Assembly Code of File sub_4070E8
sub_4070E8 proc near ; CODE XREF: sub_4073FB + 68�p
; sub_4074FD + C�p ...
var_550 = byte ptr - 550h
var_350 = dword ptr - 350h
var_34C = byte ptr - 34Ch
var_230 = byte ptr - 230h
var_12C = dword ptr - 12Ch
var_128 = byte ptr - 128h
var_124 = dword ptr - 124h
var_108 = byte ptr - 108h
var_4 = dword ptr - 4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_433490, ebx
pop ecx
lea edi, [ ebp + var_128 ]
mov [ ebp + var_12C ], ebx
rep stosd
mov ecx, 88h
lea edi, [ ebp + var_34C ]
mov [ ebp + var_350 ], ebx
rep stosd
jz loc_4072F9
cmp dword_4334EC, ebx
jz loc_4072F9
cmp dword_433450, ebx
jz loc_4072F9
push 1
push offset aSedebugprivile ; \"SeDebugPrivilege\"
call sub_40707D
pop ecx
pop ecx
push ebx
push 0Fh
call dword_433490 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ ebp + var_4 ], edi
jz loc_4072EC
lea eax, [ ebp + var_12C ]
push eax
push edi
mov [ ebp + var_12C ], 128h
call dword_4334EC ; Process32First
test eax, eax
mov esi, ds:dword_41F034
jz loc_4072E7
lea eax, [ ebp + var_12C ]
push eax
push edi
call dword_433450 ; Process32Next
test eax, eax
jz loc_4072E7
mov ebx, ds:dword_41F0C4
loc_4071A7: ; CODE XREF: sub_4070E8 + 1F7�j
cmp [ ebp + arg_10 ], 0
jz short loc_407208
xor edi, edi
loc_4071AF: ; CODE XREF: sub_4070E8 + E7�j
push off_42A458[ edi ]
lea eax, [ ebp + var_108 ]
push eax
call ds:dword_41F0C0 ; lstrcmpiA
test eax, eax
jz short loc_4071D6
add edi, 4
cmp edi, 9E0h
jb short loc_4071AF
jmp loc_4072CD
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4071D6: ; CODE XREF: sub_4070E8 + DC�j
push [ ebp + var_124 ]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_4072CD
push 0
push edi
call ds:dword_41F0BC ; TerminateProcess
test eax, eax
jnz loc_4072CD
loc_407200: ; CODE XREF: sub_4070E8 + 1AF�j
push edi
call esi ; CloseHandle
jmp loc_4072CD
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_407208: ; CODE XREF: sub_4070E8 + C3�j
mov edi, [ ebp + arg_C ]
test edi, edi
jnz loc_40729C
cmp [ ebp + arg_4 ], edi
jz loc_4072CD
push [ ebp + var_124 ]
push 8
call dword_433490 ; CreateToolhelp32Snapshot
cmp [ ebp + arg_14 ], 0
mov edi, eax
mov [ ebp + var_350 ], 224h
jz short loc_40725C
lea eax, [ ebp + var_350 ]
push eax
push edi
call dword_4334B8 ; Module32First
test eax, eax
push [ ebp + var_124 ]
jz short loc_407262
lea eax, [ ebp + var_230 ]
jmp short loc_407268
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40725C: ; CODE XREF: sub_4070E8 + 152�j
push [ ebp + var_124 ]
loc_407262: ; CODE XREF: sub_4070E8 + 16A�j
lea eax, [ ebp + var_108 ]
loc_407268: ; CODE XREF: sub_4070E8 + 172�j
push eax
lea eax, [ ebp + var_550 ]
push offset aSD_0 ; \" %s (%d)\"
push eax
call sub_412BB5
add esp, 10h
push 1
push [ ebp + arg_8 ]
lea eax, [ ebp + var_550 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
add esp, 14h
jmp loc_407200
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_40729C: ; CODE XREF: sub_4070E8 + 125�j
lea eax, [ ebp + var_108 ]
loc_4072A2: ; CODE XREF: sub_4070E8 + 1D6�j
mov dl, [ eax ]
mov cl, dl
cmp dl, [ edi ]
jnz short loc_4072C4
test cl, cl
jz short loc_4072C0
mov dl, [ eax + 1 ]
mov cl, dl
cmp dl, [ edi + 1 ]
jnz short loc_4072C4
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_4072A2
loc_4072C0: ; CODE XREF: sub_4070E8 + 1C4�j
xor eax, eax
jmp short loc_4072C9
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4072C4: ; CODE XREF: sub_4070E8 + 1C0�j
; sub_4070E8 + 1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4072C9: ; CODE XREF: sub_4070E8 + 1DA�j
test eax, eax
jz short loc_407300
loc_4072CD: ; CODE XREF: sub_4070E8 + E9�j
; sub_4070E8 + 101�j ...
lea eax, [ ebp + var_12C ]
push eax
push [ ebp + var_4 ]
call dword_433450 ; Process32Next
test eax, eax
jnz loc_4071A7
xor ebx, ebx
loc_4072E7: ; CODE XREF: sub_4070E8 + 9D�j
; sub_4070E8 + B3�j
push [ ebp + var_4 ]
call esi ; CloseHandle
loc_4072EC: ; CODE XREF: sub_4070E8 + 77�j
push ebx
push offset aSedebugprivile ; \"SeDebugPrivilege\"
call sub_40707D
pop ecx
pop ecx
loc_4072F9: ; CODE XREF: sub_4070E8 + 3A�j
; sub_4070E8 + 46�j ...
xor eax, eax
loc_4072FB: ; CODE XREF: sub_4070E8 + 30E�j
pop edi
pop esi
pop ebx
leave
retn
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_407300: ; CODE XREF: sub_4070E8 + 1E3�j
push [ ebp + var_124 ]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ ebp + var_124 ]
mov edi, eax
push 8
call dword_433490 ; CreateToolhelp32Snapshot
push [ ebp + var_4 ]
mov ebx, eax
mov [ ebp + var_350 ], 224h
call esi ; CloseHandle
push 0
push edi
call ds:dword_41F0BC ; TerminateProcess
test eax, eax
jnz short loc_407345
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_4072F9
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_407345: ; CODE XREF: sub_4070E8 + 253�j
cmp [ ebp + arg_18 ], 0
jz loc_4073F3
lea eax, [ ebp + var_350 ]
push eax
push ebx
call dword_4334B8 ; Module32First
test eax, eax
jz short loc_4073B8
push ebx
call esi ; CloseHandle
xor esi, esi
loc_407366: ; CODE XREF: sub_4070E8 + 2B2�j
push 7D0h
call ds:dword_41F000 ; Sleep
push 20h
lea eax, [ ebp + var_230 ]
push eax
inc esi
call ds:dword_41F0A0 ; SetFileAttributesA
lea eax, [ ebp + var_230 ]
push eax
call ds:dword_41F0B8 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_4073AA
cmp esi, 5
jl short loc_407366
lea eax, [ ebp + var_230 ]
push eax
push offset aCouldNotDelete ; \"Could not delete '%s'.!\n\"
jmp short loc_4073C4
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4073AA: ; CODE XREF: sub_4070E8 + 2AD�j
lea eax, [ ebp + var_230 ]
push eax
push offset aFileDeletedS_ ; \"[ FILE ]: Deleted '%s'.\n\"
jmp short loc_4073C4
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
loc_4073B8: ; CODE XREF: sub_4070E8 + 277�j
lea eax, [ ebp + var_108 ]
push eax
push offset aCannotExtractP ; \"Cannot extract process path for %s\n\"
loc_4073C4: ; CODE XREF: sub_4070E8 + 2C0�j
; sub_4070E8 + 2CE�j
lea eax, [ ebp + var_550 ]
push eax
call sub_412BB5
add esp, 0Ch
cmp [ ebp + arg_4 ], 0
jz short loc_4073F3
push 1
push [ ebp + arg_8 ]
lea eax, [ ebp + var_550 ]
push eax
push [ ebp + arg_4 ]
push [ ebp + arg_0 ]
call sub_4045DD
add esp, 14h
loc_4073F3: ; CODE XREF: sub_4070E8 + 261�j
; sub_4070E8 + 2EF�j
xor eax, eax
inc eax
jmp loc_4072FB
sub_4070E8 endp