eax |
| 8 |
016f:010c927f eb4e jmp 010c92cf = JVM641MI.DLL:.text+0x82cf |
14 |
016f:010c927f eb4e jmp 010c92cf = JVM641MI.DLL:.text+0x82cf |
| 9 |
016f:010c9281 57 push edi |
15 |
016f:010c9281 57 push edi |
| 10 |
016f:010c9282 56 push esi |
16 |
016f:010c9282 56 push esi |
| 11 |
016f:010c9283 53 push ebx |
17 |
016f:010c9283 53 push ebx |
| 12 |
016f:010c9284 e8df000000 call 010c9368 = JVM641MI.DLL:.text+0x8368 |
18 |
016f:010c9284 e8df000000 call 010c9368 = JVM641MI.DLL:.text+0x8368 |
| 13 |
016f:010c928c 89450c mov dword ptr [ebp+0c],eax |
19 |
016f:010c928c 89450c mov dword ptr [ebp+0c],eax |
| 14 |
016f:010c928f 750c jnz 010c929d = JVM641MI.DLL:.text+0x829d |
20 |
016f:010c928f 750c jnz 010c929d = JVM641MI.DLL:.text+0x829d |
| 15 |
016f:010c9291 85c0 test eax,eax |
21 |
016f:010c9291 85c0 test eax,eax |
| 16 |
016f:010c9293 7537 jnz 010c92cc = JVM641MI.DLL:.text+0x82cc |
22 |
016f:010c9293 7537 jnz 010c92cc = JVM641MI.DLL:.text+0x82cc |
| 17 |
016f:010c9295 57 push edi |
23 |
016f:010c9295 57 push edi |
| 18 |
016f:010c9296 50 push eax |
24 |
016f:010c9296 50 push eax |
| 19 |
016f:010c9297 53 push ebx |
25 |
016f:010c9297 53 push ebx |
| 20 |
016f:010c9298 e8f1feffff call 010c918e = JVM641MI.DLL:.text+0x818e |
26 |
016f:010c9298 e8f1feffff call 010c918e = JVM641MI.DLL:.text+0x818e |
| 21 |
016f:010c929d 85f6 test esi,esi |
27 |
016f:010c929d 85f6 test esi,esi |
| 22 |
016f:010c929f 7405 jz 010c92a6 = JVM641MI.DLL:.text+0x82a6 |
28 |
016f:010c929f 7405 jz 010c92a6 = JVM641MI.DLL:.text+0x82a6 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff66941 7512 jnz bff66955 = KERNEL32.DLL:_FREQASM+0x5955 |
9 |
016f:bff66941 7512 jnz bff66955 = KERNEL32.DLL:_FREQASM+0x5955 |
| 4 |
016f:bff66943 a801 test al,01 |
10 |
016f:bff66943 a801 test al,01 |
| 5 |
016f:bff66945 7520 jnz bff66967 = KERNEL32.DLL:_FREQASM+0x5967 |
11 |
016f:bff66945 7520 jnz bff66967 = KERNEL32.DLL:_FREQASM+0x5967 |
| 6 |
016f:bff66947 8b15ccc0fbbf mov edx,dword ptr [bffbc0cc] |
12 |
016f:bff66947 8b15ccc0fbbf mov edx,dword ptr [bffbc0cc] |
| 7 |
016f:bff6694d 8911 mov dword ptr [ecx],edx |
13 |
016f:bff6694d 8911 mov dword ptr [ecx],edx |
| 8 |
016f:bff6694f 890dccc0fbbf mov dword ptr [bffbc0cc],ecx |
14 |
016f:bff6694f 890dccc0fbbf mov dword ptr [bffbc0cc],ecx |
| 9 |
016f:bff66955 a804 test al,04 |
15 |
016f:bff66955 a804 test al,04 |
| 10 |
016f:bff66957 75d6 jnz bff6692f = KERNEL32.DLL:_FREQASM+0x592f |
16 |
016f:bff66957 75d6 jnz bff6692f = KERNEL32.DLL:_FREQASM+0x592f |
| 11 |
016f:bff66959 68c0b4fbbf push bffbb4c0 |
17 |
016f:bff66959 68c0b4fbbf push bffbb4c0 |
| 12 |
016f:bff6695e e862d8ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6695e e862d8ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff66964 c20400 retd 0004 |
19 |
016f:bff66964 c20400 retd 0004 |
| 14 |
016f:bff66967 50 push eax |
20 |
016f:bff66967 50 push eax |
| 15 |
016f:bff66968 51 push ecx |
21 |
016f:bff66968 51 push ecx |
| 16 |
016f:bff66969 e87a660000 call bff6cfe8 = KERNEL32.DLL:.text+0x3fe8 |
22 |
016f:bff66969 e87a660000 call bff6cfe8 = KERNEL32.DLL:.text+0x3fe8 |
| 17 |
016f:bff6696e 58 pop eax |
23 |
016f:bff6696e 58 pop eax |
| 18 |
016f:bff6696f ebe4 jmp bff66955 = KERNEL32.DLL:_FREQASM+0x5955 |
24 |
016f:bff6696f ebe4 jmp bff66955 = KERNEL32.DLL:_FREQASM+0x5955 |
| 19 |
016f:bff66971 64ff3500000000 push dword ptr fs:[00000000] |
25 |
016f:bff66971 64ff3500000000 push dword ptr fs:[00000000] |
| 20 |
016f:bff66978 55 push ebp |
26 |
016f:bff66978 55 push ebp |
| 21 |
016f:bff66979 8d4c2404 lea ecx,[esp+04] |
27 |
016f:bff66979 8d4c2404 lea ecx,[esp+04] |
| 22 |
016f:bff6697d 16 push ss |
28 |
016f:bff6697d 16 push ss |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6698b e8e1ffffff call bff66971 = KERNEL32.DLL:_FREQASM+0x5971 |
9 |
016f:bff6698b e8e1ffffff call bff66971 = KERNEL32.DLL:_FREQASM+0x5971 |
| 4 |
016f:bff66990 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
10 |
016f:bff66990 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 5 |
016f:bff66995 8b00 mov eax,dword ptr [eax] |
11 |
016f:bff66995 8b00 mov eax,dword ptr [eax] |
| 6 |
016f:bff66997 8b486c mov ecx,dword ptr [eax+6c] |
12 |
016f:bff66997 8b486c mov ecx,dword ptr [eax+6c] |
| 7 |
016f:bff6699a e304 jecxz bff669a0 = KERNEL32.DLL:_FREQASM+0x59a0 |
13 |
016f:bff6699a e304 jecxz bff669a0 = KERNEL32.DLL:_FREQASM+0x59a0 |
| 8 |
016f:bff6699c 83490420 or dword ptr [ecx+04],+20 |
14 |
016f:bff6699c 83490420 or dword ptr [ecx+04],+20 |
| 9 |
016f:bff669a0 c3 retd |
15 |
016f:bff669a0 c3 retd |
| 10 |
016f:bff669a1 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
16 |
016f:bff669a1 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 11 |
016f:bff669a6 ff30 push dword ptr [eax] |
17 |
016f:bff669a6 ff30 push dword ptr [eax] |
| 12 |
016f:bff669a8 e875ffffff call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
18 |
016f:bff669a8 e875ffffff call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
| 13 |
016f:bff669ae cc int 3 |
19 |
016f:bff669ae cc int 3 |
| 14 |
016f:bff669af cc int 3 |
20 |
016f:bff669af cc int 3 |
| 15 |
016f:bff669b0 55 push ebp |
21 |
016f:bff669b0 55 push ebp |
| 16 |
016f:bff669b1 8bec mov ebp,esp |
22 |
016f:bff669b1 8bec mov ebp,esp |
| 17 |
016f:bff669b3 57 push edi |
23 |
016f:bff669b3 57 push edi |
| 18 |
016f:bff669b4 53 push ebx |
24 |
016f:bff669b4 53 push ebx |
| 19 |
016f:bff669b5 ff3520bdfbbf push dword ptr [bffbbd20] |
25 |
016f:bff669b5 ff3520bdfbbf push dword ptr [bffbbd20] |
| 20 |
016f:bff669bb e8ccd7ffff call bff6418c = KERNEL32.DLL!97 |
26 |
016f:bff669bb e8ccd7ffff call bff6418c = KERNEL32.DLL!97 |
| 21 |
016f:bff669c0 8b7d08 mov edi,dword ptr [ebp+08] |
27 |
016f:bff669c0 8b7d08 mov edi,dword ptr [ebp+08] |
| 22 |
016f:bff669c3 b904000000 mov ecx,00000004 |
28 |
016f:bff669c3 b904000000 mov ecx,00000004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6df90 ff75d8 push dword ptr [ebp-28] |
9 |
016f:bff6df90 ff75d8 push dword ptr [ebp-28] |
| 4 |
016f:bff6df93 e8e8010200 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter |
10 |
016f:bff6df93 e8e8010200 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter |
| 5 |
016f:bff6df98 c3 retd |
11 |
016f:bff6df98 c3 retd |
| 6 |
016f:bff6df99 8b65e8 mov esp,dword ptr [ebp-18] |
12 |
016f:bff6df99 8b65e8 mov esp,dword ptr [ebp-18] |
| 7 |
016f:bff6df9c c745e401000000 mov dword ptr [ebp-1c],00000001 |
13 |
016f:bff6df9c c745e401000000 mov dword ptr [ebp-1c],00000001 |
| 8 |
016f:bff6dfa3 8d8564feffff lea eax,[ebp-0000019c] |
14 |
016f:bff6dfa3 8d8564feffff lea eax,[ebp-0000019c] |
| 9 |
016f:bff6dfa9 50 push eax |
15 |
016f:bff6dfa9 50 push eax |
| 10 |
016f:bff6dfaa e876d50200 call bff9b525 = KERNEL32.DLL:.text+0x32525 |
16 |
016f:bff6dfaa e876d50200 call bff9b525 = KERNEL32.DLL:.text+0x32525 |
| 11 |
016f:bff6dfaf c745fcffffffff mov dword ptr [ebp-04],ffffffff |
17 |
016f:bff6dfaf c745fcffffffff mov dword ptr [ebp-04],ffffffff |
| 12 |
016f:bff6dfb6 e8e689ffff call bff669a1 = KERNEL32.DLL:_FREQASM+0x59a1 |
18 |
016f:bff6dfb6 e8e689ffff call bff669a1 = KERNEL32.DLL:_FREQASM+0x59a1 |
| 13 |
016f:bff6dfbe 8020ef and byte ptr [eax],ef |
19 |
016f:bff6dfbe 8020ef and byte ptr [eax],ef |
| 14 |
016f:bff6dfc1 8b45e4 mov eax,dword ptr [ebp-1c] |
20 |
016f:bff6dfc1 8b45e4 mov eax,dword ptr [ebp-1c] |
| 15 |
016f:bff6dfc4 eb02 jmp bff6dfc8 = KERNEL32.DLL:.text+0x4fc8 |
21 |
016f:bff6dfc4 eb02 jmp bff6dfc8 = KERNEL32.DLL:.text+0x4fc8 |
| 16 |
016f:bff6dfc6 33c0 xor eax,eax |
22 |
016f:bff6dfc6 33c0 xor eax,eax |
| 17 |
016f:bff6dfc8 8b4df0 mov ecx,dword ptr [ebp-10] |
23 |
016f:bff6dfc8 8b4df0 mov ecx,dword ptr [ebp-10] |
| 18 |
016f:bff6dfcb 5f pop edi |
24 |
016f:bff6dfcb 5f pop edi |
| 19 |
016f:bff6dfcc 64890d00000000 mov dword ptr fs:[00000000],ecx |
25 |
016f:bff6dfcc 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 20 |
016f:bff6dfd3 5e pop esi |
26 |
016f:bff6dfd3 5e pop esi |
| 21 |
016f:bff6dfd4 5b pop ebx |
27 |
016f:bff6dfd4 5b pop ebx |
| 22 |
016f:bff6dfd5 8be5 mov esp,ebp |
28 |
016f:bff6dfd5 8be5 mov esp,ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 89 01 c7 45 fc ff ff ff ff 83 45 c4 04 8b 45 c4 ...E......E...E. |
8 |
-> 89 01 c7 45 fc ff ff ff ff 83 45 c4 04 8b 45 c4 ...E......E...E. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
8 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
9 |
016f:bff6b8b4 36b8f6bf3eb8 ?mov eax,b83ebff6 |
| 4 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
10 |
016f:bff6b8ba f6bf55a120bd idiv byte ptr [edi+bd20a155] |
| 5 |
016f:bff6b8c0 fb sti |
11 |
016f:bff6b8c0 fb sti |
| 6 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
12 |
016f:bff6b8c1 bf8bec5650 mov edi,5056ec8b |
| 7 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
13 |
016f:bff6b8c6 e8c188ffff call bff6418c = KERNEL32.DLL!97 |
| 8 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
14 |
016f:bff6b8cb ff7514 push dword ptr [ebp+14] |
| 9 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
15 |
016f:bff6b8ce ff7510 push dword ptr [ebp+10] |
| 10 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b8d1 ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6b8d4 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
18 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
| 13 |
016f:bff6b8de 85f6 test esi,esi |
19 |
016f:bff6b8de 85f6 test esi,esi |
| 14 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
20 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 15 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
21 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
| 16 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
22 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 17 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
23 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
| 18 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
24 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 19 |
016f:bff6b8f1 50 push eax |
25 |
016f:bff6b8f1 50 push eax |
| 20 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
26 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
| 21 |
016f:bff6b8f7 8bc6 mov eax,esi |
27 |
016f:bff6b8f7 8bc6 mov eax,esi |
| 22 |
016f:bff6b8f9 5e pop esi |
28 |
016f:bff6b8f9 5e pop esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
9 |
016f:bff6b8d7 e890fdffff call bff6b66c = KERNEL32.DLL:.text+0x266c |
| 4 |
016f:bff6b8dc 8bf0 mov esi,eax |
10 |
016f:bff6b8dc 8bf0 mov esi,eax |
| 5 |
016f:bff6b8de 85f6 test esi,esi |
11 |
016f:bff6b8de 85f6 test esi,esi |
| 6 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
12 |
016f:bff6b8e0 740a jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 7 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
13 |
016f:bff6b8e2 f6451380 test byte ptr [ebp+13],80 |
| 8 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
14 |
016f:bff6b8e6 7404 jz bff6b8ec = KERNEL32.DLL:.text+0x28ec |
| 9 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
15 |
016f:bff6b8e8 66ff4602 inc word ptr [esi+02] |
| 10 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
16 |
016f:bff6b8ec a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 11 |
016f:bff6b8f1 50 push eax |
17 |
016f:bff6b8f1 50 push eax |
| 12 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff6b8f2 e8ce88ffff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff6b8f9 5e pop esi |
19 |
016f:bff6b8f9 5e pop esi |
| 14 |
016f:bff6b8fa 5d pop ebp |
20 |
016f:bff6b8fa 5d pop ebp |
| 15 |
016f:bff6b8fb c21000 retd 0010 |
21 |
016f:bff6b8fb c21000 retd 0010 |
| 16 |
016f:bff6b8fe 55 push ebp |
22 |
016f:bff6b8fe 55 push ebp |
| 17 |
016f:bff6b8ff 8bec mov ebp,esp |
23 |
016f:bff6b8ff 8bec mov ebp,esp |
| 18 |
016f:bff6b901 53 push ebx |
24 |
016f:bff6b901 53 push ebx |
| 19 |
016f:bff6b902 56 push esi |
25 |
016f:bff6b902 56 push esi |
| 20 |
016f:bff6b903 57 push edi |
26 |
016f:bff6b903 57 push edi |
| 21 |
016f:bff6b904 33ff xor edi,edi |
27 |
016f:bff6b904 33ff xor edi,edi |
| 22 |
016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 |
28 |
016f:bff6b906 837d1801 cmp dword ptr [ebp+18],+01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b96c 5b pop ebx |
9 |
016f:bff6b96c 5b pop ebx |
| 4 |
016f:bff6b96d c20800 retd 0008 |
10 |
016f:bff6b96d c20800 retd 0008 |
| 5 |
016f:bff6b970 55 push ebp |
11 |
016f:bff6b970 55 push ebp |
| 6 |
016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
12 |
016f:bff6b971 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 7 |
016f:bff6b976 8bec mov ebp,esp |
13 |
016f:bff6b976 8bec mov ebp,esp |
| 8 |
016f:bff6b978 ff742410 push dword ptr [esp+10] |
14 |
016f:bff6b978 ff742410 push dword ptr [esp+10] |
| 9 |
016f:bff6b97c ff750c push dword ptr [ebp+0c] |
15 |
016f:bff6b97c ff750c push dword ptr [ebp+0c] |
| 10 |
016f:bff6b97f ff7508 push dword ptr [ebp+08] |
16 |
016f:bff6b97f ff7508 push dword ptr [ebp+08] |
| 11 |
016f:bff6b982 ff30 push dword ptr [eax] |
17 |
016f:bff6b982 ff30 push dword ptr [eax] |
| 12 |
016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc |
18 |
016f:bff6b984 e833ffffff call bff6b8bc = KERNEL32.DLL:.text+0x28bc |
| 13 |
016f:bff6b98a c20c00 retd 000c |
19 |
016f:bff6b98a c20c00 retd 000c |
| 14 |
016f:bff6b98d 55 push ebp |
20 |
016f:bff6b98d 55 push ebp |
| 15 |
016f:bff6b98e 8bec mov ebp,esp |
21 |
016f:bff6b98e 8bec mov ebp,esp |
| 16 |
016f:bff6b990 50 push eax |
22 |
016f:bff6b990 50 push eax |
| 17 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
23 |
016f:bff6b991 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 18 |
016f:bff6b996 50 push eax |
24 |
016f:bff6b996 50 push eax |
| 19 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
25 |
016f:bff6b997 e8f087ffff call bff6418c = KERNEL32.DLL!97 |
| 20 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
26 |
016f:bff6b99c ff7508 push dword ptr [ebp+08] |
| 21 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
27 |
016f:bff6b99f e8d1fdffff call bff6b775 = KERNEL32.DLL:.text+0x2775 |
| 22 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
28 |
016f:bff6b9a4 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
9 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 4 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
10 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 5 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
11 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 6 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
14 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 9 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
15 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 10 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
16 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 11 |
016f:bff613e2 b801000100 mov eax,00010001 |
17 |
016f:bff613e2 b801000100 mov eax,00010001 |
| 12 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613fa 83c414 add esp,+14 |
20 |
016f:bff613fa 83c414 add esp,+14 |
| 15 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
21 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 16 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
22 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 17 |
016f:bff61404 c0e302 shl bl,02 |
23 |
016f:bff61404 c0e302 shl bl,02 |
| 18 |
016f:bff61407 6681ea0010 sub dx,1000 |
24 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 19 |
016f:bff6140c 0fbfc2 movsx eax,dx |
25 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 20 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
26 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 21 |
016f:bff61414 55 push ebp |
27 |
016f:bff61414 55 push ebp |
| 22 |
016f:bff61415 53 push ebx |
28 |
016f:bff61415 53 push ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6ec44 8b354cb5fbbf mov esi,dword ptr [bffbb54c] |
9 |
016f:bff6ec44 8b354cb5fbbf mov esi,dword ptr [bffbb54c] |
| 4 |
016f:bff6ec4a b801000000 mov eax,00000001 |
10 |
016f:bff6ec4a b801000000 mov eax,00000001 |
| 5 |
016f:bff6ec4f 85db test ebx,ebx |
11 |
016f:bff6ec4f 85db test ebx,ebx |
| 6 |
016f:bff6ec51 740e jz bff6ec61 = KERNEL32.DLL:.text+0x5c61 |
12 |
016f:bff6ec51 740e jz bff6ec61 = KERNEL32.DLL:.text+0x5c61 |
| 7 |
016f:bff6ec53 ff7518 push dword ptr [ebp+18] |
13 |
016f:bff6ec53 ff7518 push dword ptr [ebp+18] |
| 8 |
016f:bff6ec56 ff75fc push dword ptr [ebp-04] |
14 |
016f:bff6ec56 ff75fc push dword ptr [ebp-04] |
| 9 |
016f:bff6ec59 56 push esi |
15 |
016f:bff6ec59 56 push esi |
| 10 |
016f:bff6ec5a 53 push ebx |
16 |
016f:bff6ec5a 53 push ebx |
| 11 |
016f:bff6ec5b ff75f8 push dword ptr [ebp-08] |
17 |
016f:bff6ec5b ff75f8 push dword ptr [ebp-08] |
| 12 |
016f:bff6ec5e ff551c call dword ptr [ebp+1c] |
18 |
016f:bff6ec5e ff551c call dword ptr [ebp+1c] |
| 13 |
016f:bff6ec63 7420 jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 |
19 |
016f:bff6ec63 7420 jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 |
| 14 |
016f:bff6ec65 83e707 and edi,+07 |
20 |
016f:bff6ec65 83e707 and edi,+07 |
| 15 |
016f:bff6ec68 741b jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 |
21 |
016f:bff6ec68 741b jz bff6ec85 = KERNEL32.DLL:.text+0x5c85 |
| 16 |
016f:bff6ec6a c1e710 shl edi,10 |
22 |
016f:bff6ec6a c1e710 shl edi,10 |
| 17 |
016f:bff6ec6d 015dfc add dword ptr [ebp-04],ebx |
23 |
016f:bff6ec6d 015dfc add dword ptr [ebp-04],ebx |
| 18 |
016f:bff6ec70 097dfc or dword ptr [ebp-04],edi |
24 |
016f:bff6ec70 097dfc or dword ptr [ebp-04],edi |
| 19 |
016f:bff6ec73 015df8 add dword ptr [ebp-08],ebx |
25 |
016f:bff6ec73 015df8 add dword ptr [ebp-08],ebx |
| 20 |
016f:bff6ec76 ff7518 push dword ptr [ebp+18] |
26 |
016f:bff6ec76 ff7518 push dword ptr [ebp+18] |
| 21 |
016f:bff6ec79 ff75fc push dword ptr [ebp-04] |
27 |
016f:bff6ec79 ff75fc push dword ptr [ebp-04] |
| 22 |
016f:bff6ec7c 56 push esi |
28 |
016f:bff6ec7c 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
8 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff78aef 8b4624 mov eax,dword ptr [esi+24] |
9 |
016f:bff78aef 8b4624 mov eax,dword ptr [esi+24] |
| 4 |
016f:bff78af2 0d00000080 or eax,80000000 |
10 |
016f:bff78af2 0d00000080 or eax,80000000 |
| 5 |
016f:bff78af7 50 push eax |
11 |
016f:bff78af7 50 push eax |
| 6 |
016f:bff78af8 51 push ecx |
12 |
016f:bff78af8 51 push ecx |
| 7 |
016f:bff78af9 8b4614 mov eax,dword ptr [esi+14] |
13 |
016f:bff78af9 8b4614 mov eax,dword ptr [esi+14] |
| 8 |
016f:bff78afc 0345f8 add eax,dword ptr [ebp-08] |
14 |
016f:bff78afc 0345f8 add eax,dword ptr [ebp-08] |
| 9 |
016f:bff78aff 50 push eax |
15 |
016f:bff78aff 50 push eax |
| 10 |
016f:bff78b00 53 push ebx |
16 |
016f:bff78b00 53 push ebx |
| 11 |
016f:bff78b01 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff78b01 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff78b04 e8aa60ffff call bff6ebb3 = KERNEL32.DLL:.text+0x5bb3 |
18 |
016f:bff78b04 e8aa60ffff call bff6ebb3 = KERNEL32.DLL:.text+0x5bb3 |
| 13 |
016f:bff78b0b 7409 jz bff78b16 = KERNEL32.DLL:.text+0xfb16 |
19 |
016f:bff78b0b 7409 jz bff78b16 = KERNEL32.DLL:.text+0xfb16 |
| 14 |
016f:bff78b0d c745fc01000000 mov dword ptr [ebp-04],00000001 |
20 |
016f:bff78b0d c745fc01000000 mov dword ptr [ebp-04],00000001 |
| 15 |
016f:bff78b14 eb07 jmp bff78b1d = KERNEL32.DLL:.text+0xfb1d |
21 |
016f:bff78b14 eb07 jmp bff78b1d = KERNEL32.DLL:.text+0xfb1d |
| 16 |
016f:bff78b16 c745fc00000000 mov dword ptr [ebp-04],00000000 |
22 |
016f:bff78b16 c745fc00000000 mov dword ptr [ebp-04],00000000 |
| 17 |
016f:bff78b1d 85ff test edi,edi |
23 |
016f:bff78b1d 85ff test edi,edi |
| 18 |
016f:bff78b1f 7418 jz bff78b39 = KERNEL32.DLL:.text+0xfb39 |
24 |
016f:bff78b1f 7418 jz bff78b39 = KERNEL32.DLL:.text+0xfb39 |
| 19 |
016f:bff78b21 837dfc00 cmp dword ptr [ebp-04],+00 |
25 |
016f:bff78b21 837dfc00 cmp dword ptr [ebp-04],+00 |
| 20 |
016f:bff78b25 740c jz bff78b33 = KERNEL32.DLL:.text+0xfb33 |
26 |
016f:bff78b25 740c jz bff78b33 = KERNEL32.DLL:.text+0xfb33 |
| 21 |
016f:bff78b27 6800100000 push 00001000 |
27 |
016f:bff78b27 6800100000 push 00001000 |
| 22 |
016f:bff78b2c 57 push edi |
28 |
016f:bff78b2c 57 push edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
8 |
-> 64 15 e6 bf 5b 18 e6 bf 01 15 e6 bf 74 16 e6 bf d...[.......t... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff613c5 c20400 retd 0004 |
9 |
016f:bff613c5 c20400 retd 0004 |
| 4 |
016f:bff613c8 33c0 xor eax,eax |
10 |
016f:bff613c8 33c0 xor eax,eax |
| 5 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
11 |
016f:bff613ca ebf7 jmp bff613c3 = KERNEL32.DLL:_FREQASM+0x3c3 |
| 6 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
12 |
016f:bff613cc ebfa jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 7 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
13 |
016f:bff613ce ebf8 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 8 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
14 |
016f:bff613d0 ebf6 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 9 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
15 |
016f:bff613d2 ebf4 jmp bff613c8 = KERNEL32.DLL:_FREQASM+0x3c8 |
| 10 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:bff613d4 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
17 |
016f:bff613d8 8f0424 pop dword ptr [esp] |
| 12 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
18 |
016f:bff613db 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 13 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
19 |
016f:bff613e7 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 14 |
016f:bff613ee b843002a00 mov eax,002a0043 |
20 |
016f:bff613ee b843002a00 mov eax,002a0043 |
| 15 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
21 |
016f:bff613f3 2eff1d34b7fbbf call fword ptr ss:[bffbb734] |
| 16 |
016f:bff613fa 83c414 add esp,+14 |
22 |
016f:bff613fa 83c414 add esp,+14 |
| 17 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
23 |
016f:bff613fd 0fb7c8 movzx ecx,ax |
| 18 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
24 |
016f:bff61400 0fa4d310 shld ebx,edx,10 |
| 19 |
016f:bff61404 c0e302 shl bl,02 |
25 |
016f:bff61404 c0e302 shl bl,02 |
| 20 |
016f:bff61407 6681ea0010 sub dx,1000 |
26 |
016f:bff61407 6681ea0010 sub dx,1000 |
| 21 |
016f:bff6140c 0fbfc2 movsx eax,dx |
27 |
016f:bff6140c 0fbfc2 movsx eax,dx |
| 22 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
28 |
016f:bff6140f e9d1000000 jmp bff614e5 = KERNEL32.DLL:_FREQASM+0x4e5 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... |
8 |
-> ff ff ff ff 20 3f f7 bf 26 3f f7 bf ff ff ff ff .... ?..&?...... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 00 00 00 00 10 6b 24 3d 00 00 00 00 62 fb 07 00 .....k$=....b... |
8 |
-> 00 00 00 00 10 6b 24 3d 00 00 00 00 62 fb 07 00 .....k$=....b... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 3f 61 6c 6c 6f 63 61 74 65 40 3f 24 5f 5f 6e 6f ?allocate@?$__no |
8 |
-> 3f 61 6c 6c 6f 63 61 74 65 40 3f 24 5f 5f 6e 6f ?allocate@?$__no |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 50 00 00 00 00 00 00 00 50 71 0b 01 50 71 0b 01 P.......Pq..Pq.. |
8 |
-> 50 00 00 00 00 00 00 00 50 71 0b 01 50 71 0b 01 P.......Pq..Pq.. |
|
Line 1
Link Here
|
| 1 |
-> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. |
8 |
-> 5f 8b c3 5e 5b c3 8b 48 0c 8b 50 08 89 51 08 8b _..^[..H..P..Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c809f55 8d7c8204 lea edi,[edx+eax*4+04] |
9 |
016f:1c809f55 8d7c8204 lea edi,[edx+eax*4+04] |
| 4 |
016f:1c809f59 8bc1 mov eax,ecx |
10 |
016f:1c809f59 8bc1 mov eax,ecx |
| 5 |
016f:1c809f5b c1e902 shr ecx,02 |
11 |
016f:1c809f5b c1e902 shr ecx,02 |
| 6 |
016f:1c809f5e f3a5 rep movs dword ptr es:[edi],dword ptr ds:[esi] |
12 |
016f:1c809f5e f3a5 rep movs dword ptr es:[edi],dword ptr ds:[esi] |
| 7 |
016f:1c809f60 8bc8 mov ecx,eax |
13 |
016f:1c809f60 8bc8 mov ecx,eax |
| 8 |
016f:1c809f62 83e103 and ecx,+03 |
14 |
016f:1c809f62 83e103 and ecx,+03 |
| 9 |
016f:1c809f65 f3a4 rep movs byte ptr es:[edi],byte ptr ds:[esi] |
15 |
016f:1c809f65 f3a4 rep movs byte ptr es:[edi],byte ptr ds:[esi] |
| 10 |
016f:1c809f67 8b4b0c mov ecx,dword ptr [ebx+0c] |
16 |
016f:1c809f67 8b4b0c mov ecx,dword ptr [ebx+0c] |
| 11 |
016f:1c809f6a 51 push ecx |
17 |
016f:1c809f6a 51 push ecx |
| 12 |
016f:1c809f6b e8308f0200 call 1c832ea0 = TL641MI.DLL!21 |
18 |
016f:1c809f6b e8308f0200 call 1c832ea0 = TL641MI.DLL!21 |
| 13 |
016f:1c809f74 83c404 add esp,+04 |
19 |
016f:1c809f74 83c404 add esp,+04 |
| 14 |
016f:1c809f77 89530c mov dword ptr [ebx+0c],edx |
20 |
016f:1c809f77 89530c mov dword ptr [ebx+0c],edx |
| 15 |
016f:1c809f7a 5f pop edi |
21 |
016f:1c809f7a 5f pop edi |
| 16 |
016f:1c809f7b eb38 jmp 1c809fb5 = TL641MI.DLL:.text+0x8fb5 |
22 |
016f:1c809f7b eb38 jmp 1c809fb5 = TL641MI.DLL:.text+0x8fb5 |
| 17 |
016f:1c809f7d 8b6c2414 mov ebp,dword ptr [esp+14] |
23 |
016f:1c809f7d 8b6c2414 mov ebp,dword ptr [esp+14] |
| 18 |
016f:1c809f81 663be9 cmp bp,cx |
24 |
016f:1c809f81 663be9 cmp bp,cx |
| 19 |
016f:1c809f84 732f jnc 1c809fb5 = TL641MI.DLL:.text+0x8fb5 |
25 |
016f:1c809f84 732f jnc 1c809fb5 = TL641MI.DLL:.text+0x8fb5 |
| 20 |
016f:1c809f86 8bc5 mov eax,ebp |
26 |
016f:1c809f86 8bc5 mov eax,ebp |
| 21 |
016f:1c809f88 8b530c mov edx,dword ptr [ebx+0c] |
27 |
016f:1c809f88 8b530c mov edx,dword ptr [ebx+0c] |
| 22 |
016f:1c809f8b 25ffff0000 and eax,0000ffff |
28 |
016f:1c809f8b 25ffff0000 and eax,0000ffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... |
8 |
-> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80a8f5 c20c00 retd 000c |
9 |
016f:1c80a8f5 c20c00 retd 000c |
| 4 |
016f:1c80a8f8 894604 mov dword ptr [esi+04],eax |
10 |
016f:1c80a8f8 894604 mov dword ptr [esi+04],eax |
| 5 |
016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] |
11 |
016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] |
| 6 |
016f:1c80a8fe 40 inc eax |
12 |
016f:1c80a8fe 40 inc eax |
| 7 |
016f:1c80a8ff 5f pop edi |
13 |
016f:1c80a8ff 5f pop edi |
| 8 |
016f:1c80a900 894614 mov dword ptr [esi+14],eax |
14 |
016f:1c80a900 894614 mov dword ptr [esi+14],eax |
| 9 |
016f:1c80a903 5e pop esi |
15 |
016f:1c80a903 5e pop esi |
| 10 |
016f:1c80a904 5b pop ebx |
16 |
016f:1c80a904 5b pop ebx |
| 11 |
016f:1c80a905 c20c00 retd 000c |
17 |
016f:1c80a905 c20c00 retd 000c |
| 12 |
016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 |
18 |
016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 |
| 13 |
016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 |
19 |
016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 |
| 14 |
016f:1c80a912 668b460c mov ax,word ptr [esi+0c] |
20 |
016f:1c80a912 668b460c mov ax,word ptr [esi+0c] |
| 15 |
016f:1c80a916 663bd8 cmp bx,ax |
21 |
016f:1c80a916 663bd8 cmp bx,ax |
| 16 |
016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 |
22 |
016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 |
| 17 |
016f:1c80a91b 40 inc eax |
23 |
016f:1c80a91b 40 inc eax |
| 18 |
016f:1c80a91c 6689460c mov word ptr [esi+0c],ax |
24 |
016f:1c80a91c 6689460c mov word ptr [esi+0c],ax |
| 19 |
016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] |
25 |
016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] |
| 20 |
016f:1c80a923 5f pop edi |
26 |
016f:1c80a923 5f pop edi |
| 21 |
016f:1c80a924 40 inc eax |
27 |
016f:1c80a924 40 inc eax |
| 22 |
016f:1c80a925 894614 mov dword ptr [esi+14],eax |
28 |
016f:1c80a925 894614 mov dword ptr [esi+14],eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... |
8 |
-> 9c 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 ........t...^... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
8 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80a8f5 c20c00 retd 000c |
9 |
016f:1c80a8f5 c20c00 retd 000c |
| 4 |
016f:1c80a8f8 894604 mov dword ptr [esi+04],eax |
10 |
016f:1c80a8f8 894604 mov dword ptr [esi+04],eax |
| 5 |
016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] |
11 |
016f:1c80a8fb 8b4614 mov eax,dword ptr [esi+14] |
| 6 |
016f:1c80a8fe 40 inc eax |
12 |
016f:1c80a8fe 40 inc eax |
| 7 |
016f:1c80a8ff 5f pop edi |
13 |
016f:1c80a8ff 5f pop edi |
| 8 |
016f:1c80a900 894614 mov dword ptr [esi+14],eax |
14 |
016f:1c80a900 894614 mov dword ptr [esi+14],eax |
| 9 |
016f:1c80a903 5e pop esi |
15 |
016f:1c80a903 5e pop esi |
| 10 |
016f:1c80a904 5b pop ebx |
16 |
016f:1c80a904 5b pop ebx |
| 11 |
016f:1c80a905 c20c00 retd 000c |
17 |
016f:1c80a905 c20c00 retd 000c |
| 12 |
016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 |
18 |
016f:1c80a908 e8b3f5ffff call 1c809ec0 = TL641MI.DLL:.text+0x8ec0 |
| 13 |
016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 |
19 |
016f:1c80a910 750e jnz 1c80a920 = TL641MI.DLL:.text+0x9920 |
| 14 |
016f:1c80a912 668b460c mov ax,word ptr [esi+0c] |
20 |
016f:1c80a912 668b460c mov ax,word ptr [esi+0c] |
| 15 |
016f:1c80a916 663bd8 cmp bx,ax |
21 |
016f:1c80a916 663bd8 cmp bx,ax |
| 16 |
016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 |
22 |
016f:1c80a919 7705 ja 1c80a920 = TL641MI.DLL:.text+0x9920 |
| 17 |
016f:1c80a91b 40 inc eax |
23 |
016f:1c80a91b 40 inc eax |
| 18 |
016f:1c80a91c 6689460c mov word ptr [esi+0c],ax |
24 |
016f:1c80a91c 6689460c mov word ptr [esi+0c],ax |
| 19 |
016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] |
25 |
016f:1c80a920 8b4614 mov eax,dword ptr [esi+14] |
| 20 |
016f:1c80a923 5f pop edi |
26 |
016f:1c80a923 5f pop edi |
| 21 |
016f:1c80a924 40 inc eax |
27 |
016f:1c80a924 40 inc eax |
| 22 |
016f:1c80a925 894614 mov dword ptr [esi+14],eax |
28 |
016f:1c80a925 894614 mov dword ptr [esi+14],eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
8 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c80a95a 772d ja 1c80a989 = TL641MI.DLL:.text+0x9989 |
9 |
016f:1c80a95a 772d ja 1c80a989 = TL641MI.DLL:.text+0x9989 |
| 4 |
016f:1c80a95c 8b4108 mov eax,dword ptr [ecx+08] |
10 |
016f:1c80a95c 8b4108 mov eax,dword ptr [ecx+08] |
| 5 |
016f:1c80a95f 85c0 test eax,eax |
11 |
016f:1c80a95f 85c0 test eax,eax |
| 6 |
016f:1c80a961 7414 jz 1c80a977 = TL641MI.DLL:.text+0x9977 |
12 |
016f:1c80a961 7414 jz 1c80a977 = TL641MI.DLL:.text+0x9977 |
| 7 |
016f:1c80a963 668b500a mov dx,word ptr [eax+0a] |
13 |
016f:1c80a963 668b500a mov dx,word ptr [eax+0a] |
| 8 |
016f:1c80a967 52 push edx |
14 |
016f:1c80a967 52 push edx |
| 9 |
016f:1c80a968 50 push eax |
15 |
016f:1c80a968 50 push eax |
| 10 |
016f:1c80a969 8b442410 mov eax,dword ptr [esp+10] |
16 |
016f:1c80a969 8b442410 mov eax,dword ptr [esp+10] |
| 11 |
016f:1c80a96d 50 push eax |
17 |
016f:1c80a96d 50 push eax |
| 12 |
016f:1c80a96e e87dfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 |
18 |
016f:1c80a96e e87dfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 |
| 13 |
016f:1c80a974 c20800 retd 0008 |
19 |
016f:1c80a974 c20800 retd 0008 |
| 14 |
016f:1c80a977 8b542408 mov edx,dword ptr [esp+08] |
20 |
016f:1c80a977 8b542408 mov edx,dword ptr [esp+08] |
| 15 |
016f:1c80a97b 6a00 push +00 |
21 |
016f:1c80a97b 6a00 push +00 |
| 16 |
016f:1c80a97d 6a00 push +00 |
22 |
016f:1c80a97d 6a00 push +00 |
| 17 |
016f:1c80a97f 52 push edx |
23 |
016f:1c80a97f 52 push edx |
| 18 |
016f:1c80a980 e86bfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 |
24 |
016f:1c80a980 e86bfeffff call 1c80a7f0 = TL641MI.DLL:.text+0x97f0 |
| 19 |
016f:1c80a985 5e pop esi |
25 |
016f:1c80a985 5e pop esi |
| 20 |
016f:1c80a986 c20800 retd 0008 |
26 |
016f:1c80a986 c20800 retd 0008 |
| 21 |
016f:1c80a989 8b11 mov edx,dword ptr [ecx] |
27 |
016f:1c80a989 8b11 mov edx,dword ptr [ecx] |
| 22 |
016f:1c80a98b 33c0 xor eax,eax |
28 |
016f:1c80a98b 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
8 |
-> 0b 19 00 86 0b 19 00 74 0b 19 00 5e 0b 19 00 54 .......t...^...T |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0043d6b6 8bcd mov ecx,ebp |
9 |
016f:0043d6b6 8bcd mov ecx,ebp |
| 4 |
016f:0043d6b8 e851d30300 call 0047aa0e = TL641MI.DLL!332 |
10 |
016f:0043d6b8 e851d30300 call 0047aa0e = TL641MI.DLL!332 |
| 5 |
016f:0043d6bd eb02 jmp 0043d6c1 = SET641MI.DLL:.text+0x3c6c1 |
11 |
016f:0043d6bd eb02 jmp 0043d6c1 = SET641MI.DLL:.text+0x3c6c1 |
| 6 |
016f:0043d6bf 33ed xor ebp,ebp |
12 |
016f:0043d6bf 33ed xor ebp,ebp |
| 7 |
016f:0043d6c1 c744241cffffffff mov dword ptr [esp+1c],ffffffff |
13 |
016f:0043d6c1 c744241cffffffff mov dword ptr [esp+1c],ffffffff |
| 8 |
016f:0043d6c9 896b60 mov dword ptr [ebx+60],ebp |
14 |
016f:0043d6c9 896b60 mov dword ptr [ebx+60],ebp |
| 9 |
016f:0043d6cc 8b4b60 mov ecx,dword ptr [ebx+60] |
15 |
016f:0043d6cc 8b4b60 mov ecx,dword ptr [ebx+60] |
| 10 |
016f:0043d6cf 6aff push -01 |
16 |
016f:0043d6cf 6aff push -01 |
| 11 |
016f:0043d6d1 56 push esi |
17 |
016f:0043d6d1 56 push esi |
| 12 |
016f:0043d6d2 e8a9d30300 call 0047aa80 = TL641MI.DLL!347 |
18 |
016f:0043d6d2 e8a9d30300 call 0047aa80 = TL641MI.DLL!347 |
| 13 |
016f:0043d6dd 8db7d8000000 lea esi,[edi+000000d8] |
19 |
016f:0043d6dd 8db7d8000000 lea esi,[edi+000000d8] |
| 14 |
016f:0043d6e3 33ff xor edi,edi |
20 |
016f:0043d6e3 33ff xor edi,edi |
| 15 |
016f:0043d6e5 5d pop ebp |
21 |
016f:0043d6e5 5d pop ebp |
| 16 |
016f:0043d6e6 85c0 test eax,eax |
22 |
016f:0043d6e6 85c0 test eax,eax |
| 17 |
016f:0043d6e8 7621 jbe 0043d70b = SET641MI.DLL:.text+0x3c70b |
23 |
016f:0043d6e8 7621 jbe 0043d70b = SET641MI.DLL:.text+0x3c70b |
| 18 |
016f:0043d6ea 33c0 xor eax,eax |
24 |
016f:0043d6ea 33c0 xor eax,eax |
| 19 |
016f:0043d6ec 50 push eax |
25 |
016f:0043d6ec 50 push eax |
| 20 |
016f:0043d6ed 8bce mov ecx,esi |
26 |
016f:0043d6ed 8bce mov ecx,esi |
| 21 |
016f:0043d6ef e83ed30300 call 0047aa32 = TL641MI.DLL!341 |
27 |
016f:0043d6ef e83ed30300 call 0047aa32 = TL641MI.DLL!341 |
| 22 |
016f:0043d6f4 50 push eax |
28 |
016f:0043d6f4 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004863b4 e85b46ffff call 0047aa14 = TL641MI.DLL!21 |
9 |
016f:004863b4 e85b46ffff call 0047aa14 = TL641MI.DLL!21 |
| 4 |
016f:004863b9 59 pop ecx |
10 |
016f:004863b9 59 pop ecx |
| 5 |
016f:004863ba c3 retd |
11 |
016f:004863ba c3 retd |
| 6 |
016f:004863bb 8d4d04 lea ecx,[ebp+04] |
12 |
016f:004863bb 8d4d04 lea ecx,[ebp+04] |
| 7 |
016f:004863be e9b146ffff jmp 0047aa74 = TL641MI.DLL!149 |
13 |
016f:004863be e9b146ffff jmp 0047aa74 = TL641MI.DLL!149 |
| 8 |
016f:004863c3 8b45f0 mov eax,dword ptr [ebp-10] |
14 |
016f:004863c3 8b45f0 mov eax,dword ptr [ebp-10] |
| 9 |
016f:004863c6 50 push eax |
15 |
016f:004863c6 50 push eax |
| 10 |
016f:004863c7 e84846ffff call 0047aa14 = TL641MI.DLL!21 |
16 |
016f:004863c7 e84846ffff call 0047aa14 = TL641MI.DLL!21 |
| 11 |
016f:004863cc 59 pop ecx |
17 |
016f:004863cc 59 pop ecx |
| 12 |
016f:004863cd c3 retd |
18 |
016f:004863cd c3 retd |
| 13 |
016f:004863d3 e9d8b5ffff jmp 004819b0 = MSVCRT.DLL!__CxxFrameHandler |
19 |
016f:004863d3 e9d8b5ffff jmp 004819b0 = MSVCRT.DLL!__CxxFrameHandler |
| 14 |
016f:004863d8 cc int 3 |
20 |
016f:004863d8 cc int 3 |
| 15 |
016f:004863d9 cc int 3 |
21 |
016f:004863d9 cc int 3 |
| 16 |
016f:004863da cc int 3 |
22 |
016f:004863da cc int 3 |
| 17 |
016f:004863db cc int 3 |
23 |
016f:004863db cc int 3 |
| 18 |
016f:004863dc cc int 3 |
24 |
016f:004863dc cc int 3 |
| 19 |
016f:004863dd cc int 3 |
25 |
016f:004863dd cc int 3 |
| 20 |
016f:004863de cc int 3 |
26 |
016f:004863de cc int 3 |
| 21 |
016f:004863df cc int 3 |
27 |
016f:004863df cc int 3 |
| 22 |
016f:004863e0 8d4de8 lea ecx,[ebp-18] |
28 |
016f:004863e0 8d4de8 lea ecx,[ebp-18] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0043d6e5 5d pop ebp |
9 |
016f:0043d6e5 5d pop ebp |
| 4 |
016f:0043d6e6 85c0 test eax,eax |
10 |
016f:0043d6e6 85c0 test eax,eax |
| 5 |
016f:0043d6e8 7621 jbe 0043d70b = SET641MI.DLL:.text+0x3c70b |
11 |
016f:0043d6e8 7621 jbe 0043d70b = SET641MI.DLL:.text+0x3c70b |
| 6 |
016f:0043d6ea 33c0 xor eax,eax |
12 |
016f:0043d6ea 33c0 xor eax,eax |
| 7 |
016f:0043d6ec 50 push eax |
13 |
016f:0043d6ec 50 push eax |
| 8 |
016f:0043d6ed 8bce mov ecx,esi |
14 |
016f:0043d6ed 8bce mov ecx,esi |
| 9 |
016f:0043d6ef e83ed30300 call 0047aa32 = TL641MI.DLL!341 |
15 |
016f:0043d6ef e83ed30300 call 0047aa32 = TL641MI.DLL!341 |
| 10 |
016f:0043d6f4 50 push eax |
16 |
016f:0043d6f4 50 push eax |
| 11 |
016f:0043d6f5 8bcb mov ecx,ebx |
17 |
016f:0043d6f5 8bcb mov ecx,ebx |
| 12 |
016f:0043d6f7 e8e4feffff call 0043d5e0 = SET641MI.DLL!711 |
18 |
016f:0043d6f7 e8e4feffff call 0043d5e0 = SET641MI.DLL!711 |
| 13 |
016f:0043d6ff 47 inc edi |
19 |
016f:0043d6ff 47 inc edi |
| 14 |
016f:0043d700 8bc7 mov eax,edi |
20 |
016f:0043d700 8bc7 mov eax,edi |
| 15 |
016f:0043d702 25ffff0000 and eax,0000ffff |
21 |
016f:0043d702 25ffff0000 and eax,0000ffff |
| 16 |
016f:0043d707 3bc1 cmp eax,ecx |
22 |
016f:0043d707 3bc1 cmp eax,ecx |
| 17 |
016f:0043d709 72e1 jc 0043d6ec = SET641MI.DLL:.text+0x3c6ec |
23 |
016f:0043d709 72e1 jc 0043d6ec = SET641MI.DLL:.text+0x3c6ec |
| 18 |
016f:0043d70b 8b4c2410 mov ecx,dword ptr [esp+10] |
24 |
016f:0043d70b 8b4c2410 mov ecx,dword ptr [esp+10] |
| 19 |
016f:0043d70f 5f pop edi |
25 |
016f:0043d70f 5f pop edi |
| 20 |
016f:0043d710 5e pop esi |
26 |
016f:0043d710 5e pop esi |
| 21 |
016f:0043d711 5b pop ebx |
27 |
016f:0043d711 5b pop ebx |
| 22 |
016f:0043d712 64890d00000000 mov dword ptr fs:[00000000],ecx |
28 |
016f:0043d712 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c2331 4a dec edx |
9 |
016f:004c2331 4a dec edx |
| 4 |
016f:004c2332 8d4801 lea ecx,[eax+01] |
10 |
016f:004c2332 8d4801 lea ecx,[eax+01] |
| 5 |
016f:004c2335 895620 mov dword ptr [esi+20],edx |
11 |
016f:004c2335 895620 mov dword ptr [esi+20],edx |
| 6 |
016f:004c2338 85c0 test eax,eax |
12 |
016f:004c2338 85c0 test eax,eax |
| 7 |
016f:004c233a 894e18 mov dword ptr [esi+18],ecx |
13 |
016f:004c233a 894e18 mov dword ptr [esi+18],ecx |
| 8 |
016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 |
14 |
016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 |
| 9 |
016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId |
15 |
016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId |
| 10 |
016f:004c2345 89461c mov dword ptr [esi+1c],eax |
16 |
016f:004c2345 89461c mov dword ptr [esi+1c],eax |
| 11 |
016f:004c2348 68f0916500 push 006591f0 |
17 |
016f:004c2348 68f0916500 push 006591f0 |
| 12 |
016f:004c234d ffd3 call ebx |
18 |
016f:004c234d ffd3 call ebx |
| 13 |
016f:004c2350 5e pop esi |
19 |
016f:004c2350 5e pop esi |
| 14 |
016f:004c2351 b001 mov al,01 |
20 |
016f:004c2351 b001 mov al,01 |
| 15 |
016f:004c2353 5b pop ebx |
21 |
016f:004c2353 5b pop ebx |
| 16 |
016f:004c2354 c3 retd |
22 |
016f:004c2354 c3 retd |
| 17 |
016f:004c2355 8b542404 mov edx,dword ptr [esp+04] |
23 |
016f:004c2355 8b542404 mov edx,dword ptr [esp+04] |
| 18 |
016f:004c2359 52 push edx |
24 |
016f:004c2359 52 push edx |
| 19 |
016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
25 |
016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
| 20 |
016f:004c2360 b001 mov al,01 |
26 |
016f:004c2360 b001 mov al,01 |
| 21 |
016f:004c2362 c3 retd |
27 |
016f:004c2362 c3 retd |
| 22 |
016f:004c2363 90 nop |
28 |
016f:004c2363 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 ....<a.......... |
8 |
-> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 ....<a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c2091ea 90 nop |
9 |
016f:1c2091ea 90 nop |
| 4 |
016f:1c2091eb 90 nop |
10 |
016f:1c2091eb 90 nop |
| 5 |
016f:1c2091ec 90 nop |
11 |
016f:1c2091ec 90 nop |
| 6 |
016f:1c2091ed 90 nop |
12 |
016f:1c2091ed 90 nop |
| 7 |
016f:1c2091ee 90 nop |
13 |
016f:1c2091ee 90 nop |
| 8 |
016f:1c2091ef 90 nop |
14 |
016f:1c2091ef 90 nop |
| 9 |
016f:1c2091f0 8b442404 mov eax,dword ptr [esp+04] |
15 |
016f:1c2091f0 8b442404 mov eax,dword ptr [esp+04] |
| 10 |
016f:1c2091f4 8b4804 mov ecx,dword ptr [eax+04] |
16 |
016f:1c2091f4 8b4804 mov ecx,dword ptr [eax+04] |
| 11 |
016f:1c2091f7 51 push ecx |
17 |
016f:1c2091f7 51 push ecx |
| 12 |
016f:1c2091f8 e809350000 call 1c20c706 = SAL3.DLL!osl_acquireMutex |
18 |
016f:1c2091f8 e809350000 call 1c20c706 = SAL3.DLL!osl_acquireMutex |
| 13 |
016f:1c2091fe c3 retd |
19 |
016f:1c2091fe c3 retd |
| 14 |
016f:1c2091ff 90 nop |
20 |
016f:1c2091ff 90 nop |
| 15 |
016f:1c209200 8b442404 mov eax,dword ptr [esp+04] |
21 |
016f:1c209200 8b442404 mov eax,dword ptr [esp+04] |
| 16 |
016f:1c209204 8b4804 mov ecx,dword ptr [eax+04] |
22 |
016f:1c209204 8b4804 mov ecx,dword ptr [eax+04] |
| 17 |
016f:1c209207 51 push ecx |
23 |
016f:1c209207 51 push ecx |
| 18 |
016f:1c209208 e8ff340000 call 1c20c70c = SAL3.DLL!osl_tryToAcquireMutex |
24 |
016f:1c209208 e8ff340000 call 1c20c70c = SAL3.DLL!osl_tryToAcquireMutex |
| 19 |
016f:1c20920d 83c404 add esp,+04 |
25 |
016f:1c20920d 83c404 add esp,+04 |
| 20 |
016f:1c209210 c3 retd |
26 |
016f:1c209210 c3 retd |
| 21 |
016f:1c209211 90 nop |
27 |
016f:1c209211 90 nop |
| 22 |
016f:1c209212 90 nop |
28 |
016f:1c209212 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0043dd7d c744242cf8e74800 mov dword ptr [esp+2c],0048e7f8 |
9 |
016f:0043dd7d c744242cf8e74800 mov dword ptr [esp+2c],0048e7f8 |
| 4 |
016f:0043dd85 55 push ebp |
10 |
016f:0043dd85 55 push ebp |
| 5 |
016f:0043dd86 896c2434 mov dword ptr [esp+34],ebp |
11 |
016f:0043dd86 896c2434 mov dword ptr [esp+34],ebp |
| 6 |
016f:0043dd8a 8b4d00 mov ecx,dword ptr [ebp] |
12 |
016f:0043dd8a 8b4d00 mov ecx,dword ptr [ebp] |
| 7 |
016f:0043dd8d ff11 call dword ptr [ecx] |
13 |
016f:0043dd8d ff11 call dword ptr [ecx] |
| 8 |
016f:0043dd8f 8b5660 mov edx,dword ptr [esi+60] |
14 |
016f:0043dd8f 8b5660 mov edx,dword ptr [esi+60] |
| 9 |
016f:0043dd92 c684249400000016 mov byte ptr [esp+00000094],16 |
15 |
016f:0043dd92 c684249400000016 mov byte ptr [esp+00000094],16 |
| 10 |
016f:0043dd9a 52 push edx |
16 |
016f:0043dd9a 52 push edx |
| 11 |
016f:0043dd9b 57 push edi |
17 |
016f:0043dd9b 57 push edi |
| 12 |
016f:0043dd9c ff5624 call dword ptr [esi+24] |
18 |
016f:0043dd9c ff5624 call dword ptr [esi+24] |
| 13 |
016f:0043dda3 8b4500 mov eax,dword ptr [ebp] |
19 |
016f:0043dda3 8b4500 mov eax,dword ptr [ebp] |
| 14 |
016f:0043dda6 55 push ebp |
20 |
016f:0043dda6 55 push ebp |
| 15 |
016f:0043dda7 889c24a0000000 mov byte ptr [esp+000000a0],bl |
21 |
016f:0043dda7 889c24a0000000 mov byte ptr [esp+000000a0],bl |
| 16 |
016f:0043ddae ff5008 call dword ptr [eax+08] |
22 |
016f:0043ddae ff5008 call dword ptr [eax+08] |
| 17 |
016f:0043ddb1 83c410 add esp,+10 |
23 |
016f:0043ddb1 83c410 add esp,+10 |
| 18 |
016f:0043ddb4 eb0f jmp 0043ddc5 = SET641MI.DLL:.text+0x3cdc5 |
24 |
016f:0043ddb4 eb0f jmp 0043ddc5 = SET641MI.DLL:.text+0x3cdc5 |
| 19 |
016f:0043ddb6 8b4e60 mov ecx,dword ptr [esi+60] |
25 |
016f:0043ddb6 8b4e60 mov ecx,dword ptr [esi+60] |
| 20 |
016f:0043ddb9 51 push ecx |
26 |
016f:0043ddb9 51 push ecx |
| 21 |
016f:0043ddba 57 push edi |
27 |
016f:0043ddba 57 push edi |
| 22 |
016f:0043ddbb ff5624 call dword ptr [esi+24] |
28 |
016f:0043ddbb ff5624 call dword ptr [esi+24] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 80 ba 40 00 02 aa 47 00 fc a9 47 00 f6 a9 47 00 ..@...G...G...G. |
8 |
-> 80 ba 40 00 02 aa 47 00 fc a9 47 00 f6 a9 47 00 ..@...G...G...G. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 e0 83 49 00 e9 db b4 ff ff cc cc cc cc cc cc ...I............ |
8 |
-> b8 e0 83 49 00 e9 db b4 ff ff cc cc cc cc cc cc ...I............ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004032ec 8bf0 mov esi,eax |
9 |
016f:004032ec 8bf0 mov esi,eax |
| 4 |
016f:004032ee 8a477c mov al,byte ptr [edi+7c] |
10 |
016f:004032ee 8a477c mov al,byte ptr [edi+7c] |
| 5 |
016f:004032f1 84c0 test al,al |
11 |
016f:004032f1 84c0 test al,al |
| 6 |
016f:004032f3 89742424 mov dword ptr [esp+24],esi |
12 |
016f:004032f3 89742424 mov dword ptr [esp+24],esi |
| 7 |
016f:004032f7 0f8552010000 jnz 0040344f = SET641MI.DLL:.text+0x244f |
13 |
016f:004032f7 0f8552010000 jnz 0040344f = SET641MI.DLL:.text+0x244f |
| 8 |
016f:004032fd 8b8fc4010000 mov ecx,dword ptr [edi+000001c4] |
14 |
016f:004032fd 8b8fc4010000 mov ecx,dword ptr [edi+000001c4] |
| 9 |
016f:00403303 8b06 mov eax,dword ptr [esi] |
15 |
016f:00403303 8b06 mov eax,dword ptr [esi] |
| 10 |
016f:00403305 51 push ecx |
16 |
016f:00403305 51 push ecx |
| 11 |
016f:00403306 8bce mov ecx,esi |
17 |
016f:00403306 8bce mov ecx,esi |
| 12 |
016f:00403308 ff5008 call dword ptr [eax+08] |
18 |
016f:00403308 ff5008 call dword ptr [eax+08] |
| 13 |
016f:0040330d 0f843c010000 jz 0040344f = SET641MI.DLL:.text+0x244f |
19 |
016f:0040330d 0f843c010000 jz 0040344f = SET641MI.DLL:.text+0x244f |
| 14 |
016f:00403313 f6465c20 test byte ptr [esi+5c],20 |
20 |
016f:00403313 f6465c20 test byte ptr [esi+5c],20 |
| 15 |
016f:00403317 0f8545010000 jnz 00403462 = SET641MI.DLL:.text+0x2462 |
21 |
016f:00403317 0f8545010000 jnz 00403462 = SET641MI.DLL:.text+0x2462 |
| 16 |
016f:0040331d 8b5660 mov edx,dword ptr [esi+60] |
22 |
016f:0040331d 8b5660 mov edx,dword ptr [esi+60] |
| 17 |
016f:00403320 899c2480000000 mov dword ptr [esp+00000080],ebx |
23 |
016f:00403320 899c2480000000 mov dword ptr [esp+00000080],ebx |
| 18 |
016f:00403327 8954241c mov dword ptr [esp+1c],edx |
24 |
016f:00403327 8954241c mov dword ptr [esp+1c],edx |
| 19 |
016f:0040332b 395a14 cmp dword ptr [edx+14],ebx |
25 |
016f:0040332b 395a14 cmp dword ptr [edx+14],ebx |
| 20 |
016f:0040332e 0f861f010000 jbe 00403453 = SET641MI.DLL:.text+0x2453 |
26 |
016f:0040332e 0f861f010000 jbe 00403453 = SET641MI.DLL:.text+0x2453 |
| 21 |
016f:00403334 33c0 xor eax,eax |
27 |
016f:00403334 33c0 xor eax,eax |
| 22 |
016f:00403336 50 push eax |
28 |
016f:00403336 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 60 f6 41 00 00 00 00 00 50 41 47 45 5f 57 45 4c `.A.....PAGE_WEL |
8 |
-> 60 f6 41 00 00 00 00 00 50 41 47 45 5f 57 45 4c `.A.....PAGE_WEL |
|
Line 1
Link Here
|
| 1 |
-> 40 10 20 1c c0 10 20 1c f0 1f 20 1c d0 12 20 1c @. ... ... ... . |
8 |
-> 40 10 20 1c c0 10 20 1c f0 1f 20 1c d0 12 20 1c @. ... ... ... . |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 f8 3e 49 00 e9 7e f6 ff ff cc cc cc cc cc cc ..>I............ |
8 |
-> b8 f8 3e 49 00 e9 7e f6 ff ff cc cc cc cc cc cc ..>I............ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0040350d b901000000 mov ecx,00000001 |
9 |
016f:0040350d b901000000 mov ecx,00000001 |
| 4 |
016f:00403512 884e14 mov byte ptr [esi+14],cl |
10 |
016f:00403512 884e14 mov byte ptr [esi+14],cl |
| 5 |
016f:00403515 8b8ec4010000 mov ecx,dword ptr [esi+000001c4] |
11 |
016f:00403515 8b8ec4010000 mov ecx,dword ptr [esi+000001c4] |
| 6 |
016f:0040351b 50 push eax |
12 |
016f:0040351b 50 push eax |
| 7 |
016f:0040351c e86f380500 call 00456d90 = SET641MI.DLL!2180 |
13 |
016f:0040351c e86f380500 call 00456d90 = SET641MI.DLL!2180 |
| 8 |
016f:00403521 8b7c244c mov edi,dword ptr [esp+4c] |
14 |
016f:00403521 8b7c244c mov edi,dword ptr [esp+4c] |
| 9 |
016f:00403525 6a01 push +01 |
15 |
016f:00403525 6a01 push +01 |
| 10 |
016f:00403527 57 push edi |
16 |
016f:00403527 57 push edi |
| 11 |
016f:00403528 8bce mov ecx,esi |
17 |
016f:00403528 8bce mov ecx,esi |
| 12 |
016f:0040352a e8e1fcffff call 00403210 = SET641MI.DLL!491 |
18 |
016f:0040352a e8e1fcffff call 00403210 = SET641MI.DLL!491 |
| 13 |
016f:00403535 83ec08 sub esp,+08 |
19 |
016f:00403535 83ec08 sub esp,+08 |
| 14 |
016f:00403538 8d4c2414 lea ecx,[esp+14] |
20 |
016f:00403538 8d4c2414 lea ecx,[esp+14] |
| 15 |
016f:0040353c dd1c24 fstp qword ptr [esp] |
21 |
016f:0040353c dd1c24 fstp qword ptr [esp] |
| 16 |
016f:0040353f dd0518524a00 fld qword ptr [004a5218] |
22 |
016f:0040353f dd0518524a00 fld qword ptr [004a5218] |
| 17 |
016f:00403545 83ec08 sub esp,+08 |
23 |
016f:00403545 83ec08 sub esp,+08 |
| 18 |
016f:00403548 dd1c24 fstp qword ptr [esp] |
24 |
016f:00403548 dd1c24 fstp qword ptr [esp] |
| 19 |
016f:0040354b 53 push ebx |
25 |
016f:0040354b 53 push ebx |
| 20 |
016f:0040354c 68f9030000 push 000003f9 |
26 |
016f:0040354c 68f9030000 push 000003f9 |
| 21 |
016f:00403551 e8aabe0100 call 0041f400 = SET641MI.DLL!1558 |
27 |
016f:00403551 e8aabe0100 call 0041f400 = SET641MI.DLL!1558 |
| 22 |
016f:00403556 c744240c18de4800 mov dword ptr [esp+0c],0048de18 |
28 |
016f:00403556 c744240c18de4800 mov dword ptr [esp+0c],0048de18 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
8 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0110e87c 84c0 test al,al |
9 |
016f:0110e87c 84c0 test al,al |
| 4 |
016f:0110e87e 7404 jz 0110e884 = SETUP.EXE:.text+0xd884 |
10 |
016f:0110e87e 7404 jz 0110e884 = SETUP.EXE:.text+0xd884 |
| 5 |
016f:0110e880 c6461201 mov byte ptr [esi+12],01 |
11 |
016f:0110e880 c6461201 mov byte ptr [esi+12],01 |
| 6 |
016f:0110e884 8d4c2410 lea ecx,[esp+10] |
12 |
016f:0110e884 8d4c2410 lea ecx,[esp+10] |
| 7 |
016f:0110e888 e8f94d0000 call 01113686 = TL641MI.DLL!662 |
13 |
016f:0110e888 e8f94d0000 call 01113686 = TL641MI.DLL!662 |
| 8 |
016f:0110e88d 8b4604 mov eax,dword ptr [esi+04] |
14 |
016f:0110e88d 8b4604 mov eax,dword ptr [esi+04] |
| 9 |
016f:0110e890 3bc3 cmp eax,ebx |
15 |
016f:0110e890 3bc3 cmp eax,ebx |
| 10 |
016f:0110e892 740b jz 0110e89f = SETUP.EXE:.text+0xd89f |
16 |
016f:0110e892 740b jz 0110e89f = SETUP.EXE:.text+0xd89f |
| 11 |
016f:0110e894 8b883c020000 mov ecx,dword ptr [eax+0000023c] |
17 |
016f:0110e894 8b883c020000 mov ecx,dword ptr [eax+0000023c] |
| 12 |
016f:0110e89a e861a3ffff call 01108c00 = SETUP.EXE:.text+0x7c00 |
18 |
016f:0110e89a e861a3ffff call 01108c00 = SETUP.EXE:.text+0x7c00 |
| 13 |
016f:0110e8a1 5f pop edi |
19 |
016f:0110e8a1 5f pop edi |
| 14 |
016f:0110e8a2 5e pop esi |
20 |
016f:0110e8a2 5e pop esi |
| 15 |
016f:0110e8a3 5d pop ebp |
21 |
016f:0110e8a3 5d pop ebp |
| 16 |
016f:0110e8a4 5b pop ebx |
22 |
016f:0110e8a4 5b pop ebx |
| 17 |
016f:0110e8a5 83c428 add esp,+28 |
23 |
016f:0110e8a5 83c428 add esp,+28 |
| 18 |
016f:0110e8a8 c20c00 retd 000c |
24 |
016f:0110e8a8 c20c00 retd 000c |
| 19 |
016f:0110e8ab 90 nop |
25 |
016f:0110e8ab 90 nop |
| 20 |
016f:0110e8ac 90 nop |
26 |
016f:0110e8ac 90 nop |
| 21 |
016f:0110e8ad 90 nop |
27 |
016f:0110e8ad 90 nop |
| 22 |
016f:0110e8ae 90 nop |
28 |
016f:0110e8ae 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0040165e 90 nop |
9 |
016f:0040165e 90 nop |
| 4 |
016f:0040165f 90 nop |
10 |
016f:0040165f 90 nop |
| 5 |
016f:00401660 8a442404 mov al,byte ptr [esp+04] |
11 |
016f:00401660 8a442404 mov al,byte ptr [esp+04] |
| 6 |
016f:00401664 56 push esi |
12 |
016f:00401664 56 push esi |
| 7 |
016f:00401665 8bf1 mov esi,ecx |
13 |
016f:00401665 8bf1 mov esi,ecx |
| 8 |
016f:00401667 a801 test al,01 |
14 |
016f:00401667 a801 test al,01 |
| 9 |
016f:00401669 c70698dd4800 mov dword ptr [esi],0048dd98 |
15 |
016f:00401669 c70698dd4800 mov dword ptr [esi],0048dd98 |
| 10 |
016f:0040166f 7409 jz 0040167a = SET641MI.DLL:.text+0x67a |
16 |
016f:0040166f 7409 jz 0040167a = SET641MI.DLL:.text+0x67a |
| 11 |
016f:00401671 56 push esi |
17 |
016f:00401671 56 push esi |
| 12 |
016f:00401672 e89d930700 call 0047aa14 = TL641MI.DLL!21 |
18 |
016f:00401672 e89d930700 call 0047aa14 = TL641MI.DLL!21 |
| 13 |
016f:0040167a 8bc6 mov eax,esi |
19 |
016f:0040167a 8bc6 mov eax,esi |
| 14 |
016f:0040167c 5e pop esi |
20 |
016f:0040167c 5e pop esi |
| 15 |
016f:0040167d c20400 retd 0004 |
21 |
016f:0040167d c20400 retd 0004 |
| 16 |
016f:00401680 e9a1930700 jmp 0047aa26 = TL641MI.DLL!334 |
22 |
016f:00401680 e9a1930700 jmp 0047aa26 = TL641MI.DLL!334 |
| 17 |
016f:00401685 90 nop |
23 |
016f:00401685 90 nop |
| 18 |
016f:00401686 90 nop |
24 |
016f:00401686 90 nop |
| 19 |
016f:00401687 90 nop |
25 |
016f:00401687 90 nop |
| 20 |
016f:00401688 90 nop |
26 |
016f:00401688 90 nop |
| 21 |
016f:00401689 90 nop |
27 |
016f:00401689 90 nop |
| 22 |
016f:0040168a 90 nop |
28 |
016f:0040168a 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 40 3f 49 00 e9 5e f6 ff ff cc cc cc cc cc cc .@?I..^......... |
8 |
-> b8 40 3f 49 00 e9 5e f6 ff ff cc cc cc cc cc cc .@?I..^......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0110c12f 8d485c lea ecx,[eax+5c] |
9 |
016f:0110c12f 8d485c lea ecx,[eax+5c] |
| 4 |
016f:0110c132 e891750000 call 011136c8 = TL641MI.DLL!155 |
10 |
016f:0110c132 e891750000 call 011136c8 = TL641MI.DLL!155 |
| 5 |
016f:0110c137 ebb6 jmp 0110c0ef = SETUP.EXE:.text+0xb0ef |
11 |
016f:0110c137 ebb6 jmp 0110c0ef = SETUP.EXE:.text+0xb0ef |
| 6 |
016f:0110c139 8b4e40 mov ecx,dword ptr [esi+40] |
12 |
016f:0110c139 8b4e40 mov ecx,dword ptr [esi+40] |
| 7 |
016f:0110c13c 33c0 xor eax,eax |
13 |
016f:0110c13c 33c0 xor eax,eax |
| 8 |
016f:0110c13e 50 push eax |
14 |
016f:0110c13e 50 push eax |
| 9 |
016f:0110c13f 8b442440 mov eax,dword ptr [esp+40] |
15 |
016f:0110c13f 8b442440 mov eax,dword ptr [esp+40] |
| 10 |
016f:0110c143 55 push ebp |
16 |
016f:0110c143 55 push ebp |
| 11 |
016f:0110c144 50 push eax |
17 |
016f:0110c144 50 push eax |
| 12 |
016f:0110c145 e8ae720000 call 011133f8 = SET641MI.DLL!497 |
18 |
016f:0110c145 e8ae720000 call 011133f8 = SET641MI.DLL!497 |
| 13 |
016f:0110c14c 8b442444 mov eax,dword ptr [esp+44] |
19 |
016f:0110c14c 8b442444 mov eax,dword ptr [esp+44] |
| 14 |
016f:0110c150 83e802 sub eax,+02 |
20 |
016f:0110c150 83e802 sub eax,+02 |
| 15 |
016f:0110c153 7426 jz 0110c17b = SETUP.EXE:.text+0xb17b |
21 |
016f:0110c153 7426 jz 0110c17b = SETUP.EXE:.text+0xb17b |
| 16 |
016f:0110c155 48 dec eax |
22 |
016f:0110c155 48 dec eax |
| 17 |
016f:0110c156 7412 jz 0110c16a = SETUP.EXE:.text+0xb16a |
23 |
016f:0110c156 7412 jz 0110c16a = SETUP.EXE:.text+0xb16a |
| 18 |
016f:0110c158 48 dec eax |
24 |
016f:0110c158 48 dec eax |
| 19 |
016f:0110c159 752f jnz 0110c18a = SETUP.EXE:.text+0xb18a |
25 |
016f:0110c159 752f jnz 0110c18a = SETUP.EXE:.text+0xb18a |
| 20 |
016f:0110c15b 8b4c243c mov ecx,dword ptr [esp+3c] |
26 |
016f:0110c15b 8b4c243c mov ecx,dword ptr [esp+3c] |
| 21 |
016f:0110c15f 51 push ecx |
27 |
016f:0110c15f 51 push ecx |
| 22 |
016f:0110c160 8b4e40 mov ecx,dword ptr [esi+40] |
28 |
016f:0110c160 8b4e40 mov ecx,dword ptr [esi+40] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
8 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
8 |
-> 5e c3 85 c9 74 0e 68 00 80 00 00 6a 00 51 ff 15 ^...t.h....j.Q.. |
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
8 |
-> 04 00 00 00 08 61 98 81 00 00 00 00 00 00 00 00 .....a.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c832e99 90 nop |
9 |
016f:1c832e99 90 nop |
| 4 |
016f:1c832e9a 90 nop |
10 |
016f:1c832e9a 90 nop |
| 5 |
016f:1c832e9b 90 nop |
11 |
016f:1c832e9b 90 nop |
| 6 |
016f:1c832e9c 90 nop |
12 |
016f:1c832e9c 90 nop |
| 7 |
016f:1c832e9d 90 nop |
13 |
016f:1c832e9d 90 nop |
| 8 |
016f:1c832e9e 90 nop |
14 |
016f:1c832e9e 90 nop |
| 9 |
016f:1c832e9f 90 nop |
15 |
016f:1c832e9f 90 nop |
| 10 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
16 |
016f:1c832ea0 8b442404 mov eax,dword ptr [esp+04] |
| 11 |
016f:1c832ea4 50 push eax |
17 |
016f:1c832ea4 50 push eax |
| 12 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
18 |
016f:1c832ea5 e8720e0200 call 1c853d1c = SAL3.DLL!rtl_freeMemory |
| 13 |
016f:1c832eab c3 retd |
19 |
016f:1c832eab c3 retd |
| 14 |
016f:1c832eac 90 nop |
20 |
016f:1c832eac 90 nop |
| 15 |
016f:1c832ead 90 nop |
21 |
016f:1c832ead 90 nop |
| 16 |
016f:1c832eae 90 nop |
22 |
016f:1c832eae 90 nop |
| 17 |
016f:1c832eaf 90 nop |
23 |
016f:1c832eaf 90 nop |
| 18 |
016f:1c832eb0 83ec10 sub esp,+10 |
24 |
016f:1c832eb0 83ec10 sub esp,+10 |
| 19 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c832eb3 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c832eb7 b801000000 mov eax,00000001 |
26 |
016f:1c832eb7 b801000000 mov eax,00000001 |
| 21 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
27 |
016f:1c832ebc 89442400 mov dword ptr [esp],eax |
| 22 |
016f:1c832ec0 3bc8 cmp ecx,eax |
28 |
016f:1c832ec0 3bc8 cmp ecx,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:0110b1f6 f6d8 neg al |
9 |
016f:0110b1f6 f6d8 neg al |
| 4 |
016f:0110b1f8 1bc0 sbb eax,eax |
10 |
016f:0110b1f8 1bc0 sbb eax,eax |
| 5 |
016f:0110b1fa 53 push ebx |
11 |
016f:0110b1fa 53 push ebx |
| 6 |
016f:0110b1fb 83c002 add eax,+02 |
12 |
016f:0110b1fb 83c002 add eax,+02 |
| 7 |
016f:0110b1fe 53 push ebx |
13 |
016f:0110b1fe 53 push ebx |
| 8 |
016f:0110b1ff 53 push ebx |
14 |
016f:0110b1ff 53 push ebx |
| 9 |
016f:0110b200 50 push eax |
15 |
016f:0110b200 50 push eax |
| 10 |
016f:0110b201 52 push edx |
16 |
016f:0110b201 52 push edx |
| 11 |
016f:0110b202 8bce mov ecx,esi |
17 |
016f:0110b202 8bce mov ecx,esi |
| 12 |
016f:0110b204 e8670d0000 call 0110bf70 = SETUP.EXE:.text+0xaf70 |
18 |
016f:0110b204 e8670d0000 call 0110bf70 = SETUP.EXE:.text+0xaf70 |
| 13 |
016f:0110b20a 5b pop ebx |
19 |
016f:0110b20a 5b pop ebx |
| 14 |
016f:0110b20b 81c4dc020000 add esp,000002dc |
20 |
016f:0110b20b 81c4dc020000 add esp,000002dc |
| 15 |
016f:0110b211 c20800 retd 0008 |
21 |
016f:0110b211 c20800 retd 0008 |
| 16 |
016f:0110b214 8b4634 mov eax,dword ptr [esi+34] |
22 |
016f:0110b214 8b4634 mov eax,dword ptr [esi+34] |
| 17 |
016f:0110b217 8b9034010000 mov edx,dword ptr [eax+00000134] |
23 |
016f:0110b217 8b9034010000 mov edx,dword ptr [eax+00000134] |
| 18 |
016f:0110b21d 3bd3 cmp edx,ebx |
24 |
016f:0110b21d 3bd3 cmp edx,ebx |
| 19 |
016f:0110b21f 7431 jz 0110b252 = SETUP.EXE:.text+0xa252 |
25 |
016f:0110b21f 7431 jz 0110b252 = SETUP.EXE:.text+0xa252 |
| 20 |
016f:0110b221 668b4e66 mov cx,word ptr [esi+66] |
26 |
016f:0110b221 668b4e66 mov cx,word ptr [esi+66] |
| 21 |
016f:0110b225 663bcb cmp cx,bx |
27 |
016f:0110b225 663bcb cmp cx,bx |
| 22 |
016f:0110b228 7504 jnz 0110b22e = SETUP.EXE:.text+0xa22e |
28 |
016f:0110b228 7504 jnz 0110b22e = SETUP.EXE:.text+0xa22e |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
8 |
-> 00 64 00 69 00 75 00 6d 00 00 00 00 00 54 00 49 .d.i.u.m.....T.I |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff8bae5 b14e mov cl,4e |
9 |
016f:bff8bae5 b14e mov cl,4e |
| 4 |
016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
10 |
016f:bff8bae7 eb06 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
| 5 |
016f:bff8bae9 b14d mov cl,4d |
11 |
016f:bff8bae9 b14d mov cl,4d |
| 6 |
016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
12 |
016f:bff8baeb eb02 jmp bff8baef = KERNEL32.DLL:.text+0x22aef |
| 7 |
016f:bff8baed b13e mov cl,3e |
13 |
016f:bff8baed b13e mov cl,3e |
| 8 |
016f:bff8baef 55 push ebp |
14 |
016f:bff8baef 55 push ebp |
| 9 |
016f:bff8baf0 8bec mov ebp,esp |
15 |
016f:bff8baf0 8bec mov ebp,esp |
| 10 |
016f:bff8baf2 51 push ecx |
16 |
016f:bff8baf2 51 push ecx |
| 11 |
016f:bff8baf3 83ec3c sub esp,+3c |
17 |
016f:bff8baf3 83ec3c sub esp,+3c |
| 12 |
016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 |
18 |
016f:bff8baf6 ff1536b3f8bf call dword ptr [bff8b336] -> KERNEL32.DLL:.data+0xee0 |
| 13 |
016f:bff8bafd c3 retd |
19 |
016f:bff8bafd c3 retd |
| 14 |
016f:bff8bafe b101 mov cl,01 |
20 |
016f:bff8bafe b101 mov cl,01 |
| 15 |
016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
21 |
016f:bff8bb00 eb06 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
| 16 |
016f:bff8bb02 b14f mov cl,4f |
22 |
016f:bff8bb02 b14f mov cl,4f |
| 17 |
016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
23 |
016f:bff8bb04 eb02 jmp bff8bb08 = KERNEL32.DLL:.text+0x22b08 |
| 18 |
016f:bff8bb06 b105 mov cl,05 |
24 |
016f:bff8bb06 b105 mov cl,05 |
| 19 |
016f:bff8bb08 55 push ebp |
25 |
016f:bff8bb08 55 push ebp |
| 20 |
016f:bff8bb09 8bec mov ebp,esp |
26 |
016f:bff8bb09 8bec mov ebp,esp |
| 21 |
016f:bff8bb0b 51 push ecx |
27 |
016f:bff8bb0b 51 push ecx |
| 22 |
016f:bff8bb0c 83ec3c sub esp,+3c |
28 |
016f:bff8bb0c 83ec3c sub esp,+3c |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6770cd 0ac3 or al,bl |
9 |
016f:1c6770cd 0ac3 or al,bl |
| 4 |
016f:1c6770cf 8886e8000000 mov byte ptr [esi+000000e8],al |
10 |
016f:1c6770cf 8886e8000000 mov byte ptr [esi+000000e8],al |
| 5 |
016f:1c6770d5 eb19 jmp 1c6770f0 = VCL641MI.DLL:.text+0x760f0 |
11 |
016f:1c6770d5 eb19 jmp 1c6770f0 = VCL641MI.DLL:.text+0x760f0 |
| 6 |
016f:1c6770d7 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:1c6770d7 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:1c6770da 8d4c2408 lea ecx,[esp+08] |
13 |
016f:1c6770da 8d4c2408 lea ecx,[esp+08] |
| 8 |
016f:1c6770de 24df and al,df |
14 |
016f:1c6770de 24df and al,df |
| 9 |
016f:1c6770e0 51 push ecx |
15 |
016f:1c6770e0 51 push ecx |
| 10 |
016f:1c6770e1 52 push edx |
16 |
016f:1c6770e1 52 push edx |
| 11 |
016f:1c6770e2 8886e8000000 mov byte ptr [esi+000000e8],al |
17 |
016f:1c6770e2 8886e8000000 mov byte ptr [esi+000000e8],al |
| 12 |
016f:1c6770e8 e863f4ffff call 1c676550 = VCL641MI.DLL:.text+0x75550 |
18 |
016f:1c6770e8 e863f4ffff call 1c676550 = VCL641MI.DLL:.text+0x75550 |
| 13 |
016f:1c6770f0 8a8ee9000000 mov cl,byte ptr [esi+000000e9] |
19 |
016f:1c6770f0 8a8ee9000000 mov cl,byte ptr [esi+000000e9] |
| 14 |
016f:1c6770f6 c7442418ffffffff mov dword ptr [esp+18],ffffffff |
20 |
016f:1c6770f6 c7442418ffffffff mov dword ptr [esp+18],ffffffff |
| 15 |
016f:1c6770fe 0acb or cl,bl |
21 |
016f:1c6770fe 0acb or cl,bl |
| 16 |
016f:1c677100 888ee9000000 mov byte ptr [esi+000000e9],cl |
22 |
016f:1c677100 888ee9000000 mov byte ptr [esi+000000e9],cl |
| 17 |
016f:1c677106 8d4c2408 lea ecx,[esp+08] |
23 |
016f:1c677106 8d4c2408 lea ecx,[esp+08] |
| 18 |
016f:1c67710a e831680000 call 1c67d940 = VCL641MI.DLL!2534 |
24 |
016f:1c67710a e831680000 call 1c67d940 = VCL641MI.DLL!2534 |
| 19 |
016f:1c67710f e98d000000 jmp 1c6771a1 = VCL641MI.DLL:.text+0x761a1 |
25 |
016f:1c67710f e98d000000 jmp 1c6771a1 = VCL641MI.DLL:.text+0x761a1 |
| 20 |
016f:1c677114 f686e800000002 test byte ptr [esi+000000e8],02 |
26 |
016f:1c677114 f686e800000002 test byte ptr [esi+000000e8],02 |
| 21 |
016f:1c67711b 7464 jz 1c677181 = VCL641MI.DLL:.text+0x76181 |
27 |
016f:1c67711b 7464 jz 1c677181 = VCL641MI.DLL:.text+0x76181 |
| 22 |
016f:1c67711d 57 push edi |
28 |
016f:1c67711d 57 push edi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6420f c3 retd |
9 |
016f:bff6420f c3 retd |
| 4 |
016f:bff64210 8b0d74b4fbbf mov ecx,dword ptr [bffbb474] |
10 |
016f:bff64210 8b0d74b4fbbf mov ecx,dword ptr [bffbb474] |
| 5 |
016f:bff64216 e31f jecxz bff64237 = KERNEL32.DLL:_FREQASM+0x3237 |
11 |
016f:bff64216 e31f jecxz bff64237 = KERNEL32.DLL:_FREQASM+0x3237 |
| 6 |
016f:bff64218 33c0 xor eax,eax |
12 |
016f:bff64218 33c0 xor eax,eax |
| 7 |
016f:bff6421a 8701 xchg dword ptr [ecx],eax |
13 |
016f:bff6421a 8701 xchg dword ptr [ecx],eax |
| 8 |
016f:bff6421c 0bc0 or eax,eax |
14 |
016f:bff6421c 0bc0 or eax,eax |
| 9 |
016f:bff6421e 74ca jz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
15 |
016f:bff6421e 74ca jz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 10 |
016f:bff64220 52 push edx |
16 |
016f:bff64220 52 push edx |
| 11 |
016f:bff64221 6664ff051e000000 inc word ptr fs:[0000001e] |
17 |
016f:bff64221 6664ff051e000000 inc word ptr fs:[0000001e] |
| 12 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
18 |
016f:bff64229 e8af780200 call bff8badd = KERNEL32.DLL:.text+0x22add |
| 13 |
016f:bff64236 5a pop edx |
19 |
016f:bff64236 5a pop edx |
| 14 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
20 |
016f:bff64237 ebb1 jmp bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 15 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
21 |
016f:bff64239 ff4210 inc dword ptr [edx+10] |
| 16 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
22 |
016f:bff6423c ebbd jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 17 |
016f:bff6423e 52 push edx |
23 |
016f:bff6423e 52 push edx |
| 18 |
016f:bff6423f 52 push edx |
24 |
016f:bff6423f 52 push edx |
| 19 |
016f:bff64240 681e002a00 push 002a001e |
25 |
016f:bff64240 681e002a00 push 002a001e |
| 20 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
26 |
016f:bff64245 e88ad1ffff call bff613d4 = KERNEL32.DLL!1 |
| 21 |
016f:bff6424a 5a pop edx |
27 |
016f:bff6424a 5a pop edx |
| 22 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
28 |
016f:bff6424b ebae jmp bff641fb = KERNEL32.DLL:_FREQASM+0x31fb |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6151d 660bff or di,di |
9 |
016f:bff6151d 660bff or di,di |
| 4 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
10 |
016f:bff61520 740c jz bff6152e = KERNEL32.DLL:_FREQASM+0x52e |
| 5 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
11 |
016f:bff61522 a1f0bcfbbf mov eax,dword ptr [bffbbcf0] |
| 6 |
016f:bff61527 ff30 push dword ptr [eax] |
12 |
016f:bff61527 ff30 push dword ptr [eax] |
| 7 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
13 |
016f:bff61529 e8f4530000 call bff66922 = KERNEL32.DLL:_FREQASM+0x5922 |
| 8 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
14 |
016f:bff6152e 66648b3d1e000000 mov di,word ptr fs:[0000001e] |
| 9 |
016f:bff61536 6683ef01 sub di,+01 |
15 |
016f:bff61536 6683ef01 sub di,+01 |
| 10 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
16 |
016f:bff6153a 730b jnc bff61547 = KERNEL32.DLL:_FREQASM+0x547 |
| 11 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
17 |
016f:bff6153c 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 12 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff61542 e88c2c0000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff6154f 8bc6 mov eax,esi |
19 |
016f:bff6154f 8bc6 mov eax,esi |
| 14 |
016f:bff61551 0fb6cb movzx ecx,bl |
20 |
016f:bff61551 0fb6cb movzx ecx,bl |
| 15 |
016f:bff61554 5f pop edi |
21 |
016f:bff61554 5f pop edi |
| 16 |
016f:bff61555 5e pop esi |
22 |
016f:bff61555 5e pop esi |
| 17 |
016f:bff61556 5b pop ebx |
23 |
016f:bff61556 5b pop ebx |
| 18 |
016f:bff61557 5d pop ebp |
24 |
016f:bff61557 5d pop ebp |
| 19 |
016f:bff61558 5a pop edx |
25 |
016f:bff61558 5a pop edx |
| 20 |
016f:bff61559 03e1 add esp,ecx |
26 |
016f:bff61559 03e1 add esp,ecx |
| 21 |
016f:bff6155b ffe2 jmp edx |
27 |
016f:bff6155b ffe2 jmp edx |
| 22 |
016f:bff6155d 55 push ebp |
28 |
016f:bff6155d 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ec703 c3 retd |
9 |
016f:1c6ec703 c3 retd |
| 4 |
016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] |
10 |
016f:1c6ec704 8b4c2410 mov ecx,dword ptr [esp+10] |
| 5 |
016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] |
11 |
016f:1c6ec708 8b54240c mov edx,dword ptr [esp+0c] |
| 6 |
016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:1c6ec70c 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:1c6ec710 51 push ecx |
13 |
016f:1c6ec710 51 push ecx |
| 8 |
016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] |
14 |
016f:1c6ec711 8b4c2408 mov ecx,dword ptr [esp+08] |
| 9 |
016f:1c6ec715 52 push edx |
15 |
016f:1c6ec715 52 push edx |
| 10 |
016f:1c6ec716 50 push eax |
16 |
016f:1c6ec716 50 push eax |
| 11 |
016f:1c6ec717 51 push ecx |
17 |
016f:1c6ec717 51 push ecx |
| 12 |
016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA |
18 |
016f:1c6ec718 ff15e0f36f1c call dword ptr [1c6ff3e0] -> USER32.DLL!PostMessageA |
| 13 |
016f:1c6ec71f 90 nop |
19 |
016f:1c6ec71f 90 nop |
| 14 |
016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] |
20 |
016f:1c6ec720 a15cd3711c mov eax,dword ptr [1c71d35c] |
| 15 |
016f:1c6ec725 85c0 test eax,eax |
21 |
016f:1c6ec725 85c0 test eax,eax |
| 16 |
016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 |
22 |
016f:1c6ec727 741b jz 1c6ec744 = VCL641MI.DLL:.text+0xeb744 |
| 17 |
016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] |
23 |
016f:1c6ec729 8b442410 mov eax,dword ptr [esp+10] |
| 18 |
016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] |
24 |
016f:1c6ec72d 8b4c240c mov ecx,dword ptr [esp+0c] |
| 19 |
016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] |
25 |
016f:1c6ec731 8b542408 mov edx,dword ptr [esp+08] |
| 20 |
016f:1c6ec735 50 push eax |
26 |
016f:1c6ec735 50 push eax |
| 21 |
016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] |
27 |
016f:1c6ec736 8b442408 mov eax,dword ptr [esp+08] |
| 22 |
016f:1c6ec73a 51 push ecx |
28 |
016f:1c6ec73a 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c62d67d 90 nop |
9 |
016f:1c62d67d 90 nop |
| 4 |
016f:1c62d67e 90 nop |
10 |
016f:1c62d67e 90 nop |
| 5 |
016f:1c62d67f 90 nop |
11 |
016f:1c62d67f 90 nop |
| 6 |
016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] |
12 |
016f:1c62d680 8b442404 mov eax,dword ptr [esp+04] |
| 7 |
016f:1c62d684 8b09 mov ecx,dword ptr [ecx] |
13 |
016f:1c62d684 8b09 mov ecx,dword ptr [ecx] |
| 8 |
016f:1c62d686 50 push eax |
14 |
016f:1c62d686 50 push eax |
| 9 |
016f:1c62d687 6a00 push +00 |
15 |
016f:1c62d687 6a00 push +00 |
| 10 |
016f:1c62d689 6882040000 push 00000482 |
16 |
016f:1c62d689 6882040000 push 00000482 |
| 11 |
016f:1c62d68e 51 push ecx |
17 |
016f:1c62d68e 51 push ecx |
| 12 |
016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 |
18 |
016f:1c62d68f e84cf00b00 call 1c6ec6e0 = VCL641MI.DLL:.text+0xeb6e0 |
| 13 |
016f:1c62d697 c20400 retd 0004 |
19 |
016f:1c62d697 c20400 retd 0004 |
| 14 |
016f:1c62d69a 90 nop |
20 |
016f:1c62d69a 90 nop |
| 15 |
016f:1c62d69b 90 nop |
21 |
016f:1c62d69b 90 nop |
| 16 |
016f:1c62d69c 90 nop |
22 |
016f:1c62d69c 90 nop |
| 17 |
016f:1c62d69d 90 nop |
23 |
016f:1c62d69d 90 nop |
| 18 |
016f:1c62d69e 90 nop |
24 |
016f:1c62d69e 90 nop |
| 19 |
016f:1c62d69f 90 nop |
25 |
016f:1c62d69f 90 nop |
| 20 |
016f:1c62d6a0 56 push esi |
26 |
016f:1c62d6a0 56 push esi |
| 21 |
016f:1c62d6a1 57 push edi |
27 |
016f:1c62d6a1 57 push edi |
| 22 |
016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] |
28 |
016f:1c62d6a2 8b7c240c mov edi,dword ptr [esp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c61da88 894e04 mov dword ptr [esi+04],ecx |
9 |
016f:1c61da88 894e04 mov dword ptr [esi+04],ecx |
| 4 |
016f:1c61da8b c7460800000000 mov dword ptr [esi+08],00000000 |
10 |
016f:1c61da8b c7460800000000 mov dword ptr [esi+08],00000000 |
| 5 |
016f:1c61da92 c7460c00000000 mov dword ptr [esi+0c],00000000 |
11 |
016f:1c61da92 c7460c00000000 mov dword ptr [esi+0c],00000000 |
| 6 |
016f:1c61da99 c6461801 mov byte ptr [esi+18],01 |
12 |
016f:1c61da99 c6461801 mov byte ptr [esi+18],01 |
| 7 |
016f:1c61da9d 8937 mov dword ptr [edi],esi |
13 |
016f:1c61da9d 8937 mov dword ptr [edi],esi |
| 8 |
016f:1c61da9f e8bcf90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 |
14 |
016f:1c61da9f e8bcf90b00 call 1c6dd460 = VCL641MI.DLL:.text+0xdc460 |
| 9 |
016f:1c61daa4 8b80f8000000 mov eax,dword ptr [eax+000000f8] |
15 |
016f:1c61daa4 8b80f8000000 mov eax,dword ptr [eax+000000f8] |
| 10 |
016f:1c61daaa 56 push esi |
16 |
016f:1c61daaa 56 push esi |
| 11 |
016f:1c61daab 8bc8 mov ecx,eax |
17 |
016f:1c61daab 8bc8 mov ecx,eax |
| 12 |
016f:1c61daad e8cefb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 |
18 |
016f:1c61daad e8cefb0000 call 1c62d680 = VCL641MI.DLL:.text+0x2c680 |
| 13 |
016f:1c61dab4 7405 jz 1c61dabb = VCL641MI.DLL:.text+0x1cabb |
19 |
016f:1c61dab4 7405 jz 1c61dabb = VCL641MI.DLL:.text+0x1cabb |
| 14 |
016f:1c61dab6 5f pop edi |
20 |
016f:1c61dab6 5f pop edi |
| 15 |
016f:1c61dab7 b001 mov al,01 |
21 |
016f:1c61dab7 b001 mov al,01 |
| 16 |
016f:1c61dab9 5e pop esi |
22 |
016f:1c61dab9 5e pop esi |
| 17 |
016f:1c61daba c3 retd |
23 |
016f:1c61daba c3 retd |
| 18 |
016f:1c61dabb 56 push esi |
24 |
016f:1c61dabb 56 push esi |
| 19 |
016f:1c61dabc c70700000000 mov dword ptr [edi],00000000 |
25 |
016f:1c61dabc c70700000000 mov dword ptr [edi],00000000 |
| 20 |
016f:1c61dac2 e8a5750d00 call 1c6f506c = TL641MI.DLL!21 |
26 |
016f:1c61dac2 e8a5750d00 call 1c6f506c = TL641MI.DLL!21 |
| 21 |
016f:1c61dac7 83c404 add esp,+04 |
27 |
016f:1c61dac7 83c404 add esp,+04 |
| 22 |
016f:1c61daca 32c0 xor al,al |
28 |
016f:1c61daca 32c0 xor al,al |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c61da1d c3 retd |
9 |
016f:1c61da1d c3 retd |
| 4 |
016f:1c61da1e 90 nop |
10 |
016f:1c61da1e 90 nop |
| 5 |
016f:1c61da1f 90 nop |
11 |
016f:1c61da1f 90 nop |
| 6 |
016f:1c61da20 8b442408 mov eax,dword ptr [esp+08] |
12 |
016f:1c61da20 8b442408 mov eax,dword ptr [esp+08] |
| 7 |
016f:1c61da24 8b4c2404 mov ecx,dword ptr [esp+04] |
13 |
016f:1c61da24 8b4c2404 mov ecx,dword ptr [esp+04] |
| 8 |
016f:1c61da28 50 push eax |
14 |
016f:1c61da28 50 push eax |
| 9 |
016f:1c61da29 8d54240c lea edx,[esp+0c] |
15 |
016f:1c61da29 8d54240c lea edx,[esp+0c] |
| 10 |
016f:1c61da2d 51 push ecx |
16 |
016f:1c61da2d 51 push ecx |
| 11 |
016f:1c61da2e 52 push edx |
17 |
016f:1c61da2e 52 push edx |
| 12 |
016f:1c61da2f e82c000000 call 1c61da60 = VCL641MI.DLL!384 |
18 |
016f:1c61da2f e82c000000 call 1c61da60 = VCL641MI.DLL!384 |
| 13 |
016f:1c61da38 83c40c add esp,+0c |
19 |
016f:1c61da38 83c40c add esp,+0c |
| 14 |
016f:1c61da3b c3 retd |
20 |
016f:1c61da3b c3 retd |
| 15 |
016f:1c61da3c 90 nop |
21 |
016f:1c61da3c 90 nop |
| 16 |
016f:1c61da3d 90 nop |
22 |
016f:1c61da3d 90 nop |
| 17 |
016f:1c61da3e 90 nop |
23 |
016f:1c61da3e 90 nop |
| 18 |
016f:1c61da3f 90 nop |
24 |
016f:1c61da3f 90 nop |
| 19 |
016f:1c61da40 8b442408 mov eax,dword ptr [esp+08] |
25 |
016f:1c61da40 8b442408 mov eax,dword ptr [esp+08] |
| 20 |
016f:1c61da44 8b4c2404 mov ecx,dword ptr [esp+04] |
26 |
016f:1c61da44 8b4c2404 mov ecx,dword ptr [esp+04] |
| 21 |
016f:1c61da48 50 push eax |
27 |
016f:1c61da48 50 push eax |
| 22 |
016f:1c61da49 8d54240c lea edx,[esp+0c] |
28 |
016f:1c61da49 8d54240c lea edx,[esp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:00433886 e825feffff call 004336b0 = SET641MI.DLL!25 |
9 |
016f:00433886 e825feffff call 004336b0 = SET641MI.DLL!25 |
| 4 |
016f:0043388b 84c0 test al,al |
10 |
016f:0043388b 84c0 test al,al |
| 5 |
016f:0043388d 7505 jnz 00433894 = SET641MI.DLL:.text+0x32894 |
11 |
016f:0043388d 7505 jnz 00433894 = SET641MI.DLL:.text+0x32894 |
| 6 |
016f:0043388f 5e pop esi |
12 |
016f:0043388f 5e pop esi |
| 7 |
016f:00433890 5b pop ebx |
13 |
016f:00433890 5b pop ebx |
| 8 |
016f:00433891 c20400 retd 0004 |
14 |
016f:00433891 c20400 retd 0004 |
| 9 |
016f:00433894 8b863c110000 mov eax,dword ptr [esi+0000113c] |
15 |
016f:00433894 8b863c110000 mov eax,dword ptr [esi+0000113c] |
| 10 |
016f:0043389a 6a00 push +00 |
16 |
016f:0043389a 6a00 push +00 |
| 11 |
016f:0043389c 50 push eax |
17 |
016f:0043389c 50 push eax |
| 12 |
016f:0043389d e8a6790400 call 0047b248 = VCL641MI.DLL!386 |
18 |
016f:0043389d e8a6790400 call 0047b248 = VCL641MI.DLL!386 |
| 13 |
016f:004338a5 b001 mov al,01 |
19 |
016f:004338a5 b001 mov al,01 |
| 14 |
016f:004338a7 889e36110000 mov byte ptr [esi+00001136],bl |
20 |
016f:004338a7 889e36110000 mov byte ptr [esi+00001136],bl |
| 15 |
016f:004338ad 888635110000 mov byte ptr [esi+00001135],al |
21 |
016f:004338ad 888635110000 mov byte ptr [esi+00001135],al |
| 16 |
016f:004338b3 5e pop esi |
22 |
016f:004338b3 5e pop esi |
| 17 |
016f:004338b4 5b pop ebx |
23 |
016f:004338b4 5b pop ebx |
| 18 |
016f:004338b5 c20400 retd 0004 |
24 |
016f:004338b5 c20400 retd 0004 |
| 19 |
016f:004338b8 90 nop |
25 |
016f:004338b8 90 nop |
| 20 |
016f:004338b9 90 nop |
26 |
016f:004338b9 90 nop |
| 21 |
016f:004338ba 90 nop |
27 |
016f:004338ba 90 nop |
| 22 |
016f:004338bb 90 nop |
28 |
016f:004338bb 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:00414b61 8b11 mov edx,dword ptr [ecx] |
9 |
016f:00414b61 8b11 mov edx,dword ptr [ecx] |
| 4 |
016f:00414b63 ff929c000000 call dword ptr [edx+0000009c] |
10 |
016f:00414b63 ff929c000000 call dword ptr [edx+0000009c] |
| 5 |
016f:00414b69 8b8e24110000 mov ecx,dword ptr [esi+00001124] |
11 |
016f:00414b69 8b8e24110000 mov ecx,dword ptr [esi+00001124] |
| 6 |
016f:00414b6f 8b01 mov eax,dword ptr [ecx] |
12 |
016f:00414b6f 8b01 mov eax,dword ptr [ecx] |
| 7 |
016f:00414b71 ff9090000000 call dword ptr [eax+00000090] |
13 |
016f:00414b71 ff9090000000 call dword ptr [eax+00000090] |
| 8 |
016f:00414b77 8b16 mov edx,dword ptr [esi] |
14 |
016f:00414b77 8b16 mov edx,dword ptr [esi] |
| 9 |
016f:00414b79 6a01 push +01 |
15 |
016f:00414b79 6a01 push +01 |
| 10 |
016f:00414b7b 8bce mov ecx,esi |
16 |
016f:00414b7b 8bce mov ecx,esi |
| 11 |
016f:00414b7d c6867402000001 mov byte ptr [esi+00000274],01 |
17 |
016f:00414b7d c6867402000001 mov byte ptr [esi+00000274],01 |
| 12 |
016f:00414b84 ff9298000000 call dword ptr [edx+00000098] |
18 |
016f:00414b84 ff9298000000 call dword ptr [edx+00000098] |
| 13 |
016f:00414b8b b801000000 mov eax,00000001 |
19 |
016f:00414b8b b801000000 mov eax,00000001 |
| 14 |
016f:00414b90 5e pop esi |
20 |
016f:00414b90 5e pop esi |
| 15 |
016f:00414b91 c20400 retd 0004 |
21 |
016f:00414b91 c20400 retd 0004 |
| 16 |
016f:00414b94 8b01 mov eax,dword ptr [ecx] |
22 |
016f:00414b94 8b01 mov eax,dword ptr [ecx] |
| 17 |
016f:00414b96 ff9098000000 call dword ptr [eax+00000098] |
23 |
016f:00414b96 ff9098000000 call dword ptr [eax+00000098] |
| 18 |
016f:00414b9c 84c0 test al,al |
24 |
016f:00414b9c 84c0 test al,al |
| 19 |
016f:00414b9e 0f8403010000 jz 00414ca7 = SET641MI.DLL:.text+0x13ca7 |
25 |
016f:00414b9e 0f8403010000 jz 00414ca7 = SET641MI.DLL:.text+0x13ca7 |
| 20 |
016f:00414ba4 8b8e24110000 mov ecx,dword ptr [esi+00001124] |
26 |
016f:00414ba4 8b8e24110000 mov ecx,dword ptr [esi+00001124] |
| 21 |
016f:00414baa 8b11 mov edx,dword ptr [ecx] |
27 |
016f:00414baa 8b11 mov edx,dword ptr [ecx] |
| 22 |
016f:00414bac ff929c000000 call dword ptr [edx+0000009c] |
28 |
016f:00414bac ff929c000000 call dword ptr [edx+0000009c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:00414a8a 5e pop esi |
9 |
016f:00414a8a 5e pop esi |
| 4 |
016f:00414a8b c3 retd |
10 |
016f:00414a8b c3 retd |
| 5 |
016f:00414a8c 90 nop |
11 |
016f:00414a8c 90 nop |
| 6 |
016f:00414a8d 90 nop |
12 |
016f:00414a8d 90 nop |
| 7 |
016f:00414a8e 90 nop |
13 |
016f:00414a8e 90 nop |
| 8 |
016f:00414a8f 90 nop |
14 |
016f:00414a8f 90 nop |
| 9 |
016f:00414a90 8b442408 mov eax,dword ptr [esp+08] |
15 |
016f:00414a90 8b442408 mov eax,dword ptr [esp+08] |
| 10 |
016f:00414a94 8b4c2404 mov ecx,dword ptr [esp+04] |
16 |
016f:00414a94 8b4c2404 mov ecx,dword ptr [esp+04] |
| 11 |
016f:00414a98 50 push eax |
17 |
016f:00414a98 50 push eax |
| 12 |
016f:00414a99 e802000000 call 00414aa0 = SET641MI.DLL!2059 |
18 |
016f:00414a99 e802000000 call 00414aa0 = SET641MI.DLL!2059 |
| 13 |
016f:00414a9f 90 nop |
19 |
016f:00414a9f 90 nop |
| 14 |
016f:00414aa0 56 push esi |
20 |
016f:00414aa0 56 push esi |
| 15 |
016f:00414aa1 8bf1 mov esi,ecx |
21 |
016f:00414aa1 8bf1 mov esi,ecx |
| 16 |
016f:00414aa3 8b4c2408 mov ecx,dword ptr [esp+08] |
22 |
016f:00414aa3 8b4c2408 mov ecx,dword ptr [esp+08] |
| 17 |
016f:00414aa7 57 push edi |
23 |
016f:00414aa7 57 push edi |
| 18 |
016f:00414aa8 8d86080c0000 lea eax,[esi+00000c08] |
24 |
016f:00414aa8 8d86080c0000 lea eax,[esi+00000c08] |
| 19 |
016f:00414aae 3bc8 cmp ecx,eax |
25 |
016f:00414aae 3bc8 cmp ecx,eax |
| 20 |
016f:00414ab0 750e jnz 00414ac0 = SET641MI.DLL:.text+0x13ac0 |
26 |
016f:00414ab0 750e jnz 00414ac0 = SET641MI.DLL:.text+0x13ac0 |
| 21 |
016f:00414ab2 8bce mov ecx,esi |
27 |
016f:00414ab2 8bce mov ecx,esi |
| 22 |
016f:00414ab4 e837feffff call 004148f0 = SET641MI.DLL!2077 |
28 |
016f:00414ab4 e837feffff call 004148f0 = SET641MI.DLL!2077 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c62664d 90 nop |
9 |
016f:1c62664d 90 nop |
| 4 |
016f:1c62664e 90 nop |
10 |
016f:1c62664e 90 nop |
| 5 |
016f:1c62664f 90 nop |
11 |
016f:1c62664f 90 nop |
| 6 |
016f:1c626650 8b8128020000 mov eax,dword ptr [ecx+00000228] |
12 |
016f:1c626650 8b8128020000 mov eax,dword ptr [ecx+00000228] |
| 7 |
016f:1c626656 85c0 test eax,eax |
13 |
016f:1c626656 85c0 test eax,eax |
| 8 |
016f:1c626658 740d jz 1c626667 = VCL641MI.DLL:.text+0x25667 |
14 |
016f:1c626658 740d jz 1c626667 = VCL641MI.DLL:.text+0x25667 |
| 9 |
016f:1c62665a 51 push ecx |
15 |
016f:1c62665a 51 push ecx |
| 10 |
016f:1c62665b 8b8924020000 mov ecx,dword ptr [ecx+00000224] |
16 |
016f:1c62665b 8b8924020000 mov ecx,dword ptr [ecx+00000224] |
| 11 |
016f:1c626661 51 push ecx |
17 |
016f:1c626661 51 push ecx |
| 12 |
016f:1c626662 ffd0 call eax |
18 |
016f:1c626662 ffd0 call eax |
| 13 |
016f:1c626667 c3 retd |
19 |
016f:1c626667 c3 retd |
| 14 |
016f:1c626668 90 nop |
20 |
016f:1c626668 90 nop |
| 15 |
016f:1c626669 90 nop |
21 |
016f:1c626669 90 nop |
| 16 |
016f:1c62666a 90 nop |
22 |
016f:1c62666a 90 nop |
| 17 |
016f:1c62666b 90 nop |
23 |
016f:1c62666b 90 nop |
| 18 |
016f:1c62666c 90 nop |
24 |
016f:1c62666c 90 nop |
| 19 |
016f:1c62666d 90 nop |
25 |
016f:1c62666d 90 nop |
| 20 |
016f:1c62666e 90 nop |
26 |
016f:1c62666e 90 nop |
| 21 |
016f:1c62666f 90 nop |
27 |
016f:1c62666f 90 nop |
| 22 |
016f:1c626670 83ec18 sub esp,+18 |
28 |
016f:1c626670 83ec18 sub esp,+18 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c69ff08 89442418 mov dword ptr [esp+18],eax |
9 |
016f:1c69ff08 89442418 mov dword ptr [esp+18],eax |
| 4 |
016f:1c69ff0c 8d443aff lea eax,[edx+edi-01] |
10 |
016f:1c69ff0c 8d443aff lea eax,[edx+edi-01] |
| 5 |
016f:1c69ff10 85ff test edi,edi |
11 |
016f:1c69ff10 85ff test edi,edi |
| 6 |
016f:1c69ff12 7505 jnz 1c69ff19 = VCL641MI.DLL:.text+0x9ef19 |
12 |
016f:1c69ff12 7505 jnz 1c69ff19 = VCL641MI.DLL:.text+0x9ef19 |
| 7 |
016f:1c69ff14 b80180ffff mov eax,ffff8001 |
13 |
016f:1c69ff14 b80180ffff mov eax,ffff8001 |
| 8 |
016f:1c69ff19 8b7c2424 mov edi,dword ptr [esp+24] |
14 |
016f:1c69ff19 8b7c2424 mov edi,dword ptr [esp+24] |
| 9 |
016f:1c69ff1d 8d4c2410 lea ecx,[esp+10] |
15 |
016f:1c69ff1d 8d4c2410 lea ecx,[esp+10] |
| 10 |
016f:1c69ff21 57 push edi |
16 |
016f:1c69ff21 57 push edi |
| 11 |
016f:1c69ff22 89442420 mov dword ptr [esp+20],eax |
17 |
016f:1c69ff22 89442420 mov dword ptr [esp+20],eax |
| 12 |
016f:1c69ff26 e86d520500 call 1c6f5198 = TL641MI.DLL!105 |
18 |
016f:1c69ff26 e86d520500 call 1c6f5198 = TL641MI.DLL!105 |
| 13 |
016f:1c69ff2d 750b jnz 1c69ff3a = VCL641MI.DLL:.text+0x9ef3a |
19 |
016f:1c69ff2d 750b jnz 1c69ff3a = VCL641MI.DLL:.text+0x9ef3a |
| 14 |
016f:1c69ff2f 5f pop edi |
20 |
016f:1c69ff2f 5f pop edi |
| 15 |
016f:1c69ff30 6633c0 xor ax,ax |
21 |
016f:1c69ff30 6633c0 xor ax,ax |
| 16 |
016f:1c69ff33 5e pop esi |
22 |
016f:1c69ff33 5e pop esi |
| 17 |
016f:1c69ff34 83c418 add esp,+18 |
23 |
016f:1c69ff34 83c418 add esp,+18 |
| 18 |
016f:1c69ff37 c20400 retd 0004 |
24 |
016f:1c69ff37 c20400 retd 0004 |
| 19 |
016f:1c69ff3a f6860002000040 test byte ptr [esi+00000200],40 |
25 |
016f:1c69ff3a f6860002000040 test byte ptr [esi+00000200],40 |
| 20 |
016f:1c69ff41 7436 jz 1c69ff79 = VCL641MI.DLL:.text+0x9ef79 |
26 |
016f:1c69ff41 7436 jz 1c69ff79 = VCL641MI.DLL:.text+0x9ef79 |
| 21 |
016f:1c69ff43 8b07 mov eax,dword ptr [edi] |
27 |
016f:1c69ff43 8b07 mov eax,dword ptr [edi] |
| 22 |
016f:1c69ff45 8b5648 mov edx,dword ptr [esi+48] |
28 |
016f:1c69ff45 8b5648 mov edx,dword ptr [esi+48] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c69fe7c 85c0 test eax,eax |
9 |
016f:1c69fe7c 85c0 test eax,eax |
| 4 |
016f:1c69fe7e 7558 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
10 |
016f:1c69fe7e 7558 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
| 5 |
016f:1c69fe80 8bb630010000 mov esi,dword ptr [esi+00000130] |
11 |
016f:1c69fe80 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 6 |
016f:1c69fe86 85f6 test esi,esi |
12 |
016f:1c69fe86 85f6 test esi,esi |
| 7 |
016f:1c69fe88 75ea jnz 1c69fe74 = VCL641MI.DLL:.text+0x9ee74 |
13 |
016f:1c69fe88 75ea jnz 1c69fe74 = VCL641MI.DLL:.text+0x9ee74 |
| 8 |
016f:1c69fe8a f685fd01000001 test byte ptr [ebp+000001fd],01 |
14 |
016f:1c69fe8a f685fd01000001 test byte ptr [ebp+000001fd],01 |
| 9 |
016f:1c69fe91 7443 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
15 |
016f:1c69fe91 7443 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
| 10 |
016f:1c69fe93 57 push edi |
16 |
016f:1c69fe93 57 push edi |
| 11 |
016f:1c69fe94 8bcd mov ecx,ebp |
17 |
016f:1c69fe94 8bcd mov ecx,ebp |
| 12 |
016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 |
18 |
016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 |
| 13 |
016f:1c69fe9d f6c301 test bl,01 |
19 |
016f:1c69fe9d f6c301 test bl,01 |
| 14 |
016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
20 |
016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
| 15 |
016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] |
21 |
016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] |
| 16 |
016f:1c69fea8 85f6 test esi,esi |
22 |
016f:1c69fea8 85f6 test esi,esi |
| 17 |
016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 |
23 |
016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 |
| 18 |
016f:1c69feac 57 push edi |
24 |
016f:1c69feac 57 push edi |
| 19 |
016f:1c69fead 8bce mov ecx,esi |
25 |
016f:1c69fead 8bce mov ecx,esi |
| 20 |
016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
26 |
016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
| 21 |
016f:1c69feb4 85c0 test eax,eax |
27 |
016f:1c69feb4 85c0 test eax,eax |
| 22 |
016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
28 |
016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 |
9 |
016f:1c69fe96 e845000000 call 1c69fee0 = VCL641MI.DLL:.text+0x9eee0 |
| 4 |
016f:1c69fe9b 8bd8 mov ebx,eax |
10 |
016f:1c69fe9b 8bd8 mov ebx,eax |
| 5 |
016f:1c69fe9d f6c301 test bl,01 |
11 |
016f:1c69fe9d f6c301 test bl,01 |
| 6 |
016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
12 |
016f:1c69fea0 7434 jz 1c69fed6 = VCL641MI.DLL:.text+0x9eed6 |
| 7 |
016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] |
13 |
016f:1c69fea2 8bb51c010000 mov esi,dword ptr [ebp+0000011c] |
| 8 |
016f:1c69fea8 85f6 test esi,esi |
14 |
016f:1c69fea8 85f6 test esi,esi |
| 9 |
016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 |
15 |
016f:1c69feaa 7416 jz 1c69fec2 = VCL641MI.DLL:.text+0x9eec2 |
| 10 |
016f:1c69feac 57 push edi |
16 |
016f:1c69feac 57 push edi |
| 11 |
016f:1c69fead 8bce mov ecx,esi |
17 |
016f:1c69fead 8bce mov ecx,esi |
| 12 |
016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
18 |
016f:1c69feaf e8acffffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
| 13 |
016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
19 |
016f:1c69feb6 7520 jnz 1c69fed8 = VCL641MI.DLL:.text+0x9eed8 |
| 14 |
016f:1c69feb8 8bb630010000 mov esi,dword ptr [esi+00000130] |
20 |
016f:1c69feb8 8bb630010000 mov esi,dword ptr [esi+00000130] |
| 15 |
016f:1c69febe 85f6 test esi,esi |
21 |
016f:1c69febe 85f6 test esi,esi |
| 16 |
016f:1c69fec0 75ea jnz 1c69feac = VCL641MI.DLL:.text+0x9eeac |
22 |
016f:1c69fec0 75ea jnz 1c69feac = VCL641MI.DLL:.text+0x9eeac |
| 17 |
016f:1c69fec2 80e302 and bl,02 |
23 |
016f:1c69fec2 80e302 and bl,02 |
| 18 |
016f:1c69fec5 5f pop edi |
24 |
016f:1c69fec5 5f pop edi |
| 19 |
016f:1c69fec6 f6db neg bl |
25 |
016f:1c69fec6 f6db neg bl |
| 20 |
016f:1c69fec8 1bdb sbb ebx,ebx |
26 |
016f:1c69fec8 1bdb sbb ebx,ebx |
| 21 |
016f:1c69feca 5e pop esi |
27 |
016f:1c69feca 5e pop esi |
| 22 |
016f:1c69fecb f7d3 not ebx |
28 |
016f:1c69fecb f7d3 not ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ab855 8b89f8000000 mov ecx,dword ptr [ecx+000000f8] |
9 |
016f:1c6ab855 8b89f8000000 mov ecx,dword ptr [ecx+000000f8] |
| 4 |
016f:1c6ab85b e8202df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 |
10 |
016f:1c6ab85b e8202df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 |
| 5 |
016f:1c6ab860 c3 retd |
11 |
016f:1c6ab860 c3 retd |
| 6 |
016f:1c6ab861 56 push esi |
12 |
016f:1c6ab861 56 push esi |
| 7 |
016f:1c6ab862 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:1c6ab862 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:1c6ab866 8bce mov ecx,esi |
14 |
016f:1c6ab866 8bce mov ecx,esi |
| 9 |
016f:1c6ab868 e88348ffff call 1c6a00f0 = VCL641MI.DLL:.text+0x9f0f0 |
15 |
016f:1c6ab868 e88348ffff call 1c6a00f0 = VCL641MI.DLL:.text+0x9f0f0 |
| 10 |
016f:1c6ab86d 8b8ef8000000 mov ecx,dword ptr [esi+000000f8] |
16 |
016f:1c6ab86d 8b8ef8000000 mov ecx,dword ptr [esi+000000f8] |
| 11 |
016f:1c6ab873 50 push eax |
17 |
016f:1c6ab873 50 push eax |
| 12 |
016f:1c6ab874 e8072df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 |
18 |
016f:1c6ab874 e8072df8ff call 1c62e580 = VCL641MI.DLL:.text+0x2d580 |
| 13 |
016f:1c6ab87a c3 retd |
19 |
016f:1c6ab87a c3 retd |
| 14 |
016f:1c6ab87b 90 nop |
20 |
016f:1c6ab87b 90 nop |
| 15 |
016f:1c6ab87c 90 nop |
21 |
016f:1c6ab87c 90 nop |
| 16 |
016f:1c6ab87d 90 nop |
22 |
016f:1c6ab87d 90 nop |
| 17 |
016f:1c6ab87e 90 nop |
23 |
016f:1c6ab87e 90 nop |
| 18 |
016f:1c6ab87f 90 nop |
24 |
016f:1c6ab87f 90 nop |
| 19 |
016f:1c6ab880 8b4c2414 mov ecx,dword ptr [esp+14] |
25 |
016f:1c6ab880 8b4c2414 mov ecx,dword ptr [esp+14] |
| 20 |
016f:1c6ab884 83ec30 sub esp,+30 |
26 |
016f:1c6ab884 83ec30 sub esp,+30 |
| 21 |
016f:1c6ab887 85c9 test ecx,ecx |
27 |
016f:1c6ab887 85c9 test ecx,ecx |
| 22 |
016f:1c6ab889 53 push ebx |
28 |
016f:1c6ab889 53 push ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 80 d1 01 00 f0 d6 01 00 70 d1 01 00 00 d5 01 00 ........p....... |
8 |
-> 80 d1 01 00 f0 d6 01 00 70 d1 01 00 00 d5 01 00 ........p....... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6aab46 82880000000f85 or byte ptr [eax+0f000000],85 |
9 |
016f:1c6aab46 82880000000f85 or byte ptr [eax+0f000000],85 |
| 4 |
016f:1c6aab4d 50 push eax |
10 |
016f:1c6aab4d 50 push eax |
| 5 |
016f:1c6aab4e 0100 add dword ptr [eax],eax |
11 |
016f:1c6aab4e 0100 add dword ptr [eax],eax |
| 6 |
016f:1c6aab50 00668b add byte ptr [esi-75],ah |
12 |
016f:1c6aab50 00668b add byte ptr [esi-75],ah |
| 7 |
016f:1c6aab53 5c pop esp |
13 |
016f:1c6aab53 5c pop esp |
| 8 |
016f:1c6aab54 2424 and al,24 |
14 |
016f:1c6aab54 2424 and al,24 |
| 9 |
016f:1c6aab56 663b9a94000000 cmp bx,word ptr [edx+00000094] |
15 |
016f:1c6aab56 663b9a94000000 cmp bx,word ptr [edx+00000094] |
| 10 |
016f:1c6aab5d 0f853e010000 jnz 1c6aaca1 = VCL641MI.DLL:.text+0xa9ca1 |
16 |
016f:1c6aab5d 0f853e010000 jnz 1c6aaca1 = VCL641MI.DLL:.text+0xa9ca1 |
| 11 |
016f:1c6aab63 56 push esi |
17 |
016f:1c6aab63 56 push esi |
| 12 |
016f:1c6aab64 e8d70c0000 call 1c6ab840 = VCL641MI.DLL:.text+0xaa840 |
18 |
016f:1c6aab64 e8d70c0000 call 1c6ab840 = VCL641MI.DLL:.text+0xaa840 |
| 13 |
016f:1c6aab6c 33c0 xor eax,eax |
19 |
016f:1c6aab6c 33c0 xor eax,eax |
| 14 |
016f:1c6aab6e e9800a0000 jmp 1c6ab5f3 = VCL641MI.DLL:.text+0xaa5f3 |
20 |
016f:1c6aab6e e9800a0000 jmp 1c6ab5f3 = VCL641MI.DLL:.text+0xaa5f3 |
| 15 |
016f:1c6aab73 8d4c2414 lea ecx,[esp+14] |
21 |
016f:1c6aab73 8d4c2414 lea ecx,[esp+14] |
| 16 |
016f:1c6aab77 51 push ecx |
22 |
016f:1c6aab77 51 push ecx |
| 17 |
016f:1c6aab78 8bcf mov ecx,edi |
23 |
016f:1c6aab78 8bcf mov ecx,edi |
| 18 |
016f:1c6aab7a e8e152ffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
24 |
016f:1c6aab7a e8e152ffff call 1c69fe60 = VCL641MI.DLL:.text+0x9ee60 |
| 19 |
016f:1c6aab7f 8bf0 mov esi,eax |
25 |
016f:1c6aab7f 8bf0 mov esi,eax |
| 20 |
016f:1c6aab81 85f6 test esi,esi |
26 |
016f:1c6aab81 85f6 test esi,esi |
| 21 |
016f:1c6aab83 7507 jnz 1c6aab8c = VCL641MI.DLL:.text+0xa9b8c |
27 |
016f:1c6aab83 7507 jnz 1c6aab8c = VCL641MI.DLL:.text+0xa9b8c |
| 22 |
016f:1c6aab85 33c0 xor eax,eax |
28 |
016f:1c6aab85 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
9 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 4 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
10 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 5 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
11 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
| 6 |
016f:1c63295f 85c9 test ecx,ecx |
12 |
016f:1c63295f 85c9 test ecx,ecx |
| 7 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
13 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 8 |
016f:1c632963 56 push esi |
14 |
016f:1c632963 56 push esi |
| 9 |
016f:1c632964 57 push edi |
15 |
016f:1c632964 57 push edi |
| 10 |
016f:1c632965 53 push ebx |
16 |
016f:1c632965 53 push ebx |
| 11 |
016f:1c632966 55 push ebp |
17 |
016f:1c632966 55 push ebp |
| 12 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
18 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 13 |
016f:1c63296e 5e pop esi |
19 |
016f:1c63296e 5e pop esi |
| 14 |
016f:1c63296f 5d pop ebp |
20 |
016f:1c63296f 5d pop ebp |
| 15 |
016f:1c632970 5b pop ebx |
21 |
016f:1c632970 5b pop ebx |
| 16 |
016f:1c632971 59 pop ecx |
22 |
016f:1c632971 59 pop ecx |
| 17 |
016f:1c632972 c21000 retd 0010 |
23 |
016f:1c632972 c21000 retd 0010 |
| 18 |
016f:1c632975 90 nop |
24 |
016f:1c632975 90 nop |
| 19 |
016f:1c632976 90 nop |
25 |
016f:1c632976 90 nop |
| 20 |
016f:1c632977 90 nop |
26 |
016f:1c632977 90 nop |
| 21 |
016f:1c632978 90 nop |
27 |
016f:1c632978 90 nop |
| 22 |
016f:1c632979 90 nop |
28 |
016f:1c632979 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
8 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 8d 52 04 e2 f2 8b fc 33 c0 65 39 46 08 74 04 65 .R.....3.e9F.t.e |
8 |
-> 8d 52 04 e2 f2 8b fc 33 c0 65 39 46 08 74 04 65 .R.....3.e9F.t.e |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
9 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 4 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
10 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 5 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
11 |
016f:1c63295b 8b4c2410 mov ecx,dword ptr [esp+10] |
| 6 |
016f:1c63295f 85c9 test ecx,ecx |
12 |
016f:1c63295f 85c9 test ecx,ecx |
| 7 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
13 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 8 |
016f:1c632963 56 push esi |
14 |
016f:1c632963 56 push esi |
| 9 |
016f:1c632964 57 push edi |
15 |
016f:1c632964 57 push edi |
| 10 |
016f:1c632965 53 push ebx |
16 |
016f:1c632965 53 push ebx |
| 11 |
016f:1c632966 55 push ebp |
17 |
016f:1c632966 55 push ebp |
| 12 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
18 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 13 |
016f:1c63296e 5e pop esi |
19 |
016f:1c63296e 5e pop esi |
| 14 |
016f:1c63296f 5d pop ebp |
20 |
016f:1c63296f 5d pop ebp |
| 15 |
016f:1c632970 5b pop ebx |
21 |
016f:1c632970 5b pop ebx |
| 16 |
016f:1c632971 59 pop ecx |
22 |
016f:1c632971 59 pop ecx |
| 17 |
016f:1c632972 c21000 retd 0010 |
23 |
016f:1c632972 c21000 retd 0010 |
| 18 |
016f:1c632975 90 nop |
24 |
016f:1c632975 90 nop |
| 19 |
016f:1c632976 90 nop |
25 |
016f:1c632976 90 nop |
| 20 |
016f:1c632977 90 nop |
26 |
016f:1c632977 90 nop |
| 21 |
016f:1c632978 90 nop |
27 |
016f:1c632978 90 nop |
| 22 |
016f:1c632979 90 nop |
28 |
016f:1c632979 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d8 c1c210 rol edx,10 |
9 |
016f:bff848d8 c1c210 rol edx,10 |
| 4 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
10 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 5 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
11 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 6 |
016f:bff848e4 50 push eax |
12 |
016f:bff848e4 50 push eax |
| 7 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
13 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 8 |
016f:bff848e9 50 push eax |
14 |
016f:bff848e9 50 push eax |
| 9 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
15 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 10 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
16 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 11 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
17 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 12 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
18 |
016f:bff848f7 e80ecffdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 13 |
016f:bff848fe c1c210 rol edx,10 |
19 |
016f:bff848fe c1c210 rol edx,10 |
| 14 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
20 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 15 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
21 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 16 |
016f:bff8490a 50 push eax |
22 |
016f:bff8490a 50 push eax |
| 17 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
23 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 18 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
24 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 19 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
25 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 20 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
26 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 21 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
27 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 22 |
016f:bff84922 33c0 xor eax,eax |
28 |
016f:bff84922 33c0 xor eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s |
8 |
-> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ac1d9 51 push ecx |
9 |
016f:1c6ac1d9 51 push ecx |
| 4 |
016f:1c6ac1da 8b4e04 mov ecx,dword ptr [esi+04] |
10 |
016f:1c6ac1da 8b4e04 mov ecx,dword ptr [esi+04] |
| 5 |
016f:1c6ac1dd 52 push edx |
11 |
016f:1c6ac1dd 52 push edx |
| 6 |
016f:1c6ac1de 8b542440 mov edx,dword ptr [esp+40] |
12 |
016f:1c6ac1de 8b542440 mov edx,dword ptr [esp+40] |
| 7 |
016f:1c6ac1e2 50 push eax |
13 |
016f:1c6ac1e2 50 push eax |
| 8 |
016f:1c6ac1e3 51 push ecx |
14 |
016f:1c6ac1e3 51 push ecx |
| 9 |
016f:1c6ac1e4 53 push ebx |
15 |
016f:1c6ac1e4 53 push ebx |
| 10 |
016f:1c6ac1e5 6a02 push +02 |
16 |
016f:1c6ac1e5 6a02 push +02 |
| 11 |
016f:1c6ac1e7 52 push edx |
17 |
016f:1c6ac1e7 52 push edx |
| 12 |
016f:1c6ac1e8 e863e7ffff call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 |
18 |
016f:1c6ac1e8 e863e7ffff call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 |
| 13 |
016f:1c6ac1f0 8bd8 mov ebx,eax |
19 |
016f:1c6ac1f0 8bd8 mov ebx,eax |
| 14 |
016f:1c6ac1f2 5f pop edi |
20 |
016f:1c6ac1f2 5f pop edi |
| 15 |
016f:1c6ac1f3 5e pop esi |
21 |
016f:1c6ac1f3 5e pop esi |
| 16 |
016f:1c6ac1f4 5b pop ebx |
22 |
016f:1c6ac1f4 5b pop ebx |
| 17 |
016f:1c6ac1f5 83c420 add esp,+20 |
23 |
016f:1c6ac1f5 83c420 add esp,+20 |
| 18 |
016f:1c6ac1f8 c3 retd |
24 |
016f:1c6ac1f8 c3 retd |
| 19 |
016f:1c6ac1f9 8b44243c mov eax,dword ptr [esp+3c] |
25 |
016f:1c6ac1f9 8b44243c mov eax,dword ptr [esp+3c] |
| 20 |
016f:1c6ac1fd 8b4c2430 mov ecx,dword ptr [esp+30] |
26 |
016f:1c6ac1fd 8b4c2430 mov ecx,dword ptr [esp+30] |
| 21 |
016f:1c6ac201 50 push eax |
27 |
016f:1c6ac201 50 push eax |
| 22 |
016f:1c6ac202 51 push ecx |
28 |
016f:1c6ac202 51 push ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s |
8 |
-> b8 88 c4 70 1c e9 a6 ca ff ff 8b 45 04 50 e8 73 ...p.......E.P.s |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6a3a07 51 push ecx |
9 |
016f:1c6a3a07 51 push ecx |
| 4 |
016f:1c6a3a08 50 push eax |
10 |
016f:1c6a3a08 50 push eax |
| 5 |
016f:1c6a3a09 8b8604010000 mov eax,dword ptr [esi+00000104] |
11 |
016f:1c6a3a09 8b8604010000 mov eax,dword ptr [esi+00000104] |
| 6 |
016f:1c6a3a0f 57 push edi |
12 |
016f:1c6a3a0f 57 push edi |
| 7 |
016f:1c6a3a10 52 push edx |
13 |
016f:1c6a3a10 52 push edx |
| 8 |
016f:1c6a3a11 8b542424 mov edx,dword ptr [esp+24] |
14 |
016f:1c6a3a11 8b542424 mov edx,dword ptr [esp+24] |
| 9 |
016f:1c6a3a15 52 push edx |
15 |
016f:1c6a3a15 52 push edx |
| 10 |
016f:1c6a3a16 6a03 push +03 |
16 |
016f:1c6a3a16 6a03 push +03 |
| 11 |
016f:1c6a3a18 50 push eax |
17 |
016f:1c6a3a18 50 push eax |
| 12 |
016f:1c6a3a19 e8326f0000 call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 |
18 |
016f:1c6a3a19 e8326f0000 call 1c6aa950 = VCL641MI.DLL:.text+0xa9950 |
| 13 |
016f:1c6a3a21 5f pop edi |
19 |
016f:1c6a3a21 5f pop edi |
| 14 |
016f:1c6a3a22 5d pop ebp |
20 |
016f:1c6a3a22 5d pop ebp |
| 15 |
016f:1c6a3a23 5b pop ebx |
21 |
016f:1c6a3a23 5b pop ebx |
| 16 |
016f:1c6a3a24 5e pop esi |
22 |
016f:1c6a3a24 5e pop esi |
| 17 |
016f:1c6a3a25 59 pop ecx |
23 |
016f:1c6a3a25 59 pop ecx |
| 18 |
016f:1c6a3a26 c20800 retd 0008 |
24 |
016f:1c6a3a26 c20800 retd 0008 |
| 19 |
016f:1c6a3a29 90 nop |
25 |
016f:1c6a3a29 90 nop |
| 20 |
016f:1c6a3a2a 90 nop |
26 |
016f:1c6a3a2a 90 nop |
| 21 |
016f:1c6a3a2b 90 nop |
27 |
016f:1c6a3a2b 90 nop |
| 22 |
016f:1c6a3a2c 90 nop |
28 |
016f:1c6a3a2c 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
9 |
016f:bff6baf3 803e04 cmp byte ptr [esi],04 |
| 4 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
10 |
016f:bff6baf6 740f jz bff6bb07 = KERNEL32.DLL:.text+0x2b07 |
| 5 |
016f:bff6baf8 33c0 xor eax,eax |
11 |
016f:bff6baf8 33c0 xor eax,eax |
| 6 |
016f:bff6bafa 50 push eax |
12 |
016f:bff6bafa 50 push eax |
| 7 |
016f:bff6bafb 50 push eax |
13 |
016f:bff6bafb 50 push eax |
| 8 |
016f:bff6bafc 50 push eax |
14 |
016f:bff6bafc 50 push eax |
| 9 |
016f:bff6bafd 68050000c0 push c0000005 |
15 |
016f:bff6bafd 68050000c0 push c0000005 |
| 10 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
16 |
016f:bff6bb02 e8a4acffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 11 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb07 ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
18 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 13 |
016f:bff6bb10 c20400 retd 0004 |
19 |
016f:bff6bb10 c20400 retd 0004 |
| 14 |
016f:bff6bb13 56 push esi |
20 |
016f:bff6bb13 56 push esi |
| 15 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
22 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 17 |
016f:bff6bb1a 3c04 cmp al,04 |
23 |
016f:bff6bb1a 3c04 cmp al,04 |
| 18 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
24 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 19 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
25 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 20 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
26 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 21 |
016f:bff6bb26 5e pop esi |
27 |
016f:bff6bb26 5e pop esi |
| 22 |
016f:bff6bb27 c20400 retd 0004 |
28 |
016f:bff6bb27 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c2331 4a dec edx |
9 |
016f:004c2331 4a dec edx |
| 4 |
016f:004c2332 8d4801 lea ecx,[eax+01] |
10 |
016f:004c2332 8d4801 lea ecx,[eax+01] |
| 5 |
016f:004c2335 895620 mov dword ptr [esi+20],edx |
11 |
016f:004c2335 895620 mov dword ptr [esi+20],edx |
| 6 |
016f:004c2338 85c0 test eax,eax |
12 |
016f:004c2338 85c0 test eax,eax |
| 7 |
016f:004c233a 894e18 mov dword ptr [esi+18],ecx |
13 |
016f:004c233a 894e18 mov dword ptr [esi+18],ecx |
| 8 |
016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 |
14 |
016f:004c233d 7509 jnz 004c2348 = SAL3.DLL:.text+0x1348 |
| 9 |
016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId |
15 |
016f:004c233f ff15d0614e00 call dword ptr [004e61d0] -> KERNEL32.DLL!GetCurrentThreadId |
| 10 |
016f:004c2345 89461c mov dword ptr [esi+1c],eax |
16 |
016f:004c2345 89461c mov dword ptr [esi+1c],eax |
| 11 |
016f:004c2348 68f0916500 push 006591f0 |
17 |
016f:004c2348 68f0916500 push 006591f0 |
| 12 |
016f:004c234d ffd3 call ebx |
18 |
016f:004c234d ffd3 call ebx |
| 13 |
016f:004c2350 5e pop esi |
19 |
016f:004c2350 5e pop esi |
| 14 |
016f:004c2351 b001 mov al,01 |
20 |
016f:004c2351 b001 mov al,01 |
| 15 |
016f:004c2353 5b pop ebx |
21 |
016f:004c2353 5b pop ebx |
| 16 |
016f:004c2354 c3 retd |
22 |
016f:004c2354 c3 retd |
| 17 |
016f:004c2355 8b542404 mov edx,dword ptr [esp+04] |
23 |
016f:004c2355 8b542404 mov edx,dword ptr [esp+04] |
| 18 |
016f:004c2359 52 push edx |
24 |
016f:004c2359 52 push edx |
| 19 |
016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
25 |
016f:004c235a ff15e4614e00 call dword ptr [004e61e4] -> KERNEL32.DLL!EnterCriticalSection |
| 20 |
016f:004c2360 b001 mov al,01 |
26 |
016f:004c2360 b001 mov al,01 |
| 21 |
016f:004c2362 c3 retd |
27 |
016f:004c2362 c3 retd |
| 22 |
016f:004c2363 90 nop |
28 |
016f:004c2363 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 ....<a.......... |
8 |
-> 04 00 00 00 3c 61 98 81 00 00 00 00 00 00 00 00 ....<a.......... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6acfa4 5e pop esi |
9 |
016f:1c6acfa4 5e pop esi |
| 4 |
016f:1c6acfa5 c3 retd |
10 |
016f:1c6acfa5 c3 retd |
| 5 |
016f:1c6acfa6 e83501f7ff call 1c61d0e0 = VCL641MI.DLL!358 |
11 |
016f:1c6acfa6 e83501f7ff call 1c61d0e0 = VCL641MI.DLL!358 |
| 6 |
016f:1c6acfab 8b4e04 mov ecx,dword ptr [esi+04] |
12 |
016f:1c6acfab 8b4e04 mov ecx,dword ptr [esi+04] |
| 7 |
016f:1c6acfae 8b10 mov edx,dword ptr [eax] |
13 |
016f:1c6acfae 8b10 mov edx,dword ptr [eax] |
| 8 |
016f:1c6acfb0 51 push ecx |
14 |
016f:1c6acfb0 51 push ecx |
| 9 |
016f:1c6acfb1 8b0e mov ecx,dword ptr [esi] |
15 |
016f:1c6acfb1 8b0e mov ecx,dword ptr [esi] |
| 10 |
016f:1c6acfb3 51 push ecx |
16 |
016f:1c6acfb3 51 push ecx |
| 11 |
016f:1c6acfb4 8bc8 mov ecx,eax |
17 |
016f:1c6acfb4 8bc8 mov ecx,eax |
| 12 |
016f:1c6acfb6 ff5208 call dword ptr [edx+08] |
18 |
016f:1c6acfb6 ff5208 call dword ptr [edx+08] |
| 13 |
016f:1c6acfbc 52 push edx |
19 |
016f:1c6acfbc 52 push edx |
| 14 |
016f:1c6acfbd e8aa800400 call 1c6f506c = TL641MI.DLL!21 |
20 |
016f:1c6acfbd e8aa800400 call 1c6f506c = TL641MI.DLL!21 |
| 15 |
016f:1c6acfc2 56 push esi |
21 |
016f:1c6acfc2 56 push esi |
| 16 |
016f:1c6acfc3 e8a4800400 call 1c6f506c = TL641MI.DLL!21 |
22 |
016f:1c6acfc3 e8a4800400 call 1c6f506c = TL641MI.DLL!21 |
| 17 |
016f:1c6acfc8 83c408 add esp,+08 |
23 |
016f:1c6acfc8 83c408 add esp,+08 |
| 18 |
016f:1c6acfcb 5e pop esi |
24 |
016f:1c6acfcb 5e pop esi |
| 19 |
016f:1c6acfcc c3 retd |
25 |
016f:1c6acfcc c3 retd |
| 20 |
016f:1c6acfcd 90 nop |
26 |
016f:1c6acfcd 90 nop |
| 21 |
016f:1c6acfce 90 nop |
27 |
016f:1c6acfce 90 nop |
| 22 |
016f:1c6acfcf 90 nop |
28 |
016f:1c6acfcf 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ac460 83c408 add esp,+08 |
9 |
016f:1c6ac460 83c408 add esp,+08 |
| 4 |
016f:1c6ac463 8bc3 mov eax,ebx |
10 |
016f:1c6ac463 8bc3 mov eax,ebx |
| 5 |
016f:1c6ac465 5f pop edi |
11 |
016f:1c6ac465 5f pop edi |
| 6 |
016f:1c6ac466 5e pop esi |
12 |
016f:1c6ac466 5e pop esi |
| 7 |
016f:1c6ac467 5b pop ebx |
13 |
016f:1c6ac467 5b pop ebx |
| 8 |
016f:1c6ac468 83c420 add esp,+20 |
14 |
016f:1c6ac468 83c420 add esp,+20 |
| 9 |
016f:1c6ac46b c3 retd |
15 |
016f:1c6ac46b c3 retd |
| 10 |
016f:1c6ac46c 8b4c243c mov ecx,dword ptr [esp+3c] |
16 |
016f:1c6ac46c 8b4c243c mov ecx,dword ptr [esp+3c] |
| 11 |
016f:1c6ac470 51 push ecx |
17 |
016f:1c6ac470 51 push ecx |
| 12 |
016f:1c6ac471 e87a0a0000 call 1c6acef0 = VCL641MI.DLL:.text+0xabef0 |
18 |
016f:1c6ac471 e87a0a0000 call 1c6acef0 = VCL641MI.DLL:.text+0xabef0 |
| 13 |
016f:1c6ac479 8bc3 mov eax,ebx |
19 |
016f:1c6ac479 8bc3 mov eax,ebx |
| 14 |
016f:1c6ac47b 5f pop edi |
20 |
016f:1c6ac47b 5f pop edi |
| 15 |
016f:1c6ac47c 5e pop esi |
21 |
016f:1c6ac47c 5e pop esi |
| 16 |
016f:1c6ac47d 5b pop ebx |
22 |
016f:1c6ac47d 5b pop ebx |
| 17 |
016f:1c6ac47e 83c420 add esp,+20 |
23 |
016f:1c6ac47e 83c420 add esp,+20 |
| 18 |
016f:1c6ac481 c3 retd |
24 |
016f:1c6ac481 c3 retd |
| 19 |
016f:1c6ac482 8b44243c mov eax,dword ptr [esp+3c] |
25 |
016f:1c6ac482 8b44243c mov eax,dword ptr [esp+3c] |
| 20 |
016f:1c6ac486 660fb65014 movzx dx,byte ptr [eax+14] |
26 |
016f:1c6ac486 660fb65014 movzx dx,byte ptr [eax+14] |
| 21 |
016f:1c6ac48b 8b480c mov ecx,dword ptr [eax+0c] |
27 |
016f:1c6ac48b 8b480c mov ecx,dword ptr [eax+0c] |
| 22 |
016f:1c6ac48e 52 push edx |
28 |
016f:1c6ac48e 52 push edx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff44f6d 1bc0 sbb eax,eax |
9 |
016f:bff44f6d 1bc0 sbb eax,eax |
| 4 |
016f:bff44f6f 40 inc eax |
10 |
016f:bff44f6f 40 inc eax |
| 5 |
016f:bff44f70 c21000 retd 0010 |
11 |
016f:bff44f70 c21000 retd 0010 |
| 6 |
016f:bff44f73 cc int 3 |
12 |
016f:bff44f73 cc int 3 |
| 7 |
016f:bff44f74 ff35e4d4f4bf push dword ptr [bff4d4e4] |
13 |
016f:bff44f74 ff35e4d4f4bf push dword ptr [bff4d4e4] |
| 8 |
016f:bff44f7a e88b330000 call bff4830a = KERNEL32.DLL!97 |
14 |
016f:bff44f7a e88b330000 call bff4830a = KERNEL32.DLL!97 |
| 9 |
016f:bff44f7f c3 retd |
15 |
016f:bff44f7f c3 retd |
| 10 |
016f:bff44f80 50 push eax |
16 |
016f:bff44f80 50 push eax |
| 11 |
016f:bff44f81 ff35e4d4f4bf push dword ptr [bff4d4e4] |
17 |
016f:bff44f81 ff35e4d4f4bf push dword ptr [bff4d4e4] |
| 12 |
016f:bff44f87 e8c6330000 call bff48352 = KERNEL32.DLL!98 |
18 |
016f:bff44f87 e8c6330000 call bff48352 = KERNEL32.DLL!98 |
| 13 |
016f:bff44f8d c3 retd |
19 |
016f:bff44f8d c3 retd |
| 14 |
016f:bff44f8e 640fb70528000000 movzx eax,word ptr fs:[00000028] |
20 |
016f:bff44f8e 640fb70528000000 movzx eax,word ptr fs:[00000028] |
| 15 |
016f:bff44f96 85c0 test eax,eax |
21 |
016f:bff44f96 85c0 test eax,eax |
| 16 |
016f:bff44f98 7401 jz bff44f9b = USER32.DLL:.text+0x3f9b |
22 |
016f:bff44f98 7401 jz bff44f9b = USER32.DLL:.text+0x3f9b |
| 17 |
016f:bff44f9a c3 retd |
23 |
016f:bff44f9a c3 retd |
| 18 |
016f:bff44f9b b804000000 mov eax,00000004 |
24 |
016f:bff44f9b b804000000 mov eax,00000004 |
| 19 |
016f:bff44fa0 6664f7051c0000000100 test word ptr fs:[0000001c],0001 |
25 |
016f:bff44fa0 6664f7051c0000000100 test word ptr fs:[0000001c],0001 |
| 20 |
016f:bff44faa 7403 jz bff44faf = USER32.DLL:.text+0x3faf |
26 |
016f:bff44faa 7403 jz bff44faf = USER32.DLL:.text+0x3faf |
| 21 |
016f:bff44fac 83c801 or eax,+01 |
27 |
016f:bff44fac 83c801 or eax,+01 |
| 22 |
016f:bff44faf 50 push eax |
28 |
016f:bff44faf 50 push eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff45724 83c058 add eax,+58 |
9 |
016f:bff45724 83c058 add eax,+58 |
| 4 |
016f:bff45727 03442408 add eax,dword ptr [esp+08] |
10 |
016f:bff45727 03442408 add eax,dword ptr [esp+08] |
| 5 |
016f:bff4572b 0fb708 movzx ecx,word ptr [eax] |
11 |
016f:bff4572b 0fb708 movzx ecx,word ptr [eax] |
| 6 |
016f:bff4572e c1c110 rol ecx,10 |
12 |
016f:bff4572e c1c110 rol ecx,10 |
| 7 |
016f:bff45731 f744241002000000 test dword ptr [esp+10],00000002 |
13 |
016f:bff45731 f744241002000000 test dword ptr [esp+10],00000002 |
| 8 |
016f:bff45739 7404 jz bff4573f = USER32.DLL:.text+0x473f |
14 |
016f:bff45739 7404 jz bff4573f = USER32.DLL:.text+0x473f |
| 9 |
016f:bff4573b 668b4802 mov cx,word ptr [eax+02] |
15 |
016f:bff4573b 668b4802 mov cx,word ptr [eax+02] |
| 10 |
016f:bff4573f c1c910 ror ecx,10 |
16 |
016f:bff4573f c1c910 ror ecx,10 |
| 11 |
016f:bff45742 8bc1 mov eax,ecx |
17 |
016f:bff45742 8bc1 mov eax,ecx |
| 12 |
016f:bff45744 e837f8ffff call bff44f80 = USER32.DLL:.text+0x3f80 |
18 |
016f:bff45744 e837f8ffff call bff44f80 = USER32.DLL:.text+0x3f80 |
| 13 |
016f:bff4574c e82ff8ffff call bff44f80 = USER32.DLL:.text+0x3f80 |
19 |
016f:bff4574c e82ff8ffff call bff44f80 = USER32.DLL:.text+0x3f80 |
| 14 |
016f:bff45751 e91fbbffff jmp bff41275 = USER32.DLL:.text+0x275 |
20 |
016f:bff45751 e91fbbffff jmp bff41275 = USER32.DLL:.text+0x275 |
| 15 |
016f:bff45756 83ec04 sub esp,+04 |
21 |
016f:bff45756 83ec04 sub esp,+04 |
| 16 |
016f:bff45759 8bd4 mov edx,esp |
22 |
016f:bff45759 8bd4 mov edx,esp |
| 17 |
016f:bff4575b b904000000 mov ecx,00000004 |
23 |
016f:bff4575b b904000000 mov ecx,00000004 |
| 18 |
016f:bff45760 8b4204 mov eax,dword ptr [edx+04] |
24 |
016f:bff45760 8b4204 mov eax,dword ptr [edx+04] |
| 19 |
016f:bff45763 8902 mov dword ptr [edx],eax |
25 |
016f:bff45763 8902 mov dword ptr [edx],eax |
| 20 |
016f:bff45765 83c204 add edx,+04 |
26 |
016f:bff45765 83c204 add edx,+04 |
| 21 |
016f:bff45768 e2f6 loop bff45760 = USER32.DLL:.text+0x4760 |
27 |
016f:bff45768 e2f6 loop bff45760 = USER32.DLL:.text+0x4760 |
| 22 |
016f:bff4576a b805000000 mov eax,00000005 |
28 |
016f:bff4576a b805000000 mov eax,00000005 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ec6bd 8b4c2404 mov ecx,dword ptr [esp+04] |
9 |
016f:1c6ec6bd 8b4c2404 mov ecx,dword ptr [esp+04] |
| 4 |
016f:1c6ec6c1 50 push eax |
10 |
016f:1c6ec6c1 50 push eax |
| 5 |
016f:1c6ec6c2 51 push ecx |
11 |
016f:1c6ec6c2 51 push ecx |
| 6 |
016f:1c6ec6c3 ff15dcf36f1c call dword ptr [1c6ff3dc] -> USER32.DLL!CalcChildScroll |
12 |
016f:1c6ec6c3 ff15dcf36f1c call dword ptr [1c6ff3dc] -> USER32.DLL!CalcChildScroll |
| 7 |
016f:1c6ec6c9 c3 retd |
13 |
016f:1c6ec6c9 c3 retd |
| 8 |
016f:1c6ec6ca 8b542408 mov edx,dword ptr [esp+08] |
14 |
016f:1c6ec6ca 8b542408 mov edx,dword ptr [esp+08] |
| 9 |
016f:1c6ec6ce 8b442404 mov eax,dword ptr [esp+04] |
15 |
016f:1c6ec6ce 8b442404 mov eax,dword ptr [esp+04] |
| 10 |
016f:1c6ec6d2 52 push edx |
16 |
016f:1c6ec6d2 52 push edx |
| 11 |
016f:1c6ec6d3 50 push eax |
17 |
016f:1c6ec6d3 50 push eax |
| 12 |
016f:1c6ec6d4 ff1564f26f1c call dword ptr [1c6ff264] -> USER32.DLL!GetWindowLongA |
18 |
016f:1c6ec6d4 ff1564f26f1c call dword ptr [1c6ff264] -> USER32.DLL!GetWindowLongA |
| 13 |
016f:1c6ec6db 90 nop |
19 |
016f:1c6ec6db 90 nop |
| 14 |
016f:1c6ec6dc 90 nop |
20 |
016f:1c6ec6dc 90 nop |
| 15 |
016f:1c6ec6dd 90 nop |
21 |
016f:1c6ec6dd 90 nop |
| 16 |
016f:1c6ec6de 90 nop |
22 |
016f:1c6ec6de 90 nop |
| 17 |
016f:1c6ec6df 90 nop |
23 |
016f:1c6ec6df 90 nop |
| 18 |
016f:1c6ec6e0 a15cd3711c mov eax,dword ptr [1c71d35c] |
24 |
016f:1c6ec6e0 a15cd3711c mov eax,dword ptr [1c71d35c] |
| 19 |
016f:1c6ec6e5 85c0 test eax,eax |
25 |
016f:1c6ec6e5 85c0 test eax,eax |
| 20 |
016f:1c6ec6e7 741b jz 1c6ec704 = VCL641MI.DLL:.text+0xeb704 |
26 |
016f:1c6ec6e7 741b jz 1c6ec704 = VCL641MI.DLL:.text+0xeb704 |
| 21 |
016f:1c6ec6e9 8b442410 mov eax,dword ptr [esp+10] |
27 |
016f:1c6ec6e9 8b442410 mov eax,dword ptr [esp+10] |
| 22 |
016f:1c6ec6ed 8b4c240c mov ecx,dword ptr [esp+0c] |
28 |
016f:1c6ec6ed 8b4c240c mov ecx,dword ptr [esp+0c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c631a31 83c408 add esp,+08 |
9 |
016f:1c631a31 83c408 add esp,+08 |
| 4 |
016f:1c631a34 85c0 test eax,eax |
10 |
016f:1c631a34 85c0 test eax,eax |
| 5 |
016f:1c631a36 7412 jz 1c631a4a = VCL641MI.DLL:.text+0x30a4a |
11 |
016f:1c631a36 7412 jz 1c631a4a = VCL641MI.DLL:.text+0x30a4a |
| 6 |
016f:1c631a38 8b4c2408 mov ecx,dword ptr [esp+08] |
12 |
016f:1c631a38 8b4c2408 mov ecx,dword ptr [esp+08] |
| 7 |
016f:1c631a3c 8b5018 mov edx,dword ptr [eax+18] |
13 |
016f:1c631a3c 8b5018 mov edx,dword ptr [eax+18] |
| 8 |
016f:1c631a3f 51 push ecx |
14 |
016f:1c631a3f 51 push ecx |
| 9 |
016f:1c631a40 6a16 push +16 |
15 |
016f:1c631a40 6a16 push +16 |
| 10 |
016f:1c631a42 50 push eax |
16 |
016f:1c631a42 50 push eax |
| 11 |
016f:1c631a43 52 push edx |
17 |
016f:1c631a43 52 push edx |
| 12 |
016f:1c631a44 ff501c call dword ptr [eax+1c] |
18 |
016f:1c631a44 ff501c call dword ptr [eax+1c] |
| 13 |
016f:1c631a4a e921ab0a00 jmp 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
19 |
016f:1c631a4a e921ab0a00 jmp 1c6dc570 = VCL641MI.DLL:.text+0xdb570 |
| 14 |
016f:1c631a4f 90 nop |
20 |
016f:1c631a4f 90 nop |
| 15 |
016f:1c631a50 a188ca711c mov eax,dword ptr [1c71ca88] |
21 |
016f:1c631a50 a188ca711c mov eax,dword ptr [1c71ca88] |
| 16 |
016f:1c631a55 55 push ebp |
22 |
016f:1c631a55 55 push ebp |
| 17 |
016f:1c631a56 8b08 mov ecx,dword ptr [eax] |
23 |
016f:1c631a56 8b08 mov ecx,dword ptr [eax] |
| 18 |
016f:1c631a58 8b690c mov ebp,dword ptr [ecx+0c] |
24 |
016f:1c631a58 8b690c mov ebp,dword ptr [ecx+0c] |
| 19 |
016f:1c631a5b 85ed test ebp,ebp |
25 |
016f:1c631a5b 85ed test ebp,ebp |
| 20 |
016f:1c631a5d 0f8489000000 jz 1c631aec = VCL641MI.DLL:.text+0x30aec |
26 |
016f:1c631a5d 0f8489000000 jz 1c631aec = VCL641MI.DLL:.text+0x30aec |
| 21 |
016f:1c631a63 e8b8aa0a00 call 1c6dc520 = VCL641MI.DLL:.text+0xdb520 |
27 |
016f:1c631a63 e8b8aa0a00 call 1c6dc520 = VCL641MI.DLL:.text+0xdb520 |
| 22 |
016f:1c631a68 84c0 test al,al |
28 |
016f:1c631a68 84c0 test al,al |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c63061d 56 push esi |
9 |
016f:1c63061d 56 push esi |
| 4 |
016f:1c63061e 51 push ecx |
10 |
016f:1c63061e 51 push ecx |
| 5 |
016f:1c63061f e8cc140000 call 1c631af0 = VCL641MI.DLL:.text+0x30af0 |
11 |
016f:1c63061f e8cc140000 call 1c631af0 = VCL641MI.DLL:.text+0x30af0 |
| 6 |
016f:1c630624 83c418 add esp,+18 |
12 |
016f:1c630624 83c418 add esp,+18 |
| 7 |
016f:1c630627 89442410 mov dword ptr [esp+10],eax |
13 |
016f:1c630627 89442410 mov dword ptr [esp+10],eax |
| 8 |
016f:1c63062b eb57 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
14 |
016f:1c63062b eb57 jmp 1c630684 = VCL641MI.DLL:.text+0x2f684 |
| 9 |
016f:1c63062d 8b4c2424 mov ecx,dword ptr [esp+24] |
15 |
016f:1c63062d 8b4c2424 mov ecx,dword ptr [esp+24] |
| 10 |
016f:1c630631 51 push ecx |
16 |
016f:1c630631 51 push ecx |
| 11 |
016f:1c630632 56 push esi |
17 |
016f:1c630632 56 push esi |
| 12 |
016f:1c630633 e8e8130000 call 1c631a20 = VCL641MI.DLL:.text+0x30a20 |
18 |
016f:1c630633 e8e8130000 call 1c631a20 = VCL641MI.DLL:.text+0x30a20 |
| 13 |
016f:1c63063a 56 push esi |
19 |
016f:1c63063a 56 push esi |
| 14 |
016f:1c63063b ff1548f36f1c call dword ptr [1c6ff348] -> USER32.DLL!SetCapture |
20 |
016f:1c63063b ff1548f36f1c call dword ptr [1c6ff348] -> USER32.DLL!SetCapture |
| 15 |
016f:1c630641 eb3b jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
21 |
016f:1c630641 eb3b jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 16 |
016f:1c630643 ff1540f36f1c call dword ptr [1c6ff340] -> USER32.DLL!GetCapture |
22 |
016f:1c630643 ff1540f36f1c call dword ptr [1c6ff340] -> USER32.DLL!GetCapture |
| 17 |
016f:1c630649 3bc6 cmp eax,esi |
23 |
016f:1c630649 3bc6 cmp eax,esi |
| 18 |
016f:1c63064b 7531 jnz 1c63067e = VCL641MI.DLL:.text+0x2f67e |
24 |
016f:1c63064b 7531 jnz 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 19 |
016f:1c63064d ff1544f36f1c call dword ptr [1c6ff344] -> USER32.DLL!ReleaseCapture |
25 |
016f:1c63064d ff1544f36f1c call dword ptr [1c6ff344] -> USER32.DLL!ReleaseCapture |
| 20 |
016f:1c630653 eb29 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
26 |
016f:1c630653 eb29 jmp 1c63067e = VCL641MI.DLL:.text+0x2f67e |
| 21 |
016f:1c630655 55 push ebp |
27 |
016f:1c630655 55 push ebp |
| 22 |
016f:1c630656 56 push esi |
28 |
016f:1c630656 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
9 |
016f:1c632940 8d44240c lea eax,[esp+0c] |
| 4 |
016f:1c632944 57 push edi |
10 |
016f:1c632944 57 push edi |
| 5 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
11 |
016f:1c632945 8b7c2420 mov edi,dword ptr [esp+20] |
| 6 |
016f:1c632949 50 push eax |
12 |
016f:1c632949 50 push eax |
| 7 |
016f:1c63294a 56 push esi |
13 |
016f:1c63294a 56 push esi |
| 8 |
016f:1c63294b 57 push edi |
14 |
016f:1c63294b 57 push edi |
| 9 |
016f:1c63294c 53 push ebx |
15 |
016f:1c63294c 53 push ebx |
| 10 |
016f:1c63294d 55 push ebp |
16 |
016f:1c63294d 55 push ebp |
| 11 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
17 |
016f:1c63294e c744242401000000 mov dword ptr [esp+24],00000001 |
| 12 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
18 |
016f:1c632956 e8f5d8ffff call 1c630250 = VCL641MI.DLL:.text+0x2f250 |
| 13 |
016f:1c63295f 85c9 test ecx,ecx |
19 |
016f:1c63295f 85c9 test ecx,ecx |
| 14 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
20 |
016f:1c632961 740a jz 1c63296d = VCL641MI.DLL:.text+0x3196d |
| 15 |
016f:1c632963 56 push esi |
21 |
016f:1c632963 56 push esi |
| 16 |
016f:1c632964 57 push edi |
22 |
016f:1c632964 57 push edi |
| 17 |
016f:1c632965 53 push ebx |
23 |
016f:1c632965 53 push ebx |
| 18 |
016f:1c632966 55 push ebp |
24 |
016f:1c632966 55 push ebp |
| 19 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
25 |
016f:1c632967 ff1584f36f1c call dword ptr [1c6ff384] -> USER32.DLL!DefWindowProcA |
| 20 |
016f:1c63296d 5f pop edi |
26 |
016f:1c63296d 5f pop edi |
| 21 |
016f:1c63296e 5e pop esi |
27 |
016f:1c63296e 5e pop esi |
| 22 |
016f:1c63296f 5d pop ebp |
28 |
016f:1c63296f 5d pop ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
9 |
016f:bff635f7 65d16e04 shr dword ptr gs:[esi+04],EvIa |
| 4 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
10 |
016f:bff635fb 7222 jc bff6361f = KERNEL32.DLL:_FREQASM+0x261f |
| 5 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
11 |
016f:bff635fd 65ff32 push dword ptr gs:[edx] |
| 6 |
016f:bff63600 8d5204 lea edx,[edx+04] |
12 |
016f:bff63600 8d5204 lea edx,[edx+04] |
| 7 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
13 |
016f:bff63603 e2f2 loop bff635f7 = KERNEL32.DLL:_FREQASM+0x25f7 |
| 8 |
016f:bff63605 8bfc mov edi,esp |
14 |
016f:bff63605 8bfc mov edi,esp |
| 9 |
016f:bff63607 33c0 xor eax,eax |
15 |
016f:bff63607 33c0 xor eax,eax |
| 10 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
16 |
016f:bff63609 65394608 cmp dword ptr gs:[esi+08],eax |
| 11 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
17 |
016f:bff6360d 7404 jz bff63613 = KERNEL32.DLL:_FREQASM+0x2613 |
| 12 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
18 |
016f:bff6360f 65ff5608 call dword ptr gs:[esi+08] |
| 13 |
016f:bff63615 33c9 xor ecx,ecx |
19 |
016f:bff63615 33c9 xor ecx,ecx |
| 14 |
016f:bff63617 8ee9 mov gs,cx |
20 |
016f:bff63617 8ee9 mov gs,cx |
| 15 |
016f:bff63619 5f pop edi |
21 |
016f:bff63619 5f pop edi |
| 16 |
016f:bff6361a 5e pop esi |
22 |
016f:bff6361a 5e pop esi |
| 17 |
016f:bff6361b c9 leave |
23 |
016f:bff6361b c9 leave |
| 18 |
016f:bff6361c c20c00 retd 000c |
24 |
016f:bff6361c c20c00 retd 000c |
| 19 |
016f:bff6361f 52 push edx |
25 |
016f:bff6361f 52 push edx |
| 20 |
016f:bff63620 51 push ecx |
26 |
016f:bff63620 51 push ecx |
| 21 |
016f:bff63621 33c0 xor eax,eax |
27 |
016f:bff63621 33c0 xor eax,eax |
| 22 |
016f:bff63623 48 dec eax |
28 |
016f:bff63623 48 dec eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff848d6 8bd0 mov edx,eax |
9 |
016f:bff848d6 8bd0 mov edx,eax |
| 4 |
016f:bff848d8 c1c210 rol edx,10 |
10 |
016f:bff848d8 c1c210 rol edx,10 |
| 5 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
11 |
016f:bff848db e9c8f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 6 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
12 |
016f:bff848e0 0fbf4316 movsx eax,word ptr [ebx+16] |
| 7 |
016f:bff848e4 50 push eax |
13 |
016f:bff848e4 50 push eax |
| 8 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
14 |
016f:bff848e5 668b4318 mov ax,word ptr [ebx+18] |
| 9 |
016f:bff848e9 50 push eax |
15 |
016f:bff848e9 50 push eax |
| 10 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
16 |
016f:bff848ea ff731a push dword ptr [ebx+1a] |
| 11 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
17 |
016f:bff848ed e8f3cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 12 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
18 |
016f:bff848f2 e8deecfdff call bff635d5 = KERNEL32.DLL:_FREQASM+0x25d5 |
| 13 |
016f:bff848fc 8bd0 mov edx,eax |
19 |
016f:bff848fc 8bd0 mov edx,eax |
| 14 |
016f:bff848fe c1c210 rol edx,10 |
20 |
016f:bff848fe c1c210 rol edx,10 |
| 15 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
21 |
016f:bff84901 e9aaf7ffff jmp bff840b0 = KERNEL32.DLL:.text+0x1b0b0 |
| 16 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
22 |
016f:bff84906 0fbf4316 movsx eax,word ptr [ebx+16] |
| 17 |
016f:bff8490a 50 push eax |
23 |
016f:bff8490a 50 push eax |
| 18 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
24 |
016f:bff8490b ff7318 push dword ptr [ebx+18] |
| 19 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
25 |
016f:bff8490e e8d2cefdff call bff617e5 = KERNEL32.DLL!K32Thk1632Prolog |
| 20 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
26 |
016f:bff84913 e8ceebfdff call bff634e6 = KERNEL32.DLL:_FREQASM+0x24e6 |
| 21 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
27 |
016f:bff84918 e8edcefdff call bff6180a = KERNEL32.DLL!K32Thk1632Epilog |
| 22 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
28 |
016f:bff8491d e986f7ffff jmp bff840a8 = KERNEL32.DLL:.text+0x1b0a8 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff61991 51 push ecx |
9 |
016f:bff61991 51 push ecx |
| 4 |
016f:bff61992 c1cf10 ror edi,10 |
10 |
016f:bff61992 c1cf10 ror edi,10 |
| 5 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
11 |
016f:bff61995 6664873d0e000000 xchg word ptr fs:[0000000e],di |
| 6 |
016f:bff6199d 57 push edi |
12 |
016f:bff6199d 57 push edi |
| 7 |
016f:bff6199e 686d18f6bf push bff6186d |
13 |
016f:bff6199e 686d18f6bf push bff6186d |
| 8 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
14 |
016f:bff619a3 64ff3500000000 push dword ptr fs:[00000000] |
| 9 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
15 |
016f:bff619aa 64892500000000 mov dword ptr fs:[00000000],esp |
| 10 |
016f:bff619b1 55 push ebp |
16 |
016f:bff619b1 55 push ebp |
| 11 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
17 |
016f:bff619b2 8d6c24fc lea ebp,[esp-04] |
| 12 |
016f:bff619b6 ffd2 call edx |
18 |
016f:bff619b6 ffd2 call edx |
| 13 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
19 |
016f:bff619b9 0fb6c9 movzx ecx,cl |
| 14 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
20 |
016f:bff619bc 648f0500000000 pop dword ptr fs:[00000000] |
| 15 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
21 |
016f:bff619c3 8d642404 lea esp,[esp+04] |
| 16 |
016f:bff619c7 5f pop edi |
22 |
016f:bff619c7 5f pop edi |
| 17 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
23 |
016f:bff619c8 6664893d0e000000 mov word ptr fs:[0000000e],di |
| 18 |
016f:bff619d0 5b pop ebx |
24 |
016f:bff619d0 5b pop ebx |
| 19 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
25 |
016f:bff619d1 660fb22424 lss sp,dword ptr [esp] |
| 20 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
26 |
016f:bff619d6 6664891d1e000000 mov word ptr fs:[0000001e],bx |
| 21 |
016f:bff619de 5b pop ebx |
27 |
016f:bff619de 5b pop ebx |
| 22 |
016f:bff619df 0bdb or ebx,ebx |
28 |
016f:bff619df 0bdb or ebx,ebx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
9 |
016f:bff6183d 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 4 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
10 |
016f:bff61843 e88b290000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 5 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
11 |
016f:bff61848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff |
| 6 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
12 |
016f:bff61852 ff5326 call dword ptr [ebx+26] |
| 7 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
13 |
016f:bff61855 8b1570b4fbbf mov edx,dword ptr [bffbb470] |
| 8 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
14 |
016f:bff6185b e82f290000 call bff6418f = KERNEL32.DLL:_FREQASM+0x318f |
| 9 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
15 |
016f:bff61860 6664ff051e000000 inc word ptr fs:[0000001e] |
| 10 |
016f:bff61868 b114 mov cl,14 |
16 |
016f:bff61868 b114 mov cl,14 |
| 11 |
016f:bff6186a 8be5 mov esp,ebp |
17 |
016f:bff6186a 8be5 mov esp,ebp |
| 12 |
016f:bff6186c c3 retd |
18 |
016f:bff6186c c3 retd |
| 13 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
19 |
016f:bff61871 f7400406000000 test dword ptr [eax+04],00000006 |
| 14 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
20 |
016f:bff61878 7419 jz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 15 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
21 |
016f:bff6187a 8b442408 mov eax,dword ptr [esp+08] |
| 16 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
22 |
016f:bff6187e 8178046d18f6bf cmp dword ptr [eax+04],bff6186d |
| 17 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
23 |
016f:bff61885 750c jnz bff61893 = KERNEL32.DLL:_FREQASM+0x893 |
| 18 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
24 |
016f:bff61887 668b4808 mov cx,word ptr [eax+08] |
| 19 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
25 |
016f:bff6188b 6664890d0e000000 mov word ptr fs:[0000000e],cx |
| 20 |
016f:bff61893 b801000000 mov eax,00000001 |
26 |
016f:bff61893 b801000000 mov eax,00000001 |
| 21 |
016f:bff61898 c3 retd |
27 |
016f:bff61898 c3 retd |
| 22 |
016f:bff61899 9d popfd |
28 |
016f:bff61899 9d popfd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
8 |
-> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
8 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
8 |
-> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6ec7f0 a15cd3711c mov eax,dword ptr [1c71d35c] |
9 |
016f:1c6ec7f0 a15cd3711c mov eax,dword ptr [1c71d35c] |
| 4 |
016f:1c6ec7f5 85c0 test eax,eax |
10 |
016f:1c6ec7f5 85c0 test eax,eax |
| 5 |
016f:1c6ec7f7 740c jz 1c6ec805 = VCL641MI.DLL:.text+0xeb805 |
11 |
016f:1c6ec7f7 740c jz 1c6ec805 = VCL641MI.DLL:.text+0xeb805 |
| 6 |
016f:1c6ec7f9 8b442404 mov eax,dword ptr [esp+04] |
12 |
016f:1c6ec7f9 8b442404 mov eax,dword ptr [esp+04] |
| 7 |
016f:1c6ec7fd 50 push eax |
13 |
016f:1c6ec7fd 50 push eax |
| 8 |
016f:1c6ec7fe ff1504f46f1c call dword ptr [1c6ff404] -> USER32.DLL!CharLowerW |
14 |
016f:1c6ec7fe ff1504f46f1c call dword ptr [1c6ff404] -> USER32.DLL!CharLowerW |
| 9 |
016f:1c6ec804 c3 retd |
15 |
016f:1c6ec804 c3 retd |
| 10 |
016f:1c6ec805 8b4c2404 mov ecx,dword ptr [esp+04] |
16 |
016f:1c6ec805 8b4c2404 mov ecx,dword ptr [esp+04] |
| 11 |
016f:1c6ec809 51 push ecx |
17 |
016f:1c6ec809 51 push ecx |
| 12 |
016f:1c6ec80a ff1500f46f1c call dword ptr [1c6ff400] -> USER32.DLL!DispatchMessageA |
18 |
016f:1c6ec80a ff1500f46f1c call dword ptr [1c6ff400] -> USER32.DLL!DispatchMessageA |
| 13 |
016f:1c6ec811 90 nop |
19 |
016f:1c6ec811 90 nop |
| 14 |
016f:1c6ec812 90 nop |
20 |
016f:1c6ec812 90 nop |
| 15 |
016f:1c6ec813 90 nop |
21 |
016f:1c6ec813 90 nop |
| 16 |
016f:1c6ec814 90 nop |
22 |
016f:1c6ec814 90 nop |
| 17 |
016f:1c6ec815 90 nop |
23 |
016f:1c6ec815 90 nop |
| 18 |
016f:1c6ec816 90 nop |
24 |
016f:1c6ec816 90 nop |
| 19 |
016f:1c6ec817 90 nop |
25 |
016f:1c6ec817 90 nop |
| 20 |
016f:1c6ec818 90 nop |
26 |
016f:1c6ec818 90 nop |
| 21 |
016f:1c6ec819 90 nop |
27 |
016f:1c6ec819 90 nop |
| 22 |
016f:1c6ec81a 90 nop |
28 |
016f:1c6ec81a 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dcbbd 8b464c mov eax,dword ptr [esi+4c] |
9 |
016f:1c6dcbbd 8b464c mov eax,dword ptr [esi+4c] |
| 4 |
016f:1c6dcbc0 85c0 test eax,eax |
10 |
016f:1c6dcbc0 85c0 test eax,eax |
| 5 |
016f:1c6dcbc2 740d jz 1c6dcbd1 = VCL641MI.DLL:.text+0xdbbd1 |
11 |
016f:1c6dcbc2 740d jz 1c6dcbd1 = VCL641MI.DLL:.text+0xdbbd1 |
| 6 |
016f:1c6dcbc4 57 push edi |
12 |
016f:1c6dcbc4 57 push edi |
| 7 |
016f:1c6dcbc5 e846fe0000 call 1c6eca10 = VCL641MI.DLL:.text+0xeba10 |
13 |
016f:1c6dcbc5 e846fe0000 call 1c6eca10 = VCL641MI.DLL:.text+0xeba10 |
| 8 |
016f:1c6dcbca 83c404 add esp,+04 |
14 |
016f:1c6dcbca 83c404 add esp,+04 |
| 9 |
016f:1c6dcbcd 84c0 test al,al |
15 |
016f:1c6dcbcd 84c0 test al,al |
| 10 |
016f:1c6dcbcf 751a jnz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb |
16 |
016f:1c6dcbcf 751a jnz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb |
| 11 |
016f:1c6dcbd1 57 push edi |
17 |
016f:1c6dcbd1 57 push edi |
| 12 |
016f:1c6dcbd2 e819fc0000 call 1c6ec7f0 = VCL641MI.DLL:.text+0xeb7f0 |
18 |
016f:1c6dcbd2 e819fc0000 call 1c6ec7f0 = VCL641MI.DLL:.text+0xeb7f0 |
| 13 |
016f:1c6dcbda 83c404 add esp,+04 |
19 |
016f:1c6dcbda 83c404 add esp,+04 |
| 14 |
016f:1c6dcbdd 85c9 test ecx,ecx |
20 |
016f:1c6dcbdd 85c9 test ecx,ecx |
| 15 |
016f:1c6dcbdf 740a jz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb |
21 |
016f:1c6dcbdf 740a jz 1c6dcbeb = VCL641MI.DLL:.text+0xdbbeb |
| 16 |
016f:1c6dcbe1 50 push eax |
22 |
016f:1c6dcbe1 50 push eax |
| 17 |
016f:1c6dcbe2 57 push edi |
23 |
016f:1c6dcbe2 57 push edi |
| 18 |
016f:1c6dcbe3 e8b8ff0000 call 1c6ecba0 = VCL641MI.DLL:.text+0xebba0 |
24 |
016f:1c6dcbe3 e8b8ff0000 call 1c6ecba0 = VCL641MI.DLL:.text+0xebba0 |
| 19 |
016f:1c6dcbe8 83c408 add esp,+08 |
25 |
016f:1c6dcbe8 83c408 add esp,+08 |
| 20 |
016f:1c6dcbeb 5f pop edi |
26 |
016f:1c6dcbeb 5f pop edi |
| 21 |
016f:1c6dcbec 5e pop esi |
27 |
016f:1c6dcbec 5e pop esi |
| 22 |
016f:1c6dcbed c3 retd |
28 |
016f:1c6dcbed c3 retd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dcb81 e81afc0000 call 1c6ec7a0 = VCL641MI.DLL:.text+0xeb7a0 |
9 |
016f:1c6dcb81 e81afc0000 call 1c6ec7a0 = VCL641MI.DLL:.text+0xeb7a0 |
| 4 |
016f:1c6dcb86 83c414 add esp,+14 |
10 |
016f:1c6dcb86 83c414 add esp,+14 |
| 5 |
016f:1c6dcb89 85c0 test eax,eax |
11 |
016f:1c6dcb89 85c0 test eax,eax |
| 6 |
016f:1c6dcb8b 7418 jz 1c6dcba5 = VCL641MI.DLL:.text+0xdbba5 |
12 |
016f:1c6dcb8b 7418 jz 1c6dcba5 = VCL641MI.DLL:.text+0xdbba5 |
| 7 |
016f:1c6dcb8d 8d4c2400 lea ecx,[esp] |
13 |
016f:1c6dcb8d 8d4c2400 lea ecx,[esp] |
| 8 |
016f:1c6dcb91 51 push ecx |
14 |
016f:1c6dcb91 51 push ecx |
| 9 |
016f:1c6dcb92 ff15acf36f1c call dword ptr [1c6ff3ac] -> USER32.DLL!TranslateMessage |
15 |
016f:1c6dcb92 ff15acf36f1c call dword ptr [1c6ff3ac] -> USER32.DLL!TranslateMessage |
| 10 |
016f:1c6dcb98 8d542400 lea edx,[esp] |
16 |
016f:1c6dcb98 8d542400 lea edx,[esp] |
| 11 |
016f:1c6dcb9c 52 push edx |
17 |
016f:1c6dcb9c 52 push edx |
| 12 |
016f:1c6dcb9d e80e000000 call 1c6dcbb0 = VCL641MI.DLL:.text+0xdbbb0 |
18 |
016f:1c6dcb9d e80e000000 call 1c6dcbb0 = VCL641MI.DLL:.text+0xdbbb0 |
| 13 |
016f:1c6dcba5 83c41c add esp,+1c |
19 |
016f:1c6dcba5 83c41c add esp,+1c |
| 14 |
016f:1c6dcba8 c3 retd |
20 |
016f:1c6dcba8 c3 retd |
| 15 |
016f:1c6dcba9 90 nop |
21 |
016f:1c6dcba9 90 nop |
| 16 |
016f:1c6dcbaa 90 nop |
22 |
016f:1c6dcbaa 90 nop |
| 17 |
016f:1c6dcbab 90 nop |
23 |
016f:1c6dcbab 90 nop |
| 18 |
016f:1c6dcbac 90 nop |
24 |
016f:1c6dcbac 90 nop |
| 19 |
016f:1c6dcbad 90 nop |
25 |
016f:1c6dcbad 90 nop |
| 20 |
016f:1c6dcbae 90 nop |
26 |
016f:1c6dcbae 90 nop |
| 21 |
016f:1c6dcbaf 90 nop |
27 |
016f:1c6dcbaf 90 nop |
| 22 |
016f:1c6dcbb0 a188ca711c mov eax,dword ptr [1c71ca88] |
28 |
016f:1c6dcbb0 a188ca711c mov eax,dword ptr [1c71ca88] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c6dcc7a 75f5 jnz 1c6dcc71 = VCL641MI.DLL:.text+0xdbc71 |
9 |
016f:1c6dcc7a 75f5 jnz 1c6dcc71 = VCL641MI.DLL:.text+0xdbc71 |
| 4 |
016f:1c6dcc7c 5f pop edi |
10 |
016f:1c6dcc7c 5f pop edi |
| 5 |
016f:1c6dcc7d 5e pop esi |
11 |
016f:1c6dcc7d 5e pop esi |
| 6 |
016f:1c6dcc7e 5d pop ebp |
12 |
016f:1c6dcc7e 5d pop ebp |
| 7 |
016f:1c6dcc7f 5b pop ebx |
13 |
016f:1c6dcc7f 5b pop ebx |
| 8 |
016f:1c6dcc80 83c40c add esp,+0c |
14 |
016f:1c6dcc80 83c40c add esp,+0c |
| 9 |
016f:1c6dcc83 c20400 retd 0004 |
15 |
016f:1c6dcc83 c20400 retd 0004 |
| 10 |
016f:1c6dcc86 8b4c2420 mov ecx,dword ptr [esp+20] |
16 |
016f:1c6dcc86 8b4c2420 mov ecx,dword ptr [esp+20] |
| 11 |
016f:1c6dcc8a 51 push ecx |
17 |
016f:1c6dcc8a 51 push ecx |
| 12 |
016f:1c6dcc8b e8c0feffff call 1c6dcb50 = VCL641MI.DLL:.text+0xdbb50 |
18 |
016f:1c6dcc8b e8c0feffff call 1c6dcb50 = VCL641MI.DLL:.text+0xdbb50 |
| 13 |
016f:1c6dcc93 85f6 test esi,esi |
19 |
016f:1c6dcc93 85f6 test esi,esi |
| 14 |
016f:1c6dcc95 7408 jz 1c6dcc9f = VCL641MI.DLL:.text+0xdbc9f |
20 |
016f:1c6dcc95 7408 jz 1c6dcc9f = VCL641MI.DLL:.text+0xdbc9f |
| 15 |
016f:1c6dcc97 e8a4f7ffff call 1c6dc440 = VCL641MI.DLL:.text+0xdb440 |
21 |
016f:1c6dcc97 e8a4f7ffff call 1c6dc440 = VCL641MI.DLL:.text+0xdb440 |
| 16 |
016f:1c6dcc9c 4e dec esi |
22 |
016f:1c6dcc9c 4e dec esi |
| 17 |
016f:1c6dcc9d 75f8 jnz 1c6dcc97 = VCL641MI.DLL:.text+0xdbc97 |
23 |
016f:1c6dcc9d 75f8 jnz 1c6dcc97 = VCL641MI.DLL:.text+0xdbc97 |
| 18 |
016f:1c6dcc9f 5f pop edi |
24 |
016f:1c6dcc9f 5f pop edi |
| 19 |
016f:1c6dcca0 5e pop esi |
25 |
016f:1c6dcca0 5e pop esi |
| 20 |
016f:1c6dcca1 5d pop ebp |
26 |
016f:1c6dcca1 5d pop ebp |
| 21 |
016f:1c6dcca2 5b pop ebx |
27 |
016f:1c6dcca2 5b pop ebx |
| 22 |
016f:1c6dcca3 83c40c add esp,+0c |
28 |
016f:1c6dcca3 83c40c add esp,+0c |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
8 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 66 ff 4e 78 5e c3 90 90 90 90 90 90 90 90 a1 88 f.Nx^........... |
8 |
-> 66 ff 4e 78 5e c3 90 90 90 90 90 90 90 90 a1 88 f.Nx^........... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
8 |
-> 28 12 dd 00 78 30 dd 00 08 91 11 01 00 00 00 00 (...x0.......... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:1c61d49d 90 nop |
9 |
016f:1c61d49d 90 nop |
| 4 |
016f:1c61d49e 90 nop |
10 |
016f:1c61d49e 90 nop |
| 5 |
016f:1c61d49f 90 nop |
11 |
016f:1c61d49f 90 nop |
| 6 |
016f:1c61d4a0 56 push esi |
12 |
016f:1c61d4a0 56 push esi |
| 7 |
016f:1c61d4a1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
13 |
016f:1c61d4a1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
| 8 |
016f:1c61d4a7 8a8688000000 mov al,byte ptr [esi+00000088] |
14 |
016f:1c61d4a7 8a8688000000 mov al,byte ptr [esi+00000088] |
| 9 |
016f:1c61d4ad c6868700000001 mov byte ptr [esi+00000087],01 |
15 |
016f:1c61d4ad c6868700000001 mov byte ptr [esi+00000087],01 |
| 10 |
016f:1c61d4b4 84c0 test al,al |
16 |
016f:1c61d4b4 84c0 test al,al |
| 11 |
016f:1c61d4b6 750f jnz 1c61d4c7 = VCL641MI.DLL:.text+0x1c4c7 |
17 |
016f:1c61d4b6 750f jnz 1c61d4c7 = VCL641MI.DLL:.text+0x1c4c7 |
| 12 |
016f:1c61d4b8 e843000000 call 1c61d500 = VCL641MI.DLL!413 |
18 |
016f:1c61d4b8 e843000000 call 1c61d500 = VCL641MI.DLL!413 |
| 13 |
016f:1c61d4c3 84c0 test al,al |
19 |
016f:1c61d4c3 84c0 test al,al |
| 14 |
016f:1c61d4c5 74f1 jz 1c61d4b8 = VCL641MI.DLL:.text+0x1c4b8 |
20 |
016f:1c61d4c5 74f1 jz 1c61d4b8 = VCL641MI.DLL:.text+0x1c4b8 |
| 15 |
016f:1c61d4c7 c6868700000000 mov byte ptr [esi+00000087],00 |
21 |
016f:1c61d4c7 c6868700000000 mov byte ptr [esi+00000087],00 |
| 16 |
016f:1c61d4ce 5e pop esi |
22 |
016f:1c61d4ce 5e pop esi |
| 17 |
016f:1c61d4cf c3 retd |
23 |
016f:1c61d4cf c3 retd |
| 18 |
016f:1c61d4d0 56 push esi |
24 |
016f:1c61d4d0 56 push esi |
| 19 |
016f:1c61d4d1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
25 |
016f:1c61d4d1 8b3588ca711c mov esi,dword ptr [1c71ca88] -> VCL641MI.DLL:.data+0x5ae8 |
| 20 |
016f:1c61d4d7 8a462c mov al,byte ptr [esi+2c] |
26 |
016f:1c61d4d7 8a462c mov al,byte ptr [esi+2c] |
| 21 |
016f:1c61d4da 84c0 test al,al |
27 |
016f:1c61d4da 84c0 test al,al |
| 22 |
016f:1c61d4dc 740c jz 1c61d4ea = VCL641MI.DLL:.text+0x1c4ea |
28 |
016f:1c61d4dc 740c jz 1c61d4ea = VCL641MI.DLL:.text+0x1c4ea |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
8 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:011037d0 8d4db8 lea ecx,[ebp-48] |
9 |
016f:011037d0 8d4db8 lea ecx,[ebp-48] |
| 4 |
016f:011037d3 c645fca0 mov byte ptr [ebp-04],a0 |
10 |
016f:011037d3 c645fca0 mov byte ptr [ebp-04],a0 |
| 5 |
016f:011037d7 e8f8fe0000 call 011136d4 = TL641MI.DLL!242 |
11 |
016f:011037d7 e8f8fe0000 call 011136d4 = TL641MI.DLL!242 |
| 6 |
016f:011037dc c645fc29 mov byte ptr [ebp-04],29 |
12 |
016f:011037dc c645fc29 mov byte ptr [ebp-04],29 |
| 7 |
016f:011037e0 8d4de8 lea ecx,[ebp-18] |
13 |
016f:011037e0 8d4de8 lea ecx,[ebp-18] |
| 8 |
016f:011037e3 e8e4fd0000 call 011135cc = TL641MI.DLL!149 |
14 |
016f:011037e3 e8e4fd0000 call 011135cc = TL641MI.DLL!149 |
| 9 |
016f:011037e8 6a0a push +0a |
15 |
016f:011037e8 6a0a push +0a |
| 10 |
016f:011037ea 8bce mov ecx,esi |
16 |
016f:011037ea 8bce mov ecx,esi |
| 11 |
016f:011037ec e85f380000 call 01107050 = SETUP.EXE:.text+0x6050 |
17 |
016f:011037ec e85f380000 call 01107050 = SETUP.EXE:.text+0x6050 |
| 12 |
016f:011037f1 e83c010100 call 01113932 = VCL641MI.DLL!322 |
18 |
016f:011037f1 e83c010100 call 01113932 = VCL641MI.DLL!322 |
| 13 |
016f:011037fa 750d jnz 01103809 = SETUP.EXE:.text+0x2809 |
19 |
016f:011037fa 750d jnz 01103809 = SETUP.EXE:.text+0x2809 |
| 14 |
016f:011037fc 33ff xor edi,edi |
20 |
016f:011037fc 33ff xor edi,edi |
| 15 |
016f:011037fe 57 push edi |
21 |
016f:011037fe 57 push edi |
| 16 |
016f:011037ff e810010100 call 01113914 = VCL641MI.DLL!399 |
22 |
016f:011037ff e810010100 call 01113914 = VCL641MI.DLL!399 |
| 17 |
016f:01103804 83c404 add esp,+04 |
23 |
016f:01103804 83c404 add esp,+04 |
| 18 |
016f:01103807 eb02 jmp 0110380b = SETUP.EXE:.text+0x280b |
24 |
016f:01103807 eb02 jmp 0110380b = SETUP.EXE:.text+0x280b |
| 19 |
016f:01103809 33ff xor edi,edi |
25 |
016f:01103809 33ff xor edi,edi |
| 20 |
016f:0110380b 8b4d88 mov ecx,dword ptr [ebp-78] |
26 |
016f:0110380b 8b4d88 mov ecx,dword ptr [ebp-78] |
| 21 |
016f:0110380e 51 push ecx |
27 |
016f:0110380e 51 push ecx |
| 22 |
016f:0110380f e88cdaffff call 011012a0 = SETUP.EXE:.text+0x2a0 |
28 |
016f:0110380f e88cdaffff call 011012a0 = SETUP.EXE:.text+0x2a0 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 |
9 |
016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 |
| 4 |
016f:65f0d57d 33c0 xor eax,eax |
10 |
016f:65f0d57d 33c0 xor eax,eax |
| 5 |
016f:65f0d57f 5d pop ebp |
11 |
016f:65f0d57f 5d pop ebp |
| 6 |
016f:65f0d580 5f pop edi |
12 |
016f:65f0d580 5f pop edi |
| 7 |
016f:65f0d581 5e pop esi |
13 |
016f:65f0d581 5e pop esi |
| 8 |
016f:65f0d582 5b pop ebx |
14 |
016f:65f0d582 5b pop ebx |
| 9 |
016f:65f0d583 c3 retd |
15 |
016f:65f0d583 c3 retd |
| 10 |
016f:65f0d584 8bc1 mov eax,ecx |
16 |
016f:65f0d584 8bc1 mov eax,ecx |
| 11 |
016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 |
17 |
016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 |
| 12 |
016f:65f0d58c c3 retd |
18 |
016f:65f0d58c c3 retd |
| 13 |
016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] |
19 |
016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] |
| 14 |
016f:65f0d592 8bec mov ebp,esp |
20 |
016f:65f0d592 8bec mov ebp,esp |
| 15 |
016f:65f0d594 81f904040000 cmp ecx,00000404 |
21 |
016f:65f0d594 81f904040000 cmp ecx,00000404 |
| 16 |
016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb |
22 |
016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb |
| 17 |
016f:65f0d59c ff7514 push dword ptr [ebp+14] |
23 |
016f:65f0d59c ff7514 push dword ptr [ebp+14] |
| 18 |
016f:65f0d59f 81f905040000 cmp ecx,00000405 |
24 |
016f:65f0d59f 81f905040000 cmp ecx,00000405 |
| 19 |
016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 |
25 |
016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 |
| 20 |
016f:65f0d5ab ff7510 push dword ptr [ebp+10] |
26 |
016f:65f0d5ab ff7510 push dword ptr [ebp+10] |
| 21 |
016f:65f0d5ae 51 push ecx |
27 |
016f:65f0d5ae 51 push ecx |
| 22 |
016f:65f0d5af ff7508 push dword ptr [ebp+08] |
28 |
016f:65f0d5af ff7508 push dword ptr [ebp+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 |
9 |
016f:65f0d576 c7460801000000 mov dword ptr [esi+08],00000001 |
| 4 |
016f:65f0d57d 33c0 xor eax,eax |
10 |
016f:65f0d57d 33c0 xor eax,eax |
| 5 |
016f:65f0d57f 5d pop ebp |
11 |
016f:65f0d57f 5d pop ebp |
| 6 |
016f:65f0d580 5f pop edi |
12 |
016f:65f0d580 5f pop edi |
| 7 |
016f:65f0d581 5e pop esi |
13 |
016f:65f0d581 5e pop esi |
| 8 |
016f:65f0d582 5b pop ebx |
14 |
016f:65f0d582 5b pop ebx |
| 9 |
016f:65f0d583 c3 retd |
15 |
016f:65f0d583 c3 retd |
| 10 |
016f:65f0d584 8bc1 mov eax,ecx |
16 |
016f:65f0d584 8bc1 mov eax,ecx |
| 11 |
016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 |
17 |
016f:65f0d586 c70100000000 mov dword ptr [ecx],00000000 |
| 12 |
016f:65f0d58c c3 retd |
18 |
016f:65f0d58c c3 retd |
| 13 |
016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] |
19 |
016f:65f0d58e 8b4c240c mov ecx,dword ptr [esp+0c] |
| 14 |
016f:65f0d592 8bec mov ebp,esp |
20 |
016f:65f0d592 8bec mov ebp,esp |
| 15 |
016f:65f0d594 81f904040000 cmp ecx,00000404 |
21 |
016f:65f0d594 81f904040000 cmp ecx,00000404 |
| 16 |
016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb |
22 |
016f:65f0d59a 741f jz 65f0d5bb = OLE32.DLL:.text+0xc5bb |
| 17 |
016f:65f0d59c ff7514 push dword ptr [ebp+14] |
23 |
016f:65f0d59c ff7514 push dword ptr [ebp+14] |
| 18 |
016f:65f0d59f 81f905040000 cmp ecx,00000405 |
24 |
016f:65f0d59f 81f905040000 cmp ecx,00000405 |
| 19 |
016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 |
25 |
016f:65f0d5a5 0f84f77d0300 jz 65f453a2 = OLE32.DLL:.text+0x443a2 |
| 20 |
016f:65f0d5ab ff7510 push dword ptr [ebp+10] |
26 |
016f:65f0d5ab ff7510 push dword ptr [ebp+10] |
| 21 |
016f:65f0d5ae 51 push ecx |
27 |
016f:65f0d5ae 51 push ecx |
| 22 |
016f:65f0d5af ff7508 push dword ptr [ebp+08] |
28 |
016f:65f0d5af ff7508 push dword ptr [ebp+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> c1 e6 04 39 4c 16 08 8d 04 16 0f 85 3b 01 03 00 ...9L.......;... |
8 |
-> c1 e6 04 39 4c 16 08 8d 04 16 0f 85 3b 01 03 00 ...9L.......;... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff845e7 e854fffdff call bff64540 = KERNEL32.DLL:_FREQASM+0x3540 |
9 |
016f:bff845e7 e854fffdff call bff64540 = KERNEL32.DLL:_FREQASM+0x3540 |
| 4 |
016f:bff845ec 8bd0 mov edx,eax |
10 |
016f:bff845ec 8bd0 mov edx,eax |
| 5 |
016f:bff845ee c1c210 rol edx,10 |
11 |
016f:bff845ee c1c210 rol edx,10 |
| 6 |
016f:bff845f1 e9e2faffff jmp bff840d8 = KERNEL32.DLL:.text+0x1b0d8 |
12 |
016f:bff845f1 e9e2faffff jmp bff840d8 = KERNEL32.DLL:.text+0x1b0d8 |
| 7 |
016f:bff845f6 ff7316 push dword ptr [ebx+16] |
13 |
016f:bff845f6 ff7316 push dword ptr [ebx+16] |
| 8 |
016f:bff845f9 0fbf431a movsx eax,word ptr [ebx+1a] |
14 |
016f:bff845f9 0fbf431a movsx eax,word ptr [ebx+1a] |
| 9 |
016f:bff845fd 50 push eax |
15 |
016f:bff845fd 50 push eax |
| 10 |
016f:bff845fe ff731c push dword ptr [ebx+1c] |
16 |
016f:bff845fe ff731c push dword ptr [ebx+1c] |
| 11 |
016f:bff84601 ff7320 push dword ptr [ebx+20] |
17 |
016f:bff84601 ff7320 push dword ptr [ebx+20] |
| 12 |
016f:bff84604 e8bbfefdff call bff644c4 = KERNEL32.DLL:_FREQASM+0x34c4 |
18 |
016f:bff84604 e8bbfefdff call bff644c4 = KERNEL32.DLL:_FREQASM+0x34c4 |
| 13 |
016f:bff8460b c1c210 rol edx,10 |
19 |
016f:bff8460b c1c210 rol edx,10 |
| 14 |
016f:bff8460e e9b5faffff jmp bff840c8 = KERNEL32.DLL:.text+0x1b0c8 |
20 |
016f:bff8460e e9b5faffff jmp bff840c8 = KERNEL32.DLL:.text+0x1b0c8 |
| 15 |
016f:bff84613 ff7316 push dword ptr [ebx+16] |
21 |
016f:bff84613 ff7316 push dword ptr [ebx+16] |
| 16 |
016f:bff84616 ff731a push dword ptr [ebx+1a] |
22 |
016f:bff84616 ff731a push dword ptr [ebx+1a] |
| 17 |
016f:bff84619 ff731e push dword ptr [ebx+1e] |
23 |
016f:bff84619 ff731e push dword ptr [ebx+1e] |
| 18 |
016f:bff8461c ff7322 push dword ptr [ebx+22] |
24 |
016f:bff8461c ff7322 push dword ptr [ebx+22] |
| 19 |
016f:bff8461f e8a8fdfdff call bff643cc = KERNEL32.DLL:_FREQASM+0x33cc |
25 |
016f:bff8461f e8a8fdfdff call bff643cc = KERNEL32.DLL:_FREQASM+0x33cc |
| 20 |
016f:bff84624 8bd0 mov edx,eax |
26 |
016f:bff84624 8bd0 mov edx,eax |
| 21 |
016f:bff84626 c1c210 rol edx,10 |
27 |
016f:bff84626 c1c210 rol edx,10 |
| 22 |
016f:bff84629 e9a2faffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 |
28 |
016f:bff84629 e9a2faffff jmp bff840d0 = KERNEL32.DLL:.text+0x1b0d0 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a4e6 2bfb sub edi,ebx |
9 |
016f:bff6a4e6 2bfb sub edi,ebx |
| 4 |
016f:bff6a4e8 57 push edi |
10 |
016f:bff6a4e8 57 push edi |
| 5 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
11 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
| 6 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
13 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
| 8 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
14 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
| 9 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
15 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
| 10 |
016f:bff6a4f8 50 push eax |
16 |
016f:bff6a4f8 50 push eax |
| 11 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
18 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 13 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
19 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 14 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
20 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 15 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
21 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 16 |
016f:bff6a50d 50 push eax |
22 |
016f:bff6a50d 50 push eax |
| 17 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
23 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 18 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
24 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 19 |
016f:bff6a514 50 push eax |
25 |
016f:bff6a514 50 push eax |
| 20 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
26 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 21 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
27 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 22 |
016f:bff6a51d 85c0 test eax,eax |
28 |
016f:bff6a51d 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a4e6 2bfb sub edi,ebx |
9 |
016f:bff6a4e6 2bfb sub edi,ebx |
| 4 |
016f:bff6a4e8 57 push edi |
10 |
016f:bff6a4e8 57 push edi |
| 5 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
11 |
016f:bff6a4e9 894108 mov dword ptr [ecx+08],eax |
| 6 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
12 |
016f:bff6a4ec 8b5604 mov edx,dword ptr [esi+04] |
| 7 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
13 |
016f:bff6a4ef 8b4608 mov eax,dword ptr [esi+08] |
| 8 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
14 |
016f:bff6a4f2 895004 mov dword ptr [eax+04],edx |
| 9 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
15 |
016f:bff6a4f5 8d041e lea eax,[esi+ebx] |
| 10 |
016f:bff6a4f8 50 push eax |
16 |
016f:bff6a4f8 50 push eax |
| 11 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
17 |
016f:bff6a4f9 ff7508 push dword ptr [ebp+08] |
| 12 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
18 |
016f:bff6a4fc e870fdffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 13 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
19 |
016f:bff6a503 8b4d08 mov ecx,dword ptr [ebp+08] |
| 14 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
20 |
016f:bff6a506 0fb64170 movzx eax,byte ptr [ecx+70] |
| 15 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
21 |
016f:bff6a50a 0b45f4 or eax,dword ptr [ebp-0c] |
| 16 |
016f:bff6a50d 50 push eax |
22 |
016f:bff6a50d 50 push eax |
| 17 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
23 |
016f:bff6a50e 8b45f8 mov eax,dword ptr [ebp-08] |
| 18 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
24 |
016f:bff6a511 2b45fc sub eax,dword ptr [ebp-04] |
| 19 |
016f:bff6a514 50 push eax |
25 |
016f:bff6a514 50 push eax |
| 20 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
26 |
016f:bff6a515 ff75fc push dword ptr [ebp-04] |
| 21 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
27 |
016f:bff6a518 e8f6feffff call bff6a413 = KERNEL32.DLL:.text+0x1413 |
| 22 |
016f:bff6a51d 85c0 test eax,eax |
28 |
016f:bff6a51d 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
9 |
016f:bff6a24f 008b4424040f add byte ptr [ebx+0f042444],cl |
| 4 |
016f:bff6a255 b648 mov dh,48 |
10 |
016f:bff6a255 b648 mov dh,48 |
| 5 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
11 |
016f:bff6a257 700b jo bff6a264 = KERNEL32.DLL:.text+0x1264 |
| 6 |
016f:bff6a259 4c dec esp |
12 |
016f:bff6a259 4c dec esp |
| 7 |
016f:bff6a25a 2408 and al,08 |
13 |
016f:bff6a25a 2408 and al,08 |
| 8 |
016f:bff6a25c f6c101 test cl,01 |
14 |
016f:bff6a25c f6c101 test cl,01 |
| 9 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
15 |
016f:bff6a25f 750d jnz bff6a26e = KERNEL32.DLL:.text+0x126e |
| 10 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
16 |
016f:bff6a261 ff704c push dword ptr [eax+4c] |
| 11 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
17 |
016f:bff6a264 e85da0ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 12 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
18 |
016f:bff6a269 e83f010000 call bff6a3ad = KERNEL32.DLL:.text+0x13ad |
| 13 |
016f:bff6a271 53 push ebx |
19 |
016f:bff6a271 53 push ebx |
| 14 |
016f:bff6a272 56 push esi |
20 |
016f:bff6a272 56 push esi |
| 15 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
21 |
016f:bff6a273 8b742414 mov esi,dword ptr [esp+14] |
| 16 |
016f:bff6a277 57 push edi |
22 |
016f:bff6a277 57 push edi |
| 17 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
23 |
016f:bff6a278 8b7c2414 mov edi,dword ptr [esp+14] |
| 18 |
016f:bff6a27c 55 push ebp |
24 |
016f:bff6a27c 55 push ebp |
| 19 |
016f:bff6a27d b900001000 mov ecx,00100000 |
25 |
016f:bff6a27d b900001000 mov ecx,00100000 |
| 20 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
26 |
016f:bff6a282 8d1c37 lea ebx,[edi+esi] |
| 21 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
27 |
016f:bff6a285 8b03 mov eax,dword ptr [ebx] |
| 22 |
016f:bff6a287 a801 test al,01 |
28 |
016f:bff6a287 a801 test al,01 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff76f02 0c53 or al,53 |
9 |
016f:bff76f02 0c53 or al,53 |
| 4 |
016f:bff76f04 ff7508 push dword ptr [ebp+08] |
10 |
016f:bff76f04 ff7508 push dword ptr [ebp+08] |
| 5 |
016f:bff76f07 e8f36e0100 call bff8ddff = KERNEL32.DLL:.text+0x24dff |
11 |
016f:bff76f07 e8f36e0100 call bff8ddff = KERNEL32.DLL:.text+0x24dff |
| 6 |
016f:bff76f0c 8945fc mov dword ptr [ebp-04],eax |
12 |
016f:bff76f0c 8945fc mov dword ptr [ebp-04],eax |
| 7 |
016f:bff76f0f 395dfc cmp dword ptr [ebp-04],ebx |
13 |
016f:bff76f0f 395dfc cmp dword ptr [ebp-04],ebx |
| 8 |
016f:bff76f12 7519 jnz bff76f2d = KERNEL32.DLL:.text+0xdf2d |
14 |
016f:bff76f12 7519 jnz bff76f2d = KERNEL32.DLL:.text+0xdf2d |
| 9 |
016f:bff76f14 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
15 |
016f:bff76f14 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 10 |
016f:bff76f19 8b08 mov ecx,dword ptr [eax] |
16 |
016f:bff76f19 8b08 mov ecx,dword ptr [eax] |
| 11 |
016f:bff76f1b ffb198000000 push dword ptr [ecx+00000098] |
17 |
016f:bff76f1b ffb198000000 push dword ptr [ecx+00000098] |
| 12 |
016f:bff76f21 e88e6cffff call bff6dbb4 = KERNEL32.DLL:.text+0x4bb4 |
18 |
016f:bff76f21 e88e6cffff call bff6dbb4 = KERNEL32.DLL:.text+0x4bb4 |
| 13 |
016f:bff76f28 e990000000 jmp bff76fbd = KERNEL32.DLL:.text+0xdfbd |
19 |
016f:bff76f28 e990000000 jmp bff76fbd = KERNEL32.DLL:.text+0xdfbd |
| 14 |
016f:bff76f2d 85f6 test esi,esi |
20 |
016f:bff76f2d 85f6 test esi,esi |
| 15 |
016f:bff76f2f 7416 jz bff76f47 = KERNEL32.DLL:.text+0xdf47 |
21 |
016f:bff76f2f 7416 jz bff76f47 = KERNEL32.DLL:.text+0xdf47 |
| 16 |
016f:bff76f31 57 push edi |
22 |
016f:bff76f31 57 push edi |
| 17 |
016f:bff76f32 8d45f4 lea eax,[ebp-0c] |
23 |
016f:bff76f32 8d45f4 lea eax,[ebp-0c] |
| 18 |
016f:bff76f35 50 push eax |
24 |
016f:bff76f35 50 push eax |
| 19 |
016f:bff76f36 8d4dfc lea ecx,[ebp-04] |
25 |
016f:bff76f36 8d4dfc lea ecx,[ebp-04] |
| 20 |
016f:bff76f39 51 push ecx |
26 |
016f:bff76f39 51 push ecx |
| 21 |
016f:bff76f3a e81d290100 call bff8985c = KERNEL32.DLL:.text+0x2085c |
27 |
016f:bff76f3a e81d290100 call bff8985c = KERNEL32.DLL:.text+0x2085c |
| 22 |
016f:bff76f3f 85c0 test eax,eax |
28 |
016f:bff76f3f 85c0 test eax,eax |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff82f89 e8ffd5feff call bff7058d = KERNEL32.DLL:.text+0x758d |
9 |
016f:bff82f89 e8ffd5feff call bff7058d = KERNEL32.DLL:.text+0x758d |
| 4 |
016f:bff82f8e 8bf0 mov esi,eax |
10 |
016f:bff82f8e 8bf0 mov esi,eax |
| 5 |
016f:bff82f90 85f6 test esi,esi |
11 |
016f:bff82f90 85f6 test esi,esi |
| 6 |
016f:bff82f92 7415 jz bff82fa9 = KERNEL32.DLL:.text+0x19fa9 |
12 |
016f:bff82f92 7415 jz bff82fa9 = KERNEL32.DLL:.text+0x19fa9 |
| 7 |
016f:bff82f94 ff742410 push dword ptr [esp+10] |
13 |
016f:bff82f94 ff742410 push dword ptr [esp+10] |
| 8 |
016f:bff82f98 56 push esi |
14 |
016f:bff82f98 56 push esi |
| 9 |
016f:bff82f99 ff742410 push dword ptr [esp+10] |
15 |
016f:bff82f99 ff742410 push dword ptr [esp+10] |
| 10 |
016f:bff82f9d 8b442418 mov eax,dword ptr [esp+18] |
16 |
016f:bff82f9d 8b442418 mov eax,dword ptr [esp+18] |
| 11 |
016f:bff82fa1 894608 mov dword ptr [esi+08],eax |
17 |
016f:bff82fa1 894608 mov dword ptr [esi+08],eax |
| 12 |
016f:bff82fa4 e84ad6feff call bff705f3 = KERNEL32.DLL:.text+0x75f3 |
18 |
016f:bff82fa4 e84ad6feff call bff705f3 = KERNEL32.DLL:.text+0x75f3 |
| 13 |
016f:bff82fab 5e pop esi |
19 |
016f:bff82fab 5e pop esi |
| 14 |
016f:bff82fac c20c00 retd 000c |
20 |
016f:bff82fac c20c00 retd 000c |
| 15 |
016f:bff82faf ff742404 push dword ptr [esp+04] |
21 |
016f:bff82faf ff742404 push dword ptr [esp+04] |
| 16 |
016f:bff82fb3 e88414ffff call bff7443c = KERNEL32.DLL:.text+0xb43c |
22 |
016f:bff82fb3 e88414ffff call bff7443c = KERNEL32.DLL:.text+0xb43c |
| 17 |
016f:bff82fb8 85c0 test eax,eax |
23 |
016f:bff82fb8 85c0 test eax,eax |
| 18 |
016f:bff82fba 7406 jz bff82fc2 = KERNEL32.DLL:.text+0x19fc2 |
24 |
016f:bff82fba 7406 jz bff82fc2 = KERNEL32.DLL:.text+0x19fc2 |
| 19 |
016f:bff82fbc 50 push eax |
25 |
016f:bff82fbc 50 push eax |
| 20 |
016f:bff82fbd e8a4c5feff call bff6f566 = KERNEL32.DLL:.text+0x6566 |
26 |
016f:bff82fbd e8a4c5feff call bff6f566 = KERNEL32.DLL:.text+0x6566 |
| 21 |
016f:bff82fc2 c20400 retd 0004 |
27 |
016f:bff82fc2 c20400 retd 0004 |
| 22 |
016f:bff82fc5 55 push ebp |
28 |
016f:bff82fc5 55 push ebp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff641b5 51 push ecx |
9 |
016f:bff641b5 51 push ecx |
| 4 |
016f:bff641b6 52 push edx |
10 |
016f:bff641b6 52 push edx |
| 5 |
016f:bff641b7 681d002a00 push 002a001d |
11 |
016f:bff641b7 681d002a00 push 002a001d |
| 6 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
12 |
016f:bff641bc e813d2ffff call bff613d4 = KERNEL32.DLL!1 |
| 7 |
016f:bff641c1 59 pop ecx |
13 |
016f:bff641c1 59 pop ecx |
| 8 |
016f:bff641c2 5a pop edx |
14 |
016f:bff641c2 5a pop edx |
| 9 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
15 |
016f:bff641c3 ebe8 jmp bff641ad = KERNEL32.DLL:_FREQASM+0x31ad |
| 10 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
16 |
016f:bff641c5 8b542404 mov edx,dword ptr [esp+04] |
| 11 |
016f:bff641c9 50 push eax |
17 |
016f:bff641c9 50 push eax |
| 12 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
18 |
016f:bff641ca e804000000 call bff641d3 = KERNEL32.DLL:_FREQASM+0x31d3 |
| 13 |
016f:bff641d0 c20400 retd 0004 |
19 |
016f:bff641d0 c20400 retd 0004 |
| 14 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
20 |
016f:bff641d3 833dfcbcfbbf01 cmp dword ptr [bffbbcfc],+01 |
| 15 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
21 |
016f:bff641da 7c32 jl bff6420e = KERNEL32.DLL:_FREQASM+0x320e |
| 16 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
22 |
016f:bff641dc 3b1570b4fbbf cmp edx,dword ptr [bffbb470] |
| 17 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
23 |
016f:bff641e2 7506 jnz bff641ea = KERNEL32.DLL:_FREQASM+0x31ea |
| 18 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
24 |
016f:bff641e4 837a0401 cmp dword ptr [edx+04],+01 |
| 19 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
25 |
016f:bff641e8 7426 jz bff64210 = KERNEL32.DLL:_FREQASM+0x3210 |
| 20 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
26 |
016f:bff641ea ff4a04 dec dword ptr [edx+04] |
| 21 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
27 |
016f:bff641ed 754a jnz bff64239 = KERNEL32.DLL:_FREQASM+0x3239 |
| 22 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
28 |
016f:bff641ef c7420800000000 mov dword ptr [edx+08],00000000 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff74674 c60004 mov byte ptr [eax],04 |
9 |
016f:bff74674 c60004 mov byte ptr [eax],04 |
| 4 |
016f:bff74677 8b4508 mov eax,dword ptr [ebp+08] |
10 |
016f:bff74677 8b4508 mov eax,dword ptr [ebp+08] |
| 5 |
016f:bff7467a 89461c mov dword ptr [esi+1c],eax |
11 |
016f:bff7467a 89461c mov dword ptr [esi+1c],eax |
| 6 |
016f:bff7467d eb08 jmp bff74687 = KERNEL32.DLL:.text+0xb687 |
12 |
016f:bff7467d eb08 jmp bff74687 = KERNEL32.DLL:.text+0xb687 |
| 7 |
016f:bff7467f 56 push esi |
13 |
016f:bff7467f 56 push esi |
| 8 |
016f:bff74680 e847500000 call bff796cc = KERNEL32.DLL:.text+0x106cc |
14 |
016f:bff74680 e847500000 call bff796cc = KERNEL32.DLL:.text+0x106cc |
| 9 |
016f:bff74685 33f6 xor esi,esi |
15 |
016f:bff74685 33f6 xor esi,esi |
| 10 |
016f:bff74687 a120bdfbbf mov eax,dword ptr [bffbbd20] |
16 |
016f:bff74687 a120bdfbbf mov eax,dword ptr [bffbbd20] |
| 11 |
016f:bff7468c 50 push eax |
17 |
016f:bff7468c 50 push eax |
| 12 |
016f:bff7468d e833fbfeff call bff641c5 = KERNEL32.DLL!98 |
18 |
016f:bff7468d e833fbfeff call bff641c5 = KERNEL32.DLL!98 |
| 13 |
016f:bff74694 85f6 test esi,esi |
19 |
016f:bff74694 85f6 test esi,esi |
| 14 |
016f:bff74696 750d jnz bff746a5 = KERNEL32.DLL:.text+0xb6a5 |
20 |
016f:bff74696 750d jnz bff746a5 = KERNEL32.DLL:.text+0xb6a5 |
| 15 |
016f:bff74698 50 push eax |
21 |
016f:bff74698 50 push eax |
| 16 |
016f:bff74699 50 push eax |
22 |
016f:bff74699 50 push eax |
| 17 |
016f:bff7469a 50 push eax |
23 |
016f:bff7469a 50 push eax |
| 18 |
016f:bff7469b 68050000c0 push c0000005 |
24 |
016f:bff7469b 68050000c0 push c0000005 |
| 19 |
016f:bff746a0 e80621ffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
25 |
016f:bff746a0 e80621ffff call bff667ab = KERNEL32.DLL:_FREQASM+0x57ab |
| 20 |
016f:bff746a5 5e pop esi |
26 |
016f:bff746a5 5e pop esi |
| 21 |
016f:bff746a6 5d pop ebp |
27 |
016f:bff746a6 5d pop ebp |
| 22 |
016f:bff746a7 c20400 retd 0004 |
28 |
016f:bff746a7 c20400 retd 0004 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:004c22a1 8935e0586500 mov dword ptr [006558e0],esi |
9 |
016f:004c22a1 8935e0586500 mov dword ptr [006558e0],esi |
| 4 |
016f:004c22a7 68f0916500 push 006591f0 |
10 |
016f:004c22a7 68f0916500 push 006591f0 |
| 5 |
016f:004c22ac ffd3 call ebx |
11 |
016f:004c22ac ffd3 call ebx |
| 6 |
016f:004c22ae 6a01 push +01 |
12 |
016f:004c22ae 6a01 push +01 |
| 7 |
016f:004c22b0 6a24 push +24 |
13 |
016f:004c22b0 6a24 push +24 |
| 8 |
016f:004c22b2 ff15ac624e00 call dword ptr [004e62ac] -> MSVCRT.DLL!calloc |
14 |
016f:004c22b2 ff15ac624e00 call dword ptr [004e62ac] -> MSVCRT.DLL!calloc |
| 9 |
016f:004c22b8 83c408 add esp,+08 |
15 |
016f:004c22b8 83c408 add esp,+08 |
| 10 |
016f:004c22bb 8bf0 mov esi,eax |
16 |
016f:004c22bb 8bf0 mov esi,eax |
| 11 |
016f:004c22bd 56 push esi |
17 |
016f:004c22bd 56 push esi |
| 12 |
016f:004c22be ffd3 call ebx |
18 |
016f:004c22be ffd3 call ebx |
| 13 |
016f:004c22c2 5e pop esi |
19 |
016f:004c22c2 5e pop esi |
| 14 |
016f:004c22c3 5b pop ebx |
20 |
016f:004c22c3 5b pop ebx |
| 15 |
016f:004c22c4 81c494000000 add esp,00000094 |
21 |
016f:004c22c4 81c494000000 add esp,00000094 |
| 16 |
016f:004c22ca c3 retd |
22 |
016f:004c22ca c3 retd |
| 17 |
016f:004c22cb 90 nop |
23 |
016f:004c22cb 90 nop |
| 18 |
016f:004c22cc 90 nop |
24 |
016f:004c22cc 90 nop |
| 19 |
016f:004c22cd 90 nop |
25 |
016f:004c22cd 90 nop |
| 20 |
016f:004c22ce 90 nop |
26 |
016f:004c22ce 90 nop |
| 21 |
016f:004c22cf 90 nop |
27 |
016f:004c22cf 90 nop |
| 22 |
016f:004c22d0 56 push esi |
28 |
016f:004c22d0 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
8 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
9 |
016f:bff6bb0a e88a87ffff call bff64299 = KERNEL32.DLL:_FREQASM+0x3299 |
| 4 |
016f:bff6bb0f 5e pop esi |
10 |
016f:bff6bb0f 5e pop esi |
| 5 |
016f:bff6bb10 c20400 retd 0004 |
11 |
016f:bff6bb10 c20400 retd 0004 |
| 6 |
016f:bff6bb13 56 push esi |
12 |
016f:bff6bb13 56 push esi |
| 7 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
13 |
016f:bff6bb14 8b742408 mov esi,dword ptr [esp+08] |
| 8 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
14 |
016f:bff6bb18 8a06 mov al,byte ptr [esi] |
| 9 |
016f:bff6bb1a 3c04 cmp al,04 |
15 |
016f:bff6bb1a 3c04 cmp al,04 |
| 10 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
16 |
016f:bff6bb1c 7508 jnz bff6bb26 = KERNEL32.DLL:.text+0x2b26 |
| 11 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
17 |
016f:bff6bb1e ff7604 push dword ptr [esi+04] |
| 12 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
18 |
016f:bff6bb21 e8a087ffff call bff642c6 = KERNEL32.DLL:_FREQASM+0x32c6 |
| 13 |
016f:bff6bb27 c20400 retd 0004 |
19 |
016f:bff6bb27 c20400 retd 0004 |
| 14 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
20 |
016f:bff6bb2a 64a100000000 mov eax,dword ptr fs:[00000000] |
| 15 |
016f:bff6bb30 55 push ebp |
21 |
016f:bff6bb30 55 push ebp |
| 16 |
016f:bff6bb31 8bec mov ebp,esp |
22 |
016f:bff6bb31 8bec mov ebp,esp |
| 17 |
016f:bff6bb33 6aff push -01 |
23 |
016f:bff6bb33 6aff push -01 |
| 18 |
016f:bff6bb35 685092f6bf push bff69250 |
24 |
016f:bff6bb35 685092f6bf push bff69250 |
| 19 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
25 |
016f:bff6bb3a 68201bfbbf push bffb1b20 |
| 20 |
016f:bff6bb3f 50 push eax |
26 |
016f:bff6bb3f 50 push eax |
| 21 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
27 |
016f:bff6bb40 8b4508 mov eax,dword ptr [ebp+08] |
| 22 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
28 |
016f:bff6bb43 64892500000000 mov dword ptr fs:[00000000],esp |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
8 |
-> 04 00 00 00 74 4e 98 81 00 00 00 00 00 00 00 00 ....tN.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
9 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
| 4 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
10 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
| 5 |
016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 |
11 |
016f:7801a88d 837de000 cmp dword ptr [ebp-20],+00 |
| 6 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
12 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
| 7 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
13 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
| 8 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
14 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
| 9 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
15 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
| 10 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
16 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
| 11 |
016f:7801a8a4 6a09 push +09 |
17 |
016f:7801a8a4 6a09 push +09 |
| 12 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
18 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
| 13 |
016f:7801a8ac c3 retd |
19 |
016f:7801a8ac c3 retd |
| 14 |
016f:7801a8ad 6a09 push +09 |
20 |
016f:7801a8ad 6a09 push +09 |
| 15 |
016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock |
21 |
016f:7801a8af e8906dfeff call 78001644 = MSVCRT.DLL!_lock |
| 16 |
016f:7801a8b4 59 pop ecx |
22 |
016f:7801a8b4 59 pop ecx |
| 17 |
016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 |
23 |
016f:7801a8b5 c745fc01000000 mov dword ptr [ebp-04],00000001 |
| 18 |
016f:7801a8bc 8d45dc lea eax,[ebp-24] |
24 |
016f:7801a8bc 8d45dc lea eax,[ebp-24] |
| 19 |
016f:7801a8bf 50 push eax |
25 |
016f:7801a8bf 50 push eax |
| 20 |
016f:7801a8c0 8d45d4 lea eax,[ebp-2c] |
26 |
016f:7801a8c0 8d45d4 lea eax,[ebp-2c] |
| 21 |
016f:7801a8c3 50 push eax |
27 |
016f:7801a8c3 50 push eax |
| 22 |
016f:7801a8c4 ff7508 push dword ptr [ebp+08] |
28 |
016f:7801a8c4 ff7508 push dword ptr [ebp+08] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 |
9 |
016f:7801a86e e8f40fffff call 7800b867 = MSVCRT.DLL:.text+0xa867 |
| 4 |
016f:7801a873 59 pop ecx |
10 |
016f:7801a873 59 pop ecx |
| 5 |
016f:7801a874 8945e0 mov dword ptr [ebp-20],eax |
11 |
016f:7801a874 8945e0 mov dword ptr [ebp-20],eax |
| 6 |
016f:7801a877 85c0 test eax,eax |
12 |
016f:7801a877 85c0 test eax,eax |
| 7 |
016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c |
13 |
016f:7801a879 7421 jz 7801a89c = MSVCRT.DLL:.text+0x1989c |
| 8 |
016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] |
14 |
016f:7801a87b 8b76fc mov esi,dword ptr [esi-04] |
| 9 |
016f:7801a87e 83ee09 sub esi,+09 |
15 |
016f:7801a87e 83ee09 sub esi,+09 |
| 10 |
016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi |
16 |
016f:7801a881 8975e4 mov dword ptr [ebp-1c],esi |
| 11 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:7801a884 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
18 |
016f:7801a888 e817000000 call 7801a8a4 = MSVCRT.DLL:.text+0x198a4 |
| 13 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
19 |
016f:7801a891 0f842179feff jz 780021b8 = MSVCRT.DLL:.text+0x11b8 |
| 14 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
20 |
016f:7801a897 e92f79feff jmp 780021cb = MSVCRT.DLL:.text+0x11cb |
| 15 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
21 |
016f:7801a89c 8b75e4 mov esi,dword ptr [ebp-1c] |
| 16 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
22 |
016f:7801a89f ebe3 jmp 7801a884 = MSVCRT.DLL:.text+0x19884 |
| 17 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
23 |
016f:7801a8a1 8b75e4 mov esi,dword ptr [ebp-1c] |
| 18 |
016f:7801a8a4 6a09 push +09 |
24 |
016f:7801a8a4 6a09 push +09 |
| 19 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
25 |
016f:7801a8a6 e8f46dfeff call 7800169f = MSVCRT.DLL!_unlock |
| 20 |
016f:7801a8ab 59 pop ecx |
26 |
016f:7801a8ab 59 pop ecx |
| 21 |
016f:7801a8ac c3 retd |
27 |
016f:7801a8ac c3 retd |
| 22 |
016f:7801a8ad 6a09 push +09 |
28 |
016f:7801a8ad 6a09 push +09 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
8 |
-> 35 17 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
8 |
-> f2 00 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 10 17 10 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
8 |
-> 10 17 10 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:78001694 6a11 push +11 |
9 |
016f:78001694 6a11 push +11 |
| 4 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
10 |
016f:78001696 e804000000 call 7800169f = MSVCRT.DLL!_unlock |
| 5 |
016f:7800169b 59 pop ecx |
11 |
016f:7800169b 59 pop ecx |
| 6 |
016f:7800169c 5f pop edi |
12 |
016f:7800169c 5f pop edi |
| 7 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
13 |
016f:7800169d ebbd jmp 7800165c = MSVCRT.DLL:.text+0x65c |
| 8 |
016f:7800169f 55 push ebp |
14 |
016f:7800169f 55 push ebp |
| 9 |
016f:780016a0 8bec mov ebp,esp |
15 |
016f:780016a0 8bec mov ebp,esp |
| 10 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
16 |
016f:780016a2 8b4508 mov eax,dword ptr [ebp+08] |
| 11 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
17 |
016f:780016a5 ff348534b00378 push dword ptr [eax*4+7803b034] |
| 12 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
18 |
016f:780016ac ff1548300378 call dword ptr [78033048] -> KERNEL32.DLL!LeaveCriticalSection |
| 13 |
016f:780016b3 c3 retd |
19 |
016f:780016b3 c3 retd |
| 14 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
20 |
016f:780016b4 8b442404 mov eax,dword ptr [esp+04] |
| 15 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
21 |
016f:780016b8 832528b5037800 and dword ptr [7803b528],+00 |
| 16 |
016f:780016bf 83f8fe cmp eax,-02 |
22 |
016f:780016bf 83f8fe cmp eax,-02 |
| 17 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
23 |
016f:780016c2 0f84a8ba0000 jz 7800d170 = MSVCRT.DLL:.text+0xc170 |
| 18 |
016f:780016c8 83f8fd cmp eax,-03 |
24 |
016f:780016c8 83f8fd cmp eax,-03 |
| 19 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
25 |
016f:780016cb 7415 jz 780016e2 = MSVCRT.DLL:.text+0x6e2 |
| 20 |
016f:780016cd 83f8fc cmp eax,-04 |
26 |
016f:780016cd 83f8fc cmp eax,-04 |
| 21 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
27 |
016f:780016d0 750f jnz 780016e1 = MSVCRT.DLL:.text+0x6e1 |
| 22 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
28 |
016f:780016d2 a12cb50378 mov eax,dword ptr [7803b52c] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... |
8 |
-> 04 00 00 00 40 4e 98 81 00 00 00 00 00 00 00 00 ....@N.......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:780021cb 8bc6 mov eax,esi |
9 |
016f:780021cb 8bc6 mov eax,esi |
| 4 |
016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] |
10 |
016f:780021cd 8b4df0 mov ecx,dword ptr [ebp-10] |
| 5 |
016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx |
11 |
016f:780021d0 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 6 |
016f:780021d7 5f pop edi |
12 |
016f:780021d7 5f pop edi |
| 7 |
016f:780021d8 5e pop esi |
13 |
016f:780021d8 5e pop esi |
| 8 |
016f:780021d9 5b pop ebx |
14 |
016f:780021d9 5b pop ebx |
| 9 |
016f:780021da c9 leave |
15 |
016f:780021da c9 leave |
| 10 |
016f:780021db c3 retd |
16 |
016f:780021db c3 retd |
| 11 |
016f:780021dc 6a0d push +0d |
17 |
016f:780021dc 6a0d push +0d |
| 12 |
016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock |
18 |
016f:780021de e8bcf4ffff call 7800169f = MSVCRT.DLL!_unlock |
| 13 |
016f:780021e4 c3 retd |
19 |
016f:780021e4 c3 retd |
| 14 |
016f:780021e5 55 push ebp |
20 |
016f:780021e5 55 push ebp |
| 15 |
016f:780021e6 8bec mov ebp,esp |
21 |
016f:780021e6 8bec mov ebp,esp |
| 16 |
016f:780021e8 6aff push -01 |
22 |
016f:780021e8 6aff push -01 |
| 17 |
016f:780021ea 6808330378 push 78033308 |
23 |
016f:780021ea 6808330378 push 78033308 |
| 18 |
016f:780021ef 6811db0078 push 7800db11 |
24 |
016f:780021ef 6811db0078 push 7800db11 |
| 19 |
016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] |
25 |
016f:780021f4 64a100000000 mov eax,dword ptr fs:[00000000] |
| 20 |
016f:780021fa 50 push eax |
26 |
016f:780021fa 50 push eax |
| 21 |
016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp |
27 |
016f:780021fb 64892500000000 mov dword ptr fs:[00000000],esp |
| 22 |
016f:78002202 83ec14 sub esp,+14 |
28 |
016f:78002202 83ec14 sub esp,+14 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 |
9 |
016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 |
| 4 |
016f:7801f063 8b45e4 mov eax,dword ptr [ebp-1c] |
10 |
016f:7801f063 8b45e4 mov eax,dword ptr [ebp-1c] |
| 5 |
016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] |
11 |
016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] |
| 6 |
016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx |
12 |
016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 7 |
016f:7801f070 5f pop edi |
13 |
016f:7801f070 5f pop edi |
| 8 |
016f:7801f071 5e pop esi |
14 |
016f:7801f071 5e pop esi |
| 9 |
016f:7801f072 5b pop ebx |
15 |
016f:7801f072 5b pop ebx |
| 10 |
016f:7801f073 c9 leave |
16 |
016f:7801f073 c9 leave |
| 11 |
016f:7801f074 c3 retd |
17 |
016f:7801f074 c3 retd |
| 12 |
016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc |
18 |
016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc |
| 13 |
016f:7801f07b 56 push esi |
19 |
016f:7801f07b 56 push esi |
| 14 |
016f:7801f07c ff3504c90378 push dword ptr [7803c904] |
20 |
016f:7801f07c ff3504c90378 push dword ptr [7803c904] |
| 15 |
016f:7801f082 e8f730feff call 7800217e = MSVCRT.DLL!_msize |
21 |
016f:7801f082 e8f730feff call 7800217e = MSVCRT.DLL!_msize |
| 16 |
016f:7801f087 59 pop ecx |
22 |
016f:7801f087 59 pop ecx |
| 17 |
016f:7801f088 8bf0 mov esi,eax |
23 |
016f:7801f088 8bf0 mov esi,eax |
| 18 |
016f:7801f08a 8b0d00c90378 mov ecx,dword ptr [7803c900] |
24 |
016f:7801f08a 8b0d00c90378 mov ecx,dword ptr [7803c900] |
| 19 |
016f:7801f090 a104c90378 mov eax,dword ptr [7803c904] |
25 |
016f:7801f090 a104c90378 mov eax,dword ptr [7803c904] |
| 20 |
016f:7801f095 8bd1 mov edx,ecx |
26 |
016f:7801f095 8bd1 mov edx,ecx |
| 21 |
016f:7801f097 2bd0 sub edx,eax |
27 |
016f:7801f097 2bd0 sub edx,eax |
| 22 |
016f:7801f099 83c204 add edx,+04 |
28 |
016f:7801f099 83c204 add edx,+04 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:7801f043 56 push esi |
9 |
016f:7801f043 56 push esi |
| 4 |
016f:7801f044 57 push edi |
10 |
016f:7801f044 57 push edi |
| 5 |
016f:7801f045 e8cf30feff call 78002119 = MSVCRT.DLL:.text+0x1119 |
11 |
016f:7801f045 e8cf30feff call 78002119 = MSVCRT.DLL:.text+0x1119 |
| 6 |
016f:7801f04a 8365fc00 and dword ptr [ebp-04],+00 |
12 |
016f:7801f04a 8365fc00 and dword ptr [ebp-04],+00 |
| 7 |
016f:7801f04e ff7508 push dword ptr [ebp+08] |
13 |
016f:7801f04e ff7508 push dword ptr [ebp+08] |
| 8 |
016f:7801f051 e825000000 call 7801f07b = MSVCRT.DLL:.text+0x1e07b |
14 |
016f:7801f051 e825000000 call 7801f07b = MSVCRT.DLL:.text+0x1e07b |
| 9 |
016f:7801f056 59 pop ecx |
15 |
016f:7801f056 59 pop ecx |
| 10 |
016f:7801f057 8945e4 mov dword ptr [ebp-1c],eax |
16 |
016f:7801f057 8945e4 mov dword ptr [ebp-1c],eax |
| 11 |
016f:7801f05a 834dfcff or dword ptr [ebp-04],-01 |
17 |
016f:7801f05a 834dfcff or dword ptr [ebp-04],-01 |
| 12 |
016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 |
18 |
016f:7801f05e e812000000 call 7801f075 = MSVCRT.DLL:.text+0x1e075 |
| 13 |
016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] |
19 |
016f:7801f066 8b4df0 mov ecx,dword ptr [ebp-10] |
| 14 |
016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx |
20 |
016f:7801f069 64890d00000000 mov dword ptr fs:[00000000],ecx |
| 15 |
016f:7801f070 5f pop edi |
21 |
016f:7801f070 5f pop edi |
| 16 |
016f:7801f071 5e pop esi |
22 |
016f:7801f071 5e pop esi |
| 17 |
016f:7801f072 5b pop ebx |
23 |
016f:7801f072 5b pop ebx |
| 18 |
016f:7801f073 c9 leave |
24 |
016f:7801f073 c9 leave |
| 19 |
016f:7801f074 c3 retd |
25 |
016f:7801f074 c3 retd |
| 20 |
016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc |
26 |
016f:7801f075 e86231feff call 780021dc = MSVCRT.DLL:.text+0x11dc |
| 21 |
016f:7801f07a c3 retd |
27 |
016f:7801f07a c3 retd |
| 22 |
016f:7801f07b 56 push esi |
28 |
016f:7801f07b 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
| 1 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
8 |
-> 84 58 11 01 00 00 00 00 00 00 00 00 00 00 00 00 .X.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b9 08 91 11 01 e9 66 fe ff ff 90 90 90 90 90 90 ......f......... |
8 |
-> b9 08 91 11 01 e9 66 fe ff ff 90 90 90 90 90 90 ......f......... |
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:01101720 b908911101 mov ecx,01119108 |
9 |
016f:01101720 b908911101 mov ecx,01119108 |
| 4 |
016f:01101725 e966fdffff jmp 01101490 = SETUP.EXE:.text+0x490 |
10 |
016f:01101725 e966fdffff jmp 01101490 = SETUP.EXE:.text+0x490 |
| 5 |
016f:0110172a 90 nop |
11 |
016f:0110172a 90 nop |
| 6 |
016f:0110172b 90 nop |
12 |
016f:0110172b 90 nop |
| 7 |
016f:0110172c 90 nop |
13 |
016f:0110172c 90 nop |
| 8 |
016f:0110172d 90 nop |
14 |
016f:0110172d 90 nop |
| 9 |
016f:0110172e 90 nop |
15 |
016f:0110172e 90 nop |
| 10 |
016f:0110172f 90 nop |
16 |
016f:0110172f 90 nop |
| 11 |
016f:01101730 6840171001 push 01101740 |
17 |
016f:01101730 6840171001 push 01101740 |
| 12 |
016f:01101735 e892260100 call 01113dcc = SETUP.EXE:.text+0x12dcc |
18 |
016f:01101735 e892260100 call 01113dcc = SETUP.EXE:.text+0x12dcc |
| 13 |
016f:0110173b c3 retd |
19 |
016f:0110173b c3 retd |
| 14 |
016f:0110173c 90 nop |
20 |
016f:0110173c 90 nop |
| 15 |
016f:0110173d 90 nop |
21 |
016f:0110173d 90 nop |
| 16 |
016f:0110173e 90 nop |
22 |
016f:0110173e 90 nop |
| 17 |
016f:0110173f 90 nop |
23 |
016f:0110173f 90 nop |
| 18 |
016f:01101740 b908911101 mov ecx,01119108 |
24 |
016f:01101740 b908911101 mov ecx,01119108 |
| 19 |
016f:01101745 e966feffff jmp 011015b0 = SETUP.EXE:.text+0x5b0 |
25 |
016f:01101745 e966feffff jmp 011015b0 = SETUP.EXE:.text+0x5b0 |
| 20 |
016f:0110174a 90 nop |
26 |
016f:0110174a 90 nop |
| 21 |
016f:0110174b 90 nop |
27 |
016f:0110174b 90 nop |
| 22 |
016f:0110174c 90 nop |
28 |
016f:0110174c 90 nop |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> b8 58 60 11 01 e9 5b f7 ff ff cc cc cc cc cc cc .X`...[......... |
8 |
-> b8 58 60 11 01 e9 5b f7 ff ff cc cc cc cc cc cc .X`...[......... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:01107218 90 nop |
9 |
016f:01107218 90 nop |
| 4 |
016f:01107219 90 nop |
10 |
016f:01107219 90 nop |
| 5 |
016f:0110721a 90 nop |
11 |
016f:0110721a 90 nop |
| 6 |
016f:0110721b 90 nop |
12 |
016f:0110721b 90 nop |
| 7 |
016f:0110721c 90 nop |
13 |
016f:0110721c 90 nop |
| 8 |
016f:0110721d 90 nop |
14 |
016f:0110721d 90 nop |
| 9 |
016f:0110721e 90 nop |
15 |
016f:0110721e 90 nop |
| 10 |
016f:0110721f 90 nop |
16 |
016f:0110721f 90 nop |
| 11 |
016f:01107220 b908911101 mov ecx,01119108 |
17 |
016f:01107220 b908911101 mov ecx,01119108 |
| 12 |
016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 |
18 |
016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 |
| 13 |
016f:0110722c c3 retd |
19 |
016f:0110722c c3 retd |
| 14 |
016f:0110722d 90 nop |
20 |
016f:0110722d 90 nop |
| 15 |
016f:0110722e 90 nop |
21 |
016f:0110722e 90 nop |
| 16 |
016f:0110722f 90 nop |
22 |
016f:0110722f 90 nop |
| 17 |
016f:01107230 8b01 mov eax,dword ptr [ecx] |
23 |
016f:01107230 8b01 mov eax,dword ptr [ecx] |
| 18 |
016f:01107232 8b08 mov ecx,dword ptr [eax] |
24 |
016f:01107232 8b08 mov ecx,dword ptr [eax] |
| 19 |
016f:01107234 51 push ecx |
25 |
016f:01107234 51 push ecx |
| 20 |
016f:01107235 e87ac30000 call 011135b4 = SAL3.DLL!osl_releaseMutex |
26 |
016f:01107235 e87ac30000 call 011135b4 = SAL3.DLL!osl_releaseMutex |
| 21 |
016f:0110723a 59 pop ecx |
27 |
016f:0110723a 59 pop ecx |
| 22 |
016f:0110723b c3 retd |
28 |
016f:0110723b c3 retd |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:01107207 90 nop |
9 |
016f:01107207 90 nop |
| 4 |
016f:01107208 90 nop |
10 |
016f:01107208 90 nop |
| 5 |
016f:01107209 90 nop |
11 |
016f:01107209 90 nop |
| 6 |
016f:0110720a 90 nop |
12 |
016f:0110720a 90 nop |
| 7 |
016f:0110720b 90 nop |
13 |
016f:0110720b 90 nop |
| 8 |
016f:0110720c 90 nop |
14 |
016f:0110720c 90 nop |
| 9 |
016f:0110720d 90 nop |
15 |
016f:0110720d 90 nop |
| 10 |
016f:0110720e 90 nop |
16 |
016f:0110720e 90 nop |
| 11 |
016f:0110720f 90 nop |
17 |
016f:0110720f 90 nop |
| 12 |
016f:01107210 e80b000000 call 01107220 = SETUP.EXE:.text+0x6220 |
18 |
016f:01107210 e80b000000 call 01107220 = SETUP.EXE:.text+0x6220 |
| 13 |
016f:01107218 90 nop |
19 |
016f:01107218 90 nop |
| 14 |
016f:01107219 90 nop |
20 |
016f:01107219 90 nop |
| 15 |
016f:0110721a 90 nop |
21 |
016f:0110721a 90 nop |
| 16 |
016f:0110721b 90 nop |
22 |
016f:0110721b 90 nop |
| 17 |
016f:0110721c 90 nop |
23 |
016f:0110721c 90 nop |
| 18 |
016f:0110721d 90 nop |
24 |
016f:0110721d 90 nop |
| 19 |
016f:0110721e 90 nop |
25 |
016f:0110721e 90 nop |
| 20 |
016f:0110721f 90 nop |
26 |
016f:0110721f 90 nop |
| 21 |
016f:01107220 b908911101 mov ecx,01119108 |
27 |
016f:01107220 b908911101 mov ecx,01119108 |
| 22 |
016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 |
28 |
016f:01107225 e826a5ffff call 01101750 = SETUP.EXE:.text+0x750 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:01113f8e ebf5 jmp 01113f85 = SETUP.EXE:.text+0x12f85 |
9 |
016f:01113f8e ebf5 jmp 01113f85 = SETUP.EXE:.text+0x12f85 |
| 4 |
016f:01113f90 6a0a push +0a |
10 |
016f:01113f90 6a0a push +0a |
| 5 |
016f:01113f92 58 pop eax |
11 |
016f:01113f92 58 pop eax |
| 6 |
016f:01113f93 50 push eax |
12 |
016f:01113f93 50 push eax |
| 7 |
016f:01113f94 56 push esi |
13 |
016f:01113f94 56 push esi |
| 8 |
016f:01113f95 53 push ebx |
14 |
016f:01113f95 53 push ebx |
| 9 |
016f:01113f96 53 push ebx |
15 |
016f:01113f96 53 push ebx |
| 10 |
016f:01113f97 ff1504501101 call dword ptr [01115004] -> KERNEL32.DLL!GetModuleHandleA |
16 |
016f:01113f97 ff1504501101 call dword ptr [01115004] -> KERNEL32.DLL!GetModuleHandleA |
| 11 |
016f:01113f9d 50 push eax |
17 |
016f:01113f9d 50 push eax |
| 12 |
016f:01113f9e e86d32ffff call 01107210 = SETUP.EXE:.text+0x6210 |
18 |
016f:01113f9e e86d32ffff call 01107210 = SETUP.EXE:.text+0x6210 |
| 13 |
016f:01113fa6 50 push eax |
19 |
016f:01113fa6 50 push eax |
| 14 |
016f:01113fa7 ff1540501101 call dword ptr [01115040] -> MSVCRT.DLL!exit |
20 |
016f:01113fa7 ff1540501101 call dword ptr [01115040] -> MSVCRT.DLL!exit |
| 15 |
016f:01113fad 8b45ec mov eax,dword ptr [ebp-14] |
21 |
016f:01113fad 8b45ec mov eax,dword ptr [ebp-14] |
| 16 |
016f:01113fb0 8b08 mov ecx,dword ptr [eax] |
22 |
016f:01113fb0 8b08 mov ecx,dword ptr [eax] |
| 17 |
016f:01113fb2 8b09 mov ecx,dword ptr [ecx] |
23 |
016f:01113fb2 8b09 mov ecx,dword ptr [ecx] |
| 18 |
016f:01113fb4 894d88 mov dword ptr [ebp-78],ecx |
24 |
016f:01113fb4 894d88 mov dword ptr [ebp-78],ecx |
| 19 |
016f:01113fb7 50 push eax |
25 |
016f:01113fb7 50 push eax |
| 20 |
016f:01113fb8 51 push ecx |
26 |
016f:01113fb8 51 push ecx |
| 21 |
016f:01113fb9 e822000000 call 01113fe0 = MSVCRT.DLL!_XcptFilter |
27 |
016f:01113fb9 e822000000 call 01113fe0 = MSVCRT.DLL!_XcptFilter |
| 22 |
016f:01113fbe 59 pop ecx |
28 |
016f:01113fbe 59 pop ecx |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
8 |
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> ff 25 64 50 11 01 ff 25 68 50 11 01 ff 25 04 50 .%dP...%hP...%.P |
8 |
-> ff 25 64 50 11 01 ff 25 68 50 11 01 ff 25 04 50 .%dP...%hP...%.P |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff ad 3f 11 01 c1 3f 11 01 00 00 00 00 .....?...?...... |
8 |
-> ff ff ff ff ad 3f 11 01 c1 3f 11 01 00 00 00 00 .....?...?...... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff7b9c0 7413 jz bff7b9d5 = KERNEL32.DLL:.text+0x129d5 |
9 |
016f:bff7b9c0 7413 jz bff7b9d5 = KERNEL32.DLL:.text+0x129d5 |
| 4 |
016f:bff7b9c2 6a00 push +00 |
10 |
016f:bff7b9c2 6a00 push +00 |
| 5 |
016f:bff7b9c4 56 push esi |
11 |
016f:bff7b9c4 56 push esi |
| 6 |
016f:bff7b9c5 e83d56ffff call bff71007 = KERNEL32.DLL:.text+0x8007 |
12 |
016f:bff7b9c5 e83d56ffff call bff71007 = KERNEL32.DLL:.text+0x8007 |
| 7 |
016f:bff7b9ca 50 push eax |
13 |
016f:bff7b9ca 50 push eax |
| 8 |
016f:bff7b9cb 6800050000 push 00000500 |
14 |
016f:bff7b9cb 6800050000 push 00000500 |
| 9 |
016f:bff7b9d0 e8d75cffff call bff716ac = KERNEL32.DLL:.text+0x86ac |
15 |
016f:bff7b9d0 e8d75cffff call bff716ac = KERNEL32.DLL:.text+0x86ac |
| 10 |
016f:bff7b9d5 c745fc00000000 mov dword ptr [ebp-04],00000000 |
16 |
016f:bff7b9d5 c745fc00000000 mov dword ptr [ebp-04],00000000 |
| 11 |
016f:bff7b9dc 8b45d4 mov eax,dword ptr [ebp-2c] |
17 |
016f:bff7b9dc 8b45d4 mov eax,dword ptr [ebp-2c] |
| 12 |
016f:bff7b9df e80d89feff call bff642f1 = KERNEL32.DLL:_FREQASM+0x32f1 |
18 |
016f:bff7b9df e80d89feff call bff642f1 = KERNEL32.DLL:_FREQASM+0x32f1 |
| 13 |
016f:bff7b9e7 eb1a jmp bff7ba03 = KERNEL32.DLL:.text+0x12a03 |
19 |
016f:bff7b9e7 eb1a jmp bff7ba03 = KERNEL32.DLL:.text+0x12a03 |
| 14 |
016f:bff7b9e9 ff75ec push dword ptr [ebp-14] |
20 |
016f:bff7b9e9 ff75ec push dword ptr [ebp-14] |
| 15 |
016f:bff7b9ec e88f270100 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter |
21 |
016f:bff7b9ec e88f270100 call bff8e180 = KERNEL32.DLL!UnhandledExceptionFilter |
| 16 |
016f:bff7b9f1 c3 retd |
22 |
016f:bff7b9f1 c3 retd |
| 17 |
016f:bff7b9f2 8b65e8 mov esp,dword ptr [ebp-18] |
23 |
016f:bff7b9f2 8b65e8 mov esp,dword ptr [ebp-18] |
| 18 |
016f:bff7b9f5 8b45e0 mov eax,dword ptr [ebp-20] |
24 |
016f:bff7b9f5 8b45e0 mov eax,dword ptr [ebp-20] |
| 19 |
016f:bff7b9f8 80480308 or byte ptr [eax+03],08 |
25 |
016f:bff7b9f8 80480308 or byte ptr [eax+03],08 |
| 20 |
016f:bff7b9fc 6aff push -01 |
26 |
016f:bff7b9fc 6aff push -01 |
| 21 |
016f:bff7b9fe e8511c0000 call bff7d654 = KERNEL32.DLL:.text+0x14654 |
27 |
016f:bff7b9fe e8511c0000 call bff7d654 = KERNEL32.DLL:.text+0x14654 |
| 22 |
016f:bff7ba03 c745fcffffffff mov dword ptr [ebp-04],ffffffff |
28 |
016f:bff7ba03 c745fcffffffff mov dword ptr [ebp-04],ffffffff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:01113e59 3d00100000 cmp eax,00001000 |
9 |
016f:01113e59 3d00100000 cmp eax,00001000 |
| 4 |
016f:01113e5e 73ec jnc 01113e4c = SETUP.EXE:.text+0x12e4c |
10 |
016f:01113e5e 73ec jnc 01113e4c = SETUP.EXE:.text+0x12e4c |
| 5 |
016f:01113e60 2bc8 sub ecx,eax |
11 |
016f:01113e60 2bc8 sub ecx,eax |
| 6 |
016f:01113e62 8bc4 mov eax,esp |
12 |
016f:01113e62 8bc4 mov eax,esp |
| 7 |
016f:01113e64 8501 test dword ptr [ecx],eax |
13 |
016f:01113e64 8501 test dword ptr [ecx],eax |
| 8 |
016f:01113e66 8be1 mov esp,ecx |
14 |
016f:01113e66 8be1 mov esp,ecx |
| 9 |
016f:01113e68 8b08 mov ecx,dword ptr [eax] |
15 |
016f:01113e68 8b08 mov ecx,dword ptr [eax] |
| 10 |
016f:01113e6a 8b4004 mov eax,dword ptr [eax+04] |
16 |
016f:01113e6a 8b4004 mov eax,dword ptr [eax+04] |
| 11 |
016f:01113e6d 50 push eax |
17 |
016f:01113e6d 50 push eax |
| 12 |
016f:01113e6e c3 retd |
18 |
016f:01113e6e c3 retd |
| 13 |
016f:01113e70 8bec mov ebp,esp |
19 |
016f:01113e70 8bec mov ebp,esp |
| 14 |
016f:01113e72 6aff push -01 |
20 |
016f:01113e72 6aff push -01 |
| 15 |
016f:01113e74 68a05e1101 push 01115ea0 |
21 |
016f:01113e74 68a05e1101 push 01115ea0 |
| 16 |
016f:01113e79 6826401101 push 01114026 |
22 |
016f:01113e79 6826401101 push 01114026 |
| 17 |
016f:01113e7e 64a100000000 mov eax,dword ptr fs:[00000000] |
23 |
016f:01113e7e 64a100000000 mov eax,dword ptr fs:[00000000] |
| 18 |
016f:01113e84 50 push eax |
24 |
016f:01113e84 50 push eax |
| 19 |
016f:01113e85 64892500000000 mov dword ptr fs:[00000000],esp |
25 |
016f:01113e85 64892500000000 mov dword ptr fs:[00000000],esp |
| 20 |
016f:01113e8c 83ec68 sub esp,+68 |
26 |
016f:01113e8c 83ec68 sub esp,+68 |
| 21 |
016f:01113e8f 53 push ebx |
27 |
016f:01113e8f 53 push ebx |
| 22 |
016f:01113e90 56 push esi |
28 |
016f:01113e90 56 push esi |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
9 |
016f:bff6b46a 8b00 mov eax,dword ptr [eax] |
| 4 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
10 |
016f:bff6b46c 894304 mov dword ptr [ebx+04],eax |
| 5 |
016f:bff6b46f 6800020000 push 00000200 |
11 |
016f:bff6b46f 6800020000 push 00000200 |
| 6 |
016f:bff6b474 51 push ecx |
12 |
016f:bff6b474 51 push ecx |
| 7 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
13 |
016f:bff6b475 ff75fc push dword ptr [ebp-04] |
| 8 |
016f:bff6b478 56 push esi |
14 |
016f:bff6b478 56 push esi |
| 9 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
15 |
016f:bff6b479 e8f3edffff call bff6a271 = KERNEL32.DLL:.text+0x1271 |
| 10 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
16 |
016f:bff6b47e ff750c push dword ptr [ebp+0c] |
| 11 |
016f:bff6b481 56 push esi |
17 |
016f:bff6b481 56 push esi |
| 12 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
18 |
016f:bff6b482 e8c9edffff call bff6a250 = KERNEL32.DLL:.text+0x1250 |
| 13 |
016f:bff6b48c 5f pop edi |
19 |
016f:bff6b48c 5f pop edi |
| 14 |
016f:bff6b48d 5e pop esi |
20 |
016f:bff6b48d 5e pop esi |
| 15 |
016f:bff6b48e 5b pop ebx |
21 |
016f:bff6b48e 5b pop ebx |
| 16 |
016f:bff6b48f 8be5 mov esp,ebp |
22 |
016f:bff6b48f 8be5 mov esp,ebp |
| 17 |
016f:bff6b491 5d pop ebp |
23 |
016f:bff6b491 5d pop ebp |
| 18 |
016f:bff6b492 c20c00 retd 000c |
24 |
016f:bff6b492 c20c00 retd 000c |
| 19 |
016f:bff6b495 55 push ebp |
25 |
016f:bff6b495 55 push ebp |
| 20 |
016f:bff6b496 8bec mov ebp,esp |
26 |
016f:bff6b496 8bec mov ebp,esp |
| 21 |
016f:bff6b498 83ec04 sub esp,+04 |
27 |
016f:bff6b498 83ec04 sub esp,+04 |
| 22 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
28 |
016f:bff6b49b a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
8 |
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E |
|
Line 1
Link Here
|
| 1 |
-> ff ff ff ff e9 b9 f7 bf f2 b9 f7 bf 00 00 00 00 ................ |
8 |
-> ff ff ff ff e9 b9 f7 bf f2 b9 f7 bf 00 00 00 00 ................ |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff7b877 ff7508 push dword ptr [ebp+08] |
9 |
016f:bff7b877 ff7508 push dword ptr [ebp+08] |
| 4 |
016f:bff7b87a 56 push esi |
10 |
016f:bff7b87a 56 push esi |
| 5 |
016f:bff7b87b e8dd560000 call bff80f5d = KERNEL32.DLL:.text+0x17f5d |
11 |
016f:bff7b87b e8dd560000 call bff80f5d = KERNEL32.DLL:.text+0x17f5d |
| 6 |
016f:bff7b880 ff7508 push dword ptr [ebp+08] |
12 |
016f:bff7b880 ff7508 push dword ptr [ebp+08] |
| 7 |
016f:bff7b883 33ff xor edi,edi |
13 |
016f:bff7b883 33ff xor edi,edi |
| 8 |
016f:bff7b885 57 push edi |
14 |
016f:bff7b885 57 push edi |
| 9 |
016f:bff7b886 ff7634 push dword ptr [esi+34] |
15 |
016f:bff7b886 ff7634 push dword ptr [esi+34] |
| 10 |
016f:bff7b889 e85792feff call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 |
16 |
016f:bff7b889 e85792feff call bff64ae5 = KERNEL32.DLL:_FREQASM+0x3ae5 |
| 11 |
016f:bff7b88e 897d08 mov dword ptr [ebp+08],edi |
17 |
016f:bff7b88e 897d08 mov dword ptr [ebp+08],edi |
| 12 |
016f:bff7b891 e84a000000 call bff7b8e0 = KERNEL32.DLL:.text+0x128e0 |
18 |
016f:bff7b891 e84a000000 call bff7b8e0 = KERNEL32.DLL:.text+0x128e0 |
| 13 |
016f:bff7b89b 8b00 mov eax,dword ptr [eax] |
19 |
016f:bff7b89b 8b00 mov eax,dword ptr [eax] |
| 14 |
016f:bff7b89d 83c060 add eax,+60 |
20 |
016f:bff7b89d 83c060 add eax,+60 |
| 15 |
016f:bff7b8a0 50 push eax |
21 |
016f:bff7b8a0 50 push eax |
| 16 |
016f:bff7b8a1 e81f89feff call bff641c5 = KERNEL32.DLL!98 |
22 |
016f:bff7b8a1 e81f89feff call bff641c5 = KERNEL32.DLL!98 |
| 17 |
016f:bff7b8a6 e87b23ffff call bff6dc26 = KERNEL32.DLL:.text+0x4c26 |
23 |
016f:bff7b8a6 e87b23ffff call bff6dc26 = KERNEL32.DLL:.text+0x4c26 |
| 18 |
016f:bff7b8ab 8945f0 mov dword ptr [ebp-10],eax |
24 |
016f:bff7b8ab 8945f0 mov dword ptr [ebp-10],eax |
| 19 |
016f:bff7b8ae 837df800 cmp dword ptr [ebp-08],+00 |
25 |
016f:bff7b8ae 837df800 cmp dword ptr [ebp-08],+00 |
| 20 |
016f:bff7b8b2 7408 jz bff7b8bc = KERNEL32.DLL:.text+0x128bc |
26 |
016f:bff7b8b2 7408 jz bff7b8bc = KERNEL32.DLL:.text+0x128bc |
| 21 |
016f:bff7b8b4 ff75f8 push dword ptr [ebp-08] |
27 |
016f:bff7b8b4 ff75f8 push dword ptr [ebp-08] |
| 22 |
016f:bff7b8b7 e843020000 call bff7baff = KERNEL32.DLL:.text+0x12aff |
28 |
016f:bff7b8b7 e843020000 call bff7baff = KERNEL32.DLL:.text+0x12aff |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
... |
8 |
... |
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
|
Line 1
Link Here
|
| 1 |
|
8 |
|
| 2 |
------------------- |
|
|
| 3 |
016f:bff7a22c e8bb4b0000 call bff7edec = KERNEL32.DLL:.text+0x15dec |
9 |
016f:bff7a22c e8bb4b0000 call bff7edec = KERNEL32.DLL:.text+0x15dec |
| 4 |
016f:bff7a231 56 push esi |
10 |
016f:bff7a231 56 push esi |
| 5 |
016f:bff7a232 e8ca28ffff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
11 |
016f:bff7a232 e8ca28ffff call bff6cb01 = KERNEL32.DLL:.text+0x3b01 |
| 6 |
016f:bff7a237 33c0 xor eax,eax |
12 |
016f:bff7a237 33c0 xor eax,eax |
| 7 |
016f:bff7a239 ebdf jmp bff7a21a = KERNEL32.DLL:.text+0x1121a |
13 |
016f:bff7a239 ebdf jmp bff7a21a = KERNEL32.DLL:.text+0x1121a |
| 8 |
016f:bff7a23b f644240c10 test byte ptr [esp+0c],10 |
14 |
016f:bff7a23b f644240c10 test byte ptr [esp+0c],10 |
| 9 |
016f:bff7a240 7505 jnz bff7a247 = KERNEL32.DLL:.text+0x11247 |
15 |
016f:bff7a240 7505 jnz bff7a247 = KERNEL32.DLL:.text+0x11247 |
| 10 |
016f:bff7a242 e898deffff call bff780df = KERNEL32.DLL:.text+0xf0df |
16 |
016f:bff7a242 e898deffff call bff780df = KERNEL32.DLL:.text+0xf0df |
| 11 |
016f:bff7a247 ff742408 push dword ptr [esp+08] |
17 |
016f:bff7a247 ff742408 push dword ptr [esp+08] |
| 12 |
016f:bff7a24b ff542408 call dword ptr [esp+08] |
18 |
016f:bff7a24b ff542408 call dword ptr [esp+08] |
| 13 |
016f:bff7a252 56 push esi |
19 |
016f:bff7a252 56 push esi |
| 14 |
016f:bff7a253 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
20 |
016f:bff7a253 a1f4bcfbbf mov eax,dword ptr [bffbbcf4] |
| 15 |
016f:bff7a258 8b742408 mov esi,dword ptr [esp+08] |
21 |
016f:bff7a258 8b742408 mov esi,dword ptr [esp+08] |
| 16 |
016f:bff7a25c 57 push edi |
22 |
016f:bff7a25c 57 push edi |
| 17 |
016f:bff7a25d 8b38 mov edi,dword ptr [eax] |
23 |
016f:bff7a25d 8b38 mov edi,dword ptr [eax] |
| 18 |
016f:bff7a25f 8b4608 mov eax,dword ptr [esi+08] |
24 |
016f:bff7a25f 8b4608 mov eax,dword ptr [esi+08] |
| 19 |
016f:bff7a262 85c0 test eax,eax |
25 |
016f:bff7a262 85c0 test eax,eax |
| 20 |
016f:bff7a264 7413 jz bff7a279 = KERNEL32.DLL:.text+0x11279 |
26 |
016f:bff7a264 7413 jz bff7a279 = KERNEL32.DLL:.text+0x11279 |
| 21 |
016f:bff7a266 50 push eax |
27 |
016f:bff7a266 50 push eax |
| 22 |
016f:bff7a267 e85cb3feff call bff655c8 = KERNEL32.DLL:_FREQASM+0x45c8 |
28 |
016f:bff7a267 e85cb3feff call bff655c8 = KERNEL32.DLL:_FREQASM+0x45c8 |
| 23 |
------------------- |
|
|
|
Line 1
Link Here
|
| 1 |
^-¡-Ñ-%.U..Ë./d/f/|/~///À/Ó/é/ë/,0T00Æ01R11È1 2P2j22Î23A3s3¦3Ø3454t4¶4¸4Î4Ð4Ò4å45%5;5=5~5¦5ß56]6¤6ê67[7¢7¼7ì7 8T88Å8ø8*9]99Æ9: |
|
|