-
-
[旧帖] [求助]有大侠能帮我吗?关于逆向! 0.00雪花
-
发表于: 2007-4-28 09:53 4399
-
下面是用IDA5.0打开的bpro.dll文件,偶太土不太懂编程呐,代码似乎不长,有大侠有兴趣做个逆向吗?谢谢大侠了。
其中的debug.log功能可以不要的。
data:13371000 ;
data:13371000 ; 赏屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000 ; ? This file is generated by The Interactive Disassembler (IDA) ?
data:13371000 ; ? Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ?
data:13371000 ; ?Licensed to: Paul Ashton - Blue Lane Technologies (1-user Advanced 03/2006) ?s
data:13371000 ; 韧屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000 ;
data:13371000 ; Input MD5 : 0573A2E34C4AEF6FEB4A8E4D030F2DD1
data:13371000
data:13371000 ; File Name : D:\System\DESKTOP\bpro.dll
data:13371000 ; Format : Portable executable for 80386 (PE)
data:13371000 ; Imagebase : 13370000
data:13371000 ; Section 1. (virtual address 00001000)
data:13371000 ; Virtual size : 00001000 ( 4096.)
data:13371000 ; Section size in file : 00000250 ( 592.)
data:13371000 ; Offset to raw data for section: 00000400
data:13371000 ; Flags C0000040: Data Readable Writable
data:13371000 ; Alignment : default
data:13371000
data:13371000 .686p
data:13371000 .mmx
data:13371000 .model flat
data:13371000
data:13371000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000
data:13371000 ; Segment type: Pure data
data:13371000 ; Segment permissions: Read/Write
data:13371000 data segment para public 'DATA' use32
data:13371000 assume cs:data
data:13371000 ;org 13371000h
data:13371000 ; const void Buffer
data:13371000 Buffer db 'start',0Dh,0Ah ; DATA XREF: sub_13372030+36_o
data:13371000 ; sub_13372030+C1_o
data:13371000 db 'patches successful.',0Dh,0Ah
data:13371000 db 'DoPatch - hash_init_off - do_hash_off - logonproofhash - Error',0
data:1337105B ; char LibFileName[]
data:1337105B LibFileName db 'Game.dll',0 ; DATA XREF: sub_13372030+51_o
data:13371064 ; char Text[]
data:13371064 Text db 'Wrong Game.dll version. (need v118)',0
data:13371064 ; DATA XREF: sub_13372214-106_o
data:13371088 ; char ProcName[]
data:13371088 ProcName db 'GameMain',0 ; DATA XREF: sub_13372030+66_o
data:13371091 ; char FileName[]
data:13371091 FileName db 'debug.log',0 ; DATA XREF: sub_13372030+14_o
data:13371091 ; sub_13372030+9F_o
data:13371091 ; sub_13372163+1A_o
data:13371091 ; sub_13372214+36_o
data:13371091 ; sub_13372214+BA_o
data:13371091 ; sub_13372214+139_o
data:1337109B ; char s_00000000[]
data:1337109B s_00000000 db '00000000',0Dh,0Ah,0 ; DATA XREF: sub_13372163+4D_o
data:1337109B ; sub_13372163+64_o
data:1337109B ; sub_13372214+69_o
data:1337109B ; sub_13372214+80_o
data:1337109B ; sub_13372214+ED_o
data:1337109B ; sub_13372214+104_o ...
data:133710A6 ; char s_08x[]
data:133710A6 s_08x db '%08x',0Dh,0Ah,0 ; DATA XREF: sub_13372163+48_o
data:133710A6 ; sub_13372214+64_o
data:133710A6 ; sub_13372214+E8_o
data:133710A6 ; sub_13372214+167_o
data:133710AD db 90h ; ?
data:133710AE db 90h ; ?
data:133710AF db 90h ; ?
data:133710B0*dword_133710B0 dd 0 ; DATA XREF: DllEntryPoint_r
data:133710B0* ; DllEntryPoint+9_w
data:133710B4 db 0
data:133710B5 db 0
data:133710B6 db 0
data:133710B7 db 0
data:133710B8 db 0
data:133710B9 db 0
data:133710BA db 0
data:133710BB db 0
data:133710BC*dword_133710BC dd 0 ; DATA XREF: sub_13372124+2_r
data:133710BC* ; sub_133721FA+6_w
data:133710BC* ; sub_13372214+1_w
data:133710C0*; DWORD NumberOfBytesWritten
data:133710C0*NumberOfBytesWritten dd 0 ; DATA XREF: sub_13372030+2F_o
data:133710C0* ; sub_13372030+BA_o
data:133710C0* ; sub_13372163+35_o
data:133710C0* ; sub_13372163+5D_o
data:133710C0* ; sub_13372163+79_o
data:133710C0* ; sub_13372163+88_w ...
data:133710C4*dword_133710C4 dd 0 ; DATA XREF: sub_13372214+1D_w
data:133710C4* ; sub_13372214+197_r
data:133710C8*dword_133710C8 dd 0 ; DATA XREF: sub_13372214+A1_w
data:133710C8* ; sub_13372214+1A5_r
data:133710CC*dword_133710CC dd 0 ; DATA XREF: GameMain+6_r
data:133710CC* ; sub_13372030+76_w
data:133710D0*dword_133710D0 dd 0 ; DATA XREF: GameMain_r
data:133710D0* ; sub_13372030+60_w
data:133710D4 unk_133710D4 db 0 ; DATA XREF: sub_133721FA+10_o
data:133710D5 unk_133710D5 db 7 ; DATA XREF: sub_13372214+B_o
data:133710D6 db 0FFh
data:133710D7 db 90h ; ?
data:133710D8 db 0FFh
data:133710D9 db 0C7h ; ?
data:133710DA db 0FFh
data:133710DB db 1
data:133710DC db 0FFh
data:133710DD db 1
data:133710DE db 0FFh
data:133710DF db 23h ; #
data:133710E0 db 0FFh
data:133710E1 db 45h ; E
data:133710E2 db 0FFh
data:133710E3 db 67h ; g
data:133710E4 db 1
data:133710E5 db 13h
data:133710E6 db 0FFh
data:133710E7 db 55h ; U
data:133710E8 db 0FFh
data:133710E9 db 8Bh ; ?
data:133710EA db 0FFh
data:133710EB db 0ECh ; ?
data:133710EC db 0FFh
data:133710ED db 81h ; ?
data:133710EE db 0FFh
data:133710EF db 0ECh ; ?
data:133710F0 db 0FFh
data:133710F1 db 50h ; P
data:133710F2 db 0FFh
data:133710F3 db 1
data:133710F4 db 0FFh
data:133710F5 db 0
data:133710F6 db 0FFh
data:133710F7 db 0
data:133710F8 db 0FFh
data:133710F9 db 53h ; S
data:133710FA db 0FFh
data:133710FB db 56h ; V
data:133710FC db 0FFh
data:133710FD db 8Bh ; ?
data:133710FE db 0FFh
data:133710FF db 0D9h ; ?
data:13371100 db 0FFh
data:13371101 db 57h ; W
data:13371102 db 0FFh
data:13371103 db 8Dh ; ?
data:13371104 db 0FFh
data:13371105 db 73h ; s
data:13371106 db 0FFh
data:13371107 db 14h
data:13371108 db 0FFh
data:13371109 db 0B9h ; ?
data:1337110A db 0FFh
data:1337110B db 10h
data:1337110C db 0
data:1337110D db 0Ch
data:1337110E db 0FFh
data:1337110F db 83h ; ?
data:13371110 db 0FFh
data:13371111 db 0ECh ; ?
data:13371112 db 0FFh
data:13371113 db 2Ch ; ,
data:13371114 db 0FFh
data:13371115 db 53h ; S
data:13371116 db 0FFh
data:13371117 db 56h ; V
data:13371118 db 0FFh
data:13371119 db 57h ; W
data:1337111A db 0FFh
data:1337111B db 8Bh ; ?
data:1337111C db 0FFh
data:1337111D db 0F9h ; ?
data:1337111E db 0FFh
data:1337111F db 8Bh ; ?
data:13371120 db 0FFh
data:13371121 db 4Dh ; M
data:13371122 db 0FFh
data:13371123 db 10h
data:13371124 db 0FFh
data:13371125 db 0BAh ; ?
data:13371126 db 0
data:13371127 db 5Ch ; \
data:13371128 db 60h ; `
data:13371129 db 83h ; ?
data:1337112A db 0ECh ; ?
data:1337112B db 54h ; T
data:1337112C db 89h ; ?
data:1337112D db 0E1h ; ?
data:1337112E db 0E8h ; ?
data:1337112F*dword_1337112F dd 0FFFFFFF5h ; DATA XREF: sub_13372214+19F_w
data:13371133 db 6Ah ; j
data:13371134 db 40h ; @
data:13371135 db 59h ; Y
data:13371136 db 8Dh ; ?
data:13371137 db 7Ch ; |
data:13371138 db 24h ; $
data:13371139 db 14h
data:1337113A db 89h ; ?
data:1337113B db 0FAh ; ?
data:1337113C db 29h ; )
data:1337113D db 0C0h ; ?
data:1337113E db 0F3h ; ?
data:1337113F db 0AAh ; ?
data:13371140 db 89h ; ?
data:13371141 db 0D7h ; ?
data:13371142 db 8Bh ; ?
data:13371143 db 5Dh ; ]
data:13371144 db 8
data:13371145 db 8Dh ; ?
data:13371146 db 73h ; s
data:13371147 db 20h
data:13371148 db 6Ah ; j
data:13371149 db 10h
data:1337114A db 59h ; Y
data:1337114B db 51h ; Q
data:1337114C db 0F3h ; ?
data:1337114D db 0A4h ; ?
data:1337114E db 59h ; Y
data:1337114F db 4Ah ; J
data:13371150 db 42h ; B
data:13371151 db 49h ; I
data:13371152 db 78h ; x
data:13371153 db 0Fh
data:13371154 db 8Ah ; ?
data:13371155 db 2
data:13371156 db 3Ch ; <
data:13371157 db 41h ; A
data:13371158 db 72h ; r
data:13371159 db 0F6h ; ?
data:1337115A db 3Ch ; <
data:1337115B db 5Ah ; Z
data:1337115C db 77h ; w
data:1337115D db 0F2h ; ?
data:1337115E db 80h ; €
data:1337115F db 0Ah
data:13371160 db 20h
data:13371161 db 0EBh ; ?
data:13371162 db 0EDh ; ?
data:13371163 db 89h ; ?
data:13371164 db 0E1h ; ?
data:13371165 db 51h ; Q
data:13371166 db 53h ; S
data:13371167 db 0E8h ; ?
data:13371168*dword_13371168 dd 0FFFFFFBCh ; DATA XREF: sub_13372214+1AD_w
data:1337116C s__BI db '_^伹?,0
data:13371172 align 4
data:13371174 db 6Ah ; j
data:13371175 db 5
data:13371176 db 59h ; Y
data:13371177 db 0F3h ; ?
data:13371178 db 0A5h ; ?
data:13371179 db 83h ; ?
data:1337117A db 0C4h ; ?
data:1337117B db 54h ; T
data:1337117C db 61h ; a
data:1337117D db 5Dh ; ]
data:1337117E db 29h ; )
data:1337117F db 0C0h ; ?
data:13371180 db 40h ; @
data:13371181 db 0C2h ; ?
data:13371182 db 0Ch
data:13371183 db 0
data:13371184 db 0Fh
data:13371185 db 0FFh
data:13371186 db 3Bh ; ;
data:13371187 db 0FFh
data:13371188 db 0FEh ; ?
data:13371189 db 0FFh
data:1337118A db 75h ; u
data:1337118B db 0FFh
data:1337118C db 0Bh
data:1337118D db 0FFh
data:1337118E db 5Fh ; _
data:1337118F db 0FFh
data:13371190 db 5Eh ; ^
data:13371191 db 0FFh
data:13371192 db 33h ; 3
data:13371193 db 0FFh
data:13371194 db 0C0h ; ?
data:13371195 db 0FFh
data:13371196 db 5Bh ; [
data:13371197 db 0FFh
data:13371198 db 8Bh ; ?
data:13371199 db 0FFh
data:1337119A db 0E5h ; ?
data:1337119B db 0FFh
data:1337119C db 5Dh ; ]
data:1337119D db 0FFh
data:1337119E db 0C2h ; ?
data:1337119F db 0FFh
data:133711A0 db 10h
data:133711A1 db 0FFh
data:133711A2 db 0
data:133711A3 db 2
data:133711A4 db 1
data:133711A5 db 0EBh ; ?
data:133711A6 db 0Fh
data:133711A7 db 0FFh
data:133711A8 db 83h ; ?
data:133711A9 db 0FFh
data:133711AA db 0BDh ; ?
data:133711AB db 0FFh
data:133711AC db 44h ; D
data:133711AD db 0FFh
data:133711AE db 0FDh ; ?
data:133711AF db 0FFh
data:133711B0 db 0FFh
data:133711B1 db 0FFh
data:133711B2 db 0FFh
data:133711B3 db 0FFh
data:133711B4 db 2
data:133711B5 db 0FFh
data:133711B6 db 74h ; t
data:133711B7 db 0FFh
data:133711B8 db 0Bh
data:133711B9 db 0FFh
data:133711BA db 5Fh ; _
data:133711BB db 0FFh
data:133711BC db 5Eh ; ^
data:133711BD db 0FFh
data:133711BE db 33h ; 3
data:133711BF db 0FFh
data:133711C0 db 0C0h ; ?
data:133711C1 db 0FFh
data:133711C2 db 5Bh ; [
data:133711C3 db 0FFh
data:133711C4 db 8Bh ; ?
data:133711C5 db 7
data:133711C6 db 1
data:133711C7 db 0EBh ; ?
data:133711C8 db 10h
data:133711C9 db 0FFh
data:133711CA db 0B5h ; ?
data:133711CB db 0FFh
data:133711CC db 60h ; `
data:133711CD db 0FFh
data:133711CE db 0FFh
data:133711CF db 0FFh
data:133711D0 db 0FFh
data:133711D1 db 0FFh
data:133711D2 db 0FFh
data:133711D3 db 0FFh
data:133711D4 db 33h ; 3
data:133711D5 db 0FFh
data:133711D6 db 0D2h ; ?
data:133711D7 db 0
data:133711D8 db 0
data:133711D9 db 0
data:133711DA db 0
data:133711DB db 0
data:133711DC db 0
data:133711DD db 0
data:133711DE db 0
data:133711DF db 0FFh
data:133711E0 db 0FFh
data:133711E1 db 0FFh
data:133711E2 db 0FFh
data:133711E3 db 0
data:133711E4 db 0
data:133711E5 db 0
data:133711E6 db 0
data:133711E7 db 0FFh
data:133711E8 db 74h ; t
data:133711E9 db 0Fh
data:133711EA db 1
data:133711EB db 0EBh ; ?
data:133711EC db 9
data:133711ED db 0FFh
data:133711EE db 0F3h ; ?
data:133711EF db 0FFh
data:133711F0 db 0A7h ; ?
data:133711F1 db 0FFh
data:133711F2 db 5Fh ; _
data:133711F3 db 0FFh
data:133711F4 db 0Fh
data:133711F5 db 0FFh
data:133711F6 db 94h ; ?
data:133711F7 db 0FFh
data:133711F8 db 0C0h ; ?
data:133711F9 db 0FFh
data:133711FA db 5Eh ; ^
data:133711FB db 0FFh
data:133711FC db 8Bh ; ?
data:133711FD db 0FFh
data:133711FE db 0E5h ; ?
data:133711FF db 3
data:13371200 db 3
data:13371201 db 29h ; )
data:13371202 db 0C0h ; ?
data:13371203 db 40h ; @
data:13371204 db 0Ah
data:13371205 db 0FFh
data:13371206 db 8Bh ; ?
data:13371207 db 0FFh
data:13371208 db 0F8h ; ?
data:13371209 db 0FFh
data:1337120A db 8Dh ; ?
data:1337120B db 0FFh
data:1337120C db 45h ; E
data:1337120D db 0FFh
data:1337120E db 0Ch
data:1337120F db 0FFh
data:13371210 db 50h ; P
data:13371211 db 0FFh
data:13371212 db 8Dh ; ?
data:13371213 db 0FFh
data:13371214 db 4Dh ; M
data:13371215 db 0FFh
data:13371216 db 10h
data:13371217 db 0FFh
data:13371218 db 51h ; Q
data:13371219 db 0
data:1337121A db 14h
data:1337121B db 89h ; ?
data:1337121C db 0DEh ; ?
data:1337121D db 81h ; ?
data:1337121E db 0C6h ; ?
data:1337121F db 10h
data:13371220 db 1
data:13371221 db 0
data:13371222 db 0
data:13371223 db 0B9h ; ?
data:13371224 db 8
data:13371225 db 0
data:13371226 db 0
data:13371227 db 0
data:13371228 db 8Bh ; ?
data:13371229 db 7Dh ; }
data:1337122A db 14h
data:1337122B db 0F3h ; ?
data:1337122C db 0A5h ; ?
data:1337122D db 0EBh ; ?
data:1337122E db 1Bh
data:1337122F db 0Dh
data:13371230 db 0FFh
data:13371231 db 51h ; Q
data:13371232 db 0FFh
data:13371233 db 0B9h ; ?
data:13371234 db 0
data:13371235 db 0
data:13371236 db 0
data:13371237 db 0
data:13371238 db 0
data:13371239 db 0
data:1337123A db 0FFh
data:1337123B db 6Fh ; o
data:1337123C db 0FFh
data:1337123D db 0E8h ; ?
data:1337123E db 0
data:1337123F db 0
data:13371240 db 0
data:13371241 db 0
data:13371242 db 0
data:13371243 db 0
data:13371244 db 0
data:13371245 db 0
data:13371246 db 0FFh
data:13371247 db 0B8h ; ?
data:13371248 db 0FFh
data:13371249 db 1
data:1337124A db 6
data:1337124B db 3
data:1337124C db 59h ; Y
data:1337124D db 0EBh ; ?
data:1337124E db 2
data:1337124F db 0
data:13371250 align 1000h
data:13371250 data ends
data:13371250
code:13372000 ; Section 2. (virtual address 00002000)
code:13372000 ; Virtual size : 00001000 ( 4096.)
code:13372000 ; Section size in file : 000003F1 ( 1009.)
code:13372000 ; Offset to raw data for section: 00000800
code:13372000 ; Flags 60000060: Text Data Executable Readable
code:13372000 ; Alignment : default
code:13372000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
code:13372000
code:13372000 ; Segment type: Pure code
code:13372000 ; Segment permissions: Read/Execute
code:13372000 code segment para public 'CODE' use32
code:13372000 assume cs:code
code:13372000 ;org 13372000h
code:13372000 assume es:nothing, ss:nothing, ds:data, fs:nothing, gs:nothing
code:13372000 jmp ds:LoadLibraryA
code:13372000
code:13372006 ; Exported entry 1. GameMain
code:13372006
code:13372006 ; *************** S U B R O U T I N E ***************************************
code:13372006
code:13372006
code:13372006 public GameMain
code:13372006 GameMain proc near
code:13372006 mov eax, dword_133710D0
code:1337200B push eax
code:1337200C call dword_133710CC
code:13372012 retn 4
code:13372012
code:13372012 GameMain endp
code:13372012
code:13372015
code:13372015 ; *************** S U B R O U T I N E ***************************************
code:13372015
code:13372015
code:13372015 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved)
code:13372015 public DllEntryPoint
code:13372015 DllEntryPoint proc near
code:13372015
code:13372015 hinstDLL = dword ptr 4
code:13372015 fdwReason = dword ptr 8
code:13372015 lpReserved = dword ptr 0Ch
code:13372015
code:13372015 cmp dword_133710B0, 0
code:1337201C jnz short loc_1337202A
code:1337201C
code:1337201E mov byte ptr dword_133710B0, 1
code:13372025 call sub_13372030
code:13372025
code:1337202A
code:1337202A loc_1337202A: ; CODE XREF: DllEntryPoint+7_j
code:1337202A push 1
code:1337202C pop eax
code:1337202D retn 0Ch
code:1337202D
code:1337202D DllEntryPoint endp
code:1337202D
code:13372030
code:13372030 ; *************** S U B R O U T I N E ***************************************
code:13372030
code:13372030
code:13372030 sub_13372030 proc near ; CODE XREF: DllEntryPoint+10_p
code:13372030 pusha
code:13372031 pusha
code:13372032 push 0 ; hTemplateFile
code:13372034 push 80h ; dwFlagsAndAttributes
code:13372039 push 4 ; dwCreationDisposition
code:1337203B push 0 ; lpSecurityAttributes
code:1337203D push 0 ; dwShareMode
code:1337203F push 40000000h ; dwDesiredAccess
code:13372044 push offset FileName ; "debug.log"
code:13372049 call ds:CreateFileA
code:1337204F xchg eax, ebp
code:13372050 push 2 ; dwMoveMethod
code:13372052 push 0 ; lpDistanceToMoveHigh
code:13372054 push 0 ; lDistanceToMove
code:13372056 push ebp ; hFile
code:13372057 call ds:SetFilePointer
code:1337205D push 0 ; lpOverlapped
code:1337205F push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372064 push 7 ; nNumberOfBytesToWrite
code:13372066 push offset Buffer ; "start\r\npatches successful.\r\nDoPatch - h"...
code:1337206B push ebp ; hFile
code:1337206C call ds:WriteFile
code:13372072 push ebp ; hObject
code:13372073 call ds:CloseHandle
code:13372079 popa
code:1337207A call ds:GetCurrentProcess
code:13372080 xchg eax, ebp
code:13372081 push offset LibFileName ; "Game.dll"
code:13372086 call ds:LoadLibraryA
code:1337208C test eax, eax
code:1337208E jz short loc_13372105
code:1337208E
code:13372090 mov dword_133710D0, eax
code:13372095 xchg eax, ebx
code:13372096 push offset ProcName ; "GameMain"
code:1337209B push ebx ; hModule
code:1337209C call ds:GetProcAddress
code:133720A2 test eax, eax
code:133720A4 jz short loc_13372105
code:133720A4
code:133720A6 mov dword_133710CC, eax
code:133720AB mov edx, ebx
code:133720AD call sub_13372214
code:133720AD
code:133720B2 mov edx, 400000h
code:133720B7 call sub_133721FA
code:133720B7
code:133720BC pusha
code:133720BD push 0 ; hTemplateFile
code:133720BF push 80h ; dwFlagsAndAttributes
code:133720C4 push 4 ; dwCreationDisposition
code:133720C6 push 0 ; lpSecurityAttributes
code:133720C8 push 0 ; dwShareMode
code:133720CA push 40000000h ; dwDesiredAccess
code:133720CF push offset FileName ; "debug.log"
code:133720D4 call ds:CreateFileA
code:133720DA xchg eax, ebp
code:133720DB push 2 ; dwMoveMethod
code:133720DD push 0 ; lpDistanceToMoveHigh
code:133720DF push 0 ; lDistanceToMove
code:133720E1 push ebp ; hFile
code:133720E2 call ds:SetFilePointer
code:133720E8 push 0 ; lpOverlapped
code:133720EA push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133720EF push 15h ; nNumberOfBytesToWrite
code:133720F1 push (offset Buffer+7) ; lpBuffer
code:133720F6 push ebp ; hFile
code:133720F7 call ds:WriteFile
code:133720FD push ebp ; hObject
code:133720FE call ds:CloseHandle
code:13372104 popa
code:13372104
code:13372105
code:13372105 loc_13372105: ; CODE XREF: sub_13372030+5E_j
code:13372105 ; sub_13372030+74_j
code:13372105 popa
code:13372106 retn
code:13372106
code:13372106 sub_13372030 endp
code:13372106
code:13372107 ; ---------------------------------------------------------------------------
code:13372107 ; START OF FUNCTION CHUNK FOR sub_13372214
code:13372107
code:13372107 loc_13372107: ; CODE XREF: sub_13372214+17_j
code:13372107 ; sub_13372214+9B_j
code:13372107 ; sub_13372214+11F_j
code:13372107 ; sub_13372214+1BA_j
code:13372107 ; sub_13372214+1CC_j
code:13372107 push 0 ; uType
code:13372109 push (offset Buffer+55h) ; lpCaption
code:1337210E push offset Text ; "Wrong Game.dll version. "
code:13372113 push 0 ; hWnd
code:13372115 call ds:MessageBoxA
code:1337211B push 3 ; uExitCode
code:1337211D call ds:ExitProcess
code:13372123 retn
code:13372123
code:13372123 ; END OF FUNCTION CHUNK FOR sub_13372214
code:13372124
code:13372124 ; *************** S U B R O U T I N E ***************************************
code:13372124
code:13372124
code:13372124 sub_13372124 proc near ; CODE XREF: sub_13372214+10_p
code:13372124 ; sub_13372214+94_p
code:13372124 ; sub_13372214+118_p
code:13372124 ; sub_13372214+1C5_p
code:13372124 push ebx
code:13372125 push ecx
code:13372126 mov ecx, dword_133710BC
code:1337212C mov eax, edx
code:1337212C
code:1337212E
code:1337212E loc_1337212E: ; CODE XREF: sub_13372124+1F_j
code:1337212E movzx ebx, byte ptr [esi]
code:13372131 dec ebx
code:13372132 inc eax
code:13372133 dec ecx
code:13372134 jz short loc_13372157
code:13372134
code:13372136
code:13372136 loc_13372136: ; CODE XREF: sub_13372124+22_j
code:13372136 push ecx
code:13372137 mov cl, [esi+ebx*2+1]
code:1337213B and cl, [eax+ebx]
code:1337213E cmp cl, [esi+ebx*2+2]
code:13372142 pop ecx
code:13372143 jnz short loc_1337212E
code:13372143
code:13372145 dec ebx
code:13372146 jns short loc_13372136
code:13372146
code:13372148 movzx ebx, byte ptr [esi]
code:1337214B lea esi, [esi+ebx*2+1]
code:1337214F movsx ebx, byte ptr [esi]
code:13372152 add eax, ebx
code:13372154 inc esi
code:13372155 jmp short loc_13372160
code:13372155
code:13372157 ; ---------------------------------------------------------------------------
code:13372157
code:13372157 loc_13372157: ; CODE XREF: sub_13372124+10_j
code:13372157 xor eax, eax
code:13372159 movzx ebx, byte ptr [esi]
code:1337215C lea esi, [esi+ebx*2+2]
code:1337215C
code:13372160
code:13372160 loc_13372160: ; CODE XREF: sub_13372124+31_j
code:13372160 pop ecx
code:13372161 pop ebx
code:13372162 retn
code:13372162
code:13372162 sub_13372124 endp
code:13372162
code:13372163
code:13372163 ; *************** S U B R O U T I N E ***************************************
code:13372163
code:13372163
code:13372163 sub_13372163 proc near ; CODE XREF: sub_13372214+1B3_p
code:13372163 ; sub_13372214+1D2_p
code:13372163 push ebx
code:13372164 xor ebx, ebx
code:13372166 mov bl, [esi]
code:13372168 inc esi
code:13372169 pusha
code:1337216A push eax
code:1337216B push 0 ; hTemplateFile
code:1337216D push 80h ; dwFlagsAndAttributes
code:13372172 push 4 ; dwCreationDisposition
code:13372174 push 0 ; lpSecurityAttributes
code:13372176 push 0 ; dwShareMode
code:13372178 push 40000000h ; dwDesiredAccess
code:1337217D push offset FileName ; "debug.log"
code:13372182 call ds:CreateFileA
code:13372188 xchg eax, ebp
code:13372189 push 2 ; dwMoveMethod
code:1337218B push 0 ; lpDistanceToMoveHigh
code:1337218D push 0 ; lDistanceToMove
code:1337218F push ebp ; hFile
code:13372190 call ds:SetFilePointer
code:13372196 push 0 ; lpOverlapped
code:13372198 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337219D push 0Ah ; nNumberOfBytesToWrite
code:1337219F push (offset Buffer+1Ch) ; lpBuffer
code:133721A4 push ebp ; hFile
code:133721A5 call ds:WriteFile
code:133721AB push offset s_08x ; "%08x\r\n"
code:133721B0 push offset s_00000000 ; "00000000\r\n"
code:133721B5 call ds:wsprintfA
code:133721BB pop ecx
code:133721BC pop ecx
code:133721BD pop ecx
code:133721BE push 0 ; lpOverlapped
code:133721C0 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133721C5 push 0Ah ; nNumberOfBytesToWrite
code:133721C7 push offset s_00000000 ; "00000000\r\n"
code:133721CC push ebp ; hFile
code:133721CD call ds:WriteFile
code:133721D3 push ebp ; hObject
code:133721D4 call ds:CloseHandle
code:133721DA popa
code:133721DB pusha
code:133721DC push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133721E1 push ebx ; nSize
code:133721E2 push esi ; lpBuffer
code:133721E3 push eax ; lpBaseAddress
code:133721E4 push ebp ; hProcess
code:133721E5 call ds:WriteProcessMemory
code:133721EB mov NumberOfBytesWritten, eax
code:133721F0 popa
code:133721F1 mov eax, NumberOfBytesWritten
code:133721F6 add esi, ebx
code:133721F8 pop ebx
code:133721F9 retn
code:133721F9
code:133721F9 sub_13372163 endp
code:133721F9
code:133721FA
code:133721FA ; *************** S U B R O U T I N E ***************************************
code:133721FA
code:133721FA
code:133721FA sub_133721FA proc near ; CODE XREF: sub_13372030+87_p
code:133721FA pusha
code:133721FB mov edx, 400000h
code:13372200 mov dword_133710BC, 17D000h
code:1337220A mov esi, offset unk_133710D4
code:1337220F jmp loc_133723D4
code:1337220F
code:1337220F sub_133721FA endp
code:1337220F
code:13372214
code:13372214 ; *************** S U B R O U T I N E ***************************************
code:13372214
code:13372214
code:13372214 sub_13372214 proc near ; CODE XREF: sub_13372030+7D_p
code:13372214
code:13372214 ; FUNCTION CHUNK AT code:13372107 SIZE 0000001D BYTES
code:13372214
code:13372214 pusha
code:13372215 mov dword_133710BC, 923000h
code:1337221F mov esi, offset unk_133710D5
code:13372224 call sub_13372124
code:13372224
code:13372229 test eax, eax
code:1337222B jz loc_13372107
code:1337222B
code:13372231 mov dword_133710C4, eax
code:13372236 pusha
code:13372237 push eax
code:13372238 push 0 ; hTemplateFile
code:1337223A push 80h ; dwFlagsAndAttributes
code:1337223F push 4 ; dwCreationDisposition
code:13372241 push 0 ; lpSecurityAttributes
code:13372243 push 0 ; dwShareMode
code:13372245 push 40000000h ; dwDesiredAccess
code:1337224A push offset FileName ; "debug.log"
code:1337224F call ds:CreateFileA
code:13372255 xchg eax, ebp
code:13372256 push 2 ; dwMoveMethod
code:13372258 push 0 ; lpDistanceToMoveHigh
code:1337225A push 0 ; lDistanceToMove
code:1337225C push ebp ; hFile
code:1337225D call ds:SetFilePointer
code:13372263 push 0 ; lpOverlapped
code:13372265 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337226A push 10h ; nNumberOfBytesToWrite
code:1337226C push (offset Buffer+26h) ; lpBuffer
code:13372271 push ebp ; hFile
code:13372272 call ds:WriteFile
code:13372278 push offset s_08x ; "%08x\r\n"
code:1337227D push offset s_00000000 ; "00000000\r\n"
code:13372282 call ds:wsprintfA
code:13372288 pop ecx
code:13372289 pop ecx
code:1337228A pop ecx
code:1337228B push 0 ; lpOverlapped
code:1337228D push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372292 push 0Ah ; nNumberOfBytesToWrite
code:13372294 push offset s_00000000 ; "00000000\r\n"
code:13372299 push ebp ; hFile
code:1337229A call ds:WriteFile
code:133722A0 push ebp ; hObject
code:133722A1 call ds:CloseHandle
code:133722A7 popa
code:133722A8 call sub_13372124
code:133722A8
code:133722AD test eax, eax
code:133722AF jz loc_13372107
code:133722AF
code:133722B5 mov dword_133710C8, eax
code:133722BA pusha
code:133722BB push eax
code:133722BC push 0 ; hTemplateFile
code:133722BE push 80h ; dwFlagsAndAttributes
code:133722C3 push 4 ; dwCreationDisposition
code:133722C5 push 0 ; lpSecurityAttributes
code:133722C7 push 0 ; dwShareMode
code:133722C9 push 40000000h ; dwDesiredAccess
code:133722CE push offset FileName ; "debug.log"
code:133722D3 call ds:CreateFileA
code:133722D9 xchg eax, ebp
code:133722DA push 2 ; dwMoveMethod
code:133722DC push 0 ; lpDistanceToMoveHigh
code:133722DE push 0 ; lDistanceToMove
code:133722E0 push ebp ; hFile
code:133722E1 call ds:SetFilePointer
code:133722E7 push 0 ; lpOverlapped
code:133722E9 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133722EE push 0Eh ; nNumberOfBytesToWrite
code:133722F0 push (offset Buffer+36h) ; lpBuffer
code:133722F5 push ebp ; hFile
code:133722F6 call ds:WriteFile
code:133722FC push offset s_08x ; "%08x\r\n"
code:13372301 push offset s_00000000 ; "00000000\r\n"
code:13372306 call ds:wsprintfA
code:1337230C pop ecx
code:1337230D pop ecx
code:1337230E pop ecx
code:1337230F push 0 ; lpOverlapped
code:13372311 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372316 push 0Ah ; nNumberOfBytesToWrite
code:13372318 push offset s_00000000 ; "00000000\r\n"
code:1337231D push ebp ; hFile
code:1337231E call ds:WriteFile
code:13372324 push ebp ; hObject
code:13372325 call ds:CloseHandle
code:1337232B popa
code:1337232C call sub_13372124
code:1337232C
code:13372331 test eax, eax
code:13372333 jz loc_13372107
code:13372333
code:13372339 pusha
code:1337233A push eax
code:1337233B push 0 ; hTemplateFile
code:1337233D push 80h ; dwFlagsAndAttributes
code:13372342 push 4 ; dwCreationDisposition
code:13372344 push 0 ; lpSecurityAttributes
code:13372346 push 0 ; dwShareMode
code:13372348 push 40000000h ; dwDesiredAccess
code:1337234D push offset FileName ; "debug.log"
code:13372352 call ds:CreateFileA
code:13372358 xchg eax, ebp
code:13372359 push 2 ; dwMoveMethod
code:1337235B push 0 ; lpDistanceToMoveHigh
code:1337235D push 0 ; lDistanceToMove
code:1337235F push ebp ; hFile
code:13372360 call ds:SetFilePointer
code:13372366 push 0 ; lpOverlapped
code:13372368 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337236D push 11h ; nNumberOfBytesToWrite
code:1337236F push (offset Buffer+44h) ; lpBuffer
code:13372374 push ebp ; hFile
code:13372375 call ds:WriteFile
code:1337237B push offset s_08x ; "%08x\r\n"
code:13372380 push offset s_00000000 ; "00000000\r\n"
code:13372385 call ds:wsprintfA
code:1337238B pop ecx
code:1337238C pop ecx
code:1337238D pop ecx
code:1337238E push 0 ; lpOverlapped
code:13372390 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372395 push 0Ah ; nNumberOfBytesToWrite
code:13372397 push offset s_00000000 ; "00000000\r\n"
code:1337239C push ebp ; hFile
code:1337239D call ds:WriteFile
code:133723A3 push ebp ; hObject
code:133723A4 call ds:CloseHandle
code:133723AA popa
code:133723AB mov ebx, dword_133710C4
code:133723B1 sub ebx, eax
code:133723B3 add dword_1337112F, ebx
code:133723B9 mov ebx, dword_133710C8
code:133723BF sub ebx, eax
code:133723C1 add dword_13371168, ebx
code:133723C7 call sub_13372163
code:133723C7
code:133723CC test eax, eax
code:133723CE jz loc_13372107
code:133723CE
code:133723D4
code:133723D4 loc_133723D4: ; CODE XREF: sub_133721FA+15_j
code:133723D4 ; sub_13372214+1D9_j
code:133723D4 cmp byte ptr [esi], 0
code:133723D7 jz short loc_133723EF
code:133723D7
code:133723D9 call sub_13372124
code:133723D9
code:133723DE test eax, eax
code:133723E0 jz loc_13372107
code:133723E0
code:133723E6 call sub_13372163
code:133723E6
code:133723EB test eax, eax
code:133723ED jnz short loc_133723D4
code:133723ED
code:133723EF
code:133723EF loc_133723EF: ; CODE XREF: sub_13372214+1C3_j
code:133723EF popa
code:133723F0 retn
code:133723F0
code:133723F0 sub_13372214 endp
code:133723F0
code:133723F0 ; ---------------------------------------------------------------------------
code:133723F1 db 3 dup(?)
code:133723F4 dd 303h dup(?)
code:133723F4 code ends
code:133723F4
IMPORTS:13373000 ; ---------------------------------------------------------------------------
IMPORTS:13373000 ; Section 3. (virtual address 00003000)
IMPORTS:13373000 ; Virtual size : 00001000 ( 4096.)
IMPORTS:13373000 ; Section size in file : 0000004E ( 78.)
IMPORTS:13373000 ; Offset to raw data for section: 00000C00
IMPORTS:13373000 ; Flags 60000060: Text Data Executable Readable
IMPORTS:13373000 ; Alignment : default
IMPORTS:13373000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
IMPORTS:13373000
IMPORTS:13373000 ; Segment type: Pure code
IMPORTS:13373000 ; Segment permissions: Read/Execute
IMPORTS:13373000 IMPORTS segment para public 'CODE' use32
IMPORTS:13373000 assume cs:IMPORTS
IMPORTS:13373000 ;org 13373000h
IMPORTS:13373000 assume es:nothing, ss:nothing, ds:data, fs:nothing, gs:nothing
IMPORTS:13373000 jmp ds:LoadLibraryA
IMPORTS:13373000
IMPORTS:13373006 ; ---------------------------------------------------------------------------
IMPORTS:13373006 jmp ds:GetProcAddress
IMPORTS:13373006
IMPORTS:1337300C ; ---------------------------------------------------------------------------
IMPORTS:1337300C jmp ds:GetCurrentProcess
IMPORTS:1337300C
IMPORTS:13373012 ; ---------------------------------------------------------------------------
IMPORTS:13373012 jmp ds:ReadProcessMemory
IMPORTS:13373012
IMPORTS:13373018 ; ---------------------------------------------------------------------------
IMPORTS:13373018 jmp ds:WriteProcessMemory
IMPORTS:13373018
IMPORTS:1337301E ; ---------------------------------------------------------------------------
IMPORTS:1337301E jmp ds:MessageBoxA
IMPORTS:1337301E
IMPORTS:13373024 ; ---------------------------------------------------------------------------
IMPORTS:13373024 jmp ds:ExitProcess
IMPORTS:13373024
IMPORTS:1337302A ; ---------------------------------------------------------------------------
IMPORTS:1337302A jmp ds:CreateFileA
IMPORTS:1337302A
IMPORTS:13373030 ; ---------------------------------------------------------------------------
IMPORTS:13373030 jmp ds:WriteFile
IMPORTS:13373030
IMPORTS:13373036 ; ---------------------------------------------------------------------------
IMPORTS:13373036 jmp ds:CloseHandle
IMPORTS:13373036
IMPORTS:1337303C ; ---------------------------------------------------------------------------
IMPORTS:1337303C jmp ds:SetFilePointer
IMPORTS:1337303C
IMPORTS:13373042 ; ---------------------------------------------------------------------------
IMPORTS:13373042 jmp ds:GetTickCount
IMPORTS:13373042
IMPORTS:13373048 ; ---------------------------------------------------------------------------
IMPORTS:13373048 jmp ds:wsprintfA
IMPORTS:13373048
IMPORTS:13373048 ; ---------------------------------------------------------------------------
IMPORTS:1337304E dw ?
IMPORTS:13373050 dd 3ECh dup(?)
IMPORTS:13373050 IMPORTS ends
IMPORTS:13373050
imports:13374000 ; Section 4. (virtual address 00004000)
imports:13374000 ; Virtual size : 00001000 ( 4096.)
imports:13374000 ; Section size in file : 000001A2 ( 418.)
imports:13374000 ; Offset to raw data for section: 00000E00
imports:13374000 ; Flags 50000040: Data Shareable Readable
imports:13374000 ; Alignment : default
imports:13374000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
imports:13374000
imports:13374000 ; Segment type: Pure data
imports:13374000 ; Segment permissions: Read
imports:13374000 imports segment para public 'DATA' use32
imports:13374000 assume cs:imports
imports:13374000 ;org 13374000h
imports:13374000 db 58h ; X
imports:13374001 db 40h ; @
imports:13374002 db 0
imports:13374003 db 0
imports:13374004 db 0
imports:13374005 db 0
imports:13374006 db 0
imports:13374007 db 0
imports:13374008 db 0
imports:13374009 db 0
imports:1337400A db 0
imports:1337400B db 0
imports:1337400C db 3Ch ; <
imports:1337400D db 40h ; @
imports:1337400E db 0
imports:1337400F db 0
imports:13374010 db 88h ; ?
imports:13374011 db 40h ; @
imports:13374012 db 0
imports:13374013 db 0
imports:13374014 db 0B8h ; ?
imports:13374015 db 40h ; @
imports:13374016 db 0
imports:13374017 db 0
imports:13374018 db 0
imports:13374019 db 0
imports:1337401A db 0
imports:1337401B db 0
imports:1337401C db 0
imports:1337401D db 0
imports:1337401E db 0
imports:1337401F db 0
imports:13374020 db 4Ah ; J
imports:13374021 db 40h ; @
imports:13374022 db 0
imports:13374023 db 0
imports:13374024 db 0C4h ; ?
imports:13374025 db 40h ; @
imports:13374026 db 0
imports:13374027 db 0
imports:13374028 db 0
imports:13374029 db 0
imports:1337402A db 0
imports:1337402B db 0
imports:1337402C db 0
imports:1337402D db 0
imports:1337402E db 0
imports:1337402F db 0
imports:13374030 db 0
imports:13374031 db 0
imports:13374032 db 0
imports:13374033 db 0
imports:13374034 db 0
imports:13374035 db 0
imports:13374036 db 0
imports:13374037 db 0
imports:13374038 db 0
imports:13374039 db 0
imports:1337403A db 0
imports:1337403B db 0
imports:1337403C db 6Bh ; k
imports:1337403D db 65h ; e
imports:1337403E db 72h ; r
imports:1337403F db 6Eh ; n
imports:13374040 db 65h ; e
imports:13374041 db 6Ch ; l
imports:13374042 db 33h ; 3
imports:13374043 db 32h ; 2
imports:13374044 db 2Eh ; .
imports:13374045 db 64h ; d
imports:13374046 db 6Ch ; l
imports:13374047 db 6Ch ; l
imports:13374048 db 0
imports:13374049 db 0
imports:1337404A db 75h ; u
imports:1337404B db 73h ; s
imports:1337404C db 65h ; e
imports:1337404D db 72h ; r
imports:1337404E db 33h ; 3
imports:1337404F db 32h ; 2
imports:13374050 db 2Eh ; .
imports:13374051 db 64h ; d
imports:13374052 db 6Ch ; l
imports:13374053 db 6Ch ; l
imports:13374054 db 0
imports:13374055 db 0
imports:13374056 db 8Eh ; ?
imports:13374057 db 0
imports:13374058 db 0D0h ; ?
imports:13374059 db 40h ; @
imports:1337405A db 0
imports:1337405B db 0
imports:1337405C db 0E0h ; ?
imports:1337405D db 40h ; @
imports:1337405E db 0
imports:1337405F db 0
imports:13374060 db 0F2h ; ?
imports:13374061 db 40h ; @
imports:13374062 db 0
imports:13374063 db 0
imports:13374064 db 6
imports:13374065 db 41h ; A
imports:13374066 db 0
imports:13374067 db 0
imports:13374068 db 1Ah
imports:13374069 db 41h ; A
imports:1337406A db 0
imports:1337406B db 0
imports:1337406C db 30h ; 0
imports:1337406D db 41h ; A
imports:1337406E db 0
imports:1337406F db 0
imports:13374070 db 3Eh ; >
imports:13374071 db 41h ; A
imports:13374072 db 0
imports:13374073 db 0
imports:13374074 db 4Ch ; L
imports:13374075 db 41h ; A
imports:13374076 db 0
imports:13374077 db 0
imports:13374078 db 58h ; X
imports:13374079 db 41h ; A
imports:1337407A db 0
imports:1337407B db 0
imports:1337407C db 66h ; f
imports:1337407D db 41h ; A
imports:1337407E db 0
imports:1337407F db 0
imports:13374080 db 78h ; x
imports:13374081 db 41h ; A
imports:13374082 db 0
imports:13374083 db 0
imports:13374084 db 0
imports:13374085 db 0
imports:13374086 db 0
imports:13374087 db 0
imports:13374087 imports ends
imports:13374087
.idata:13374088 ;
.idata:13374088 ; Imports from kernel32.dll
.idata:13374088 ;
.idata:13374088 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.idata:13374088
.idata:13374088 ; Segment type: Externs
.idata:13374088 ; _idata
.idata:13374088 ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
.idata:13374088 extrn LoadLibraryA:dword ; DATA XREF: code:13372000_r
.idata:13374088 ; sub_13372030+56_r
.idata:13374088 ; IMPORTS:13373000_r
.idata:1337408C ; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
.idata:1337408C extrn GetProcAddress:dword ; DATA XREF: sub_13372030+6C_r
.idata:1337408C ; IMPORTS:13373006_r
.idata:13374090 ; HANDLE GetCurrentProcess(void)
.idata:13374090 extrn GetCurrentProcess:dword ; DATA XREF: sub_13372030+4A_r
.idata:13374090 ; IMPORTS:1337300C_r
.idata:13374094 ; BOOL __stdcall ReadProcessMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead)
.idata:13374094 extrn ReadProcessMemory:dword ; DATA XREF: IMPORTS:13373012_r
.idata:13374098 ; BOOL __stdcall WriteProcessMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten)
.idata:13374098 extrn WriteProcessMemory:dword ; DATA XREF: sub_13372163+82_r
.idata:13374098 ; IMPORTS:13373018_r
.idata:1337409C ; void __stdcall ExitProcess(UINT uExitCode)
.idata:1337409C extrn ExitProcess:dword ; DATA XREF: sub_13372214-F7_r
.idata:1337409C ; IMPORTS:13373024_r
.idata:133740A0 ; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
.idata:133740A0 extrn CreateFileA:dword ; DATA XREF: sub_13372030+19_r
.idata:133740A0 ; sub_13372030+A4_r
.idata:133740A0 ; sub_13372163+1F_r
.idata:133740A0 ; sub_13372214+3B_r
.idata:133740A0 ; sub_13372214+BF_r
.idata:133740A0 ; sub_13372214+13E_r ...
.idata:133740A4 ; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
.idata:133740A4 extrn WriteFile:dword ; DATA XREF: sub_13372030+3C_r
.idata:133740A4 ; sub_13372030+C7_r
.idata:133740A4 ; sub_13372163+42_r
.idata:133740A4 ; sub_13372163+6A_r
.idata:133740A4 ; sub_13372214+5E_r
.idata:133740A4 ; sub_13372214+86_r ...
.idata:133740A8 ; BOOL __stdcall CloseHandle(HANDLE hObject)
.idata:133740A8 extrn CloseHandle:dword ; DATA XREF: sub_13372030+43_r
.idata:133740A8 ; sub_13372030+CE_r
.idata:133740A8 ; sub_13372163+71_r
.idata:133740A8 ; sub_13372214+8D_r
.idata:133740A8 ; sub_13372214+111_r
.idata:133740A8 ; sub_13372214+190_r ...
.idata:133740AC ; DWORD __stdcall SetFilePointer(HANDLE hFile,LONG lDistanceToMove,PLONG lpDistanceToMoveHigh,DWORD dwMoveMethod)
.idata:133740AC extrn SetFilePointer:dword ; DATA XREF: sub_13372030+27_r
.idata:133740AC ; sub_13372030+B2_r
.idata:133740AC ; sub_13372163+2D_r
.idata:133740AC ; sub_13372214+49_r
.idata:133740AC ; sub_13372214+CD_r
.idata:133740AC ; sub_13372214+14C_r ...
.idata:133740B0 ; DWORD GetTickCount(void)
.idata:133740B0 extrn GetTickCount:dword ; DATA XREF: IMPORTS:13373042_r
.idata:133740B4
.idata:133740B8
.idata:133740C4 ;
.idata:133740C4 ; Imports from user32.dll
.idata:133740C4 ;
.idata:133740C4 ; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
.idata:133740C4 extrn MessageBoxA:dword ; DATA XREF: sub_13372214-FF_r
.idata:133740C4 ; IMPORTS:1337301E_r
.idata:133740C8 ; int wsprintfA(LPSTR,LPCSTR,...)
.idata:133740C8 extrn wsprintfA:dword ; DATA XREF: sub_13372163+52_r
.idata:133740C8 ; sub_13372214+6E_r
.idata:133740C8 ; sub_13372214+F2_r
.idata:133740C8 ; sub_13372214+171_r
.idata:133740C8 ; IMPORTS:13373048_r
.idata:133740CC
.idata:133740CC
imports:133740D0 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
imports:133740D0
imports:133740D0 ; Segment type: Pure data
imports:133740D0 ; Segment permissions: Read
imports:133740D0 imports segment para public 'DATA' use32
imports:133740D0 assume cs:imports
imports:133740D0 ;org 133740D0h
imports:133740D0 db 0
imports:133740D1 db 0
imports:133740D2 db 4Ch ; L
imports:133740D3 db 6Fh ; o
imports:133740D4 db 61h ; a
imports:133740D5 db 64h ; d
imports:133740D6 db 4Ch ; L
imports:133740D7 db 69h ; i
imports:133740D8 db 62h ; b
imports:133740D9 db 72h ; r
imports:133740DA db 61h ; a
imports:133740DB db 72h ; r
imports:133740DC db 79h ; y
imports:133740DD db 41h ; A
imports:133740DE db 0
imports:133740DF db 0
imports:133740E0 db 0
imports:133740E1 db 0
imports:133740E2 db 47h ; G
imports:133740E3 db 65h ; e
imports:133740E4 db 74h ; t
imports:133740E5 db 50h ; P
imports:133740E6 db 72h ; r
imports:133740E7 db 6Fh ; o
imports:133740E8 db 63h ; c
imports:133740E9 db 41h ; A
imports:133740EA db 64h ; d
imports:133740EB db 64h ; d
imports:133740EC db 72h ; r
imports:133740ED db 65h ; e
imports:133740EE db 73h ; s
imports:133740EF db 73h ; s
imports:133740F0 db 0
imports:133740F1 db 0
imports:133740F2 db 0
imports:133740F3 db 0
imports:133740F4 db 47h ; G
imports:133740F5 db 65h ; e
imports:133740F6 db 74h ; t
imports:133740F7 db 43h ; C
imports:133740F8 db 75h ; u
imports:133740F9 db 72h ; r
imports:133740FA db 72h ; r
imports:133740FB db 65h ; e
imports:133740FC db 6Eh ; n
imports:133740FD db 74h ; t
imports:133740FE db 50h ; P
imports:133740FF db 72h ; r
imports:13374100 db 6Fh ; o
imports:13374101 db 63h ; c
imports:13374102 db 65h ; e
imports:13374103 db 73h ; s
imports:13374104 db 73h ; s
imports:13374105 db 0
imports:13374106 db 0
imports:13374107 db 0
imports:13374108 db 52h ; R
imports:13374109 db 65h ; e
imports:1337410A db 61h ; a
imports:1337410B db 64h ; d
imports:1337410C db 50h ; P
imports:1337410D db 72h ; r
imports:1337410E db 6Fh ; o
imports:1337410F db 63h ; c
imports:13374110 db 65h ; e
imports:13374111 db 73h ; s
imports:13374112 db 73h ; s
imports:13374113 db 4Dh ; M
imports:13374114 db 65h ; e
imports:13374115 db 6Dh ; m
imports:13374116 db 6Fh ; o
imports:13374117 db 72h ; r
imports:13374118 db 79h ; y
imports:13374119 db 0
imports:1337411A db 0
imports:1337411B db 0
imports:1337411C db 57h ; W
imports:1337411D db 72h ; r
imports:1337411E db 69h ; i
imports:1337411F db 74h ; t
imports:13374120 db 65h ; e
imports:13374121 db 50h ; P
imports:13374122 db 72h ; r
imports:13374123 db 6Fh ; o
imports:13374124 db 63h ; c
imports:13374125 db 65h ; e
imports:13374126 db 73h ; s
imports:13374127 db 73h ; s
imports:13374128 db 4Dh ; M
imports:13374129 db 65h ; e
imports:1337412A db 6Dh ; m
imports:1337412B db 6Fh ; o
imports:1337412C db 72h ; r
imports:1337412D db 79h ; y
imports:1337412E db 0
imports:1337412F db 0
imports:13374130 db 0
imports:13374131 db 0
imports:13374132 db 45h ; E
imports:13374133 db 78h ; x
imports:13374134 db 69h ; i
imports:13374135 db 74h ; t
imports:13374136 db 50h ; P
imports:13374137 db 72h ; r
imports:13374138 db 6Fh ; o
imports:13374139 db 63h ; c
imports:1337413A db 65h ; e
imports:1337413B db 73h ; s
imports:1337413C db 73h ; s
imports:1337413D db 0
imports:1337413E db 0
imports:1337413F db 0
imports:13374140 db 43h ; C
imports:13374141 db 72h ; r
imports:13374142 db 65h ; e
imports:13374143 db 61h ; a
imports:13374144 db 74h ; t
imports:13374145 db 65h ; e
imports:13374146 db 46h ; F
imports:13374147 db 69h ; i
imports:13374148 db 6Ch ; l
imports:13374149 db 65h ; e
imports:1337414A db 41h ; A
imports:1337414B db 0
imports:1337414C db 0
imports:1337414D db 0
imports:1337414E db 57h ; W
imports:1337414F db 72h ; r
imports:13374150 db 69h ; i
imports:13374151 db 74h ; t
imports:13374152 db 65h ; e
imports:13374153 db 46h ; F
imports:13374154 db 69h ; i
imports:13374155 db 6Ch ; l
imports:13374156 db 65h ; e
imports:13374157 db 0
imports:13374158 db 0
imports:13374159 db 0
imports:1337415A db 43h ; C
imports:1337415B db 6Ch ; l
imports:1337415C db 6Fh ; o
imports:1337415D db 73h ; s
imports:1337415E db 65h ; e
imports:1337415F db 48h ; H
imports:13374160 db 61h ; a
imports:13374161 db 6Eh ; n
imports:13374162 db 64h ; d
imports:13374163 db 6Ch ; l
imports:13374164 db 65h ; e
imports:13374165 db 0
imports:13374166 db 0
imports:13374167 db 0
imports:13374168 db 53h ; S
imports:13374169 db 65h ; e
imports:1337416A db 74h ; t
imports:1337416B db 46h ; F
imports:1337416C db 69h ; i
imports:1337416D db 6Ch ; l
imports:1337416E db 65h ; e
imports:1337416F db 50h ; P
imports:13374170 db 6Fh ; o
imports:13374171 db 69h ; i
imports:13374172 db 6Eh ; n
imports:13374173 db 74h ; t
imports:13374174 db 65h ; e
imports:13374175 db 72h ; r
imports:13374176 db 0
imports:13374177 db 0
imports:13374178 db 0
imports:13374179 db 0
imports:1337417A db 47h ; G
imports:1337417B db 65h ; e
imports:1337417C db 74h ; t
imports:1337417D db 54h ; T
imports:1337417E db 69h ; i
imports:1337417F db 63h ; c
imports:13374180 db 6Bh ; k
imports:13374181 db 43h ; C
imports:13374182 db 6Fh ; o
imports:13374183 db 75h ; u
imports:13374184 db 6Eh ; n
imports:13374185 db 74h ; t
imports:13374186 db 0
imports:13374187 db 0
imports:13374188 db 0
imports:13374189 db 0
imports:1337418A db 4Dh ; M
imports:1337418B db 65h ; e
imports:1337418C db 73h ; s
imports:1337418D db 73h ; s
imports:1337418E db 61h ; a
imports:1337418F db 67h ; g
imports:13374190 db 65h ; e
imports:13374191 db 42h ; B
imports:13374192 db 6Fh ; o
imports:13374193 db 78h ; x
imports:13374194 db 41h ; A
imports:13374195 db 0
imports:13374196 db 0
imports:13374197 db 0
imports:13374198 db 77h ; w
imports:13374199 db 73h ; s
imports:1337419A db 70h ; p
imports:1337419B db 72h ; r
imports:1337419C db 69h ; i
imports:1337419D db 6Eh ; n
imports:1337419E db 74h ; t
imports:1337419F db 66h ; f
imports:133741A0 db 41h ; A
imports:133741A1 db 0
imports:133741A2 align 1000h
imports:133741A2 imports ends
imports:133741A2
exports:13375000 ; Section 5. (virtual address 00005000)
exports:13375000 ; Virtual size : 00001000 ( 4096.)
exports:13375000 ; Section size in file : 00000044 ( 68.)
exports:13375000 ; Offset to raw data for section: 00001000
exports:13375000 ; Flags 50000040: Data Shareable Readable
exports:13375000 ; Alignment : default
exports:13375000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
exports:13375000
exports:13375000 ; Segment type: Pure data
exports:13375000 ; Segment permissions: Read
exports:13375000 exports segment para public 'DATA' use32
exports:13375000 assume cs:exports
exports:13375000 ;org 13375000h
exports:13375000 db 0
exports:13375001 db 0
exports:13375002 db 0
exports:13375003 db 0
exports:13375004 db 35h ; 5
exports:13375005 db 26h ; &
exports:13375006 db 26h ; &
exports:13375007 db 42h ; B
exports:13375008 db 0
exports:13375009 db 0
exports:1337500A db 0
exports:1337500B db 0
exports:1337500C db 3Bh ; ;
exports:1337500D db 50h ; P
exports:1337500E db 0
exports:1337500F db 0
exports:13375010 db 1
exports:13375011 db 0
exports:13375012 db 0
exports:13375013 db 0
exports:13375014 db 1
exports:13375015 db 0
exports:13375016 db 0
exports:13375017 db 0
exports:13375018 db 1
exports:13375019 db 0
exports:1337501A db 0
exports:1337501B db 0
exports:1337501C db 28h ; (
exports:1337501D db 50h ; P
exports:1337501E db 0
exports:1337501F db 0
exports:13375020 db 2Ch ; ,
exports:13375021 db 50h ; P
exports:13375022 db 0
exports:13375023 db 0
exports:13375024 db 30h ; 0
exports:13375025 db 50h ; P
exports:13375026 db 0
exports:13375027 db 0
exports:13375028 db 6
exports:13375029 db 20h
exports:1337502A db 0
exports:1337502B db 0
exports:1337502C db 32h ; 2
exports:1337502D db 50h ; P
exports:1337502E db 0
exports:1337502F db 0
exports:13375030 db 0
exports:13375031 db 0
exports:13375032 db 47h ; G
exports:13375033 db 61h ; a
exports:13375034 db 6Dh ; m
exports:13375035 db 65h ; e
exports:13375036 db 4Dh ; M
exports:13375037 db 61h ; a
exports:13375038 db 69h ; i
exports:13375039 db 6Eh ; n
exports:1337503A db 0
exports:1337503B db 77h ; w
exports:1337503C db 33h ; 3
exports:1337503D db 6Ch ; l
exports:1337503E db 68h ; h
exports:1337503F db 2Eh ; .
exports:13375040 db 64h ; d
exports:13375041 db 6Ch ; l
exports:13375042 db 6Ch ; l
exports:13375043 db 0
exports:13375044 align 1000h
exports:13375044 exports ends
exports:13375044
relocs:13376000 ; Section 6. (virtual address 00006000)
relocs:13376000 ; Virtual size : 00001000 ( 4096.)
relocs:13376000 ; Section size in file : 000000EE ( 238.)
relocs:13376000 ; Offset to raw data for section: 00001200
relocs:13376000 ; Flags 52000040: Data Discardable Shareable Readable
relocs:13376000 ; Alignment : default
relocs:13376000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
relocs:13376000
relocs:13376000 ; Segment type: Pure data
relocs:13376000 ; Segment permissions: Read
relocs:13376000 relocs segment para public 'DATA' use32
relocs:13376000 assume cs:relocs
relocs:13376000 ;org 13376000h
relocs:13376000 db 0
relocs:13376001 db 20h
relocs:13376002 db 0
relocs:13376003 db 0
relocs:13376004 db 0CCh ; ?
relocs:13376005 db 0
relocs:13376006 db 0
relocs:13376007 db 0
relocs:13376008 db 2
relocs:13376009 db 30h ; 0
relocs:1337600A db 7
relocs:1337600B db 30h ; 0
relocs:1337600C db 0Eh
relocs:1337600D db 30h ; 0
relocs:1337600E db 17h
relocs:1337600F db 30h ; 0
relocs:13376010 db 20h
relocs:13376011 db 30h ; 0
relocs:13376012 db 45h ; E
relocs:13376013 db 30h ; 0
relocs:13376014 db 4Bh ; K
relocs:13376015 db 30h ; 0
relocs:13376016 db 59h ; Y
relocs:13376017 db 30h ; 0
relocs:13376018 db 60h ; `
relocs:13376019 db 30h ; 0
relocs:1337601A db 67h ; g
relocs:1337601B db 30h ; 0
relocs:1337601C db 6Eh ; n
relocs:1337601D db 30h ; 0
relocs:1337601E db 75h ; u
relocs:1337601F db 30h ; 0
relocs:13376020 db 7Ch ; |
relocs:13376021 db 30h ; 0
relocs:13376022 db 82h ; ?
relocs:13376023 db 30h ; 0
relocs:13376024 db 88h ; ?
relocs:13376025 db 30h ; 0
relocs:13376026 db 91h ; ?
relocs:13376027 db 30h ; 0
relocs:13376028 db 97h ; ?
relocs:13376029 db 30h ; 0
relocs:1337602A db 9Eh ; ?
relocs:1337602B db 30h ; 0
relocs:1337602C db 0A7h ; ?
relocs:1337602D db 30h ; 0
relocs:1337602E db 0D0h ; ?
relocs:1337602F db 30h ; 0
relocs:13376030 db 0D6h ; ?
relocs:13376031 db 30h ; 0
relocs:13376032 db 0E4h ; ?
relocs:13376033 db 30h ; 0
relocs:13376034 db 0EBh ; ?
relocs:13376035 db 30h ; 0
relocs:13376036 db 0F2h ; ?
relocs:13376037 db 30h ; 0
relocs:13376038 db 0F9h ; ?
relocs:13376039 db 30h ; 0
relocs:1337603A db 0
relocs:1337603B db 31h ; 1
relocs:1337603C db 0Ah
relocs:1337603D db 31h ; 1
relocs:1337603E db 0Fh
relocs:1337603F db 31h ; 1
relocs:13376040 db 17h
relocs:13376041 db 31h ; 1
relocs:13376042 db 1Fh
relocs:13376043 db 31h ; 1
relocs:13376044 db 28h ; (
relocs:13376045 db 31h ; 1
relocs:13376046 db 7Eh ; ~
relocs:13376047 db 31h ; 1
relocs:13376048 db 84h ; ?
relocs:13376049 db 31h ; 1
relocs:1337604A db 92h ; ?
relocs:1337604B db 31h ; 1
relocs:1337604C db 99h ; ?
relocs:1337604D db 31h ; 1
relocs:1337604E db 0A0h ; ?
relocs:1337604F db 31h ; 1
relocs:13376050 db 0A7h ; ?
relocs:13376051 db 31h ; 1
relocs:13376052 db 0ACh ; ?
relocs:13376053 db 31h ; 1
relocs:13376054 db 0B1h ; ?
relocs:13376055 db 31h ; 1
relocs:13376056 db 0B7h ; ?
relocs:13376057 db 31h ; 1
relocs:13376058 db 0C1h ; ?
relocs:13376059 db 31h ; 1
relocs:1337605A db 0C8h ; ?
relocs:1337605B db 31h ; 1
relocs:1337605C db 0CFh ; ?
relocs:1337605D db 31h ; 1
relocs:1337605E db 0D6h ; ?
relocs:1337605F db 31h ; 1
relocs:13376060 db 0DDh ; ?
relocs:13376061 db 31h ; 1
relocs:13376062 db 0E7h ; ?
relocs:13376063 db 31h ; 1
relocs:13376064 db 0ECh ; ?
relocs:13376065 db 31h ; 1
relocs:13376066 db 0F2h ; ?
relocs:13376067 db 31h ; 1
relocs:13376068 db 2
relocs:13376069 db 32h ; 2
relocs:1337606A db 0Bh
relocs:1337606B db 32h ; 2
relocs:1337606C db 17h
relocs:1337606D db 32h ; 2
relocs:1337606E db 20h
relocs:1337606F db 32h ; 2
relocs:13376070 db 32h ; 2
relocs:13376071 db 32h ; 2
relocs:13376072 db 4Bh ; K
relocs:13376073 db 32h ; 2
relocs:13376074 db 51h ; Q
relocs:13376075 db 32h ; 2
relocs:13376076 db 5Fh ; _
relocs:13376077 db 32h ; 2
relocs:13376078 db 66h ; f
relocs:13376079 db 32h ; 2
relocs:1337607A db 6Dh ; m
relocs:1337607B db 32h ; 2
relocs:1337607C db 74h ; t
relocs:1337607D db 32h ; 2
relocs:1337607E db 79h ; y
relocs:1337607F db 32h ; 2
relocs:13376080 db 7Eh ; ~
relocs:13376081 db 32h ; 2
relocs:13376082 db 84h ; ?
relocs:13376083 db 32h ; 2
relocs:13376084 db 8Eh ; ?
relocs:13376085 db 32h ; 2
relocs:13376086 db 95h ; ?
relocs:13376087 db 32h ; 2
relocs:13376088 db 9Ch ; ?
relocs:13376089 db 32h ; 2
relocs:1337608A db 0A3h ; ?
relocs:1337608B db 32h ; 2
relocs:1337608C db 0B6h ; ?
relocs:1337608D db 32h ; 2
relocs:1337608E db 0CFh ; ?
relocs:1337608F db 32h ; 2
relocs:13376090 db 0D5h ; ?
relocs:13376091 db 32h ; 2
relocs:13376092 db 0E3h ; ?
relocs:13376093 db 32h ; 2
relocs:13376094 db 0EAh ; ?
relocs:13376095 db 32h ; 2
relocs:13376096 db 0F1h ; ?
relocs:13376097 db 32h ; 2
relocs:13376098 db 0F8h ; ?
relocs:13376099 db 32h ; 2
relocs:1337609A db 0FDh ; ?
relocs:1337609B db 32h ; 2
relocs:1337609C db 2
relocs:1337609D db 33h ; 3
relocs:1337609E db 8
relocs:1337609F db 33h ; 3
relocs:133760A0 db 12h
relocs:133760A1 db 33h ; 3
relocs:133760A2 db 19h
relocs:133760A3 db 33h ; 3
relocs:133760A4 db 20h
relocs:133760A5 db 33h ; 3
relocs:133760A6 db 27h ; '
relocs:133760A7 db 33h ; 3
relocs:133760A8 db 4Eh ; N
relocs:133760A9 db 33h ; 3
relocs:133760AA db 54h ; T
relocs:133760AB db 33h ; 3
relocs:133760AC db 62h ; b
relocs:133760AD db 33h ; 3
relocs:133760AE db 69h ; i
relocs:133760AF db 33h ; 3
relocs:133760B0 db 70h ; p
relocs:133760B1 db 33h ; 3
relocs:133760B2 db 77h ; w
relocs:133760B3 db 33h ; 3
relocs:133760B4 db 7Ch ; |
relocs:133760B5 db 33h ; 3
relocs:133760B6 db 81h ; ?
relocs:133760B7 db 33h ; 3
relocs:133760B8 db 87h ; ?
relocs:133760B9 db 33h ; 3
relocs:133760BA db 91h ; ?
relocs:133760BB db 33h ; 3
relocs:133760BC db 98h ; ?
relocs:133760BD db 33h ; 3
relocs:133760BE db 9Fh ; ?
relocs:133760BF db 33h ; 3
relocs:133760C0 db 0A6h ; ?
relocs:133760C1 db 33h ; 3
relocs:133760C2 db 0ADh ; ?
relocs:133760C3 db 33h ; 3
relocs:133760C4 db 0B5h ; ?
relocs:133760C5 db 33h ; 3
relocs:133760C6 db 0BBh ; ?
relocs:133760C7 db 33h ; 3
relocs:133760C8 db 0C3h ; ?
relocs:133760C9 db 33h ; 3
relocs:133760CA db 0
relocs:133760CB db 0
relocs:133760CC db 0
relocs:133760CD db 30h ; 0
relocs:133760CE db 0
relocs:133760CF db 0
relocs:133760D0 db 22h ; "
relocs:133760D1 db 0
relocs:133760D2 db 0
relocs:133760D3 db 0
relocs:133760D4 db 2
relocs:133760D5 db 30h ; 0
relocs:133760D6 db 8
relocs:133760D7 db 30h ; 0
relocs:133760D8 db 0Eh
relocs:133760D9 db 30h ; 0
relocs:133760DA db 14h
relocs:133760DB db 30h ; 0
relocs:133760DC db 1Ah
relocs:133760DD db 30h ; 0
relocs:133760DE db 20h
relocs:133760DF db 30h ; 0
relocs:133760E0 db 26h ; &
relocs:133760E1 db 30h ; 0
relocs:133760E2 db 2Ch ; ,
relocs:133760E3 db 30h ; 0
relocs:133760E4 db 32h ; 2
relocs:133760E5 db 30h ; 0
relocs:133760E6 db 38h ; 8
relocs:133760E7 db 30h ; 0
relocs:133760E8 db 3Eh ; >
relocs:133760E9 db 30h ; 0
relocs:133760EA db 44h ; D
relocs:133760EB db 30h ; 0
relocs:133760EC db 4Ah ; J
relocs:133760ED db 30h ; 0
relocs:133760EE align 1000h
relocs:133760EE relocs ends
relocs:133760EE
relocs:133760EE
relocs:133760EE end DllEntryPoint
其中的debug.log功能可以不要的。
data:13371000 ;
data:13371000 ; 赏屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000 ; ? This file is generated by The Interactive Disassembler (IDA) ?
data:13371000 ; ? Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ?
data:13371000 ; ?Licensed to: Paul Ashton - Blue Lane Technologies (1-user Advanced 03/2006) ?s
data:13371000 ; 韧屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000 ;
data:13371000 ; Input MD5 : 0573A2E34C4AEF6FEB4A8E4D030F2DD1
data:13371000
data:13371000 ; File Name : D:\System\DESKTOP\bpro.dll
data:13371000 ; Format : Portable executable for 80386 (PE)
data:13371000 ; Imagebase : 13370000
data:13371000 ; Section 1. (virtual address 00001000)
data:13371000 ; Virtual size : 00001000 ( 4096.)
data:13371000 ; Section size in file : 00000250 ( 592.)
data:13371000 ; Offset to raw data for section: 00000400
data:13371000 ; Flags C0000040: Data Readable Writable
data:13371000 ; Alignment : default
data:13371000
data:13371000 .686p
data:13371000 .mmx
data:13371000 .model flat
data:13371000
data:13371000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
data:13371000
data:13371000 ; Segment type: Pure data
data:13371000 ; Segment permissions: Read/Write
data:13371000 data segment para public 'DATA' use32
data:13371000 assume cs:data
data:13371000 ;org 13371000h
data:13371000 ; const void Buffer
data:13371000 Buffer db 'start',0Dh,0Ah ; DATA XREF: sub_13372030+36_o
data:13371000 ; sub_13372030+C1_o
data:13371000 db 'patches successful.',0Dh,0Ah
data:13371000 db 'DoPatch - hash_init_off - do_hash_off - logonproofhash - Error',0
data:1337105B ; char LibFileName[]
data:1337105B LibFileName db 'Game.dll',0 ; DATA XREF: sub_13372030+51_o
data:13371064 ; char Text[]
data:13371064 Text db 'Wrong Game.dll version. (need v118)',0
data:13371064 ; DATA XREF: sub_13372214-106_o
data:13371088 ; char ProcName[]
data:13371088 ProcName db 'GameMain',0 ; DATA XREF: sub_13372030+66_o
data:13371091 ; char FileName[]
data:13371091 FileName db 'debug.log',0 ; DATA XREF: sub_13372030+14_o
data:13371091 ; sub_13372030+9F_o
data:13371091 ; sub_13372163+1A_o
data:13371091 ; sub_13372214+36_o
data:13371091 ; sub_13372214+BA_o
data:13371091 ; sub_13372214+139_o
data:1337109B ; char s_00000000[]
data:1337109B s_00000000 db '00000000',0Dh,0Ah,0 ; DATA XREF: sub_13372163+4D_o
data:1337109B ; sub_13372163+64_o
data:1337109B ; sub_13372214+69_o
data:1337109B ; sub_13372214+80_o
data:1337109B ; sub_13372214+ED_o
data:1337109B ; sub_13372214+104_o ...
data:133710A6 ; char s_08x[]
data:133710A6 s_08x db '%08x',0Dh,0Ah,0 ; DATA XREF: sub_13372163+48_o
data:133710A6 ; sub_13372214+64_o
data:133710A6 ; sub_13372214+E8_o
data:133710A6 ; sub_13372214+167_o
data:133710AD db 90h ; ?
data:133710AE db 90h ; ?
data:133710AF db 90h ; ?
data:133710B0*dword_133710B0 dd 0 ; DATA XREF: DllEntryPoint_r
data:133710B0* ; DllEntryPoint+9_w
data:133710B4 db 0
data:133710B5 db 0
data:133710B6 db 0
data:133710B7 db 0
data:133710B8 db 0
data:133710B9 db 0
data:133710BA db 0
data:133710BB db 0
data:133710BC*dword_133710BC dd 0 ; DATA XREF: sub_13372124+2_r
data:133710BC* ; sub_133721FA+6_w
data:133710BC* ; sub_13372214+1_w
data:133710C0*; DWORD NumberOfBytesWritten
data:133710C0*NumberOfBytesWritten dd 0 ; DATA XREF: sub_13372030+2F_o
data:133710C0* ; sub_13372030+BA_o
data:133710C0* ; sub_13372163+35_o
data:133710C0* ; sub_13372163+5D_o
data:133710C0* ; sub_13372163+79_o
data:133710C0* ; sub_13372163+88_w ...
data:133710C4*dword_133710C4 dd 0 ; DATA XREF: sub_13372214+1D_w
data:133710C4* ; sub_13372214+197_r
data:133710C8*dword_133710C8 dd 0 ; DATA XREF: sub_13372214+A1_w
data:133710C8* ; sub_13372214+1A5_r
data:133710CC*dword_133710CC dd 0 ; DATA XREF: GameMain+6_r
data:133710CC* ; sub_13372030+76_w
data:133710D0*dword_133710D0 dd 0 ; DATA XREF: GameMain_r
data:133710D0* ; sub_13372030+60_w
data:133710D4 unk_133710D4 db 0 ; DATA XREF: sub_133721FA+10_o
data:133710D5 unk_133710D5 db 7 ; DATA XREF: sub_13372214+B_o
data:133710D6 db 0FFh
data:133710D7 db 90h ; ?
data:133710D8 db 0FFh
data:133710D9 db 0C7h ; ?
data:133710DA db 0FFh
data:133710DB db 1
data:133710DC db 0FFh
data:133710DD db 1
data:133710DE db 0FFh
data:133710DF db 23h ; #
data:133710E0 db 0FFh
data:133710E1 db 45h ; E
data:133710E2 db 0FFh
data:133710E3 db 67h ; g
data:133710E4 db 1
data:133710E5 db 13h
data:133710E6 db 0FFh
data:133710E7 db 55h ; U
data:133710E8 db 0FFh
data:133710E9 db 8Bh ; ?
data:133710EA db 0FFh
data:133710EB db 0ECh ; ?
data:133710EC db 0FFh
data:133710ED db 81h ; ?
data:133710EE db 0FFh
data:133710EF db 0ECh ; ?
data:133710F0 db 0FFh
data:133710F1 db 50h ; P
data:133710F2 db 0FFh
data:133710F3 db 1
data:133710F4 db 0FFh
data:133710F5 db 0
data:133710F6 db 0FFh
data:133710F7 db 0
data:133710F8 db 0FFh
data:133710F9 db 53h ; S
data:133710FA db 0FFh
data:133710FB db 56h ; V
data:133710FC db 0FFh
data:133710FD db 8Bh ; ?
data:133710FE db 0FFh
data:133710FF db 0D9h ; ?
data:13371100 db 0FFh
data:13371101 db 57h ; W
data:13371102 db 0FFh
data:13371103 db 8Dh ; ?
data:13371104 db 0FFh
data:13371105 db 73h ; s
data:13371106 db 0FFh
data:13371107 db 14h
data:13371108 db 0FFh
data:13371109 db 0B9h ; ?
data:1337110A db 0FFh
data:1337110B db 10h
data:1337110C db 0
data:1337110D db 0Ch
data:1337110E db 0FFh
data:1337110F db 83h ; ?
data:13371110 db 0FFh
data:13371111 db 0ECh ; ?
data:13371112 db 0FFh
data:13371113 db 2Ch ; ,
data:13371114 db 0FFh
data:13371115 db 53h ; S
data:13371116 db 0FFh
data:13371117 db 56h ; V
data:13371118 db 0FFh
data:13371119 db 57h ; W
data:1337111A db 0FFh
data:1337111B db 8Bh ; ?
data:1337111C db 0FFh
data:1337111D db 0F9h ; ?
data:1337111E db 0FFh
data:1337111F db 8Bh ; ?
data:13371120 db 0FFh
data:13371121 db 4Dh ; M
data:13371122 db 0FFh
data:13371123 db 10h
data:13371124 db 0FFh
data:13371125 db 0BAh ; ?
data:13371126 db 0
data:13371127 db 5Ch ; \
data:13371128 db 60h ; `
data:13371129 db 83h ; ?
data:1337112A db 0ECh ; ?
data:1337112B db 54h ; T
data:1337112C db 89h ; ?
data:1337112D db 0E1h ; ?
data:1337112E db 0E8h ; ?
data:1337112F*dword_1337112F dd 0FFFFFFF5h ; DATA XREF: sub_13372214+19F_w
data:13371133 db 6Ah ; j
data:13371134 db 40h ; @
data:13371135 db 59h ; Y
data:13371136 db 8Dh ; ?
data:13371137 db 7Ch ; |
data:13371138 db 24h ; $
data:13371139 db 14h
data:1337113A db 89h ; ?
data:1337113B db 0FAh ; ?
data:1337113C db 29h ; )
data:1337113D db 0C0h ; ?
data:1337113E db 0F3h ; ?
data:1337113F db 0AAh ; ?
data:13371140 db 89h ; ?
data:13371141 db 0D7h ; ?
data:13371142 db 8Bh ; ?
data:13371143 db 5Dh ; ]
data:13371144 db 8
data:13371145 db 8Dh ; ?
data:13371146 db 73h ; s
data:13371147 db 20h
data:13371148 db 6Ah ; j
data:13371149 db 10h
data:1337114A db 59h ; Y
data:1337114B db 51h ; Q
data:1337114C db 0F3h ; ?
data:1337114D db 0A4h ; ?
data:1337114E db 59h ; Y
data:1337114F db 4Ah ; J
data:13371150 db 42h ; B
data:13371151 db 49h ; I
data:13371152 db 78h ; x
data:13371153 db 0Fh
data:13371154 db 8Ah ; ?
data:13371155 db 2
data:13371156 db 3Ch ; <
data:13371157 db 41h ; A
data:13371158 db 72h ; r
data:13371159 db 0F6h ; ?
data:1337115A db 3Ch ; <
data:1337115B db 5Ah ; Z
data:1337115C db 77h ; w
data:1337115D db 0F2h ; ?
data:1337115E db 80h ; €
data:1337115F db 0Ah
data:13371160 db 20h
data:13371161 db 0EBh ; ?
data:13371162 db 0EDh ; ?
data:13371163 db 89h ; ?
data:13371164 db 0E1h ; ?
data:13371165 db 51h ; Q
data:13371166 db 53h ; S
data:13371167 db 0E8h ; ?
data:13371168*dword_13371168 dd 0FFFFFFBCh ; DATA XREF: sub_13372214+1AD_w
data:1337116C s__BI db '_^伹?,0
data:13371172 align 4
data:13371174 db 6Ah ; j
data:13371175 db 5
data:13371176 db 59h ; Y
data:13371177 db 0F3h ; ?
data:13371178 db 0A5h ; ?
data:13371179 db 83h ; ?
data:1337117A db 0C4h ; ?
data:1337117B db 54h ; T
data:1337117C db 61h ; a
data:1337117D db 5Dh ; ]
data:1337117E db 29h ; )
data:1337117F db 0C0h ; ?
data:13371180 db 40h ; @
data:13371181 db 0C2h ; ?
data:13371182 db 0Ch
data:13371183 db 0
data:13371184 db 0Fh
data:13371185 db 0FFh
data:13371186 db 3Bh ; ;
data:13371187 db 0FFh
data:13371188 db 0FEh ; ?
data:13371189 db 0FFh
data:1337118A db 75h ; u
data:1337118B db 0FFh
data:1337118C db 0Bh
data:1337118D db 0FFh
data:1337118E db 5Fh ; _
data:1337118F db 0FFh
data:13371190 db 5Eh ; ^
data:13371191 db 0FFh
data:13371192 db 33h ; 3
data:13371193 db 0FFh
data:13371194 db 0C0h ; ?
data:13371195 db 0FFh
data:13371196 db 5Bh ; [
data:13371197 db 0FFh
data:13371198 db 8Bh ; ?
data:13371199 db 0FFh
data:1337119A db 0E5h ; ?
data:1337119B db 0FFh
data:1337119C db 5Dh ; ]
data:1337119D db 0FFh
data:1337119E db 0C2h ; ?
data:1337119F db 0FFh
data:133711A0 db 10h
data:133711A1 db 0FFh
data:133711A2 db 0
data:133711A3 db 2
data:133711A4 db 1
data:133711A5 db 0EBh ; ?
data:133711A6 db 0Fh
data:133711A7 db 0FFh
data:133711A8 db 83h ; ?
data:133711A9 db 0FFh
data:133711AA db 0BDh ; ?
data:133711AB db 0FFh
data:133711AC db 44h ; D
data:133711AD db 0FFh
data:133711AE db 0FDh ; ?
data:133711AF db 0FFh
data:133711B0 db 0FFh
data:133711B1 db 0FFh
data:133711B2 db 0FFh
data:133711B3 db 0FFh
data:133711B4 db 2
data:133711B5 db 0FFh
data:133711B6 db 74h ; t
data:133711B7 db 0FFh
data:133711B8 db 0Bh
data:133711B9 db 0FFh
data:133711BA db 5Fh ; _
data:133711BB db 0FFh
data:133711BC db 5Eh ; ^
data:133711BD db 0FFh
data:133711BE db 33h ; 3
data:133711BF db 0FFh
data:133711C0 db 0C0h ; ?
data:133711C1 db 0FFh
data:133711C2 db 5Bh ; [
data:133711C3 db 0FFh
data:133711C4 db 8Bh ; ?
data:133711C5 db 7
data:133711C6 db 1
data:133711C7 db 0EBh ; ?
data:133711C8 db 10h
data:133711C9 db 0FFh
data:133711CA db 0B5h ; ?
data:133711CB db 0FFh
data:133711CC db 60h ; `
data:133711CD db 0FFh
data:133711CE db 0FFh
data:133711CF db 0FFh
data:133711D0 db 0FFh
data:133711D1 db 0FFh
data:133711D2 db 0FFh
data:133711D3 db 0FFh
data:133711D4 db 33h ; 3
data:133711D5 db 0FFh
data:133711D6 db 0D2h ; ?
data:133711D7 db 0
data:133711D8 db 0
data:133711D9 db 0
data:133711DA db 0
data:133711DB db 0
data:133711DC db 0
data:133711DD db 0
data:133711DE db 0
data:133711DF db 0FFh
data:133711E0 db 0FFh
data:133711E1 db 0FFh
data:133711E2 db 0FFh
data:133711E3 db 0
data:133711E4 db 0
data:133711E5 db 0
data:133711E6 db 0
data:133711E7 db 0FFh
data:133711E8 db 74h ; t
data:133711E9 db 0Fh
data:133711EA db 1
data:133711EB db 0EBh ; ?
data:133711EC db 9
data:133711ED db 0FFh
data:133711EE db 0F3h ; ?
data:133711EF db 0FFh
data:133711F0 db 0A7h ; ?
data:133711F1 db 0FFh
data:133711F2 db 5Fh ; _
data:133711F3 db 0FFh
data:133711F4 db 0Fh
data:133711F5 db 0FFh
data:133711F6 db 94h ; ?
data:133711F7 db 0FFh
data:133711F8 db 0C0h ; ?
data:133711F9 db 0FFh
data:133711FA db 5Eh ; ^
data:133711FB db 0FFh
data:133711FC db 8Bh ; ?
data:133711FD db 0FFh
data:133711FE db 0E5h ; ?
data:133711FF db 3
data:13371200 db 3
data:13371201 db 29h ; )
data:13371202 db 0C0h ; ?
data:13371203 db 40h ; @
data:13371204 db 0Ah
data:13371205 db 0FFh
data:13371206 db 8Bh ; ?
data:13371207 db 0FFh
data:13371208 db 0F8h ; ?
data:13371209 db 0FFh
data:1337120A db 8Dh ; ?
data:1337120B db 0FFh
data:1337120C db 45h ; E
data:1337120D db 0FFh
data:1337120E db 0Ch
data:1337120F db 0FFh
data:13371210 db 50h ; P
data:13371211 db 0FFh
data:13371212 db 8Dh ; ?
data:13371213 db 0FFh
data:13371214 db 4Dh ; M
data:13371215 db 0FFh
data:13371216 db 10h
data:13371217 db 0FFh
data:13371218 db 51h ; Q
data:13371219 db 0
data:1337121A db 14h
data:1337121B db 89h ; ?
data:1337121C db 0DEh ; ?
data:1337121D db 81h ; ?
data:1337121E db 0C6h ; ?
data:1337121F db 10h
data:13371220 db 1
data:13371221 db 0
data:13371222 db 0
data:13371223 db 0B9h ; ?
data:13371224 db 8
data:13371225 db 0
data:13371226 db 0
data:13371227 db 0
data:13371228 db 8Bh ; ?
data:13371229 db 7Dh ; }
data:1337122A db 14h
data:1337122B db 0F3h ; ?
data:1337122C db 0A5h ; ?
data:1337122D db 0EBh ; ?
data:1337122E db 1Bh
data:1337122F db 0Dh
data:13371230 db 0FFh
data:13371231 db 51h ; Q
data:13371232 db 0FFh
data:13371233 db 0B9h ; ?
data:13371234 db 0
data:13371235 db 0
data:13371236 db 0
data:13371237 db 0
data:13371238 db 0
data:13371239 db 0
data:1337123A db 0FFh
data:1337123B db 6Fh ; o
data:1337123C db 0FFh
data:1337123D db 0E8h ; ?
data:1337123E db 0
data:1337123F db 0
data:13371240 db 0
data:13371241 db 0
data:13371242 db 0
data:13371243 db 0
data:13371244 db 0
data:13371245 db 0
data:13371246 db 0FFh
data:13371247 db 0B8h ; ?
data:13371248 db 0FFh
data:13371249 db 1
data:1337124A db 6
data:1337124B db 3
data:1337124C db 59h ; Y
data:1337124D db 0EBh ; ?
data:1337124E db 2
data:1337124F db 0
data:13371250 align 1000h
data:13371250 data ends
data:13371250
code:13372000 ; Section 2. (virtual address 00002000)
code:13372000 ; Virtual size : 00001000 ( 4096.)
code:13372000 ; Section size in file : 000003F1 ( 1009.)
code:13372000 ; Offset to raw data for section: 00000800
code:13372000 ; Flags 60000060: Text Data Executable Readable
code:13372000 ; Alignment : default
code:13372000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
code:13372000
code:13372000 ; Segment type: Pure code
code:13372000 ; Segment permissions: Read/Execute
code:13372000 code segment para public 'CODE' use32
code:13372000 assume cs:code
code:13372000 ;org 13372000h
code:13372000 assume es:nothing, ss:nothing, ds:data, fs:nothing, gs:nothing
code:13372000 jmp ds:LoadLibraryA
code:13372000
code:13372006 ; Exported entry 1. GameMain
code:13372006
code:13372006 ; *************** S U B R O U T I N E ***************************************
code:13372006
code:13372006
code:13372006 public GameMain
code:13372006 GameMain proc near
code:13372006 mov eax, dword_133710D0
code:1337200B push eax
code:1337200C call dword_133710CC
code:13372012 retn 4
code:13372012
code:13372012 GameMain endp
code:13372012
code:13372015
code:13372015 ; *************** S U B R O U T I N E ***************************************
code:13372015
code:13372015
code:13372015 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved)
code:13372015 public DllEntryPoint
code:13372015 DllEntryPoint proc near
code:13372015
code:13372015 hinstDLL = dword ptr 4
code:13372015 fdwReason = dword ptr 8
code:13372015 lpReserved = dword ptr 0Ch
code:13372015
code:13372015 cmp dword_133710B0, 0
code:1337201C jnz short loc_1337202A
code:1337201C
code:1337201E mov byte ptr dword_133710B0, 1
code:13372025 call sub_13372030
code:13372025
code:1337202A
code:1337202A loc_1337202A: ; CODE XREF: DllEntryPoint+7_j
code:1337202A push 1
code:1337202C pop eax
code:1337202D retn 0Ch
code:1337202D
code:1337202D DllEntryPoint endp
code:1337202D
code:13372030
code:13372030 ; *************** S U B R O U T I N E ***************************************
code:13372030
code:13372030
code:13372030 sub_13372030 proc near ; CODE XREF: DllEntryPoint+10_p
code:13372030 pusha
code:13372031 pusha
code:13372032 push 0 ; hTemplateFile
code:13372034 push 80h ; dwFlagsAndAttributes
code:13372039 push 4 ; dwCreationDisposition
code:1337203B push 0 ; lpSecurityAttributes
code:1337203D push 0 ; dwShareMode
code:1337203F push 40000000h ; dwDesiredAccess
code:13372044 push offset FileName ; "debug.log"
code:13372049 call ds:CreateFileA
code:1337204F xchg eax, ebp
code:13372050 push 2 ; dwMoveMethod
code:13372052 push 0 ; lpDistanceToMoveHigh
code:13372054 push 0 ; lDistanceToMove
code:13372056 push ebp ; hFile
code:13372057 call ds:SetFilePointer
code:1337205D push 0 ; lpOverlapped
code:1337205F push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372064 push 7 ; nNumberOfBytesToWrite
code:13372066 push offset Buffer ; "start\r\npatches successful.\r\nDoPatch - h"...
code:1337206B push ebp ; hFile
code:1337206C call ds:WriteFile
code:13372072 push ebp ; hObject
code:13372073 call ds:CloseHandle
code:13372079 popa
code:1337207A call ds:GetCurrentProcess
code:13372080 xchg eax, ebp
code:13372081 push offset LibFileName ; "Game.dll"
code:13372086 call ds:LoadLibraryA
code:1337208C test eax, eax
code:1337208E jz short loc_13372105
code:1337208E
code:13372090 mov dword_133710D0, eax
code:13372095 xchg eax, ebx
code:13372096 push offset ProcName ; "GameMain"
code:1337209B push ebx ; hModule
code:1337209C call ds:GetProcAddress
code:133720A2 test eax, eax
code:133720A4 jz short loc_13372105
code:133720A4
code:133720A6 mov dword_133710CC, eax
code:133720AB mov edx, ebx
code:133720AD call sub_13372214
code:133720AD
code:133720B2 mov edx, 400000h
code:133720B7 call sub_133721FA
code:133720B7
code:133720BC pusha
code:133720BD push 0 ; hTemplateFile
code:133720BF push 80h ; dwFlagsAndAttributes
code:133720C4 push 4 ; dwCreationDisposition
code:133720C6 push 0 ; lpSecurityAttributes
code:133720C8 push 0 ; dwShareMode
code:133720CA push 40000000h ; dwDesiredAccess
code:133720CF push offset FileName ; "debug.log"
code:133720D4 call ds:CreateFileA
code:133720DA xchg eax, ebp
code:133720DB push 2 ; dwMoveMethod
code:133720DD push 0 ; lpDistanceToMoveHigh
code:133720DF push 0 ; lDistanceToMove
code:133720E1 push ebp ; hFile
code:133720E2 call ds:SetFilePointer
code:133720E8 push 0 ; lpOverlapped
code:133720EA push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133720EF push 15h ; nNumberOfBytesToWrite
code:133720F1 push (offset Buffer+7) ; lpBuffer
code:133720F6 push ebp ; hFile
code:133720F7 call ds:WriteFile
code:133720FD push ebp ; hObject
code:133720FE call ds:CloseHandle
code:13372104 popa
code:13372104
code:13372105
code:13372105 loc_13372105: ; CODE XREF: sub_13372030+5E_j
code:13372105 ; sub_13372030+74_j
code:13372105 popa
code:13372106 retn
code:13372106
code:13372106 sub_13372030 endp
code:13372106
code:13372107 ; ---------------------------------------------------------------------------
code:13372107 ; START OF FUNCTION CHUNK FOR sub_13372214
code:13372107
code:13372107 loc_13372107: ; CODE XREF: sub_13372214+17_j
code:13372107 ; sub_13372214+9B_j
code:13372107 ; sub_13372214+11F_j
code:13372107 ; sub_13372214+1BA_j
code:13372107 ; sub_13372214+1CC_j
code:13372107 push 0 ; uType
code:13372109 push (offset Buffer+55h) ; lpCaption
code:1337210E push offset Text ; "Wrong Game.dll version. "
code:13372113 push 0 ; hWnd
code:13372115 call ds:MessageBoxA
code:1337211B push 3 ; uExitCode
code:1337211D call ds:ExitProcess
code:13372123 retn
code:13372123
code:13372123 ; END OF FUNCTION CHUNK FOR sub_13372214
code:13372124
code:13372124 ; *************** S U B R O U T I N E ***************************************
code:13372124
code:13372124
code:13372124 sub_13372124 proc near ; CODE XREF: sub_13372214+10_p
code:13372124 ; sub_13372214+94_p
code:13372124 ; sub_13372214+118_p
code:13372124 ; sub_13372214+1C5_p
code:13372124 push ebx
code:13372125 push ecx
code:13372126 mov ecx, dword_133710BC
code:1337212C mov eax, edx
code:1337212C
code:1337212E
code:1337212E loc_1337212E: ; CODE XREF: sub_13372124+1F_j
code:1337212E movzx ebx, byte ptr [esi]
code:13372131 dec ebx
code:13372132 inc eax
code:13372133 dec ecx
code:13372134 jz short loc_13372157
code:13372134
code:13372136
code:13372136 loc_13372136: ; CODE XREF: sub_13372124+22_j
code:13372136 push ecx
code:13372137 mov cl, [esi+ebx*2+1]
code:1337213B and cl, [eax+ebx]
code:1337213E cmp cl, [esi+ebx*2+2]
code:13372142 pop ecx
code:13372143 jnz short loc_1337212E
code:13372143
code:13372145 dec ebx
code:13372146 jns short loc_13372136
code:13372146
code:13372148 movzx ebx, byte ptr [esi]
code:1337214B lea esi, [esi+ebx*2+1]
code:1337214F movsx ebx, byte ptr [esi]
code:13372152 add eax, ebx
code:13372154 inc esi
code:13372155 jmp short loc_13372160
code:13372155
code:13372157 ; ---------------------------------------------------------------------------
code:13372157
code:13372157 loc_13372157: ; CODE XREF: sub_13372124+10_j
code:13372157 xor eax, eax
code:13372159 movzx ebx, byte ptr [esi]
code:1337215C lea esi, [esi+ebx*2+2]
code:1337215C
code:13372160
code:13372160 loc_13372160: ; CODE XREF: sub_13372124+31_j
code:13372160 pop ecx
code:13372161 pop ebx
code:13372162 retn
code:13372162
code:13372162 sub_13372124 endp
code:13372162
code:13372163
code:13372163 ; *************** S U B R O U T I N E ***************************************
code:13372163
code:13372163
code:13372163 sub_13372163 proc near ; CODE XREF: sub_13372214+1B3_p
code:13372163 ; sub_13372214+1D2_p
code:13372163 push ebx
code:13372164 xor ebx, ebx
code:13372166 mov bl, [esi]
code:13372168 inc esi
code:13372169 pusha
code:1337216A push eax
code:1337216B push 0 ; hTemplateFile
code:1337216D push 80h ; dwFlagsAndAttributes
code:13372172 push 4 ; dwCreationDisposition
code:13372174 push 0 ; lpSecurityAttributes
code:13372176 push 0 ; dwShareMode
code:13372178 push 40000000h ; dwDesiredAccess
code:1337217D push offset FileName ; "debug.log"
code:13372182 call ds:CreateFileA
code:13372188 xchg eax, ebp
code:13372189 push 2 ; dwMoveMethod
code:1337218B push 0 ; lpDistanceToMoveHigh
code:1337218D push 0 ; lDistanceToMove
code:1337218F push ebp ; hFile
code:13372190 call ds:SetFilePointer
code:13372196 push 0 ; lpOverlapped
code:13372198 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337219D push 0Ah ; nNumberOfBytesToWrite
code:1337219F push (offset Buffer+1Ch) ; lpBuffer
code:133721A4 push ebp ; hFile
code:133721A5 call ds:WriteFile
code:133721AB push offset s_08x ; "%08x\r\n"
code:133721B0 push offset s_00000000 ; "00000000\r\n"
code:133721B5 call ds:wsprintfA
code:133721BB pop ecx
code:133721BC pop ecx
code:133721BD pop ecx
code:133721BE push 0 ; lpOverlapped
code:133721C0 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133721C5 push 0Ah ; nNumberOfBytesToWrite
code:133721C7 push offset s_00000000 ; "00000000\r\n"
code:133721CC push ebp ; hFile
code:133721CD call ds:WriteFile
code:133721D3 push ebp ; hObject
code:133721D4 call ds:CloseHandle
code:133721DA popa
code:133721DB pusha
code:133721DC push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133721E1 push ebx ; nSize
code:133721E2 push esi ; lpBuffer
code:133721E3 push eax ; lpBaseAddress
code:133721E4 push ebp ; hProcess
code:133721E5 call ds:WriteProcessMemory
code:133721EB mov NumberOfBytesWritten, eax
code:133721F0 popa
code:133721F1 mov eax, NumberOfBytesWritten
code:133721F6 add esi, ebx
code:133721F8 pop ebx
code:133721F9 retn
code:133721F9
code:133721F9 sub_13372163 endp
code:133721F9
code:133721FA
code:133721FA ; *************** S U B R O U T I N E ***************************************
code:133721FA
code:133721FA
code:133721FA sub_133721FA proc near ; CODE XREF: sub_13372030+87_p
code:133721FA pusha
code:133721FB mov edx, 400000h
code:13372200 mov dword_133710BC, 17D000h
code:1337220A mov esi, offset unk_133710D4
code:1337220F jmp loc_133723D4
code:1337220F
code:1337220F sub_133721FA endp
code:1337220F
code:13372214
code:13372214 ; *************** S U B R O U T I N E ***************************************
code:13372214
code:13372214
code:13372214 sub_13372214 proc near ; CODE XREF: sub_13372030+7D_p
code:13372214
code:13372214 ; FUNCTION CHUNK AT code:13372107 SIZE 0000001D BYTES
code:13372214
code:13372214 pusha
code:13372215 mov dword_133710BC, 923000h
code:1337221F mov esi, offset unk_133710D5
code:13372224 call sub_13372124
code:13372224
code:13372229 test eax, eax
code:1337222B jz loc_13372107
code:1337222B
code:13372231 mov dword_133710C4, eax
code:13372236 pusha
code:13372237 push eax
code:13372238 push 0 ; hTemplateFile
code:1337223A push 80h ; dwFlagsAndAttributes
code:1337223F push 4 ; dwCreationDisposition
code:13372241 push 0 ; lpSecurityAttributes
code:13372243 push 0 ; dwShareMode
code:13372245 push 40000000h ; dwDesiredAccess
code:1337224A push offset FileName ; "debug.log"
code:1337224F call ds:CreateFileA
code:13372255 xchg eax, ebp
code:13372256 push 2 ; dwMoveMethod
code:13372258 push 0 ; lpDistanceToMoveHigh
code:1337225A push 0 ; lDistanceToMove
code:1337225C push ebp ; hFile
code:1337225D call ds:SetFilePointer
code:13372263 push 0 ; lpOverlapped
code:13372265 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337226A push 10h ; nNumberOfBytesToWrite
code:1337226C push (offset Buffer+26h) ; lpBuffer
code:13372271 push ebp ; hFile
code:13372272 call ds:WriteFile
code:13372278 push offset s_08x ; "%08x\r\n"
code:1337227D push offset s_00000000 ; "00000000\r\n"
code:13372282 call ds:wsprintfA
code:13372288 pop ecx
code:13372289 pop ecx
code:1337228A pop ecx
code:1337228B push 0 ; lpOverlapped
code:1337228D push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372292 push 0Ah ; nNumberOfBytesToWrite
code:13372294 push offset s_00000000 ; "00000000\r\n"
code:13372299 push ebp ; hFile
code:1337229A call ds:WriteFile
code:133722A0 push ebp ; hObject
code:133722A1 call ds:CloseHandle
code:133722A7 popa
code:133722A8 call sub_13372124
code:133722A8
code:133722AD test eax, eax
code:133722AF jz loc_13372107
code:133722AF
code:133722B5 mov dword_133710C8, eax
code:133722BA pusha
code:133722BB push eax
code:133722BC push 0 ; hTemplateFile
code:133722BE push 80h ; dwFlagsAndAttributes
code:133722C3 push 4 ; dwCreationDisposition
code:133722C5 push 0 ; lpSecurityAttributes
code:133722C7 push 0 ; dwShareMode
code:133722C9 push 40000000h ; dwDesiredAccess
code:133722CE push offset FileName ; "debug.log"
code:133722D3 call ds:CreateFileA
code:133722D9 xchg eax, ebp
code:133722DA push 2 ; dwMoveMethod
code:133722DC push 0 ; lpDistanceToMoveHigh
code:133722DE push 0 ; lDistanceToMove
code:133722E0 push ebp ; hFile
code:133722E1 call ds:SetFilePointer
code:133722E7 push 0 ; lpOverlapped
code:133722E9 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:133722EE push 0Eh ; nNumberOfBytesToWrite
code:133722F0 push (offset Buffer+36h) ; lpBuffer
code:133722F5 push ebp ; hFile
code:133722F6 call ds:WriteFile
code:133722FC push offset s_08x ; "%08x\r\n"
code:13372301 push offset s_00000000 ; "00000000\r\n"
code:13372306 call ds:wsprintfA
code:1337230C pop ecx
code:1337230D pop ecx
code:1337230E pop ecx
code:1337230F push 0 ; lpOverlapped
code:13372311 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372316 push 0Ah ; nNumberOfBytesToWrite
code:13372318 push offset s_00000000 ; "00000000\r\n"
code:1337231D push ebp ; hFile
code:1337231E call ds:WriteFile
code:13372324 push ebp ; hObject
code:13372325 call ds:CloseHandle
code:1337232B popa
code:1337232C call sub_13372124
code:1337232C
code:13372331 test eax, eax
code:13372333 jz loc_13372107
code:13372333
code:13372339 pusha
code:1337233A push eax
code:1337233B push 0 ; hTemplateFile
code:1337233D push 80h ; dwFlagsAndAttributes
code:13372342 push 4 ; dwCreationDisposition
code:13372344 push 0 ; lpSecurityAttributes
code:13372346 push 0 ; dwShareMode
code:13372348 push 40000000h ; dwDesiredAccess
code:1337234D push offset FileName ; "debug.log"
code:13372352 call ds:CreateFileA
code:13372358 xchg eax, ebp
code:13372359 push 2 ; dwMoveMethod
code:1337235B push 0 ; lpDistanceToMoveHigh
code:1337235D push 0 ; lDistanceToMove
code:1337235F push ebp ; hFile
code:13372360 call ds:SetFilePointer
code:13372366 push 0 ; lpOverlapped
code:13372368 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:1337236D push 11h ; nNumberOfBytesToWrite
code:1337236F push (offset Buffer+44h) ; lpBuffer
code:13372374 push ebp ; hFile
code:13372375 call ds:WriteFile
code:1337237B push offset s_08x ; "%08x\r\n"
code:13372380 push offset s_00000000 ; "00000000\r\n"
code:13372385 call ds:wsprintfA
code:1337238B pop ecx
code:1337238C pop ecx
code:1337238D pop ecx
code:1337238E push 0 ; lpOverlapped
code:13372390 push offset NumberOfBytesWritten ; lpNumberOfBytesWritten
code:13372395 push 0Ah ; nNumberOfBytesToWrite
code:13372397 push offset s_00000000 ; "00000000\r\n"
code:1337239C push ebp ; hFile
code:1337239D call ds:WriteFile
code:133723A3 push ebp ; hObject
code:133723A4 call ds:CloseHandle
code:133723AA popa
code:133723AB mov ebx, dword_133710C4
code:133723B1 sub ebx, eax
code:133723B3 add dword_1337112F, ebx
code:133723B9 mov ebx, dword_133710C8
code:133723BF sub ebx, eax
code:133723C1 add dword_13371168, ebx
code:133723C7 call sub_13372163
code:133723C7
code:133723CC test eax, eax
code:133723CE jz loc_13372107
code:133723CE
code:133723D4
code:133723D4 loc_133723D4: ; CODE XREF: sub_133721FA+15_j
code:133723D4 ; sub_13372214+1D9_j
code:133723D4 cmp byte ptr [esi], 0
code:133723D7 jz short loc_133723EF
code:133723D7
code:133723D9 call sub_13372124
code:133723D9
code:133723DE test eax, eax
code:133723E0 jz loc_13372107
code:133723E0
code:133723E6 call sub_13372163
code:133723E6
code:133723EB test eax, eax
code:133723ED jnz short loc_133723D4
code:133723ED
code:133723EF
code:133723EF loc_133723EF: ; CODE XREF: sub_13372214+1C3_j
code:133723EF popa
code:133723F0 retn
code:133723F0
code:133723F0 sub_13372214 endp
code:133723F0
code:133723F0 ; ---------------------------------------------------------------------------
code:133723F1 db 3 dup(?)
code:133723F4 dd 303h dup(?)
code:133723F4 code ends
code:133723F4
IMPORTS:13373000 ; ---------------------------------------------------------------------------
IMPORTS:13373000 ; Section 3. (virtual address 00003000)
IMPORTS:13373000 ; Virtual size : 00001000 ( 4096.)
IMPORTS:13373000 ; Section size in file : 0000004E ( 78.)
IMPORTS:13373000 ; Offset to raw data for section: 00000C00
IMPORTS:13373000 ; Flags 60000060: Text Data Executable Readable
IMPORTS:13373000 ; Alignment : default
IMPORTS:13373000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
IMPORTS:13373000
IMPORTS:13373000 ; Segment type: Pure code
IMPORTS:13373000 ; Segment permissions: Read/Execute
IMPORTS:13373000 IMPORTS segment para public 'CODE' use32
IMPORTS:13373000 assume cs:IMPORTS
IMPORTS:13373000 ;org 13373000h
IMPORTS:13373000 assume es:nothing, ss:nothing, ds:data, fs:nothing, gs:nothing
IMPORTS:13373000 jmp ds:LoadLibraryA
IMPORTS:13373000
IMPORTS:13373006 ; ---------------------------------------------------------------------------
IMPORTS:13373006 jmp ds:GetProcAddress
IMPORTS:13373006
IMPORTS:1337300C ; ---------------------------------------------------------------------------
IMPORTS:1337300C jmp ds:GetCurrentProcess
IMPORTS:1337300C
IMPORTS:13373012 ; ---------------------------------------------------------------------------
IMPORTS:13373012 jmp ds:ReadProcessMemory
IMPORTS:13373012
IMPORTS:13373018 ; ---------------------------------------------------------------------------
IMPORTS:13373018 jmp ds:WriteProcessMemory
IMPORTS:13373018
IMPORTS:1337301E ; ---------------------------------------------------------------------------
IMPORTS:1337301E jmp ds:MessageBoxA
IMPORTS:1337301E
IMPORTS:13373024 ; ---------------------------------------------------------------------------
IMPORTS:13373024 jmp ds:ExitProcess
IMPORTS:13373024
IMPORTS:1337302A ; ---------------------------------------------------------------------------
IMPORTS:1337302A jmp ds:CreateFileA
IMPORTS:1337302A
IMPORTS:13373030 ; ---------------------------------------------------------------------------
IMPORTS:13373030 jmp ds:WriteFile
IMPORTS:13373030
IMPORTS:13373036 ; ---------------------------------------------------------------------------
IMPORTS:13373036 jmp ds:CloseHandle
IMPORTS:13373036
IMPORTS:1337303C ; ---------------------------------------------------------------------------
IMPORTS:1337303C jmp ds:SetFilePointer
IMPORTS:1337303C
IMPORTS:13373042 ; ---------------------------------------------------------------------------
IMPORTS:13373042 jmp ds:GetTickCount
IMPORTS:13373042
IMPORTS:13373048 ; ---------------------------------------------------------------------------
IMPORTS:13373048 jmp ds:wsprintfA
IMPORTS:13373048
IMPORTS:13373048 ; ---------------------------------------------------------------------------
IMPORTS:1337304E dw ?
IMPORTS:13373050 dd 3ECh dup(?)
IMPORTS:13373050 IMPORTS ends
IMPORTS:13373050
imports:13374000 ; Section 4. (virtual address 00004000)
imports:13374000 ; Virtual size : 00001000 ( 4096.)
imports:13374000 ; Section size in file : 000001A2 ( 418.)
imports:13374000 ; Offset to raw data for section: 00000E00
imports:13374000 ; Flags 50000040: Data Shareable Readable
imports:13374000 ; Alignment : default
imports:13374000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
imports:13374000
imports:13374000 ; Segment type: Pure data
imports:13374000 ; Segment permissions: Read
imports:13374000 imports segment para public 'DATA' use32
imports:13374000 assume cs:imports
imports:13374000 ;org 13374000h
imports:13374000 db 58h ; X
imports:13374001 db 40h ; @
imports:13374002 db 0
imports:13374003 db 0
imports:13374004 db 0
imports:13374005 db 0
imports:13374006 db 0
imports:13374007 db 0
imports:13374008 db 0
imports:13374009 db 0
imports:1337400A db 0
imports:1337400B db 0
imports:1337400C db 3Ch ; <
imports:1337400D db 40h ; @
imports:1337400E db 0
imports:1337400F db 0
imports:13374010 db 88h ; ?
imports:13374011 db 40h ; @
imports:13374012 db 0
imports:13374013 db 0
imports:13374014 db 0B8h ; ?
imports:13374015 db 40h ; @
imports:13374016 db 0
imports:13374017 db 0
imports:13374018 db 0
imports:13374019 db 0
imports:1337401A db 0
imports:1337401B db 0
imports:1337401C db 0
imports:1337401D db 0
imports:1337401E db 0
imports:1337401F db 0
imports:13374020 db 4Ah ; J
imports:13374021 db 40h ; @
imports:13374022 db 0
imports:13374023 db 0
imports:13374024 db 0C4h ; ?
imports:13374025 db 40h ; @
imports:13374026 db 0
imports:13374027 db 0
imports:13374028 db 0
imports:13374029 db 0
imports:1337402A db 0
imports:1337402B db 0
imports:1337402C db 0
imports:1337402D db 0
imports:1337402E db 0
imports:1337402F db 0
imports:13374030 db 0
imports:13374031 db 0
imports:13374032 db 0
imports:13374033 db 0
imports:13374034 db 0
imports:13374035 db 0
imports:13374036 db 0
imports:13374037 db 0
imports:13374038 db 0
imports:13374039 db 0
imports:1337403A db 0
imports:1337403B db 0
imports:1337403C db 6Bh ; k
imports:1337403D db 65h ; e
imports:1337403E db 72h ; r
imports:1337403F db 6Eh ; n
imports:13374040 db 65h ; e
imports:13374041 db 6Ch ; l
imports:13374042 db 33h ; 3
imports:13374043 db 32h ; 2
imports:13374044 db 2Eh ; .
imports:13374045 db 64h ; d
imports:13374046 db 6Ch ; l
imports:13374047 db 6Ch ; l
imports:13374048 db 0
imports:13374049 db 0
imports:1337404A db 75h ; u
imports:1337404B db 73h ; s
imports:1337404C db 65h ; e
imports:1337404D db 72h ; r
imports:1337404E db 33h ; 3
imports:1337404F db 32h ; 2
imports:13374050 db 2Eh ; .
imports:13374051 db 64h ; d
imports:13374052 db 6Ch ; l
imports:13374053 db 6Ch ; l
imports:13374054 db 0
imports:13374055 db 0
imports:13374056 db 8Eh ; ?
imports:13374057 db 0
imports:13374058 db 0D0h ; ?
imports:13374059 db 40h ; @
imports:1337405A db 0
imports:1337405B db 0
imports:1337405C db 0E0h ; ?
imports:1337405D db 40h ; @
imports:1337405E db 0
imports:1337405F db 0
imports:13374060 db 0F2h ; ?
imports:13374061 db 40h ; @
imports:13374062 db 0
imports:13374063 db 0
imports:13374064 db 6
imports:13374065 db 41h ; A
imports:13374066 db 0
imports:13374067 db 0
imports:13374068 db 1Ah
imports:13374069 db 41h ; A
imports:1337406A db 0
imports:1337406B db 0
imports:1337406C db 30h ; 0
imports:1337406D db 41h ; A
imports:1337406E db 0
imports:1337406F db 0
imports:13374070 db 3Eh ; >
imports:13374071 db 41h ; A
imports:13374072 db 0
imports:13374073 db 0
imports:13374074 db 4Ch ; L
imports:13374075 db 41h ; A
imports:13374076 db 0
imports:13374077 db 0
imports:13374078 db 58h ; X
imports:13374079 db 41h ; A
imports:1337407A db 0
imports:1337407B db 0
imports:1337407C db 66h ; f
imports:1337407D db 41h ; A
imports:1337407E db 0
imports:1337407F db 0
imports:13374080 db 78h ; x
imports:13374081 db 41h ; A
imports:13374082 db 0
imports:13374083 db 0
imports:13374084 db 0
imports:13374085 db 0
imports:13374086 db 0
imports:13374087 db 0
imports:13374087 imports ends
imports:13374087
.idata:13374088 ;
.idata:13374088 ; Imports from kernel32.dll
.idata:13374088 ;
.idata:13374088 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
.idata:13374088
.idata:13374088 ; Segment type: Externs
.idata:13374088 ; _idata
.idata:13374088 ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
.idata:13374088 extrn LoadLibraryA:dword ; DATA XREF: code:13372000_r
.idata:13374088 ; sub_13372030+56_r
.idata:13374088 ; IMPORTS:13373000_r
.idata:1337408C ; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
.idata:1337408C extrn GetProcAddress:dword ; DATA XREF: sub_13372030+6C_r
.idata:1337408C ; IMPORTS:13373006_r
.idata:13374090 ; HANDLE GetCurrentProcess(void)
.idata:13374090 extrn GetCurrentProcess:dword ; DATA XREF: sub_13372030+4A_r
.idata:13374090 ; IMPORTS:1337300C_r
.idata:13374094 ; BOOL __stdcall ReadProcessMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead)
.idata:13374094 extrn ReadProcessMemory:dword ; DATA XREF: IMPORTS:13373012_r
.idata:13374098 ; BOOL __stdcall WriteProcessMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten)
.idata:13374098 extrn WriteProcessMemory:dword ; DATA XREF: sub_13372163+82_r
.idata:13374098 ; IMPORTS:13373018_r
.idata:1337409C ; void __stdcall ExitProcess(UINT uExitCode)
.idata:1337409C extrn ExitProcess:dword ; DATA XREF: sub_13372214-F7_r
.idata:1337409C ; IMPORTS:13373024_r
.idata:133740A0 ; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
.idata:133740A0 extrn CreateFileA:dword ; DATA XREF: sub_13372030+19_r
.idata:133740A0 ; sub_13372030+A4_r
.idata:133740A0 ; sub_13372163+1F_r
.idata:133740A0 ; sub_13372214+3B_r
.idata:133740A0 ; sub_13372214+BF_r
.idata:133740A0 ; sub_13372214+13E_r ...
.idata:133740A4 ; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
.idata:133740A4 extrn WriteFile:dword ; DATA XREF: sub_13372030+3C_r
.idata:133740A4 ; sub_13372030+C7_r
.idata:133740A4 ; sub_13372163+42_r
.idata:133740A4 ; sub_13372163+6A_r
.idata:133740A4 ; sub_13372214+5E_r
.idata:133740A4 ; sub_13372214+86_r ...
.idata:133740A8 ; BOOL __stdcall CloseHandle(HANDLE hObject)
.idata:133740A8 extrn CloseHandle:dword ; DATA XREF: sub_13372030+43_r
.idata:133740A8 ; sub_13372030+CE_r
.idata:133740A8 ; sub_13372163+71_r
.idata:133740A8 ; sub_13372214+8D_r
.idata:133740A8 ; sub_13372214+111_r
.idata:133740A8 ; sub_13372214+190_r ...
.idata:133740AC ; DWORD __stdcall SetFilePointer(HANDLE hFile,LONG lDistanceToMove,PLONG lpDistanceToMoveHigh,DWORD dwMoveMethod)
.idata:133740AC extrn SetFilePointer:dword ; DATA XREF: sub_13372030+27_r
.idata:133740AC ; sub_13372030+B2_r
.idata:133740AC ; sub_13372163+2D_r
.idata:133740AC ; sub_13372214+49_r
.idata:133740AC ; sub_13372214+CD_r
.idata:133740AC ; sub_13372214+14C_r ...
.idata:133740B0 ; DWORD GetTickCount(void)
.idata:133740B0 extrn GetTickCount:dword ; DATA XREF: IMPORTS:13373042_r
.idata:133740B4
.idata:133740B8
.idata:133740C4 ;
.idata:133740C4 ; Imports from user32.dll
.idata:133740C4 ;
.idata:133740C4 ; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
.idata:133740C4 extrn MessageBoxA:dword ; DATA XREF: sub_13372214-FF_r
.idata:133740C4 ; IMPORTS:1337301E_r
.idata:133740C8 ; int wsprintfA(LPSTR,LPCSTR,...)
.idata:133740C8 extrn wsprintfA:dword ; DATA XREF: sub_13372163+52_r
.idata:133740C8 ; sub_13372214+6E_r
.idata:133740C8 ; sub_13372214+F2_r
.idata:133740C8 ; sub_13372214+171_r
.idata:133740C8 ; IMPORTS:13373048_r
.idata:133740CC
.idata:133740CC
imports:133740D0 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
imports:133740D0
imports:133740D0 ; Segment type: Pure data
imports:133740D0 ; Segment permissions: Read
imports:133740D0 imports segment para public 'DATA' use32
imports:133740D0 assume cs:imports
imports:133740D0 ;org 133740D0h
imports:133740D0 db 0
imports:133740D1 db 0
imports:133740D2 db 4Ch ; L
imports:133740D3 db 6Fh ; o
imports:133740D4 db 61h ; a
imports:133740D5 db 64h ; d
imports:133740D6 db 4Ch ; L
imports:133740D7 db 69h ; i
imports:133740D8 db 62h ; b
imports:133740D9 db 72h ; r
imports:133740DA db 61h ; a
imports:133740DB db 72h ; r
imports:133740DC db 79h ; y
imports:133740DD db 41h ; A
imports:133740DE db 0
imports:133740DF db 0
imports:133740E0 db 0
imports:133740E1 db 0
imports:133740E2 db 47h ; G
imports:133740E3 db 65h ; e
imports:133740E4 db 74h ; t
imports:133740E5 db 50h ; P
imports:133740E6 db 72h ; r
imports:133740E7 db 6Fh ; o
imports:133740E8 db 63h ; c
imports:133740E9 db 41h ; A
imports:133740EA db 64h ; d
imports:133740EB db 64h ; d
imports:133740EC db 72h ; r
imports:133740ED db 65h ; e
imports:133740EE db 73h ; s
imports:133740EF db 73h ; s
imports:133740F0 db 0
imports:133740F1 db 0
imports:133740F2 db 0
imports:133740F3 db 0
imports:133740F4 db 47h ; G
imports:133740F5 db 65h ; e
imports:133740F6 db 74h ; t
imports:133740F7 db 43h ; C
imports:133740F8 db 75h ; u
imports:133740F9 db 72h ; r
imports:133740FA db 72h ; r
imports:133740FB db 65h ; e
imports:133740FC db 6Eh ; n
imports:133740FD db 74h ; t
imports:133740FE db 50h ; P
imports:133740FF db 72h ; r
imports:13374100 db 6Fh ; o
imports:13374101 db 63h ; c
imports:13374102 db 65h ; e
imports:13374103 db 73h ; s
imports:13374104 db 73h ; s
imports:13374105 db 0
imports:13374106 db 0
imports:13374107 db 0
imports:13374108 db 52h ; R
imports:13374109 db 65h ; e
imports:1337410A db 61h ; a
imports:1337410B db 64h ; d
imports:1337410C db 50h ; P
imports:1337410D db 72h ; r
imports:1337410E db 6Fh ; o
imports:1337410F db 63h ; c
imports:13374110 db 65h ; e
imports:13374111 db 73h ; s
imports:13374112 db 73h ; s
imports:13374113 db 4Dh ; M
imports:13374114 db 65h ; e
imports:13374115 db 6Dh ; m
imports:13374116 db 6Fh ; o
imports:13374117 db 72h ; r
imports:13374118 db 79h ; y
imports:13374119 db 0
imports:1337411A db 0
imports:1337411B db 0
imports:1337411C db 57h ; W
imports:1337411D db 72h ; r
imports:1337411E db 69h ; i
imports:1337411F db 74h ; t
imports:13374120 db 65h ; e
imports:13374121 db 50h ; P
imports:13374122 db 72h ; r
imports:13374123 db 6Fh ; o
imports:13374124 db 63h ; c
imports:13374125 db 65h ; e
imports:13374126 db 73h ; s
imports:13374127 db 73h ; s
imports:13374128 db 4Dh ; M
imports:13374129 db 65h ; e
imports:1337412A db 6Dh ; m
imports:1337412B db 6Fh ; o
imports:1337412C db 72h ; r
imports:1337412D db 79h ; y
imports:1337412E db 0
imports:1337412F db 0
imports:13374130 db 0
imports:13374131 db 0
imports:13374132 db 45h ; E
imports:13374133 db 78h ; x
imports:13374134 db 69h ; i
imports:13374135 db 74h ; t
imports:13374136 db 50h ; P
imports:13374137 db 72h ; r
imports:13374138 db 6Fh ; o
imports:13374139 db 63h ; c
imports:1337413A db 65h ; e
imports:1337413B db 73h ; s
imports:1337413C db 73h ; s
imports:1337413D db 0
imports:1337413E db 0
imports:1337413F db 0
imports:13374140 db 43h ; C
imports:13374141 db 72h ; r
imports:13374142 db 65h ; e
imports:13374143 db 61h ; a
imports:13374144 db 74h ; t
imports:13374145 db 65h ; e
imports:13374146 db 46h ; F
imports:13374147 db 69h ; i
imports:13374148 db 6Ch ; l
imports:13374149 db 65h ; e
imports:1337414A db 41h ; A
imports:1337414B db 0
imports:1337414C db 0
imports:1337414D db 0
imports:1337414E db 57h ; W
imports:1337414F db 72h ; r
imports:13374150 db 69h ; i
imports:13374151 db 74h ; t
imports:13374152 db 65h ; e
imports:13374153 db 46h ; F
imports:13374154 db 69h ; i
imports:13374155 db 6Ch ; l
imports:13374156 db 65h ; e
imports:13374157 db 0
imports:13374158 db 0
imports:13374159 db 0
imports:1337415A db 43h ; C
imports:1337415B db 6Ch ; l
imports:1337415C db 6Fh ; o
imports:1337415D db 73h ; s
imports:1337415E db 65h ; e
imports:1337415F db 48h ; H
imports:13374160 db 61h ; a
imports:13374161 db 6Eh ; n
imports:13374162 db 64h ; d
imports:13374163 db 6Ch ; l
imports:13374164 db 65h ; e
imports:13374165 db 0
imports:13374166 db 0
imports:13374167 db 0
imports:13374168 db 53h ; S
imports:13374169 db 65h ; e
imports:1337416A db 74h ; t
imports:1337416B db 46h ; F
imports:1337416C db 69h ; i
imports:1337416D db 6Ch ; l
imports:1337416E db 65h ; e
imports:1337416F db 50h ; P
imports:13374170 db 6Fh ; o
imports:13374171 db 69h ; i
imports:13374172 db 6Eh ; n
imports:13374173 db 74h ; t
imports:13374174 db 65h ; e
imports:13374175 db 72h ; r
imports:13374176 db 0
imports:13374177 db 0
imports:13374178 db 0
imports:13374179 db 0
imports:1337417A db 47h ; G
imports:1337417B db 65h ; e
imports:1337417C db 74h ; t
imports:1337417D db 54h ; T
imports:1337417E db 69h ; i
imports:1337417F db 63h ; c
imports:13374180 db 6Bh ; k
imports:13374181 db 43h ; C
imports:13374182 db 6Fh ; o
imports:13374183 db 75h ; u
imports:13374184 db 6Eh ; n
imports:13374185 db 74h ; t
imports:13374186 db 0
imports:13374187 db 0
imports:13374188 db 0
imports:13374189 db 0
imports:1337418A db 4Dh ; M
imports:1337418B db 65h ; e
imports:1337418C db 73h ; s
imports:1337418D db 73h ; s
imports:1337418E db 61h ; a
imports:1337418F db 67h ; g
imports:13374190 db 65h ; e
imports:13374191 db 42h ; B
imports:13374192 db 6Fh ; o
imports:13374193 db 78h ; x
imports:13374194 db 41h ; A
imports:13374195 db 0
imports:13374196 db 0
imports:13374197 db 0
imports:13374198 db 77h ; w
imports:13374199 db 73h ; s
imports:1337419A db 70h ; p
imports:1337419B db 72h ; r
imports:1337419C db 69h ; i
imports:1337419D db 6Eh ; n
imports:1337419E db 74h ; t
imports:1337419F db 66h ; f
imports:133741A0 db 41h ; A
imports:133741A1 db 0
imports:133741A2 align 1000h
imports:133741A2 imports ends
imports:133741A2
exports:13375000 ; Section 5. (virtual address 00005000)
exports:13375000 ; Virtual size : 00001000 ( 4096.)
exports:13375000 ; Section size in file : 00000044 ( 68.)
exports:13375000 ; Offset to raw data for section: 00001000
exports:13375000 ; Flags 50000040: Data Shareable Readable
exports:13375000 ; Alignment : default
exports:13375000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
exports:13375000
exports:13375000 ; Segment type: Pure data
exports:13375000 ; Segment permissions: Read
exports:13375000 exports segment para public 'DATA' use32
exports:13375000 assume cs:exports
exports:13375000 ;org 13375000h
exports:13375000 db 0
exports:13375001 db 0
exports:13375002 db 0
exports:13375003 db 0
exports:13375004 db 35h ; 5
exports:13375005 db 26h ; &
exports:13375006 db 26h ; &
exports:13375007 db 42h ; B
exports:13375008 db 0
exports:13375009 db 0
exports:1337500A db 0
exports:1337500B db 0
exports:1337500C db 3Bh ; ;
exports:1337500D db 50h ; P
exports:1337500E db 0
exports:1337500F db 0
exports:13375010 db 1
exports:13375011 db 0
exports:13375012 db 0
exports:13375013 db 0
exports:13375014 db 1
exports:13375015 db 0
exports:13375016 db 0
exports:13375017 db 0
exports:13375018 db 1
exports:13375019 db 0
exports:1337501A db 0
exports:1337501B db 0
exports:1337501C db 28h ; (
exports:1337501D db 50h ; P
exports:1337501E db 0
exports:1337501F db 0
exports:13375020 db 2Ch ; ,
exports:13375021 db 50h ; P
exports:13375022 db 0
exports:13375023 db 0
exports:13375024 db 30h ; 0
exports:13375025 db 50h ; P
exports:13375026 db 0
exports:13375027 db 0
exports:13375028 db 6
exports:13375029 db 20h
exports:1337502A db 0
exports:1337502B db 0
exports:1337502C db 32h ; 2
exports:1337502D db 50h ; P
exports:1337502E db 0
exports:1337502F db 0
exports:13375030 db 0
exports:13375031 db 0
exports:13375032 db 47h ; G
exports:13375033 db 61h ; a
exports:13375034 db 6Dh ; m
exports:13375035 db 65h ; e
exports:13375036 db 4Dh ; M
exports:13375037 db 61h ; a
exports:13375038 db 69h ; i
exports:13375039 db 6Eh ; n
exports:1337503A db 0
exports:1337503B db 77h ; w
exports:1337503C db 33h ; 3
exports:1337503D db 6Ch ; l
exports:1337503E db 68h ; h
exports:1337503F db 2Eh ; .
exports:13375040 db 64h ; d
exports:13375041 db 6Ch ; l
exports:13375042 db 6Ch ; l
exports:13375043 db 0
exports:13375044 align 1000h
exports:13375044 exports ends
exports:13375044
relocs:13376000 ; Section 6. (virtual address 00006000)
relocs:13376000 ; Virtual size : 00001000 ( 4096.)
relocs:13376000 ; Section size in file : 000000EE ( 238.)
relocs:13376000 ; Offset to raw data for section: 00001200
relocs:13376000 ; Flags 52000040: Data Discardable Shareable Readable
relocs:13376000 ; Alignment : default
relocs:13376000 ; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
relocs:13376000
relocs:13376000 ; Segment type: Pure data
relocs:13376000 ; Segment permissions: Read
relocs:13376000 relocs segment para public 'DATA' use32
relocs:13376000 assume cs:relocs
relocs:13376000 ;org 13376000h
relocs:13376000 db 0
relocs:13376001 db 20h
relocs:13376002 db 0
relocs:13376003 db 0
relocs:13376004 db 0CCh ; ?
relocs:13376005 db 0
relocs:13376006 db 0
relocs:13376007 db 0
relocs:13376008 db 2
relocs:13376009 db 30h ; 0
relocs:1337600A db 7
relocs:1337600B db 30h ; 0
relocs:1337600C db 0Eh
relocs:1337600D db 30h ; 0
relocs:1337600E db 17h
relocs:1337600F db 30h ; 0
relocs:13376010 db 20h
relocs:13376011 db 30h ; 0
relocs:13376012 db 45h ; E
relocs:13376013 db 30h ; 0
relocs:13376014 db 4Bh ; K
relocs:13376015 db 30h ; 0
relocs:13376016 db 59h ; Y
relocs:13376017 db 30h ; 0
relocs:13376018 db 60h ; `
relocs:13376019 db 30h ; 0
relocs:1337601A db 67h ; g
relocs:1337601B db 30h ; 0
relocs:1337601C db 6Eh ; n
relocs:1337601D db 30h ; 0
relocs:1337601E db 75h ; u
relocs:1337601F db 30h ; 0
relocs:13376020 db 7Ch ; |
relocs:13376021 db 30h ; 0
relocs:13376022 db 82h ; ?
relocs:13376023 db 30h ; 0
relocs:13376024 db 88h ; ?
relocs:13376025 db 30h ; 0
relocs:13376026 db 91h ; ?
relocs:13376027 db 30h ; 0
relocs:13376028 db 97h ; ?
relocs:13376029 db 30h ; 0
relocs:1337602A db 9Eh ; ?
relocs:1337602B db 30h ; 0
relocs:1337602C db 0A7h ; ?
relocs:1337602D db 30h ; 0
relocs:1337602E db 0D0h ; ?
relocs:1337602F db 30h ; 0
relocs:13376030 db 0D6h ; ?
relocs:13376031 db 30h ; 0
relocs:13376032 db 0E4h ; ?
relocs:13376033 db 30h ; 0
relocs:13376034 db 0EBh ; ?
relocs:13376035 db 30h ; 0
relocs:13376036 db 0F2h ; ?
relocs:13376037 db 30h ; 0
relocs:13376038 db 0F9h ; ?
relocs:13376039 db 30h ; 0
relocs:1337603A db 0
relocs:1337603B db 31h ; 1
relocs:1337603C db 0Ah
relocs:1337603D db 31h ; 1
relocs:1337603E db 0Fh
relocs:1337603F db 31h ; 1
relocs:13376040 db 17h
relocs:13376041 db 31h ; 1
relocs:13376042 db 1Fh
relocs:13376043 db 31h ; 1
relocs:13376044 db 28h ; (
relocs:13376045 db 31h ; 1
relocs:13376046 db 7Eh ; ~
relocs:13376047 db 31h ; 1
relocs:13376048 db 84h ; ?
relocs:13376049 db 31h ; 1
relocs:1337604A db 92h ; ?
relocs:1337604B db 31h ; 1
relocs:1337604C db 99h ; ?
relocs:1337604D db 31h ; 1
relocs:1337604E db 0A0h ; ?
relocs:1337604F db 31h ; 1
relocs:13376050 db 0A7h ; ?
relocs:13376051 db 31h ; 1
relocs:13376052 db 0ACh ; ?
relocs:13376053 db 31h ; 1
relocs:13376054 db 0B1h ; ?
relocs:13376055 db 31h ; 1
relocs:13376056 db 0B7h ; ?
relocs:13376057 db 31h ; 1
relocs:13376058 db 0C1h ; ?
relocs:13376059 db 31h ; 1
relocs:1337605A db 0C8h ; ?
relocs:1337605B db 31h ; 1
relocs:1337605C db 0CFh ; ?
relocs:1337605D db 31h ; 1
relocs:1337605E db 0D6h ; ?
relocs:1337605F db 31h ; 1
relocs:13376060 db 0DDh ; ?
relocs:13376061 db 31h ; 1
relocs:13376062 db 0E7h ; ?
relocs:13376063 db 31h ; 1
relocs:13376064 db 0ECh ; ?
relocs:13376065 db 31h ; 1
relocs:13376066 db 0F2h ; ?
relocs:13376067 db 31h ; 1
relocs:13376068 db 2
relocs:13376069 db 32h ; 2
relocs:1337606A db 0Bh
relocs:1337606B db 32h ; 2
relocs:1337606C db 17h
relocs:1337606D db 32h ; 2
relocs:1337606E db 20h
relocs:1337606F db 32h ; 2
relocs:13376070 db 32h ; 2
relocs:13376071 db 32h ; 2
relocs:13376072 db 4Bh ; K
relocs:13376073 db 32h ; 2
relocs:13376074 db 51h ; Q
relocs:13376075 db 32h ; 2
relocs:13376076 db 5Fh ; _
relocs:13376077 db 32h ; 2
relocs:13376078 db 66h ; f
relocs:13376079 db 32h ; 2
relocs:1337607A db 6Dh ; m
relocs:1337607B db 32h ; 2
relocs:1337607C db 74h ; t
relocs:1337607D db 32h ; 2
relocs:1337607E db 79h ; y
relocs:1337607F db 32h ; 2
relocs:13376080 db 7Eh ; ~
relocs:13376081 db 32h ; 2
relocs:13376082 db 84h ; ?
relocs:13376083 db 32h ; 2
relocs:13376084 db 8Eh ; ?
relocs:13376085 db 32h ; 2
relocs:13376086 db 95h ; ?
relocs:13376087 db 32h ; 2
relocs:13376088 db 9Ch ; ?
relocs:13376089 db 32h ; 2
relocs:1337608A db 0A3h ; ?
relocs:1337608B db 32h ; 2
relocs:1337608C db 0B6h ; ?
relocs:1337608D db 32h ; 2
relocs:1337608E db 0CFh ; ?
relocs:1337608F db 32h ; 2
relocs:13376090 db 0D5h ; ?
relocs:13376091 db 32h ; 2
relocs:13376092 db 0E3h ; ?
relocs:13376093 db 32h ; 2
relocs:13376094 db 0EAh ; ?
relocs:13376095 db 32h ; 2
relocs:13376096 db 0F1h ; ?
relocs:13376097 db 32h ; 2
relocs:13376098 db 0F8h ; ?
relocs:13376099 db 32h ; 2
relocs:1337609A db 0FDh ; ?
relocs:1337609B db 32h ; 2
relocs:1337609C db 2
relocs:1337609D db 33h ; 3
relocs:1337609E db 8
relocs:1337609F db 33h ; 3
relocs:133760A0 db 12h
relocs:133760A1 db 33h ; 3
relocs:133760A2 db 19h
relocs:133760A3 db 33h ; 3
relocs:133760A4 db 20h
relocs:133760A5 db 33h ; 3
relocs:133760A6 db 27h ; '
relocs:133760A7 db 33h ; 3
relocs:133760A8 db 4Eh ; N
relocs:133760A9 db 33h ; 3
relocs:133760AA db 54h ; T
relocs:133760AB db 33h ; 3
relocs:133760AC db 62h ; b
relocs:133760AD db 33h ; 3
relocs:133760AE db 69h ; i
relocs:133760AF db 33h ; 3
relocs:133760B0 db 70h ; p
relocs:133760B1 db 33h ; 3
relocs:133760B2 db 77h ; w
relocs:133760B3 db 33h ; 3
relocs:133760B4 db 7Ch ; |
relocs:133760B5 db 33h ; 3
relocs:133760B6 db 81h ; ?
relocs:133760B7 db 33h ; 3
relocs:133760B8 db 87h ; ?
relocs:133760B9 db 33h ; 3
relocs:133760BA db 91h ; ?
relocs:133760BB db 33h ; 3
relocs:133760BC db 98h ; ?
relocs:133760BD db 33h ; 3
relocs:133760BE db 9Fh ; ?
relocs:133760BF db 33h ; 3
relocs:133760C0 db 0A6h ; ?
relocs:133760C1 db 33h ; 3
relocs:133760C2 db 0ADh ; ?
relocs:133760C3 db 33h ; 3
relocs:133760C4 db 0B5h ; ?
relocs:133760C5 db 33h ; 3
relocs:133760C6 db 0BBh ; ?
relocs:133760C7 db 33h ; 3
relocs:133760C8 db 0C3h ; ?
relocs:133760C9 db 33h ; 3
relocs:133760CA db 0
relocs:133760CB db 0
relocs:133760CC db 0
relocs:133760CD db 30h ; 0
relocs:133760CE db 0
relocs:133760CF db 0
relocs:133760D0 db 22h ; "
relocs:133760D1 db 0
relocs:133760D2 db 0
relocs:133760D3 db 0
relocs:133760D4 db 2
relocs:133760D5 db 30h ; 0
relocs:133760D6 db 8
relocs:133760D7 db 30h ; 0
relocs:133760D8 db 0Eh
relocs:133760D9 db 30h ; 0
relocs:133760DA db 14h
relocs:133760DB db 30h ; 0
relocs:133760DC db 1Ah
relocs:133760DD db 30h ; 0
relocs:133760DE db 20h
relocs:133760DF db 30h ; 0
relocs:133760E0 db 26h ; &
relocs:133760E1 db 30h ; 0
relocs:133760E2 db 2Ch ; ,
relocs:133760E3 db 30h ; 0
relocs:133760E4 db 32h ; 2
relocs:133760E5 db 30h ; 0
relocs:133760E6 db 38h ; 8
relocs:133760E7 db 30h ; 0
relocs:133760E8 db 3Eh ; >
relocs:133760E9 db 30h ; 0
relocs:133760EA db 44h ; D
relocs:133760EB db 30h ; 0
relocs:133760EC db 4Ah ; J
relocs:133760ED db 30h ; 0
relocs:133760EE align 1000h
relocs:133760EE relocs ends
relocs:133760EE
relocs:133760EE
relocs:133760EE end DllEntryPoint
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
赞赏
雪币:
留言:
