-
-
[旧帖] [求助]谁能帮我分析一下这些代码是如何对比注册码的 0.00雪花
-
发表于: 2007-8-24 09:18 3349
-
以下代码是从一个小程序里取出来的,请帮忙分析算法注册机,谢谢!
00402412 68 48B04000 push OK.0040B048 ; ASCII "\reg.txt"
00402417 8D5424 14 lea edx,dword ptr ss:[esp+14]
0040241B B3 02 mov bl,2
0040241D 51 push ecx
0040241E 52 push edx
0040241F 885C24 3C mov byte ptr ss:[esp+3C],bl
00402423 E8 164D0000 call <jmp.&mfc42.#924>
00402428 50 push eax
00402429 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040242D C64424 34 03 mov byte ptr ss:[esp+34],3
00402432 E8 EF4C0000 call <jmp.&mfc42.#858>
00402437 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040243B 885C24 30 mov byte ptr ss:[esp+30],bl
0040243F E8 B84C0000 call <jmp.&mfc42.#800>
00402444 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402448 E8 C14C0000 call <jmp.&mfc42.#533>
0040244D 8B4424 08 mov eax,dword ptr ss:[esp+8]
00402451 6A 00 push 0
00402453 6A 00 push 0
00402455 50 push eax
00402456 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
0040245A C64424 3C 04 mov byte ptr ss:[esp+3C],4
0040245F E8 1C4D0000 call <jmp.&mfc42.#5194>
00402464 85C0 test eax,eax
00402466 74 56 je short OK.004024BE
00402468 8B5424 14 mov edx,dword ptr ss:[esp+14]
0040246C 56 push esi
0040246D 6A 00 push 0
0040246F 6A 00 push 0
00402471 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402475 FF52 30 call dword ptr ds:[edx+30]
00402478 8D4424 08 lea eax,dword ptr ss:[esp+8]
0040247C 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402480 50 push eax
00402481 E8 F44C0000 call <jmp.&mfc42.#5465>
00402486 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
0040248A E8 CD4C0000 call <jmp.&mfc42.#6282>
0040248F 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402493 E8 AC4C0000 call <jmp.&mfc42.#6283>
00402498 8B7424 3C mov esi,dword ptr ss:[esp+3C]
0040249C 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004024A0 51 push ecx
004024A1 8BCE mov ecx,esi
004024A3 E8 7E4C0000 call <jmp.&mfc42.#858>
004024A8 8B36 mov esi,dword ptr ds:[esi]
004024AA 68 B8B54000 push OK.0040B5B8
004024AF 56 push esi
004024B0 FF15 A4924000 call dword ptr ds:[<&msvcrt._mbscmp>] ; msvcrt._mbscmp
004024B6 83C4 08 add esp,8
004024B9 85C0 test eax,eax
004024BB 5E pop esi
004024BC 75 4C jnz short OK.0040250A
004024BE 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004024C2 885C24 30 mov byte ptr ss:[esp+30],bl
004024C6 E8 2B4C0000 call <jmp.&mfc42.#798>
004024CB 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004024CF C64424 30 01 mov byte ptr ss:[esp+30],1
004024D4 E8 234C0000 call <jmp.&mfc42.#800>
004024D9 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004024DD C64424 30 00 mov byte ptr ss:[esp+30],0
004024E2 E8 154C0000 call <jmp.&mfc42.#800>
004024E7 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
004024EB C74424 30 FFFFFFFF mov dword ptr ss:[esp+30],-1
004024F3 E8 044C0000 call <jmp.&mfc42.#800>
004024F8 33C0 xor eax,eax
004024FA 5B pop ebx
004024FB 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
004024FF 64:890D 00000000 mov dword ptr fs:[0],ecx
00402506 83C4 30 add esp,30
00402509 C3 retn
0040250A 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040250E E8 614C0000 call <jmp.&mfc42.#1997>
00402513 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402517 885C24 30 mov byte ptr ss:[esp+30],bl
0040251B E8 D64B0000 call <jmp.&mfc42.#798>
00402520 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402524 C64424 30 01 mov byte ptr ss:[esp+30],1
00402529 E8 CE4B0000 call <jmp.&mfc42.#800>
0040252E 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402532 C64424 30 00 mov byte ptr ss:[esp+30],0
00402537 E8 C04B0000 call <jmp.&mfc42.#800>
0040253C 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
00402540 C74424 30 FFFFFFFF mov dword ptr ss:[esp+30],-1
00402548 E8 AF4B0000 call <jmp.&mfc42.#800>
0040254D 8B4C24 28 mov ecx,dword ptr ss:[esp+28]
00402551 B8 01000000 mov eax,1
00402556 5B pop ebx
00402557 64:890D 00000000 mov dword ptr fs:[0],ecx
0040255E 83C4 30 add esp,30
00402561 C3 retn
00402562 90 nop
00402563 90 nop
00402564 90 nop
00402565 90 nop
00402566 90 nop
00402567 90 nop
00402568 90 nop
00402569 90 nop
0040256A 90 nop
0040256B 90 nop
0040256C 90 nop
0040256D 90 nop
0040256E 90 nop
0040256F 90 nop
00402570 6A FF push -1
00402572 68 487A4000 push OK.00407A48
00402577 64:A1 00000000 mov eax,dword ptr fs:[0]
0040257D 50 push eax
0040257E 64:8925 00000000 mov dword ptr fs:[0],esp
00402585 51 push ecx
00402586 53 push ebx
00402587 56 push esi
00402588 57 push edi
00402589 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040258D E8 824B0000 call <jmp.&mfc42.#540>
00402592 8B3D 04904000 mov edi,dword ptr ds:[<&kernel32.LoadLibrar>; kernel32.LoadLibraryA
00402598 68 3CB04000 push OK.0040B03C ; ASCII "reg3721.dll"
0040259D C74424 1C 00000000 mov dword ptr ss:[esp+1C],0
004025A5 FFD7 call edi
004025A7 8BF0 mov esi,eax
004025A9 85F6 test esi,esi
004025AB 75 3D jnz short OK.004025EA
004025AD 68 F4010000 push 1F4
004025B2 FF15 1C904000 call dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
004025B8 68 3CB04000 push OK.0040B03C ; ASCII "reg3721.dll"
004025BD FFD7 call edi
004025BF 8BF0 mov esi,eax
004025C1 85F6 test esi,esi
004025C3 75 25 jnz short OK.004025EA
004025C5 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004025C9 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
004025D1 E8 264B0000 call <jmp.&mfc42.#800>
004025D6 5F pop edi
004025D7 5E pop esi
004025D8 33C0 xor eax,eax
004025DA 5B pop ebx
004025DB 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
004025DF 64:890D 00000000 mov dword ptr fs:[0],ecx
004025E6 83C4 10 add esp,10
004025E9 C3 retn
004025EA 8B5C24 20 mov ebx,dword ptr ss:[esp+20]
004025EE 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004025F2 53 push ebx
004025F3 E8 2E4B0000 call <jmp.&mfc42.#858>
004025F8 8D4424 0C lea eax,dword ptr ss:[esp+C]
004025FC 50 push eax
004025FD 56 push esi
004025FE E8 BD040000 call OK.00402AC0
00402603 83C4 08 add esp,8
00402606 8BF8 mov edi,eax
00402608 56 push esi
00402609 FF15 00904000 call dword ptr ds:[<&kernel32.FreeLibrary>] ; kernel32.FreeLibrary
0040260F 85FF test edi,edi
00402611 75 25 jnz short OK.00402638
00402613 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402617 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
0040261F E8 D84A0000 call <jmp.&mfc42.#800>
00402624 5F pop edi
00402625 5E pop esi
00402626 33C0 xor eax,eax
00402628 5B pop ebx
00402629 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
0040262D 64:890D 00000000 mov dword ptr fs:[0],ecx
00402634 83C4 10 add esp,10
00402637 C3 retn
00402638 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040263C 51 push ecx
0040263D 8BCB mov ecx,ebx
0040263F E8 E24A0000 call <jmp.&mfc42.#858>
00402644 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402648 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402650 E8 A74A0000 call <jmp.&mfc42.#800>
00402655 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402659 5F pop edi
0040265A 5E pop esi
0040265B B8 01000000 mov eax,1
00402660 5B pop ebx
00402661 64:890D 00000000 mov dword ptr fs:[0],ecx
00402668 83C4 10 add esp,10
0040266B C3 retn
0040266C 90 nop
0040266D 90 nop
0040266E 90 nop
0040266F 90 nop
00402670 6A FF push -1
00402672 68 767A4000 push OK.00407A76
00402677 64:A1 00000000 mov eax,dword ptr fs:[0]
0040267D 50 push eax
0040267E 64:8925 00000000 mov dword ptr fs:[0],esp
00402685 81EC 0C010000 sub esp,10C
0040268B 56 push esi
0040268C 57 push edi
0040268D 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402691 E8 7E4A0000 call <jmp.&mfc42.#540>
00402696 B9 41000000 mov ecx,41
0040269B 33C0 xor eax,eax
0040269D 8D7C24 10 lea edi,dword ptr ss:[esp+10]
004026A1 68 04010000 push 104
004026A6 F3:AB rep stos dword ptr es:[edi]
004026A8 8D4424 14 lea eax,dword ptr ss:[esp+14]
004026AC C78424 20010000 000>mov dword ptr ss:[esp+120],0
004026B7 50 push eax
004026B8 6A 00 push 0
004026BA FF15 08904000 call dword ptr ds:[<&kernel32.GetModuleFile>; kernel32.GetModuleFileNameA
004026C0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004026C4 51 push ecx
004026C5 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004026C9 E8 344A0000 call <jmp.&mfc42.#860>
004026CE 6A 5C push 5C
004026D0 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004026D4 E8 B34A0000 call <jmp.&mfc42.#5683>
004026D9 8D5424 0C lea edx,dword ptr ss:[esp+C]
004026DD 50 push eax
004026DE 52 push edx
004026DF 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004026E3 E8 684A0000 call <jmp.&mfc42.#4129>
004026E8 8BB424 24010000 mov esi,dword ptr ss:[esp+124]
004026EF 50 push eax
004026F0 8BCE mov ecx,esi
004026F2 C68424 20010000 01 mov byte ptr ss:[esp+120],1
004026FA E8 274A0000 call <jmp.&mfc42.#858>
004026FF 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402703 C68424 1C010000 00 mov byte ptr ss:[esp+11C],0
0040270B E8 EC490000 call <jmp.&mfc42.#800>
00402710 8B36 mov esi,dword ptr ds:[esi]
00402712 68 B8B54000 push OK.0040B5B8
00402717 56 push esi
00402718 FF15 A4924000 call dword ptr ds:[<&msvcrt._mbscmp>] ; msvcrt._mbscmp
0040271E 83C4 08 add esp,8
00402721 C78424 1C010000 FFF>mov dword ptr ss:[esp+11C],-1
0040272C 85C0 test eax,eax
0040272E 5F pop edi
0040272F 5E pop esi
00402730 8D4C24 00 lea ecx,dword ptr ss:[esp]
00402734 75 1C jnz short OK.00402752
00402736 E8 C1490000 call <jmp.&mfc42.#800>
0040273B 33C0 xor eax,eax
0040273D 8B8C24 0C010000 mov ecx,dword ptr ss:[esp+10C]
00402744 64:890D 00000000 mov dword ptr fs:[0],ecx
0040274B 81C4 18010000 add esp,118
00402751 C3 retn
00402752 E8 A5490000 call <jmp.&mfc42.#800>
00402757 8B8C24 0C010000 mov ecx,dword ptr ss:[esp+10C]
0040275E B8 01000000 mov eax,1
00402763 64:890D 00000000 mov dword ptr fs:[0],ecx
0040276A 81C4 18010000 add esp,118
00402770 C3 retn
00402771 90 nop
00402772 90 nop
00402773 90 nop
00402774 90 nop
00402775 90 nop
00402776 90 nop
00402777 90 nop
00402778 90 nop
00402779 90 nop
0040277A 90 nop
0040277B 90 nop
0040277C 90 nop
0040277D 90 nop
0040277E 90 nop
0040277F 90 nop
00402780 6A FF push -1
00402782 68 907A4000 push OK.00407A90
00402787 64:A1 00000000 mov eax,dword ptr fs:[0]
0040278D 50 push eax
0040278E 64:8925 00000000 mov dword ptr fs:[0],esp
00402795 51 push ecx
00402796 55 push ebp
00402797 56 push esi
00402798 57 push edi
00402799 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040279D E8 72490000 call <jmp.&mfc42.#540>
004027A2 8B4424 20 mov eax,dword ptr ss:[esp+20]
004027A6 68 70B04000 push OK.0040B070 ; ASCII "GetHardDiskId"
004027AB 50 push eax
004027AC C74424 20 00000000 mov dword ptr ss:[esp+20],0
004027B4 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
004027BA 6A 64 push 64
004027BC 8BE8 mov ebp,eax
004027BE E8 CF490000 call <jmp.&mfc42.#823>
004027C3 8BF0 mov esi,eax
004027C5 83C4 04 add esp,4
004027C8 B9 19000000 mov ecx,19
004027CD 33C0 xor eax,eax
004027CF 8BFE mov edi,esi
004027D1 85ED test ebp,ebp
004027D3 F3:AB rep stos dword ptr es:[edi]
004027D5 0F84 19010000 je OK.004028F4
004027DB 53 push ebx
004027DC 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004027E1 56 push esi
004027E2 FFD5 call ebp
004027E4 56 push esi
004027E5 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004027E9 8BF8 mov edi,eax
004027EB E8 12490000 call <jmp.&mfc42.#860>
004027F0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004027F4 E8 63490000 call <jmp.&mfc42.#6282>
004027F9 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004027FD E8 42490000 call <jmp.&mfc42.#6283>
00402802 8B1D 1C904000 mov ebx,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402808 85FF test edi,edi
0040280A 74 0A je short OK.00402816
0040280C 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402810 8379 F8 03 cmp dword ptr ds:[ecx-8],3
00402814 7D 2D jge short OK.00402843
00402816 68 F4010000 push 1F4
0040281B FFD3 call ebx
0040281D 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402822 56 push esi
00402823 FFD5 call ebp
00402825 56 push esi
00402826 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040282A 8BF8 mov edi,eax
0040282C E8 D1480000 call <jmp.&mfc42.#860>
00402831 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402835 E8 22490000 call <jmp.&mfc42.#6282>
0040283A 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040283E E8 01490000 call <jmp.&mfc42.#6283>
00402843 85FF test edi,edi
00402845 74 0A je short OK.00402851
00402847 8B5424 10 mov edx,dword ptr ss:[esp+10]
0040284B 837A F8 03 cmp dword ptr ds:[edx-8],3
0040284F 7D 2D jge short OK.0040287E
00402851 68 F4010000 push 1F4
00402856 FFD3 call ebx
00402858 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
0040285D 56 push esi
0040285E FFD5 call ebp
00402860 56 push esi
00402861 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402865 8BF8 mov edi,eax
00402867 E8 96480000 call <jmp.&mfc42.#860>
0040286C 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402870 E8 E7480000 call <jmp.&mfc42.#6282>
00402875 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402879 E8 C6480000 call <jmp.&mfc42.#6283>
0040287E 85FF test edi,edi
00402880 5B pop ebx
00402881 74 71 je short OK.004028F4
00402883 8B4424 0C mov eax,dword ptr ss:[esp+C]
00402887 8B40 F8 mov eax,dword ptr ds:[eax-8]
0040288A 83F8 03 cmp eax,3
0040288D 7C 65 jl short OK.004028F4
0040288F 83F8 18 cmp eax,18
00402892 7E 2D jle short OK.004028C1
00402894 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402898 6A 18 push 18
0040289A 51 push ecx
0040289B 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040289F E8 AC480000 call <jmp.&mfc42.#4129>
004028A4 50 push eax
004028A5 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004028A9 C64424 1C 01 mov byte ptr ss:[esp+1C],1
004028AE E8 73480000 call <jmp.&mfc42.#858>
004028B3 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
004028B7 C64424 18 00 mov byte ptr ss:[esp+18],0
004028BC E8 3B480000 call <jmp.&mfc42.#800>
004028C1 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
004028C5 8D5424 0C lea edx,dword ptr ss:[esp+C]
004028C9 52 push edx
004028CA E8 57480000 call <jmp.&mfc42.#858>
004028CF 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004028D3 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
004028DB E8 1C480000 call <jmp.&mfc42.#800>
004028E0 8BC7 mov eax,edi
004028E2 5F pop edi
004028E3 5E pop esi
004028E4 5D pop ebp
004028E5 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
004028E9 64:890D 00000000 mov dword ptr fs:[0],ecx
004028F0 83C4 10 add esp,10
004028F3 C3 retn
004028F4 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004028F8 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402900 E8 F7470000 call <jmp.&mfc42.#800>
00402905 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402909 5F pop edi
0040290A 5E pop esi
0040290B 33C0 xor eax,eax
0040290D 5D pop ebp
0040290E 64:890D 00000000 mov dword ptr fs:[0],ecx
00402915 83C4 10 add esp,10
00402918 C3 retn
00402919 90 nop
0040291A 90 nop
0040291B 90 nop
0040291C 90 nop
0040291D 90 nop
0040291E 90 nop
0040291F 90 nop
00402920 6A FF push -1
00402922 68 B07A4000 push OK.00407AB0
00402927 64:A1 00000000 mov eax,dword ptr fs:[0]
0040292D 50 push eax
0040292E 64:8925 00000000 mov dword ptr fs:[0],esp
00402935 51 push ecx
00402936 55 push ebp
00402937 56 push esi
00402938 57 push edi
00402939 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040293D E8 D2470000 call <jmp.&mfc42.#540>
00402942 8B4424 20 mov eax,dword ptr ss:[esp+20]
00402946 68 80B04000 push OK.0040B080 ; ASCII "GetMACAddress"
0040294B 50 push eax
0040294C C74424 20 00000000 mov dword ptr ss:[esp+20],0
00402954 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
0040295A 6A 64 push 64
0040295C 8BE8 mov ebp,eax
0040295E E8 2F480000 call <jmp.&mfc42.#823>
00402963 8BF0 mov esi,eax
00402965 83C4 04 add esp,4
00402968 B9 19000000 mov ecx,19
0040296D 33C0 xor eax,eax
0040296F 8BFE mov edi,esi
00402971 85ED test ebp,ebp
00402973 F3:AB rep stos dword ptr es:[edi]
00402975 0F84 15010000 je OK.00402A90
0040297B 53 push ebx
0040297C 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402981 56 push esi
00402982 FFD5 call ebp
00402984 56 push esi
00402985 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402989 8BF8 mov edi,eax
0040298B E8 72470000 call <jmp.&mfc42.#860>
00402990 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402994 E8 C3470000 call <jmp.&mfc42.#6282>
00402999 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040299D E8 A2470000 call <jmp.&mfc42.#6283>
004029A2 8B1D 1C904000 mov ebx,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
004029A8 85FF test edi,edi
004029AA 74 0A je short OK.004029B6
004029AC 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
004029B0 8379 F8 03 cmp dword ptr ds:[ecx-8],3
004029B4 7D 2D jge short OK.004029E3
004029B6 68 F4010000 push 1F4
004029BB FFD3 call ebx
004029BD 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004029C2 56 push esi
004029C3 FFD5 call ebp
004029C5 56 push esi
004029C6 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004029CA 8BF8 mov edi,eax
004029CC E8 31470000 call <jmp.&mfc42.#860>
004029D1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004029D5 E8 82470000 call <jmp.&mfc42.#6282>
004029DA 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004029DE E8 61470000 call <jmp.&mfc42.#6283>
004029E3 85FF test edi,edi
004029E5 74 0A je short OK.004029F1
004029E7 8B5424 10 mov edx,dword ptr ss:[esp+10]
004029EB 837A F8 03 cmp dword ptr ds:[edx-8],3
004029EF 7D 2D jge short OK.00402A1E
004029F1 68 F4010000 push 1F4
004029F6 FFD3 call ebx
004029F8 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004029FD 56 push esi
004029FE FFD5 call ebp
00402A00 56 push esi
00402A01 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402A05 8BF8 mov edi,eax
00402A07 E8 F6460000 call <jmp.&mfc42.#860>
00402A0C 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A10 E8 47470000 call <jmp.&mfc42.#6282>
00402A15 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A19 E8 26470000 call <jmp.&mfc42.#6283>
00402A1E 85FF test edi,edi
00402A20 5B pop ebx
00402A21 74 6D je short OK.00402A90
00402A23 8B4424 0C mov eax,dword ptr ss:[esp+C]
00402A27 8B40 F8 mov eax,dword ptr ds:[eax-8]
00402A2A 83F8 03 cmp eax,3
00402A2D 7C 61 jl short OK.00402A90
00402A2F 83F8 18 cmp eax,18
00402A32 7E 2D jle short OK.00402A61
00402A34 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402A38 6A 18 push 18
00402A3A 51 push ecx
00402A3B 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402A3F E8 0C470000 call <jmp.&mfc42.#4129>
00402A44 50 push eax
00402A45 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A49 C64424 1C 01 mov byte ptr ss:[esp+1C],1
00402A4E E8 D3460000 call <jmp.&mfc42.#858>
00402A53 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402A57 C64424 18 00 mov byte ptr ss:[esp+18],0
00402A5C E8 9B460000 call <jmp.&mfc42.#800>
00402A61 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
00402A65 56 push esi
00402A66 E8 97460000 call <jmp.&mfc42.#860>
00402A6B 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402A6F C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402A77 E8 80460000 call <jmp.&mfc42.#800>
00402A7C 8BC7 mov eax,edi
00402A7E 5F pop edi
00402A7F 5E pop esi
00402A80 5D pop ebp
00402A81 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
00402A85 64:890D 00000000 mov dword ptr fs:[0],ecx
00402A8C 83C4 10 add esp,10
00402A8F C3 retn
00402A90 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402A94 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402A9C E8 5B460000 call <jmp.&mfc42.#800>
00402AA1 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402AA5 5F pop edi
00402AA6 5E pop esi
00402AA7 33C0 xor eax,eax
00402AA9 5D pop ebp
00402AAA 64:890D 00000000 mov dword ptr fs:[0],ecx
00402AB1 83C4 10 add esp,10
00402AB4 C3 retn
00402AB5 90 nop
00402AB6 90 nop
00402AB7 90 nop
00402AB8 90 nop
00402AB9 90 nop
00402ABA 90 nop
00402ABB 90 nop
00402ABC 90 nop
00402ABD 90 nop
00402ABE 90 nop
00402ABF 90 nop
00402AC0 6A FF push -1
00402AC2 68 E17A4000 push OK.00407AE1
00402AC7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402ACD 50 push eax
00402ACE 64:8925 00000000 mov dword ptr fs:[0],esp
00402AD5 81EC 00020000 sub esp,200
00402ADB 53 push ebx
00402ADC 55 push ebp
00402ADD 56 push esi
00402ADE 57 push edi
00402ADF 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402AE3 E8 2C460000 call <jmp.&mfc42.#540>
00402AE8 8B8424 24020000 mov eax,dword ptr ss:[esp+224]
00402AEF 33DB xor ebx,ebx
00402AF1 50 push eax
00402AF2 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402AF6 899C24 1C020000 mov dword ptr ss:[esp+21C],ebx
00402AFD E8 2A460000 call <jmp.&mfc42.#535>
00402B02 8B8C24 20020000 mov ecx,dword ptr ss:[esp+220]
00402B09 68 14B14000 push OK.0040B114 ; ASCII "RSADecrypt"
00402B0E 51 push ecx
00402B0F C68424 20020000 01 mov byte ptr ss:[esp+220],1
00402B17 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
00402B1D 8BE8 mov ebp,eax
00402B1F B9 7D000000 mov ecx,7D
00402B24 33C0 xor eax,eax
00402B26 8D7C24 1C lea edi,dword ptr ss:[esp+1C]
00402B2A F3:AB rep stos dword ptr es:[edi]
00402B2C 68 90B04000 push OK.0040B090 ; ASCII "CA93CFF3083932B6F39B6C38F1C634C194F3A4F20197B1199B40EFD214FE8A2F6F77FD1E68B69012C5F069807758D373C9C56567E9A7C5ED7F94B0917C98CAD9"
00402B31 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402B35 E8 5E460000 call <jmp.&mfc42.#537>
00402B3A 3BEB cmp ebp,ebx
00402B3C C68424 18020000 02 mov byte ptr ss:[esp+218],2
00402B44 0F84 36010000 je OK.00402C80
00402B4A 8B4424 14 mov eax,dword ptr ss:[esp+14]
00402B4E 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
00402B52 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402B56 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402B5B 52 push edx
00402B5C 6A 02 push 2
00402B5E 50 push eax
00402B5F 51 push ecx
00402B60 FFD5 call ebp
00402B62 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402B66 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B6A 52 push edx
00402B6B 8BF0 mov esi,eax
00402B6D E8 90450000 call <jmp.&mfc42.#860>
00402B72 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B76 E8 E1450000 call <jmp.&mfc42.#6282>
00402B7B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B7F E8 C0450000 call <jmp.&mfc42.#6283>
00402B84 8B3D 1C904000 mov edi,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402B8A 3BF3 cmp esi,ebx
00402B8C 74 0A je short OK.00402B98
00402B8E 8B4424 10 mov eax,dword ptr ss:[esp+10]
00402B92 8378 F8 0A cmp dword ptr ds:[eax-8],0A
00402B96 7D 41 jge short OK.00402BD9
00402B98 68 F4010000 push 1F4
00402B9D FFD7 call edi
00402B9F 8B5424 14 mov edx,dword ptr ss:[esp+14]
00402BA3 8B4424 18 mov eax,dword ptr ss:[esp+18]
00402BA7 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402BAB 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402BB0 51 push ecx
00402BB1 6A 02 push 2
00402BB3 52 push edx
00402BB4 50 push eax
00402BB5 FFD5 call ebp
00402BB7 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402BBB 8BF0 mov esi,eax
00402BBD 51 push ecx
00402BBE 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402BC2 E8 3B450000 call <jmp.&mfc42.#860>
00402BC7 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402BCB E8 8C450000 call <jmp.&mfc42.#6282>
00402BD0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402BD4 E8 6B450000 call <jmp.&mfc42.#6283>
00402BD9 3BF3 cmp esi,ebx
00402BDB 74 0A je short OK.00402BE7
00402BDD 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402BE1 837A F8 0A cmp dword ptr ds:[edx-8],0A
00402BE5 7D 41 jge short OK.00402C28
00402BE7 68 F4010000 push 1F4
00402BEC FFD7 call edi
00402BEE 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
00402BF2 8B5424 18 mov edx,dword ptr ss:[esp+18]
00402BF6 8D4424 1C lea eax,dword ptr ss:[esp+1C]
00402BFA 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402BFF 50 push eax
00402C00 6A 02 push 2
00402C02 51 push ecx
00402C03 52 push edx
00402C04 FFD5 call ebp
00402C06 8BF0 mov esi,eax
00402C08 8D4424 1C lea eax,dword ptr ss:[esp+1C]
00402C0C 50 push eax
00402C0D 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C11 E8 EC440000 call <jmp.&mfc42.#860>
00402C16 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C1A E8 3D450000 call <jmp.&mfc42.#6282>
00402C1F 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C23 E8 1C450000 call <jmp.&mfc42.#6283>
00402C28 3BF3 cmp esi,ebx
00402C2A 74 54 je short OK.00402C80
00402C2C 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402C30 8379 F8 0A cmp dword ptr ds:[ecx-8],0A
00402C34 7C 4A jl short OK.00402C80
00402C36 8B8C24 24020000 mov ecx,dword ptr ss:[esp+224]
00402C3D 8D5424 10 lea edx,dword ptr ss:[esp+10]
00402C41 52 push edx
00402C42 E8 DF440000 call <jmp.&mfc42.#858>
00402C47 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C4B C68424 18020000 01 mov byte ptr ss:[esp+218],1
00402C53 E8 A4440000 call <jmp.&mfc42.#800>
00402C58 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402C5C 889C24 18020000 mov byte ptr ss:[esp+218],bl
00402C63 E8 94440000 call <jmp.&mfc42.#800>
00402C68 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C6C C78424 18020000 FFF>mov dword ptr ss:[esp+218],-1
00402C77 E8 80440000 call <jmp.&mfc42.#800>
00402C7C 8BC6 mov eax,esi
00402C7E EB 37 jmp short OK.00402CB7
00402C80 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C84 C68424 18020000 01 mov byte ptr ss:[esp+218],1
00402C8C E8 6B440000 call <jmp.&mfc42.#800>
00402C91 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402C95 889C24 18020000 mov byte ptr ss:[esp+218],bl
00402C9C E8 5B440000 call <jmp.&mfc42.#800>
00402CA1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402CA5 C78424 18020000 FFF>mov dword ptr ss:[esp+218],-1
00402CB0 E8 47440000 call <jmp.&mfc42.#800>
00402CB5 33C0 xor eax,eax
00402CB7 8B8C24 10020000 mov ecx,dword ptr ss:[esp+210]
00402CBE 5F pop edi
00402CBF 5E pop esi
00402CC0 5D pop ebp
00402CC1 5B pop ebx
00402CC2 64:890D 00000000 mov dword ptr fs:[0],ecx
00402CC9 81C4 0C020000 add esp,20C
00402CCF C3 retn
00402CD0 6A FF push -1
00402CD2 68 007B4000 push OK.00407B00
00402CD7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402CDD 50 push eax
00402CDE 64:8925 00000000 mov dword ptr fs:[0],esp
00402CE5 83EC 50 sub esp,50
00402CE8 53 push ebx
00402CE9 56 push esi
00402CEA 57 push edi
00402CEB 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402CEF E8 20440000 call <jmp.&mfc42.#540>
00402CF4 8B4424 70 mov eax,dword ptr ss:[esp+70]
00402CF8 33DB xor ebx,ebx
00402CFA 50 push eax
00402CFB 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402CFF 895C24 68 mov dword ptr ss:[esp+68],ebx
00402D03 E8 24440000 call <jmp.&mfc42.#535>
00402D08 B9 08000000 mov ecx,8
00402D0D 33C0 xor eax,eax
00402D0F 8D7C24 38 lea edi,dword ptr ss:[esp+38]
00402D13 8D5424 38 lea edx,dword ptr ss:[esp+38]
00402D17 F3:AB rep stos dword ptr es:[edi]
00402D19 AA stos byte ptr es:[edi]
00402D1A B9 08000000 mov ecx,8
00402D1F 33C0 xor eax,eax
00402D21 8D7C24 14 lea edi,dword ptr ss:[esp+14]
00402D25 68 20B14000 push OK.0040B120 ; ASCII "MD5Encrypt"
00402D2A F3:AB rep stos dword ptr es:[edi]
00402D2C AA stos byte ptr es:[edi]
00402D2D 8B7C24 14 mov edi,dword ptr ss:[esp+14]
00402D31 83C9 FF or ecx,FFFFFFFF
00402D34 33C0 xor eax,eax
00402D36 C64424 68 01 mov byte ptr ss:[esp+68],1
00402D3B F2:AE repne scas byte ptr es:[edi]
00402D3D F7D1 not ecx
00402D3F 2BF9 sub edi,ecx
00402D41 8BC1 mov eax,ecx
00402D43 8BF7 mov esi,edi
00402D45 8BFA mov edi,edx
00402D47 C1E9 02 shr ecx,2
00402D4A F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[e>
00402D4C 8BC8 mov ecx,eax
00402D4E 83E1 03 and ecx,3
00402D51 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi>
00402D53 8B4C24 70 mov ecx,dword ptr ss:[esp+70]
00402D57 51 push ecx
00402D58 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
00402D5E 8BF8 mov edi,eax
00402D60 3BFB cmp edi,ebx
00402D62 0F84 31010000 je OK.00402E99
00402D68 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402D6C 55 push ebp
00402D6D 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402D72 8D4C24 40 lea ecx,dword ptr ss:[esp+40]
00402D76 8B42 F8 mov eax,dword ptr ds:[edx-8]
00402D79 50 push eax
00402D7A 8D4424 20 lea eax,dword ptr ss:[esp+20]
00402D7E 50 push eax
00402D7F 51 push ecx
00402D80 FFD7 call edi
00402D82 8D5424 18 lea edx,dword ptr ss:[esp+18]
00402D86 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D8A 52 push edx
00402D8B 8BF0 mov esi,eax
00402D8D E8 70430000 call <jmp.&mfc42.#860>
00402D92 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D96 E8 C1430000 call <jmp.&mfc42.#6282>
00402D9B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D9F E8 A0430000 call <jmp.&mfc42.#6283>
00402DA4 8B2D 1C904000 mov ebp,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402DAA 3BF3 cmp esi,ebx
00402DAC 74 0A je short OK.00402DB8
00402DAE 8B4424 10 mov eax,dword ptr ss:[esp+10]
00402DB2 8378 F8 0A cmp dword ptr ds:[eax-8],0A
00402DB6 7D 42 jge short OK.00402DFA
00402DB8 68 F4010000 push 1F4
00402DBD FFD5 call ebp
00402DBF 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
00402DC3 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402DC8 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402DCC 8B41 F8 mov eax,dword ptr ds:[ecx-8]
00402DCF 50 push eax
00402DD0 8D4424 44 lea eax,dword ptr ss:[esp+44]
00402DD4 52 push edx
00402DD5 50 push eax
00402DD6 FFD7 call edi
00402DD8 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402DDC 8BF0 mov esi,eax
00402DDE 51 push ecx
00402DDF 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402DE3 E8 1A430000 call <jmp.&mfc42.#860>
00402DE8 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402DEC E8 6B430000 call <jmp.&mfc42.#6282>
00402DF1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402DF5 E8 4A430000 call <jmp.&mfc42.#6283>
00402DFA 3BF3 cmp esi,ebx
00402DFC 74 0A je short OK.00402E08
00402DFE 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402E02 837A F8 0A cmp dword ptr ds:[edx-8],0A
00402E06 7D 42 jge short OK.00402E4A
00402E08 68 F4010000 push 1F4
00402E0D FFD5 call ebp
00402E0F 8B4424 14 mov eax,dword ptr ss:[esp+14]
00402E13 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402E18 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402E1C 8D5424 40 lea edx,dword ptr ss:[esp+40]
00402E20 8B40 F8 mov eax,dword ptr ds:[eax-8]
00402E23 50 push eax
00402E24 51 push ecx
00402E25 52 push edx
00402E26 FFD7 call edi
00402E28 8BF0 mov esi,eax
00402E2A 8D4424 18 lea eax,dword ptr ss:[esp+18]
00402E2E 50 push eax
00402E2F 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402E33 E8 CA420000 call <jmp.&mfc42.#860>
00402E38 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E3C E8 1B430000 call <jmp.&mfc42.#6282>
00402E41 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E45 E8 FA420000 call <jmp.&mfc42.#6283>
00402E4A 3BF3 cmp esi,ebx
00402E4C 5D pop ebp
00402E4D 74 4A je short OK.00402E99
00402E4F 8B4C24 0C mov ecx,dword ptr ss:[esp+C]
00402E53 8379 F8 0A cmp dword ptr ds:[ecx-8],0A
00402E57 7C 40 jl short OK.00402E99
00402E59 8B4C24 70 mov ecx,dword ptr ss:[esp+70]
00402E5D 8D5424 0C lea edx,dword ptr ss:[esp+C]
00402E61 52 push edx
00402E62 E8 BF420000 call <jmp.&mfc42.#858>
00402E67 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E6B 885C24 64 mov byte ptr ss:[esp+64],bl
00402E6F E8 88420000 call <jmp.&mfc42.#800>
00402E74 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402E78 C74424 64 FFFFFFFF mov dword ptr ss:[esp+64],-1
00402E80 E8 77420000 call <jmp.&mfc42.#800>
00402E85 8BC6 mov eax,esi
00402E87 5F pop edi
00402E88 5E pop esi
00402E89 5B pop ebx
00402E8A 8B4C24 50 mov ecx,dword ptr ss:[esp+50]
00402E8E 64:890D 00000000 mov dword ptr fs:[0],ecx
00402E95 83C4 5C add esp,5C
00402E98 C3 retn
00402E99 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E9D 885C24 64 mov byte ptr ss:[esp+64],bl
00402EA1 E8 56420000 call <jmp.&mfc42.#800>
00402EA6 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402EAA C74424 64 FFFFFFFF mov dword ptr ss:[esp+64],-1
00402EB2 E8 45420000 call <jmp.&mfc42.#800>
00402EB7 8B4C24 5C mov ecx,dword ptr ss:[esp+5C]
00402EBB 5F pop edi
00402EBC 5E pop esi
00402EBD 33C0 xor eax,eax
00402EBF 5B pop ebx
00402EC0 64:890D 00000000 mov dword ptr fs:[0],ecx
00402EC7 83C4 5C add esp,5C
00402ECA C3 retn
00402ECB 90 nop
00402ECC 90 nop
00402ECD 90 nop
00402ECE 90 nop
00402ECF 90 nop
00402ED0 6A FF push -1
00402ED2 68 707B4000 push OK.00407B70
00402ED7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402EDD 50 push eax
00402EDE 64:8925 00000000 mov dword ptr fs:[0],esp
00402EE5 83EC 30 sub esp,30
00402EE8 8B4424 40 mov eax,dword ptr ss:[esp+40]
00402EEC 53 push ebx
00402EED 55 push ebp
00402EEE 56 push esi
00402EEF 57 push edi
00402EF0 50 push eax
00402EF1 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00402EF5 E8 32420000 call <jmp.&mfc42.#535>
00402EFA 33ED xor ebp,ebp
00402EFC 68 34B14000 push OK.0040B134 ; ASCII "kjklsafoiwermxvz"
00402F01 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402F05 896C24 4C mov dword ptr ss:[esp+4C],ebp
00402F09 E8 8A420000 call <jmp.&mfc42.#537>
00402F0E 8A0D B8B54000 mov cl,byte ptr ds:[40B5B8]
00402F14 33D2 xor edx,edx
00402F16 884C24 14 mov byte ptr ss:[esp+14],cl
00402F1A 66:895424 15 mov word ptr ss:[esp+15],dx
00402F1F 68 B8B54000 push OK.0040B5B8
00402F24 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402F28 C64424 4C 01 mov byte ptr ss:[esp+4C],1
00402F2D 885424 1B mov byte ptr ss:[esp+1B],dl
00402F31 E8 62420000 call <jmp.&mfc42.#537>
00402F36 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402F3A C64424 48 02 mov byte ptr ss:[esp+48],2
00402F3F E8 D0410000 call <jmp.&mfc42.#540>
00402F44 C64424 48 03 mov byte ptr ss:[esp+48],3
00402F49 FF15 10904000 call dword ptr ds:[<&kernel32.GetTickCount>>; kernel32.GetTickCount
00402F4F 50 push eax
00402F50 FF15 9C924000 call dword ptr ds:[<&msvcrt.srand>] ; msvcrt.srand
00402F56 FF15 A0924000 call dword ptr ds:[<&msvcrt.rand>] ; msvcrt.rand
00402F5C 99 cdq
00402F5D B9 FF000000 mov ecx,0FF
00402F62 6A 10 push 10
00402F64 F7F9 idiv ecx
00402F66 8BF2 mov esi,edx
00402F68 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402F6C 52 push edx
00402F6D 56 push esi
00402F6E FF15 B4924000 call dword ptr ds:[<&msvcrt._itoa>] ; msvcrt._itoa
00402F74 83C4 10 add esp,10
00402F77 8D4424 14 lea eax,dword ptr ss:[esp+14]
00402F7B 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402F7F 50 push eax
00402F80 E8 7D410000 call <jmp.&mfc42.#860>
00402F85 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
00402F89 8B41 F8 mov eax,dword ptr ds:[ecx-8]
00402F8C 3BC5 cmp eax,ebp
00402F8E 75 31 jnz short OK.00402FC1
00402F90 8D5424 10 lea edx,dword ptr ss:[esp+10]
00402F94 68 30B14000 push OK.0040B130 ; ASCII "00"
00402F99 8D4424 28 lea eax,dword ptr ss:[esp+28]
00402F9D 52 push edx
00402F9E 50 push eax
00402F9F E8 9A410000 call <jmp.&mfc42.#924>
00402FA4 50 push eax
00402FA5 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402FA9 C64424 4C 04 mov byte ptr ss:[esp+4C],4
00402FAE E8 73410000 call <jmp.&mfc42.#858>
00402FB3 C64424 48 03 mov byte ptr ss:[esp+48],3
00402FB8 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00402FBC E9 82000000 jmp OK.00403043
00402FC1 83F8 01 cmp eax,1
00402FC4 75 51 jnz short OK.00403017
00402FC6 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402FCA 68 2CB14000 push OK.0040B12C
00402FCF 8D5424 2C lea edx,dword ptr ss:[esp+2C]
00402FD3 51 push ecx
00402FD4 52 push edx
00402FD5 E8 64410000 call <jmp.&mfc42.#924>
00402FDA 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402FDE 8D5424 24 lea edx,dword ptr ss:[esp+24]
00402FE2 51 push ecx
00402FE3 B3 05 mov bl,5
00402FE5 50 push eax
00402FE6 52 push edx
00402FE7 885C24 54 mov byte ptr ss:[esp+54],bl
00402FEB E8 78410000 call <jmp.&mfc42.#922>
00402FF0 50 push eax
00402FF1 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402FF5 C64424 4C 06 mov byte ptr ss:[esp+4C],6
00402FFA E8 27410000 call <jmp.&mfc42.#858>
00402FFF 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00403003 885C24 48 mov byte ptr ss:[esp+48],bl
00403007 E8 F0400000 call <jmp.&mfc42.#800>
0040300C C64424 48 03 mov byte ptr ss:[esp+48],3
00403011 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403015 EB 2C jmp short OK.00403043
00403017 8D4424 18 lea eax,dword ptr ss:[esp+18]
0040301B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040301F 50 push eax
00403020 8D5424 2C lea edx,dword ptr ss:[esp+2C]
00403024 51 push ecx
00403025 52 push edx
00403026 E8 3D410000 call <jmp.&mfc42.#922>
0040302B 50 push eax
0040302C 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403030 C64424 4C 07 mov byte ptr ss:[esp+4C],7
00403035 E8 EC400000 call <jmp.&mfc42.#858>
0040303A C64424 48 03 mov byte ptr ss:[esp+48],3
0040303F 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403043 E8 B4400000 call <jmp.&mfc42.#800>
00403048 68 C8000000 push 0C8
0040304D 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00403051 E8 54410000 call <jmp.&mfc42.#2915>
00403056 6A FF push -1
00403058 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
0040305C 8BD8 mov ebx,eax
0040305E E8 41410000 call <jmp.&mfc42.#5572>
00403063 8BFB mov edi,ebx
00403065 83C9 FF or ecx,FFFFFFFF
00403068 33C0 xor eax,eax
0040306A 68 C8000000 push 0C8
0040306F F2:AE repne scas byte ptr es:[edi]
00403071 F7D1 not ecx
00403073 49 dec ecx
00403074 894C24 28 mov dword ptr ss:[esp+28],ecx
00403078 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
0040307C E8 29410000 call <jmp.&mfc42.#2915>
00403081 8BF8 mov edi,eax
00403083 6A FF push -1
00403085 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403089 897C24 30 mov dword ptr ss:[esp+30],edi
0040308D E8 12410000 call <jmp.&mfc42.#5572>
00403092 83C9 FF or ecx,FFFFFFFF
00403095 33C0 xor eax,eax
00403097 F2:AE repne scas byte ptr es:[edi]
00403099 8B4424 24 mov eax,dword ptr ss:[esp+24]
0040309D F7D1 not ecx
0040309F 49 dec ecx
004030A0 85C0 test eax,eax
004030A2 894C24 28 mov dword ptr ss:[esp+28],ecx
004030A6 0F8E 09010000 jle OK.004031B5
004030AC 8BC5 mov eax,ebp
004030AE 6A 10 push 10
004030B0 99 cdq
004030B1 F77C24 2C idiv dword ptr ss:[esp+2C]
004030B5 0FBE042B movsx eax,byte ptr ds:[ebx+ebp]
004030B9 03C6 add eax,esi
004030BB BE FF000000 mov esi,0FF
004030C0 8BCA mov ecx,edx
004030C2 99 cdq
004030C3 F7FE idiv esi
004030C5 8B4424 30 mov eax,dword ptr ss:[esp+30]
004030C9 0FBE0C01 movsx ecx,byte ptr ds:[ecx+eax]
004030CD 33D1 xor edx,ecx
004030CF 8BF2 mov esi,edx
004030D1 8D5424 18 lea edx,dword ptr ss:[esp+18]
004030D5 52 push edx
004030D6 56 push esi
004030D7 FF15 B4924000 call dword ptr ds:[<&msvcrt._itoa>] ; msvcrt._itoa
004030DD 8D7C24 20 lea edi,dword ptr ss:[esp+20]
004030E1 83C9 FF or ecx,FFFFFFFF
004030E4 33C0 xor eax,eax
004030E6 83C4 0C add esp,0C
004030E9 F2:AE repne scas byte ptr es:[edi]
004030EB F7D1 not ecx
004030ED 49 dec ecx
004030EE 75 31 jnz short OK.00403121
004030F0 8D4424 10 lea eax,dword ptr ss:[esp+10]
004030F4 68 30B14000 push OK.0040B130 ; ASCII "00"
004030F9 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
004030FD 50 push eax
004030FE 51 push ecx
004030FF E8 3A400000 call <jmp.&mfc42.#924>
00403104 50 push eax
00403105 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403109 C64424 4C 08 mov byte ptr ss:[esp+4C],8
0040310E E8 13400000 call <jmp.&mfc42.#858>
00403113 C64424 48 03 mov byte ptr ss:[esp+48],3
00403118 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
0040311C E9 82000000 jmp OK.004031A3
00403121 83F9 01 cmp ecx,1
00403124 75 51 jnz short OK.00403177
00403126 8D5424 10 lea edx,dword ptr ss:[esp+10]
0040312A 68 2CB14000 push OK.0040B12C
0040312F 8D4424 3C lea eax,dword ptr ss:[esp+3C]
00403133 52 push edx
00403134 50 push eax
00403135 E8 04400000 call <jmp.&mfc42.#924>
0040313A 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040313E 8D5424 34 lea edx,dword ptr ss:[esp+34]
00403142 51 push ecx
00403143 50 push eax
00403144 52 push edx
00403145 C64424 54 09 mov byte ptr ss:[esp+54],9
0040314A E8 EF3F0000 call <jmp.&mfc42.#924>
0040314F 50 push eax
00403150 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403154 C64424 4C 0A mov byte ptr ss:[esp+4C],0A
00403159 E8 C83F0000 call <jmp.&mfc42.#858>
0040315E 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
00403162 C64424 48 09 mov byte ptr ss:[esp+48],9
00403167 E8 903F0000 call <jmp.&mfc42.#800>
0040316C C64424 48 03 mov byte ptr ss:[esp+48],3
00403171 8D4C24 38 lea ecx,dword ptr ss:[esp+38]
00403175 EB 2C jmp short OK.004031A3
00403177 8D4424 14 lea eax,dword ptr ss:[esp+14]
0040317B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040317F 50 push eax
00403180 8D5424 40 lea edx,dword ptr ss:[esp+40]
00403184 51 push ecx
00403185 52 push edx
00403186 E8 B33F0000 call <jmp.&mfc42.#924>
0040318B 50 push eax
0040318C 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403190 C64424 4C 0B mov byte ptr ss:[esp+4C],0B
00403195 E8 8C3F0000 call <jmp.&mfc42.#858>
0040319A C64424 48 03 mov byte ptr ss:[esp+48],3
0040319F 8D4C24 3C lea ecx,dword ptr ss:[esp+3C]
004031A3 E8 543F0000 call <jmp.&mfc42.#800>
004031A8 8B4424 24 mov eax,dword ptr ss:[esp+24]
004031AC 45 inc ebp
004031AD 3BE8 cmp ebp,eax
004031AF ^ 0F8C F7FEFFFF jl OK.004030AC
004031B5 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004031B9 E8 E03F0000 call <jmp.&mfc42.#4204>
004031BE 8B4C24 50 mov ecx,dword ptr ss:[esp+50]
004031C2 8D4424 10 lea eax,dword ptr ss:[esp+10]
004031C6 50 push eax
004031C7 E8 5A3F0000 call <jmp.&mfc42.#858>
004031CC 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
004031D0 C64424 48 02 mov byte ptr ss:[esp+48],2
004031D5 E8 223F0000 call <jmp.&mfc42.#800>
004031DA 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004031DE C64424 48 01 mov byte ptr ss:[esp+48],1
004031E3 E8 143F0000 call <jmp.&mfc42.#800>
004031E8 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
004031EC C64424 48 00 mov byte ptr ss:[esp+48],0
004031F1 E8 063F0000 call <jmp.&mfc42.#800>
004031F6 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
004031FA C74424 48 FFFFFFFF mov dword ptr ss:[esp+48],-1
00403202 E8 F53E0000 call <jmp.&mfc42.#800>
00403207 8B4C24 40 mov ecx,dword ptr ss:[esp+40]
0040320B 5F pop edi
0040320C 5E pop esi
0040320D 5D pop ebp
0040320E 5B pop ebx
0040320F 64:890D 00000000 mov dword ptr fs:[0],ecx
00403216 83C4 3C add esp,3C
00403219 C3 retn
0040321A 90 nop
0040321B 90 nop
0040321C 90 nop
0040321D 90 nop
0040321E 90 nop
0040321F 90 nop
00403220 A1 84904000 mov eax,dword ptr ds:[<&mfc42.#4274>]
00403225 C3 retn
00403226 90 nop
00403227 90 nop
00403228 90 nop
00403229 90 nop
0040322A 90 nop
0040322B 90 nop
0040322C 90 nop
0040322D 90 nop
0040322E 90 nop
0040322F 90 nop
00403230 B8 F0924000 mov eax,OK.004092F0
00403235 C3 retn
00403236 90 nop
00403237 90 nop
00403238 90 nop
00403239 90 nop
0040323A 90 nop
0040323B 90 nop
0040323C 90 nop
0040323D 90 nop
0040323E 90 nop
0040323F 90 nop
00403240 56 push esi
00403241 8BF1 mov esi,ecx
00403243 6A 00 push 0
00403245 E8 3E400000 call <jmp.&mfc42.#561>
0040324A C706 28934000 mov dword ptr ds:[esi],OK.00409328
00403250 8BC6 mov eax,esi
00403252 5E pop esi
00403253 C3 retn
00403254 90 nop
00403255 90 nop
00403256 90 nop
00403257 90 nop
00403258 90 nop
00403259 90 nop
0040325A 90 nop
0040325B 90 nop
0040325C 90 nop
0040325D 90 nop
0040325E 90 nop
0040325F 90 nop
00403260 56 push esi
00403261 8BF1 mov esi,ecx
00403263 E8 18000000 call OK.00403280
00403268 F64424 08 01 test byte ptr ss:[esp+8],1
0040326D 74 09 je short OK.00403278
0040326F 56 push esi
00403270 E8 A53E0000 call <jmp.&mfc42.#825>
00403275 83C4 04 add esp,4
00403278 8BC6 mov eax,esi
0040327A 5E pop esi
0040327B C2 0400 retn 4
0040327E 90 nop
0040327F 90 nop
00403280 E9 09400000 jmp <jmp.&mfc42.#815>
00403285 90 nop
00403286 90 nop
00403287 90 nop
00403288 90 nop
00403289 90 nop
0040328A 90 nop
0040328B 90 nop
0040328C 90 nop
0040328D 90 nop
0040328E 90 nop
0040328F 90 nop
00403290 E8 0B000000 call OK.004032A0
00403295 E9 16000000 jmp OK.004032B0
0040329A 90 nop
0040329B 90 nop
0040329C 90 nop
0040329D 90 nop
0040329E 90 nop
0040329F 90 nop
004032A0 B9 C0B54000 mov ecx,OK.0040B5C0
004032A5 ^ E9 96FFFFFF jmp OK.00403240
004032AA 90 nop
004032AB 90 nop
004032AC 90 nop
004032AD 90 nop
004032AE 90 nop
004032AF 90 nop
004032B0 68 C0324000 push OK.004032C0
004032B5 E8 B2410000 call OK.0040746C
004032BA 59 pop ecx
004032BB C3 retn
004032BC 90 nop
004032BD 90 nop
004032BE 90 nop
004032BF 90 nop
004032C0 B9 C0B54000 mov ecx,OK.0040B5C0
004032C5 ^ E9 B6FFFFFF jmp OK.00403280
004032CA 90 nop
004032CB 90 nop
004032CC 90 nop
004032CD 90 nop
004032CE 90 nop
004032CF 90 nop
004032D0 6A FF push -1
004032D2 68 DA7B4000 push OK.00407BDA
004032D7 64:A1 00000000 mov eax,dword ptr fs:[0]
004032DD 50 push eax
004032DE 64:8925 00000000 mov dword ptr fs:[0],esp
004032E5 81EC 40010000 sub esp,140
004032EB 56 push esi
004032EC 8BF1 mov esi,ecx
004032EE E8 B33F0000 call <jmp.&mfc42.#2621>
004032F3 6A 00 push 0
004032F5 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004032F9 E8 92020000 call OK.00403590
004032FE 8D4424 04 lea eax,dword ptr ss:[esp+4]
00403302 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
00403306 C78424 4C010000 000>mov dword ptr ss:[esp+14C],0
00403311 8946 20 mov dword ptr ds:[esi+20],eax
00403314 E8 873F0000 call <jmp.&mfc42.#2514>
00403319 8D8C24 3C010000 lea ecx,dword ptr ss:[esp+13C]
00403320 C78424 4C010000 080>mov dword ptr ss:[esp+14C],8
0040332B E8 CC3D0000 call <jmp.&mfc42.#800>
00403330 8D8C24 38010000 lea ecx,dword ptr ss:[esp+138]
00403337 C68424 4C010000 07 mov byte ptr ss:[esp+14C],7
0040333F E8 B83D0000 call <jmp.&mfc42.#800>
00403344 8D8C24 30010000 lea ecx,dword ptr ss:[esp+130]
0040334B C68424 4C010000 06 mov byte ptr ss:[esp+14C],6
00403353 E8 A43D0000 call <jmp.&mfc42.#800>
00403358 8D8C24 EC000000 lea ecx,dword ptr ss:[esp+EC]
0040335F C68424 4C010000 05 mov byte ptr ss:[esp+14C],5
00403367 E8 2E3F0000 call <jmp.&mfc42.#656>
0040336C 8D8C24 AC000000 lea ecx,dword ptr ss:[esp+AC]
00403373 C68424 4C010000 04 mov byte ptr ss:[esp+14C],4
0040337B E8 1A3F0000 call <jmp.&mfc42.#656>
00403380 8D4C24 6C lea ecx,dword ptr ss:[esp+6C]
00403384 C68424 4C010000 03 mov byte ptr ss:[esp+14C],3
0040338C E8 093F0000 call <jmp.&mfc42.#656>
00403391 8D4C24 68 lea ecx,dword ptr ss:[esp+68]
00403395 C68424 4C010000 02 mov byte ptr ss:[esp+14C],2
0040339D E8 5A3D0000 call <jmp.&mfc42.#800>
004033A2 8D4C24 64 lea ecx,dword ptr ss:[esp+64]
004033A6 C68424 4C010000 01 mov byte ptr ss:[esp+14C],1
004033AE E8 493D0000 call <jmp.&mfc42.#800>
004033B3 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
004033B7 C78424 4C010000 FFF>mov dword ptr ss:[esp+14C],-1
004033C2 E8 CD3E0000 call <jmp.&mfc42.#641>
004033C7 8B8C24 44010000 mov ecx,dword ptr ss:[esp+144]
004033CE 33C0 xor eax,eax
004033D0 5E pop esi
004033D1 64:890D 00000000 mov dword ptr fs:[0],ecx
004033D8 81C4 4C010000 add esp,14C
004033DE C3 retn
004033DF 90 nop
004033E0 6A FF push -1
004033E2 68 517C4000 push OK.00407C51
004033E7 64:A1 00000000 mov eax,dword ptr fs:[0]
004033ED 50 push eax
004033EE 64:8925 00000000 mov dword ptr fs:[0],esp
004033F5 51 push ecx
004033F6 56 push esi
004033F7 8BF1 mov esi,ecx
004033F9 897424 04 mov dword ptr ss:[esp+4],esi
004033FD 8D8E 38010000 lea ecx,dword ptr ds:[esi+138]
00403403 C74424 10 07000000 mov dword ptr ss:[esp+10],7
0040340B E8 EC3C0000 call <jmp.&mfc42.#800>
00403410 8D8E 34010000 lea ecx,dword ptr ds:[esi+134]
00403416 C64424 10 06 mov byte ptr ss:[esp+10],6
0040341B E8 DC3C0000 call <jmp.&mfc42.#800>
00403420 8D8E 2C010000 lea ecx,dword ptr ds:[esi+12C]
00403426 C64424 10 05 mov byte ptr ss:[esp+10],5
0040342B E8 CC3C0000 call <jmp.&mfc42.#800>
00403430 8D8E E8000000 lea ecx,dword ptr ds:[esi+E8]
00403436 C64424 10 04 mov byte ptr ss:[esp+10],4
0040343B E8 5A3E0000 call <jmp.&mfc42.#656>
00403440 8D8E A8000000 lea ecx,dword ptr ds:[esi+A8]
00403446 C64424 10 03 mov byte ptr ss:[esp+10],3
0040344B E8 4A3E0000 call <jmp.&mfc42.#656>
00403450 8D4E 68 lea ecx,dword ptr ds:[esi+68]
00403453 C64424 10 02 mov byte ptr ss:[esp+10],2
00403458 E8 3D3E0000 call <jmp.&mfc42.#656>
0040345D 8D4E 64 lea ecx,dword ptr ds:[esi+64]
00403460 C64424 10 01 mov byte ptr ss:[esp+10],1
00403465 E8 923C0000 call <jmp.&mfc42.#800>
0040346A 8D4E 60 lea ecx,dword ptr ds:[esi+60]
0040346D C64424 10 00 mov byte ptr ss:[esp+10],0
00403472 E8 853C0000 call <jmp.&mfc42.#800>
00403477 8BCE mov ecx,esi
00403479 C74424 10 FFFFFFFF mov dword ptr ss:[esp+10],-1
00403481 E8 0E3E0000 call <jmp.&mfc42.#641>
00403486 8B4C24 08 mov ecx,dword ptr ss:[esp+8]
0040348A 5E pop esi
0040348B 64:890D 00000000 mov dword ptr fs:[0],ecx
00403492 83C4 10 add esp,10
00403495 C3 retn
00403496 90 nop
00403497 90 nop
00403498 90 nop
00403499 90 nop
0040349A 90 nop
0040349B 90 nop
0040349C 90 nop
0040349D 90 nop
0040349E 90 nop
0040349F 90 nop
004034A0 C3 retn
004034A1 90 nop
004034A2 90 nop
004034A3 90 nop
004034A4 90 nop
004034A5 90 nop
004034A6 90 nop
004034A7 90 nop
004034A8 90 nop
004034A9 90 nop
004034AA 90 nop
004034AB 90 nop
004034AC 90 nop
004034AD 90 nop
004034AE 90 nop
004034AF 90 nop
004034B0 E8 0B000000 call OK.004034C0
004034B5 E9 16000000 jmp OK.004034D0
004034BA 90 nop
004034BB 90 nop
004034BC 90 nop
004034BD 90 nop
004034BE 90 nop
004034BF 90 nop
004034C0 B9 88B64000 mov ecx,OK.0040B688
004034C5 ^ E9 36DBFFFF jmp OK.00401000
004034CA 90 nop
004034CB 90 nop
004034CC 90 nop
004034CD 90 nop
004034CE 90 nop
004034CF 90 nop
004034D0 68 E0344000 push OK.004034E0
004034D5 E8 923F0000 call OK.0040746C
004034DA 59 pop ecx
004034DB C3 retn
004034DC 90 nop
004034DD 90 nop
004034DE 90 nop
004034DF 90 nop
004034E0 B9 88B64000 mov ecx,OK.0040B688
004034E5 ^ E9 A6DBFFFF jmp OK.00401090
004034EA 90 nop
004034EB 90 nop
004034EC 90 nop
004034ED 90 nop
004034EE 90 nop
004034EF 90 nop
004034F0 56 push esi
004034F1 6A 00 push 0
004034F3 8BF1 mov esi,ecx
004034F5 6A 64 push 64
004034F7 E8 6A3E0000 call <jmp.&mfc42.#324>
004034FC C706 D0944000 mov dword ptr ds:[esi],OK.004094D0
00403502 8BC6 mov eax,esi
00403504 5E pop esi
00403505 C3 retn
00403506 90 nop
00403507 90 nop
00403508 90 nop
00403509 90 nop
0040350A 90 nop
0040350B 90 nop
0040350C 90 nop
0040350D 90 nop
0040350E 90 nop
0040350F 90 nop
00403510 8B41 20 mov eax,dword ptr ds:[ecx+20]
00403513 6A 00 push 0
00403515 50 push eax
00403516 FF15 DC924000 call dword ptr ds:[<&user32.EnableWindow>] ; USER32.EnableWindow
0040351C C3 retn
0040351D 90 nop
0040351E 90 nop
0040351F 90 nop
00403520 8B41 20 mov eax,dword ptr ds:[ecx+20]
00403523 6A 01 push 1
00403525 50 push eax
00403526 FF15 DC924000 call dword ptr ds:[<&user32.EnableWindow>] ; USER32.EnableWindow
0040352C C3 retn
0040352D 90 nop
0040352E 90 nop
0040352F 90 nop
00403530 56 push esi
00403531 8BF1 mov esi,ecx
00403533 E8 18000000 call OK.00403550
00403538 F64424 08 01 test byte ptr ss:[esp+8],1
0040353D 74 09 je short OK.00403548
0040353F 56 push esi
00403540 E8 D53B0000 call <jmp.&mfc42.#825>
00403545 83C4 04 add esp,4
00403548 8BC6 mov eax,esi
0040354A 5E pop esi
0040354B C2 0400 retn 4
0040354E 90 nop
0040354F 90 nop
00403550 E9 3F3D0000 jmp <jmp.&mfc42.#641>
00403555 90 nop
00403556 90 nop
00403557 90 nop
00403558 90 nop
00403559 90 nop
0040355A 90 nop
0040355B 90 nop
0040355C 90 nop
0040355D 90 nop
0040355E 90 nop
0040355F 90 nop
00403560 C2 0400 retn 4
00403563 90 nop
00403564 90 nop
00403565 90 nop
00403566 90 nop
00403567 90 nop
00403568 90 nop
00403569 90 nop
0040356A 90 nop
0040356B 90 nop
0040356C 90 nop
0040356D 90 nop
0040356E 90 nop
0040356F 90 nop
00403570 A1 AC914000 mov eax,dword ptr ds:[<&mfc42.#4234>]
00403575 C3 retn
00403576 90 nop
00403577 90 nop
00403578 90 nop
00403579 90 nop
0040357A 90 nop
0040357B 90 nop
0040357C 90 nop
0040357D 90 nop
0040357E 90 nop
0040357F 90 nop
00403580 B8 D0934000 mov eax,OK.004093D0
00403585 C3 retn
00403586 90 nop
00403587 90 nop
00403588 90 nop
00403589 90 nop
0040358A 90 nop
0040358B 90 nop
0040358C 90 nop
0040358D 90 nop
0040358E 90 nop
0040358F 90 nop
00403590 6A FF push -1
00403592 68 CF7C4000 push OK.00407CCF
00403597 64:A1 00000000 mov eax,dword ptr fs:[0]
0040359D 50 push eax
0040359E 64:8925 00000000 mov dword ptr fs:[0],esp
00402412 68 48B04000 push OK.0040B048 ; ASCII "\reg.txt"
00402417 8D5424 14 lea edx,dword ptr ss:[esp+14]
0040241B B3 02 mov bl,2
0040241D 51 push ecx
0040241E 52 push edx
0040241F 885C24 3C mov byte ptr ss:[esp+3C],bl
00402423 E8 164D0000 call <jmp.&mfc42.#924>
00402428 50 push eax
00402429 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040242D C64424 34 03 mov byte ptr ss:[esp+34],3
00402432 E8 EF4C0000 call <jmp.&mfc42.#858>
00402437 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040243B 885C24 30 mov byte ptr ss:[esp+30],bl
0040243F E8 B84C0000 call <jmp.&mfc42.#800>
00402444 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402448 E8 C14C0000 call <jmp.&mfc42.#533>
0040244D 8B4424 08 mov eax,dword ptr ss:[esp+8]
00402451 6A 00 push 0
00402453 6A 00 push 0
00402455 50 push eax
00402456 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
0040245A C64424 3C 04 mov byte ptr ss:[esp+3C],4
0040245F E8 1C4D0000 call <jmp.&mfc42.#5194>
00402464 85C0 test eax,eax
00402466 74 56 je short OK.004024BE
00402468 8B5424 14 mov edx,dword ptr ss:[esp+14]
0040246C 56 push esi
0040246D 6A 00 push 0
0040246F 6A 00 push 0
00402471 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402475 FF52 30 call dword ptr ds:[edx+30]
00402478 8D4424 08 lea eax,dword ptr ss:[esp+8]
0040247C 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402480 50 push eax
00402481 E8 F44C0000 call <jmp.&mfc42.#5465>
00402486 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
0040248A E8 CD4C0000 call <jmp.&mfc42.#6282>
0040248F 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402493 E8 AC4C0000 call <jmp.&mfc42.#6283>
00402498 8B7424 3C mov esi,dword ptr ss:[esp+3C]
0040249C 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004024A0 51 push ecx
004024A1 8BCE mov ecx,esi
004024A3 E8 7E4C0000 call <jmp.&mfc42.#858>
004024A8 8B36 mov esi,dword ptr ds:[esi]
004024AA 68 B8B54000 push OK.0040B5B8
004024AF 56 push esi
004024B0 FF15 A4924000 call dword ptr ds:[<&msvcrt._mbscmp>] ; msvcrt._mbscmp
004024B6 83C4 08 add esp,8
004024B9 85C0 test eax,eax
004024BB 5E pop esi
004024BC 75 4C jnz short OK.0040250A
004024BE 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004024C2 885C24 30 mov byte ptr ss:[esp+30],bl
004024C6 E8 2B4C0000 call <jmp.&mfc42.#798>
004024CB 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004024CF C64424 30 01 mov byte ptr ss:[esp+30],1
004024D4 E8 234C0000 call <jmp.&mfc42.#800>
004024D9 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004024DD C64424 30 00 mov byte ptr ss:[esp+30],0
004024E2 E8 154C0000 call <jmp.&mfc42.#800>
004024E7 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
004024EB C74424 30 FFFFFFFF mov dword ptr ss:[esp+30],-1
004024F3 E8 044C0000 call <jmp.&mfc42.#800>
004024F8 33C0 xor eax,eax
004024FA 5B pop ebx
004024FB 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
004024FF 64:890D 00000000 mov dword ptr fs:[0],ecx
00402506 83C4 30 add esp,30
00402509 C3 retn
0040250A 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040250E E8 614C0000 call <jmp.&mfc42.#1997>
00402513 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402517 885C24 30 mov byte ptr ss:[esp+30],bl
0040251B E8 D64B0000 call <jmp.&mfc42.#798>
00402520 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402524 C64424 30 01 mov byte ptr ss:[esp+30],1
00402529 E8 CE4B0000 call <jmp.&mfc42.#800>
0040252E 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402532 C64424 30 00 mov byte ptr ss:[esp+30],0
00402537 E8 C04B0000 call <jmp.&mfc42.#800>
0040253C 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
00402540 C74424 30 FFFFFFFF mov dword ptr ss:[esp+30],-1
00402548 E8 AF4B0000 call <jmp.&mfc42.#800>
0040254D 8B4C24 28 mov ecx,dword ptr ss:[esp+28]
00402551 B8 01000000 mov eax,1
00402556 5B pop ebx
00402557 64:890D 00000000 mov dword ptr fs:[0],ecx
0040255E 83C4 30 add esp,30
00402561 C3 retn
00402562 90 nop
00402563 90 nop
00402564 90 nop
00402565 90 nop
00402566 90 nop
00402567 90 nop
00402568 90 nop
00402569 90 nop
0040256A 90 nop
0040256B 90 nop
0040256C 90 nop
0040256D 90 nop
0040256E 90 nop
0040256F 90 nop
00402570 6A FF push -1
00402572 68 487A4000 push OK.00407A48
00402577 64:A1 00000000 mov eax,dword ptr fs:[0]
0040257D 50 push eax
0040257E 64:8925 00000000 mov dword ptr fs:[0],esp
00402585 51 push ecx
00402586 53 push ebx
00402587 56 push esi
00402588 57 push edi
00402589 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040258D E8 824B0000 call <jmp.&mfc42.#540>
00402592 8B3D 04904000 mov edi,dword ptr ds:[<&kernel32.LoadLibrar>; kernel32.LoadLibraryA
00402598 68 3CB04000 push OK.0040B03C ; ASCII "reg3721.dll"
0040259D C74424 1C 00000000 mov dword ptr ss:[esp+1C],0
004025A5 FFD7 call edi
004025A7 8BF0 mov esi,eax
004025A9 85F6 test esi,esi
004025AB 75 3D jnz short OK.004025EA
004025AD 68 F4010000 push 1F4
004025B2 FF15 1C904000 call dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
004025B8 68 3CB04000 push OK.0040B03C ; ASCII "reg3721.dll"
004025BD FFD7 call edi
004025BF 8BF0 mov esi,eax
004025C1 85F6 test esi,esi
004025C3 75 25 jnz short OK.004025EA
004025C5 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004025C9 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
004025D1 E8 264B0000 call <jmp.&mfc42.#800>
004025D6 5F pop edi
004025D7 5E pop esi
004025D8 33C0 xor eax,eax
004025DA 5B pop ebx
004025DB 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
004025DF 64:890D 00000000 mov dword ptr fs:[0],ecx
004025E6 83C4 10 add esp,10
004025E9 C3 retn
004025EA 8B5C24 20 mov ebx,dword ptr ss:[esp+20]
004025EE 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004025F2 53 push ebx
004025F3 E8 2E4B0000 call <jmp.&mfc42.#858>
004025F8 8D4424 0C lea eax,dword ptr ss:[esp+C]
004025FC 50 push eax
004025FD 56 push esi
004025FE E8 BD040000 call OK.00402AC0
00402603 83C4 08 add esp,8
00402606 8BF8 mov edi,eax
00402608 56 push esi
00402609 FF15 00904000 call dword ptr ds:[<&kernel32.FreeLibrary>] ; kernel32.FreeLibrary
0040260F 85FF test edi,edi
00402611 75 25 jnz short OK.00402638
00402613 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402617 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
0040261F E8 D84A0000 call <jmp.&mfc42.#800>
00402624 5F pop edi
00402625 5E pop esi
00402626 33C0 xor eax,eax
00402628 5B pop ebx
00402629 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
0040262D 64:890D 00000000 mov dword ptr fs:[0],ecx
00402634 83C4 10 add esp,10
00402637 C3 retn
00402638 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040263C 51 push ecx
0040263D 8BCB mov ecx,ebx
0040263F E8 E24A0000 call <jmp.&mfc42.#858>
00402644 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402648 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402650 E8 A74A0000 call <jmp.&mfc42.#800>
00402655 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402659 5F pop edi
0040265A 5E pop esi
0040265B B8 01000000 mov eax,1
00402660 5B pop ebx
00402661 64:890D 00000000 mov dword ptr fs:[0],ecx
00402668 83C4 10 add esp,10
0040266B C3 retn
0040266C 90 nop
0040266D 90 nop
0040266E 90 nop
0040266F 90 nop
00402670 6A FF push -1
00402672 68 767A4000 push OK.00407A76
00402677 64:A1 00000000 mov eax,dword ptr fs:[0]
0040267D 50 push eax
0040267E 64:8925 00000000 mov dword ptr fs:[0],esp
00402685 81EC 0C010000 sub esp,10C
0040268B 56 push esi
0040268C 57 push edi
0040268D 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
00402691 E8 7E4A0000 call <jmp.&mfc42.#540>
00402696 B9 41000000 mov ecx,41
0040269B 33C0 xor eax,eax
0040269D 8D7C24 10 lea edi,dword ptr ss:[esp+10]
004026A1 68 04010000 push 104
004026A6 F3:AB rep stos dword ptr es:[edi]
004026A8 8D4424 14 lea eax,dword ptr ss:[esp+14]
004026AC C78424 20010000 000>mov dword ptr ss:[esp+120],0
004026B7 50 push eax
004026B8 6A 00 push 0
004026BA FF15 08904000 call dword ptr ds:[<&kernel32.GetModuleFile>; kernel32.GetModuleFileNameA
004026C0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004026C4 51 push ecx
004026C5 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004026C9 E8 344A0000 call <jmp.&mfc42.#860>
004026CE 6A 5C push 5C
004026D0 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004026D4 E8 B34A0000 call <jmp.&mfc42.#5683>
004026D9 8D5424 0C lea edx,dword ptr ss:[esp+C]
004026DD 50 push eax
004026DE 52 push edx
004026DF 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004026E3 E8 684A0000 call <jmp.&mfc42.#4129>
004026E8 8BB424 24010000 mov esi,dword ptr ss:[esp+124]
004026EF 50 push eax
004026F0 8BCE mov ecx,esi
004026F2 C68424 20010000 01 mov byte ptr ss:[esp+120],1
004026FA E8 274A0000 call <jmp.&mfc42.#858>
004026FF 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402703 C68424 1C010000 00 mov byte ptr ss:[esp+11C],0
0040270B E8 EC490000 call <jmp.&mfc42.#800>
00402710 8B36 mov esi,dword ptr ds:[esi]
00402712 68 B8B54000 push OK.0040B5B8
00402717 56 push esi
00402718 FF15 A4924000 call dword ptr ds:[<&msvcrt._mbscmp>] ; msvcrt._mbscmp
0040271E 83C4 08 add esp,8
00402721 C78424 1C010000 FFF>mov dword ptr ss:[esp+11C],-1
0040272C 85C0 test eax,eax
0040272E 5F pop edi
0040272F 5E pop esi
00402730 8D4C24 00 lea ecx,dword ptr ss:[esp]
00402734 75 1C jnz short OK.00402752
00402736 E8 C1490000 call <jmp.&mfc42.#800>
0040273B 33C0 xor eax,eax
0040273D 8B8C24 0C010000 mov ecx,dword ptr ss:[esp+10C]
00402744 64:890D 00000000 mov dword ptr fs:[0],ecx
0040274B 81C4 18010000 add esp,118
00402751 C3 retn
00402752 E8 A5490000 call <jmp.&mfc42.#800>
00402757 8B8C24 0C010000 mov ecx,dword ptr ss:[esp+10C]
0040275E B8 01000000 mov eax,1
00402763 64:890D 00000000 mov dword ptr fs:[0],ecx
0040276A 81C4 18010000 add esp,118
00402770 C3 retn
00402771 90 nop
00402772 90 nop
00402773 90 nop
00402774 90 nop
00402775 90 nop
00402776 90 nop
00402777 90 nop
00402778 90 nop
00402779 90 nop
0040277A 90 nop
0040277B 90 nop
0040277C 90 nop
0040277D 90 nop
0040277E 90 nop
0040277F 90 nop
00402780 6A FF push -1
00402782 68 907A4000 push OK.00407A90
00402787 64:A1 00000000 mov eax,dword ptr fs:[0]
0040278D 50 push eax
0040278E 64:8925 00000000 mov dword ptr fs:[0],esp
00402795 51 push ecx
00402796 55 push ebp
00402797 56 push esi
00402798 57 push edi
00402799 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040279D E8 72490000 call <jmp.&mfc42.#540>
004027A2 8B4424 20 mov eax,dword ptr ss:[esp+20]
004027A6 68 70B04000 push OK.0040B070 ; ASCII "GetHardDiskId"
004027AB 50 push eax
004027AC C74424 20 00000000 mov dword ptr ss:[esp+20],0
004027B4 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
004027BA 6A 64 push 64
004027BC 8BE8 mov ebp,eax
004027BE E8 CF490000 call <jmp.&mfc42.#823>
004027C3 8BF0 mov esi,eax
004027C5 83C4 04 add esp,4
004027C8 B9 19000000 mov ecx,19
004027CD 33C0 xor eax,eax
004027CF 8BFE mov edi,esi
004027D1 85ED test ebp,ebp
004027D3 F3:AB rep stos dword ptr es:[edi]
004027D5 0F84 19010000 je OK.004028F4
004027DB 53 push ebx
004027DC 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004027E1 56 push esi
004027E2 FFD5 call ebp
004027E4 56 push esi
004027E5 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004027E9 8BF8 mov edi,eax
004027EB E8 12490000 call <jmp.&mfc42.#860>
004027F0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004027F4 E8 63490000 call <jmp.&mfc42.#6282>
004027F9 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004027FD E8 42490000 call <jmp.&mfc42.#6283>
00402802 8B1D 1C904000 mov ebx,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402808 85FF test edi,edi
0040280A 74 0A je short OK.00402816
0040280C 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402810 8379 F8 03 cmp dword ptr ds:[ecx-8],3
00402814 7D 2D jge short OK.00402843
00402816 68 F4010000 push 1F4
0040281B FFD3 call ebx
0040281D 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402822 56 push esi
00402823 FFD5 call ebp
00402825 56 push esi
00402826 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040282A 8BF8 mov edi,eax
0040282C E8 D1480000 call <jmp.&mfc42.#860>
00402831 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402835 E8 22490000 call <jmp.&mfc42.#6282>
0040283A 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040283E E8 01490000 call <jmp.&mfc42.#6283>
00402843 85FF test edi,edi
00402845 74 0A je short OK.00402851
00402847 8B5424 10 mov edx,dword ptr ss:[esp+10]
0040284B 837A F8 03 cmp dword ptr ds:[edx-8],3
0040284F 7D 2D jge short OK.0040287E
00402851 68 F4010000 push 1F4
00402856 FFD3 call ebx
00402858 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
0040285D 56 push esi
0040285E FFD5 call ebp
00402860 56 push esi
00402861 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402865 8BF8 mov edi,eax
00402867 E8 96480000 call <jmp.&mfc42.#860>
0040286C 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402870 E8 E7480000 call <jmp.&mfc42.#6282>
00402875 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402879 E8 C6480000 call <jmp.&mfc42.#6283>
0040287E 85FF test edi,edi
00402880 5B pop ebx
00402881 74 71 je short OK.004028F4
00402883 8B4424 0C mov eax,dword ptr ss:[esp+C]
00402887 8B40 F8 mov eax,dword ptr ds:[eax-8]
0040288A 83F8 03 cmp eax,3
0040288D 7C 65 jl short OK.004028F4
0040288F 83F8 18 cmp eax,18
00402892 7E 2D jle short OK.004028C1
00402894 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402898 6A 18 push 18
0040289A 51 push ecx
0040289B 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040289F E8 AC480000 call <jmp.&mfc42.#4129>
004028A4 50 push eax
004028A5 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004028A9 C64424 1C 01 mov byte ptr ss:[esp+1C],1
004028AE E8 73480000 call <jmp.&mfc42.#858>
004028B3 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
004028B7 C64424 18 00 mov byte ptr ss:[esp+18],0
004028BC E8 3B480000 call <jmp.&mfc42.#800>
004028C1 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
004028C5 8D5424 0C lea edx,dword ptr ss:[esp+C]
004028C9 52 push edx
004028CA E8 57480000 call <jmp.&mfc42.#858>
004028CF 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004028D3 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
004028DB E8 1C480000 call <jmp.&mfc42.#800>
004028E0 8BC7 mov eax,edi
004028E2 5F pop edi
004028E3 5E pop esi
004028E4 5D pop ebp
004028E5 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
004028E9 64:890D 00000000 mov dword ptr fs:[0],ecx
004028F0 83C4 10 add esp,10
004028F3 C3 retn
004028F4 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
004028F8 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402900 E8 F7470000 call <jmp.&mfc42.#800>
00402905 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402909 5F pop edi
0040290A 5E pop esi
0040290B 33C0 xor eax,eax
0040290D 5D pop ebp
0040290E 64:890D 00000000 mov dword ptr fs:[0],ecx
00402915 83C4 10 add esp,10
00402918 C3 retn
00402919 90 nop
0040291A 90 nop
0040291B 90 nop
0040291C 90 nop
0040291D 90 nop
0040291E 90 nop
0040291F 90 nop
00402920 6A FF push -1
00402922 68 B07A4000 push OK.00407AB0
00402927 64:A1 00000000 mov eax,dword ptr fs:[0]
0040292D 50 push eax
0040292E 64:8925 00000000 mov dword ptr fs:[0],esp
00402935 51 push ecx
00402936 55 push ebp
00402937 56 push esi
00402938 57 push edi
00402939 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
0040293D E8 D2470000 call <jmp.&mfc42.#540>
00402942 8B4424 20 mov eax,dword ptr ss:[esp+20]
00402946 68 80B04000 push OK.0040B080 ; ASCII "GetMACAddress"
0040294B 50 push eax
0040294C C74424 20 00000000 mov dword ptr ss:[esp+20],0
00402954 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
0040295A 6A 64 push 64
0040295C 8BE8 mov ebp,eax
0040295E E8 2F480000 call <jmp.&mfc42.#823>
00402963 8BF0 mov esi,eax
00402965 83C4 04 add esp,4
00402968 B9 19000000 mov ecx,19
0040296D 33C0 xor eax,eax
0040296F 8BFE mov edi,esi
00402971 85ED test ebp,ebp
00402973 F3:AB rep stos dword ptr es:[edi]
00402975 0F84 15010000 je OK.00402A90
0040297B 53 push ebx
0040297C 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402981 56 push esi
00402982 FFD5 call ebp
00402984 56 push esi
00402985 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402989 8BF8 mov edi,eax
0040298B E8 72470000 call <jmp.&mfc42.#860>
00402990 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402994 E8 C3470000 call <jmp.&mfc42.#6282>
00402999 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040299D E8 A2470000 call <jmp.&mfc42.#6283>
004029A2 8B1D 1C904000 mov ebx,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
004029A8 85FF test edi,edi
004029AA 74 0A je short OK.004029B6
004029AC 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
004029B0 8379 F8 03 cmp dword ptr ds:[ecx-8],3
004029B4 7D 2D jge short OK.004029E3
004029B6 68 F4010000 push 1F4
004029BB FFD3 call ebx
004029BD 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004029C2 56 push esi
004029C3 FFD5 call ebp
004029C5 56 push esi
004029C6 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
004029CA 8BF8 mov edi,eax
004029CC E8 31470000 call <jmp.&mfc42.#860>
004029D1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004029D5 E8 82470000 call <jmp.&mfc42.#6282>
004029DA 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004029DE E8 61470000 call <jmp.&mfc42.#6283>
004029E3 85FF test edi,edi
004029E5 74 0A je short OK.004029F1
004029E7 8B5424 10 mov edx,dword ptr ss:[esp+10]
004029EB 837A F8 03 cmp dword ptr ds:[edx-8],3
004029EF 7D 2D jge short OK.00402A1E
004029F1 68 F4010000 push 1F4
004029F6 FFD3 call ebx
004029F8 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
004029FD 56 push esi
004029FE FFD5 call ebp
00402A00 56 push esi
00402A01 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402A05 8BF8 mov edi,eax
00402A07 E8 F6460000 call <jmp.&mfc42.#860>
00402A0C 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A10 E8 47470000 call <jmp.&mfc42.#6282>
00402A15 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A19 E8 26470000 call <jmp.&mfc42.#6283>
00402A1E 85FF test edi,edi
00402A20 5B pop ebx
00402A21 74 6D je short OK.00402A90
00402A23 8B4424 0C mov eax,dword ptr ss:[esp+C]
00402A27 8B40 F8 mov eax,dword ptr ds:[eax-8]
00402A2A 83F8 03 cmp eax,3
00402A2D 7C 61 jl short OK.00402A90
00402A2F 83F8 18 cmp eax,18
00402A32 7E 2D jle short OK.00402A61
00402A34 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402A38 6A 18 push 18
00402A3A 51 push ecx
00402A3B 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402A3F E8 0C470000 call <jmp.&mfc42.#4129>
00402A44 50 push eax
00402A45 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402A49 C64424 1C 01 mov byte ptr ss:[esp+1C],1
00402A4E E8 D3460000 call <jmp.&mfc42.#858>
00402A53 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402A57 C64424 18 00 mov byte ptr ss:[esp+18],0
00402A5C E8 9B460000 call <jmp.&mfc42.#800>
00402A61 8B4C24 24 mov ecx,dword ptr ss:[esp+24]
00402A65 56 push esi
00402A66 E8 97460000 call <jmp.&mfc42.#860>
00402A6B 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402A6F C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402A77 E8 80460000 call <jmp.&mfc42.#800>
00402A7C 8BC7 mov eax,edi
00402A7E 5F pop edi
00402A7F 5E pop esi
00402A80 5D pop ebp
00402A81 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
00402A85 64:890D 00000000 mov dword ptr fs:[0],ecx
00402A8C 83C4 10 add esp,10
00402A8F C3 retn
00402A90 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402A94 C74424 18 FFFFFFFF mov dword ptr ss:[esp+18],-1
00402A9C E8 5B460000 call <jmp.&mfc42.#800>
00402AA1 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402AA5 5F pop edi
00402AA6 5E pop esi
00402AA7 33C0 xor eax,eax
00402AA9 5D pop ebp
00402AAA 64:890D 00000000 mov dword ptr fs:[0],ecx
00402AB1 83C4 10 add esp,10
00402AB4 C3 retn
00402AB5 90 nop
00402AB6 90 nop
00402AB7 90 nop
00402AB8 90 nop
00402AB9 90 nop
00402ABA 90 nop
00402ABB 90 nop
00402ABC 90 nop
00402ABD 90 nop
00402ABE 90 nop
00402ABF 90 nop
00402AC0 6A FF push -1
00402AC2 68 E17A4000 push OK.00407AE1
00402AC7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402ACD 50 push eax
00402ACE 64:8925 00000000 mov dword ptr fs:[0],esp
00402AD5 81EC 00020000 sub esp,200
00402ADB 53 push ebx
00402ADC 55 push ebp
00402ADD 56 push esi
00402ADE 57 push edi
00402ADF 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402AE3 E8 2C460000 call <jmp.&mfc42.#540>
00402AE8 8B8424 24020000 mov eax,dword ptr ss:[esp+224]
00402AEF 33DB xor ebx,ebx
00402AF1 50 push eax
00402AF2 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402AF6 899C24 1C020000 mov dword ptr ss:[esp+21C],ebx
00402AFD E8 2A460000 call <jmp.&mfc42.#535>
00402B02 8B8C24 20020000 mov ecx,dword ptr ss:[esp+220]
00402B09 68 14B14000 push OK.0040B114 ; ASCII "RSADecrypt"
00402B0E 51 push ecx
00402B0F C68424 20020000 01 mov byte ptr ss:[esp+220],1
00402B17 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
00402B1D 8BE8 mov ebp,eax
00402B1F B9 7D000000 mov ecx,7D
00402B24 33C0 xor eax,eax
00402B26 8D7C24 1C lea edi,dword ptr ss:[esp+1C]
00402B2A F3:AB rep stos dword ptr es:[edi]
00402B2C 68 90B04000 push OK.0040B090 ; ASCII "CA93CFF3083932B6F39B6C38F1C634C194F3A4F20197B1199B40EFD214FE8A2F6F77FD1E68B69012C5F069807758D373C9C56567E9A7C5ED7F94B0917C98CAD9"
00402B31 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402B35 E8 5E460000 call <jmp.&mfc42.#537>
00402B3A 3BEB cmp ebp,ebx
00402B3C C68424 18020000 02 mov byte ptr ss:[esp+218],2
00402B44 0F84 36010000 je OK.00402C80
00402B4A 8B4424 14 mov eax,dword ptr ss:[esp+14]
00402B4E 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
00402B52 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402B56 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402B5B 52 push edx
00402B5C 6A 02 push 2
00402B5E 50 push eax
00402B5F 51 push ecx
00402B60 FFD5 call ebp
00402B62 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402B66 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B6A 52 push edx
00402B6B 8BF0 mov esi,eax
00402B6D E8 90450000 call <jmp.&mfc42.#860>
00402B72 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B76 E8 E1450000 call <jmp.&mfc42.#6282>
00402B7B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402B7F E8 C0450000 call <jmp.&mfc42.#6283>
00402B84 8B3D 1C904000 mov edi,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402B8A 3BF3 cmp esi,ebx
00402B8C 74 0A je short OK.00402B98
00402B8E 8B4424 10 mov eax,dword ptr ss:[esp+10]
00402B92 8378 F8 0A cmp dword ptr ds:[eax-8],0A
00402B96 7D 41 jge short OK.00402BD9
00402B98 68 F4010000 push 1F4
00402B9D FFD7 call edi
00402B9F 8B5424 14 mov edx,dword ptr ss:[esp+14]
00402BA3 8B4424 18 mov eax,dword ptr ss:[esp+18]
00402BA7 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402BAB 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402BB0 51 push ecx
00402BB1 6A 02 push 2
00402BB3 52 push edx
00402BB4 50 push eax
00402BB5 FFD5 call ebp
00402BB7 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402BBB 8BF0 mov esi,eax
00402BBD 51 push ecx
00402BBE 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402BC2 E8 3B450000 call <jmp.&mfc42.#860>
00402BC7 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402BCB E8 8C450000 call <jmp.&mfc42.#6282>
00402BD0 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402BD4 E8 6B450000 call <jmp.&mfc42.#6283>
00402BD9 3BF3 cmp esi,ebx
00402BDB 74 0A je short OK.00402BE7
00402BDD 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402BE1 837A F8 0A cmp dword ptr ds:[edx-8],0A
00402BE5 7D 41 jge short OK.00402C28
00402BE7 68 F4010000 push 1F4
00402BEC FFD7 call edi
00402BEE 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
00402BF2 8B5424 18 mov edx,dword ptr ss:[esp+18]
00402BF6 8D4424 1C lea eax,dword ptr ss:[esp+1C]
00402BFA 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402BFF 50 push eax
00402C00 6A 02 push 2
00402C02 51 push ecx
00402C03 52 push edx
00402C04 FFD5 call ebp
00402C06 8BF0 mov esi,eax
00402C08 8D4424 1C lea eax,dword ptr ss:[esp+1C]
00402C0C 50 push eax
00402C0D 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C11 E8 EC440000 call <jmp.&mfc42.#860>
00402C16 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C1A E8 3D450000 call <jmp.&mfc42.#6282>
00402C1F 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C23 E8 1C450000 call <jmp.&mfc42.#6283>
00402C28 3BF3 cmp esi,ebx
00402C2A 74 54 je short OK.00402C80
00402C2C 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
00402C30 8379 F8 0A cmp dword ptr ds:[ecx-8],0A
00402C34 7C 4A jl short OK.00402C80
00402C36 8B8C24 24020000 mov ecx,dword ptr ss:[esp+224]
00402C3D 8D5424 10 lea edx,dword ptr ss:[esp+10]
00402C41 52 push edx
00402C42 E8 DF440000 call <jmp.&mfc42.#858>
00402C47 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C4B C68424 18020000 01 mov byte ptr ss:[esp+218],1
00402C53 E8 A4440000 call <jmp.&mfc42.#800>
00402C58 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402C5C 889C24 18020000 mov byte ptr ss:[esp+218],bl
00402C63 E8 94440000 call <jmp.&mfc42.#800>
00402C68 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402C6C C78424 18020000 FFF>mov dword ptr ss:[esp+218],-1
00402C77 E8 80440000 call <jmp.&mfc42.#800>
00402C7C 8BC6 mov eax,esi
00402C7E EB 37 jmp short OK.00402CB7
00402C80 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402C84 C68424 18020000 01 mov byte ptr ss:[esp+218],1
00402C8C E8 6B440000 call <jmp.&mfc42.#800>
00402C91 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402C95 889C24 18020000 mov byte ptr ss:[esp+218],bl
00402C9C E8 5B440000 call <jmp.&mfc42.#800>
00402CA1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402CA5 C78424 18020000 FFF>mov dword ptr ss:[esp+218],-1
00402CB0 E8 47440000 call <jmp.&mfc42.#800>
00402CB5 33C0 xor eax,eax
00402CB7 8B8C24 10020000 mov ecx,dword ptr ss:[esp+210]
00402CBE 5F pop edi
00402CBF 5E pop esi
00402CC0 5D pop ebp
00402CC1 5B pop ebx
00402CC2 64:890D 00000000 mov dword ptr fs:[0],ecx
00402CC9 81C4 0C020000 add esp,20C
00402CCF C3 retn
00402CD0 6A FF push -1
00402CD2 68 007B4000 push OK.00407B00
00402CD7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402CDD 50 push eax
00402CDE 64:8925 00000000 mov dword ptr fs:[0],esp
00402CE5 83EC 50 sub esp,50
00402CE8 53 push ebx
00402CE9 56 push esi
00402CEA 57 push edi
00402CEB 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402CEF E8 20440000 call <jmp.&mfc42.#540>
00402CF4 8B4424 70 mov eax,dword ptr ss:[esp+70]
00402CF8 33DB xor ebx,ebx
00402CFA 50 push eax
00402CFB 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402CFF 895C24 68 mov dword ptr ss:[esp+68],ebx
00402D03 E8 24440000 call <jmp.&mfc42.#535>
00402D08 B9 08000000 mov ecx,8
00402D0D 33C0 xor eax,eax
00402D0F 8D7C24 38 lea edi,dword ptr ss:[esp+38]
00402D13 8D5424 38 lea edx,dword ptr ss:[esp+38]
00402D17 F3:AB rep stos dword ptr es:[edi]
00402D19 AA stos byte ptr es:[edi]
00402D1A B9 08000000 mov ecx,8
00402D1F 33C0 xor eax,eax
00402D21 8D7C24 14 lea edi,dword ptr ss:[esp+14]
00402D25 68 20B14000 push OK.0040B120 ; ASCII "MD5Encrypt"
00402D2A F3:AB rep stos dword ptr es:[edi]
00402D2C AA stos byte ptr es:[edi]
00402D2D 8B7C24 14 mov edi,dword ptr ss:[esp+14]
00402D31 83C9 FF or ecx,FFFFFFFF
00402D34 33C0 xor eax,eax
00402D36 C64424 68 01 mov byte ptr ss:[esp+68],1
00402D3B F2:AE repne scas byte ptr es:[edi]
00402D3D F7D1 not ecx
00402D3F 2BF9 sub edi,ecx
00402D41 8BC1 mov eax,ecx
00402D43 8BF7 mov esi,edi
00402D45 8BFA mov edi,edx
00402D47 C1E9 02 shr ecx,2
00402D4A F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[e>
00402D4C 8BC8 mov ecx,eax
00402D4E 83E1 03 and ecx,3
00402D51 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi>
00402D53 8B4C24 70 mov ecx,dword ptr ss:[esp+70]
00402D57 51 push ecx
00402D58 FF15 0C904000 call dword ptr ds:[<&kernel32.GetProcAddres>; kernel32.GetProcAddress
00402D5E 8BF8 mov edi,eax
00402D60 3BFB cmp edi,ebx
00402D62 0F84 31010000 je OK.00402E99
00402D68 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402D6C 55 push ebp
00402D6D 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402D72 8D4C24 40 lea ecx,dword ptr ss:[esp+40]
00402D76 8B42 F8 mov eax,dword ptr ds:[edx-8]
00402D79 50 push eax
00402D7A 8D4424 20 lea eax,dword ptr ss:[esp+20]
00402D7E 50 push eax
00402D7F 51 push ecx
00402D80 FFD7 call edi
00402D82 8D5424 18 lea edx,dword ptr ss:[esp+18]
00402D86 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D8A 52 push edx
00402D8B 8BF0 mov esi,eax
00402D8D E8 70430000 call <jmp.&mfc42.#860>
00402D92 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D96 E8 C1430000 call <jmp.&mfc42.#6282>
00402D9B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402D9F E8 A0430000 call <jmp.&mfc42.#6283>
00402DA4 8B2D 1C904000 mov ebp,dword ptr ds:[<&kernel32.Sleep>] ; kernel32.Sleep
00402DAA 3BF3 cmp esi,ebx
00402DAC 74 0A je short OK.00402DB8
00402DAE 8B4424 10 mov eax,dword ptr ss:[esp+10]
00402DB2 8378 F8 0A cmp dword ptr ds:[eax-8],0A
00402DB6 7D 42 jge short OK.00402DFA
00402DB8 68 F4010000 push 1F4
00402DBD FFD5 call ebp
00402DBF 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
00402DC3 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402DC8 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402DCC 8B41 F8 mov eax,dword ptr ds:[ecx-8]
00402DCF 50 push eax
00402DD0 8D4424 44 lea eax,dword ptr ss:[esp+44]
00402DD4 52 push edx
00402DD5 50 push eax
00402DD6 FFD7 call edi
00402DD8 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402DDC 8BF0 mov esi,eax
00402DDE 51 push ecx
00402DDF 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402DE3 E8 1A430000 call <jmp.&mfc42.#860>
00402DE8 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402DEC E8 6B430000 call <jmp.&mfc42.#6282>
00402DF1 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402DF5 E8 4A430000 call <jmp.&mfc42.#6283>
00402DFA 3BF3 cmp esi,ebx
00402DFC 74 0A je short OK.00402E08
00402DFE 8B5424 10 mov edx,dword ptr ss:[esp+10]
00402E02 837A F8 0A cmp dword ptr ds:[edx-8],0A
00402E06 7D 42 jge short OK.00402E4A
00402E08 68 F4010000 push 1F4
00402E0D FFD5 call ebp
00402E0F 8B4424 14 mov eax,dword ptr ss:[esp+14]
00402E13 68 58B04000 push OK.0040B058 ; ASCII "user-E46D333B3BA5BF96"
00402E18 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
00402E1C 8D5424 40 lea edx,dword ptr ss:[esp+40]
00402E20 8B40 F8 mov eax,dword ptr ds:[eax-8]
00402E23 50 push eax
00402E24 51 push ecx
00402E25 52 push edx
00402E26 FFD7 call edi
00402E28 8BF0 mov esi,eax
00402E2A 8D4424 18 lea eax,dword ptr ss:[esp+18]
00402E2E 50 push eax
00402E2F 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402E33 E8 CA420000 call <jmp.&mfc42.#860>
00402E38 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E3C E8 1B430000 call <jmp.&mfc42.#6282>
00402E41 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E45 E8 FA420000 call <jmp.&mfc42.#6283>
00402E4A 3BF3 cmp esi,ebx
00402E4C 5D pop ebp
00402E4D 74 4A je short OK.00402E99
00402E4F 8B4C24 0C mov ecx,dword ptr ss:[esp+C]
00402E53 8379 F8 0A cmp dword ptr ds:[ecx-8],0A
00402E57 7C 40 jl short OK.00402E99
00402E59 8B4C24 70 mov ecx,dword ptr ss:[esp+70]
00402E5D 8D5424 0C lea edx,dword ptr ss:[esp+C]
00402E61 52 push edx
00402E62 E8 BF420000 call <jmp.&mfc42.#858>
00402E67 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E6B 885C24 64 mov byte ptr ss:[esp+64],bl
00402E6F E8 88420000 call <jmp.&mfc42.#800>
00402E74 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402E78 C74424 64 FFFFFFFF mov dword ptr ss:[esp+64],-1
00402E80 E8 77420000 call <jmp.&mfc42.#800>
00402E85 8BC6 mov eax,esi
00402E87 5F pop edi
00402E88 5E pop esi
00402E89 5B pop ebx
00402E8A 8B4C24 50 mov ecx,dword ptr ss:[esp+50]
00402E8E 64:890D 00000000 mov dword ptr fs:[0],ecx
00402E95 83C4 5C add esp,5C
00402E98 C3 retn
00402E99 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402E9D 885C24 64 mov byte ptr ss:[esp+64],bl
00402EA1 E8 56420000 call <jmp.&mfc42.#800>
00402EA6 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00402EAA C74424 64 FFFFFFFF mov dword ptr ss:[esp+64],-1
00402EB2 E8 45420000 call <jmp.&mfc42.#800>
00402EB7 8B4C24 5C mov ecx,dword ptr ss:[esp+5C]
00402EBB 5F pop edi
00402EBC 5E pop esi
00402EBD 33C0 xor eax,eax
00402EBF 5B pop ebx
00402EC0 64:890D 00000000 mov dword ptr fs:[0],ecx
00402EC7 83C4 5C add esp,5C
00402ECA C3 retn
00402ECB 90 nop
00402ECC 90 nop
00402ECD 90 nop
00402ECE 90 nop
00402ECF 90 nop
00402ED0 6A FF push -1
00402ED2 68 707B4000 push OK.00407B70
00402ED7 64:A1 00000000 mov eax,dword ptr fs:[0]
00402EDD 50 push eax
00402EDE 64:8925 00000000 mov dword ptr fs:[0],esp
00402EE5 83EC 30 sub esp,30
00402EE8 8B4424 40 mov eax,dword ptr ss:[esp+40]
00402EEC 53 push ebx
00402EED 55 push ebp
00402EEE 56 push esi
00402EEF 57 push edi
00402EF0 50 push eax
00402EF1 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00402EF5 E8 32420000 call <jmp.&mfc42.#535>
00402EFA 33ED xor ebp,ebp
00402EFC 68 34B14000 push OK.0040B134 ; ASCII "kjklsafoiwermxvz"
00402F01 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00402F05 896C24 4C mov dword ptr ss:[esp+4C],ebp
00402F09 E8 8A420000 call <jmp.&mfc42.#537>
00402F0E 8A0D B8B54000 mov cl,byte ptr ds:[40B5B8]
00402F14 33D2 xor edx,edx
00402F16 884C24 14 mov byte ptr ss:[esp+14],cl
00402F1A 66:895424 15 mov word ptr ss:[esp+15],dx
00402F1F 68 B8B54000 push OK.0040B5B8
00402F24 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402F28 C64424 4C 01 mov byte ptr ss:[esp+4C],1
00402F2D 885424 1B mov byte ptr ss:[esp+1B],dl
00402F31 E8 62420000 call <jmp.&mfc42.#537>
00402F36 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402F3A C64424 48 02 mov byte ptr ss:[esp+48],2
00402F3F E8 D0410000 call <jmp.&mfc42.#540>
00402F44 C64424 48 03 mov byte ptr ss:[esp+48],3
00402F49 FF15 10904000 call dword ptr ds:[<&kernel32.GetTickCount>>; kernel32.GetTickCount
00402F4F 50 push eax
00402F50 FF15 9C924000 call dword ptr ds:[<&msvcrt.srand>] ; msvcrt.srand
00402F56 FF15 A0924000 call dword ptr ds:[<&msvcrt.rand>] ; msvcrt.rand
00402F5C 99 cdq
00402F5D B9 FF000000 mov ecx,0FF
00402F62 6A 10 push 10
00402F64 F7F9 idiv ecx
00402F66 8BF2 mov esi,edx
00402F68 8D5424 1C lea edx,dword ptr ss:[esp+1C]
00402F6C 52 push edx
00402F6D 56 push esi
00402F6E FF15 B4924000 call dword ptr ds:[<&msvcrt._itoa>] ; msvcrt._itoa
00402F74 83C4 10 add esp,10
00402F77 8D4424 14 lea eax,dword ptr ss:[esp+14]
00402F7B 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402F7F 50 push eax
00402F80 E8 7D410000 call <jmp.&mfc42.#860>
00402F85 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
00402F89 8B41 F8 mov eax,dword ptr ds:[ecx-8]
00402F8C 3BC5 cmp eax,ebp
00402F8E 75 31 jnz short OK.00402FC1
00402F90 8D5424 10 lea edx,dword ptr ss:[esp+10]
00402F94 68 30B14000 push OK.0040B130 ; ASCII "00"
00402F99 8D4424 28 lea eax,dword ptr ss:[esp+28]
00402F9D 52 push edx
00402F9E 50 push eax
00402F9F E8 9A410000 call <jmp.&mfc42.#924>
00402FA4 50 push eax
00402FA5 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402FA9 C64424 4C 04 mov byte ptr ss:[esp+4C],4
00402FAE E8 73410000 call <jmp.&mfc42.#858>
00402FB3 C64424 48 03 mov byte ptr ss:[esp+48],3
00402FB8 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00402FBC E9 82000000 jmp OK.00403043
00402FC1 83F8 01 cmp eax,1
00402FC4 75 51 jnz short OK.00403017
00402FC6 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
00402FCA 68 2CB14000 push OK.0040B12C
00402FCF 8D5424 2C lea edx,dword ptr ss:[esp+2C]
00402FD3 51 push ecx
00402FD4 52 push edx
00402FD5 E8 64410000 call <jmp.&mfc42.#924>
00402FDA 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
00402FDE 8D5424 24 lea edx,dword ptr ss:[esp+24]
00402FE2 51 push ecx
00402FE3 B3 05 mov bl,5
00402FE5 50 push eax
00402FE6 52 push edx
00402FE7 885C24 54 mov byte ptr ss:[esp+54],bl
00402FEB E8 78410000 call <jmp.&mfc42.#922>
00402FF0 50 push eax
00402FF1 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00402FF5 C64424 4C 06 mov byte ptr ss:[esp+4C],6
00402FFA E8 27410000 call <jmp.&mfc42.#858>
00402FFF 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00403003 885C24 48 mov byte ptr ss:[esp+48],bl
00403007 E8 F0400000 call <jmp.&mfc42.#800>
0040300C C64424 48 03 mov byte ptr ss:[esp+48],3
00403011 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403015 EB 2C jmp short OK.00403043
00403017 8D4424 18 lea eax,dword ptr ss:[esp+18]
0040301B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040301F 50 push eax
00403020 8D5424 2C lea edx,dword ptr ss:[esp+2C]
00403024 51 push ecx
00403025 52 push edx
00403026 E8 3D410000 call <jmp.&mfc42.#922>
0040302B 50 push eax
0040302C 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403030 C64424 4C 07 mov byte ptr ss:[esp+4C],7
00403035 E8 EC400000 call <jmp.&mfc42.#858>
0040303A C64424 48 03 mov byte ptr ss:[esp+48],3
0040303F 8D4C24 28 lea ecx,dword ptr ss:[esp+28]
00403043 E8 B4400000 call <jmp.&mfc42.#800>
00403048 68 C8000000 push 0C8
0040304D 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
00403051 E8 54410000 call <jmp.&mfc42.#2915>
00403056 6A FF push -1
00403058 8D4C24 24 lea ecx,dword ptr ss:[esp+24]
0040305C 8BD8 mov ebx,eax
0040305E E8 41410000 call <jmp.&mfc42.#5572>
00403063 8BFB mov edi,ebx
00403065 83C9 FF or ecx,FFFFFFFF
00403068 33C0 xor eax,eax
0040306A 68 C8000000 push 0C8
0040306F F2:AE repne scas byte ptr es:[edi]
00403071 F7D1 not ecx
00403073 49 dec ecx
00403074 894C24 28 mov dword ptr ss:[esp+28],ecx
00403078 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
0040307C E8 29410000 call <jmp.&mfc42.#2915>
00403081 8BF8 mov edi,eax
00403083 6A FF push -1
00403085 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00403089 897C24 30 mov dword ptr ss:[esp+30],edi
0040308D E8 12410000 call <jmp.&mfc42.#5572>
00403092 83C9 FF or ecx,FFFFFFFF
00403095 33C0 xor eax,eax
00403097 F2:AE repne scas byte ptr es:[edi]
00403099 8B4424 24 mov eax,dword ptr ss:[esp+24]
0040309D F7D1 not ecx
0040309F 49 dec ecx
004030A0 85C0 test eax,eax
004030A2 894C24 28 mov dword ptr ss:[esp+28],ecx
004030A6 0F8E 09010000 jle OK.004031B5
004030AC 8BC5 mov eax,ebp
004030AE 6A 10 push 10
004030B0 99 cdq
004030B1 F77C24 2C idiv dword ptr ss:[esp+2C]
004030B5 0FBE042B movsx eax,byte ptr ds:[ebx+ebp]
004030B9 03C6 add eax,esi
004030BB BE FF000000 mov esi,0FF
004030C0 8BCA mov ecx,edx
004030C2 99 cdq
004030C3 F7FE idiv esi
004030C5 8B4424 30 mov eax,dword ptr ss:[esp+30]
004030C9 0FBE0C01 movsx ecx,byte ptr ds:[ecx+eax]
004030CD 33D1 xor edx,ecx
004030CF 8BF2 mov esi,edx
004030D1 8D5424 18 lea edx,dword ptr ss:[esp+18]
004030D5 52 push edx
004030D6 56 push esi
004030D7 FF15 B4924000 call dword ptr ds:[<&msvcrt._itoa>] ; msvcrt._itoa
004030DD 8D7C24 20 lea edi,dword ptr ss:[esp+20]
004030E1 83C9 FF or ecx,FFFFFFFF
004030E4 33C0 xor eax,eax
004030E6 83C4 0C add esp,0C
004030E9 F2:AE repne scas byte ptr es:[edi]
004030EB F7D1 not ecx
004030ED 49 dec ecx
004030EE 75 31 jnz short OK.00403121
004030F0 8D4424 10 lea eax,dword ptr ss:[esp+10]
004030F4 68 30B14000 push OK.0040B130 ; ASCII "00"
004030F9 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
004030FD 50 push eax
004030FE 51 push ecx
004030FF E8 3A400000 call <jmp.&mfc42.#924>
00403104 50 push eax
00403105 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403109 C64424 4C 08 mov byte ptr ss:[esp+4C],8
0040310E E8 13400000 call <jmp.&mfc42.#858>
00403113 C64424 48 03 mov byte ptr ss:[esp+48],3
00403118 8D4C24 30 lea ecx,dword ptr ss:[esp+30]
0040311C E9 82000000 jmp OK.004031A3
00403121 83F9 01 cmp ecx,1
00403124 75 51 jnz short OK.00403177
00403126 8D5424 10 lea edx,dword ptr ss:[esp+10]
0040312A 68 2CB14000 push OK.0040B12C
0040312F 8D4424 3C lea eax,dword ptr ss:[esp+3C]
00403133 52 push edx
00403134 50 push eax
00403135 E8 04400000 call <jmp.&mfc42.#924>
0040313A 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
0040313E 8D5424 34 lea edx,dword ptr ss:[esp+34]
00403142 51 push ecx
00403143 50 push eax
00403144 52 push edx
00403145 C64424 54 09 mov byte ptr ss:[esp+54],9
0040314A E8 EF3F0000 call <jmp.&mfc42.#924>
0040314F 50 push eax
00403150 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403154 C64424 4C 0A mov byte ptr ss:[esp+4C],0A
00403159 E8 C83F0000 call <jmp.&mfc42.#858>
0040315E 8D4C24 34 lea ecx,dword ptr ss:[esp+34]
00403162 C64424 48 09 mov byte ptr ss:[esp+48],9
00403167 E8 903F0000 call <jmp.&mfc42.#800>
0040316C C64424 48 03 mov byte ptr ss:[esp+48],3
00403171 8D4C24 38 lea ecx,dword ptr ss:[esp+38]
00403175 EB 2C jmp short OK.004031A3
00403177 8D4424 14 lea eax,dword ptr ss:[esp+14]
0040317B 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
0040317F 50 push eax
00403180 8D5424 40 lea edx,dword ptr ss:[esp+40]
00403184 51 push ecx
00403185 52 push edx
00403186 E8 B33F0000 call <jmp.&mfc42.#924>
0040318B 50 push eax
0040318C 8D4C24 14 lea ecx,dword ptr ss:[esp+14]
00403190 C64424 4C 0B mov byte ptr ss:[esp+4C],0B
00403195 E8 8C3F0000 call <jmp.&mfc42.#858>
0040319A C64424 48 03 mov byte ptr ss:[esp+48],3
0040319F 8D4C24 3C lea ecx,dword ptr ss:[esp+3C]
004031A3 E8 543F0000 call <jmp.&mfc42.#800>
004031A8 8B4424 24 mov eax,dword ptr ss:[esp+24]
004031AC 45 inc ebp
004031AD 3BE8 cmp ebp,eax
004031AF ^ 0F8C F7FEFFFF jl OK.004030AC
004031B5 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004031B9 E8 E03F0000 call <jmp.&mfc42.#4204>
004031BE 8B4C24 50 mov ecx,dword ptr ss:[esp+50]
004031C2 8D4424 10 lea eax,dword ptr ss:[esp+10]
004031C6 50 push eax
004031C7 E8 5A3F0000 call <jmp.&mfc42.#858>
004031CC 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
004031D0 C64424 48 02 mov byte ptr ss:[esp+48],2
004031D5 E8 223F0000 call <jmp.&mfc42.#800>
004031DA 8D4C24 10 lea ecx,dword ptr ss:[esp+10]
004031DE C64424 48 01 mov byte ptr ss:[esp+48],1
004031E3 E8 143F0000 call <jmp.&mfc42.#800>
004031E8 8D4C24 1C lea ecx,dword ptr ss:[esp+1C]
004031EC C64424 48 00 mov byte ptr ss:[esp+48],0
004031F1 E8 063F0000 call <jmp.&mfc42.#800>
004031F6 8D4C24 20 lea ecx,dword ptr ss:[esp+20]
004031FA C74424 48 FFFFFFFF mov dword ptr ss:[esp+48],-1
00403202 E8 F53E0000 call <jmp.&mfc42.#800>
00403207 8B4C24 40 mov ecx,dword ptr ss:[esp+40]
0040320B 5F pop edi
0040320C 5E pop esi
0040320D 5D pop ebp
0040320E 5B pop ebx
0040320F 64:890D 00000000 mov dword ptr fs:[0],ecx
00403216 83C4 3C add esp,3C
00403219 C3 retn
0040321A 90 nop
0040321B 90 nop
0040321C 90 nop
0040321D 90 nop
0040321E 90 nop
0040321F 90 nop
00403220 A1 84904000 mov eax,dword ptr ds:[<&mfc42.#4274>]
00403225 C3 retn
00403226 90 nop
00403227 90 nop
00403228 90 nop
00403229 90 nop
0040322A 90 nop
0040322B 90 nop
0040322C 90 nop
0040322D 90 nop
0040322E 90 nop
0040322F 90 nop
00403230 B8 F0924000 mov eax,OK.004092F0
00403235 C3 retn
00403236 90 nop
00403237 90 nop
00403238 90 nop
00403239 90 nop
0040323A 90 nop
0040323B 90 nop
0040323C 90 nop
0040323D 90 nop
0040323E 90 nop
0040323F 90 nop
00403240 56 push esi
00403241 8BF1 mov esi,ecx
00403243 6A 00 push 0
00403245 E8 3E400000 call <jmp.&mfc42.#561>
0040324A C706 28934000 mov dword ptr ds:[esi],OK.00409328
00403250 8BC6 mov eax,esi
00403252 5E pop esi
00403253 C3 retn
00403254 90 nop
00403255 90 nop
00403256 90 nop
00403257 90 nop
00403258 90 nop
00403259 90 nop
0040325A 90 nop
0040325B 90 nop
0040325C 90 nop
0040325D 90 nop
0040325E 90 nop
0040325F 90 nop
00403260 56 push esi
00403261 8BF1 mov esi,ecx
00403263 E8 18000000 call OK.00403280
00403268 F64424 08 01 test byte ptr ss:[esp+8],1
0040326D 74 09 je short OK.00403278
0040326F 56 push esi
00403270 E8 A53E0000 call <jmp.&mfc42.#825>
00403275 83C4 04 add esp,4
00403278 8BC6 mov eax,esi
0040327A 5E pop esi
0040327B C2 0400 retn 4
0040327E 90 nop
0040327F 90 nop
00403280 E9 09400000 jmp <jmp.&mfc42.#815>
00403285 90 nop
00403286 90 nop
00403287 90 nop
00403288 90 nop
00403289 90 nop
0040328A 90 nop
0040328B 90 nop
0040328C 90 nop
0040328D 90 nop
0040328E 90 nop
0040328F 90 nop
00403290 E8 0B000000 call OK.004032A0
00403295 E9 16000000 jmp OK.004032B0
0040329A 90 nop
0040329B 90 nop
0040329C 90 nop
0040329D 90 nop
0040329E 90 nop
0040329F 90 nop
004032A0 B9 C0B54000 mov ecx,OK.0040B5C0
004032A5 ^ E9 96FFFFFF jmp OK.00403240
004032AA 90 nop
004032AB 90 nop
004032AC 90 nop
004032AD 90 nop
004032AE 90 nop
004032AF 90 nop
004032B0 68 C0324000 push OK.004032C0
004032B5 E8 B2410000 call OK.0040746C
004032BA 59 pop ecx
004032BB C3 retn
004032BC 90 nop
004032BD 90 nop
004032BE 90 nop
004032BF 90 nop
004032C0 B9 C0B54000 mov ecx,OK.0040B5C0
004032C5 ^ E9 B6FFFFFF jmp OK.00403280
004032CA 90 nop
004032CB 90 nop
004032CC 90 nop
004032CD 90 nop
004032CE 90 nop
004032CF 90 nop
004032D0 6A FF push -1
004032D2 68 DA7B4000 push OK.00407BDA
004032D7 64:A1 00000000 mov eax,dword ptr fs:[0]
004032DD 50 push eax
004032DE 64:8925 00000000 mov dword ptr fs:[0],esp
004032E5 81EC 40010000 sub esp,140
004032EB 56 push esi
004032EC 8BF1 mov esi,ecx
004032EE E8 B33F0000 call <jmp.&mfc42.#2621>
004032F3 6A 00 push 0
004032F5 8D4C24 08 lea ecx,dword ptr ss:[esp+8]
004032F9 E8 92020000 call OK.00403590
004032FE 8D4424 04 lea eax,dword ptr ss:[esp+4]
00403302 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
00403306 C78424 4C010000 000>mov dword ptr ss:[esp+14C],0
00403311 8946 20 mov dword ptr ds:[esi+20],eax
00403314 E8 873F0000 call <jmp.&mfc42.#2514>
00403319 8D8C24 3C010000 lea ecx,dword ptr ss:[esp+13C]
00403320 C78424 4C010000 080>mov dword ptr ss:[esp+14C],8
0040332B E8 CC3D0000 call <jmp.&mfc42.#800>
00403330 8D8C24 38010000 lea ecx,dword ptr ss:[esp+138]
00403337 C68424 4C010000 07 mov byte ptr ss:[esp+14C],7
0040333F E8 B83D0000 call <jmp.&mfc42.#800>
00403344 8D8C24 30010000 lea ecx,dword ptr ss:[esp+130]
0040334B C68424 4C010000 06 mov byte ptr ss:[esp+14C],6
00403353 E8 A43D0000 call <jmp.&mfc42.#800>
00403358 8D8C24 EC000000 lea ecx,dword ptr ss:[esp+EC]
0040335F C68424 4C010000 05 mov byte ptr ss:[esp+14C],5
00403367 E8 2E3F0000 call <jmp.&mfc42.#656>
0040336C 8D8C24 AC000000 lea ecx,dword ptr ss:[esp+AC]
00403373 C68424 4C010000 04 mov byte ptr ss:[esp+14C],4
0040337B E8 1A3F0000 call <jmp.&mfc42.#656>
00403380 8D4C24 6C lea ecx,dword ptr ss:[esp+6C]
00403384 C68424 4C010000 03 mov byte ptr ss:[esp+14C],3
0040338C E8 093F0000 call <jmp.&mfc42.#656>
00403391 8D4C24 68 lea ecx,dword ptr ss:[esp+68]
00403395 C68424 4C010000 02 mov byte ptr ss:[esp+14C],2
0040339D E8 5A3D0000 call <jmp.&mfc42.#800>
004033A2 8D4C24 64 lea ecx,dword ptr ss:[esp+64]
004033A6 C68424 4C010000 01 mov byte ptr ss:[esp+14C],1
004033AE E8 493D0000 call <jmp.&mfc42.#800>
004033B3 8D4C24 04 lea ecx,dword ptr ss:[esp+4]
004033B7 C78424 4C010000 FFF>mov dword ptr ss:[esp+14C],-1
004033C2 E8 CD3E0000 call <jmp.&mfc42.#641>
004033C7 8B8C24 44010000 mov ecx,dword ptr ss:[esp+144]
004033CE 33C0 xor eax,eax
004033D0 5E pop esi
004033D1 64:890D 00000000 mov dword ptr fs:[0],ecx
004033D8 81C4 4C010000 add esp,14C
004033DE C3 retn
004033DF 90 nop
004033E0 6A FF push -1
004033E2 68 517C4000 push OK.00407C51
004033E7 64:A1 00000000 mov eax,dword ptr fs:[0]
004033ED 50 push eax
004033EE 64:8925 00000000 mov dword ptr fs:[0],esp
004033F5 51 push ecx
004033F6 56 push esi
004033F7 8BF1 mov esi,ecx
004033F9 897424 04 mov dword ptr ss:[esp+4],esi
004033FD 8D8E 38010000 lea ecx,dword ptr ds:[esi+138]
00403403 C74424 10 07000000 mov dword ptr ss:[esp+10],7
0040340B E8 EC3C0000 call <jmp.&mfc42.#800>
00403410 8D8E 34010000 lea ecx,dword ptr ds:[esi+134]
00403416 C64424 10 06 mov byte ptr ss:[esp+10],6
0040341B E8 DC3C0000 call <jmp.&mfc42.#800>
00403420 8D8E 2C010000 lea ecx,dword ptr ds:[esi+12C]
00403426 C64424 10 05 mov byte ptr ss:[esp+10],5
0040342B E8 CC3C0000 call <jmp.&mfc42.#800>
00403430 8D8E E8000000 lea ecx,dword ptr ds:[esi+E8]
00403436 C64424 10 04 mov byte ptr ss:[esp+10],4
0040343B E8 5A3E0000 call <jmp.&mfc42.#656>
00403440 8D8E A8000000 lea ecx,dword ptr ds:[esi+A8]
00403446 C64424 10 03 mov byte ptr ss:[esp+10],3
0040344B E8 4A3E0000 call <jmp.&mfc42.#656>
00403450 8D4E 68 lea ecx,dword ptr ds:[esi+68]
00403453 C64424 10 02 mov byte ptr ss:[esp+10],2
00403458 E8 3D3E0000 call <jmp.&mfc42.#656>
0040345D 8D4E 64 lea ecx,dword ptr ds:[esi+64]
00403460 C64424 10 01 mov byte ptr ss:[esp+10],1
00403465 E8 923C0000 call <jmp.&mfc42.#800>
0040346A 8D4E 60 lea ecx,dword ptr ds:[esi+60]
0040346D C64424 10 00 mov byte ptr ss:[esp+10],0
00403472 E8 853C0000 call <jmp.&mfc42.#800>
00403477 8BCE mov ecx,esi
00403479 C74424 10 FFFFFFFF mov dword ptr ss:[esp+10],-1
00403481 E8 0E3E0000 call <jmp.&mfc42.#641>
00403486 8B4C24 08 mov ecx,dword ptr ss:[esp+8]
0040348A 5E pop esi
0040348B 64:890D 00000000 mov dword ptr fs:[0],ecx
00403492 83C4 10 add esp,10
00403495 C3 retn
00403496 90 nop
00403497 90 nop
00403498 90 nop
00403499 90 nop
0040349A 90 nop
0040349B 90 nop
0040349C 90 nop
0040349D 90 nop
0040349E 90 nop
0040349F 90 nop
004034A0 C3 retn
004034A1 90 nop
004034A2 90 nop
004034A3 90 nop
004034A4 90 nop
004034A5 90 nop
004034A6 90 nop
004034A7 90 nop
004034A8 90 nop
004034A9 90 nop
004034AA 90 nop
004034AB 90 nop
004034AC 90 nop
004034AD 90 nop
004034AE 90 nop
004034AF 90 nop
004034B0 E8 0B000000 call OK.004034C0
004034B5 E9 16000000 jmp OK.004034D0
004034BA 90 nop
004034BB 90 nop
004034BC 90 nop
004034BD 90 nop
004034BE 90 nop
004034BF 90 nop
004034C0 B9 88B64000 mov ecx,OK.0040B688
004034C5 ^ E9 36DBFFFF jmp OK.00401000
004034CA 90 nop
004034CB 90 nop
004034CC 90 nop
004034CD 90 nop
004034CE 90 nop
004034CF 90 nop
004034D0 68 E0344000 push OK.004034E0
004034D5 E8 923F0000 call OK.0040746C
004034DA 59 pop ecx
004034DB C3 retn
004034DC 90 nop
004034DD 90 nop
004034DE 90 nop
004034DF 90 nop
004034E0 B9 88B64000 mov ecx,OK.0040B688
004034E5 ^ E9 A6DBFFFF jmp OK.00401090
004034EA 90 nop
004034EB 90 nop
004034EC 90 nop
004034ED 90 nop
004034EE 90 nop
004034EF 90 nop
004034F0 56 push esi
004034F1 6A 00 push 0
004034F3 8BF1 mov esi,ecx
004034F5 6A 64 push 64
004034F7 E8 6A3E0000 call <jmp.&mfc42.#324>
004034FC C706 D0944000 mov dword ptr ds:[esi],OK.004094D0
00403502 8BC6 mov eax,esi
00403504 5E pop esi
00403505 C3 retn
00403506 90 nop
00403507 90 nop
00403508 90 nop
00403509 90 nop
0040350A 90 nop
0040350B 90 nop
0040350C 90 nop
0040350D 90 nop
0040350E 90 nop
0040350F 90 nop
00403510 8B41 20 mov eax,dword ptr ds:[ecx+20]
00403513 6A 00 push 0
00403515 50 push eax
00403516 FF15 DC924000 call dword ptr ds:[<&user32.EnableWindow>] ; USER32.EnableWindow
0040351C C3 retn
0040351D 90 nop
0040351E 90 nop
0040351F 90 nop
00403520 8B41 20 mov eax,dword ptr ds:[ecx+20]
00403523 6A 01 push 1
00403525 50 push eax
00403526 FF15 DC924000 call dword ptr ds:[<&user32.EnableWindow>] ; USER32.EnableWindow
0040352C C3 retn
0040352D 90 nop
0040352E 90 nop
0040352F 90 nop
00403530 56 push esi
00403531 8BF1 mov esi,ecx
00403533 E8 18000000 call OK.00403550
00403538 F64424 08 01 test byte ptr ss:[esp+8],1
0040353D 74 09 je short OK.00403548
0040353F 56 push esi
00403540 E8 D53B0000 call <jmp.&mfc42.#825>
00403545 83C4 04 add esp,4
00403548 8BC6 mov eax,esi
0040354A 5E pop esi
0040354B C2 0400 retn 4
0040354E 90 nop
0040354F 90 nop
00403550 E9 3F3D0000 jmp <jmp.&mfc42.#641>
00403555 90 nop
00403556 90 nop
00403557 90 nop
00403558 90 nop
00403559 90 nop
0040355A 90 nop
0040355B 90 nop
0040355C 90 nop
0040355D 90 nop
0040355E 90 nop
0040355F 90 nop
00403560 C2 0400 retn 4
00403563 90 nop
00403564 90 nop
00403565 90 nop
00403566 90 nop
00403567 90 nop
00403568 90 nop
00403569 90 nop
0040356A 90 nop
0040356B 90 nop
0040356C 90 nop
0040356D 90 nop
0040356E 90 nop
0040356F 90 nop
00403570 A1 AC914000 mov eax,dword ptr ds:[<&mfc42.#4234>]
00403575 C3 retn
00403576 90 nop
00403577 90 nop
00403578 90 nop
00403579 90 nop
0040357A 90 nop
0040357B 90 nop
0040357C 90 nop
0040357D 90 nop
0040357E 90 nop
0040357F 90 nop
00403580 B8 D0934000 mov eax,OK.004093D0
00403585 C3 retn
00403586 90 nop
00403587 90 nop
00403588 90 nop
00403589 90 nop
0040358A 90 nop
0040358B 90 nop
0040358C 90 nop
0040358D 90 nop
0040358E 90 nop
0040358F 90 nop
00403590 6A FF push -1
00403592 68 CF7C4000 push OK.00407CCF
00403597 64:A1 00000000 mov eax,dword ptr fs:[0]
0040359D 50 push eax
0040359E 64:8925 00000000 mov dword ptr fs:[0],esp
赞赏
他的文章
看原图
赞赏
雪币:
留言: