-
-
[旧帖] [求助]软件已经脱壳完了 不知道任何修改时间限制 0.00雪花
-
发表于: 2007-3-3 10:39 3372
-
004A59A8 /. 55 PUSH EBP
004A59A9 |. 8BEC MOV EBP,ESP
004A59AB |. B9 6C000000 MOV ECX,6C
004A59B0 |> 6A 00 /PUSH 0
004A59B2 |. 6A 00 |PUSH 0
004A59B4 |. 49 |DEC ECX
004A59B5 |.^ 75 F9 \JNZ SHORT dumped_.004A59B0
004A59B7 |. 53 PUSH EBX
004A59B8 |. 56 PUSH ESI
004A59B9 |. 57 PUSH EDI
004A59BA |. 8BD8 MOV EBX,EAX
004A59BC |. 33C0 XOR EAX,EAX
004A59BE |. 55 PUSH EBP
004A59BF |. 68 74614A00 PUSH dumped_.004A6174
004A59C4 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A59C7 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A59CA |. 8D95 E0FCFFFF LEA EDX,DWORD PTR SS:[EBP-320]
004A59D0 |. A1 78A94A00 MOV EAX,DWORD PTR DS:[4AA978]
004A59D5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004A59D7 |. E8 B043FCFF CALL dumped_.00469D8C
004A59DC |. 8B85 E0FCFFFF MOV EAX,DWORD PTR SS:[EBP-320]
004A59E2 |. 8D95 E4FCFFFF LEA EDX,DWORD PTR SS:[EBP-31C]
004A59E8 |. E8 3737F6FF CALL dumped_.00409124
004A59ED |. 8B95 E4FCFFFF MOV EDX,DWORD PTR SS:[EBP-31C]
004A59F3 |. 8D83 A8030000 LEA EAX,DWORD PTR DS:[EBX+3A8]
004A59F9 |. E8 B6E8F5FF CALL dumped_.004042B4
004A59FE |. 8D85 DCFCFFFF LEA EAX,DWORD PTR SS:[EBP-324]
004A5A04 |. B9 8C614A00 MOV ECX,dumped_.004A618C ; \language
004A5A09 |. 8B93 A8030000 MOV EDX,DWORD PTR DS:[EBX+3A8]
004A5A0F |. E8 58EBF5FF CALL dumped_.0040456C
004A5A14 |. 8B85 DCFCFFFF MOV EAX,DWORD PTR SS:[EBP-324]
004A5A1A |. E8 7534F6FF CALL dumped_.00408E94
004A5A1F |. 8BC3 MOV EAX,EBX
004A5A21 |. E8 42FBFFFF CALL dumped_.004A5568
004A5A26 |. E8 BDF9FFFF CALL <JMP.&aaproxy.UnInstallHook>
004A5A2B |. 33D2 XOR EDX,EDX
004A5A2D |. 8B83 38030000 MOV EAX,DWORD PTR DS:[EBX+338]
004A5A33 |. E8 F835F9FF CALL dumped_.00439030
004A5A38 |. E8 ABD1F5FF CALL dumped_.00402BE8
004A5A3D |. B8 10270000 MOV EAX,2710
004A5A42 |. E8 51D4F5FF CALL dumped_.00402E98
004A5A47 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004A5A4A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A5A4D |. 35 D5070000 XOR EAX,7D5
004A5A52 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004A5A55 |. 8BC3 MOV EAX,EBX
004A5A57 |. E8 4CFAFFFF CALL dumped_.004A54A8
004A5A5C |. 8D85 D8FCFFFF LEA EAX,DWORD PTR SS:[EBP-328]
004A5A62 |. 50 PUSH EAX ; /Arg1
004A5A63 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] ; |
004A5A69 |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5A6F |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],0B ; |
004A5A76 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5A7C |. 33C9 XOR ECX,ECX ; |
004A5A7E |. B8 A0614A00 MOV EAX,dumped_.004A61A0 ; |%s\default.ini
004A5A83 |. E8 243FF6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A5A88 |. 8B95 D8FCFFFF MOV EDX,DWORD PTR SS:[EBP-328]
004A5A8E |. 8D83 A0030000 LEA EAX,DWORD PTR DS:[EBX+3A0]
004A5A94 |. E8 1BE8F5FF CALL dumped_.004042B4
004A5A99 |. 8D85 CCFCFFFF LEA EAX,DWORD PTR SS:[EBP-334]
004A5A9F |. 50 PUSH EAX ; /Arg1
004A5AA0 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] ; |
004A5AA6 |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5AAC |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],0B ; |
004A5AB3 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5AB9 |. 33C9 XOR ECX,ECX ; |
004A5ABB |. B8 B8614A00 MOV EAX,dumped_.004A61B8 ; |%s\servers.ini
004A5AC0 |. E8 E73EF6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A5AC5 |. 8B95 CCFCFFFF MOV EDX,DWORD PTR SS:[EBP-334]
004A5ACB |. 8D83 A4030000 LEA EAX,DWORD PTR DS:[EBX+3A4]
004A5AD1 |. E8 DEE7F5FF CALL dumped_.004042B4
004A5AD6 |. 8D85 C8FCFFFF LEA EAX,DWORD PTR SS:[EBP-338]
004A5ADC |. B9 D0614A00 MOV ECX,dumped_.004A61D0 ; \logo.jpg
004A5AE1 |. 8B93 A8030000 MOV EDX,DWORD PTR DS:[EBX+3A8]
004A5AE7 |. E8 80EAF5FF CALL dumped_.0040456C
004A5AEC |. 8B95 C8FCFFFF MOV EDX,DWORD PTR SS:[EBP-338]
004A5AF2 |. 8B83 34030000 MOV EAX,DWORD PTR DS:[EBX+334]
004A5AF8 |. 8B80 68010000 MOV EAX,DWORD PTR DS:[EAX+168]
004A5AFE |. E8 1128F8FF CALL dumped_.00428314
004A5B03 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B09 |. E8 12ECF5FF CALL dumped_.00404720
004A5B0E |. 50 PUSH EAX ; /IniFileName
004A5B0F |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5B14 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5B1A |. 50 PUSH EAX ; |ReturnBuffer
004A5B1B |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5B20 |. 68 E0614A00 PUSH dumped_.004A61E0 ; |newsurl
004A5B25 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5B2A |. E8 650DF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5B2F |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B35 |. 92 XCHG EAX,EDX
004A5B36 |. E8 A9D0F5FF CALL dumped_.00402BE4
004A5B3B |. 8D83 AC030000 LEA EAX,DWORD PTR DS:[EBX+3AC]
004A5B41 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B47 |. E8 78E9F5FF CALL dumped_.004044C4
004A5B4C |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B52 |. E8 C9EBF5FF CALL dumped_.00404720
004A5B57 |. 50 PUSH EAX ; /IniFileName
004A5B58 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5B5D |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5B63 |. 50 PUSH EAX ; |ReturnBuffer
004A5B64 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5B69 |. 68 F0614A00 PUSH dumped_.004A61F0 ; |websiteurl
004A5B6E |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5B73 |. E8 1C0DF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5B78 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B7E |. 92 XCHG EAX,EDX
004A5B7F |. E8 60D0F5FF CALL dumped_.00402BE4
004A5B84 |. 8D83 B0030000 LEA EAX,DWORD PTR DS:[EBX+3B0]
004A5B8A |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B90 |. E8 2FE9F5FF CALL dumped_.004044C4
004A5B95 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B9B |. E8 80EBF5FF CALL dumped_.00404720
004A5BA0 |. 50 PUSH EAX ; /IniFileName
004A5BA1 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5BA6 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5BAC |. 50 PUSH EAX ; |ReturnBuffer
004A5BAD |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5BB2 |. 68 FC614A00 PUSH dumped_.004A61FC ; |esalesurl
004A5BB7 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5BBC |. E8 D30CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5BC1 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5BC7 |. 92 XCHG EAX,EDX
004A5BC8 |. E8 17D0F5FF CALL dumped_.00402BE4
004A5BCD |. 8D83 B4030000 LEA EAX,DWORD PTR DS:[EBX+3B4]
004A5BD3 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5BD9 |. E8 E6E8F5FF CALL dumped_.004044C4
004A5BDE |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5BE4 |. E8 37EBF5FF CALL dumped_.00404720
004A5BE9 |. 50 PUSH EAX ; /IniFileName
004A5BEA |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5BEF |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5BF5 |. 50 PUSH EAX ; |ReturnBuffer
004A5BF6 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5BFB |. 68 08624A00 PUSH dumped_.004A6208 ; |bbsurl
004A5C00 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C05 |. E8 8A0CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5C0A |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C10 |. 92 XCHG EAX,EDX
004A5C11 |. E8 CECFF5FF CALL dumped_.00402BE4
004A5C16 |. 8D83 B8030000 LEA EAX,DWORD PTR DS:[EBX+3B8]
004A5C1C |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C22 |. E8 9DE8F5FF CALL dumped_.004044C4
004A5C27 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5C2D |. E8 EEEAF5FF CALL dumped_.00404720
004A5C32 |. 50 PUSH EAX ; /IniFileName
004A5C33 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5C38 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5C3E |. 50 PUSH EAX ; |ReturnBuffer
004A5C3F |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5C44 |. 68 10624A00 PUSH dumped_.004A6210 ; |autoupdateurl
004A5C49 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C4E |. E8 410CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5C53 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C59 |. 92 XCHG EAX,EDX
004A5C5A |. E8 85CFF5FF CALL dumped_.00402BE4
004A5C5F |. 80BD E8FEFFFF>CMP BYTE PTR SS:[EBP-118],0A
004A5C66 |. 76 1E JBE SHORT dumped_.004A5C86
004A5C68 |. 8D85 C4FCFFFF LEA EAX,DWORD PTR SS:[EBP-33C]
004A5C6E |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C74 |. E8 4BE8F5FF CALL dumped_.004044C4
004A5C79 |. 8B95 C4FCFFFF MOV EDX,DWORD PTR SS:[EBP-33C]
004A5C7F |. 8BC3 MOV EAX,EBX
004A5C81 |. E8 6AF7FFFF CALL dumped_.004A53F0
004A5C86 |> 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5C8C |. E8 8FEAF5FF CALL dumped_.00404720
004A5C91 |. 50 PUSH EAX ; /IniFileName
004A5C92 |. 6A 00 PUSH 0 ; |Default = 0
004A5C94 |. 68 20624A00 PUSH dumped_.004A6220 ; |vs
004A5C99 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C9E |. E8 E90BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5CA3 |. 8BF0 MOV ESI,EAX
004A5CA5 |. 68 2C624A00 PUSH dumped_.004A622C ; oem eborder
004A5CAA |. 8BC6 MOV EAX,ESI
004A5CAC |. B9 E8030000 MOV ECX,3E8
004A5CB1 |. 99 CDQ
004A5CB2 |. F7F9 IDIV ECX
004A5CB4 |. 8D95 BCFCFFFF LEA EDX,DWORD PTR SS:[EBP-344]
004A5CBA |. E8 992CF6FF CALL dumped_.00408958
004A5CBF |. FFB5 BCFCFFFF PUSH DWORD PTR SS:[EBP-344]
004A5CC5 |. 68 44624A00 PUSH dumped_.004A6244 ; .
004A5CCA |. 8BC6 MOV EAX,ESI
004A5CCC |. B9 E8030000 MOV ECX,3E8
004A5CD1 |. 99 CDQ
004A5CD2 |. F7F9 IDIV ECX
004A5CD4 |. 8BC2 MOV EAX,EDX
004A5CD6 |. 8D95 B8FCFFFF LEA EDX,DWORD PTR SS:[EBP-348]
004A5CDC |. E8 772CF6FF CALL dumped_.00408958
004A5CE1 |. FFB5 B8FCFFFF PUSH DWORD PTR SS:[EBP-348]
004A5CE7 |. 8D85 C0FCFFFF LEA EAX,DWORD PTR SS:[EBP-340]
004A5CED |. BA 04000000 MOV EDX,4
004A5CF2 |. E8 E9E8F5FF CALL dumped_.004045E0
004A5CF7 |. 8B95 C0FCFFFF MOV EDX,DWORD PTR SS:[EBP-340]
004A5CFD |. 8BC3 MOV EAX,EBX
004A5CFF |. E8 E441FAFF CALL dumped_.00449EE8
004A5D04 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D0A |. E8 11EAF5FF CALL dumped_.00404720
004A5D0F |. 50 PUSH EAX ; /IniFileName
004A5D10 |. 6A 00 PUSH 0 ; |Default = 0
004A5D12 |. 68 48624A00 PUSH dumped_.004A6248 ; |idcid
004A5D17 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D1C |. E8 6B0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D21 |. 8BF0 MOV ESI,EAX
004A5D23 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D29 |. E8 F2E9F5FF CALL dumped_.00404720
004A5D2E |. 50 PUSH EAX ; /IniFileName
004A5D2F |. 6A 00 PUSH 0 ; |Default = 0
004A5D31 |. 68 50624A00 PUSH dumped_.004A6250 ; |serverid
004A5D36 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D3B |. E8 4C0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D40 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D46 |. E8 D5E9F5FF CALL dumped_.00404720
004A5D4B |. 50 PUSH EAX ; /IniFileName
004A5D4C |. 6A 00 PUSH 0 ; |Default = 0
004A5D4E |. 68 5C624A00 PUSH dumped_.004A625C ; |serverport
004A5D53 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D58 |. E8 2F0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D5D |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004A5D60 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5D66 |. E8 B5E9F5FF CALL dumped_.00404720
004A5D6B |. 50 PUSH EAX ; /IniFileName
004A5D6C |. 6A 00 PUSH 0 ; |Default = 0
004A5D6E |. 68 68624A00 PUSH dumped_.004A6268 ; |portcount
004A5D73 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D78 |. E8 0F0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D7D |. 8BF8 MOV EDI,EAX
004A5D7F |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5D85 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5D87 |. FF92 D8000000 CALL DWORD PTR DS:[EDX+D8]
004A5D8D |. 85FF TEST EDI,EDI
004A5D8F |. 0F8E A0000000 JLE dumped_.004A5E35
004A5D95 |. 897D E8 MOV DWORD PTR SS:[EBP-18],EDI
004A5D98 |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
004A5D9F |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
004A5DA2 |. 50 |PUSH EAX ; /Arg1
004A5DA3 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004A5DA6 |. 8985 D0FCFFFF |MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5DAC |. C685 D4FCFFFF>|MOV BYTE PTR SS:[EBP-32C],0 ; |
004A5DB3 |. 8D95 D0FCFFFF |LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5DB9 |. 33C9 |XOR ECX,ECX ; |
004A5DBB |. B8 7C624A00 |MOV EAX,dumped_.004A627C ; |port%d
004A5DC0 |. E8 E73BF6FF |CALL dumped_.004099AC ; \dumped_.004099AC
004A5DC5 |. 8B83 A4030000 |MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5DCB |. E8 50E9F5FF |CALL dumped_.00404720
004A5DD0 |. 50 |PUSH EAX
004A5DD1 |. 68 00010000 |PUSH 100
004A5DD6 |. 8D85 E9FEFFFF |LEA EAX,DWORD PTR SS:[EBP-117]
004A5DDC |. 50 |PUSH EAX
004A5DDD |. 68 DC614A00 |PUSH dumped_.004A61DC
004A5DE2 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
004A5DE5 |. E8 36E9F5FF |CALL dumped_.00404720
004A5DEA |. 50 |PUSH EAX ; |Key
004A5DEB |. 68 E8614A00 |PUSH dumped_.004A61E8 ; |main
004A5DF0 |. E8 9F0AF6FF |CALL <JMP.&kernel32.GetPrivateProfileSt>; \GetPrivateProfileStringA
004A5DF5 |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5DFB |. 92 |XCHG EAX,EDX
004A5DFC |. E8 E3CDF5FF |CALL dumped_.00402BE4
004A5E01 |. 8D85 B4FCFFFF |LEA EAX,DWORD PTR SS:[EBP-34C]
004A5E07 |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5E0D |. E8 B2E6F5FF |CALL dumped_.004044C4
004A5E12 |. 8B95 B4FCFFFF |MOV EDX,DWORD PTR SS:[EBP-34C]
004A5E18 |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5E1E |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5E24 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5E26 |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
004A5E29 |. FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5E2C |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A5E2F |.^ 0F85 6AFFFFFF \JNZ dumped_.004A5D9F
004A5E35 |> 33D2 XOR EDX,EDX
004A5E37 |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5E3D |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5E3F |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5E45 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5E4B |. E8 D0E8F5FF CALL dumped_.00404720
004A5E50 |. 50 PUSH EAX ; /IniFileName
004A5E51 |. 6A 00 PUSH 0 ; |Default = 0
004A5E53 |. 68 84624A00 PUSH dumped_.004A6284 ; |idccount
004A5E58 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5E5D |. E8 2A0AF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5E62 |. 8BF8 MOV EDI,EAX
004A5E64 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5E6A |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5E6C |. FF92 D8000000 CALL DWORD PTR DS:[EDX+D8]
004A5E72 |. 4F DEC EDI
004A5E73 |. 85FF TEST EDI,EDI
004A5E75 |. 0F8E A0000000 JLE dumped_.004A5F1B
004A5E7B |. 897D E8 MOV DWORD PTR SS:[EBP-18],EDI
004A5E7E |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
004A5E85 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
004A5E88 |. 50 |PUSH EAX ; /Arg1
004A5E89 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004A5E8C |. 8985 D0FCFFFF |MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5E92 |. C685 D4FCFFFF>|MOV BYTE PTR SS:[EBP-32C],0 ; |
004A5E99 |. 8D95 D0FCFFFF |LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5E9F |. 33C9 |XOR ECX,ECX ; |
004A5EA1 |. B8 98624A00 |MOV EAX,dumped_.004A6298 ; |idc%d
004A5EA6 |. E8 013BF6FF |CALL dumped_.004099AC ; \dumped_.004099AC
004A5EAB |. 8B83 A4030000 |MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5EB1 |. E8 6AE8F5FF |CALL dumped_.00404720
004A5EB6 |. 50 |PUSH EAX
004A5EB7 |. 68 00010000 |PUSH 100
004A5EBC |. 8D85 E9FEFFFF |LEA EAX,DWORD PTR SS:[EBP-117]
004A5EC2 |. 50 |PUSH EAX
004A5EC3 |. 68 DC614A00 |PUSH dumped_.004A61DC
004A5EC8 |. 68 A0624A00 |PUSH dumped_.004A62A0 ; desc
004A5ECD |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
004A5ED0 |. E8 4BE8F5FF |CALL dumped_.00404720
004A5ED5 |. 50 |PUSH EAX ; |Section
004A5ED6 |. E8 B909F6FF |CALL <JMP.&kernel32.GetPrivateProfileSt>; \GetPrivateProfileStringA
004A5EDB |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5EE1 |. 92 |XCHG EAX,EDX
004A5EE2 |. E8 FDCCF5FF |CALL dumped_.00402BE4
004A5EE7 |. 8D85 B0FCFFFF |LEA EAX,DWORD PTR SS:[EBP-350]
004A5EED |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5EF3 |. E8 CCE5F5FF |CALL dumped_.004044C4
004A5EF8 |. 8B95 B0FCFFFF |MOV EDX,DWORD PTR SS:[EBP-350]
004A5EFE |. 8B83 8C030000 |MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F04 |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5F0A |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5F0C |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
004A5F0F |. FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5F12 |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A5F15 |.^ 0F85 6AFFFFFF \JNZ dumped_.004A5E85
004A5F1B |> 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F21 |. 8B80 3C020000 MOV EAX,DWORD PTR DS:[EAX+23C]
004A5F27 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5F29 |. FF52 14 CALL DWORD PTR DS:[EDX+14]
004A5F2C |. 3BF0 CMP ESI,EAX
004A5F2E |. 7F 04 JG SHORT dumped_.004A5F34
004A5F30 |. 85F6 TEST ESI,ESI
004A5F32 |. 7F 12 JG SHORT dumped_.004A5F46
004A5F34 |> 33D2 XOR EDX,EDX
004A5F36 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F3C |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5F3E |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5F44 |. EB 11 JMP SHORT dumped_.004A5F57
004A5F46 |> 8BD6 MOV EDX,ESI
004A5F48 |. 4A DEC EDX
004A5F49 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F4F |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5F51 |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5F57 |> 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5F5D |. E8 BEE7F5FF CALL dumped_.00404720
004A5F62 |. 50 PUSH EAX
004A5F63 |. 68 00010000 PUSH 100
004A5F68 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117]
004A5F6E |. 50 PUSH EAX
004A5F6F |. 68 DC614A00 PUSH dumped_.004A61DC
004A5F74 |. 68 A8624A00 PUSH dumped_.004A62A8 ; serverlist
004A5F79 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004A5F7C |. E8 9FE7F5FF CALL dumped_.00404720
004A5F81 |. 50 PUSH EAX ; |Section
004A5F82 |. E8 0D09F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5F87 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5F8D |. 92 XCHG EAX,EDX
004A5F8E |. E8 51CCF5FF CALL dumped_.00402BE4
004A5F93 |. 33D2 XOR EDX,EDX
004A5F95 |. 8BC3 MOV EAX,EBX
004A5F97 |. E8 28150000 CALL dumped_.004A74C4
004A5F9C |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FA2 |. 8B80 3C020000 MOV EAX,DWORD PTR DS:[EAX+23C]
004A5FA8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5FAA |. FF52 14 CALL DWORD PTR DS:[EDX+14]
004A5FAD |. 48 DEC EAX
004A5FAE |. 85C0 TEST EAX,EAX
004A5FB0 |. 7C 50 JL SHORT dumped_.004A6002
004A5FB2 |. 40 INC EAX
004A5FB3 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004A5FB6 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004A5FBD |> 8D8D ACFCFFFF /LEA ECX,DWORD PTR SS:[EBP-354]
004A5FC3 |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FC9 |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5FCF |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004A5FD2 |. 8B30 |MOV ESI,DWORD PTR DS:[EAX]
004A5FD4 |. FF56 0C |CALL DWORD PTR DS:[ESI+C]
004A5FD7 |. 8B85 ACFCFFFF |MOV EAX,DWORD PTR SS:[EBP-354]
004A5FDD |. E8 B22AF6FF |CALL dumped_.00408A94
004A5FE2 |. 3B45 F0 |CMP EAX,DWORD PTR SS:[EBP-10]
004A5FE5 |. 75 13 |JNZ SHORT dumped_.004A5FFA
004A5FE7 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004A5FEA |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FF0 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5FF2 |. FF91 D0000000 |CALL DWORD PTR DS:[ECX+D0]
004A5FF8 |. EB 08 |JMP SHORT dumped_.004A6002
004A5FFA |> FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5FFD |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A6000 |.^ 75 BB \JNZ SHORT dumped_.004A5FBD
004A6002 |> 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A6008 |. E8 13E7F5FF CALL dumped_.00404720
004A600D |. 50 PUSH EAX ; /IniFileName
004A600E |. 6A 00 PUSH 0 ; |Default = 0
004A6010 |. 68 B4624A00 PUSH dumped_.004A62B4 ; |targetcount
004A6015 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A601A |. E8 6D08F6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A601F |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6025 |. E8 F6E6F5FF CALL dumped_.00404720
004A602A |. 50 PUSH EAX ; /IniFileName
004A602B |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A6030 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A6036 |. 50 PUSH EAX ; |ReturnBuffer
004A6037 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A603C |. 68 C0624A00 PUSH dumped_.004A62C0 ; |username
004A6041 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A6046 |. E8 4908F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A604B |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A6051 |. 92 XCHG EAX,EDX
004A6052 |. E8 8DCBF5FF CALL dumped_.00402BE4
004A6057 |. 8D85 A8FCFFFF LEA EAX,DWORD PTR SS:[EBP-358]
004A605D |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A6063 |. E8 5CE4F5FF CALL dumped_.004044C4
004A6068 |. 8B95 A8FCFFFF MOV EDX,DWORD PTR SS:[EBP-358]
004A606E |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A6074 |. E8 6F3EFAFF CALL dumped_.00449EE8
004A6079 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A607F |. E8 9CE6F5FF CALL dumped_.00404720
004A6084 |. 50 PUSH EAX ; /IniFileName
004A6085 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A608A |. 8D85 E8FCFFFF LEA EAX,DWORD PTR SS:[EBP-318] ; |
004A6090 |. 50 PUSH EAX ; |ReturnBuffer
004A6091 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A6096 |. 68 CC624A00 PUSH dumped_.004A62CC ; |password
004A609B |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A60A0 |. E8 EF07F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A60A5 |. 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
004A60AB |. 8D8D E8FCFFFF LEA ECX,DWORD PTR SS:[EBP-318]
004A60B1 |. 91 XCHG EAX,ECX
004A60B2 |. E8 CDC5FCFF CALL dumped_.00472684
004A60B7 |. C68405 E8FDFF>MOV BYTE PTR SS:[EBP+EAX-218],0
004A60BF |. 8D85 A4FCFFFF LEA EAX,DWORD PTR SS:[EBP-35C]
004A60C5 |. 50 PUSH EAX ; /Arg1
004A60C6 |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218] ; |
004A60CC |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A60D2 |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],6 ; |
004A60D9 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A60DF |. 33C9 XOR ECX,ECX ; |
004A60E1 |. B8 E0624A00 MOV EAX,dumped_.004A62E0 ; |%s
004A60E6 |. E8 C138F6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A60EB |. 8B95 A4FCFFFF MOV EDX,DWORD PTR SS:[EBP-35C]
004A60F1 |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
004A60F7 |. B9 FF000000 MOV ECX,0FF
004A60FC |. E8 FBE3F5FF CALL dumped_.004044FC
004A6101 |. 8D85 A0FCFFFF LEA EAX,DWORD PTR SS:[EBP-360]
004A6107 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A610D |. E8 B2E3F5FF CALL dumped_.004044C4
004A6112 |. 8B95 A0FCFFFF MOV EDX,DWORD PTR SS:[EBP-360]
004A6118 |. 8B83 24030000 MOV EAX,DWORD PTR DS:[EBX+324]
004A611E |. E8 C53DFAFF CALL dumped_.00449EE8
004A6123 |. 8BC3 MOV EAX,EBX
004A6125 |. E8 9E0C0000 CALL dumped_.004A6DC8
004A612A |. 8BC3 MOV EAX,EBX
004A612C |. E8 17100000 CALL dumped_.004A7148
004A6131 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004A6134 |. 50 PUSH EAX
004A6135 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A6138 |. 50 PUSH EAX
004A6139 |. E8 A2F2FFFF CALL <JMP.&aaproxy.InstallHook>
004A613E |. 33C0 XOR EAX,EAX
004A6140 |. 5A POP EDX
004A6141 |. 59 POP ECX
004A6142 |. 59 POP ECX
004A6143 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A6146 |. 68 7B614A00 PUSH dumped_.004A617B
004A614B |> 8D85 A0FCFFFF LEA EAX,DWORD PTR SS:[EBP-360]
004A6151 |. BA 0C000000 MOV EDX,0C
004A6156 |. E8 29E1F5FF CALL dumped_.00404284
004A615B |. 8D85 D8FCFFFF LEA EAX,DWORD PTR SS:[EBP-328]
004A6161 |. BA 04000000 MOV EDX,4
004A6166 |. E8 19E1F5FF CALL dumped_.00404284
004A616B |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004A616E |. E8 EDE0F5FF CALL dumped_.00404260
004A6173 \. C3 RETN
004A6174 .^ E9 67DAF5FF JMP dumped_.00403BE0
004A6179 .^ EB D0 JMP SHORT dumped_.004A614B
004A617B . 5F POP EDI
004A617C . 5E POP ESI
004A617D . 5B POP EBX
004A617E . 8BE5 MOV ESP,EBP
004A6180 . 5D POP EBP
004A6181 . C3 RETN
004A6182 00 DB 00
004A6183 00 DB 00
004A6184 . FFFFFFFF DD FFFFFFFF
004A6188 . 09000000 DD 00000009
004A618C . 5C 6C 61 6E 6>ASCII "\language",0
004A6196 00 DB 00
004A6197 00 DB 00
004A6198 . FFFFFFFF DD FFFFFFFF
004A619C . 0E000000 DD 0000000E
004A61A0 . 25 73 5C 64 6>ASCII "%s\default.ini",0
004A61AF 00 DB 00
004A61B0 . FFFFFFFF DD FFFFFFFF
004A61B4 . 0E000000 DD 0000000E
004A61B8 . 25 73 5C 73 6>ASCII "%s\servers.ini",0
004A61C7 00 DB 00
004A61C8 . FFFFFFFF DD FFFFFFFF
004A61CC . 09000000 DD 00000009
004A61D0 . 5C 6C 6F 67 6>ASCII "\logo.jpg",0
004A61DA 00 DB 00
004A61DB 00 DB 00
004A61DC 00 DB 00
004A61DD 00 DB 00
004A61DE 00 DB 00
004A61DF 00 DB 00
004A61E0 . 4E 65 77 73 5>ASCII "NewsURL",0
004A61E8 . 6D 61 69 6E 0>ASCII "main",0
004A61ED 00 DB 00
004A61EE 00 DB 00
004A61EF 00 DB 00
004A61F0 . 57 65 62 73 6>ASCII "WebsiteURL",0
004A61FB 00 DB 00
004A61FC . 45 73 61 6C 6>ASCII "EsalesURL",0
004A6206 00 DB 00
004A6207 00 DB 00
004A6208 . 42 42 53 55 5>ASCII "BBSURL",0
004A620F 00 DB 00
004A6210 . 41 75 74 6F 5>ASCII "AutoUpdateURL",0
004A621E 00 DB 00
004A621F 00 DB 00
004A6220 . 56 53 00 ASCII "VS",0
004A6223 00 DB 00
004A6224 . FFFFFFFF DD FFFFFFFF
004A6228 . 0C000000 DD 0000000C
004A622C . 4F 45 4D 20 6>ASCII "OEM eborder ",0
004A6239 00 DB 00
004A623A 00 DB 00
004A623B 00 DB 00
004A623C . FFFFFFFF DD FFFFFFFF
004A6240 . 01000000 DD 00000001
004A6244 . 2E 00 ASCII ".",0
004A6246 00 DB 00
004A6247 00 DB 00
004A6248 . 49 44 43 49 4>ASCII "IDCID",0
004A624E 00 DB 00
004A624F 00 DB 00
004A6250 . 53 65 72 76 6>ASCII "ServerID",0
004A6259 00 DB 00
004A625A 00 DB 00
004A625B 00 DB 00
004A625C . 53 65 72 76 6>ASCII "ServerPort",0
004A6267 00 DB 00
004A6268 . 50 6F 72 74 4>ASCII "PortCount",0
004A6272 00 DB 00
004A6273 00 DB 00
004A6274 . FFFFFFFF DD FFFFFFFF
004A6278 . 06000000 DD 00000006
004A627C . 50 6F 72 74 2>ASCII "Port%d",0
004A6283 00 DB 00
004A6284 . 49 44 43 43 6>ASCII "IDCCount",0
004A628D 00 DB 00
004A628E 00 DB 00
004A628F 00 DB 00
004A6290 . FFFFFFFF DD FFFFFFFF
004A6294 . 05000000 DD 00000005
004A6298 . 49 44 43 25 6>ASCII "IDC%d",0
004A629E 00 DB 00
004A629F 00 DB 00
004A62A0 . 44 65 73 63 0>ASCII "Desc",0
004A62A5 00 DB 00
004A62A6 00 DB 00
004A62A7 00 DB 00
004A62A8 . 53 65 72 76 6>ASCII "ServerList",0
004A62B3 00 DB 00
004A62B4 . 54 61 72 67 6>ASCII "TargetCount",0
004A62C0 . 55 73 65 72 4>ASCII "UserName",0
004A62C9 00 DB 00
004A62CA 00 DB 00
004A62CB 00 DB 00
004A62CC . 50 61 73 73 5>ASCII "PassWord",0
004A62D5 00 DB 00
004A62D6 00 DB 00
004A62D7 00 DB 00
004A62D8 . FFFFFFFF DD FFFFFFFF
004A62DC . 02000000 DD 00000002
004A62E0 . 25 73 00 ASCII "%s",0
004A62E3 00 DB 00
004A62E4 /$ 55 PUSH EBP
004A62E5 |. 8BEC MOV EBP,ESP
004A62E7 |. 81C4 F8FEFFFF ADD ESP,-108
004A62ED |. 53 PUSH EBX
004A62EE |. 33C9 XOR ECX,ECX
004A62F0 |. 898D F8FEFFFF MOV DWORD PTR SS:[EBP-108],ECX
004A62F6 |. 898D FCFEFFFF MOV DWORD PTR SS:[EBP-104],ECX
004A62FC |. 8BD8 MOV EBX,EAX
004A62FE |. 33C0 XOR EAX,EAX
004A6300 |. 55 PUSH EBP
004A6301 |. 68 E3634A00 PUSH dumped_.004A63E3
004A6306 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A6309 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A630C |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6312 |. E8 09E4F5FF CALL dumped_.00404720
004A6317 |. 50 PUSH EAX
004A6318 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004A631E |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A6320 |. FF92 CC000000 CALL DWORD PTR DS:[EDX+CC]
004A6326 |. 40 INC EAX
004A6327 |. 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
004A632D |. E8 2626F6FF CALL dumped_.00408958
004A6332 |. 8B85 FCFEFFFF MOV EAX,DWORD PTR SS:[EBP-104]
004A6338 |. E8 E3E3F5FF CALL dumped_.00404720
004A633D |. 50 PUSH EAX ; |String
004A633E |. 68 F0634A00 PUSH dumped_.004A63F0 ; |serverid
004A6343 |. 68 FC634A00 PUSH dumped_.004A63FC ; |main
004A6348 |. E8 9F06F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A634D |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A6353 |. E8 C8E3F5FF CALL dumped_.00404720
004A6358 |. 50 PUSH EAX
004A6359 |. 68 00010000 PUSH 100
004A635E |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF]
004A6364 |. 50 PUSH EAX
004A6365 |. 68 04644A00 PUSH dumped_.004A6404
004A636A |. 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]
004A6370 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004A6376 |. E8 3D3BFAFF CALL dumped_.00449EB8
004A637B |. 8B85 F8FEFFFF MOV EAX,DWORD PTR SS:[EBP-108]
004A6381 |. E8 9AE3F5FF CALL dumped_.00404720
004A6386 |. 50 PUSH EAX ; |Key
004A6387 |. 68 08644A00 PUSH dumped_.004A6408 ; |main
004A638C |. E8 0305F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A6391 |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A6397 |. 92 XCHG EAX,EDX
004A6398 |. E8 47C8F5FF CALL dumped_.00402BE4
004A639D |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A63A3 |. E8 78E3F5FF CALL dumped_.00404720
004A63A8 |. 50 PUSH EAX ; /FileName
004A63A9 |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF] ; |
004A63AF |. 50 PUSH EAX ; |String
004A63B0 |. 68 10644A00 PUSH dumped_.004A6410 ; |serverip
004A63B5 |. 68 FC634A00 PUSH dumped_.004A63FC ; |main
004A63BA |. E8 2D06F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A63BF |. 33C0 XOR EAX,EAX
004A63C1 |. 5A POP EDX
004A63C2 |. 59 POP ECX
004A63C3 |. 59 POP ECX
004A63C4 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A63C7 |. 68 EA634A00 PUSH dumped_.004A63EA
004A63CC |> 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
004A63D2 |. E8 89DEF5FF CALL dumped_.00404260
004A63D7 |. 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
004A63DD |. E8 7EDEF5FF CALL dumped_.00404260
004A63E2 \. C3 RETN
004A63E3 .^ E9 F8D7F5FF JMP dumped_.00403BE0
004A63E8 .^ EB E2 JMP SHORT dumped_.004A63CC
004A63EA . 5B POP EBX
004A63EB . 8BE5 MOV ESP,EBP
004A63ED . 5D POP EBP
004A63EE . C3 RETN
004A63EF 00 DB 00
004A63F0 . 53 65 72 76 6>ASCII "ServerID",0
004A63F9 00 DB 00
004A63FA 00 DB 00
004A63FB 00 DB 00
004A63FC . 6D 61 69 6E 0>ASCII "main",0
004A6401 00 DB 00
004A6402 00 DB 00
004A6403 00 DB 00
004A6404 00 DB 00
004A6405 00 DB 00
004A6406 00 DB 00
004A6407 00 DB 00
004A6408 . 4D 61 69 6E 0>ASCII "Main",0
004A640D 00 DB 00
004A640E 00 DB 00
004A640F 00 DB 00
004A6410 . 53 65 72 76 6>ASCII "ServerIP",0
004A6419 00 DB 00
004A641A 00 DB 00
004A641B 00 DB 00
004A641C /. 55 PUSH EBP
004A641D |. 8BEC MOV EBP,ESP
004A641F |. 6A 00 PUSH 0
004A6421 |. 53 PUSH EBX
004A6422 |. 8BD8 MOV EBX,EAX
004A6424 |. 33C0 XOR EAX,EAX
004A6426 |. 55 PUSH EBP
004A6427 |. 68 7A644A00 PUSH dumped_.004A647A
004A642C |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A642F |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A6432 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6438 |. E8 E3E2F5FF CALL dumped_.00404720
004A643D |. 50 PUSH EAX
004A643E |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004A6441 |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A6447 |. E8 6C3AFAFF CALL dumped_.00449EB8
004A644C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A644F |. E8 CCE2F5FF CALL dumped_.00404720
004A6454 |. 50 PUSH EAX ; |String
004A6455 |. 68 88644A00 PUSH dumped_.004A6488 ; |serverport
004A645A |. 68 94644A00 PUSH dumped_.004A6494 ; |main
004A645F |. E8 8805F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A6464 |. 33C0 XOR EAX,EAX
004A6466 |. 5A POP EDX
004A6467 |. 59 POP ECX
004A6468 |. 59 POP ECX
004A6469 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A646C |. 68 81644A00 PUSH dumped_.004A6481
004A6471 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004A6474 |. E8 E7DDF5FF CALL dumped_.00404260
004A6479 \. C3 RETN
004A647A .^ E9 61D7F5FF JMP dumped_.00403BE0
004A647F .^ EB F0 JMP SHORT dumped_.004A6471
004A6481 . 5B POP EBX
004A6482 . 59 POP ECX
004A6483 . 5D POP EBP
004A6484 . C3 RETN
004A6485 00 DB 00
004A6486 00 DB 00
004A6487 00 DB 00
004A6488 . 53 65 72 76 6>ASCII "ServerPort",0
004A6493 00 DB 00
004A6494 . 6D 61 69 6E 0>ASCII "main",0
004A6499 00 DB 00
004A649A 00 DB 00
004A649B 00 DB 00
004A649C /. 55 PUSH EBP
004A649D |. 8BEC MOV EBP,ESP
004A649F |. 6A 00 PUSH 0
004A64A1 |. 53 PUSH EBX
004A64A2 |. 8BD8 MOV EBX,EAX
004A64A4 |. 33C0 XOR EAX,EAX
004A64A6 |. 55 PUSH EBP
004A64A7 |. 68 FA644A00 PUSH dumped_.004A64FA
004A64AC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A64AF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A64B2 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A64B8 |. E8 63E2F5FF CALL dumped_.00404720
004A64BD |. 50 PUSH EAX
004A64BE |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004A64C1 |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A64C7 |. E8 EC39FAFF CALL dumped_.00449EB8
004A64CC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A64CF |. E8 4CE2F5FF CALL dumped_.00404720
004A64D4 |. 50 PUSH EAX ; |String
004A64D5 |. 68 08654A00 PUSH dumped_.004A6508 ; |username
004A64DA |. 68 14654A00 PUSH dumped_.004A6514 ; |main
004A64DF |. E8 0805F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A64E4 |. 33C0 XOR EAX,EAX
004A64E6 |. 5A POP EDX
004A64E7 |. 59 POP ECX
004A64E8 |. 59 POP ECX
004A64E9 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A64EC |. 68 01654A00 PUSH dumped_.004A6501
004A64F1 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004A64F4 |. E8 67DDF5FF CALL dumped_.00404260
004A64F9 \. C3 RETN
004A64FA .^ E9 E1D6F5FF JMP dumped_.00403BE0
004A64FF .^ EB F0 JMP SHORT dumped_.004A64F1
004A6501 . 5B POP EBX
004A6502 . 59 POP ECX
004A6503 . 5D POP EBP
004A6504 . C3 RETN
004A6505 00 DB 00
004A6506 00 DB 00
004A6507 00 DB 00
004A6508 . 55 73 65 72 4>ASCII "UserName",0
004A6511 00 DB 00
004A6512 00 DB 00
004A6513 00 DB 00
004A6514 . 6D 61 69 6E 0>ASCII "main",0
004A6519 00 DB 00
004A651A 00 DB 00
004A651B 00 DB 00
004A651C /. 55 PUSH EBP
004A651D |. 8BEC MOV EBP,ESP
004A651F |. 81C4 FCFCFFFF ADD ESP,-304
004A6525 |. 53 PUSH EBX
004A6526 |. 56 PUSH ESI
004A6527 |. 33C9 XOR ECX,ECX
004A6529 |. 898D FCFCFFFF MOV DWORD PTR SS:[EBP-304],ECX
004A652F |. 8BF0 MOV ESI,EAX
004A6531 |. 33C0 XOR EAX,EAX
004A6533 |. 55 PUSH EBP
004A6534 |. 68 D9654A00 PUSH dumped_.004A65D9
004A6539 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A653C |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A653F |. 8D95 FCFCFFFF LEA EDX,DWORD PTR SS:[EBP-304]
004A6545 |. 8B86 24030000 MOV EAX,DWORD PTR DS:[ESI+324]
004A654B |. E8 6839FAFF CALL dumped_.00449EB8
004A6550 |. 8B95 FCFCFFFF MOV EDX,DWORD PTR SS:[EBP-304]
004A6556 |. 8D85 00FFFFFF LEA EAX,DWORD PTR SS:[EBP-100]
004A655C |. B9 FF000000 MOV ECX,0FF
004A6561 |. E8 96DFF5FF CALL dumped_.004044FC
004A6566 |. 33DB XOR EBX,EBX
004A6568 |. 8A9D 00FFFFFF MOV BL,BYTE PTR SS:[EBP-100]
004A656E |. 8D95 01FFFFFF LEA EDX,DWORD PTR SS:[EBP-FF]
004A6574 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
004A657A |. 8BCB MOV ECX,EBX
004A657C |. E8 070CF6FF CALL dumped_.00407188
004A6581 |. 8D95 00FDFFFF LEA EDX,DWORD PTR SS:[EBP-300]
004A6587 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
004A658D |. 8BCB MOV ECX,EBX
004A658F |. E8 9CBFFCFF CALL dumped_.00472530
004A6594 |. 8BD8 MOV EBX,EAX
004A6596 |. C6841D 00FDFF>MOV BYTE PTR SS:[EBP+EBX-300],0
004A659E |. 8B86 A0030000 MOV EAX,DWORD PTR DS:[ESI+3A0]
004A65A4 |. E8 77E1F5FF CALL dumped_.00404720
004A65A9 |. 50 PUSH EAX ; /FileName
004A65AA |. 8D85 00FDFFFF LEA EAX,DWORD PTR SS:[EBP-300] ; |
004A65B0 |. 50 PUSH EAX ; |String
004A65B1 |. 68 E8654A00 PUSH dumped_.004A65E8 ; |password
004A65B6 |. 68 F4654A00 PUSH dumped_.004A65F4 ; |main
004A65BB |. E8 2C04F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A65C0 |. 33C0 XOR EAX,EAX
004A65C2 |. 5A POP EDX
004A65C3 |. 59 POP ECX
004A65C4 |. 59 POP ECX
004A65C5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A65C8 |. 68 E0654A00 PUSH dumped_.004A65E0
004A65CD |> 8D85 FCFCFFFF LEA EAX,DWORD PTR SS:[EBP-304]
004A65D3 |. E8 88DCF5FF CALL dumped_.00404260
004A65D8 \. C3 RETN
004A65D9 .^ E9 02D6F5FF JMP dumped_.00403BE0
004A65DE .^ EB ED JMP SHORT dumped_.004A65CD
004A65E0 . 5E POP ESI
004A65E1 . 5B POP EBX
004A65E2 . 8BE5 MOV ESP,EBP
004A65E4 . 5D POP EBP
004A65E5 . C3 RETN
004A65E6 00 DB 00
004A65E7 00 DB 00
004A65E8 . 50 61 73 73 5>ASCII "PassWord",0
004A65F1 00 DB 00
004A65F2 00 DB 00
004A65F3 . 006D 61 ADD BYTE PTR SS:[EBP+61],CH
004A65F6 . 696E 00 00000>IMUL EBP,DWORD PTR DS:[ESI],53000000
004A65FD . 8BD8 MOV EBX,EAX
004A65FF . 6A 01 PUSH 1
004A6601 . 6A 00 PUSH 0
004A6603 . 6A 00 PUSH 0
004A6605 . 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
004A660B . E8 10E1F5FF CALL dumped_.00404720
004A6610 . 50 PUSH EAX
004A6611 . 6A 00 PUSH 0
004A6613 . 8BC3 MOV EAX,EBX
004A6615 . E8 BEA0FAFF CALL dumped_.004506D8
004A661A . 50 PUSH EAX ; |hWnd
004A661B . E8 2093F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6620 . 5B POP EBX
004A6621 . C3 RETN
004A6622 8BC0 MOV EAX,EAX
004A6624 . 53 PUSH EBX
004A6625 . 8BD8 MOV EBX,EAX
004A6627 . 6A 01 PUSH 1
004A6629 . 6A 00 PUSH 0
004A662B . 6A 00 PUSH 0
004A662D . 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
004A6633 . E8 E8E0F5FF CALL dumped_.00404720
004A6638 . 50 PUSH EAX
004A6639 . 6A 00 PUSH 0
004A663B . 8BC3 MOV EAX,EBX
004A663D . E8 96A0FAFF CALL dumped_.004506D8
004A6642 . 50 PUSH EAX ; |hWnd
004A6643 . E8 F892F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6648 . 5B POP EBX
004A6649 . C3 RETN
004A664A 8BC0 MOV EAX,EAX
004A664C . 53 PUSH EBX
004A664D . 8BD8 MOV EBX,EAX
004A664F . 6A 01 PUSH 1
004A6651 . 6A 00 PUSH 0
004A6653 . 6A 00 PUSH 0
004A6655 . 8B83 B8030000 MOV EAX,DWORD PTR DS:[EBX+3B8]
004A665B . E8 C0E0F5FF CALL dumped_.00404720
004A6660 . 50 PUSH EAX
004A6661 . 6A 00 PUSH 0
004A6663 . 8BC3 MOV EAX,EBX
004A6665 . E8 6EA0FAFF CALL dumped_.004506D8
004A666A . 50 PUSH EAX ; |hWnd
004A666B . E8 D092F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6670 . 5B POP EBX
004A6671 . C3 RETN
004A6672 8BC0 MOV EAX,EAX
004A6674 . 53 PUSH EBX
004A6675 . 8BD8 MOV EBX,EAX
004A6677 . 6A 01 PUSH 1
004A6679 . 6A 00 PUSH 0
004A667B . 6A 00 PUSH 0
004A667D . 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
004A6683 . E8 98E0F5FF CALL dumped_.00404720
004A6688 . 50 PUSH EAX
004A6689 . 6A 00 PUSH 0
004A668B . 8BC3 MOV EAX,EBX
004A668D . E8 46A0FAFF CALL dumped_.004506D8
004A6692 . 50 PUSH EAX ; |hWnd
004A6693 . E8 A892F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6698 . 5B POP EBX
004A6699 . C3 RETN
004A669A 8BC0 MOV EAX,EAX
004A669C . 66:BA EBFF MOV DX,0FFEB
004A66A0 . E8 1F3AFAFF CALL dumped_.0044A0C4
004A66A5 . C3 RETN
004A66A6 8BC0 MOV EAX,EAX
004A66A8 /. 55 PUSH EBP
004A66A9 |. 8BEC MOV EBP,ESP
004A66AB |. 81C4 E0FDFFFF ADD ESP,-220
004A66B1 |. 53 PUSH EBX
004A66B2 |. 56 PUSH ESI
004A66B3 |. 33C9 XOR ECX,ECX
004A66B5 |. 898D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],ECX
004A66BB |. 898D E0FDFFFF MOV DWORD PTR SS:[EBP-220],ECX
004A66C1 |. 898D E8FDFFFF MOV DWORD PTR SS:[EBP-218],ECX
004A66C7 |. 898D FCFDFFFF MOV DWORD PTR SS:[EBP-204],ECX
004A66CD |. 898D F4FDFFFF MOV DWORD PTR SS:[EBP-20C],ECX
004A66D3 |. 898D F0FDFFFF MOV DWORD PTR SS:[EBP-210],ECX
004A66D9 |. 898D ECFDFFFF MOV DWORD PTR SS:[EBP-214],ECX
004A66DF |. 898D F8FDFFFF MOV DWORD PTR SS:[EBP-208],ECX
004A66E5 |. 8BF0 MOV ESI,EAX
004A66E7 |. 33C0 XOR EAX,EAX
004A66E9 |. 55 PUSH EBP
004A66EA |. 68 3F6A4A00 PUSH dumped_.004A6A3F
004A66EF |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A66F2 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A66F5 |. 33D2 XOR EDX,EDX
004A66F7 |. 8B86 48030000 MOV EAX,DWORD PTR DS:[ESI+348]
004A66FD |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A66FF |. FF51 64 CALL DWORD PTR DS:[ECX+64]
004A6702 |. BA 546A4A00 MOV EDX,dumped_.004A6A54 ; 检测帐号是否可用,请稍侯...
004A6707 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A670D |. E8 D637FAFF CALL dumped_.00449EE8
004A6712 |. 8B86 A4030000 MOV EAX,DWORD PTR DS:[ESI+3A4]
004A6718 |. E8 03E0F5FF CALL dumped_.00404720
004A671D |. 50 PUSH EAX ; /IniFileName
004A671E |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A6723 |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF] ; |
004A6729 |. 50 PUSH EAX ; |ReturnBuffer
004A672A |. 68 706A4A00 PUSH dumped_.004A6A70 ; |Default = ""
004A672F |. 68 746A4A00 PUSH dumped_.004A6A74 ; |ip
004A6734 |. 68 786A4A00 PUSH dumped_.004A6A78 ; |target1
004A6739 |. E8 5601F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A673E |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A6744 |. 92 XCHG EAX,EDX
004A6745 |. E8 9AC4F5FF CALL dumped_.00402BE4
004A674A |. 8B86 A4030000 MOV EAX,DWORD PTR DS:[ESI+3A4]
004A6750 |. E8 CBDFF5FF CALL dumped_.00404720
004A6755 |. 50 PUSH EAX ; /IniFileName
004A6756 |. 6A 00 PUSH 0 ; |Default = 0
004A6758 |. 68 806A4A00 PUSH dumped_.004A6A80 ; |port
004A675D |. 68 786A4A00 PUSH dumped_.004A6A78 ; |target1
004A6762 |. E8 2501F6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A6767 |. 8BD8 MOV EBX,EAX
004A6769 |. 8B86 A0030000 MOV EAX,DWORD PTR DS:[ESI+3A0]
004A676F |. E8 ACDFF5FF CALL dumped_.00404720
004A6774 |. 50 PUSH EAX ; /IniFileName
004A6775 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A677A |. 8D85 01FEFFFF LEA EAX,DWORD PTR SS:[EBP-1FF] ; |
004A6780 |. 50 PUSH EAX ; |ReturnBuffer
004A6781 |. 68 706A4A00 PUSH dumped_.004A6A70 ; |Default = ""
004A6786 |. 68 886A4A00 PUSH dumped_.004A6A88 ; |serverip
004A678B |. 68 946A4A00 PUSH dumped_.004A6A94 ; |main
004A6790 |. E8 FF00F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A6795 |. 8D95 00FEFFFF LEA EDX,DWORD PTR SS:[EBP-200]
004A679B |. 92 XCHG EAX,EDX
004A679C |. E8 43C4F5FF CALL dumped_.00402BE4
004A67A1 |. 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
004A67A7 |. 8D95 00FEFFFF LEA EDX,DWORD PTR SS:[EBP-200]
004A67AD |. E8 12DDF5FF CALL dumped_.004044C4
004A67B2 |. 8B85 FCFDFFFF MOV EAX,DWORD PTR SS:[EBP-204]
004A67B8 |. 50 PUSH EAX
004A67B9 |. 8D95 F8FDFFFF LEA EDX,DWORD PTR SS:[EBP-208]
004A67BF |. 8B86 0C030000 MOV EAX,DWORD PTR DS:[ESI+30C]
004A67C5 |. E8 EE36FAFF CALL dumped_.00449EB8
004A67CA |. 8B85 F8FDFFFF MOV EAX,DWORD PTR SS:[EBP-208]
004A67D0 |. E8 BF22F6FF CALL dumped_.00408A94
004A67D5 |. 50 PUSH EAX
004A67D6 |. 8D85 F4FDFFFF LEA EAX,DWORD PTR SS:[EBP-20C]
004A67DC |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A67E2 |. E8 DDDCF5FF CALL dumped_.004044C4
004A67E7 |. 8B85 F4FDFFFF MOV EAX,DWORD PTR SS:[EBP-20C]
004A67ED |. 50 PUSH EAX
004A67EE |. 53 PUSH EBX
004A67EF |. 8D95 F0FDFFFF LEA EDX,DWORD PTR SS:[EBP-210]
004A67F5 |. 8B86 24030000 MOV EAX,DWORD PTR DS:[ESI+324]
004A67FB |. E8 B836FAFF CALL dumped_.00449EB8
004A6800 |. 8B85 F0FDFFFF MOV EAX,DWORD PTR SS:[EBP-210]
004A6806 |. 50 PUSH EAX
004A6807 |. 8D95 ECFDFFFF LEA EDX,DWORD PTR SS:[EBP-214]
004A680D |. 8B86 20030000 MOV EAX,DWORD PTR DS:[ESI+320]
004A6813 |. E8 A036FAFF CALL dumped_.00449EB8
004A6818 |. 8B95 ECFDFFFF MOV EDX,DWORD PTR SS:[EBP-214]
004A681E |. 8BC6 MOV EAX,ESI
004A6820 |. 59 POP ECX
004A6821 |. E8 F6EEFFFF CALL dumped_.004A571C
004A6826 |. 8BD8 MOV EBX,EAX
004A6828 |. 0FBEC3 MOVSX EAX,BL
004A682B |. 83C0 0D ADD EAX,0D ; Switch (cases 0..FFFFFFFF)
004A682E |. 83F8 0D CMP EAX,0D
004A6831 |. 0F87 77010000 JA dumped_.004A69AE
004A6837 |. FF2485 3E684A>JMP DWORD PTR DS:[EAX*4+4A683E]
004A683E |. 9C694A00 DD dumped_.004A699C ; 分支表 被用于 004A6837
004A6842 |. 8A694A00 DD dumped_.004A698A
004A6846 |. 78694A00 DD dumped_.004A6978
004A684A |. 66694A00 DD dumped_.004A6966
004A684E |. 54694A00 DD dumped_.004A6954
004A6852 |. 3F694A00 DD dumped_.004A693F
004A6856 |. 2A694A00 DD dumped_.004A692A
004A685A |. 15694A00 DD dumped_.004A6915
004A685E |. 00694A00 DD dumped_.004A6900
004A6862 |. EB684A00 DD dumped_.004A68EB
004A6866 |. D6684A00 DD dumped_.004A68D6
004A686A |. C1684A00 DD dumped_.004A68C1
004A686E |. 8B684A00 DD dumped_.004A688B
004A6872 |. 76684A00 DD dumped_.004A6876
004A6876 |> BA A46A4A00 MOV EDX,dumped_.004A6AA4 ; Case 0 of switch 004A682B
004A687B |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6881 |. E8 6236FAFF CALL dumped_.00449EE8
004A6886 |. E9 58010000 JMP dumped_.004A69E3
004A688B |> 68 D86A4A00 PUSH dumped_.004A6AD8 ; Case FFFFFFFF of switch 004A682B
004A6890 |. FFB6 B4030000 PUSH DWORD PTR DS:[ESI+3B4]
004A6896 |. 68 F06A4A00 PUSH dumped_.004A6AF0
004A689B |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218]
004A68A1 |. BA 03000000 MOV EDX,3
004A68A6 |. E8 35DDF5FF CALL dumped_.004045E0
004A68AB |. 8B95 E8FDFFFF MOV EDX,DWORD PTR SS:[EBP-218]
004A68B1 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68B7 |. E8 2C36FAFF CALL dumped_.00449EE8
004A68BC |. E9 22010000 JMP dumped_.004A69E3
004A68C1 |> BA 006B4A00 MOV EDX,dumped_.004A6B00 ; 帐/密错误; Case FFFFFFFE of switch 004A682B
004A68C6 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68CC |. E8 1736FAFF CALL dumped_.00449EE8
004A68D1 |. E9 0D010000 JMP dumped_.004A69E3
004A68D6 |> BA 146B4A00 MOV EDX,dumped_.004A6B14 ; sql错误; Case FFFFFFFD of switch 004A682B
004A68DB |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68E1 |. E8 0236FAFF CALL dumped_.00449EE8
004A68E6 |. E9 F8000000 JMP dumped_.004A69E3
004A68EB |> BA 246B4A00 MOV EDX,dumped_.004A6B24 ; 等级不够; Case FFFFFFFC of switch 004A682B
004A68F0 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68F6 |. E8 ED35FAFF CALL dumped_.00449EE8
004A68FB |. E9 E3000000 JMP dumped_.004A69E3
004A6900 |> BA 386B4A00 MOV EDX,dumped_.004A6B38 ; 到期; Case FFFFFFFB of switch 004A682B
004A6905 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A690B |. E8 D835FAFF CALL dumped_.00449EE8
004A6910 |. E9 CE000000 JMP dumped_.004A69E3
004A6915 |> BA 486B4A00 MOV EDX,dumped_.004A6B48 ; 冻结; Case FFFFFFFA of switch 004A682B
004A691A |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6920 |. E8 C335FAFF CALL dumped_.00449EE8
004A6925 |. E9 B9000000 JMP dumped_.004A69E3
004A692A |> BA 586B4A00 MOV EDX,dumped_.004A6B58 ; 测试号:srcip已测试过; Case FFFFFFF9 of switch 004A682B
004A692F |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6935 |. E8 AE35FAFF CALL dumped_.00449EE8
004A693A |. E9 A4000000 JMP dumped_.004A69E3
004A693F |> BA 786B4A00 MOV EDX,dumped_.004A6B78 ; 测试号:srcip段已测试过; Case FFFFFFF8 of switch 004A682B
004A6944 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A694A |. E8 9935FAFF CALL dumped_.00449EE8
004A694F |. E9 8F000000 JMP dumped_.004A69E3
004A6954 |> BA 986B4A00 MOV EDX,dumped_.004A6B98 ; 测试号:srcip同时连接过多; Case FFFFFFF7 of switch 004A682B
004A6959 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A695F |. E8 8435FAFF CALL dumped_.00449EE8
004A6964 |. EB 7D JMP SHORT dumped_.004A69E3
004A6966 |> BA BC6B4A00 MOV EDX,dumped_.004A6BBC ; 帐/密太长; Case FFFFFFF6 of switch 004A682B
004A696B |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6971 |. E8 7235FAFF CALL dumped_.00449EE8
004A6976 |. EB 6B JMP SHORT dumped_.004A69E3
004A6978 |> BA D06B4A00 MOV EDX,dumped_.004A6BD0 ; 帐/密有非法字符; Case FFFFFFF5 of switch 004A682B
004A697D |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6983 |. E8 6035FAFF CALL dumped_.00449EE8
004A6988 |. EB 59 JMP SHORT dumped_.004A69E3
004A698A |> BA E86B4A00 MOV EDX,dumped_.004A6BE8 ; 目标服务器/端口连不上; Case FFFFFFF4 of switch 004A682B
004A698F |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6995 |. E8 4E35FAFF CALL dumped_.00449EE8
004A699A |. EB 47 JMP SHORT dumped_.004A69E3
004A699C |> BA 086C4A00 MOV EDX,dumped_.004A6C08 ; 选择的服务器/端口组合有误; Case FFFFFFF3 of switch 004A682B
004A69A1 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A69A7 |. E8 3C35FAFF CALL dumped_.00449EE8
004A69AC |. EB 35 JMP SHORT dumped_.004A69E3
004A69AE |> 8D95 E0FDFFFF LEA EDX,DWORD PTR SS:[EBP-220] ; Default case of switch 004A682B
004A69B4 |. 0FBEC3 MOVSX EAX,BL
004A69B7 |. E8 9C1FF6FF CALL dumped_.00408958
004A69BC |. 8B8D E0FDFFFF MOV ECX,DWORD PTR SS:[EBP-220]
004A69C2 |. 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
004A69C8 |. BA 2C6C4A00 MOV EDX,dumped_.004A6C2C ; 未知错误
004A69CD |. E8 9ADBF5FF CALL dumped_.0040456C
004A69D2 |. 8B95 E4FDFFFF MOV EDX,DWORD PTR SS:[EBP-21C]
004A69D8 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A69DE |. E8 0535FAFF CALL dumped_.00449EE8
004A69E3 |> B2 01 MOV DL,1
004A69E5 |. 8B86 48030000 MOV EAX,DWORD PTR DS:[ESI+348]
004A69EB |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A69ED |. FF51 64 CALL DWORD PTR DS:[ECX+64]
004A69F0 |. 33C0 XOR EAX,EAX
004A69F2 |. 5A POP EDX
004A69F3 |. 59 POP ECX
004A69F4 |. 59 POP ECX
004A69F5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A69F8 |. 68 466A4A00 PUSH dumped_.004A6A46
004A69FD |> 8D85 E0FDFFFF LEA EAX,DWORD PTR SS:[EBP-220]
004A6A03 |. BA 03000000 MOV EDX,3
004A6A08 |. E8 77D8F5FF CALL dumped_.00404284
004A6A0D |. 8D85 ECFDFFFF LEA EAX,DWORD PTR SS:[EBP-214]
004A6A13 |. BA 02000000 MOV EDX,2
004A6A18 |. E8 67D8F5FF CALL dumped_.00404284
004A6A1D |. 8D85 F4FDFFFF LEA EAX,DWORD PTR SS:[EBP-20C]
004A6A23 |. E8 38D8F5FF CALL dumped_.00404260
004A6A28 |. 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208]
004A6A2E |. E8 2DD8F5FF CALL dumped_.00404260
004A6A33 |. 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
004A6A39 |. E8 22D8F5FF CALL dumped_.00404260
004A6A3E \. C3 RETN
004A6A3F .^ E9 9CD1F5FF JMP dumped_.00403BE0
004A6A44 .^ EB B7 JMP SHORT dumped_.004A69FD
004A6A46 . 5E POP ESI
004A6A47 . 5B POP EBX
004A6A48 . 8BE5 MOV ESP,EBP
004A6A4A . 5D POP EBP
004A6A4B . C3 RETN
找不到正确跳转的地址
004A59A9 |. 8BEC MOV EBP,ESP
004A59AB |. B9 6C000000 MOV ECX,6C
004A59B0 |> 6A 00 /PUSH 0
004A59B2 |. 6A 00 |PUSH 0
004A59B4 |. 49 |DEC ECX
004A59B5 |.^ 75 F9 \JNZ SHORT dumped_.004A59B0
004A59B7 |. 53 PUSH EBX
004A59B8 |. 56 PUSH ESI
004A59B9 |. 57 PUSH EDI
004A59BA |. 8BD8 MOV EBX,EAX
004A59BC |. 33C0 XOR EAX,EAX
004A59BE |. 55 PUSH EBP
004A59BF |. 68 74614A00 PUSH dumped_.004A6174
004A59C4 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A59C7 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A59CA |. 8D95 E0FCFFFF LEA EDX,DWORD PTR SS:[EBP-320]
004A59D0 |. A1 78A94A00 MOV EAX,DWORD PTR DS:[4AA978]
004A59D5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
004A59D7 |. E8 B043FCFF CALL dumped_.00469D8C
004A59DC |. 8B85 E0FCFFFF MOV EAX,DWORD PTR SS:[EBP-320]
004A59E2 |. 8D95 E4FCFFFF LEA EDX,DWORD PTR SS:[EBP-31C]
004A59E8 |. E8 3737F6FF CALL dumped_.00409124
004A59ED |. 8B95 E4FCFFFF MOV EDX,DWORD PTR SS:[EBP-31C]
004A59F3 |. 8D83 A8030000 LEA EAX,DWORD PTR DS:[EBX+3A8]
004A59F9 |. E8 B6E8F5FF CALL dumped_.004042B4
004A59FE |. 8D85 DCFCFFFF LEA EAX,DWORD PTR SS:[EBP-324]
004A5A04 |. B9 8C614A00 MOV ECX,dumped_.004A618C ; \language
004A5A09 |. 8B93 A8030000 MOV EDX,DWORD PTR DS:[EBX+3A8]
004A5A0F |. E8 58EBF5FF CALL dumped_.0040456C
004A5A14 |. 8B85 DCFCFFFF MOV EAX,DWORD PTR SS:[EBP-324]
004A5A1A |. E8 7534F6FF CALL dumped_.00408E94
004A5A1F |. 8BC3 MOV EAX,EBX
004A5A21 |. E8 42FBFFFF CALL dumped_.004A5568
004A5A26 |. E8 BDF9FFFF CALL <JMP.&aaproxy.UnInstallHook>
004A5A2B |. 33D2 XOR EDX,EDX
004A5A2D |. 8B83 38030000 MOV EAX,DWORD PTR DS:[EBX+338]
004A5A33 |. E8 F835F9FF CALL dumped_.00439030
004A5A38 |. E8 ABD1F5FF CALL dumped_.00402BE8
004A5A3D |. B8 10270000 MOV EAX,2710
004A5A42 |. E8 51D4F5FF CALL dumped_.00402E98
004A5A47 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004A5A4A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A5A4D |. 35 D5070000 XOR EAX,7D5
004A5A52 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004A5A55 |. 8BC3 MOV EAX,EBX
004A5A57 |. E8 4CFAFFFF CALL dumped_.004A54A8
004A5A5C |. 8D85 D8FCFFFF LEA EAX,DWORD PTR SS:[EBP-328]
004A5A62 |. 50 PUSH EAX ; /Arg1
004A5A63 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] ; |
004A5A69 |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5A6F |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],0B ; |
004A5A76 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5A7C |. 33C9 XOR ECX,ECX ; |
004A5A7E |. B8 A0614A00 MOV EAX,dumped_.004A61A0 ; |%s\default.ini
004A5A83 |. E8 243FF6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A5A88 |. 8B95 D8FCFFFF MOV EDX,DWORD PTR SS:[EBP-328]
004A5A8E |. 8D83 A0030000 LEA EAX,DWORD PTR DS:[EBX+3A0]
004A5A94 |. E8 1BE8F5FF CALL dumped_.004042B4
004A5A99 |. 8D85 CCFCFFFF LEA EAX,DWORD PTR SS:[EBP-334]
004A5A9F |. 50 PUSH EAX ; /Arg1
004A5AA0 |. 8B83 A8030000 MOV EAX,DWORD PTR DS:[EBX+3A8] ; |
004A5AA6 |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5AAC |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],0B ; |
004A5AB3 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5AB9 |. 33C9 XOR ECX,ECX ; |
004A5ABB |. B8 B8614A00 MOV EAX,dumped_.004A61B8 ; |%s\servers.ini
004A5AC0 |. E8 E73EF6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A5AC5 |. 8B95 CCFCFFFF MOV EDX,DWORD PTR SS:[EBP-334]
004A5ACB |. 8D83 A4030000 LEA EAX,DWORD PTR DS:[EBX+3A4]
004A5AD1 |. E8 DEE7F5FF CALL dumped_.004042B4
004A5AD6 |. 8D85 C8FCFFFF LEA EAX,DWORD PTR SS:[EBP-338]
004A5ADC |. B9 D0614A00 MOV ECX,dumped_.004A61D0 ; \logo.jpg
004A5AE1 |. 8B93 A8030000 MOV EDX,DWORD PTR DS:[EBX+3A8]
004A5AE7 |. E8 80EAF5FF CALL dumped_.0040456C
004A5AEC |. 8B95 C8FCFFFF MOV EDX,DWORD PTR SS:[EBP-338]
004A5AF2 |. 8B83 34030000 MOV EAX,DWORD PTR DS:[EBX+334]
004A5AF8 |. 8B80 68010000 MOV EAX,DWORD PTR DS:[EAX+168]
004A5AFE |. E8 1128F8FF CALL dumped_.00428314
004A5B03 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B09 |. E8 12ECF5FF CALL dumped_.00404720
004A5B0E |. 50 PUSH EAX ; /IniFileName
004A5B0F |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5B14 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5B1A |. 50 PUSH EAX ; |ReturnBuffer
004A5B1B |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5B20 |. 68 E0614A00 PUSH dumped_.004A61E0 ; |newsurl
004A5B25 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5B2A |. E8 650DF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5B2F |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B35 |. 92 XCHG EAX,EDX
004A5B36 |. E8 A9D0F5FF CALL dumped_.00402BE4
004A5B3B |. 8D83 AC030000 LEA EAX,DWORD PTR DS:[EBX+3AC]
004A5B41 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B47 |. E8 78E9F5FF CALL dumped_.004044C4
004A5B4C |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B52 |. E8 C9EBF5FF CALL dumped_.00404720
004A5B57 |. 50 PUSH EAX ; /IniFileName
004A5B58 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5B5D |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5B63 |. 50 PUSH EAX ; |ReturnBuffer
004A5B64 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5B69 |. 68 F0614A00 PUSH dumped_.004A61F0 ; |websiteurl
004A5B6E |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5B73 |. E8 1C0DF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5B78 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B7E |. 92 XCHG EAX,EDX
004A5B7F |. E8 60D0F5FF CALL dumped_.00402BE4
004A5B84 |. 8D83 B0030000 LEA EAX,DWORD PTR DS:[EBX+3B0]
004A5B8A |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5B90 |. E8 2FE9F5FF CALL dumped_.004044C4
004A5B95 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5B9B |. E8 80EBF5FF CALL dumped_.00404720
004A5BA0 |. 50 PUSH EAX ; /IniFileName
004A5BA1 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5BA6 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5BAC |. 50 PUSH EAX ; |ReturnBuffer
004A5BAD |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5BB2 |. 68 FC614A00 PUSH dumped_.004A61FC ; |esalesurl
004A5BB7 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5BBC |. E8 D30CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5BC1 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5BC7 |. 92 XCHG EAX,EDX
004A5BC8 |. E8 17D0F5FF CALL dumped_.00402BE4
004A5BCD |. 8D83 B4030000 LEA EAX,DWORD PTR DS:[EBX+3B4]
004A5BD3 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5BD9 |. E8 E6E8F5FF CALL dumped_.004044C4
004A5BDE |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5BE4 |. E8 37EBF5FF CALL dumped_.00404720
004A5BE9 |. 50 PUSH EAX ; /IniFileName
004A5BEA |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5BEF |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5BF5 |. 50 PUSH EAX ; |ReturnBuffer
004A5BF6 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5BFB |. 68 08624A00 PUSH dumped_.004A6208 ; |bbsurl
004A5C00 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C05 |. E8 8A0CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5C0A |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C10 |. 92 XCHG EAX,EDX
004A5C11 |. E8 CECFF5FF CALL dumped_.00402BE4
004A5C16 |. 8D83 B8030000 LEA EAX,DWORD PTR DS:[EBX+3B8]
004A5C1C |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C22 |. E8 9DE8F5FF CALL dumped_.004044C4
004A5C27 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5C2D |. E8 EEEAF5FF CALL dumped_.00404720
004A5C32 |. 50 PUSH EAX ; /IniFileName
004A5C33 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A5C38 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A5C3E |. 50 PUSH EAX ; |ReturnBuffer
004A5C3F |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A5C44 |. 68 10624A00 PUSH dumped_.004A6210 ; |autoupdateurl
004A5C49 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C4E |. E8 410CF6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5C53 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C59 |. 92 XCHG EAX,EDX
004A5C5A |. E8 85CFF5FF CALL dumped_.00402BE4
004A5C5F |. 80BD E8FEFFFF>CMP BYTE PTR SS:[EBP-118],0A
004A5C66 |. 76 1E JBE SHORT dumped_.004A5C86
004A5C68 |. 8D85 C4FCFFFF LEA EAX,DWORD PTR SS:[EBP-33C]
004A5C6E |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5C74 |. E8 4BE8F5FF CALL dumped_.004044C4
004A5C79 |. 8B95 C4FCFFFF MOV EDX,DWORD PTR SS:[EBP-33C]
004A5C7F |. 8BC3 MOV EAX,EBX
004A5C81 |. E8 6AF7FFFF CALL dumped_.004A53F0
004A5C86 |> 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5C8C |. E8 8FEAF5FF CALL dumped_.00404720
004A5C91 |. 50 PUSH EAX ; /IniFileName
004A5C92 |. 6A 00 PUSH 0 ; |Default = 0
004A5C94 |. 68 20624A00 PUSH dumped_.004A6220 ; |vs
004A5C99 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5C9E |. E8 E90BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5CA3 |. 8BF0 MOV ESI,EAX
004A5CA5 |. 68 2C624A00 PUSH dumped_.004A622C ; oem eborder
004A5CAA |. 8BC6 MOV EAX,ESI
004A5CAC |. B9 E8030000 MOV ECX,3E8
004A5CB1 |. 99 CDQ
004A5CB2 |. F7F9 IDIV ECX
004A5CB4 |. 8D95 BCFCFFFF LEA EDX,DWORD PTR SS:[EBP-344]
004A5CBA |. E8 992CF6FF CALL dumped_.00408958
004A5CBF |. FFB5 BCFCFFFF PUSH DWORD PTR SS:[EBP-344]
004A5CC5 |. 68 44624A00 PUSH dumped_.004A6244 ; .
004A5CCA |. 8BC6 MOV EAX,ESI
004A5CCC |. B9 E8030000 MOV ECX,3E8
004A5CD1 |. 99 CDQ
004A5CD2 |. F7F9 IDIV ECX
004A5CD4 |. 8BC2 MOV EAX,EDX
004A5CD6 |. 8D95 B8FCFFFF LEA EDX,DWORD PTR SS:[EBP-348]
004A5CDC |. E8 772CF6FF CALL dumped_.00408958
004A5CE1 |. FFB5 B8FCFFFF PUSH DWORD PTR SS:[EBP-348]
004A5CE7 |. 8D85 C0FCFFFF LEA EAX,DWORD PTR SS:[EBP-340]
004A5CED |. BA 04000000 MOV EDX,4
004A5CF2 |. E8 E9E8F5FF CALL dumped_.004045E0
004A5CF7 |. 8B95 C0FCFFFF MOV EDX,DWORD PTR SS:[EBP-340]
004A5CFD |. 8BC3 MOV EAX,EBX
004A5CFF |. E8 E441FAFF CALL dumped_.00449EE8
004A5D04 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D0A |. E8 11EAF5FF CALL dumped_.00404720
004A5D0F |. 50 PUSH EAX ; /IniFileName
004A5D10 |. 6A 00 PUSH 0 ; |Default = 0
004A5D12 |. 68 48624A00 PUSH dumped_.004A6248 ; |idcid
004A5D17 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D1C |. E8 6B0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D21 |. 8BF0 MOV ESI,EAX
004A5D23 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D29 |. E8 F2E9F5FF CALL dumped_.00404720
004A5D2E |. 50 PUSH EAX ; /IniFileName
004A5D2F |. 6A 00 PUSH 0 ; |Default = 0
004A5D31 |. 68 50624A00 PUSH dumped_.004A6250 ; |serverid
004A5D36 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D3B |. E8 4C0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D40 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A5D46 |. E8 D5E9F5FF CALL dumped_.00404720
004A5D4B |. 50 PUSH EAX ; /IniFileName
004A5D4C |. 6A 00 PUSH 0 ; |Default = 0
004A5D4E |. 68 5C624A00 PUSH dumped_.004A625C ; |serverport
004A5D53 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D58 |. E8 2F0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D5D |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004A5D60 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5D66 |. E8 B5E9F5FF CALL dumped_.00404720
004A5D6B |. 50 PUSH EAX ; /IniFileName
004A5D6C |. 6A 00 PUSH 0 ; |Default = 0
004A5D6E |. 68 68624A00 PUSH dumped_.004A6268 ; |portcount
004A5D73 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5D78 |. E8 0F0BF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5D7D |. 8BF8 MOV EDI,EAX
004A5D7F |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5D85 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5D87 |. FF92 D8000000 CALL DWORD PTR DS:[EDX+D8]
004A5D8D |. 85FF TEST EDI,EDI
004A5D8F |. 0F8E A0000000 JLE dumped_.004A5E35
004A5D95 |. 897D E8 MOV DWORD PTR SS:[EBP-18],EDI
004A5D98 |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
004A5D9F |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
004A5DA2 |. 50 |PUSH EAX ; /Arg1
004A5DA3 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004A5DA6 |. 8985 D0FCFFFF |MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5DAC |. C685 D4FCFFFF>|MOV BYTE PTR SS:[EBP-32C],0 ; |
004A5DB3 |. 8D95 D0FCFFFF |LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5DB9 |. 33C9 |XOR ECX,ECX ; |
004A5DBB |. B8 7C624A00 |MOV EAX,dumped_.004A627C ; |port%d
004A5DC0 |. E8 E73BF6FF |CALL dumped_.004099AC ; \dumped_.004099AC
004A5DC5 |. 8B83 A4030000 |MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5DCB |. E8 50E9F5FF |CALL dumped_.00404720
004A5DD0 |. 50 |PUSH EAX
004A5DD1 |. 68 00010000 |PUSH 100
004A5DD6 |. 8D85 E9FEFFFF |LEA EAX,DWORD PTR SS:[EBP-117]
004A5DDC |. 50 |PUSH EAX
004A5DDD |. 68 DC614A00 |PUSH dumped_.004A61DC
004A5DE2 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
004A5DE5 |. E8 36E9F5FF |CALL dumped_.00404720
004A5DEA |. 50 |PUSH EAX ; |Key
004A5DEB |. 68 E8614A00 |PUSH dumped_.004A61E8 ; |main
004A5DF0 |. E8 9F0AF6FF |CALL <JMP.&kernel32.GetPrivateProfileSt>; \GetPrivateProfileStringA
004A5DF5 |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5DFB |. 92 |XCHG EAX,EDX
004A5DFC |. E8 E3CDF5FF |CALL dumped_.00402BE4
004A5E01 |. 8D85 B4FCFFFF |LEA EAX,DWORD PTR SS:[EBP-34C]
004A5E07 |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5E0D |. E8 B2E6F5FF |CALL dumped_.004044C4
004A5E12 |. 8B95 B4FCFFFF |MOV EDX,DWORD PTR SS:[EBP-34C]
004A5E18 |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5E1E |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5E24 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5E26 |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
004A5E29 |. FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5E2C |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A5E2F |.^ 0F85 6AFFFFFF \JNZ dumped_.004A5D9F
004A5E35 |> 33D2 XOR EDX,EDX
004A5E37 |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5E3D |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5E3F |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5E45 |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5E4B |. E8 D0E8F5FF CALL dumped_.00404720
004A5E50 |. 50 PUSH EAX ; /IniFileName
004A5E51 |. 6A 00 PUSH 0 ; |Default = 0
004A5E53 |. 68 84624A00 PUSH dumped_.004A6284 ; |idccount
004A5E58 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A5E5D |. E8 2A0AF6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A5E62 |. 8BF8 MOV EDI,EAX
004A5E64 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5E6A |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5E6C |. FF92 D8000000 CALL DWORD PTR DS:[EDX+D8]
004A5E72 |. 4F DEC EDI
004A5E73 |. 85FF TEST EDI,EDI
004A5E75 |. 0F8E A0000000 JLE dumped_.004A5F1B
004A5E7B |. 897D E8 MOV DWORD PTR SS:[EBP-18],EDI
004A5E7E |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
004A5E85 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
004A5E88 |. 50 |PUSH EAX ; /Arg1
004A5E89 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004A5E8C |. 8985 D0FCFFFF |MOV DWORD PTR SS:[EBP-330],EAX ; |
004A5E92 |. C685 D4FCFFFF>|MOV BYTE PTR SS:[EBP-32C],0 ; |
004A5E99 |. 8D95 D0FCFFFF |LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A5E9F |. 33C9 |XOR ECX,ECX ; |
004A5EA1 |. B8 98624A00 |MOV EAX,dumped_.004A6298 ; |idc%d
004A5EA6 |. E8 013BF6FF |CALL dumped_.004099AC ; \dumped_.004099AC
004A5EAB |. 8B83 A4030000 |MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5EB1 |. E8 6AE8F5FF |CALL dumped_.00404720
004A5EB6 |. 50 |PUSH EAX
004A5EB7 |. 68 00010000 |PUSH 100
004A5EBC |. 8D85 E9FEFFFF |LEA EAX,DWORD PTR SS:[EBP-117]
004A5EC2 |. 50 |PUSH EAX
004A5EC3 |. 68 DC614A00 |PUSH dumped_.004A61DC
004A5EC8 |. 68 A0624A00 |PUSH dumped_.004A62A0 ; desc
004A5ECD |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
004A5ED0 |. E8 4BE8F5FF |CALL dumped_.00404720
004A5ED5 |. 50 |PUSH EAX ; |Section
004A5ED6 |. E8 B909F6FF |CALL <JMP.&kernel32.GetPrivateProfileSt>; \GetPrivateProfileStringA
004A5EDB |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5EE1 |. 92 |XCHG EAX,EDX
004A5EE2 |. E8 FDCCF5FF |CALL dumped_.00402BE4
004A5EE7 |. 8D85 B0FCFFFF |LEA EAX,DWORD PTR SS:[EBP-350]
004A5EED |. 8D95 E8FEFFFF |LEA EDX,DWORD PTR SS:[EBP-118]
004A5EF3 |. E8 CCE5F5FF |CALL dumped_.004044C4
004A5EF8 |. 8B95 B0FCFFFF |MOV EDX,DWORD PTR SS:[EBP-350]
004A5EFE |. 8B83 8C030000 |MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F04 |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5F0A |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5F0C |. FF51 38 |CALL DWORD PTR DS:[ECX+38]
004A5F0F |. FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5F12 |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A5F15 |.^ 0F85 6AFFFFFF \JNZ dumped_.004A5E85
004A5F1B |> 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F21 |. 8B80 3C020000 MOV EAX,DWORD PTR DS:[EAX+23C]
004A5F27 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5F29 |. FF52 14 CALL DWORD PTR DS:[EDX+14]
004A5F2C |. 3BF0 CMP ESI,EAX
004A5F2E |. 7F 04 JG SHORT dumped_.004A5F34
004A5F30 |. 85F6 TEST ESI,ESI
004A5F32 |. 7F 12 JG SHORT dumped_.004A5F46
004A5F34 |> 33D2 XOR EDX,EDX
004A5F36 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F3C |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5F3E |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5F44 |. EB 11 JMP SHORT dumped_.004A5F57
004A5F46 |> 8BD6 MOV EDX,ESI
004A5F48 |. 4A DEC EDX
004A5F49 |. 8B83 8C030000 MOV EAX,DWORD PTR DS:[EBX+38C]
004A5F4F |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A5F51 |. FF91 D0000000 CALL DWORD PTR DS:[ECX+D0]
004A5F57 |> 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A5F5D |. E8 BEE7F5FF CALL dumped_.00404720
004A5F62 |. 50 PUSH EAX
004A5F63 |. 68 00010000 PUSH 100
004A5F68 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117]
004A5F6E |. 50 PUSH EAX
004A5F6F |. 68 DC614A00 PUSH dumped_.004A61DC
004A5F74 |. 68 A8624A00 PUSH dumped_.004A62A8 ; serverlist
004A5F79 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004A5F7C |. E8 9FE7F5FF CALL dumped_.00404720
004A5F81 |. 50 PUSH EAX ; |Section
004A5F82 |. E8 0D09F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A5F87 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A5F8D |. 92 XCHG EAX,EDX
004A5F8E |. E8 51CCF5FF CALL dumped_.00402BE4
004A5F93 |. 33D2 XOR EDX,EDX
004A5F95 |. 8BC3 MOV EAX,EBX
004A5F97 |. E8 28150000 CALL dumped_.004A74C4
004A5F9C |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FA2 |. 8B80 3C020000 MOV EAX,DWORD PTR DS:[EAX+23C]
004A5FA8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A5FAA |. FF52 14 CALL DWORD PTR DS:[EDX+14]
004A5FAD |. 48 DEC EAX
004A5FAE |. 85C0 TEST EAX,EAX
004A5FB0 |. 7C 50 JL SHORT dumped_.004A6002
004A5FB2 |. 40 INC EAX
004A5FB3 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004A5FB6 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004A5FBD |> 8D8D ACFCFFFF /LEA ECX,DWORD PTR SS:[EBP-354]
004A5FC3 |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FC9 |. 8B80 3C020000 |MOV EAX,DWORD PTR DS:[EAX+23C]
004A5FCF |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004A5FD2 |. 8B30 |MOV ESI,DWORD PTR DS:[EAX]
004A5FD4 |. FF56 0C |CALL DWORD PTR DS:[ESI+C]
004A5FD7 |. 8B85 ACFCFFFF |MOV EAX,DWORD PTR SS:[EBP-354]
004A5FDD |. E8 B22AF6FF |CALL dumped_.00408A94
004A5FE2 |. 3B45 F0 |CMP EAX,DWORD PTR SS:[EBP-10]
004A5FE5 |. 75 13 |JNZ SHORT dumped_.004A5FFA
004A5FE7 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004A5FEA |. 8B83 0C030000 |MOV EAX,DWORD PTR DS:[EBX+30C]
004A5FF0 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
004A5FF2 |. FF91 D0000000 |CALL DWORD PTR DS:[ECX+D0]
004A5FF8 |. EB 08 |JMP SHORT dumped_.004A6002
004A5FFA |> FF45 F4 |INC DWORD PTR SS:[EBP-C]
004A5FFD |. FF4D E8 |DEC DWORD PTR SS:[EBP-18]
004A6000 |.^ 75 BB \JNZ SHORT dumped_.004A5FBD
004A6002 |> 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A6008 |. E8 13E7F5FF CALL dumped_.00404720
004A600D |. 50 PUSH EAX ; /IniFileName
004A600E |. 6A 00 PUSH 0 ; |Default = 0
004A6010 |. 68 B4624A00 PUSH dumped_.004A62B4 ; |targetcount
004A6015 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A601A |. E8 6D08F6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A601F |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6025 |. E8 F6E6F5FF CALL dumped_.00404720
004A602A |. 50 PUSH EAX ; /IniFileName
004A602B |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A6030 |. 8D85 E9FEFFFF LEA EAX,DWORD PTR SS:[EBP-117] ; |
004A6036 |. 50 PUSH EAX ; |ReturnBuffer
004A6037 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A603C |. 68 C0624A00 PUSH dumped_.004A62C0 ; |username
004A6041 |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A6046 |. E8 4908F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A604B |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A6051 |. 92 XCHG EAX,EDX
004A6052 |. E8 8DCBF5FF CALL dumped_.00402BE4
004A6057 |. 8D85 A8FCFFFF LEA EAX,DWORD PTR SS:[EBP-358]
004A605D |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A6063 |. E8 5CE4F5FF CALL dumped_.004044C4
004A6068 |. 8B95 A8FCFFFF MOV EDX,DWORD PTR SS:[EBP-358]
004A606E |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A6074 |. E8 6F3EFAFF CALL dumped_.00449EE8
004A6079 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A607F |. E8 9CE6F5FF CALL dumped_.00404720
004A6084 |. 50 PUSH EAX ; /IniFileName
004A6085 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A608A |. 8D85 E8FCFFFF LEA EAX,DWORD PTR SS:[EBP-318] ; |
004A6090 |. 50 PUSH EAX ; |ReturnBuffer
004A6091 |. 68 DC614A00 PUSH dumped_.004A61DC ; |Default = ""
004A6096 |. 68 CC624A00 PUSH dumped_.004A62CC ; |password
004A609B |. 68 E8614A00 PUSH dumped_.004A61E8 ; |main
004A60A0 |. E8 EF07F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A60A5 |. 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
004A60AB |. 8D8D E8FCFFFF LEA ECX,DWORD PTR SS:[EBP-318]
004A60B1 |. 91 XCHG EAX,ECX
004A60B2 |. E8 CDC5FCFF CALL dumped_.00472684
004A60B7 |. C68405 E8FDFF>MOV BYTE PTR SS:[EBP+EAX-218],0
004A60BF |. 8D85 A4FCFFFF LEA EAX,DWORD PTR SS:[EBP-35C]
004A60C5 |. 50 PUSH EAX ; /Arg1
004A60C6 |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218] ; |
004A60CC |. 8985 D0FCFFFF MOV DWORD PTR SS:[EBP-330],EAX ; |
004A60D2 |. C685 D4FCFFFF>MOV BYTE PTR SS:[EBP-32C],6 ; |
004A60D9 |. 8D95 D0FCFFFF LEA EDX,DWORD PTR SS:[EBP-330] ; |
004A60DF |. 33C9 XOR ECX,ECX ; |
004A60E1 |. B8 E0624A00 MOV EAX,dumped_.004A62E0 ; |%s
004A60E6 |. E8 C138F6FF CALL dumped_.004099AC ; \dumped_.004099AC
004A60EB |. 8B95 A4FCFFFF MOV EDX,DWORD PTR SS:[EBP-35C]
004A60F1 |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
004A60F7 |. B9 FF000000 MOV ECX,0FF
004A60FC |. E8 FBE3F5FF CALL dumped_.004044FC
004A6101 |. 8D85 A0FCFFFF LEA EAX,DWORD PTR SS:[EBP-360]
004A6107 |. 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004A610D |. E8 B2E3F5FF CALL dumped_.004044C4
004A6112 |. 8B95 A0FCFFFF MOV EDX,DWORD PTR SS:[EBP-360]
004A6118 |. 8B83 24030000 MOV EAX,DWORD PTR DS:[EBX+324]
004A611E |. E8 C53DFAFF CALL dumped_.00449EE8
004A6123 |. 8BC3 MOV EAX,EBX
004A6125 |. E8 9E0C0000 CALL dumped_.004A6DC8
004A612A |. 8BC3 MOV EAX,EBX
004A612C |. E8 17100000 CALL dumped_.004A7148
004A6131 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004A6134 |. 50 PUSH EAX
004A6135 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A6138 |. 50 PUSH EAX
004A6139 |. E8 A2F2FFFF CALL <JMP.&aaproxy.InstallHook>
004A613E |. 33C0 XOR EAX,EAX
004A6140 |. 5A POP EDX
004A6141 |. 59 POP ECX
004A6142 |. 59 POP ECX
004A6143 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A6146 |. 68 7B614A00 PUSH dumped_.004A617B
004A614B |> 8D85 A0FCFFFF LEA EAX,DWORD PTR SS:[EBP-360]
004A6151 |. BA 0C000000 MOV EDX,0C
004A6156 |. E8 29E1F5FF CALL dumped_.00404284
004A615B |. 8D85 D8FCFFFF LEA EAX,DWORD PTR SS:[EBP-328]
004A6161 |. BA 04000000 MOV EDX,4
004A6166 |. E8 19E1F5FF CALL dumped_.00404284
004A616B |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004A616E |. E8 EDE0F5FF CALL dumped_.00404260
004A6173 \. C3 RETN
004A6174 .^ E9 67DAF5FF JMP dumped_.00403BE0
004A6179 .^ EB D0 JMP SHORT dumped_.004A614B
004A617B . 5F POP EDI
004A617C . 5E POP ESI
004A617D . 5B POP EBX
004A617E . 8BE5 MOV ESP,EBP
004A6180 . 5D POP EBP
004A6181 . C3 RETN
004A6182 00 DB 00
004A6183 00 DB 00
004A6184 . FFFFFFFF DD FFFFFFFF
004A6188 . 09000000 DD 00000009
004A618C . 5C 6C 61 6E 6>ASCII "\language",0
004A6196 00 DB 00
004A6197 00 DB 00
004A6198 . FFFFFFFF DD FFFFFFFF
004A619C . 0E000000 DD 0000000E
004A61A0 . 25 73 5C 64 6>ASCII "%s\default.ini",0
004A61AF 00 DB 00
004A61B0 . FFFFFFFF DD FFFFFFFF
004A61B4 . 0E000000 DD 0000000E
004A61B8 . 25 73 5C 73 6>ASCII "%s\servers.ini",0
004A61C7 00 DB 00
004A61C8 . FFFFFFFF DD FFFFFFFF
004A61CC . 09000000 DD 00000009
004A61D0 . 5C 6C 6F 67 6>ASCII "\logo.jpg",0
004A61DA 00 DB 00
004A61DB 00 DB 00
004A61DC 00 DB 00
004A61DD 00 DB 00
004A61DE 00 DB 00
004A61DF 00 DB 00
004A61E0 . 4E 65 77 73 5>ASCII "NewsURL",0
004A61E8 . 6D 61 69 6E 0>ASCII "main",0
004A61ED 00 DB 00
004A61EE 00 DB 00
004A61EF 00 DB 00
004A61F0 . 57 65 62 73 6>ASCII "WebsiteURL",0
004A61FB 00 DB 00
004A61FC . 45 73 61 6C 6>ASCII "EsalesURL",0
004A6206 00 DB 00
004A6207 00 DB 00
004A6208 . 42 42 53 55 5>ASCII "BBSURL",0
004A620F 00 DB 00
004A6210 . 41 75 74 6F 5>ASCII "AutoUpdateURL",0
004A621E 00 DB 00
004A621F 00 DB 00
004A6220 . 56 53 00 ASCII "VS",0
004A6223 00 DB 00
004A6224 . FFFFFFFF DD FFFFFFFF
004A6228 . 0C000000 DD 0000000C
004A622C . 4F 45 4D 20 6>ASCII "OEM eborder ",0
004A6239 00 DB 00
004A623A 00 DB 00
004A623B 00 DB 00
004A623C . FFFFFFFF DD FFFFFFFF
004A6240 . 01000000 DD 00000001
004A6244 . 2E 00 ASCII ".",0
004A6246 00 DB 00
004A6247 00 DB 00
004A6248 . 49 44 43 49 4>ASCII "IDCID",0
004A624E 00 DB 00
004A624F 00 DB 00
004A6250 . 53 65 72 76 6>ASCII "ServerID",0
004A6259 00 DB 00
004A625A 00 DB 00
004A625B 00 DB 00
004A625C . 53 65 72 76 6>ASCII "ServerPort",0
004A6267 00 DB 00
004A6268 . 50 6F 72 74 4>ASCII "PortCount",0
004A6272 00 DB 00
004A6273 00 DB 00
004A6274 . FFFFFFFF DD FFFFFFFF
004A6278 . 06000000 DD 00000006
004A627C . 50 6F 72 74 2>ASCII "Port%d",0
004A6283 00 DB 00
004A6284 . 49 44 43 43 6>ASCII "IDCCount",0
004A628D 00 DB 00
004A628E 00 DB 00
004A628F 00 DB 00
004A6290 . FFFFFFFF DD FFFFFFFF
004A6294 . 05000000 DD 00000005
004A6298 . 49 44 43 25 6>ASCII "IDC%d",0
004A629E 00 DB 00
004A629F 00 DB 00
004A62A0 . 44 65 73 63 0>ASCII "Desc",0
004A62A5 00 DB 00
004A62A6 00 DB 00
004A62A7 00 DB 00
004A62A8 . 53 65 72 76 6>ASCII "ServerList",0
004A62B3 00 DB 00
004A62B4 . 54 61 72 67 6>ASCII "TargetCount",0
004A62C0 . 55 73 65 72 4>ASCII "UserName",0
004A62C9 00 DB 00
004A62CA 00 DB 00
004A62CB 00 DB 00
004A62CC . 50 61 73 73 5>ASCII "PassWord",0
004A62D5 00 DB 00
004A62D6 00 DB 00
004A62D7 00 DB 00
004A62D8 . FFFFFFFF DD FFFFFFFF
004A62DC . 02000000 DD 00000002
004A62E0 . 25 73 00 ASCII "%s",0
004A62E3 00 DB 00
004A62E4 /$ 55 PUSH EBP
004A62E5 |. 8BEC MOV EBP,ESP
004A62E7 |. 81C4 F8FEFFFF ADD ESP,-108
004A62ED |. 53 PUSH EBX
004A62EE |. 33C9 XOR ECX,ECX
004A62F0 |. 898D F8FEFFFF MOV DWORD PTR SS:[EBP-108],ECX
004A62F6 |. 898D FCFEFFFF MOV DWORD PTR SS:[EBP-104],ECX
004A62FC |. 8BD8 MOV EBX,EAX
004A62FE |. 33C0 XOR EAX,EAX
004A6300 |. 55 PUSH EBP
004A6301 |. 68 E3634A00 PUSH dumped_.004A63E3
004A6306 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A6309 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A630C |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6312 |. E8 09E4F5FF CALL dumped_.00404720
004A6317 |. 50 PUSH EAX
004A6318 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004A631E |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004A6320 |. FF92 CC000000 CALL DWORD PTR DS:[EDX+CC]
004A6326 |. 40 INC EAX
004A6327 |. 8D95 FCFEFFFF LEA EDX,DWORD PTR SS:[EBP-104]
004A632D |. E8 2626F6FF CALL dumped_.00408958
004A6332 |. 8B85 FCFEFFFF MOV EAX,DWORD PTR SS:[EBP-104]
004A6338 |. E8 E3E3F5FF CALL dumped_.00404720
004A633D |. 50 PUSH EAX ; |String
004A633E |. 68 F0634A00 PUSH dumped_.004A63F0 ; |serverid
004A6343 |. 68 FC634A00 PUSH dumped_.004A63FC ; |main
004A6348 |. E8 9F06F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A634D |. 8B83 A4030000 MOV EAX,DWORD PTR DS:[EBX+3A4]
004A6353 |. E8 C8E3F5FF CALL dumped_.00404720
004A6358 |. 50 PUSH EAX
004A6359 |. 68 00010000 PUSH 100
004A635E |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF]
004A6364 |. 50 PUSH EAX
004A6365 |. 68 04644A00 PUSH dumped_.004A6404
004A636A |. 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]
004A6370 |. 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304]
004A6376 |. E8 3D3BFAFF CALL dumped_.00449EB8
004A637B |. 8B85 F8FEFFFF MOV EAX,DWORD PTR SS:[EBP-108]
004A6381 |. E8 9AE3F5FF CALL dumped_.00404720
004A6386 |. 50 PUSH EAX ; |Key
004A6387 |. 68 08644A00 PUSH dumped_.004A6408 ; |main
004A638C |. E8 0305F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A6391 |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A6397 |. 92 XCHG EAX,EDX
004A6398 |. E8 47C8F5FF CALL dumped_.00402BE4
004A639D |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A63A3 |. E8 78E3F5FF CALL dumped_.00404720
004A63A8 |. 50 PUSH EAX ; /FileName
004A63A9 |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF] ; |
004A63AF |. 50 PUSH EAX ; |String
004A63B0 |. 68 10644A00 PUSH dumped_.004A6410 ; |serverip
004A63B5 |. 68 FC634A00 PUSH dumped_.004A63FC ; |main
004A63BA |. E8 2D06F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A63BF |. 33C0 XOR EAX,EAX
004A63C1 |. 5A POP EDX
004A63C2 |. 59 POP ECX
004A63C3 |. 59 POP ECX
004A63C4 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A63C7 |. 68 EA634A00 PUSH dumped_.004A63EA
004A63CC |> 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
004A63D2 |. E8 89DEF5FF CALL dumped_.00404260
004A63D7 |. 8D85 FCFEFFFF LEA EAX,DWORD PTR SS:[EBP-104]
004A63DD |. E8 7EDEF5FF CALL dumped_.00404260
004A63E2 \. C3 RETN
004A63E3 .^ E9 F8D7F5FF JMP dumped_.00403BE0
004A63E8 .^ EB E2 JMP SHORT dumped_.004A63CC
004A63EA . 5B POP EBX
004A63EB . 8BE5 MOV ESP,EBP
004A63ED . 5D POP EBP
004A63EE . C3 RETN
004A63EF 00 DB 00
004A63F0 . 53 65 72 76 6>ASCII "ServerID",0
004A63F9 00 DB 00
004A63FA 00 DB 00
004A63FB 00 DB 00
004A63FC . 6D 61 69 6E 0>ASCII "main",0
004A6401 00 DB 00
004A6402 00 DB 00
004A6403 00 DB 00
004A6404 00 DB 00
004A6405 00 DB 00
004A6406 00 DB 00
004A6407 00 DB 00
004A6408 . 4D 61 69 6E 0>ASCII "Main",0
004A640D 00 DB 00
004A640E 00 DB 00
004A640F 00 DB 00
004A6410 . 53 65 72 76 6>ASCII "ServerIP",0
004A6419 00 DB 00
004A641A 00 DB 00
004A641B 00 DB 00
004A641C /. 55 PUSH EBP
004A641D |. 8BEC MOV EBP,ESP
004A641F |. 6A 00 PUSH 0
004A6421 |. 53 PUSH EBX
004A6422 |. 8BD8 MOV EBX,EAX
004A6424 |. 33C0 XOR EAX,EAX
004A6426 |. 55 PUSH EBP
004A6427 |. 68 7A644A00 PUSH dumped_.004A647A
004A642C |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A642F |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A6432 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A6438 |. E8 E3E2F5FF CALL dumped_.00404720
004A643D |. 50 PUSH EAX
004A643E |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004A6441 |. 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
004A6447 |. E8 6C3AFAFF CALL dumped_.00449EB8
004A644C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A644F |. E8 CCE2F5FF CALL dumped_.00404720
004A6454 |. 50 PUSH EAX ; |String
004A6455 |. 68 88644A00 PUSH dumped_.004A6488 ; |serverport
004A645A |. 68 94644A00 PUSH dumped_.004A6494 ; |main
004A645F |. E8 8805F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A6464 |. 33C0 XOR EAX,EAX
004A6466 |. 5A POP EDX
004A6467 |. 59 POP ECX
004A6468 |. 59 POP ECX
004A6469 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A646C |. 68 81644A00 PUSH dumped_.004A6481
004A6471 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004A6474 |. E8 E7DDF5FF CALL dumped_.00404260
004A6479 \. C3 RETN
004A647A .^ E9 61D7F5FF JMP dumped_.00403BE0
004A647F .^ EB F0 JMP SHORT dumped_.004A6471
004A6481 . 5B POP EBX
004A6482 . 59 POP ECX
004A6483 . 5D POP EBP
004A6484 . C3 RETN
004A6485 00 DB 00
004A6486 00 DB 00
004A6487 00 DB 00
004A6488 . 53 65 72 76 6>ASCII "ServerPort",0
004A6493 00 DB 00
004A6494 . 6D 61 69 6E 0>ASCII "main",0
004A6499 00 DB 00
004A649A 00 DB 00
004A649B 00 DB 00
004A649C /. 55 PUSH EBP
004A649D |. 8BEC MOV EBP,ESP
004A649F |. 6A 00 PUSH 0
004A64A1 |. 53 PUSH EBX
004A64A2 |. 8BD8 MOV EBX,EAX
004A64A4 |. 33C0 XOR EAX,EAX
004A64A6 |. 55 PUSH EBP
004A64A7 |. 68 FA644A00 PUSH dumped_.004A64FA
004A64AC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A64AF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A64B2 |. 8B83 A0030000 MOV EAX,DWORD PTR DS:[EBX+3A0]
004A64B8 |. E8 63E2F5FF CALL dumped_.00404720
004A64BD |. 50 PUSH EAX
004A64BE |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
004A64C1 |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A64C7 |. E8 EC39FAFF CALL dumped_.00449EB8
004A64CC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004A64CF |. E8 4CE2F5FF CALL dumped_.00404720
004A64D4 |. 50 PUSH EAX ; |String
004A64D5 |. 68 08654A00 PUSH dumped_.004A6508 ; |username
004A64DA |. 68 14654A00 PUSH dumped_.004A6514 ; |main
004A64DF |. E8 0805F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A64E4 |. 33C0 XOR EAX,EAX
004A64E6 |. 5A POP EDX
004A64E7 |. 59 POP ECX
004A64E8 |. 59 POP ECX
004A64E9 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A64EC |. 68 01654A00 PUSH dumped_.004A6501
004A64F1 |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
004A64F4 |. E8 67DDF5FF CALL dumped_.00404260
004A64F9 \. C3 RETN
004A64FA .^ E9 E1D6F5FF JMP dumped_.00403BE0
004A64FF .^ EB F0 JMP SHORT dumped_.004A64F1
004A6501 . 5B POP EBX
004A6502 . 59 POP ECX
004A6503 . 5D POP EBP
004A6504 . C3 RETN
004A6505 00 DB 00
004A6506 00 DB 00
004A6507 00 DB 00
004A6508 . 55 73 65 72 4>ASCII "UserName",0
004A6511 00 DB 00
004A6512 00 DB 00
004A6513 00 DB 00
004A6514 . 6D 61 69 6E 0>ASCII "main",0
004A6519 00 DB 00
004A651A 00 DB 00
004A651B 00 DB 00
004A651C /. 55 PUSH EBP
004A651D |. 8BEC MOV EBP,ESP
004A651F |. 81C4 FCFCFFFF ADD ESP,-304
004A6525 |. 53 PUSH EBX
004A6526 |. 56 PUSH ESI
004A6527 |. 33C9 XOR ECX,ECX
004A6529 |. 898D FCFCFFFF MOV DWORD PTR SS:[EBP-304],ECX
004A652F |. 8BF0 MOV ESI,EAX
004A6531 |. 33C0 XOR EAX,EAX
004A6533 |. 55 PUSH EBP
004A6534 |. 68 D9654A00 PUSH dumped_.004A65D9
004A6539 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A653C |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A653F |. 8D95 FCFCFFFF LEA EDX,DWORD PTR SS:[EBP-304]
004A6545 |. 8B86 24030000 MOV EAX,DWORD PTR DS:[ESI+324]
004A654B |. E8 6839FAFF CALL dumped_.00449EB8
004A6550 |. 8B95 FCFCFFFF MOV EDX,DWORD PTR SS:[EBP-304]
004A6556 |. 8D85 00FFFFFF LEA EAX,DWORD PTR SS:[EBP-100]
004A655C |. B9 FF000000 MOV ECX,0FF
004A6561 |. E8 96DFF5FF CALL dumped_.004044FC
004A6566 |. 33DB XOR EBX,EBX
004A6568 |. 8A9D 00FFFFFF MOV BL,BYTE PTR SS:[EBP-100]
004A656E |. 8D95 01FFFFFF LEA EDX,DWORD PTR SS:[EBP-FF]
004A6574 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
004A657A |. 8BCB MOV ECX,EBX
004A657C |. E8 070CF6FF CALL dumped_.00407188
004A6581 |. 8D95 00FDFFFF LEA EDX,DWORD PTR SS:[EBP-300]
004A6587 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
004A658D |. 8BCB MOV ECX,EBX
004A658F |. E8 9CBFFCFF CALL dumped_.00472530
004A6594 |. 8BD8 MOV EBX,EAX
004A6596 |. C6841D 00FDFF>MOV BYTE PTR SS:[EBP+EBX-300],0
004A659E |. 8B86 A0030000 MOV EAX,DWORD PTR DS:[ESI+3A0]
004A65A4 |. E8 77E1F5FF CALL dumped_.00404720
004A65A9 |. 50 PUSH EAX ; /FileName
004A65AA |. 8D85 00FDFFFF LEA EAX,DWORD PTR SS:[EBP-300] ; |
004A65B0 |. 50 PUSH EAX ; |String
004A65B1 |. 68 E8654A00 PUSH dumped_.004A65E8 ; |password
004A65B6 |. 68 F4654A00 PUSH dumped_.004A65F4 ; |main
004A65BB |. E8 2C04F6FF CALL <JMP.&kernel32.WritePrivateProfileS>; \WritePrivateProfileStringA
004A65C0 |. 33C0 XOR EAX,EAX
004A65C2 |. 5A POP EDX
004A65C3 |. 59 POP ECX
004A65C4 |. 59 POP ECX
004A65C5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A65C8 |. 68 E0654A00 PUSH dumped_.004A65E0
004A65CD |> 8D85 FCFCFFFF LEA EAX,DWORD PTR SS:[EBP-304]
004A65D3 |. E8 88DCF5FF CALL dumped_.00404260
004A65D8 \. C3 RETN
004A65D9 .^ E9 02D6F5FF JMP dumped_.00403BE0
004A65DE .^ EB ED JMP SHORT dumped_.004A65CD
004A65E0 . 5E POP ESI
004A65E1 . 5B POP EBX
004A65E2 . 8BE5 MOV ESP,EBP
004A65E4 . 5D POP EBP
004A65E5 . C3 RETN
004A65E6 00 DB 00
004A65E7 00 DB 00
004A65E8 . 50 61 73 73 5>ASCII "PassWord",0
004A65F1 00 DB 00
004A65F2 00 DB 00
004A65F3 . 006D 61 ADD BYTE PTR SS:[EBP+61],CH
004A65F6 . 696E 00 00000>IMUL EBP,DWORD PTR DS:[ESI],53000000
004A65FD . 8BD8 MOV EBX,EAX
004A65FF . 6A 01 PUSH 1
004A6601 . 6A 00 PUSH 0
004A6603 . 6A 00 PUSH 0
004A6605 . 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
004A660B . E8 10E1F5FF CALL dumped_.00404720
004A6610 . 50 PUSH EAX
004A6611 . 6A 00 PUSH 0
004A6613 . 8BC3 MOV EAX,EBX
004A6615 . E8 BEA0FAFF CALL dumped_.004506D8
004A661A . 50 PUSH EAX ; |hWnd
004A661B . E8 2093F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6620 . 5B POP EBX
004A6621 . C3 RETN
004A6622 8BC0 MOV EAX,EAX
004A6624 . 53 PUSH EBX
004A6625 . 8BD8 MOV EBX,EAX
004A6627 . 6A 01 PUSH 1
004A6629 . 6A 00 PUSH 0
004A662B . 6A 00 PUSH 0
004A662D . 8B83 B4030000 MOV EAX,DWORD PTR DS:[EBX+3B4]
004A6633 . E8 E8E0F5FF CALL dumped_.00404720
004A6638 . 50 PUSH EAX
004A6639 . 6A 00 PUSH 0
004A663B . 8BC3 MOV EAX,EBX
004A663D . E8 96A0FAFF CALL dumped_.004506D8
004A6642 . 50 PUSH EAX ; |hWnd
004A6643 . E8 F892F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6648 . 5B POP EBX
004A6649 . C3 RETN
004A664A 8BC0 MOV EAX,EAX
004A664C . 53 PUSH EBX
004A664D . 8BD8 MOV EBX,EAX
004A664F . 6A 01 PUSH 1
004A6651 . 6A 00 PUSH 0
004A6653 . 6A 00 PUSH 0
004A6655 . 8B83 B8030000 MOV EAX,DWORD PTR DS:[EBX+3B8]
004A665B . E8 C0E0F5FF CALL dumped_.00404720
004A6660 . 50 PUSH EAX
004A6661 . 6A 00 PUSH 0
004A6663 . 8BC3 MOV EAX,EBX
004A6665 . E8 6EA0FAFF CALL dumped_.004506D8
004A666A . 50 PUSH EAX ; |hWnd
004A666B . E8 D092F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6670 . 5B POP EBX
004A6671 . C3 RETN
004A6672 8BC0 MOV EAX,EAX
004A6674 . 53 PUSH EBX
004A6675 . 8BD8 MOV EBX,EAX
004A6677 . 6A 01 PUSH 1
004A6679 . 6A 00 PUSH 0
004A667B . 6A 00 PUSH 0
004A667D . 8B83 B0030000 MOV EAX,DWORD PTR DS:[EBX+3B0]
004A6683 . E8 98E0F5FF CALL dumped_.00404720
004A6688 . 50 PUSH EAX
004A6689 . 6A 00 PUSH 0
004A668B . 8BC3 MOV EAX,EBX
004A668D . E8 46A0FAFF CALL dumped_.004506D8
004A6692 . 50 PUSH EAX ; |hWnd
004A6693 . E8 A892F8FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
004A6698 . 5B POP EBX
004A6699 . C3 RETN
004A669A 8BC0 MOV EAX,EAX
004A669C . 66:BA EBFF MOV DX,0FFEB
004A66A0 . E8 1F3AFAFF CALL dumped_.0044A0C4
004A66A5 . C3 RETN
004A66A6 8BC0 MOV EAX,EAX
004A66A8 /. 55 PUSH EBP
004A66A9 |. 8BEC MOV EBP,ESP
004A66AB |. 81C4 E0FDFFFF ADD ESP,-220
004A66B1 |. 53 PUSH EBX
004A66B2 |. 56 PUSH ESI
004A66B3 |. 33C9 XOR ECX,ECX
004A66B5 |. 898D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],ECX
004A66BB |. 898D E0FDFFFF MOV DWORD PTR SS:[EBP-220],ECX
004A66C1 |. 898D E8FDFFFF MOV DWORD PTR SS:[EBP-218],ECX
004A66C7 |. 898D FCFDFFFF MOV DWORD PTR SS:[EBP-204],ECX
004A66CD |. 898D F4FDFFFF MOV DWORD PTR SS:[EBP-20C],ECX
004A66D3 |. 898D F0FDFFFF MOV DWORD PTR SS:[EBP-210],ECX
004A66D9 |. 898D ECFDFFFF MOV DWORD PTR SS:[EBP-214],ECX
004A66DF |. 898D F8FDFFFF MOV DWORD PTR SS:[EBP-208],ECX
004A66E5 |. 8BF0 MOV ESI,EAX
004A66E7 |. 33C0 XOR EAX,EAX
004A66E9 |. 55 PUSH EBP
004A66EA |. 68 3F6A4A00 PUSH dumped_.004A6A3F
004A66EF |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A66F2 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A66F5 |. 33D2 XOR EDX,EDX
004A66F7 |. 8B86 48030000 MOV EAX,DWORD PTR DS:[ESI+348]
004A66FD |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A66FF |. FF51 64 CALL DWORD PTR DS:[ECX+64]
004A6702 |. BA 546A4A00 MOV EDX,dumped_.004A6A54 ; 检测帐号是否可用,请稍侯...
004A6707 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A670D |. E8 D637FAFF CALL dumped_.00449EE8
004A6712 |. 8B86 A4030000 MOV EAX,DWORD PTR DS:[ESI+3A4]
004A6718 |. E8 03E0F5FF CALL dumped_.00404720
004A671D |. 50 PUSH EAX ; /IniFileName
004A671E |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A6723 |. 8D85 01FFFFFF LEA EAX,DWORD PTR SS:[EBP-FF] ; |
004A6729 |. 50 PUSH EAX ; |ReturnBuffer
004A672A |. 68 706A4A00 PUSH dumped_.004A6A70 ; |Default = ""
004A672F |. 68 746A4A00 PUSH dumped_.004A6A74 ; |ip
004A6734 |. 68 786A4A00 PUSH dumped_.004A6A78 ; |target1
004A6739 |. E8 5601F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A673E |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A6744 |. 92 XCHG EAX,EDX
004A6745 |. E8 9AC4F5FF CALL dumped_.00402BE4
004A674A |. 8B86 A4030000 MOV EAX,DWORD PTR DS:[ESI+3A4]
004A6750 |. E8 CBDFF5FF CALL dumped_.00404720
004A6755 |. 50 PUSH EAX ; /IniFileName
004A6756 |. 6A 00 PUSH 0 ; |Default = 0
004A6758 |. 68 806A4A00 PUSH dumped_.004A6A80 ; |port
004A675D |. 68 786A4A00 PUSH dumped_.004A6A78 ; |target1
004A6762 |. E8 2501F6FF CALL <JMP.&kernel32.GetPrivateProfileInt>; \GetPrivateProfileIntA
004A6767 |. 8BD8 MOV EBX,EAX
004A6769 |. 8B86 A0030000 MOV EAX,DWORD PTR DS:[ESI+3A0]
004A676F |. E8 ACDFF5FF CALL dumped_.00404720
004A6774 |. 50 PUSH EAX ; /IniFileName
004A6775 |. 68 00010000 PUSH 100 ; |BufSize = 100 (256.)
004A677A |. 8D85 01FEFFFF LEA EAX,DWORD PTR SS:[EBP-1FF] ; |
004A6780 |. 50 PUSH EAX ; |ReturnBuffer
004A6781 |. 68 706A4A00 PUSH dumped_.004A6A70 ; |Default = ""
004A6786 |. 68 886A4A00 PUSH dumped_.004A6A88 ; |serverip
004A678B |. 68 946A4A00 PUSH dumped_.004A6A94 ; |main
004A6790 |. E8 FF00F6FF CALL <JMP.&kernel32.GetPrivateProfileStr>; \GetPrivateProfileStringA
004A6795 |. 8D95 00FEFFFF LEA EDX,DWORD PTR SS:[EBP-200]
004A679B |. 92 XCHG EAX,EDX
004A679C |. E8 43C4F5FF CALL dumped_.00402BE4
004A67A1 |. 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
004A67A7 |. 8D95 00FEFFFF LEA EDX,DWORD PTR SS:[EBP-200]
004A67AD |. E8 12DDF5FF CALL dumped_.004044C4
004A67B2 |. 8B85 FCFDFFFF MOV EAX,DWORD PTR SS:[EBP-204]
004A67B8 |. 50 PUSH EAX
004A67B9 |. 8D95 F8FDFFFF LEA EDX,DWORD PTR SS:[EBP-208]
004A67BF |. 8B86 0C030000 MOV EAX,DWORD PTR DS:[ESI+30C]
004A67C5 |. E8 EE36FAFF CALL dumped_.00449EB8
004A67CA |. 8B85 F8FDFFFF MOV EAX,DWORD PTR SS:[EBP-208]
004A67D0 |. E8 BF22F6FF CALL dumped_.00408A94
004A67D5 |. 50 PUSH EAX
004A67D6 |. 8D85 F4FDFFFF LEA EAX,DWORD PTR SS:[EBP-20C]
004A67DC |. 8D95 00FFFFFF LEA EDX,DWORD PTR SS:[EBP-100]
004A67E2 |. E8 DDDCF5FF CALL dumped_.004044C4
004A67E7 |. 8B85 F4FDFFFF MOV EAX,DWORD PTR SS:[EBP-20C]
004A67ED |. 50 PUSH EAX
004A67EE |. 53 PUSH EBX
004A67EF |. 8D95 F0FDFFFF LEA EDX,DWORD PTR SS:[EBP-210]
004A67F5 |. 8B86 24030000 MOV EAX,DWORD PTR DS:[ESI+324]
004A67FB |. E8 B836FAFF CALL dumped_.00449EB8
004A6800 |. 8B85 F0FDFFFF MOV EAX,DWORD PTR SS:[EBP-210]
004A6806 |. 50 PUSH EAX
004A6807 |. 8D95 ECFDFFFF LEA EDX,DWORD PTR SS:[EBP-214]
004A680D |. 8B86 20030000 MOV EAX,DWORD PTR DS:[ESI+320]
004A6813 |. E8 A036FAFF CALL dumped_.00449EB8
004A6818 |. 8B95 ECFDFFFF MOV EDX,DWORD PTR SS:[EBP-214]
004A681E |. 8BC6 MOV EAX,ESI
004A6820 |. 59 POP ECX
004A6821 |. E8 F6EEFFFF CALL dumped_.004A571C
004A6826 |. 8BD8 MOV EBX,EAX
004A6828 |. 0FBEC3 MOVSX EAX,BL
004A682B |. 83C0 0D ADD EAX,0D ; Switch (cases 0..FFFFFFFF)
004A682E |. 83F8 0D CMP EAX,0D
004A6831 |. 0F87 77010000 JA dumped_.004A69AE
004A6837 |. FF2485 3E684A>JMP DWORD PTR DS:[EAX*4+4A683E]
004A683E |. 9C694A00 DD dumped_.004A699C ; 分支表 被用于 004A6837
004A6842 |. 8A694A00 DD dumped_.004A698A
004A6846 |. 78694A00 DD dumped_.004A6978
004A684A |. 66694A00 DD dumped_.004A6966
004A684E |. 54694A00 DD dumped_.004A6954
004A6852 |. 3F694A00 DD dumped_.004A693F
004A6856 |. 2A694A00 DD dumped_.004A692A
004A685A |. 15694A00 DD dumped_.004A6915
004A685E |. 00694A00 DD dumped_.004A6900
004A6862 |. EB684A00 DD dumped_.004A68EB
004A6866 |. D6684A00 DD dumped_.004A68D6
004A686A |. C1684A00 DD dumped_.004A68C1
004A686E |. 8B684A00 DD dumped_.004A688B
004A6872 |. 76684A00 DD dumped_.004A6876
004A6876 |> BA A46A4A00 MOV EDX,dumped_.004A6AA4 ; Case 0 of switch 004A682B
004A687B |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6881 |. E8 6236FAFF CALL dumped_.00449EE8
004A6886 |. E9 58010000 JMP dumped_.004A69E3
004A688B |> 68 D86A4A00 PUSH dumped_.004A6AD8 ; Case FFFFFFFF of switch 004A682B
004A6890 |. FFB6 B4030000 PUSH DWORD PTR DS:[ESI+3B4]
004A6896 |. 68 F06A4A00 PUSH dumped_.004A6AF0
004A689B |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218]
004A68A1 |. BA 03000000 MOV EDX,3
004A68A6 |. E8 35DDF5FF CALL dumped_.004045E0
004A68AB |. 8B95 E8FDFFFF MOV EDX,DWORD PTR SS:[EBP-218]
004A68B1 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68B7 |. E8 2C36FAFF CALL dumped_.00449EE8
004A68BC |. E9 22010000 JMP dumped_.004A69E3
004A68C1 |> BA 006B4A00 MOV EDX,dumped_.004A6B00 ; 帐/密错误; Case FFFFFFFE of switch 004A682B
004A68C6 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68CC |. E8 1736FAFF CALL dumped_.00449EE8
004A68D1 |. E9 0D010000 JMP dumped_.004A69E3
004A68D6 |> BA 146B4A00 MOV EDX,dumped_.004A6B14 ; sql错误; Case FFFFFFFD of switch 004A682B
004A68DB |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68E1 |. E8 0236FAFF CALL dumped_.00449EE8
004A68E6 |. E9 F8000000 JMP dumped_.004A69E3
004A68EB |> BA 246B4A00 MOV EDX,dumped_.004A6B24 ; 等级不够; Case FFFFFFFC of switch 004A682B
004A68F0 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A68F6 |. E8 ED35FAFF CALL dumped_.00449EE8
004A68FB |. E9 E3000000 JMP dumped_.004A69E3
004A6900 |> BA 386B4A00 MOV EDX,dumped_.004A6B38 ; 到期; Case FFFFFFFB of switch 004A682B
004A6905 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A690B |. E8 D835FAFF CALL dumped_.00449EE8
004A6910 |. E9 CE000000 JMP dumped_.004A69E3
004A6915 |> BA 486B4A00 MOV EDX,dumped_.004A6B48 ; 冻结; Case FFFFFFFA of switch 004A682B
004A691A |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6920 |. E8 C335FAFF CALL dumped_.00449EE8
004A6925 |. E9 B9000000 JMP dumped_.004A69E3
004A692A |> BA 586B4A00 MOV EDX,dumped_.004A6B58 ; 测试号:srcip已测试过; Case FFFFFFF9 of switch 004A682B
004A692F |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6935 |. E8 AE35FAFF CALL dumped_.00449EE8
004A693A |. E9 A4000000 JMP dumped_.004A69E3
004A693F |> BA 786B4A00 MOV EDX,dumped_.004A6B78 ; 测试号:srcip段已测试过; Case FFFFFFF8 of switch 004A682B
004A6944 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A694A |. E8 9935FAFF CALL dumped_.00449EE8
004A694F |. E9 8F000000 JMP dumped_.004A69E3
004A6954 |> BA 986B4A00 MOV EDX,dumped_.004A6B98 ; 测试号:srcip同时连接过多; Case FFFFFFF7 of switch 004A682B
004A6959 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A695F |. E8 8435FAFF CALL dumped_.00449EE8
004A6964 |. EB 7D JMP SHORT dumped_.004A69E3
004A6966 |> BA BC6B4A00 MOV EDX,dumped_.004A6BBC ; 帐/密太长; Case FFFFFFF6 of switch 004A682B
004A696B |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6971 |. E8 7235FAFF CALL dumped_.00449EE8
004A6976 |. EB 6B JMP SHORT dumped_.004A69E3
004A6978 |> BA D06B4A00 MOV EDX,dumped_.004A6BD0 ; 帐/密有非法字符; Case FFFFFFF5 of switch 004A682B
004A697D |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6983 |. E8 6035FAFF CALL dumped_.00449EE8
004A6988 |. EB 59 JMP SHORT dumped_.004A69E3
004A698A |> BA E86B4A00 MOV EDX,dumped_.004A6BE8 ; 目标服务器/端口连不上; Case FFFFFFF4 of switch 004A682B
004A698F |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A6995 |. E8 4E35FAFF CALL dumped_.00449EE8
004A699A |. EB 47 JMP SHORT dumped_.004A69E3
004A699C |> BA 086C4A00 MOV EDX,dumped_.004A6C08 ; 选择的服务器/端口组合有误; Case FFFFFFF3 of switch 004A682B
004A69A1 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A69A7 |. E8 3C35FAFF CALL dumped_.00449EE8
004A69AC |. EB 35 JMP SHORT dumped_.004A69E3
004A69AE |> 8D95 E0FDFFFF LEA EDX,DWORD PTR SS:[EBP-220] ; Default case of switch 004A682B
004A69B4 |. 0FBEC3 MOVSX EAX,BL
004A69B7 |. E8 9C1FF6FF CALL dumped_.00408958
004A69BC |. 8B8D E0FDFFFF MOV ECX,DWORD PTR SS:[EBP-220]
004A69C2 |. 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
004A69C8 |. BA 2C6C4A00 MOV EDX,dumped_.004A6C2C ; 未知错误
004A69CD |. E8 9ADBF5FF CALL dumped_.0040456C
004A69D2 |. 8B95 E4FDFFFF MOV EDX,DWORD PTR SS:[EBP-21C]
004A69D8 |. 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
004A69DE |. E8 0535FAFF CALL dumped_.00449EE8
004A69E3 |> B2 01 MOV DL,1
004A69E5 |. 8B86 48030000 MOV EAX,DWORD PTR DS:[ESI+348]
004A69EB |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A69ED |. FF51 64 CALL DWORD PTR DS:[ECX+64]
004A69F0 |. 33C0 XOR EAX,EAX
004A69F2 |. 5A POP EDX
004A69F3 |. 59 POP ECX
004A69F4 |. 59 POP ECX
004A69F5 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A69F8 |. 68 466A4A00 PUSH dumped_.004A6A46
004A69FD |> 8D85 E0FDFFFF LEA EAX,DWORD PTR SS:[EBP-220]
004A6A03 |. BA 03000000 MOV EDX,3
004A6A08 |. E8 77D8F5FF CALL dumped_.00404284
004A6A0D |. 8D85 ECFDFFFF LEA EAX,DWORD PTR SS:[EBP-214]
004A6A13 |. BA 02000000 MOV EDX,2
004A6A18 |. E8 67D8F5FF CALL dumped_.00404284
004A6A1D |. 8D85 F4FDFFFF LEA EAX,DWORD PTR SS:[EBP-20C]
004A6A23 |. E8 38D8F5FF CALL dumped_.00404260
004A6A28 |. 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208]
004A6A2E |. E8 2DD8F5FF CALL dumped_.00404260
004A6A33 |. 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
004A6A39 |. E8 22D8F5FF CALL dumped_.00404260
004A6A3E \. C3 RETN
004A6A3F .^ E9 9CD1F5FF JMP dumped_.00403BE0
004A6A44 .^ EB B7 JMP SHORT dumped_.004A69FD
004A6A46 . 5E POP ESI
004A6A47 . 5B POP EBX
004A6A48 . 8BE5 MOV ESP,EBP
004A6A4A . 5D POP EBP
004A6A4B . C3 RETN
找不到正确跳转的地址
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
他的文章
- [求助]PECompact 2.53 DLL的脱壳方法 5228
- [求助]谁帮帮我!找到一个代码就是解不开!!!! 4268
- [求助]找到了关键跳转怎么修改 4239
- [求助]怎么修改这个时间限制 4949
- [求助]怎么修改这个时间限制 4197
赞赏
雪币:
留言:
