PCShrink 0.71 部分源代码(带Packer)-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

PCShrink 0.71 部分源代码(带Packer)

2004-5-16 17:17 7784

PCShrink 0.71 部分源代码(带Packer)

forgot

2004-5-16 17:17

7784

:D 这个东西对资源处理太棒了.正在还原它的源代码...
请问IDA怎么自定义常量?还有assume什么的?
这里是部分源码,也许脱壳有用吧...
都弄好以后会发布带资源的Full Source包:D

; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO	EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO	EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+"	TO EXPAND]
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO	EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO	EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+"	TO EXPAND]
;
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
; ※	This file is generated by The Interactive Disassembler (IDA)	    ※
; ※	Copyright (c) 2003 by DataRescue sa/nv,	<ida@datarescue.com>	    ※
; ※			      [iNTERNAL	RELEASE]			    ※
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
;
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
; File Name   :	E:\Documents and Settings\Star\桌面\pcsnk071\PCSHRINK.EXE.unpacked_.exe
; Format      :	Portable executable for	IBM PC (PE)
; Section 1. (virtual address 00001000)
; Virtual size			: 00004000 (  16384.)
; Section size in file		: 00004000 (  16384.)
; Offset to raw	data for section: 00001000
; Flags	E0000020: Text Executable Readable Writable
; Alignment	: 16 bytes ?

		model flat

; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?

; Segment type:	Pure code
; Segment permissions: Read/Write/Execute
pcs1		segment	para public 'CODE' use32
		assume cs:pcs1
		;org 401000h
		assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
		call	GetProcessHeap

		mov	ds:hHeap, eax
		call	GetCommandLineA

		or	eax, eax
		jz	short start

		xchg	eax, esi

loc_401014:				; CODE XREF: pcs1:00401035j
		cmp	byte ptr [esi],	0
		jz	short start

		shl	eax, 8
		lodsb
		cmp	eax, 72696E6Bh
		jnz	short loc_401029

		cmp	byte ptr [esi],	2Eh
		jnz	short loc_401037


loc_401029:				; CODE XREF: pcs1:00401022j
		cmp	eax, 2E657865h
		jz	short loc_401037

		cmp	eax, 2E455845h
		jnz	short loc_401014


loc_401037:				; CODE XREF: pcs1:00401027j
					; pcs1:0040102Ej ...
		lodsb
		cmp	al, 20h
		jz	short loc_401037

		cmp	al, 22h
		jz	short loc_401037

		dec	esi
		push	esi
		push	offset szBuffer
		call	lstrcpy


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


		public start
start		proc near		; CODE XREF: pcs1:00401011j
					; pcs1:00401017j
		push	0		; lpModuleName
		call	GetModuleHandleA

		mov	ds:hInstance, eax
		push	0		; dwInitParam
		push	offset DialogFunc ; lpDialogFunc
		push	0		; hWndParent
		push	65h		; lpTemplateName
		push	eax		; hInstance
		call	DialogBoxParamA

		push	eax		; uExitCode
		call	ExitProcess


; DWORD	__stdcall MyThread(LPVOID)
MyThread:				; DATA XREF: pcs1:00401205o
		mov	ds:lpFileName, offset szBuffer
		cmp	ds:BackupFile, 1
		jnz	short @SkipBackupFile

		push	ds:lpFileName
		call	MakeBackup


@SkipBackupFile:			; CODE XREF: start+34j
		push	ds:lpFileName
		push	offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
		call	lstrcat

		call	CompressPE

		cmp	ds:CompressResult, 0FCh
		jz	short @Exit

		cmp	ds:CompressResult, 0FFh
		jz	short @CompressError

		push	offset aCompressedObje ; "\r\n Compressed objects: "
		push	offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
		call	lstrcat

		push	offset aOriginalSize ; "\r\nOriginal size: "
		push	offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
		call	lstrcat

		push	0		; uType
		push	offset szCaption ; lpCaption
		push	offset szCompressOK ; lpText
		push	0		; hWnd
		call	MessageBoxA

		xor	eax, eax
		jmp	short @Exit

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@CompressError:				; CODE XREF: start+66j
		push	ds:lpFileName
		push	offset szCompressError ; "There	was an error compressing the file"...
		call	lstrcat

		push	30h		; uType
		push	offset szCaption ; lpCaption
		push	offset szCompressError ; lpText
		push	0		; hWnd
		call	MessageBoxA

		mov	eax, 2

@Exit:					; CODE XREF: start+5Dj	start+9Bj
		push	0		; lParam
		push	0		; wParam
		push	WM_CLOSE	; Msg
		push	ds:hWnd		; hWnd
		call	SendMessageA

		push	0		; dwExitCode
		call	ExitThread	; 退出线程

		retn

start		endp ; sp = -4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓

; Attributes: bp-based frame

; BOOL __stdcall DialogFunc(HWND,UINT,WPARAM,LPARAM)
DialogFunc	proc near		; DATA XREF: start+Eo

hWnd		= dword	ptr  8
Msg		= dword	ptr  0Ch
wParam		= dword	ptr  10h

		enter	0, 0
DialogFunc	endp

		push	ebx
		push	edi
		push	esi
		mov	eax, [ebp+8]
		mov	ds:hWnd, eax
		cmp	dword ptr [ebp+0Ch], WM_COMMAND
		jz	short @Command

		cmp	dword ptr [ebp+0Ch], WM_CLOSE
		jz	@Close

		cmp	dword ptr [ebp+0Ch], WM_INITDIALOG
		jz	@InitDialog


@UnknownMsg:				; CODE XREF: pcs1:00401243j
					; pcs1:00401334j
		xor	eax, eax
		pop	esi
		pop	edi
		pop	ebx
		leave
		retn	10h

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Command:				; CODE XREF: pcs1:00401140j
		cmp	dword ptr [ebp+10h], 1
		jnz	@NotOK

		push	0
		push	ds:hOK
		call	EnableWindow

		push	0
		push	ds:hBrowse
		call	EnableWindow

		pusha
		call	ProcessCheckBoxes

		popa
		push	0FFh
		push	offset szBuffer
		push	1000
		push	ds:hWnd
		call	GetDlgItemTextA

		push	1004
		push	ds:hWnd
		call	IsDlgButtonChecked

		mov	ds:RestructureResourceData, eax
		push	1005
		push	ds:hWnd
		call	IsDlgButtonChecked

		mov	ds:SectionMerging, eax
		push	1012
		push	ds:hWnd
		call	IsDlgButtonChecked

		mov	ds:BackupFile, eax
		push	1026
		push	ds:hWnd
		call	IsDlgButtonChecked

		mov	ds:CompressExportTable,	eax
		pusha
		push	offset ThreadId
		push	0
		push	0
		push	offset MyThread
		push	0
		push	0
		call	CreateThread

		popa
		jmp	short @Return

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@NotOK:					; CODE XREF: pcs1:00401166j
		cmp	dword ptr [ebp+10h], 1003
		jz	@Browse

		cmp	dword ptr [ebp+10h], 2
		jz	short @Close

		cmp	dword ptr [ebp+10h], 1009
		jz	@virogen_cjb_net

		cmp	dword ptr [ebp+10h], 1008
		jz	@phrozencrew_com

		jmp	@UnknownMsg

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Return:				; CODE XREF: pcs1:00401214j
					; pcs1:00401351j ...
		mov	eax, 1
		pop	esi
		pop	edi
		pop	ebx
		leave
		retn	10h

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Close:					; CODE XREF: pcs1:00401146j
					; pcs1:00401227j
		push	0		; nExitCode
		call	PostQuitMessage

		pop	esi
		pop	edi
		pop	ebx
		leave
		retn	10h

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@InitDialog:				; CODE XREF: pcs1:00401153j
		push	80h		; lpIconName
		push	ds:hInstance	; hInstance
		call	LoadIconA

		push	eax
		push	eax		; lParam
		push	0		; wParam
		push	WM_SETICON	; Msg
		push	ds:hWnd		; hWnd
		call	SendMessageA

		pop	eax
		push	eax		; lParam
		push	1		; wParam
		push	WM_SETICON	; Msg
		push	ds:hWnd		; hWnd
		call	SendMessageA

		push	offset szBuffer	; lpString
		push	1000		; nIDDlgItem
		push	ds:hWnd		; hDlg
		call	SetDlgItemTextA

		push	ds:RestructureResourceData ; uCheck
		push	1004		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton

		push	ds:SectionMerging ; uCheck
		push	3EDh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton

		push	ds:BackupFile	; uCheck
		push	1012		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton

		push	1011		; nIDDlgItem
		push	ds:hWnd		; hDlg
		call	GetDlgItem

		mov	ds:hProgress, eax
		push	1		; &OK
		push	ds:hWnd		; hDlg
		call	GetDlgItem

		mov	ds:hOK,	eax
		push	1003		; &Browse
		push	ds:hWnd		; hDlg
		call	GetDlgItem

		mov	ds:hBrowse, eax
		pusha
		call	_CheckDlgButton

		popa
		jmp	@UnknownMsg

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@virogen_cjb_net:			; CODE XREF: pcs1:00401230j
		push	0
		push	0
		push	0
		push	offset szWeb1	; "http://virogen.cjb.net"
		push	0
		push	ds:hWnd
		call	ShellExecuteA

		jmp	@Return

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@phrozencrew_com:			; CODE XREF: pcs1:0040123Dj
		push	0
		push	0
		push	0
		push	offset szWeb2	; "http://www.phrozencrew.com"
		push	0
		push	ds:hWnd
		call	ShellExecuteA

		jmp	@Return

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Browse:				; CODE XREF: pcs1:0040121Dj
		mov	eax, ds:hWnd
		mov	ds:ofn.hwndOwner, eax
		mov	ds:ofn.lpstrFilter, offset aPeExeFiles ; "PE EXE files"
		mov	ds:ofn.lpstrFile, offset szBuffer
		mov	ds:ofn.lStructSize, 4Ch
		mov	ds:ofn.nMaxFile, 0FFh
		mov	ds:ofn.Flags, 4
		push	offset ofn
		call	GetOpenFileNameA

		or	eax, eax
		jz	short @NoSelectFile

		push	offset szBuffer
		push	1000
		push	ds:hWnd
		call	SetDlgItemTextA


@NoSelectFile:				; CODE XREF: pcs1:004013BBj
		jmp	@Return


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_4013D7	proc near		; CODE XREF: sub_4013D7+5Fp
					; CompressPE+1D0p
		pop	eax
		pop	esi
		push	eax
		or	esi, esi
		jz	short loc_401452

		movzx	ecx, word ptr [esi+0Ch]
		add	cx, [esi+0Eh]
		add	esi, 10h
		or	ecx, ecx
		jz	short loc_401452


loc_4013ED:				; CODE XREF: sub_4013D7+6Ej
		mov	ebx, [esi+4]
		test	ebx, 80000000h
		jz	short loc_401449

		cmp	ds:dword_4037E3, 0
		jnz	short @GetProcAddress ;	去掉高位

		pusha
		push	dword ptr [esi]
		call	sub_402291

		popa
		jnb	short loc_401418

		mov	ds:ha_buzhidao,	0
		jmp	short @GetProcAddress ;	去掉高位

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401418:				; CODE XREF: sub_4013D7+33j
		mov	ds:ha_buzhidao,	1

@GetProcAddress:			; CODE XREF: sub_4013D7+28j
					; sub_4013D7+3Fj
		and	ebx, 7FFFFFFFh	; 去掉高位
		add	ebx, ds:dword_4037B7
		pusha
		inc	ds:dword_4037E3
		push	ebx
		call	sub_4013D7

		dec	ds:dword_4037E3
		popa

loc_401442:				; CODE XREF: sub_4013D7+79j
		add	esi, 8
		loop	loc_4013ED

		jmp	short loc_401452

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401449:				; CODE XREF: sub_4013D7+1Fj
		pusha
		call	sub_401458

		popa
		jmp	short loc_401442

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401452:				; CODE XREF: sub_4013D7+5j
					; sub_4013D7+14j ...
		mov	eax, ds:dword_403C69
		retn

sub_4013D7	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401458	proc near		; CODE XREF: sub_4013D7+73p
		and	ebx, 7FFFFFFFh
		add	ebx, ds:dword_4037B7
		mov	esi, ebx
		cmp	ds:ha_buzhidao,	1
		jz	short loc_40147E

		mov	edx, ds:dword_4037CB
		add	ds:dword_4037CB, 8
		jmp	short loc_40148B

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_40147E:				; CODE XREF: sub_401458+15j
		mov	edx, ds:dword_4037D7
		add	ds:dword_4037D7, 8

loc_40148B:				; CODE XREF: sub_401458+24j
		mov	[edx], esi
		mov	ecx, [esi+4]
		push	ebx
		push	ecx
		push	edx
		push	esi
		push	edi
		push	ebp
		push	ecx		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		pop	ebp
		pop	edi
		pop	esi
		pop	edx
		pop	ecx
		pop	ebx
		mov	[edx+4], eax
		push	eax
		mov	ebx, [esi]
		call	sub_401FC6

		add	ebx, ds:lpBaseAddress
		pop	edi
		mov	ecx, [esi+4]
		mov	esi, ebx
		rep movsb
		sub	ebx, ds:dword_4037B7
		retn

sub_401458	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


AllocMemInHeap	proc near		; CODE XREF: CompressPE+1CAp
		push	1F40h		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:dword_4037D3, eax
		mov	ds:dword_4037D7, eax
		push	1F40h		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:BufferInHeap, eax
		mov	ds:dword_4037CB, eax
		retn

AllocMemInHeap	endp

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		push	ds:BufferInHeap
		push	0
		push	ds:hHeap
		call	HeapFree

		push	ds:BufferInHeap
		push	0
		push	ds:hHeap
		call	HeapFree

		retn


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_40152A	proc near		; CODE XREF: CompressPE+1DEp
		push	ebx
		push	ecx
		push	edx
		push	esi
		push	edi
		push	ds:dword_4037D3
		call	sub_401552

		push	eax
		push	ds:BufferInHeap
		call	sub_401552

		pop	ebx
		cmp	ebx, eax
		ja	short loc_40154C

		xchg	eax, ebx

loc_40154C:				; CODE XREF: sub_40152A+1Fj
		pop	edi
		pop	esi
		pop	edx
		pop	ecx
		pop	ebx
		retn

sub_40152A	endp ; sp = -8


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401552	proc near		; CODE XREF: sub_40152A+Bp
					; sub_40152A+17p
		pop	eax
		pop	esi
		push	eax
		mov	edx, 0FFFFFFFFh

loc_40155A:				; CODE XREF: sub_401552+1Dj
		mov	eax, [esi]
		or	eax, eax
		jz	short loc_401571

		mov	ebx, [eax]
		or	ebx, ebx
		jz	short loc_40156C

		cmp	ebx, edx
		jnb	short loc_40156C

		mov	edx, ebx

loc_40156C:				; CODE XREF: sub_401552+12j
					; sub_401552+16j
		add	esi, 8
		jmp	short loc_40155A

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401571:				; CODE XREF: sub_401552+Cj
		xchg	eax, edx
		retn

sub_401552	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401573	proc near		; CODE XREF: CompressPE+202p
		push	ebx
		push	ecx
		push	edx
		push	esi
		push	edi
		push	ds:BufferInHeap
		call	sub_401589

		pop	edi
		pop	esi
		pop	edx
		pop	ecx
		pop	ebx
		retn

sub_401573	endp ; sp = -4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401589	proc near		; CODE XREF: sub_401573+Bp
		pop	eax
		pop	esi
		push	eax
		xor	edx, edx

loc_40158E:				; CODE XREF: sub_401589+19j
		mov	eax, [esi]
		or	eax, eax
		jz	short loc_4015A4

		mov	ebx, [eax]
		add	ebx, [eax+4]
		cmp	ebx, edx
		jbe	short loc_40159F

		mov	edx, ebx

loc_40159F:				; CODE XREF: sub_401589+12j
		add	esi, 8
		jmp	short loc_40158E

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4015A4:				; CODE XREF: sub_401589+9j
		xchg	eax, edx
		retn

sub_401589	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_4015A6	proc near		; CODE XREF: CompressPE+1F0p
		pop	eax
		pop	edi
		push	eax
		push	ds:BufferInHeap
		push	edi
		call	sub_4015C4

		push	eax
		push	ds:dword_4037D3
		push	eax
		call	sub_4015C4

		pop	eax
		retn

sub_4015A6	endp ; sp = -0Ch


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_4015C4	proc near		; CODE XREF: sub_4015A6+Ap
					; sub_4015A6+17p
		pop	eax
		pop	edi
		pop	edx
		push	eax

loc_4015C8:				; CODE XREF: sub_4015C4+2Aj
		mov	eax, [edx]
		or	eax, eax
		jz	short loc_4015F0

		mov	ebx, [eax]
		mov	ebx, edi
		sub	ebx, ds:lpBaseAddress
		push	eax
		push	edx
		call	sub_401FF1

		pop	edx
		pop	eax
		mov	[eax], ebx
		mov	esi, [edx+4]
		mov	ecx, [eax+4]
		rep movsb
		add	edx, 8
		jmp	short loc_4015C8

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4015F0:				; CODE XREF: sub_4015C4+8j
		mov	eax, edi
		retn

sub_4015C4	endp ; sp =  8


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_4015F3	proc near		; CODE XREF: sub_401E09+59p
		pop	eax
		pop	esi
		pop	edi
		push	eax
		mov	edx, [esi+0A0h]
		or	edx, edx
		jz	short locret_40164C

		movzx	ecx, word ptr [esi+6]

loc_401605:				; CODE XREF: sub_4015F3+1Aj
		cmp	[edi+0Ch], edx
		jz	short loc_401611

		add	edi, 28h
		loop	loc_401605

		jmp	short locret_40164C

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401611:				; CODE XREF: sub_4015F3+15j
		cmp	ecx, 1
		jnz	short loc_401625

		dec	word ptr [esi+6]
		pusha
		xor	eax, eax
		mov	ecx, 28h
		rep stosb
		popa

loc_401625:				; CODE XREF: sub_4015F3+21j
		mov	dword ptr [edi+10h], 0
		mov	dword ptr [esi+0A0h], 0
		mov	dword ptr [esi+0A4h], 0
		mov	ax, [esi+16h]
		or	ax, 1
		mov	[esi+16h], ax

locret_40164C:				; CODE XREF: sub_4015F3+Cj
					; sub_4015F3+1Cj
		retn

sub_4015F3	endp ; sp =  8


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_40164D	proc near		; CODE XREF: CompressPE+35Fp
					; CompressPE+37Bp
		push	ebx
		mov	ebx, ds:dword_40388F
		mov	ds:dword_40383F[ebx], 1
		mov	ds:dword_403867[ebx], eax
		pop	ebx
		retn

sub_40164D	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


CompressPE	proc near		; CODE XREF: start+51p
		push	ds:lpFileName	; lpFileName
		call	GetFileAttributesA

		mov	ds:dwFileAttributes, eax
		cmp	eax, 0FFFFFFFFh
		jnz	short loc_40167C

		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_40167C:				; CODE XREF: CompressPE+13j
		push	20h		; dwFileAttributes
		push	ds:lpFileName	; lpFileName
		call	SetFileAttributesA

		mov	esi, ds:lpFileName
		call	MyOpenFile

		call	sub_401DBE

		jnb	short loc_40169C

		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_40169C:				; CODE XREF: CompressPE+33j
		mov	ds:hFile, eax
		mov	eax, ds:hFile
		push	eax
		call	sub_401E09

		pop	eax
		push	offset LastWriteTime ; lpLastWriteTime
		push	offset LastAccessTime ;	lpLastAccessTime
		push	offset CreationTime ; lpCreationTime
		push	eax		; hFile
		call	GetFileTime

		xor	ecx, ecx	; dwBytes
		call	sub_401D60

		jb	@InvalidPE

		cmp	word ptr [eax],	'ZM'
		jnz	@InvalidPE

		call	GetPEHeader

		push	2		; ucb
		push	esi		; lp
		call	IsBadReadPtr

		or	eax, eax
		jnz	@InvalidPE

		cmp	word ptr [esi],	'EP'
		jnz	@InvalidPE

		cmp	dword ptr [esi+0Ch], 90909090h
		jnz	short loc_401722

		push	10h		; uType
		push	offset szCaption ; lpCaption
		push	offset aFileAppearsToA ; lpText
		push	0		; hWnd
		call	MessageBoxA

		mov	ds:CompressResult, 0FCh
		jmp	@InvalidPE

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401722:				; CODE XREF: CompressPE+9Bj
		call	FreeFile

		mov	ecx, 1000h	; dwBytes
		call	sub_401D60

		jb	@InvalidPE

		call	GetPEHeader

		mov	dword ptr [esi+0Ch], 90909090h
		movzx	eax, word ptr [esi+6]
		mov	ds:dword_4037BB, eax
		mov	eax, [esi+34h]
		mov	ds:@ImageBase, eax
		mov	eax, [esi+0C0h]
		mov	ds:dword_4038C4, eax
		cmp	ds:CompressExportTable,	1
		jz	short @SkipCompressExportTable

		mov	eax, [esi+78h]
		mov	ds:dword_40379F, eax

@SkipCompressExportTable:		; CODE XREF: CompressPE+100j
		movzx	eax, word ptr [esi+14h]
		add	eax, 18h
		add	eax, esi
		mov	ds:dword_40378E, eax
		mov	ebx, [esi+0D8h]
		or	ebx, ebx
		jz	short loc_40179F

		call	sub_401FC6

		add	ebx, ds:lpBaseAddress
		mov	ecx, [esi+0DCh]	; dwBytes
		mov	edi, ebx
		xor	eax, eax
		rep stosb

loc_40179F:				; CODE XREF: CompressPE+120j
		mov	ebx, [esi+0A8h]
		or	ebx, ebx
		jz	short loc_4017BF

		call	sub_401FC6

		add	ebx, ds:lpBaseAddress
		mov	ecx, [esi+0ACh]	; dwBytes
		mov	edi, ebx
		xor	eax, eax
		stosb

loc_4017BF:				; CODE XREF: CompressPE+141j
		mov	dword ptr [esi+0D8h], 0
		mov	dword ptr [esi+0DCh], 0
		mov	dword ptr [esi+0D0h], 0
		mov	dword ptr [esi+0D4h], 0
		mov	dword ptr [esi+0A8h], 0
		mov	dword ptr [esi+0ACh], 0
		mov	eax, [esi+3Ch]
		mov	ds:dword_4037A3, eax
		push	esi
		mov	ebx, [esi+88h]
		mov	eax, [esi+8Ch]
		or	ebx, ebx
		jz	short loc_401872

		mov	ds:dword_4037B3, eax
		mov	ds:dword_403C6D, ebx
		call	sub_401FC6

		add	ebx, ds:lpBaseAddress
		mov	ds:dword_4037B7, ebx
		call	AllocMemInHeap

		push	ebx
		call	sub_4013D7

		cmp	ds:RestructureResourceData, 1
		jnz	short loc_401868

		call	sub_40152A

		xchg	eax, ebx
		call	sub_401FC6

		add	ebx, ds:lpBaseAddress
		push	ebx
		call	sub_4015A6

		sub	eax, ds:dword_4037B7
		mov	ds:dword_403C69, eax
		jmp	short loc_401872

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401868:				; CODE XREF: CompressPE+1DCj
		call	sub_401573

		mov	ds:dword_403C69, eax

loc_401872:				; CODE XREF: CompressPE+1ACj
					; CompressPE+200j
		mov	ebx, ds:dword_4037B3
		cmp	eax, ebx
		jnb	short loc_401886

		sub	ebx, eax
		cmp	ebx, 200h
		jnb	short loc_401890


loc_401886:				; CODE XREF: CompressPE+214j
		mov	ds:dword_40389B, 0

loc_401890:				; CODE XREF: CompressPE+21Ej
		cmp	ds:SectionMerging, 0
		jz	short loc_4018B3

		push	offset byte_403CC9
		push	ds:dword_40378E
		call	sub_402050

		push	offset byte_403CC9
		call	sub_402222


loc_4018B3:				; CODE XREF: CompressPE+231j
		pop	esi
		mov	eax, ds:dword_4037BB
		mov	[esi+6], eax
		push	esi
		mov	eax, ds:dword_40378E
		mov	edi, offset byte_403C71
		xor	ecx, ecx	; dwBytes
		mov	cx, [esi+6]	; dwBytes

loc_4018CD:				; CODE XREF: CompressPE+405j
		mov	ds:dword_4037BF, 0
		cmp	edi, offset dword_403CC1
		jz	loc_401A42

		mov	ds:dword_4037AF, 0
		mov	ebx, ds:dword_403C6D
		cmp	[eax+0Ch], ebx
		jnz	short loc_40191B

		cmp	ds:dword_40389B, 1
		jnz	loc_401A42

		mov	ebx, ds:@ImageBase
		add	ds:dword_403C6D, ebx
		mov	ds:dword_4037AF, 1

loc_40191B:				; CODE XREF: CompressPE+290j
		call	sub_401CF4

		jb	loc_401A42

		pusha
		push	offset szLineEnd ; "\r\n\t\t"
		push	offset aCompressedObje ; "\r\n Compressed objects: "
		call	lstrcat

		popa
		pusha
		push	offset szSectionName ; "pcs0"
		push	offset aCompressedObje ; "\r\n Compressed objects: "
		call	lstrcat

		popa
		push	eax
		push	ecx
		mov	ebx, [eax+24h]
		or	ebx, 80000000h
		mov	[eax+24h], ebx
		mov	ebx, [eax+0Ch]
		add	ebx, ds:@ImageBase
		mov	[edi], ebx
		push	edi
		mov	esi, [eax+14h]
		add	esi, ds:lpBaseAddress
		mov	edi, esi
		push	eax
		mov	ecx, [eax+8]	; dwBytes
		mov	edx, [eax+10h]
		cmp	ecx, edx
		jbe	short loc_40197A

		mov	ecx, edx	; dwBytes

loc_40197A:				; CODE XREF: CompressPE+310j
		pusha
		xchg	ecx, edx
		mov	ds:byte_403604,	9
		mov	edi, offset dword_403605
		call	sub_401F9E

		push	offset byte_403604
		push	offset aCompressedObje ; "\r\n Compressed objects: "
		call	lstrcat

		popa
		cmp	ds:dword_4037AF, 1
		jnz	short loc_4019D7

		sub	ecx, ds:dword_403C69
		add	esi, ds:dword_403C69
		mov	edi, esi
		call	CompressIt

		add	eax, ds:dword_403C69
		mov	ds:dword_4037BF, eax
		call	sub_40164D

		push	eax
		call	GetMaxPath

		mov	ds:dword_4037B3, eax
		jmp	short loc_4019EC

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4019D7:				; CODE XREF: CompressPE+33Fj
		call	CompressIt

		mov	ds:dword_4037BF, eax
		call	sub_40164D

		push	eax
		call	GetMaxPath


loc_4019EC:				; CODE XREF: CompressPE+36Fj
		pusha
		mov	edx, ds:dword_4037AB
		mov	ds:byte_403604,	20h
		mov	edi, offset dword_403605
		call	sub_401F9E

		push	offset asc_40370D ; " -> "
		push	offset aCompressedObje ; "\r\n Compressed objects: "
		call	lstrcat

		push	offset byte_403604
		push	offset aCompressedObje ; "\r\n Compressed objects: "
		call	lstrcat

		popa
		pop	ecx
		pop	edx
		mov	ebx, [edx+10h]
		cmp	ebx, ds:dword_403A50
		jbe	short loc_401A36

		mov	ds:dword_403A50, ebx

loc_401A36:				; CODE XREF: CompressPE+3C8j
		pop	edi
		mov	[edx+10h], eax
		mov	[edi+4], ecx
		add	edi, 8
		pop	ecx
		pop	eax

loc_401A42:				; CODE XREF: CompressPE+277j
					; CompressPE+299j ...
		mov	ebx, dword ptr ds:szSectionName	; "pcs0"
		bswap	ebx
		inc	bl
		bswap	ebx
		mov	[eax], ebx
		mov	dword ptr ds:szSectionName, ebx	; "pcs0"
		mov	dword ptr [eax+4], 0
		add	eax, 28h
		add	ds:dword_40388F, 4
		loop	loc_401A6B

		jmp	short loc_401A70

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401A6B:				; CODE XREF: CompressPE+401j
		jmp	loc_4018CD

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401A70:				; CODE XREF: CompressPE+403j
		pop	esi
		sub	eax, 28h
		mov	edi, eax
		mov	eax, [edi+14h]
		mov	ds:dword_403792, eax
		mov	ecx, [edi+10h]
		mov	ds:dword_403796, ecx
		mov	eax, [edi+8]
		mov	ds:dword_40379A, eax
		cmp	eax, ecx
		jnb	short loc_401A95

		mov	eax, ecx

loc_401A95:				; CODE XREF: CompressPE+42Bj
		add	eax, 5425h
		mov	[edi+8], eax
		cmp	ds:dword_4037BF, 0
		jnz	short loc_401ABF

		mov	ecx, ds:dword_403796
		mov	eax, ds:dword_40379A
		cmp	eax, ecx
		jbe	short loc_401AC4

		mov	eax, ecx
		mov	ds:dword_40379A, ecx
		jmp	short loc_401AC4

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401ABF:				; CODE XREF: CompressPE+43Ej
		mov	eax, ds:dword_4037BF

loc_401AC4:				; CODE XREF: CompressPE+44Dj
					; CompressPE+457j
		mov	ds:dword_4037C3, eax
		push	eax
		add	eax, 425h
		mov	ds:dword_4037E7, eax
		call	GetMaxPath

		mov	[edi+10h], eax
		mov	ecx, [esi+38h]
		mov	eax, [edi+8]
		add	eax, [edi+0Ch]
		call	sub_401DE7

		mov	[esi+50h], eax
		add	ds:dword_403A50, 425h
		pop	eax
		mov	dword ptr [edi+24h], 0E0000020h
		add	eax, [edi+0Ch]
		mov	ebx, [esi+28h]
		mov	[esi+28h], eax
		push	eax
		add	eax, ds:@ImageBase
		sub	eax, offset @LoaderStart
		mov	dword ptr ds:loc_403946+1, eax
		pop	eax
		pusha
		add	eax, 114h
		add	ds:dword_403A58, eax
		add	ds:dword_403A64, eax
		add	ds:dword_403A68, eax
		add	ds:_LoadLibraryA, eax
		add	ds:_GetProcAddress, eax
		add	ds:_GlobalAlloc, eax
		add	ds:_ExitProcess, eax
		mov	ecx, [esi+80h]
		mov	ds:@ImportTableRVA, ecx
		mov	[esi+80h], eax
		mov	dword ptr [esi+84h], 85h
		popa
		add	ebx, ds:@ImageBase
		mov	dword ptr ds:@SetOEP+1,	ebx
		push	esi
		call	sub_402185

		mov	ecx, 425h
		mov	edi, ds:lpBaseAddress
		add	edi, ds:dword_4037C3
		add	edi, ds:dword_403792
		mov	esi, offset @LoaderStart
		rep movsb
		pop	esi
		mov	eax, ds:dword_4037E7
		push	eax
		call	GetMaxPath

		pop	ecx
		xchg	eax, ecx
		sub	ecx, eax
		xor	eax, eax
		rep stosb
		call	FreeFile

		mov	ds:CompressResult, 0
		jmp	short loc_401BBE

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@InvalidPE:				; CODE XREF: CompressPE+63j
					; CompressPE+6Ej ...
		call	FreeFile


loc_401BBE:				; CODE XREF: CompressPE+551j
		push	offset LastWriteTime ; lpLastWriteTime
		push	offset LastAccessTime ;	lpLastAccessTime
		push	offset CreationTime ; lpCreationTime
		push	ds:hFile	; hFile
		call	SetFileTime

		mov	edx, ds:dword_40375E
		mov	edi, offset dword_403473
		call	sub_401F9E

		cmp	ds:CompressResult, 0
		jnz	short loc_401BFB

		mov	eax, ds:hFile
		call	sub_401E09


loc_401BFB:				; CODE XREF: CompressPE+589j
		mov	edx, ds:dword_40375E
		mov	edi, offset dword_40348F
		call	sub_401F9E

		push	offset dword_403473
		push	offset aOriginalSize ; "\r\nOriginal size: "
		call	lstrcat

		push	offset aNewSize	; " New	size : "
		push	offset aOriginalSize ; "\r\nOriginal size: "
		call	lstrcat

		push	offset dword_40348F
		push	offset aOriginalSize ; "\r\nOriginal size: "
		call	lstrcat

		push	ds:hFile	; hObject
		call	CloseHandle

		push	ds:dwFileAttributes ; dwFileAttributes
		push	ds:lpFileName	; lpFileName
		call	SetFileAttributesA

		retn

CompressPE	endp ; sp =  0Ch


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


; int __fastcall CompressIt(DWORD dwBytes)
CompressIt	proc near		; CODE XREF: CompressPE+34Fp
					; CompressPE+371p
		push	ecx
		push	esi
		push	ecx
		push	ecx		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:lpMem, eax
		push	0A0000h		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:dword_4038A7, eax
		pop	ecx
		cmp	ecx, 50h
		jbe	short loc_401CC1

		mov	ds:dword_403786, esi
		mov	ds:dword_4038B3, ecx
		push	offset loc_40201C
		push	ds:dword_4038A7
		push	ecx
		push	ds:lpMem
		push	esi
		call	_aP_pack

		mov	ds:dword_4037AB, eax
		or	eax, eax
		jz	short loc_401CC1

		pop	edi
		pop	ecx
		mov	esi, ds:lpMem
		rep movsb
		jmp	short @Clean

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401CC1:				; CODE XREF: CompressIt+31j
					; CompressIt+5Ej
		pop	edi
		pop	ecx
		mov	ds:dword_4037AB, eax

@Clean:					; CODE XREF: CompressIt+6Aj
		push	ds:lpMem	; lpMem
		push	0		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapFree

		push	ds:dword_4038A7	; lpMem
		push	0		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapFree

		mov	eax, ds:dword_4037AB
		retn

CompressIt	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401CF4	proc near		; CODE XREF: CompressPE+2B5p
					; sub_402050+Ep
		push	esi
		cmp	dword ptr [eax+14h], 0
		jz	short @SkipThisSection

		cmp	dword ptr [eax+10h], 0
		jz	short @SkipThisSection

		cmp	dword ptr [eax+8], 50h
		jbe	short @SkipThisSection

		call	sub_401D24

		jb	short @SkipThisSection

		mov	esi, offset szSkipedSectionName	; ".tls.relBSS"

loc_401D13:				; CODE XREF: sub_401CF4+28j
		xchg	eax, ebx
		lodsd
		xchg	eax, ebx
		cmp	ebx, [eax]
		jz	short @SkipThisSection

		or	ebx, ebx
		jnz	short loc_401D13

		pop	esi
		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@SkipThisSection:			; CODE XREF: sub_401CF4+5j
					; sub_401CF4+Bj ...
		pop	esi
		stc
		retn

sub_401CF4	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401D24	proc near		; CODE XREF: sub_401CF4+13p
		pusha
		mov	edx, ds:dword_4038C4
		cmp	[eax+0Ch], edx
		jz	short loc_401D51

		mov	edx, ds:dword_40379F
		or	edx, edx
		jz	short loc_401D4E

		mov	ebx, [eax+0Ch]
		cmp	ebx, edx
		jg	short loc_401D4E

		jz	short loc_401D51

		mov	ebx, [eax+34h]
		or	ebx, ebx
		jz	short @SkipThisSection

		cmp	ebx, edx
		jg	short loc_401D51


loc_401D4E:				; CODE XREF: sub_401D24+14j
					; sub_401D24+1Bj
		popa
		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401D51:				; CODE XREF: sub_401D24+Aj
					; sub_401D24+1Dj ...
		popa
		stc
		retn

sub_401D24	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


GetPEHeader	proc near		; CODE XREF: CompressPE+74p
					; CompressPE+D1p ...
		mov	esi, [eax+3Ch]
		add	esi, eax
		mov	ds:lpPEHeader, esi
		retn

GetPEHeader	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401D60	proc near		; CODE XREF: CompressPE+5Ep
					; CompressPE+C6p ...
		push	ecx
		push	offset FileSizeHigh ; lpFileSizeHigh
		push	ds:hFile	; hFile
		call	GetFileSize

		call	sub_401DBE

		jnb	short loc_401D7B

		pop	ecx
		jmp	short locret_401DBD

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401D7B:				; CODE XREF: sub_401D60+16j
		mov	ds:dword_40375E, eax
		pop	ecx
		add	eax, ecx
		push	0		; lpName
		push	eax		; dwMaximumSizeLow
		push	0		; dwMaximumSizeHigh
		push	4		; flProtect
		push	0		; lpFileMappingAttributes
		push	ds:hFile	; hFile
		call	CreateFileMappingA

		call	sub_401DBE

		jb	short locret_401DBD

		mov	ds:hObject, eax
		push	0		; dwNumberOfBytesToMap
		push	0		; dwFileOffsetLow
		push	0		; dwFileOffsetHigh
		push	2		; dwDesiredAccess
		push	eax		; hFileMappingObject
		call	MapViewOfFile

		call	sub_401DBE

		jb	short locret_401DBD

		mov	ds:lpBaseAddress, eax

locret_401DBD:				; CODE XREF: sub_401D60+19j
					; sub_401D60+3Cj ...
		retn

sub_401D60	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401DBE	proc near		; CODE XREF: CompressPE+2Ep
					; sub_401D60+11p ...
		cmp	eax, -1
		jz	short loc_401DC9

		or	eax, eax
		jz	short loc_401DC9

		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401DC9:				; CODE XREF: sub_401DBE+3j
					; sub_401DBE+7j
		stc
		retn

sub_401DBE	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


FreeFile	proc near		; CODE XREF: CompressPE+BCp
					; CompressPE+545p ...
		push	ds:lpBaseAddress ; lpBaseAddress
		call	UnmapViewOfFile

		push	ds:hObject	; hObject
		call	CloseHandle

		retn

FreeFile	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


GetMaxPath	proc near		; CODE XREF: CompressPE+365p
					; CompressPE+381p ...
		mov	ecx, 200h
GetMaxPath	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401DE7	proc near		; CODE XREF: CompressPE+47Fp
					; sub_401E09+78p ...
		xor	edx, edx
		div	ecx
		or	edx, edx
		jz	short loc_401DF0

		inc	eax

loc_401DF0:				; CODE XREF: sub_401DE7+6j
		mul	ecx
		retn

sub_401DE7	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


; HFILE	__stdcall MyOpenFile(LPCSTR lpFileName,LPOFSTRUCT lpReOpenBuff,UINT uStyle)
MyOpenFile	proc near		; CODE XREF: CompressPE+29p
		push	0		; hTemplateFile
		push	20h		; dwFlagsAndAttributes
		push	3		; dwCreationDisposition
		push	0		; lpSecurityAttributes
		push	0		; dwShareMode
		push	0C0000000h	; dwDesiredAccess
		push	esi		; lpFileName
		call	CreateFileA

		retn

MyOpenFile	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401E09	proc near		; CODE XREF: CompressPE+41p
					; CompressPE+590p
		xor	ecx, ecx
		call	sub_401D60

		jb	@InvalidPE

		mov	ecx, ds:dword_40375E
		or	ecx, ecx
		jz	loc_401F4E

		mov	ds:dword_40377E, ecx
		call	GetPEHeader

		mov	eax, [esi+3Ch]
		mov	ds:dword_403762, eax
		xor	eax, eax
		mov	ax, [esi+14h]
		add	eax, 18h
		add	eax, esi
		push	esi
		push	eax
		xchg	eax, edi
		mov	ds:dword_4038A3, edi
		movzx	ecx, word ptr [esi+6]
		xor	ebx, ebx

loc_401E51:				; CODE XREF: sub_401E09+52j
		call	sub_401F54

		inc	ebx
		cmp	ebx, ecx
		jz	short loc_401E5D

		jmp	short loc_401E51

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401E5D:				; CODE XREF: sub_401E09+50j
		pop	eax
		pop	esi
		pusha
		push	eax
		push	esi
		call	sub_4015F3

		popa
		push	eax
		xor	edx, edx
		mov	ecx, 28h
		xor	eax, eax
		mov	ax, [esi+6]
		inc	eax
		mul	ecx
		xchg	eax, ebx
		pop	eax
		push	eax
		add	eax, ebx
		mov	ecx, [esi+3Ch]
		call	sub_401DE7

		xchg	eax, ebx
		pop	eax
		mov	ecx, ebx
		sub	ecx, ds:lpBaseAddress
		mov	[esi+54h], ecx
		mov	ecx, 200h
		mov	[esi+3Ch], ecx
		movzx	ecx, word ptr [esi+6]
		mov	edi, ebx

loc_401EA1:				; CODE XREF: sub_401E09+D5j
		push	eax
		push	ecx
		mov	ecx, edi
		sub	ecx, ds:lpBaseAddress
		mov	esi, [eax+14h]
		mov	[eax+14h], ecx
		mov	ebx, [eax+8]
		cmp	ebx, [eax+10h]
		jg	short loc_401EC9

		mov	ecx, 200h
		push	eax
		xchg	eax, ebx
		call	sub_401DE7

		xchg	eax, ebx
		pop	eax
		jmp	short loc_401ECC

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401EC9:				; CODE XREF: sub_401E09+AEj
		mov	ebx, [eax+10h]

loc_401ECC:				; CODE XREF: sub_401E09+BEj
		mov	[eax+10h], ebx
		add	esi, ds:lpBaseAddress
		mov	ecx, ebx
		rep movsb
		pop	ecx
		pop	eax
		add	eax, 28h
		loop	loc_401EA1

		sub	eax, 28h
		mov	ecx, [eax+10h]
		add	ecx, [eax+14h]
		push	ecx
		call	FreeFile

		mov	ds:CompressResult, 0
		pop	ecx
		mov	ds:dword_403756, ecx
		push	0		; dwMoveMethod
		push	0		; lpDistanceToMoveHigh
		push	ecx		; lDistanceToMove
		push	ds:hFile	; hFile
		call	SetFilePointer

		push	ds:hFile	; hFile
		call	SetEndOfFile

		xor	ecx, ecx
		call	sub_401D60

		jb	short locret_401F53

		call	GetPEHeader

		lea	eax, [esi+58h]
		push	eax
		push	offset dword_403752
		push	ds:dword_40375E
		push	ds:lpBaseAddress
		call	CheckSumMappedFile

		call	FreeFile

		mov	ds:CompressResult, 0
		jmp	short locret_401F53

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_401F4E:				; CODE XREF: sub_401E09+15j
		call	FreeFile


locret_401F53:				; CODE XREF: sub_401E09+116j
					; sub_401E09+143j
		retn

sub_401E09	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401F54	proc near		; CODE XREF: sub_401E09+48p
		push	ebx
		push	ecx
		mov	eax, 28h
		mul	bl
		add	eax, ds:dword_4038A3
		mov	esi, eax
		mov	eax, [esi+10h]
		mov	ecx, eax
		add	eax, [esi+14h]
		add	eax, ds:lpBaseAddress
		mov	edi, eax
		dec	edi
		xor	eax, eax
		std
		repe scasb
		cld
		add	edi, 2
		sub	edi, [esi+14h]
		sub	edi, ds:lpBaseAddress
		mov	ecx, 200h
		xchg	eax, edi
		call	sub_401DE7

		cmp	eax, [esi+10h]
		jge	short loc_401F9B

		mov	[esi+10h], eax

loc_401F9B:				; CODE XREF: sub_401F54+42j
		pop	ecx
		pop	ebx
		retn

sub_401F54	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401F9E	proc near		; CODE XREF: CompressPE+323p
					; CompressPE+399p ...
		push	edi
		mov	ecx, 3
		xor	eax, eax
		rep stosd
		pop	edi
		mov	eax, edx
		mov	esi, 0Ah
		xor	ecx, ecx

loc_401FB2:				; CODE XREF: sub_401F9E+1Cj
		xor	edx, edx
		div	esi
		push	edx
		inc	ecx
		or	eax, eax
		jnz	short loc_401FB2


loc_401FBC:				; CODE XREF: sub_401F9E+25j
		pop	edx
		add	dl, 30h
		mov	al, dl
		stosb
		loop	loc_401FBC

		retn

sub_401F9E	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401FC6	proc near		; CODE XREF: sub_401458+58p
					; CompressPE+122p ...
		push	esi
		push	edi
		push	edx
		push	ecx
		push	eax
		mov	eax, ds:dword_40378E
		mov	ecx, ds:dword_4037BB

loc_401FD6:				; CODE XREF: sub_401FC6+1Aj
		mov	edx, [eax+0Ch]
		cmp	edx, ebx
		ja	short loc_401FE2

		add	eax, 28h
		loop	loc_401FD6


loc_401FE2:				; CODE XREF: sub_401FC6+15j
		sub	eax, 28h
		sub	ebx, [eax+0Ch]
		add	ebx, [eax+14h]
		pop	eax
		pop	ecx
		pop	edx
		pop	edi
		pop	esi
		retn

sub_401FC6	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_401FF1	proc near		; CODE XREF: sub_4015C4+16p
		push	esi
		push	edi
		push	edx
		push	ecx
		push	eax
		mov	eax, ds:dword_40378E
		mov	ecx, ds:dword_4037BB

loc_402001:				; CODE XREF: sub_401FF1+1Aj
		mov	edx, [eax+14h]
		cmp	edx, ebx
		ja	short loc_40200D

		add	eax, 28h
		loop	loc_402001


loc_40200D:				; CODE XREF: sub_401FF1+15j
		sub	eax, 28h
		sub	ebx, [eax+14h]
		add	ebx, [eax+0Ch]
		pop	eax
		pop	ecx
		pop	edx
		pop	edi
		pop	esi
		retn

sub_401FF1	endp

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_40201C:				; DATA XREF: CompressIt+3Fo
		mov	eax, [esp+4]
		xor	edx, edx
		mov	ecx, 64h
		mul	ecx
		xor	edx, edx
		mov	ecx, ds:dword_4038B3
		or	ecx, ecx
		jz	short loc_40204A

		div	ecx
		push	0
		push	eax
		push	402h
		push	ds:hProgress
		call	SendMessageA


loc_40204A:				; CODE XREF: pcs1:00402033j
		mov	eax, 1
		retn


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_402050	proc near		; CODE XREF: CompressPE+23Ep
		pop	edx
		pop	eax
		pop	edi
		push	edx
		mov	ecx, ds:dword_4037BB
		dec	ecx
		xor	ebp, ebp

loc_40205D:				; CODE XREF: sub_402050+116j
		push	ecx
		call	sub_401CF4

		jnb	short loc_40206D

		xor	ebp, ebp
		jz	loc_40215E


loc_40206D:				; CODE XREF: sub_402050+13j
		cmp	ebp, 1
		jz	short loc_40207C

		mov	ebp, 1
		jmp	loc_40215E

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_40207C:				; CODE XREF: sub_402050+20j
		push	eax
		mov	ebx, [eax-14h]
		add	ebx, [eax-18h]
		add	ebx, ds:lpBaseAddress
		push	edi
		mov	edi, ebx
		call	sub_40216C

		mov	ecx, edi
		sub	ecx, [eax-14h]
		sub	ecx, ds:lpBaseAddress
		mov	ds:dword_4038AB, ecx
		mov	ebx, edi
		pop	edi
		pop	eax
		push	eax
		push	ebx
		mov	ebx, [eax+14h]
		add	ebx, [eax+10h]
		add	ebx, ds:lpBaseAddress
		push	edi
		mov	edi, ebx
		call	sub_40216C

		mov	ecx, edi
		sub	ecx, [eax+14h]
		sub	ecx, ds:lpBaseAddress
		mov	ds:dword_4038AF, ecx
		pop	edi
		mov	ebp, edi
		pop	edi
		mov	esi, [eax+14h]
		add	esi, ds:lpBaseAddress
		mov	ecx, ds:dword_4038AF
		rep movsb
		pop	eax
		mov	ebx, [eax+34h]
		mov	ecx, [eax-1Ch]
		sub	ebx, ecx
		mov	[eax-20h], ebx
		mov	ebx, ds:dword_4038AB
		add	ebx, ds:dword_4038AF
		mov	[eax-18h], ebx
		mov	edi, ebp
		mov	ebx, [eax+0Ch]
		add	ebx, ds:@ImageBase
		mov	[edi+4], ebx
		mov	ebx, [eax-1Ch]
		add	ebx, ds:dword_4038AB
		add	ebx, ds:@ImageBase
		mov	[edi], ebx
		mov	ebx, ds:dword_4038AF
		mov	[edi+8], ebx
		mov	ecx, [eax+34h]
		sub	ecx, [eax+0Ch]
		sub	ecx, ebx
		mov	[edi+0Ch], ecx
		add	edi, 10h
		pop	ecx
		push	ecx
		push	eax
		inc	ecx
		mov	eax, ecx
		xor	edx, edx
		mov	ecx, 28h
		mul	ecx
		mov	ecx, eax
		pop	eax
		mov	esi, eax
		add	esi, 28h
		push	edi
		mov	edi, eax
		rep movsb
		pop	edi
		dec	ds:dword_4037BB
		mov	ebp, 1
		sub	eax, 28h

loc_40215E:				; CODE XREF: sub_402050+17j
					; sub_402050+27j
		pop	ecx
		add	eax, 28h
		loop	loc_402166

		jmp	short locret_40216B

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_402166:				; CODE XREF: sub_402050+112j
		jmp	loc_40205D

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

locret_40216B:				; CODE XREF: sub_402050+114j
		retn

sub_402050	endp ; sp =  8


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_40216C	proc near		; CODE XREF: sub_402050+3Cp
					; sub_402050+67p
		push	eax
		push	edi
		std
		mov	ecx, 0FFFFFFFh
		xor	eax, eax
		repe scasb
		add	edi, 4
		cld
		pop	edx
		cmp	edx, edi
		jnb	short loc_402183

		mov	edi, edx

loc_402183:				; CODE XREF: sub_40216C+13j
		pop	eax
		retn

sub_40216C	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_402185	proc near		; CODE XREF: CompressPE+50Ep
		push	esi
		push	edi
		push	ecx
		push	edx
		mov	ecx, 28Ch
		push	ecx
		push	ecx		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:lpMem, eax
		push	0FA000h		; dwBytes
		push	8		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapAlloc

		mov	ds:dword_4038A7, eax
		pop	ecx
		push	ecx
		push	0
		push	ds:dword_4038A7
		push	ecx
		push	ds:lpMem
		push	offset loc_403ADD
		call	_aP_pack

		push	eax
		mov	ecx, eax
		mov	esi, ds:lpMem
		mov	edi, offset loc_403ADD
		rep movsb
		push	ds:dword_4038A7	; lpMem
		push	0		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapFree

		push	ds:lpMem	; lpMem
		push	0		; dwFlags
		push	ds:hHeap	; hHeap
		call	HeapFree

		pop	ecx
		pop	eax
		sub	eax, ecx
		push	eax
		mov	edi, offset loc_403ADD
		add	edi, ecx
		mov	ecx, eax
		xor	eax, eax
		rep stosb
		pop	eax
		pop	edx
		pop	ecx
		pop	edi
		pop	esi
		retn

sub_402185	endp ; sp = -14h


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_402222	proc near		; CODE XREF: CompressPE+248p
		pop	eax
		pop	ebx
		push	eax
		pusha
		xchg	ebx, edi
		add	edi, 0B0h

loc_40222E:				; CODE XREF: sub_402222+12j
		sub	edi, 10h
		cmp	dword ptr [edi], 0
		jz	short loc_40222E

		xchg	edi, esi
		mov	edi, offset dword_40383F

loc_40223D:				; CODE XREF: sub_402222+2Bj
		mov	ecx, 4
		rep movsd
		sub	esi, 20h
		cmp	esi, offset byte_403CC9
		jnb	short loc_40223D

		mov	esi, offset dword_40383F
		mov	edi, offset byte_403CC9
		mov	ecx, 0A0h
		rep movsb
		popa
		retn

sub_402222	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


MakeBackup	proc near		; CODE XREF: start+3Cp
		pop	ebx
		pop	edi
		push	ebx
		push	edi
		push	edi
		push	offset lpNewFileName
		call	lstrcpy

		pop	edi
		push	edi
		push	offset szDotBak	; ".BAK"
		push	offset lpNewFileName
		call	lstrcat		; 加入后缀 .Bak

		pop	edi
		push	0		; bFailIfExists
		push	offset lpNewFileName ; lpNewFileName
		push	edi		; lpExistingFileName
		call	CopyFileA

		retn

MakeBackup	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_402291	proc near		; CODE XREF: sub_4013D7+2Dp
					; _CheckDlgButton+2p ...
		pop	edx
		pop	ebx
		push	edx
		mov	esi, offset dword_4038DC

loc_402299:				; CODE XREF: sub_402291+Fj
		lodsd
		or	eax, eax
		jz	short loc_4022A4

		cmp	eax, ebx
		jnz	short loc_402299

		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4022A4:				; CODE XREF: sub_402291+Bj
		stc
		retn

sub_402291	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_4022A6	proc near		; CODE XREF: ProcessCheckBoxes+24p
					; ProcessCheckBoxes+3Fp ...
		pop	edx
		pop	ebx
		push	edx
		mov	esi, offset dword_4038DC

loc_4022AE:				; CODE XREF: sub_4022A6+Fj
		lodsd
		cmp	ebx, eax
		jz	short locret_4022C3

		or	eax, eax
		jnz	short loc_4022AE

		sub	esi, 4
		mov	[esi], ebx
		mov	dword ptr [esi+4], 0

locret_4022C3:				; CODE XREF: sub_4022A6+Bj
		retn

sub_4022A6	endp ; sp =  4


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


_CheckDlgButton	proc near		; CODE XREF: pcs1:0040132Ep
		push	1
		call	sub_402291

		jb	short loc_4022DF

		push	1		; uCheck
		push	3FFh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_4022DF:				; CODE XREF: _CheckDlgButton+7j
		push	2
		call	sub_402291

		jb	short loc_4022FA

		push	1		; uCheck
		push	3EAh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_4022FA:				; CODE XREF: _CheckDlgButton+22j
		push	3
		call	sub_402291

		jb	short loc_402315

		push	1		; uCheck
		push	3EEh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402315:				; CODE XREF: _CheckDlgButton+3Dj
		push	4
		call	sub_402291

		jb	short loc_402330

		push	1		; uCheck
		push	3F6h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402330:				; CODE XREF: _CheckDlgButton+58j
		push	5
		call	sub_402291

		jb	short loc_40234B

		push	1		; uCheck
		push	3F7h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_40234B:				; CODE XREF: _CheckDlgButton+73j
		push	6
		call	sub_402291

		jb	short loc_402366

		push	1		; uCheck
		push	3FCh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402366:				; CODE XREF: _CheckDlgButton+8Ej
		push	7
		call	sub_402291

		jb	short loc_402381

		push	1		; uCheck
		push	3F8h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402381:				; CODE XREF: _CheckDlgButton+A9j
		push	8
		call	sub_402291

		jb	short loc_40239C

		push	1		; uCheck
		push	401h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_40239C:				; CODE XREF: _CheckDlgButton+C4j
		push	9
		call	sub_402291

		jb	short loc_4023B7

		push	1		; uCheck
		push	3FEh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_4023B7:				; CODE XREF: _CheckDlgButton+DFj
		push	0Ah
		call	sub_402291

		jb	short loc_4023D2

		push	1		; uCheck
		push	3FDh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_4023D2:				; CODE XREF: _CheckDlgButton+FAj
		push	0Bh
		call	sub_402291

		jb	short loc_4023ED

		push	1		; uCheck
		push	3FBh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_4023ED:				; CODE XREF: _CheckDlgButton+115j
		push	0Ch
		call	sub_402291

		jb	short loc_402408

		push	1		; uCheck
		push	3FAh		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402408:				; CODE XREF: _CheckDlgButton+130j
		push	0Eh
		call	sub_402291

		jb	short loc_402423

		push	1		; uCheck
		push	3F9h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


loc_402423:				; CODE XREF: _CheckDlgButton+14Bj
		push	10h
		call	sub_402291

		jb	short locret_40243E

		push	1		; uCheck
		push	400h		; nIDButton
		push	ds:hWnd		; hDlg
		call	CheckDlgButton


locret_40243E:				; CODE XREF: _CheckDlgButton+166j
		retn

_CheckDlgButton	endp ; sp = -38h


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


ProcessCheckBoxes proc near		; CODE XREF: pcs1:00401187p
		mov	edi, offset dword_4038DC
		xor	eax, eax
		mov	ecx, 10h
		rep stosd
		push	3FFh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402468

		push	1
		call	sub_4022A6


loc_402468:				; CODE XREF: ProcessCheckBoxes+20j
		push	3EAh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402483

		push	2
		call	sub_4022A6


loc_402483:				; CODE XREF: ProcessCheckBoxes+3Bj
		push	3EEh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_40249E

		push	3
		call	sub_4022A6


loc_40249E:				; CODE XREF: ProcessCheckBoxes+56j
		push	3F6h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_4024B9

		push	4
		call	sub_4022A6


loc_4024B9:				; CODE XREF: ProcessCheckBoxes+71j
		push	3F7h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_4024D4

		push	5
		call	sub_4022A6


loc_4024D4:				; CODE XREF: ProcessCheckBoxes+8Cj
		push	3FCh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_4024EF

		push	6
		call	sub_4022A6


loc_4024EF:				; CODE XREF: ProcessCheckBoxes+A7j
		push	3F8h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_40250A

		push	7
		call	sub_4022A6


loc_40250A:				; CODE XREF: ProcessCheckBoxes+C2j
		push	401h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402525

		push	8
		call	sub_4022A6


loc_402525:				; CODE XREF: ProcessCheckBoxes+DDj
		push	3FEh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402540

		push	9
		call	sub_4022A6


loc_402540:				; CODE XREF: ProcessCheckBoxes+F8j
		push	3FDh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_40255B

		push	0Ah
		call	sub_4022A6


loc_40255B:				; CODE XREF: ProcessCheckBoxes+113j
		push	3FBh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402576

		push	0Bh
		call	sub_4022A6


loc_402576:				; CODE XREF: ProcessCheckBoxes+12Ej
		push	3FAh		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_402591

		push	0Ch
		call	sub_4022A6


loc_402591:				; CODE XREF: ProcessCheckBoxes+149j
		push	3F9h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short loc_4025AC

		push	0Eh
		call	sub_4022A6


loc_4025AC:				; CODE XREF: ProcessCheckBoxes+164j
		push	400h		; nIDButton
		push	ds:hWnd		; hDlg
		call	IsDlgButtonChecked

		or	eax, eax
		jz	short locret_4025C7

		push	10h
		call	sub_4022A6


locret_4025C7:				; CODE XREF: ProcessCheckBoxes+17Fj
		retn

ProcessCheckBoxes endp ; sp = -38h

; [00000006 BYTES: COLLAPSED FUNCTION HeapFree.	PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileAttributesA. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION IsBadReadPtr. PRESS KEYPAD "+" TO	EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD	"+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA. PRESS KEYPAD	"+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:ReadFile

; [00000006 BYTES: COLLAPSED FUNCTION MapViewOfFile. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:LoadLibraryA

; [00000006 BYTES: COLLAPSED FUNCTION GetFileTime. PRESS KEYPAD	"+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA.	PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:GetStdHandle

; [00000006 BYTES: COLLAPSED FUNCTION ExitThread. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileMappingA. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize. PRESS KEYPAD	"+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD	"+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:ReadConsoleA

; [00000006 BYTES: COLLAPSED FUNCTION SetEndOfFile. PRESS KEYPAD "+" TO	EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CopyFileA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateThread. PRESS KEYPAD "+" TO	EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFileAttributesA. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFileTime. PRESS KEYPAD	"+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION UnmapViewOfFile. PRESS KEYPAD "+"	TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:WriteConsoleA

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
		jmp	ds:WriteFile

; [00000006 BYTES: COLLAPSED FUNCTION lstrcat. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrcpy. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CheckSumMappedFile. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CheckDlgButton. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetDlgItemTextA. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SendMessageA. PRESS KEYPAD "+" TO	EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD	"+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION LoadIconA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION IsDlgButtonChecked. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetDlgItemTextA. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetDlgItem. PRESS	KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION EnableWindow. PRESS KEYPAD "+" TO	EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION DialogBoxParamA. PRESS KEYPAD "+"	TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetOpenFileNameA.	PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ShellExecuteA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _aP_pack.	PRESS KEYPAD "+" TO EXPAND]
		dd 24Ah	dup(0)
		align 4
; const	CHAR lpNewFileName
lpNewFileName	db 100h	dup(0)		; DATA XREF: MakeBackup+5o
					; MakeBackup+16o ...
szDotBak	db '.BAK',0             ; DATA XREF: MakeBackup+11o
szWeb1		db 'http://virogen.cjb.net',0 ; DATA XREF: pcs1:0040133Fo
szWeb2		db 'http://www.phrozencrew.com',0 ; DATA XREF: pcs1:0040135Co
szLineEnd	db 0Dh,0Ah		; DATA XREF: CompressPE+2C1o
		db 9,9,0
		dd 0Ch dup(0C4C4C4C4h),	0A0DC4C4h
szCaption	db 'Phrozen Crew PE Shrinker v0.70, (c)1999 Virogen/PC',0
					; DATA XREF: start+88o	start+AFo ...
szCompressOK	db 'Successfully compressed!',0Dh,0Ah ; DATA XREF: start+47o
					; start+6Do ...
		db ' Installed on file: ',9,0
		dd 64h dup(0)
aCompressedObje	db 0Dh,0Ah		; DATA XREF: start+68o	CompressPE+2C6o ...
		db ' Compressed objects: ',0
		dd 2Dh dup(0)
aOriginalSize	db 0Dh,0Ah		; DATA XREF: start+77o	CompressPE+5AAo ...
		db 'Original size: ',0
		dd 0Ch dup(0)
		db 2 dup(0)
dword_403473	dd 3 dup(0)		; DATA XREF: CompressPE+578o
					; CompressPE+5A5o
		db 3 dup(0)
aNewSize	db ' New size : ',0     ; DATA XREF: CompressPE+5B4o
dword_40348F	dd 3 dup(0)		; DATA XREF: CompressPE+59Bo
					; CompressPE+5C3o
		db 3 dup(0)
aFileAppearsToA	db 'File appears to already be compressed.',0 ; DATA XREF: CompressPE+A4o
szCompressError	db 'There was an error compressing the file!',0Dh,0Ah ; DATA XREF: start+A3o
					; start+B4o
		db 'Specified file: ',0
		dd 41h dup(0)
byte_403604	db 20h			; DATA XREF: CompressPE+317w
					; CompressPE+328o ...
dword_403605	dd 2 dup(0)		; DATA XREF: CompressPE+31Eo
					; CompressPE+394o
; CHAR szBuffer
szBuffer	db 0			; DATA XREF: pcs1:00401042o start+23o	...
		dd 3Fh dup(0)
		db 3 dup(0)
asc_40370D	db ' -> ',0             ; DATA XREF: CompressPE+39Eo
aPeExeFiles	db 'PE EXE files',0     ; DATA XREF: pcs1:0040137Do
a_exe		db '*.exe',0
aWorking__	db 'Working .. ',0
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
; struct _FILETIME LastWriteTime
LastWriteTime	dd 0			; dwLowDateTime	; DATA XREF: CompressPE+47o
					; CompressPE+558o
		dd 0			; dwHighDateTime
; struct _FILETIME LastAccessTime
LastAccessTime	dd 0			; dwLowDateTime	; DATA XREF: CompressPE+4Co
					; CompressPE+55Do
		dd 0			; dwHighDateTime
; struct _FILETIME CreationTime
CreationTime	dd 0			; dwLowDateTime	; DATA XREF: CompressPE+51o
					; CompressPE+562o
		dd 0			; dwHighDateTime
dword_403752	dd 0			; DATA XREF: sub_401E09+121o
dword_403756	dd 0			; DATA XREF: sub_401E09+EEw
; LPVOID lpMem
lpMem		dd 0			; DATA XREF: CompressIt+11w
					; CompressIt+4Br ...
dword_40375E	dd 0			; DATA XREF: CompressPE+572r
					; CompressPE+595r ...
dword_403762	dd 0			; DATA XREF: sub_401E09+29w
; LPCVOID lpBaseAddress
lpBaseAddress	dd 0			; DATA XREF: sub_401458+5Dr
					; sub_4015C4+Er ...
; DWORD	dwFileAttributes
dwFileAttributes dd 0			; DATA XREF: CompressPE+Bw
					; CompressPE+5DDr
; LPCSTR lpFileName
lpFileName	dd 0			; DATA XREF: start+23w	start+36r ...
lpPEHeader	dd 0			; DATA XREF: GetPEHeader+5w
		dd 0
; HANDLE hObject
hObject		dd 0			; DATA XREF: sub_401D60+3Ew
					; FreeFile+Br
dword_40377E	dd 0			; DATA XREF: sub_401E09+1Bw
; HANDLE hFile
hFile		dd 0			; DATA XREF: CompressPE+36w
					; CompressPE+3Br ...
dword_403786	dd 0			; DATA XREF: CompressIt+33w
		dd 0
dword_40378E	dd 0			; DATA XREF: CompressPE+113w
					; CompressPE+238r ...
dword_403792	dd 0			; DATA XREF: CompressPE+413w
					; CompressPE+524r
dword_403796	dd 0			; DATA XREF: CompressPE+41Bw
					; CompressPE+440r
dword_40379A	dd 0			; DATA XREF: CompressPE+424w
					; CompressPE+446r ...
CompressResult	db 0FFh			; DATA XREF: start+56r	start+5Fr ...
dword_40379F	dd 0			; DATA XREF: CompressPE+105w
					; sub_401D24+Cr
dword_4037A3	dd 0			; DATA XREF: CompressPE+198w
; DWORD	FileSizeHigh
FileSizeHigh	dd 0			; DATA XREF: sub_401D60+1o
dword_4037AB	dd 0			; DATA XREF: CompressPE+387r
					; CompressIt+57w ...
dword_4037AF	dd 0			; DATA XREF: CompressPE+27Dw
					; CompressPE+2ABw ...
dword_4037B3	dd 0			; DATA XREF: CompressPE+1AEw
					; CompressPE+20Cr ...
dword_4037B7	dd 0			; DATA XREF: sub_4013D7+51r
					; sub_401458+6r ...
dword_4037BB	dd 0			; DATA XREF: CompressPE+E1w
					; CompressPE+24Er ...
dword_4037BF	dd 0			; DATA XREF: CompressPE+267w
					; CompressPE+35Aw ...
dword_4037C3	dd 0			; DATA XREF: CompressPE+45Ew
					; CompressPE+51Er
		dd 0
dword_4037CB	dd 0			; DATA XREF: sub_401458+17r
					; sub_401458+1Dw ...
BufferInHeap	dd 0			; DATA XREF: AllocMemInHeap+2Ew
					; pcs1:00401503r ...
dword_4037D3	dd 0			; DATA XREF: AllocMemInHeap+12w
					; sub_40152A+5r ...
dword_4037D7	dd 0			; DATA XREF: sub_401458+26r
					; sub_401458+2Cw ...
ha_buzhidao	dd 0			; DATA XREF: sub_4013D7+35w
					; sub_4013D7+41w ...
; HANDLE hHeap
hHeap		dd 1B0000h		; DATA XREF: pcs1:00401005w
					; sub_401458+41r ...
dword_4037E3	dd 0			; DATA XREF: sub_4013D7+21r
					; sub_4013D7+58w ...
dword_4037E7	dd 0			; DATA XREF: CompressPE+469w
					; CompressPE+532r
; HINSTANCE hInstance
hInstance	dd 0			; DATA XREF: start+7w pcs1:00401267r
; HWND hWnd
hWnd		dd 0			; DATA XREF: start+CBr	pcs1:00401134w	...
; struct tagOFNA ofn
ofn		dd 0			; lStructSize ;	DATA XREF: pcs1:00401391w
					; pcs1:004013AFo ...
		dd 0			; hwndOwner
		dd 0			; hInstance
		dd 0			; lpstrFilter
		dd 0			; lpstrCustomFilter
		dd 0			; nMaxCustFilter
		dd 0			; nFilterIndex
		dd 0			; lpstrFile
		dd 0			; nMaxFile
		dd 0			; lpstrFileTitle
		dd 0			; nMaxFileTitle
		dd 0			; lpstrInitialDir
		dd 0			; lpstrTitle
		dd 0			; Flags
		dw 0			; nFileOffset
		dw 0			; nFileExtension
		dd 0			; lpstrDefExt
		dd 0			; lCustData
		dd 0			; lpfnHook
		dd 0			; lpTemplateName
dword_40383F	dd 0			; DATA XREF: sub_40164D+7w
					; sub_402222+16o ...
		dd 9 dup(0)
dword_403867	dd 0			; DATA XREF: sub_40164D+11w
		dd 9 dup(0)
dword_40388F	dd 0			; DATA XREF: sub_40164D+1r
					; CompressPE+3FAw
SectionMerging	dd 1			; DATA XREF: pcs1:004011CCw
					; pcs1:004012C5r ...
; UINT RestructureResourceData
RestructureResourceData	dd 1		; DATA XREF: pcs1:004011B7w
					; pcs1:004012AFr ...
dword_40389B	dd 1			; DATA XREF: CompressPE+220w
					; CompressPE+292r
BackupFile	dd 1			; DATA XREF: start+2Dr	pcs1:004011E1w	...
dword_4038A3	dd 0			; DATA XREF: sub_401E09+3Cw
					; sub_401F54+9r
dword_4038A7	dd 0			; DATA XREF: CompressIt+28w
					; CompressIt+44r ...
dword_4038AB	dd 0			; DATA XREF: sub_402050+4Cw
					; sub_402050+9Er ...
dword_4038AF	dd 0			; DATA XREF: sub_402050+77w
					; sub_402050+8Ar ...
dword_4038B3	dd 0			; DATA XREF: CompressIt+39w
					; pcs1:0040202Br
hProgress	dd 0			; DATA XREF: pcs1:00401301w
					; pcs1:0040203Fr
szSectionName	db 'pcs0',0             ; DATA XREF: CompressPE+2D2o
					; CompressPE+3DCr ...
CompressExportTable dd 0		; DATA XREF: pcs1:004011F6w
					; CompressPE+F9r
dword_4038C4	dd 0			; DATA XREF: CompressPE+F4w
					; sub_401D24+1r
; DWORD	ThreadId
ThreadId	dd 0			; DATA XREF: pcs1:004011FCo
		dd 2 dup(0)
hOK		dd 0			; DATA XREF: pcs1:0040116Er
					; pcs1:00401313w
hBrowse		dd 0			; DATA XREF: pcs1:0040117Br
					; pcs1:00401328w
dword_4038DC	dd 1, 2, 4, 5, 6, 7, 8,	9, 0Ah,	0Bh, 0Ch, 0Ah dup(0)
					; DATA XREF: sub_402291+3o
					; sub_4022A6+3o ...
szSkipedSectionName db '.tls.relBSS',0  ; DATA XREF: sub_401CF4+1Ao
		db 'ssb.',0
		db    0	;  
		db    0	;  
		db    0	;  
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@LoaderStart:				; DATA XREF: CompressPE+4A9o
					; CompressPE+52Ao
		pushf
		pusha

loc_403946:				; DATA XREF: CompressPE+4AEw
		mov	ebp, 0
		add	ss:xx[ebp], ebp
		push	ss:dword_403A50[ebp]
		push	40h
		call	ss:_GlobalAlloc[ebp]

		push	eax
		push	eax
		sub	eax, offset @LoaderPart2
		mov	dword ptr ss:(@LoaderPart2+1)[ebp], eax
		pop	edi
		lea	esi, @LoaderPart2[ebp]
		mov	ecx, 0FCh
		rep movsd
		pop	edi
		jmp	edi

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@LoaderPart2:				; DATA XREF: pcs1:00403961o
					; pcs1:0040396Dr ...
		mov	ebp, 0
		mov	esi, edi
		add	esi, 160h
		add	edi, 3ECh
		push	edi
		push	esi
		push	edi
		push	ebp
		push	edi
		push	esi
		call	@CopyCode

		add	esp, 8
		pop	ebp
		xchg	eax, ecx
		pop	esi
		pop	edi
		rep movsb
		jmp	loc_403ADD


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓

; Attributes: bp-based frame

@CopyCode	proc near		; CODE XREF: pcs1:00403996p
					; pcs1:00403B17p

regEsi		= dword	ptr  8
regEdi		= dword	ptr  0Ch

		push	ebp
		mov	ebp, esp
		pusha
		push	ebp
		mov	esi, [ebp+regEsi]
		mov	edi, [ebp+regEdi]
		cld
		mov	dl, 80h

loc_4039B7:				; CODE XREF: @CopyCode+14j
		movsb

loc_4039B8:				; CODE XREF: @CopyCode+36j
					; @CopyCode+7Fj
		call	sub_403A2A

		jnb	short loc_4039B7

		xor	ecx, ecx
		call	sub_403A2A

		jnb	short loc_4039E1

		xor	eax, eax
		call	sub_403A2A

		jnb	short loc_4039F2

		mov	al, 10h

loc_4039D3:				; CODE XREF: @CopyCode+31j
		call	sub_403A2A

		adc	al, al
		jnb	short loc_4039D3

		jnz	short loc_403A1F

		stosb
		jmp	short loc_4039B8

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4039E1:				; CODE XREF: @CopyCode+1Dj
		call	sub_403A36

		dec	ecx
		loop	loc_4039FE

		mov	eax, ebp
		call	sub_403A34

		jmp	short loc_403A20

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4039F2:				; CODE XREF: @CopyCode+26j
		lodsb
		shr	eax, 1
		jz	short loc_403A46

		adc	ecx, 2
		mov	ebp, eax
		jmp	short loc_403A20

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_4039FE:				; CODE XREF: @CopyCode+3Ej
		xchg	eax, ecx
		dec	eax
		shl	eax, 8
		lodsb
		mov	ebp, eax
		call	sub_403A34

		cmp	eax, 7D00h
		jnb	short loc_403A1E

		cmp	eax, 500h
		jnb	short loc_403A1F

		cmp	eax, 7Fh
		ja	short loc_403A20


loc_403A1E:				; CODE XREF: @CopyCode+67j
		inc	ecx

loc_403A1F:				; CODE XREF: @CopyCode+33j
					; @CopyCode+6Ej
		inc	ecx

loc_403A20:				; CODE XREF: @CopyCode+47j
					; @CopyCode+53j ...
		push	esi
		mov	esi, edi
		sub	esi, eax
		rep movsb
		pop	esi
		jmp	short loc_4039B8

@CopyCode	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_403A2A	proc near		; CODE XREF: @CopyCode+Fp
					; @CopyCode+18p ...
		add	dl, dl
		jnz	short locret_403A33

		mov	dl, [esi]
		inc	esi
		adc	dl, dl

locret_403A33:				; CODE XREF: sub_403A2A+2j
		retn

sub_403A2A	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_403A34	proc near		; CODE XREF: @CopyCode+42p
					; @CopyCode+5Dp
		xor	ecx, ecx
sub_403A34	endp


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


sub_403A36	proc near		; CODE XREF: @CopyCode+38p
		inc	ecx

loc_403A37:				; CODE XREF: sub_403A36+Dj
		call	sub_403A2A

		adc	ecx, ecx
		call	sub_403A2A

		jb	short loc_403A37

		retn

sub_403A36	endp

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403A46:				; CODE XREF: @CopyCode+4Cj
		pop	ebp
		sub	edi, [ebp+0Ch]
		mov	[ebp-4], edi
		popa
		pop	ebp
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
dword_403A50	dd 0			; DATA XREF: CompressPE+3C2r
					; CompressPE+3CAw ...
xx		dd offset dword_403D69	; DATA XREF: pcs1:0040394Bw
dword_403A58	dd 28h			; DATA XREF: CompressPE+4BAw
		dd 2 dup(0)
dword_403A64	dd 3Ch			; DATA XREF: CompressPE+4C0w
dword_403A68	dd 28h			; DATA XREF: CompressPE+4C6w
		dd 5 dup(0)
_LoadLibraryA	dd 49h			; DATA XREF: CompressPE+4CCw
					; pcs1:00403B6Cr ...
_GetProcAddress	dd 58h			; DATA XREF: CompressPE+4D2w
					; pcs1:00403B7Er ...
_GlobalAlloc	dd 69h			; DATA XREF: CompressPE+4D8w
					; pcs1:00403959r
_ExitProcess	dd 77h			; DATA XREF: CompressPE+4DEw
					; pcs1:00403B95r
		db    0	;  
		db    0	;  
		db    0	;  
		db    0	;  
aKernel32_dll	db 'KERNEL32.DLL',0
		db    0	;  
		db    0	;  
aLoadlibrarya	db 'LoadLibraryA',0
		db    0	;  
		db    0	;  
aGetprocaddress	db 'GetProcAddress',0
		db    0	;  
		db    0	;  
aGlobalalloc	db 'GlobalAlloc',0
		db    0	;  
		db    0	;  
aExitprocess	db 'ExitProcess',0
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403ADD:				; CODE XREF: pcs1:004039A4j
					; DATA XREF: sub_402185+45o ...
		pop	edi
		lea	esi, byte_403C71[ebp]

loc_403AE4:				; CODE XREF: pcs1:00403B25j
		push	ebp
		push	edi
		push	esi
		lodsd
		or	eax, eax
		jz	short loc_403B27

		xchg	eax, edx
		lodsd
		xchg	eax, ecx
		push	edi
		push	ecx
		mov	esi, edx
		rep movsb
		pop	ecx
		pop	edi
		cmp	edx, ss:dword_403C6D[ebp]
		jnz	short loc_403B15

		mov	eax, ss:dword_403C69[ebp]
		pusha
		mov	esi, edi
		mov	edi, edx
		mov	ecx, eax
		rep movsb
		popa
		add	edi, eax
		add	edx, eax
		sub	ecx, eax

loc_403B15:				; CODE XREF: pcs1:00403AFDj
		push	edx
		push	edi
		call	@CopyCode

		add	esp, 8
		pop	esi
		pop	edi
		pop	ebp
		add	esi, 8
		jmp	short loc_403AE4

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403B27:				; CODE XREF: pcs1:00403AEAj
		add	esp, 0Ch
		lea	esi, byte_403CC9[ebp]

loc_403B30:				; CODE XREF: pcs1:00403B5Cj
		lodsd
		or	eax, eax
		jz	short loc_403B5E

		xchg	eax, ebx
		lodsd
		xchg	eax, edx
		lodsd
		xchg	eax, ecx
		push	edi
		push	esi
		xchg	ebx, esi
		push	edi
		push	ecx
		rep movsb
		pop	ecx
		pop	esi
		mov	edi, edx
		rep movsb
		pop	esi
		lodsd
		xchg	eax, ecx
		xor	eax, eax
		rep stosb
		mov	edi, [esi-10h]
		mov	ecx, [esi-0Ch]
		sub	ecx, edi
		xor	eax, eax
		rep stosb
		pop	edi
		jmp	short loc_403B30

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403B5E:				; CODE XREF: pcs1:00403B33j
		call	@ProcessImportTable

		jnb	short @ProcessImportTableOK ; （正常跳）若处理引入表成功就跳向OEP

		lea	ebx, aUser32_dll[ebp] ;	"USER32.DLL"
		push	ebx
		call	ss:_LoadLibraryA[ebp]

		or	eax, eax
		jz	short @ExceptionExit ; 无法显示窗口，直接退出

		lea	ebx, aMessageboxa[ebp] ; "MessageBoxA"
		push	ebx
		push	eax
		call	ss:_GetProcAddress[ebp]	; 取MessageBoxA地址

		lea	ebx, aRequiredDllMissing[ebp] ;	"Required DLL missing!"
		push	30h
		push	0
		push	ebx
		push	0
		call	eax		; 显示出错


@ExceptionExit:				; CODE XREF: pcs1:00403B74j
		push	0
		call	ss:_ExitProcess[ebp]


@ProcessImportTableOK:			; CODE XREF: pcs1:00403B63j
		popa
		popf

@SetOEP:				; DATA XREF: CompressPE+507w
		mov	edx, 0
		jmp	edx		; JMP TO OEP


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


@ProcessImportTable proc near		; CODE XREF: pcs1:00403B5Ep
		mov	esi, ss:@ImportTableRVA[ebp]
		or	esi, esi
		jz	short @NoImportTable

		mov	edx, ss:@ImageBase[ebp]
		add	esi, edx

@ProcessThunkLoop:			; CODE XREF: @ProcessImportTable+22j
		push	edx
		push	esi
		call	@ProcessIID

		jb	short @ProcessThunkFailed

		add	esi, 14h	; sizeof IMAGE_IMPORT_DESCRIPTOR
		cmp	dword ptr [esi+0Ch], 0
		jnz	short @ProcessThunkLoop


@NoImportTable:				; CODE XREF: @ProcessImportTable+8j
		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@ProcessThunkFailed:			; CODE XREF: @ProcessImportTable+19j
		stc
		retn

@ProcessImportTable endp ; sp =	-8


; 〓〓〓〓〓〓〓〓 S U B R O U T I N E	〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓


@ProcessIID	proc near		; CODE XREF: @ProcessImportTable+14p
		pop	eax
		pop	esi
		pop	edx
		push	eax
		mov	ecx, [esi]
		mov	edi, [esi+10h]
		or	ecx, ecx	; OrginalFirstThunk是否可用？
		jnz	short @UseFirstThunk

		mov	ecx, edi

@UseFirstThunk:				; CODE XREF: @ProcessIID+Bj
		add	ecx, edx
		add	edi, edx
		mov	eax, [esi+0Ch]
		add	eax, edx
		push	ecx
		push	edx
		push	eax
		call	ss:_LoadLibraryA[ebp]

		pop	edx
		pop	ecx
		or	eax, eax
		jz	short @MissDLL

		mov	ss:@Module[ebp], eax

@ProcessThunk:				; CODE XREF: @ProcessIID+5Ej
		mov	ebx, [ecx]
		or	ebx, ebx
		jz	short @ThunkEnd

		test	ebx, IMAGE_ORDINAL_FLAG32
		jnz	short @Ordinal

		add	ebx, edx
		inc	ebx
		inc	ebx

@Ordinal:				; CODE XREF: @ProcessIID+39j
		and	ebx, 7FFFFFFFh
		push	ecx
		push	edx
		push	ebx
		push	ss:@Module[ebp]
		call	ss:_GetProcAddress[ebp]

		pop	edx
		pop	ecx
		or	eax, eax
		jz	short @MissDLL

		stosd			; 填充IAT
		add	ecx, 4		; 下一个Thunk
		jmp	short @ProcessThunk

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@ThunkEnd:				; CODE XREF: @ProcessIID+31j
		clc
		retn

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@MissDLL:				; CODE XREF: @ProcessIID+25j
					; @ProcessIID+58j
		stc
		retn

@ProcessIID	endp ; sp =  4

; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
aRequiredDllMissing db 'Required DLL missing!',0 ; DATA XREF: pcs1:00403B84r
aUser32_dll	db 'USER32.DLL',0       ; DATA XREF: pcs1:00403B65r
aMessageboxa	db 'MessageBoxA',0      ; DATA XREF: pcs1:00403B76r
@Module		dd 0			; DATA XREF: @ProcessIID+27w
					; @ProcessIID+48r
@ImportTableRVA	dd 0			; DATA XREF: CompressPE+4EAw
					; @ProcessImportTabler
@ImageBase	dd 0			; DATA XREF: CompressPE+E9w
					; CompressPE+29Fr ...
dword_403C69	dd 0			; DATA XREF: sub_4013D7+7Br
					; CompressPE+1FBw ...
dword_403C6D	dd 0			; DATA XREF: CompressPE+1B3w
					; CompressPE+287r ...
byte_403C71	db 0			; DATA XREF: CompressPE+25Co
					; pcs1:00403ADEr
		dd 13h dup(0)
		db 3 dup(0)
dword_403CC1	dd 2 dup(0)		; DATA XREF: CompressPE+271o
byte_403CC9	db 0			; DATA XREF: CompressPE+233o
					; CompressPE+243o ...
		dd 27h dup(0)
		db 3 dup(0)
dword_403D69	dd 0A5h	dup(0),	8C000000h, 40h,	0, 24000000h, 58000042h
					; DATA XREF: pcs1:00403A54o
		dd 8000041h, 41h, 0, 31000000h,	0D4000042h, 10000041h
		dd 41h,	0, 3E000000h, 0DC000042h, 40000041h, 41h, 0, 49000000h
		dd 0C000042h, 48000042h, 41h, 0, 56000000h, 14000042h
		dd 50000042h, 41h, 0, 62000000h, 1C000042h, 42h, 4 dup(0)
		dd 6C000000h, 78000042h, 8A000042h, 0A0000042h,	0B0000042h
		dd 0BE000042h, 0CC000042h, 0D8000042h, 0E8000042h, 0F8000042h
		dd 6000042h, 1A000043h,	2C000043h, 3C000043h, 4A000043h
		dd 60000043h, 6E000043h, 7C000043h, 8C000043h, 9C000043h
		dd 0A8000043h, 0B8000043h, 0CE000043h, 0E0000043h, 0EE000043h
		dd 43h,	10000044h, 1C000044h, 26000044h, 30000044h, 44h
		dd 3C000000h, 44h, 52000000h, 64000044h, 76000044h, 86000044h
		dd 98000044h, 0A6000044h, 0B2000044h, 0C8000044h, 0DA000044h
		dd 0E8000044h, 0F8000044h, 44h,	0A000000h, 45h,	1E000000h
		dd 45h,	2E000000h, 45h
		db    0	;  
		db    0	;  
		db    0	;  
pcs1		ends

[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》，视频+靶场+题目！助力进入CTF世界

收藏・1

点赞・10

打赏

最新回复 (5)
forgot 雪币： 6073 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3744 粉丝 15 关注私信	forgot 26 2004-5-16 17:19 2 楼 0 还想问一下最后的一大堆dword是什么?看不出来
forgot 雪币： 6073 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3744 粉丝 15 关注私信	forgot 26 2004-5-16 17:40 3 楼 0
iceplus 雪币： 227 活跃值： (130) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 96 粉丝 0 关注私信	iceplus 2004-5-16 18:59 4 楼 0 ; ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ; ┃ This file is generated by The Fast Disassembler (Fdasm v0.1 beta) ┃ ; ┃ Copyright (c) 2004 by IcePlus, <IcePlus@hotmail.com> ┃ ; ┃ Build Feb. 7. 2004 ┃ ; ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ DlgProc: ;对话框回调函数 enter 0000h, 00h push ebx push edi push esi mov eax, [ebp+08h] mov [_004037EFh], eax cmp dword [ebp+0Ch], 00000111h ;WM_COMMAND je _00401162h cmp dword [ebp+0Ch], 10h je _00401254h cmp dword [ebp+0Ch], 00000110h je _00401262h _00401159h: xor eax, eax pop esi pop edi pop ebx leave ret 0010h _00401162h: cmp dword [ebp+10h], 01h ;BUTTON_ID=='OK' jne _00401216h push 00h push dword [_004038D4h] call [EnableWindow] push 00h push dword [_004038D8h] call [EnableWindow] pushad call _0040243Fh popad push 000000FFh push _0040360Dh push 000003E8h push dword [_004037EFh] call [GetDlgItemTextA] push 000003ECh push dword [_004037EFh] call [IsDlgButtonChecked] mov [_00403897h], eax push 000003EDh push dword [_004037EFh] call [IsDlgButtonChecked] mov [_00403893h], eax push 000003F4h push dword [_004037EFh] call [IsDlgButtonChecked] mov [_0040389Fh], eax push 00000402h push dword [_004037EFh] call [IsDlgButtonChecked] mov [_004038C0h], eax pushad push _004038C8h push 00h push 00h push _0040106Fh ;线程回调函数 push 00h push 00h call [CreateThread] popad jmp _00401248h _00401216h: cmp dword [ebp+10h], 000003EBh je _00401373h cmp dword [ebp+10h], 02h je _00401254h cmp dword [ebp+10h], 000003F1h je _00401339h cmp dword [ebp+10h], 000003F0h je _00401356h jmp _00401159h _00401248h: mov eax, 00000001h pop esi pop edi pop ebx leave ret 0010h _00401254h: push 00h ;========================================================================== _0040243Fh: mov edi, _004038DCh xor eax, eax mov ecx, 00000010h repe stosd push 000003FFh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402468h push 01h call _004022A6h _00402468h: push 000003EAh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402483h push 02h call _004022A6h _00402483h: push 000003EEh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040249Eh push 03h call _004022A6h _0040249Eh: push 000003F6h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024B9h push 04h call _004022A6h _004024B9h: push 000003F7h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024D4h push 05h call _004022A6h _004024D4h: push 000003FCh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024EFh push 06h call _004022A6h _004024EFh: push 000003F8h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040250Ah push 07h call _004022A6h _0040250Ah: push 00000401h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402525h push 08h call _004022A6h _00402525h: push 000003FEh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402540h push 09h call _004022A6h _00402540h: push 000003FDh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040255Bh push 0Ah call _004022A6h _0040255Bh: push 000003FBh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402576h push 0Bh call _004022A6h _00402576h: push 000003FAh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402591h push 0Ch call _004022A6h _00402591h: push 000003F9h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004025ACh push 0Eh call _004022A6h _004025ACh: push 00000400h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004025C7h push 10h call _004022A6h _004025C7h: ret ;========================================================================== _004022A6h: pop edx pop ebx push edx mov esi, _004038DCh _004022AEh: lodsd cmp ebx, eax je _004022C3h or eax, eax jne _004022AEh sub esi, 04h mov [esi], ebx mov dword [esi+04h], 00000000h _004022C3h: ret ;========================================================================== _0040106F: ;ThreadFunction mov dword [_0040376Eh], _0040360Dh cmp dword [_0040389Fh], 01h jne _0040108Dh push dword [_0040376Eh] call _00402262h _0040108Dh: push dword [_0040376Eh] push _004031A3h call [lstrcat] call _00401666h cmp byte [_0040379Eh], FCh je _00401111h cmp byte [_0040379Eh], FFh je _004010E9h push _00403363h push _004031A3h call [lstrcat] push _0040342Fh push _004031A3h call [lstrcat] push 00h push _00403170h push _004031A3h push 00h call [MessageBoxA] xor eax, eax jmp _00401111h _004010E9h: push dword [_0040376Eh] push _004034C5h call [lstrcat] push 30h push _00403170h push _004034C5h push 00h call [MessageBoxA] mov eax, 00000002h _00401111h: push 00h push 00h push 10h push dword [_004037EFh] call [SendMessageA] push 00h call [ExitThread] ret ;========================================================================== _00402262h: pop ebx pop edi push ebx push edi push edi push _00403000h call [lstrcpy] pop edi push edi push _00403100h push _00403000h call [lstrcat] pop edi push 00h push _00403000h push edi call [CopyFileA] ret ;========================================================================== _00401666h: push dword [_0040376Eh] call [GetFileAttributesA] mov [_0040376Ah], eax cmp eax, FFh jne _0040167Ch ret _0040167Ch: push 20h push dword [_0040376Eh] call [SetFileAttributesA] mov esi, [_0040376Eh] call _00401DF3h call _00401DBEh jnb _0040169Ch ret _0040169Ch: mov [_00403782h], eax mov eax, [_00403782h] push eax call _00401E09h pop eax push _0040373Ah push _00403742h push _0040374Ah push eax call [GetFileTime] xor ecx, ecx call _00401D60h jb _00401BB9h cmp word [eax], 5A4Dh jne _00401BB9h call _00401D54h push 02h push esi call [IsBadReadPtr] or eax, eax jne _00401BB9h cmp word [esi], 4550h jne _00401BB9h cmp dword [esi+0Ch], 90909090h jne _00401722h push 10h push _00403170h push _0040349Eh push 00h call [MessageBoxA] mov byte [_0040379Eh], FCh jmp _00401BB9h _00401722h: call _00401DCBh mov ecx, 00001000h call _00401D60h jb _00401BB9h call _00401D54h mov dword [esi+0Ch], 90909090h movzx eax, word [esi+06h] mov [_004037BBh], eax mov eax, [esi+34h] mov [_00403C65h], eax mov eax, [esi+000000C0h] mov [_004038C4h], eax cmp dword [_004038C0h], 01h je _00401770h mov eax, [esi+78h] mov [_0040379Fh], eax _00401770h: movzx eax, word [esi+14h] add eax, 18h add eax, esi mov [_0040378Eh], eax mov ebx, [esi+000000D8h] or ebx, ebx je _0040179Fh call _00401FC6h add ebx, [_00403766h] mov ecx, [esi+000000DCh] mov edi, ebx xor eax, eax repe stosb _0040179Fh: mov ebx, [esi+000000A8h] or ebx, ebx je _004017BFh call _00401FC6h add ebx, [_00403766h] mov ecx, [esi+000000ACh] mov edi, ebx xor eax, eax stosb _004017BFh: mov dword [esi+000000D8h], 00000000h mov dword [esi+000000DCh], 00000000h mov dword [esi+000000D0h], 00000000h mov dword [esi+000000D4h], 00000000h mov dword [esi+000000A8h], 00000000h mov dword [esi+000000ACh], 00000000h mov eax, [esi+3Ch] mov [_004037A3h], eax push esi mov ebx, [esi+00000088h] mov eax, [esi+0000008Ch] or ebx, ebx je _00401872h mov [_004037B3h], eax mov [_00403C6Dh], ebx call _00401FC6h add ebx, [_00403766h] mov [_004037B7h], ebx call _004014CAh push ebx call _004013D7h cmp dword [_00403897h], 01h jne _00401868h call _0040152Ah xchg ebx, eax call _00401FC6h add ebx, [_00403766h] push ebx call _004015A6h sub eax, [_004037B7h] mov [_00403C69h], eax jmp _00401872h _00401868h: call _00401573h mov [_00403C69h], eax _00401872h: mov ebx, [_004037B3h] cmp eax, ebx jnb _00401886h sub ebx, eax cmp ebx, 00000200h jnb _00401890h _00401886h: mov dword [_0040389Bh], 00000000h _00401890h: cmp dword [_00403893h], 00h je _004018B3h push _00403CC9h push dword [_0040378Eh] call _00402050h push _00403CC9h call _00402222h _004018B3h: pop esi mov eax, [_004037BBh] mov [esi+06h], eax push esi mov eax, [_0040378Eh] mov edi, _00403C71h xor ecx, ecx mov cx, [esi+06h] _004018CDh: mov dword [_004037BFh], 00000000h cmp edi, _00403CC1h je _00401A42h mov dword [_004037AFh], 00000000h mov ebx, [_00403C6Dh] cmp [eax+0Ch], ebx jne _0040191Bh cmp dword [_0040389Bh], 01h jne _00401A42h mov ebx, [_00403C65h] add [_00403C6Dh], ebx mov dword [_004037AFh], 00000001h _0040191Bh: call _00401CF4h jb _00401A42h pushad push _00403137h push _00403363h call [lstrcat] popad pushad push _004038BBh push _00403363h call [lstrcat] popad push eax push ecx mov ebx, [eax+24h] or ebx, 80000000h mov [eax+24h], ebx mov ebx, [eax+0Ch] add ebx, [_00403C65h] mov [edi], ebx push edi mov esi, [eax+14h] add esi, [_00403766h] mov edi, esi push eax mov ecx, [eax+08h] mov edx, [eax+10h] cmp ecx, edx jna _0040197Ah mov ecx, edx _0040197Ah: pushad xchg edx, ecx mov byte [_00403604h], 09h mov edi, _00403605h call _00401F9Eh push _00403604h push _00403363h call [lstrcat] popad cmp dword [_004037AFh], 01h jne _004019D7h sub ecx, [_00403C69h] add esi, [_00403C69h] mov edi, esi call _00401C55h add eax, [_00403C69h] mov [_004037BFh], eax call _0040164Dh push eax call _00401DE2h mov [_004037B3h], eax jmp _004019ECh _004019D7h: call _00401C55h mov [_004037BFh], eax call _0040164Dh push eax call _00401DE2h _004019ECh: pushad mov edx, [_004037ABh] mov byte [_00403604h], 20h mov edi, _00403605h call _00401F9Eh push _0040370Dh push _00403363h call [lstrcat] push _00403604h push _00403363h call [lstrcat] popad pop ecx pop edx mov ebx, [edx+10h] cmp ebx, [_00403A50h] jna _00401A36h mov [_00403A50h], ebx _00401A36h: pop edi mov [edx+10h], eax mov [edi+04h], ecx add edi, 08h pop ecx pop eax _00401A42h: mov ebx, [_004038BBh] bswap ebx inc bl bswap ebx mov [eax], ebx mov [_004038BBh], ebx mov dword [eax+04h], 00000000h add eax, 28h add dword [_0040388Fh], 04h loopd _00401A6Bh jmp _00401A70h _00401A6Bh: jmp _004018CDh _00401A70h: pop esi sub eax, 28h mov edi, eax mov eax, [edi+14h] mov [_00403792h], eax mov ecx, [edi+10h] mov [_00403796h], ecx mov eax, [edi+08h] mov [_0040379Ah], eax cmp eax, ecx jnb _00401A95h mov eax, ecx _00401A95h: add eax, 00005425h mov [edi+08h], eax cmp dword [_004037BFh], 00h jne _00401ABFh mov ecx, [_00403796h] mov eax, [_0040379Ah] cmp eax, ecx jna _00401AC4h mov eax, ecx mov [_0040379Ah], ecx jmp _00401AC4h _00401ABFh: mov eax, [_004037BFh] _00401AC4h: mov [_004037C3h], eax push eax add eax, 00000425h mov [_004037E7h], eax call _00401DE2h mov [edi+10h], eax mov ecx, [esi+38h] mov eax, [edi+08h] add eax, [edi+0Ch] call _00401DE7h mov [esi+50h], eax add dword [_00403A50h], 00000425h pop eax mov dword [edi+24h], E0000020h add eax, [edi+0Ch] mov ebx, [esi+28h] mov [esi+28h], eax push eax add eax, [_00403C65h] sub eax, _00403944h mov [_00403947h], eax pop eax pushad add eax, 00000114h add [_00403A58h], eax add [_00403A64h], eax add [_00403A68h], eax add [_00403A80h], eax add [_00403A84h], eax add [_00403A88h], eax add [_00403A8Ch], eax mov ecx, [esi+00000080h] mov [_00403C61h], ecx mov [esi+00000080h], eax mov dword [esi+00000084h], 00000085h popad add ebx, [_00403C65h] mov [_00403B9Eh], ebx push esi call _00402185h mov ecx, 00000425h mov edi, [_00403766h] add edi, [_004037C3h] add edi, [_00403792h] mov esi, _00403944h repe movsb pop esi mov eax, [_004037E7h] push eax call _00401DE2h pop ecx xchg ecx, eax sub ecx, eax xor eax, eax repe stosb call _00401DCBh mov byte [_0040379Eh], 00h jmp _00401BBEh _00401BB9h: call _00401DCBh _00401BBEh: push _0040373Ah push _00403742h push _0040374Ah push dword [_00403782h] call [SetFileTime] mov edx, [_0040375Eh] mov edi, _00403473h call _00401F9Eh cmp byte [_0040379Eh], 00h jne _00401BFBh mov eax, [_00403782h] call _00401E09h _00401BFBh: mov edx, [_0040375Eh] mov edi, _0040348Fh call _00401F9Eh push _00403473h push _0040342Fh call [lstrcat] push _00403482h push _0040342Fh call [lstrcat] push _0040348Fh push _0040342Fh call [lstrcat] push dword [_00403782h] call [CloseHandle] push dword [_0040376Ah] push dword [_0040376Eh] call [SetFileAttributesA] ret ;========================================================================== _00401DF3h: push 00h push 20h push 03h push 00h push 00h push C0000000h push esi call [CreateFileA] ret ;========================================================================== _00401DBEh: cmp eax, FFh je _00401DC9h or eax, eax je _00401DC9h clc ret _00401DC9h: stc ret ;========================================================================== _00401E09h: xor ecx, ecx call _00401D60h jb _00401BB9h mov ecx, [_0040375Eh] or ecx, ecx je _00401F4Eh mov [_0040377Eh], ecx call _00401D54h mov eax, [esi+3Ch] mov [_00403762h], eax xor eax, eax mov ax, [esi+14h] add eax, 18h add eax, esi push esi push eax xchg edi, eax mov [_004038A3h], edi movzx ecx, word [esi+06h] xor ebx, ebx _00401E51h: call _00401F54h inc ebx cmp ebx, ecx je _00401E5Dh jmp _00401E51h _00401E5Dh: pop eax pop esi pushad push eax push esi call _004015F3h popad push eax xor edx, edx mov ecx, 00000028h xor eax, eax mov ax, [esi+06h] inc eax mul ecx xchg ebx, eax pop eax push eax add eax, ebx mov ecx, [esi+3Ch] call _00401DE7h xchg ebx, eax pop eax mov ecx, ebx sub ecx, [_00403766h] mov [esi+54h], ecx mov ecx, 00000200h mov [esi+3Ch], ecx movzx ecx, word [esi+06h] mov edi, ebx _00401EA1h: push eax push ecx mov ecx, edi sub ecx, [_00403766h] mov esi, [eax+14h] mov [eax+14h], ecx mov ebx, [eax+08h] cmp ebx, [eax+10h] jg _00401EC9h mov ecx, 00000200h push eax xchg ebx, eax call _00401DE7h xchg ebx, eax pop eax jmp _00401ECCh _00401EC9h: mov ebx, [eax+10h] _00401ECCh: mov [eax+10h], ebx add esi, [_00403766h] mov ecx, ebx repe movsb pop ecx pop eax add eax, 28h loopd _00401EA1h sub eax, 28h mov ecx, [eax+10h] add ecx, [eax+14h] push ecx call _00401DCBh mov byte [_0040379Eh], 00h pop ecx mov [_00403756h], ecx push 00h push 00h push ecx push dword [_00403782h] call [SetFilePointer] push dword [_00403782h] call [SetEndOfFile] xor ecx, ecx call _00401D60h jb _00401F53h call _00401D54h lea eax, [esi+58h] push eax push _00403752h push dword [_0040375Eh] push dword [_00403766h] call [CheckSumMappedFile] call _00401DCBh mov byte [_0040379Eh], 00h jmp _00401F53h _00401F4Eh: call _00401DCBh _00401F53h: ret ;========================================================================== _00401D60h: push ecx push _004037A7h push dword [_00403782h] call [GetFileSize] call _00401DBEh jnb _00401D7Bh pop ecx jmp _00401DBDh _00401D7Bh: mov [_0040375Eh], eax pop ecx add eax, ecx push 00h push eax push 00h push 04h push 00h push dword [_00403782h] call [CreateFileMappingA] call _00401DBEh jb _00401DBDh mov [_0040377Ah], eax push 00h push 00h push 00h push 02h push eax call [MapViewOfFile] call _00401DBEh jb _00401DBDh mov [_00403766h], eax _00401DBDh: ret ;========================================================================== _00401D54h: mov esi, [eax+3Ch] add esi, eax mov [_00403772h], esi ret ;========================================================================== _00401DCBh: push dword [_00403766h] call [UnmapViewOfFile] push dword [_0040377Ah] call [CloseHandle] ret ;========================================================================== _00401FC6h: push esi push edi push edx push ecx push eax mov eax, [_0040378Eh] mov ecx, [_004037BBh] _00401FD6h: mov edx, [eax+0Ch] cmp edx, ebx ja _00401FE2h add eax, 28h loopd _00401FD6h _00401FE2h: sub eax, 28h sub ebx, [eax+0Ch] add ebx, [eax+14h] pop eax pop ecx pop edx pop edi pop esi ret ;========================================================================== _004014CAh: push 00001F40h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004037D3h], eax mov [_004037D7h], eax push 00001F40h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004037CFh], eax mov [_004037CBh], eax ret ;========================================================================== _004013D7h: pop eax pop esi push eax or esi, esi je _00401452h movzx ecx, word [esi+0Ch] add cx, [esi+0Eh] add esi, 10h or ecx, ecx je _00401452h _004013EDh: mov ebx, [esi+04h] test ebx, 80000000h je _00401449h cmp dword [_004037E3h], 00h jne _00401422h pushad push dword [esi] call _00402291h popad jnb _00401418h mov dword [_004037DBh], 00000000h jmp _00401422h _00401418h: mov dword [_004037DBh], 00000001h _00401422h: and ebx, 7FFFFFFFh add ebx, [_004037B7h] pushad inc dword [_004037E3h] push ebx call _004013D7h dec dword [_004037E3h] popad _00401442h: add esi, 08h loopd _004013EDh jmp _00401452h _00401449h: pushad call _00401458h popad jmp _00401442h _00401452h: mov eax, [_00403C69h] ret ;========================================================================== _0040152Ah: push ebx push ecx push edx push esi push edi push dword [_004037D3h] call _00401552h push eax push dword [_004037CFh] call _00401552h pop ebx cmp ebx, eax ja _0040154Ch xchg ebx, eax _0040154Ch: pop edi pop esi pop edx pop ecx pop ebx ret ;========================================================================== _004015A6h: pop eax pop edi push eax push dword [_004037CFh] push edi call _004015C4h push eax push dword [_004037D3h] push eax call _004015C4h pop eax ret ;========================================================================== _00401573h: push ebx push ecx push edx push esi push edi push dword [_004037CFh] call _00401589h pop edi pop esi pop edx pop ecx pop ebx ret ;========================================================================== _00402050h: pop edx pop eax pop edi push edx mov ecx, [_004037BBh] dec ecx xor ebp, ebp _0040205Dh: push ecx call _00401CF4h jnb _0040206Dh xor ebp, ebp je _0040215Eh _0040206Dh: cmp ebp, 01h je _0040207Ch mov ebp, 00000001h jmp _0040215Eh _0040207Ch: push eax mov ebx, [eax-14h] add ebx, [eax-18h] add ebx, [_00403766h] push edi mov edi, ebx call _0040216Ch mov ecx, edi sub ecx, [eax-14h] sub ecx, [_00403766h] mov [_004038ABh], ecx mov ebx, edi pop edi pop eax push eax push ebx mov ebx, [eax+14h] add ebx, [eax+10h] add ebx, [_00403766h] push edi mov edi, ebx call _0040216Ch mov ecx, edi sub ecx, [eax+14h] sub ecx, [_00403766h] mov [_004038AFh], ecx pop edi mov ebp, edi pop edi mov esi, [eax+14h] add esi, [_00403766h] mov ecx, [_004038AFh] repe movsb pop eax mov ebx, [eax+34h] mov ecx, [eax-1Ch] sub ebx, ecx mov [eax-20h], ebx mov ebx, [_004038ABh] add ebx, [_004038AFh] mov [eax-18h], ebx mov edi, ebp mov ebx, [eax+0Ch] add ebx, [_00403C65h] mov [edi+04h], ebx mov ebx, [eax-1Ch] add ebx, [_004038ABh] add ebx, [_00403C65h] mov [edi], ebx mov ebx, [_004038AFh] mov [edi+08h], ebx mov ecx, [eax+34h] sub ecx, [eax+0Ch] sub ecx, ebx mov [edi+0Ch], ecx add edi, 10h pop ecx push ecx push eax inc ecx mov eax, ecx xor edx, edx mov ecx, 00000028h mul ecx mov ecx, eax pop eax mov esi, eax add esi, 28h push edi mov edi, eax repe movsb pop edi dec dword [_004037BBh] mov ebp, 00000001h sub eax, 28h _0040215Eh: pop ecx add eax, 28h loopd _00402166h jmp _0040216Bh _00402166h: jmp _0040205Dh _0040216Bh: ret ;========================================================================== _00402222h: pop eax pop ebx push eax pushad xchg edi, ebx add edi, 000000B0h _0040222Eh: sub edi, 10h cmp dword [edi], 00h je _0040222Eh xchg esi, edi mov edi, _0040383Fh _0040223Dh: mov ecx, 00000004h repe movsd sub esi, 20h cmp esi, _00403CC9h jnb _0040223Dh mov esi, _0040383Fh mov edi, _00403CC9h mov ecx, 000000A0h repe movsb popad ret ;========================================================================== _00401CF4h: push esi cmp dword [eax+14h], 00h je _00401D21h cmp dword [eax+10h], 00h je _00401D21h cmp dword [eax+08h], 50h jna _00401D21h call _00401D24h jb _00401D21h mov esi, _00403930h _00401D13h: xchg ebx, eax lodsd xchg ebx, eax cmp ebx, [eax] je _00401D21h or ebx, ebx jne _00401D13h pop esi clc ret _00401D21h: pop esi stc ret ;========================================================================== _00401F9Eh: push edi mov ecx, 00000003h xor eax, eax repe stosd pop edi mov eax, edx mov esi, 0000000Ah xor ecx, ecx _00401FB2h: xor edx, edx div esi push edx inc ecx or eax, eax jne _00401FB2h _00401FBCh: pop edx add dl, 30h mov al, dl stosb loopd _00401FBCh ret ;========================================================================== _00401C55h: push ecx push esi push ecx push ecx push 08h push dword [_004037DFh] call [HeapAlloc] mov [_0040375Ah], eax push 000A0000h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004038A7h], eax pop ecx cmp ecx, 50h jna _00401CC1h mov [_00403786h], esi mov [_004038B3h], ecx push _0040201Ch push dword [_004038A7h] push ecx push dword [_0040375Ah] push esi call [_aP_pack] mov [_004037ABh], eax or eax, eax je _00401CC1h pop edi pop ecx mov esi, [_0040375Ah] repe movsb jmp _00401CC8h _00401CC1h: pop edi pop ecx mov [_004037ABh], eax _00401CC8h: push dword [_0040375Ah] push 00h push dword [_004037DFh] call [HeapFree] push dword [_004038A7h] push 00h push dword [_004037DFh] call [HeapFree] mov eax, [_004037ABh] ret ;========================================================================== _0040164Dh: push ebx mov ebx, [_0040388Fh] mov dword [ebx+_0040383Fh], 00000001h mov [ebx+_00403867h], eax pop ebx ret ;========================================================================== _00401DE2h: mov ecx, 00000200h xor edx, edx div ecx or edx, edx je _00401DF0h inc eax _00401DF0h: mul ecx ret ;========================================================================== _00401DE7h: xor edx, edx div ecx or edx, edx je _00401DF0h inc eax _00401DF0h: mul ecx ret ;========================================================================== _00402185h: push esi push edi push ecx push edx mov ecx, 0000028Ch push ecx push ecx push 08h push dword [_004037DFh] call [HeapAlloc] mov [_0040375Ah], eax push 000FA000h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004038A7h], eax pop ecx push ecx push 00h push dword [_004038A7h] push ecx push dword [_0040375Ah] push _00403ADDh call [_aP_pack] push eax mov ecx, eax mov esi, [_0040375Ah] mov edi, _00403ADDh repe movsb push dword [_004038A7h] push 00h push dword [_004037DFh] call [HeapFree] push dword [_0040375Ah] push 00h push dword [_004037DFh] call [HeapFree] pop ecx pop eax sub eax, ecx push eax mov edi, _00403ADDh add edi, ecx mov ecx, eax xor eax, eax repe stosb pop eax pop edx pop ecx pop edi pop esi ret ;========================================================================== _00401F54h: push ebx push ecx mov eax, 00000028h mul bl add eax, [_004038A3h] mov esi, eax mov eax, [esi+10h] mov ecx, eax add eax, [esi+14h] add eax, [_00403766h] mov edi, eax dec edi xor eax, eax std repe scasb cld add edi, 02h sub edi, [esi+14h] sub edi, [_00403766h] mov ecx, 00000200h xchg edi, eax call _00401DE7h cmp eax, [esi+10h] jnl _00401F9Bh mov [esi+10h], eax _00401F9Bh: pop ecx pop ebx ret ;========================================================================== _004015F3h: pop eax pop esi pop edi push eax mov edx, [esi+000000A0h] or edx, edx je _0040164Ch movzx ecx, word [esi+06h] _00401605h: cmp [edi+0Ch], edx je _00401611h add edi, 28h loopd _00401605h jmp _0040164Ch _00401611h: cmp ecx, 01h jne _00401625h dec word [esi+06h] pushad xor eax, eax mov ecx, 00000028h repe stosb popad _00401625h: mov dword [edi+10h], 00000000h mov dword [esi+000000A0h], 00000000h mov dword [esi+000000A4h], 00000000h mov ax, [esi+16h] or ax, 0001h mov [esi+16h], ax _0040164Ch: ret ;========================================================================== _00402291h: pop edx pop ebx push edx mov esi, _004038DCh _00402299h: lodsd or eax, eax je _004022A4h cmp eax, ebx jne _00402299h clc ret _004022A4h: stc ret ;========================================================================== _00401458h: and ebx, 7FFFFFFFh add ebx, [_004037B7h] mov esi, ebx cmp dword [_004037DBh], 01h je _0040147Eh mov edx, [_004037CBh] add dword [_004037CBh], 08h jmp _0040148Bh _0040147Eh: mov edx, [_004037D7h] add dword [_004037D7h], 08h _0040148Bh: mov [edx], esi mov ecx, [esi+04h] push ebx push ecx push edx push esi push edi push ebp push ecx push 08h push dword [_004037DFh] call [HeapAlloc] pop ebp pop edi pop esi pop edx pop ecx pop ebx mov [edx+04h], eax push eax mov ebx, [esi] call _00401FC6h add ebx, [_00403766h] pop edi mov ecx, [esi+04h] mov esi, ebx repe movsb sub ebx, [_004037B7h] ret ;========================================================================== _00401552h: pop eax pop esi push eax mov edx, FFFFFFFFh _0040155Ah: mov eax, [esi] or eax, eax je _00401571h mov ebx, [eax] or ebx, ebx je _0040156Ch cmp ebx, edx jnb _0040156Ch mov edx, ebx _0040156Ch: add esi, 08h jmp _0040155Ah _00401571h: xchg edx, eax ret ;========================================================================== _004015C4h: pop eax pop edi pop edx push eax _004015C8h: mov eax, [edx] or eax, eax je _004015F0h mov ebx, [eax] mov ebx, edi sub ebx, [_00403766h] push eax push edx call _00401FF1h pop edx pop eax mov [eax], ebx mov esi, [edx+04h] mov ecx, [eax+04h] repe movsb add edx, 08h jmp _004015C8h _004015F0h: mov eax, edi ret ;========================================================================== _00401589h: pop eax pop esi push eax xor edx, edx _0040158Eh: mov eax, [esi] or eax, eax je _004015A4h mov ebx, [eax] add ebx, [eax+04h] cmp ebx, edx jna _0040159Fh mov edx, ebx _0040159Fh: add esi, 08h jmp _0040158Eh _004015A4h: xchg edx, eax ret ;========================================================================== _0040216Ch: push eax push edi std mov ecx, 0FFFFFFFh xor eax, eax repe scasb add edi, 04h cld pop edx cmp edx, edi jnb _00402183h mov edi, edx _00402183h: pop eax ret ;========================================================================== _00401D24h: pushad mov edx, [_004038C4h] cmp [eax+0Ch], edx je _00401D51h mov edx, [_0040379Fh] or edx, edx je _00401D4Eh mov ebx, [eax+0Ch] cmp ebx, edx jg _00401D4Eh je _00401D51h mov ebx, [eax+34h] or ebx, ebx je _00401D21h cmp ebx, edx jg _00401D51h _00401D4Eh: popad clc ret _00401D51h: popad stc ret ;========================================================================== _00401FF1h: push esi push edi push edx push ecx push eax mov eax, [_0040378Eh] mov ecx, [_004037BBh] _00402001h: mov edx, [eax+14h] cmp edx, ebx ja _0040200Dh add eax, 28h loopd _00402001h _0040200Dh: sub eax, 28h sub ebx, [eax+14h] add ebx, [eax+0Ch] pop eax pop ecx pop edx pop edi pop esi ret ;========================================================================== _0040201Ch: mov eax, [esp+04h] xor edx, edx mov ecx, 00000064h mul ecx xor edx, edx mov ecx, [_004038B3h] or ecx, ecx je _0040204Ah div ecx push 00h push eax push 00000402h push dword [_004038B7h] call [SendMessageA] _0040204Ah: mov eax, 00000001h ret ;========================================================================== ; UNPACK LOADER _00403944h: pushfd pushad mov ebp, 00000000h add [ebp+_00403A54h], ebp push dword [ebp+_00403A50h] push 40h call dword [ebp+_00403A88h] push eax push eax sub eax, _0040397Dh mov [ebp+_0040397Eh], eax pop edi lea esi, [ebp+_0040397Dh] mov ecx, 000000FCh repe movsd pop edi jmp edi mov ebp, 00000000h mov esi, edi add esi, 00000160h add edi, 000003ECh push edi push esi push edi push ebp push edi push esi call _004039A9h add esp, 08h pop ebp xchg ecx, eax pop esi pop edi repe movsb jmp _00403ADDh ;========================================================================== _004039A9h: push ebp mov ebp, esp pushad push ebp mov esi, [ebp+08h] mov edi, [ebp+0Ch] cld mov dl, 80h _004039B7h: movsb _004039B8h: call _00403A2Ah jnb _004039B7h xor ecx, ecx call _00403A2Ah jnb _004039E1h xor eax, eax call _00403A2Ah jnb _004039F2h mov al, 10h _004039D3h: call _00403A2Ah adc al, al jnb _004039D3h jne _00403A1Fh stosb jmp _004039B8h _004039E1h: call _00403A36h dec ecx loopd _004039FEh mov eax, ebp call _00403A34h jmp _00403A20h _004039F2h: lodsb shr eax, 01h je _00403A46h adc ecx, 02h mov ebp, eax jmp _00403A20h _004039FEh: xchg ecx, eax dec eax shl eax, 08h lodsb mov ebp, eax call _00403A34h cmp eax, 00007D00h jnb _00403A1Eh cmp eax, 00000500h jnb _00403A1Fh cmp eax, 7Fh ja _00403A20h _00403A1Eh: inc ecx _00403A1Fh: inc ecx _00403A20h: push esi mov esi, edi sub esi, eax repe movsb pop esi jmp _004039B8h add dl, dl jne _00403A33h mov dl, [esi] inc esi adc dl, dl _00403A33h: ret xor ecx, ecx inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret _00403A46h: pop ebp sub edi, [ebp+0Ch] mov [ebp-04h], edi popad pop ebp ret ;========================================================================== _00403A2Ah: add dl, dl jne _00403A33h mov dl, [esi] inc esi adc dl, dl _00403A33h: ret ;========================================================================== _00403A34h: xor ecx, ecx ;========================================================================== _00403A36h: inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret ;========================================================================== _00403ADDh: pop edi lea esi, [ebp+_00403C71h] _00403AE4h: push ebp push edi push esi lodsd or eax, eax je _00403B27h xchg edx, eax lodsd xchg ecx, eax push edi push ecx mov esi, edx repe movsb pop ecx pop edi cmp edx, [ebp+_00403C6Dh] jne _00403B15h mov eax, [ebp+_00403C69h] pushad mov esi, edi mov edi, edx mov ecx, eax repe movsb popad add edi, eax add edx, eax sub ecx, eax _00403B15h: push edx push edi call _004039A9h add esp, 08h pop esi pop edi pop ebp add esi, 08h jmp _00403AE4h _00403B27h: add esp, 0Ch lea esi, [ebp+_00403CC9h] _00403B30h: lodsd or eax, eax je _00403B5Eh xchg ebx, eax lodsd xchg edx, eax lodsd xchg ecx, eax push edi push esi xchg esi, ebx push edi push ecx repe movsb pop ecx pop esi mov edi, edx repe movsb pop esi lodsd xchg ecx, eax xor eax, eax repe stosb mov edi, [esi-10h] mov ecx, [esi-0Ch] sub ecx, edi xor eax, eax repe stosb pop edi jmp _00403B30h _00403B5Eh: call _00403BA4h jnb _00403B9Bh lea ebx, [ebp+_00403C46h] push ebx call dword [ebp+_00403A80h] or eax, eax je _00403B93h lea ebx, [ebp+_00403C51h] push ebx push eax call dword [ebp+_00403A84h] lea ebx, [ebp+_00403C30h] push 30h push 00h push ebx push 00h call eax _00403B93h: push 00h call dword [ebp+_00403A8Ch] _00403B9Bh: popad popfd mov edx, 00000000h jmp edx ;========================================================================== _00403BA4h: mov esi, [ebp+_00403C61h] or esi, esi je _00403BC8h mov edx, [ebp+_00403C65h] add esi, edx _00403BB6h: push edx push esi call _00403BCCh jb _00403BCAh add esi, 14h cmp dword [esi+0Ch], 00h jne _00403BB6h _00403BC8h: clc ret _00403BCAh: stc ret ;========================================================================== _00403A34h: xor ecx, ecx inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret ;========================================================================== _00403BCCh: pop eax pop esi pop edx push eax mov ecx, [esi] mov edi, [esi+10h] or ecx, ecx jne _00403BDBh mov ecx, edi _00403BDBh: add ecx, edx add edi, edx mov eax, [esi+0Ch] add eax, edx push ecx push edx push eax call dword [ebp+_00403A80h] pop edx pop ecx or eax, eax je _00403C2Eh mov [ebp+_00403C5Dh], eax _00403BF9h: mov ebx, [ecx] or ebx, ebx je _00403C2Ch test ebx, 80000000h jne _00403C0Bh add ebx, edx inc ebx inc ebx _00403C0Bh: and ebx, 7FFFFFFFh push ecx push edx push ebx push dword [ebp+_00403C5Dh] call dword [ebp+_00403A84h] pop edx pop ecx or eax, eax je _00403C2Eh stosd add ecx, 04h jmp _00403BF9h _00403C2Ch: clc ret _00403C2Eh: stc ret ;************************************************************************** _00403000h _00403100h _00403137h _00403170h _004031A3h _00403363h _0040342Fh _00403473h _00403482h _0040348Fh _0040349Eh _004034C5h _00403604h _00403605h _0040360Dh _0040370Dh _0040373Ah _00403742h _0040374Ah _00403752h _00403756h _0040375Ah _0040375Eh _00403762h _00403766h _0040376Ah _0040376Eh _00403772h _0040377Ah _0040377Eh _00403782h _00403786h _0040378Eh _00403792h _00403796h _0040379Ah _0040379Eh _0040379Fh _004037A3h _004037A7h _004037ABh _004037AFh _004037B3h _004037B7h _004037BBh _004037BFh _004037C3h _004037CBh _004037CFh _004037D3h _004037D7h _004037DBh _004037DFh _004037E3h _004037E7h _004037EFh _0040383Fh _00403867h _0040388Fh _00403893h _00403897h _0040389Bh _0040389Fh _004038A3h _004038A7h _004038ABh _004038AFh _004038B3h _004038B7h _004038BBh _004038C0h _004038C4h _004038C0h _004038C8h _004038D4h _004038D8h _004038DCh _00403930h _00403944h _00403947h _00403A50h _00403A58h _00403A64h _00403A68h _00403A80h _00403A84h _00403A88h _00403A8Ch _00403ADDh _00403B9Eh _00403C30h _00403C46h _00403C51h _00403C5Dh _00403C61h _00403C65h _00403C69h _00403C6Dh _00403C6Dh _00403C71h _00403CC1h _00403CC9h 本代码的着色效果由xTiNt自动完成下载xTiNt http://211.90.75.84/web/kanaun/download/xTiNt.rar
iceplus 雪币： 227 活跃值： (130) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 96 粉丝 0 关注私信	iceplus 2004-5-16 19:23 5 楼 0 后面的DD好象没有什么用，你把它全填为零看看
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-5-16 20:34 6 楼 0 谢谢，学习一下:D
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

forgot

155

发帖

3744

回帖

1060

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (5)
forgot 雪币： 6073 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3744 粉丝 15 关注私信	forgot 26 2004-5-16 17:19 2 楼 0 还想问一下最后的一大堆dword是什么?看不出来
forgot 雪币： 6073 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3744 粉丝 15 关注私信	forgot 26 2004-5-16 17:40 3 楼 0
iceplus 雪币： 227 活跃值： (130) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 96 粉丝 0 关注私信	iceplus 2004-5-16 18:59 4 楼 0 ; ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ; ┃ This file is generated by The Fast Disassembler (Fdasm v0.1 beta) ┃ ; ┃ Copyright (c) 2004 by IcePlus, <IcePlus@hotmail.com> ┃ ; ┃ Build Feb. 7. 2004 ┃ ; ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ DlgProc: ;对话框回调函数 enter 0000h, 00h push ebx push edi push esi mov eax, [ebp+08h] mov [_004037EFh], eax cmp dword [ebp+0Ch], 00000111h ;WM_COMMAND je _00401162h cmp dword [ebp+0Ch], 10h je _00401254h cmp dword [ebp+0Ch], 00000110h je _00401262h _00401159h: xor eax, eax pop esi pop edi pop ebx leave ret 0010h _00401162h: cmp dword [ebp+10h], 01h ;BUTTON_ID=='OK' jne _00401216h push 00h push dword [_004038D4h] call [EnableWindow] push 00h push dword [_004038D8h] call [EnableWindow] pushad call _0040243Fh popad push 000000FFh push _0040360Dh push 000003E8h push dword [_004037EFh] call [GetDlgItemTextA] push 000003ECh push dword [_004037EFh] call [IsDlgButtonChecked] mov [_00403897h], eax push 000003EDh push dword [_004037EFh] call [IsDlgButtonChecked] mov [_00403893h], eax push 000003F4h push dword [_004037EFh] call [IsDlgButtonChecked] mov [_0040389Fh], eax push 00000402h push dword [_004037EFh] call [IsDlgButtonChecked] mov [_004038C0h], eax pushad push _004038C8h push 00h push 00h push _0040106Fh ;线程回调函数 push 00h push 00h call [CreateThread] popad jmp _00401248h _00401216h: cmp dword [ebp+10h], 000003EBh je _00401373h cmp dword [ebp+10h], 02h je _00401254h cmp dword [ebp+10h], 000003F1h je _00401339h cmp dword [ebp+10h], 000003F0h je _00401356h jmp _00401159h _00401248h: mov eax, 00000001h pop esi pop edi pop ebx leave ret 0010h _00401254h: push 00h ;========================================================================== _0040243Fh: mov edi, _004038DCh xor eax, eax mov ecx, 00000010h repe stosd push 000003FFh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402468h push 01h call _004022A6h _00402468h: push 000003EAh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402483h push 02h call _004022A6h _00402483h: push 000003EEh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040249Eh push 03h call _004022A6h _0040249Eh: push 000003F6h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024B9h push 04h call _004022A6h _004024B9h: push 000003F7h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024D4h push 05h call _004022A6h _004024D4h: push 000003FCh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004024EFh push 06h call _004022A6h _004024EFh: push 000003F8h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040250Ah push 07h call _004022A6h _0040250Ah: push 00000401h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402525h push 08h call _004022A6h _00402525h: push 000003FEh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402540h push 09h call _004022A6h _00402540h: push 000003FDh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _0040255Bh push 0Ah call _004022A6h _0040255Bh: push 000003FBh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402576h push 0Bh call _004022A6h _00402576h: push 000003FAh push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _00402591h push 0Ch call _004022A6h _00402591h: push 000003F9h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004025ACh push 0Eh call _004022A6h _004025ACh: push 00000400h push dword [_004037EFh] call [IsDlgButtonChecked] or eax, eax je _004025C7h push 10h call _004022A6h _004025C7h: ret ;========================================================================== _004022A6h: pop edx pop ebx push edx mov esi, _004038DCh _004022AEh: lodsd cmp ebx, eax je _004022C3h or eax, eax jne _004022AEh sub esi, 04h mov [esi], ebx mov dword [esi+04h], 00000000h _004022C3h: ret ;========================================================================== _0040106F: ;ThreadFunction mov dword [_0040376Eh], _0040360Dh cmp dword [_0040389Fh], 01h jne _0040108Dh push dword [_0040376Eh] call _00402262h _0040108Dh: push dword [_0040376Eh] push _004031A3h call [lstrcat] call _00401666h cmp byte [_0040379Eh], FCh je _00401111h cmp byte [_0040379Eh], FFh je _004010E9h push _00403363h push _004031A3h call [lstrcat] push _0040342Fh push _004031A3h call [lstrcat] push 00h push _00403170h push _004031A3h push 00h call [MessageBoxA] xor eax, eax jmp _00401111h _004010E9h: push dword [_0040376Eh] push _004034C5h call [lstrcat] push 30h push _00403170h push _004034C5h push 00h call [MessageBoxA] mov eax, 00000002h _00401111h: push 00h push 00h push 10h push dword [_004037EFh] call [SendMessageA] push 00h call [ExitThread] ret ;========================================================================== _00402262h: pop ebx pop edi push ebx push edi push edi push _00403000h call [lstrcpy] pop edi push edi push _00403100h push _00403000h call [lstrcat] pop edi push 00h push _00403000h push edi call [CopyFileA] ret ;========================================================================== _00401666h: push dword [_0040376Eh] call [GetFileAttributesA] mov [_0040376Ah], eax cmp eax, FFh jne _0040167Ch ret _0040167Ch: push 20h push dword [_0040376Eh] call [SetFileAttributesA] mov esi, [_0040376Eh] call _00401DF3h call _00401DBEh jnb _0040169Ch ret _0040169Ch: mov [_00403782h], eax mov eax, [_00403782h] push eax call _00401E09h pop eax push _0040373Ah push _00403742h push _0040374Ah push eax call [GetFileTime] xor ecx, ecx call _00401D60h jb _00401BB9h cmp word [eax], 5A4Dh jne _00401BB9h call _00401D54h push 02h push esi call [IsBadReadPtr] or eax, eax jne _00401BB9h cmp word [esi], 4550h jne _00401BB9h cmp dword [esi+0Ch], 90909090h jne _00401722h push 10h push _00403170h push _0040349Eh push 00h call [MessageBoxA] mov byte [_0040379Eh], FCh jmp _00401BB9h _00401722h: call _00401DCBh mov ecx, 00001000h call _00401D60h jb _00401BB9h call _00401D54h mov dword [esi+0Ch], 90909090h movzx eax, word [esi+06h] mov [_004037BBh], eax mov eax, [esi+34h] mov [_00403C65h], eax mov eax, [esi+000000C0h] mov [_004038C4h], eax cmp dword [_004038C0h], 01h je _00401770h mov eax, [esi+78h] mov [_0040379Fh], eax _00401770h: movzx eax, word [esi+14h] add eax, 18h add eax, esi mov [_0040378Eh], eax mov ebx, [esi+000000D8h] or ebx, ebx je _0040179Fh call _00401FC6h add ebx, [_00403766h] mov ecx, [esi+000000DCh] mov edi, ebx xor eax, eax repe stosb _0040179Fh: mov ebx, [esi+000000A8h] or ebx, ebx je _004017BFh call _00401FC6h add ebx, [_00403766h] mov ecx, [esi+000000ACh] mov edi, ebx xor eax, eax stosb _004017BFh: mov dword [esi+000000D8h], 00000000h mov dword [esi+000000DCh], 00000000h mov dword [esi+000000D0h], 00000000h mov dword [esi+000000D4h], 00000000h mov dword [esi+000000A8h], 00000000h mov dword [esi+000000ACh], 00000000h mov eax, [esi+3Ch] mov [_004037A3h], eax push esi mov ebx, [esi+00000088h] mov eax, [esi+0000008Ch] or ebx, ebx je _00401872h mov [_004037B3h], eax mov [_00403C6Dh], ebx call _00401FC6h add ebx, [_00403766h] mov [_004037B7h], ebx call _004014CAh push ebx call _004013D7h cmp dword [_00403897h], 01h jne _00401868h call _0040152Ah xchg ebx, eax call _00401FC6h add ebx, [_00403766h] push ebx call _004015A6h sub eax, [_004037B7h] mov [_00403C69h], eax jmp _00401872h _00401868h: call _00401573h mov [_00403C69h], eax _00401872h: mov ebx, [_004037B3h] cmp eax, ebx jnb _00401886h sub ebx, eax cmp ebx, 00000200h jnb _00401890h _00401886h: mov dword [_0040389Bh], 00000000h _00401890h: cmp dword [_00403893h], 00h je _004018B3h push _00403CC9h push dword [_0040378Eh] call _00402050h push _00403CC9h call _00402222h _004018B3h: pop esi mov eax, [_004037BBh] mov [esi+06h], eax push esi mov eax, [_0040378Eh] mov edi, _00403C71h xor ecx, ecx mov cx, [esi+06h] _004018CDh: mov dword [_004037BFh], 00000000h cmp edi, _00403CC1h je _00401A42h mov dword [_004037AFh], 00000000h mov ebx, [_00403C6Dh] cmp [eax+0Ch], ebx jne _0040191Bh cmp dword [_0040389Bh], 01h jne _00401A42h mov ebx, [_00403C65h] add [_00403C6Dh], ebx mov dword [_004037AFh], 00000001h _0040191Bh: call _00401CF4h jb _00401A42h pushad push _00403137h push _00403363h call [lstrcat] popad pushad push _004038BBh push _00403363h call [lstrcat] popad push eax push ecx mov ebx, [eax+24h] or ebx, 80000000h mov [eax+24h], ebx mov ebx, [eax+0Ch] add ebx, [_00403C65h] mov [edi], ebx push edi mov esi, [eax+14h] add esi, [_00403766h] mov edi, esi push eax mov ecx, [eax+08h] mov edx, [eax+10h] cmp ecx, edx jna _0040197Ah mov ecx, edx _0040197Ah: pushad xchg edx, ecx mov byte [_00403604h], 09h mov edi, _00403605h call _00401F9Eh push _00403604h push _00403363h call [lstrcat] popad cmp dword [_004037AFh], 01h jne _004019D7h sub ecx, [_00403C69h] add esi, [_00403C69h] mov edi, esi call _00401C55h add eax, [_00403C69h] mov [_004037BFh], eax call _0040164Dh push eax call _00401DE2h mov [_004037B3h], eax jmp _004019ECh _004019D7h: call _00401C55h mov [_004037BFh], eax call _0040164Dh push eax call _00401DE2h _004019ECh: pushad mov edx, [_004037ABh] mov byte [_00403604h], 20h mov edi, _00403605h call _00401F9Eh push _0040370Dh push _00403363h call [lstrcat] push _00403604h push _00403363h call [lstrcat] popad pop ecx pop edx mov ebx, [edx+10h] cmp ebx, [_00403A50h] jna _00401A36h mov [_00403A50h], ebx _00401A36h: pop edi mov [edx+10h], eax mov [edi+04h], ecx add edi, 08h pop ecx pop eax _00401A42h: mov ebx, [_004038BBh] bswap ebx inc bl bswap ebx mov [eax], ebx mov [_004038BBh], ebx mov dword [eax+04h], 00000000h add eax, 28h add dword [_0040388Fh], 04h loopd _00401A6Bh jmp _00401A70h _00401A6Bh: jmp _004018CDh _00401A70h: pop esi sub eax, 28h mov edi, eax mov eax, [edi+14h] mov [_00403792h], eax mov ecx, [edi+10h] mov [_00403796h], ecx mov eax, [edi+08h] mov [_0040379Ah], eax cmp eax, ecx jnb _00401A95h mov eax, ecx _00401A95h: add eax, 00005425h mov [edi+08h], eax cmp dword [_004037BFh], 00h jne _00401ABFh mov ecx, [_00403796h] mov eax, [_0040379Ah] cmp eax, ecx jna _00401AC4h mov eax, ecx mov [_0040379Ah], ecx jmp _00401AC4h _00401ABFh: mov eax, [_004037BFh] _00401AC4h: mov [_004037C3h], eax push eax add eax, 00000425h mov [_004037E7h], eax call _00401DE2h mov [edi+10h], eax mov ecx, [esi+38h] mov eax, [edi+08h] add eax, [edi+0Ch] call _00401DE7h mov [esi+50h], eax add dword [_00403A50h], 00000425h pop eax mov dword [edi+24h], E0000020h add eax, [edi+0Ch] mov ebx, [esi+28h] mov [esi+28h], eax push eax add eax, [_00403C65h] sub eax, _00403944h mov [_00403947h], eax pop eax pushad add eax, 00000114h add [_00403A58h], eax add [_00403A64h], eax add [_00403A68h], eax add [_00403A80h], eax add [_00403A84h], eax add [_00403A88h], eax add [_00403A8Ch], eax mov ecx, [esi+00000080h] mov [_00403C61h], ecx mov [esi+00000080h], eax mov dword [esi+00000084h], 00000085h popad add ebx, [_00403C65h] mov [_00403B9Eh], ebx push esi call _00402185h mov ecx, 00000425h mov edi, [_00403766h] add edi, [_004037C3h] add edi, [_00403792h] mov esi, _00403944h repe movsb pop esi mov eax, [_004037E7h] push eax call _00401DE2h pop ecx xchg ecx, eax sub ecx, eax xor eax, eax repe stosb call _00401DCBh mov byte [_0040379Eh], 00h jmp _00401BBEh _00401BB9h: call _00401DCBh _00401BBEh: push _0040373Ah push _00403742h push _0040374Ah push dword [_00403782h] call [SetFileTime] mov edx, [_0040375Eh] mov edi, _00403473h call _00401F9Eh cmp byte [_0040379Eh], 00h jne _00401BFBh mov eax, [_00403782h] call _00401E09h _00401BFBh: mov edx, [_0040375Eh] mov edi, _0040348Fh call _00401F9Eh push _00403473h push _0040342Fh call [lstrcat] push _00403482h push _0040342Fh call [lstrcat] push _0040348Fh push _0040342Fh call [lstrcat] push dword [_00403782h] call [CloseHandle] push dword [_0040376Ah] push dword [_0040376Eh] call [SetFileAttributesA] ret ;========================================================================== _00401DF3h: push 00h push 20h push 03h push 00h push 00h push C0000000h push esi call [CreateFileA] ret ;========================================================================== _00401DBEh: cmp eax, FFh je _00401DC9h or eax, eax je _00401DC9h clc ret _00401DC9h: stc ret ;========================================================================== _00401E09h: xor ecx, ecx call _00401D60h jb _00401BB9h mov ecx, [_0040375Eh] or ecx, ecx je _00401F4Eh mov [_0040377Eh], ecx call _00401D54h mov eax, [esi+3Ch] mov [_00403762h], eax xor eax, eax mov ax, [esi+14h] add eax, 18h add eax, esi push esi push eax xchg edi, eax mov [_004038A3h], edi movzx ecx, word [esi+06h] xor ebx, ebx _00401E51h: call _00401F54h inc ebx cmp ebx, ecx je _00401E5Dh jmp _00401E51h _00401E5Dh: pop eax pop esi pushad push eax push esi call _004015F3h popad push eax xor edx, edx mov ecx, 00000028h xor eax, eax mov ax, [esi+06h] inc eax mul ecx xchg ebx, eax pop eax push eax add eax, ebx mov ecx, [esi+3Ch] call _00401DE7h xchg ebx, eax pop eax mov ecx, ebx sub ecx, [_00403766h] mov [esi+54h], ecx mov ecx, 00000200h mov [esi+3Ch], ecx movzx ecx, word [esi+06h] mov edi, ebx _00401EA1h: push eax push ecx mov ecx, edi sub ecx, [_00403766h] mov esi, [eax+14h] mov [eax+14h], ecx mov ebx, [eax+08h] cmp ebx, [eax+10h] jg _00401EC9h mov ecx, 00000200h push eax xchg ebx, eax call _00401DE7h xchg ebx, eax pop eax jmp _00401ECCh _00401EC9h: mov ebx, [eax+10h] _00401ECCh: mov [eax+10h], ebx add esi, [_00403766h] mov ecx, ebx repe movsb pop ecx pop eax add eax, 28h loopd _00401EA1h sub eax, 28h mov ecx, [eax+10h] add ecx, [eax+14h] push ecx call _00401DCBh mov byte [_0040379Eh], 00h pop ecx mov [_00403756h], ecx push 00h push 00h push ecx push dword [_00403782h] call [SetFilePointer] push dword [_00403782h] call [SetEndOfFile] xor ecx, ecx call _00401D60h jb _00401F53h call _00401D54h lea eax, [esi+58h] push eax push _00403752h push dword [_0040375Eh] push dword [_00403766h] call [CheckSumMappedFile] call _00401DCBh mov byte [_0040379Eh], 00h jmp _00401F53h _00401F4Eh: call _00401DCBh _00401F53h: ret ;========================================================================== _00401D60h: push ecx push _004037A7h push dword [_00403782h] call [GetFileSize] call _00401DBEh jnb _00401D7Bh pop ecx jmp _00401DBDh _00401D7Bh: mov [_0040375Eh], eax pop ecx add eax, ecx push 00h push eax push 00h push 04h push 00h push dword [_00403782h] call [CreateFileMappingA] call _00401DBEh jb _00401DBDh mov [_0040377Ah], eax push 00h push 00h push 00h push 02h push eax call [MapViewOfFile] call _00401DBEh jb _00401DBDh mov [_00403766h], eax _00401DBDh: ret ;========================================================================== _00401D54h: mov esi, [eax+3Ch] add esi, eax mov [_00403772h], esi ret ;========================================================================== _00401DCBh: push dword [_00403766h] call [UnmapViewOfFile] push dword [_0040377Ah] call [CloseHandle] ret ;========================================================================== _00401FC6h: push esi push edi push edx push ecx push eax mov eax, [_0040378Eh] mov ecx, [_004037BBh] _00401FD6h: mov edx, [eax+0Ch] cmp edx, ebx ja _00401FE2h add eax, 28h loopd _00401FD6h _00401FE2h: sub eax, 28h sub ebx, [eax+0Ch] add ebx, [eax+14h] pop eax pop ecx pop edx pop edi pop esi ret ;========================================================================== _004014CAh: push 00001F40h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004037D3h], eax mov [_004037D7h], eax push 00001F40h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004037CFh], eax mov [_004037CBh], eax ret ;========================================================================== _004013D7h: pop eax pop esi push eax or esi, esi je _00401452h movzx ecx, word [esi+0Ch] add cx, [esi+0Eh] add esi, 10h or ecx, ecx je _00401452h _004013EDh: mov ebx, [esi+04h] test ebx, 80000000h je _00401449h cmp dword [_004037E3h], 00h jne _00401422h pushad push dword [esi] call _00402291h popad jnb _00401418h mov dword [_004037DBh], 00000000h jmp _00401422h _00401418h: mov dword [_004037DBh], 00000001h _00401422h: and ebx, 7FFFFFFFh add ebx, [_004037B7h] pushad inc dword [_004037E3h] push ebx call _004013D7h dec dword [_004037E3h] popad _00401442h: add esi, 08h loopd _004013EDh jmp _00401452h _00401449h: pushad call _00401458h popad jmp _00401442h _00401452h: mov eax, [_00403C69h] ret ;========================================================================== _0040152Ah: push ebx push ecx push edx push esi push edi push dword [_004037D3h] call _00401552h push eax push dword [_004037CFh] call _00401552h pop ebx cmp ebx, eax ja _0040154Ch xchg ebx, eax _0040154Ch: pop edi pop esi pop edx pop ecx pop ebx ret ;========================================================================== _004015A6h: pop eax pop edi push eax push dword [_004037CFh] push edi call _004015C4h push eax push dword [_004037D3h] push eax call _004015C4h pop eax ret ;========================================================================== _00401573h: push ebx push ecx push edx push esi push edi push dword [_004037CFh] call _00401589h pop edi pop esi pop edx pop ecx pop ebx ret ;========================================================================== _00402050h: pop edx pop eax pop edi push edx mov ecx, [_004037BBh] dec ecx xor ebp, ebp _0040205Dh: push ecx call _00401CF4h jnb _0040206Dh xor ebp, ebp je _0040215Eh _0040206Dh: cmp ebp, 01h je _0040207Ch mov ebp, 00000001h jmp _0040215Eh _0040207Ch: push eax mov ebx, [eax-14h] add ebx, [eax-18h] add ebx, [_00403766h] push edi mov edi, ebx call _0040216Ch mov ecx, edi sub ecx, [eax-14h] sub ecx, [_00403766h] mov [_004038ABh], ecx mov ebx, edi pop edi pop eax push eax push ebx mov ebx, [eax+14h] add ebx, [eax+10h] add ebx, [_00403766h] push edi mov edi, ebx call _0040216Ch mov ecx, edi sub ecx, [eax+14h] sub ecx, [_00403766h] mov [_004038AFh], ecx pop edi mov ebp, edi pop edi mov esi, [eax+14h] add esi, [_00403766h] mov ecx, [_004038AFh] repe movsb pop eax mov ebx, [eax+34h] mov ecx, [eax-1Ch] sub ebx, ecx mov [eax-20h], ebx mov ebx, [_004038ABh] add ebx, [_004038AFh] mov [eax-18h], ebx mov edi, ebp mov ebx, [eax+0Ch] add ebx, [_00403C65h] mov [edi+04h], ebx mov ebx, [eax-1Ch] add ebx, [_004038ABh] add ebx, [_00403C65h] mov [edi], ebx mov ebx, [_004038AFh] mov [edi+08h], ebx mov ecx, [eax+34h] sub ecx, [eax+0Ch] sub ecx, ebx mov [edi+0Ch], ecx add edi, 10h pop ecx push ecx push eax inc ecx mov eax, ecx xor edx, edx mov ecx, 00000028h mul ecx mov ecx, eax pop eax mov esi, eax add esi, 28h push edi mov edi, eax repe movsb pop edi dec dword [_004037BBh] mov ebp, 00000001h sub eax, 28h _0040215Eh: pop ecx add eax, 28h loopd _00402166h jmp _0040216Bh _00402166h: jmp _0040205Dh _0040216Bh: ret ;========================================================================== _00402222h: pop eax pop ebx push eax pushad xchg edi, ebx add edi, 000000B0h _0040222Eh: sub edi, 10h cmp dword [edi], 00h je _0040222Eh xchg esi, edi mov edi, _0040383Fh _0040223Dh: mov ecx, 00000004h repe movsd sub esi, 20h cmp esi, _00403CC9h jnb _0040223Dh mov esi, _0040383Fh mov edi, _00403CC9h mov ecx, 000000A0h repe movsb popad ret ;========================================================================== _00401CF4h: push esi cmp dword [eax+14h], 00h je _00401D21h cmp dword [eax+10h], 00h je _00401D21h cmp dword [eax+08h], 50h jna _00401D21h call _00401D24h jb _00401D21h mov esi, _00403930h _00401D13h: xchg ebx, eax lodsd xchg ebx, eax cmp ebx, [eax] je _00401D21h or ebx, ebx jne _00401D13h pop esi clc ret _00401D21h: pop esi stc ret ;========================================================================== _00401F9Eh: push edi mov ecx, 00000003h xor eax, eax repe stosd pop edi mov eax, edx mov esi, 0000000Ah xor ecx, ecx _00401FB2h: xor edx, edx div esi push edx inc ecx or eax, eax jne _00401FB2h _00401FBCh: pop edx add dl, 30h mov al, dl stosb loopd _00401FBCh ret ;========================================================================== _00401C55h: push ecx push esi push ecx push ecx push 08h push dword [_004037DFh] call [HeapAlloc] mov [_0040375Ah], eax push 000A0000h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004038A7h], eax pop ecx cmp ecx, 50h jna _00401CC1h mov [_00403786h], esi mov [_004038B3h], ecx push _0040201Ch push dword [_004038A7h] push ecx push dword [_0040375Ah] push esi call [_aP_pack] mov [_004037ABh], eax or eax, eax je _00401CC1h pop edi pop ecx mov esi, [_0040375Ah] repe movsb jmp _00401CC8h _00401CC1h: pop edi pop ecx mov [_004037ABh], eax _00401CC8h: push dword [_0040375Ah] push 00h push dword [_004037DFh] call [HeapFree] push dword [_004038A7h] push 00h push dword [_004037DFh] call [HeapFree] mov eax, [_004037ABh] ret ;========================================================================== _0040164Dh: push ebx mov ebx, [_0040388Fh] mov dword [ebx+_0040383Fh], 00000001h mov [ebx+_00403867h], eax pop ebx ret ;========================================================================== _00401DE2h: mov ecx, 00000200h xor edx, edx div ecx or edx, edx je _00401DF0h inc eax _00401DF0h: mul ecx ret ;========================================================================== _00401DE7h: xor edx, edx div ecx or edx, edx je _00401DF0h inc eax _00401DF0h: mul ecx ret ;========================================================================== _00402185h: push esi push edi push ecx push edx mov ecx, 0000028Ch push ecx push ecx push 08h push dword [_004037DFh] call [HeapAlloc] mov [_0040375Ah], eax push 000FA000h push 08h push dword [_004037DFh] call [HeapAlloc] mov [_004038A7h], eax pop ecx push ecx push 00h push dword [_004038A7h] push ecx push dword [_0040375Ah] push _00403ADDh call [_aP_pack] push eax mov ecx, eax mov esi, [_0040375Ah] mov edi, _00403ADDh repe movsb push dword [_004038A7h] push 00h push dword [_004037DFh] call [HeapFree] push dword [_0040375Ah] push 00h push dword [_004037DFh] call [HeapFree] pop ecx pop eax sub eax, ecx push eax mov edi, _00403ADDh add edi, ecx mov ecx, eax xor eax, eax repe stosb pop eax pop edx pop ecx pop edi pop esi ret ;========================================================================== _00401F54h: push ebx push ecx mov eax, 00000028h mul bl add eax, [_004038A3h] mov esi, eax mov eax, [esi+10h] mov ecx, eax add eax, [esi+14h] add eax, [_00403766h] mov edi, eax dec edi xor eax, eax std repe scasb cld add edi, 02h sub edi, [esi+14h] sub edi, [_00403766h] mov ecx, 00000200h xchg edi, eax call _00401DE7h cmp eax, [esi+10h] jnl _00401F9Bh mov [esi+10h], eax _00401F9Bh: pop ecx pop ebx ret ;========================================================================== _004015F3h: pop eax pop esi pop edi push eax mov edx, [esi+000000A0h] or edx, edx je _0040164Ch movzx ecx, word [esi+06h] _00401605h: cmp [edi+0Ch], edx je _00401611h add edi, 28h loopd _00401605h jmp _0040164Ch _00401611h: cmp ecx, 01h jne _00401625h dec word [esi+06h] pushad xor eax, eax mov ecx, 00000028h repe stosb popad _00401625h: mov dword [edi+10h], 00000000h mov dword [esi+000000A0h], 00000000h mov dword [esi+000000A4h], 00000000h mov ax, [esi+16h] or ax, 0001h mov [esi+16h], ax _0040164Ch: ret ;========================================================================== _00402291h: pop edx pop ebx push edx mov esi, _004038DCh _00402299h: lodsd or eax, eax je _004022A4h cmp eax, ebx jne _00402299h clc ret _004022A4h: stc ret ;========================================================================== _00401458h: and ebx, 7FFFFFFFh add ebx, [_004037B7h] mov esi, ebx cmp dword [_004037DBh], 01h je _0040147Eh mov edx, [_004037CBh] add dword [_004037CBh], 08h jmp _0040148Bh _0040147Eh: mov edx, [_004037D7h] add dword [_004037D7h], 08h _0040148Bh: mov [edx], esi mov ecx, [esi+04h] push ebx push ecx push edx push esi push edi push ebp push ecx push 08h push dword [_004037DFh] call [HeapAlloc] pop ebp pop edi pop esi pop edx pop ecx pop ebx mov [edx+04h], eax push eax mov ebx, [esi] call _00401FC6h add ebx, [_00403766h] pop edi mov ecx, [esi+04h] mov esi, ebx repe movsb sub ebx, [_004037B7h] ret ;========================================================================== _00401552h: pop eax pop esi push eax mov edx, FFFFFFFFh _0040155Ah: mov eax, [esi] or eax, eax je _00401571h mov ebx, [eax] or ebx, ebx je _0040156Ch cmp ebx, edx jnb _0040156Ch mov edx, ebx _0040156Ch: add esi, 08h jmp _0040155Ah _00401571h: xchg edx, eax ret ;========================================================================== _004015C4h: pop eax pop edi pop edx push eax _004015C8h: mov eax, [edx] or eax, eax je _004015F0h mov ebx, [eax] mov ebx, edi sub ebx, [_00403766h] push eax push edx call _00401FF1h pop edx pop eax mov [eax], ebx mov esi, [edx+04h] mov ecx, [eax+04h] repe movsb add edx, 08h jmp _004015C8h _004015F0h: mov eax, edi ret ;========================================================================== _00401589h: pop eax pop esi push eax xor edx, edx _0040158Eh: mov eax, [esi] or eax, eax je _004015A4h mov ebx, [eax] add ebx, [eax+04h] cmp ebx, edx jna _0040159Fh mov edx, ebx _0040159Fh: add esi, 08h jmp _0040158Eh _004015A4h: xchg edx, eax ret ;========================================================================== _0040216Ch: push eax push edi std mov ecx, 0FFFFFFFh xor eax, eax repe scasb add edi, 04h cld pop edx cmp edx, edi jnb _00402183h mov edi, edx _00402183h: pop eax ret ;========================================================================== _00401D24h: pushad mov edx, [_004038C4h] cmp [eax+0Ch], edx je _00401D51h mov edx, [_0040379Fh] or edx, edx je _00401D4Eh mov ebx, [eax+0Ch] cmp ebx, edx jg _00401D4Eh je _00401D51h mov ebx, [eax+34h] or ebx, ebx je _00401D21h cmp ebx, edx jg _00401D51h _00401D4Eh: popad clc ret _00401D51h: popad stc ret ;========================================================================== _00401FF1h: push esi push edi push edx push ecx push eax mov eax, [_0040378Eh] mov ecx, [_004037BBh] _00402001h: mov edx, [eax+14h] cmp edx, ebx ja _0040200Dh add eax, 28h loopd _00402001h _0040200Dh: sub eax, 28h sub ebx, [eax+14h] add ebx, [eax+0Ch] pop eax pop ecx pop edx pop edi pop esi ret ;========================================================================== _0040201Ch: mov eax, [esp+04h] xor edx, edx mov ecx, 00000064h mul ecx xor edx, edx mov ecx, [_004038B3h] or ecx, ecx je _0040204Ah div ecx push 00h push eax push 00000402h push dword [_004038B7h] call [SendMessageA] _0040204Ah: mov eax, 00000001h ret ;========================================================================== ; UNPACK LOADER _00403944h: pushfd pushad mov ebp, 00000000h add [ebp+_00403A54h], ebp push dword [ebp+_00403A50h] push 40h call dword [ebp+_00403A88h] push eax push eax sub eax, _0040397Dh mov [ebp+_0040397Eh], eax pop edi lea esi, [ebp+_0040397Dh] mov ecx, 000000FCh repe movsd pop edi jmp edi mov ebp, 00000000h mov esi, edi add esi, 00000160h add edi, 000003ECh push edi push esi push edi push ebp push edi push esi call _004039A9h add esp, 08h pop ebp xchg ecx, eax pop esi pop edi repe movsb jmp _00403ADDh ;========================================================================== _004039A9h: push ebp mov ebp, esp pushad push ebp mov esi, [ebp+08h] mov edi, [ebp+0Ch] cld mov dl, 80h _004039B7h: movsb _004039B8h: call _00403A2Ah jnb _004039B7h xor ecx, ecx call _00403A2Ah jnb _004039E1h xor eax, eax call _00403A2Ah jnb _004039F2h mov al, 10h _004039D3h: call _00403A2Ah adc al, al jnb _004039D3h jne _00403A1Fh stosb jmp _004039B8h _004039E1h: call _00403A36h dec ecx loopd _004039FEh mov eax, ebp call _00403A34h jmp _00403A20h _004039F2h: lodsb shr eax, 01h je _00403A46h adc ecx, 02h mov ebp, eax jmp _00403A20h _004039FEh: xchg ecx, eax dec eax shl eax, 08h lodsb mov ebp, eax call _00403A34h cmp eax, 00007D00h jnb _00403A1Eh cmp eax, 00000500h jnb _00403A1Fh cmp eax, 7Fh ja _00403A20h _00403A1Eh: inc ecx _00403A1Fh: inc ecx _00403A20h: push esi mov esi, edi sub esi, eax repe movsb pop esi jmp _004039B8h add dl, dl jne _00403A33h mov dl, [esi] inc esi adc dl, dl _00403A33h: ret xor ecx, ecx inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret _00403A46h: pop ebp sub edi, [ebp+0Ch] mov [ebp-04h], edi popad pop ebp ret ;========================================================================== _00403A2Ah: add dl, dl jne _00403A33h mov dl, [esi] inc esi adc dl, dl _00403A33h: ret ;========================================================================== _00403A34h: xor ecx, ecx ;========================================================================== _00403A36h: inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret ;========================================================================== _00403ADDh: pop edi lea esi, [ebp+_00403C71h] _00403AE4h: push ebp push edi push esi lodsd or eax, eax je _00403B27h xchg edx, eax lodsd xchg ecx, eax push edi push ecx mov esi, edx repe movsb pop ecx pop edi cmp edx, [ebp+_00403C6Dh] jne _00403B15h mov eax, [ebp+_00403C69h] pushad mov esi, edi mov edi, edx mov ecx, eax repe movsb popad add edi, eax add edx, eax sub ecx, eax _00403B15h: push edx push edi call _004039A9h add esp, 08h pop esi pop edi pop ebp add esi, 08h jmp _00403AE4h _00403B27h: add esp, 0Ch lea esi, [ebp+_00403CC9h] _00403B30h: lodsd or eax, eax je _00403B5Eh xchg ebx, eax lodsd xchg edx, eax lodsd xchg ecx, eax push edi push esi xchg esi, ebx push edi push ecx repe movsb pop ecx pop esi mov edi, edx repe movsb pop esi lodsd xchg ecx, eax xor eax, eax repe stosb mov edi, [esi-10h] mov ecx, [esi-0Ch] sub ecx, edi xor eax, eax repe stosb pop edi jmp _00403B30h _00403B5Eh: call _00403BA4h jnb _00403B9Bh lea ebx, [ebp+_00403C46h] push ebx call dword [ebp+_00403A80h] or eax, eax je _00403B93h lea ebx, [ebp+_00403C51h] push ebx push eax call dword [ebp+_00403A84h] lea ebx, [ebp+_00403C30h] push 30h push 00h push ebx push 00h call eax _00403B93h: push 00h call dword [ebp+_00403A8Ch] _00403B9Bh: popad popfd mov edx, 00000000h jmp edx ;========================================================================== _00403BA4h: mov esi, [ebp+_00403C61h] or esi, esi je _00403BC8h mov edx, [ebp+_00403C65h] add esi, edx _00403BB6h: push edx push esi call _00403BCCh jb _00403BCAh add esi, 14h cmp dword [esi+0Ch], 00h jne _00403BB6h _00403BC8h: clc ret _00403BCAh: stc ret ;========================================================================== _00403A34h: xor ecx, ecx inc ecx _00403A37h: call _00403A2Ah adc ecx, ecx call _00403A2Ah jb _00403A37h ret ;========================================================================== _00403BCCh: pop eax pop esi pop edx push eax mov ecx, [esi] mov edi, [esi+10h] or ecx, ecx jne _00403BDBh mov ecx, edi _00403BDBh: add ecx, edx add edi, edx mov eax, [esi+0Ch] add eax, edx push ecx push edx push eax call dword [ebp+_00403A80h] pop edx pop ecx or eax, eax je _00403C2Eh mov [ebp+_00403C5Dh], eax _00403BF9h: mov ebx, [ecx] or ebx, ebx je _00403C2Ch test ebx, 80000000h jne _00403C0Bh add ebx, edx inc ebx inc ebx _00403C0Bh: and ebx, 7FFFFFFFh push ecx push edx push ebx push dword [ebp+_00403C5Dh] call dword [ebp+_00403A84h] pop edx pop ecx or eax, eax je _00403C2Eh stosd add ecx, 04h jmp _00403BF9h _00403C2Ch: clc ret _00403C2Eh: stc ret ;************************************************************************** _00403000h _00403100h _00403137h _00403170h _004031A3h _00403363h _0040342Fh _00403473h _00403482h _0040348Fh _0040349Eh _004034C5h _00403604h _00403605h _0040360Dh _0040370Dh _0040373Ah _00403742h _0040374Ah _00403752h _00403756h _0040375Ah _0040375Eh _00403762h _00403766h _0040376Ah _0040376Eh _00403772h _0040377Ah _0040377Eh _00403782h _00403786h _0040378Eh _00403792h _00403796h _0040379Ah _0040379Eh _0040379Fh _004037A3h _004037A7h _004037ABh _004037AFh _004037B3h _004037B7h _004037BBh _004037BFh _004037C3h _004037CBh _004037CFh _004037D3h _004037D7h _004037DBh _004037DFh _004037E3h _004037E7h _004037EFh _0040383Fh _00403867h _0040388Fh _00403893h _00403897h _0040389Bh _0040389Fh _004038A3h _004038A7h _004038ABh _004038AFh _004038B3h _004038B7h _004038BBh _004038C0h _004038C4h _004038C0h _004038C8h _004038D4h _004038D8h _004038DCh _00403930h _00403944h _00403947h _00403A50h _00403A58h _00403A64h _00403A68h _00403A80h _00403A84h _00403A88h _00403A8Ch _00403ADDh _00403B9Eh _00403C30h _00403C46h _00403C51h _00403C5Dh _00403C61h _00403C65h _00403C69h _00403C6Dh _00403C6Dh _00403C71h _00403CC1h _00403CC9h 本代码的着色效果由xTiNt自动完成下载xTiNt http://211.90.75.84/web/kanaun/download/xTiNt.rar
iceplus 雪币： 227 活跃值： (130) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 96 粉丝 0 关注私信	iceplus 2004-5-16 19:23 5 楼 0 后面的DD好象没有什么用，你把它全填为零看看
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-5-16 20:34 6 楼 0 谢谢，学习一下:D
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复