; File Name : u:\startupscripts\work\hiddencode.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 1001000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_1001000 dd 77DD761Bh ; resolved to - >ADVAPI32.RegOpenKeyExAdword_1001004 dd 77E37D39h ; resolved to - >ADVAPI32.StartServiceCtrlDispatcherAdword_1001008 dd 77DD7883h ; resolved to - >ADVAPI32.RegQueryValueExAdword_100100C dd 77DD6BF0h ; resolved to - >ADVAPI32.RegCloseKeydword_1001010 dd 77DF0953h ; resolved to - >ADVAPI32.RegisterServiceCtrlHandlerAdword_1001014 dd 77DEB193h ; resolved to - >ADVAPI32.SetServiceStatus ; sub_1001DEB + 6B�r ...
dd 0
dword_100101C dd 7C81CDDAh ; resolved to - >KERNEL32.ExitProcessdword_1001020 dd 7C8329D9h ; resolved to - >KERNEL32.ExpandEnvironmentStringsAdword_1001024 dd 7C80A7D4h ; resolved to - >KERNEL32.GetLocalTimedword_1001028 dd 7C91188Ah ; resolved to - >NTDLL.RtlDeleteCriticalSectiondword_100102C dd 7C910340h ; resolved to - >NTDLL.RtlSetLastWin32Error ; sub_1002F31 + 1C3�r ...
dword_1001030 dd 7C80A017h ; resolved to - >KERNEL32.SetEventdword_1001034 dd 7C8328F7h ; resolved to - >KERNEL32.ResumeThreaddword_1001038 dd 7C910331h ; resolved to - >NTDLL.RtlGetLastWin32Error ; sub_1001665:loc_1001762�r ...
dword_100103C dd 7C802520h ; resolved to - >KERNEL32.WaitForSingleObject ; sub_1001A91 + 1AB�r
dword_1001040 dd 7C8308ADh ; resolved to - >KERNEL32.CreateEventA ; sub_10018DB + B4�r ...
dword_1001044 dd 7C809EF1h ; resolved to - >KERNEL32.InitializeCriticalSection ; sub_10019F0 + 14�r ...
dword_1001048 dd 7C812BB6h ; resolved to - >KERNEL32.HeapCreatedword_100104C dd 7C9010EDh ; resolved to - >NTDLL.RtlLeaveCriticalSection ; sub_1001A91 + B5�r ...
dword_1001050 dd 7C91043Dh ; resolved to - >NTDLL.RtlFreeHeapdword_1001054 dd 7C809B47h ; resolved to - >KERNEL32.CloseHandle ; sub_1001E73 + 9E�r ...
dword_1001058 dd 7C901005h ; resolved to - >NTDLL.RtlEnterCriticalSection ; sub_1001A91 + 4E�r ...
dword_100105C dd 7C809766h, 7C80A05Dh, 7C9105D4h, 7C80A03Bh; resolved to - >KERNEL32.InterlockedIncrement ; sub_1001A91 + 2C1�r ...
dword_100106C dd 7C802442h ; resolved to - >KERNEL32.Sleep ; sub_100205A + 4E�r
dword_1001070 dd 7C90112Bh ; resolved to - >NTDLL.RtlTryEnterCriticalSectiondword_1001074 dd 7C839732h ; resolved to - >KERNEL32.SuspendThread dd 0
dword_100107C dd 77C39D67h ; resolved to - >MSVCRT._inittermdword_1001080 dd 77C1EEEBh ; resolved to - >MSVCRT.__getmainargsdword_1001084 dd 77C4D675h ; resolved to - >MSVCRT.__setusermatherrdword_1001088 dd 77C2EFB0h ; resolved to - >MSVCRT._lseekdword_100108C dd 77C2D0D7h ; resolved to - >MSVCRT._closedword_1001090 dd 77C2FAA3h ; resolved to - >MSVCRT._readdword_1001094 dd 77C2C407h ; resolved to - >MSVCRT.malloc ; sub_100205A + 93�r ...
dword_1001098 dd 77C2C437h ; resolved to - >MSVCRT.reallocdword_100109C dd 77C40AB1h ; resolved to - >MSVCRT.fclosedword_10010A0 dd 77C2C21Bh ; resolved to - >MSVCRT.free ; sub_1001F54 + 47�r ...
dword_10010A4 dd 77C4AEA3h ; resolved to - >MSVCRT.time ; sub_1001DEB + 8�r
dword_10010A8 dd 77C1F3A5h ; resolved to - >MSVCRT._chdirdword_10010AC dd 77C1F2BCh ; resolved to - >MSVCRT._errno ; sub_10027E1 + 77�r ...
; ---------------------------------------------------------------------------
loc_10010B0: ; DATA XREF: sub_1001665 + 1AE�r
daa
clc
sal dword ptr [ edi + 10h ], 0F0h ; DATA XREF: sub_1001665 + 1DB�r
retn
; ---------------------------------------------------------------------------
dword_10010B8 dd 77C4A9F1h ; resolved to - >MSVCRT.ctime ; sub_1001DEB + 19�r
dword_10010BC dd 77C4EE2Fh ; resolved to->MSVCRT._controlfp; ---------------------------------------------------------------------------
loc_10010C0: ; DATA XREF: seg000:loc_1003BF0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
dword_10010C4 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_10010C8 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_10010CC dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_10010D0 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_10010D4 dd 77C4186Ah ; resolved to->MSVCRT.printfdword_10010D8 dd 77C1F1F1h ; resolved to->MSVCRT.__p___initenv; ---------------------------------------------------------------------------
loc_10010DC: ; DATA XREF: sub_1003BA0�r
scasb
sub eax, 9E9A77C3h ; DATA XREF: seg000:01003B7A�r
retn
; ---------------------------------------------------------------------------
dword_10010E4 dd 77C2F566h ; resolved to - >MSVCRT._open ; sub_100333A + 1B9�r
dword_10010E8 dd 77C30303h ; resolved to - >MSVCRT._writedword_10010EC dd 77C39E7Eh ; resolved to - >MSVCRT.exit ; sub_1001665 + C0�r ...
dd 0
dword_10010F4 dd 71AB8769h ; resolved to - >WS2_32.WSASocketAdword_10010F8 dd 71AB94DCh ; resolved to - >WS2_32.WSAGetLastError ; sub_1001A91 + 12B�r ...
dword_10010FC dd 71AB664Dh ; resolved to - >WS2_32.WSAStartupdword_1001100 dd 71AB4573h ; resolved to - >WS2_32.WSAEventSelectdword_1001104 dd 71AB2B66h ; resolved to - >WS2_32.ntohs ; sub_100230A + F�r ...
dword_1001108 dd 71AC0D03h ; resolved to - >WS2_32.WSAGetOverlappedResultdword_100110C dd 71AB2B66h ; resolved to - >WS2_32.ntohs ; sub_1002A3D + 40�r ...
dword_1001110 dd 71ABF652h, 71AB4519h; resolved to - >WS2_32.WSARecvFrom ; sub_1001A91 + 2A�r
dword_1001118 dd 71AB4682h ; resolved to - >WS2_32.WSACloseEventdword_100111C dd 71AB9639h ; resolved to - >WS2_32.closesocket ; sub_100205A + E7�r ...
dword_1001120 dd 71AB3F41h ; resolved to - >WS2_32.inet_ntoa ; sub_1002F31 + 64�r ...
dword_1001124 dd 71AB3E00h ; resolved to - >WS2_32.bind ; sub_1002F31 + 256�r ...
dword_1001128 dd 71ABE6EBh ; resolved to - >WS2_32.getservbynamedword_100112C dd 71AB3B91h ; resolved to - >WS2_32.socket ; sub_100333A + 1EB�r
dword_1001130 dd 71AB2C69h ; resolved to - >WS2_32.sendto ; sub_1002A3D + 65�r ...
align 8
dword_1001138 dd 76D66300h ; resolved to - >IPHLPAPI.NotifyAddrChangedword_100113C dd 76D63B9Ch ; resolved to - >IPHLPAPI.GetIpAddrTable dd 0
dword_1001144 dd 7C90253Ah ; resolved to - >NTDLL.memmovedword_1001148 dd 7C902C80h ; resolved to - >NTDLL.strncpydword_100114C dd 7C96FB58h ; resolved to - >NTDLL.isupperdword_1001150 dd 7C970328h ; resolved to - >NTDLL.tolower ; sub_100333A + 95�r
dword_1001154 dd 7C9383CDh ; resolved to - >NTDLL.RtlUpdateTimer ; sub_1002B5E + 114�r ...
dword_1001158 dd 7C92D707h ; resolved to - >NTDLL.RtlDeleteTimer ; sub_1002A3D + FD�r ...
dword_100115C dd 7C913374h ; resolved to - >NTDLL._stricmpdword_1001160 dd 7C924C29h ; resolved to - >NTDLL.atoi ; sub_10023D8 + F2�r
dword_1001164 dd 7C92F23Ah ; resolved to - >NTDLL._itoadword_1001168 dd 7C92D97Bh ; resolved to - >NTDLL.RtlDeregisterWaitEx ; sub_1002901 + 35�r
dword_100116C dd 7C901A09h ; resolved to - >NTDLL._chkstkdword_1001170 dd 7C92EBF8h ; resolved to - >NTDLL.RtlCreateTimerQueuedword_1001174 dd 7C9359F3h ; resolved to - >NTDLL.RtlRegisterWait ; sub_10018DB + D6�r
dword_1001178 dd 7C92DFACh ; resolved to - >NTDLL.RtlCreateTimer ; sub_1002F31 + 34D�r ...
dd 9 dup(0)
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
aOWritableFiles db ' o writable files keyname \"%s\"',0Ah,0 ; DATA XREF: sub_1001570 + C4
aWritable db 'writable',0 ; DATA XREF: sub_1001570 + BF
; sub_10037BF + 121
align 4
aOReadableFiles db ' o Readable files keyname \"%s\"',0Ah,0 ; DATA XREF: sub_1001570 + B6
aReadable db 'readable',0 ; DATA XREF: sub_1001570 + B1
; sub_10037BF + F1
align 4
aOValidmastersK db ' o ValidMasters keyname \"%s\"',0Ah,0 ; DATA XREF: sub_1001570 + A8
aMasters db 'masters',0 ; DATA XREF: sub_1001570 + A3
; sub_10037BF + C1
aOValidclientsK db ' o ValidClients keyname \"%s\"',0Ah,0 ; DATA XREF: sub_1001570 + 9A
aClients db 'clients',0 ; DATA XREF: sub_1001570 + 95
; sub_10037BF + 8E
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570 + 8D
align 4
aOStartdirector db ' o StartDirectory keyname \"%s\"',0Ah,0 ; DATA XREF: sub_1001570 + 84
aDirectory db 'directory',0 ; DATA XREF: sub_1001570 + 7F
; sub_10037BF + 5C
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570 + 76
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570 + 71
; sub_10037BF + 13
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570 + 68
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: sub_1001570 + 63
; sub_1001665 + 1D6
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570 + 5A
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: sub_1001570 + 55
; sub_1003910 + 1E
a? db ' - ?',0 ; DATA XREF: sub_1001570 + 10
align 4
aA db 'a + ',0 ; DATA XREF: sub_1001665 + 1D1
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A + 31
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A + 2C
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: seg000:01005CE0
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: seg000:01005CDC
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: seg000:01005CD8
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: seg000:01005CD4
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: seg000:01005CD0
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: seg000:01005CCC
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: seg000:01005CC8
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: seg000:01005CC4
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: seg000:off_1005CC0
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498
aBlksize db 'blksize',0 ; DATA XREF: sub_10023D8 + 4E
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D + D2
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197
; sub_100333A + 201 ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31 + 195
; sub_100333A + 1A0
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31 + 139
; sub_100333A + 159
aOctet db 'octet',0 ; DATA XREF: sub_1002F31 + D2
; sub_100333A:loc_100341F
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31 + 9F
; sub_100333A:loc_10033E1
align 4
asc_100155C: ; DATA XREF: sub_1003910 + 7F
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
sub_1001570 proc near ; CODE XREF: seg000:01003B4A
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [ esp
+ arg_0 ], 1
push esi
jle loc_1001646
mov eax, [ esp
+ 4
+ arg_4 ]
mov esi,
offset a? ; \"
- ?\"
mov eax, [ eax
+ 4 ]
loc_1001588: ; CODE XREF: sub_1001570
+ 34
mov dl, [ eax ]
mov cl, dl
cmp dl, [ esi ]
jnz short
loc_10015AA
test cl, cl
jz short
loc_10015A6
mov dl, [ eax
+ 1 ]
mov cl, dl
cmp dl, [ esi
+ 1 ]
jnz short
loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short
loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570
+ 22
xor eax, eax
jmp short
loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570
+ 1E
; sub_1001570
+ 2C
sbb eax, eax
sbb eax,
0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570
+ 38
test eax, eax
jnz loc_1001646
mov esi, dword_10010D4
push offset asc_1005010 ; \" ======================================\"...
call esi ;
dword_10010D4
pop ecx
push offset aTftpdroot ; \"\\tftpdroot\\\"
push offset aTftpd_default_ ; \" TFTPD_DEFAULT_DIR is %s\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aTftpd_log ; \"tftpd.log\"
push offset aTftpd_logfileI ; \" TFTPD_LOGFILE is %s\n\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aSystemCurrentc ; \"System\\CurrentControlSet\\Services\\tftpd\"...
push offset aRegistryKeyNam ; \"Registry key names, all strings: HKEY_L\"...
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aDirectory ; \"directory\"
push offset aOStartdirector ; \" o StartDirectory keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aTheseKeysAreSh ; \"These keys are shell patterns with
* an\"...
call esi ;
dword_10010D4
pop ecx
push offset aClients ; \"clients\"
push offset aOValidclientsK ; \" o ValidClients keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aMasters ; \"masters\"
push offset aOValidmastersK ; \" o ValidMasters keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aReadable ; \"readable\"
push offset aOReadableFiles ; \" o Readable files keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aWritable ; \"writable\"
push offset aOWritableFiles ; \" o writable files keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push 0FFFFFFFFh
call dword_10010EC ;
exit
pop ecx
loc_1001646: ; CODE XREF: sub_1001570
+ 6
; sub_1001570
+ 41
push offset off_1005CB0
call dword_1001004 ;
StartServiceCtrlDispatcherA
test eax, eax
jnz short
loc_100165B
call dword_1001038 ;
RtlGetLastWin32Error
loc_100165B: ; CODE XREF: sub_1001570
+ E3
push 0
call dword_100101C ;
ExitProcess
pop esi
retn
sub_1001570 endp
sub_1001665 proc near ; DATA XREF: seg000:01005CB4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset aTftpd ; \"Tftpd\"
mov dword_1006120,
30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138,
4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call dword_1001010 ;
RegisterServiceCtrlHandlerA
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, dword_1001014
mov edi,
offset dword_1006120
push edi
push eax
call esi ;
dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ;
dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ;
dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short
loc_100171C
cmp eax, ebp
jz short
loc_100171C
push offset dword_1006140
push 101h
call dword_10010FC ;
WSAStartup
cmp eax,
0FFFFFFFFh
jnz short
loc_1001735
call dword_10010F8 ;
WSAGetLastError
loc_100171C: ; CODE XREF: sub_1001665
+ 96
; sub_1001665
+ 9A ...
push 1Fh
call sub_1001E73
push 1
call dword_10010EC ;
exit
pop ecx
loc_100172C: ; CODE XREF: sub_1001665
+ 218
; sub_1001665
+ 224
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665
+ AF
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ;
dword_1001014
cmp eax, ebp
jnz short
loc_100176A
loc_1001762: ; CODE XREF: sub_1001665
+ 57
; sub_1001665
+ 6E
call dword_1001038 ;
RtlGetLastWin32Error
jmp short
loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665
+ FB
push 9
pop ecx
xor eax, eax
mov edx,
offset dword_10060C0
mov edi, edx
rep stosd
push edx
call dword_10010A4 ;
time
pop ecx
mov edx, [ esp
+ 10h + arg_0 ]
dec edx
mov ebx, (
offset dword_1005E07
+ 1)
jz short
loc_10017F3
mov eax, [ esp
+ 10h + arg_4 ]
lea eax, [ eax
+ edx
* 4 ]
mov [ esp
+ 10h + arg_0 ], eax
loc_1001797: ; CODE XREF: sub_1001665
+ 18C
mov eax, [ esp
+ 10h + arg_0 ]
mov eax, [ eax ]
cmp byte ptr [ eax ],
2Dh
jnz short
loc_10017F3
movsx ecx, byte ptr [ eax
+ 1 ]
sub ecx,
64h
jz short
loc_10017C9
dec ecx
jz short
loc_10017BD
dec ecx
jnz short
loc_10017E9
mov dword_1005DD8, 1
jmp short
loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665
+ 147
mov dword_1005DD4, 1
jmp short
loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665
+ 144
lea edi, [ eax
+ 2 ]
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665
+ 14A
; sub_1001665
+ 156 ...
sub [ esp
+ 10h + arg_0 ], 4
dec edx
cmp edx, ebp
ja short
loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665
+ 125
; sub_1001665
+ 13B
call sub_10037BF
call sub_1003910
mov esi, dword_10010A8
push ebx
call esi ;
dword_10010A8
cmp eax,
0FFFFFFFFh
pop ecx
jnz short
loc_100182E
call dword_10010AC ;
_errno
push ebx
call dword ptr loc_10010B0
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ;
dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665
+ 1A5
cmp dword_1005DD8, ebp
jz short
loc_1001857
push offset aA ; \"a
+ \"
push offset aTftpd_log ; \"tftpd.log\"
call dword ptr loc_10010B2
+ 2
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short
loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665
+ 1CF
; sub_1001665
+ 1EA
push offset dword_10060C0
call dword_10010B8 ;
ctime
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call dword_100103C ;
WaitForSingleObject
cmp eax, ebp
jz loc_100172C
call dword_1001038 ;
RtlGetLastWin32Error
jmp loc_100172C
sub_1001665 endp
sub_100188E proc near ; CODE XREF: sub_100205A
+ D5
; sub_1002F31
+ 2A8 ...
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
arg_4 = dword ptr
0Ch
arg_8 = byte ptr
10h
push ebp
mov ebp, esp
push ecx
push 3
push [ ebp
+ arg_4 ]
push [ ebp
+ arg_0 ]
call dword_1001100 ;
WSAEventSelect
test eax, eax
jz short
loc_10018AE
call dword_1001038 ;
RtlGetLastWin32Error
xor eax, eax
jmp short
locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E
+ 14
test [ ebp
+ arg_8 ], 1
push 0
push 0FFFFFFFFh
push [ ebp
+ arg_0 ]
jz short
loc_10018C2
push offset loc_1001D74
jmp short
loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E
+ 2B
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E
+ 32
push [ ebp
+ arg_4 ]
lea eax, [ ebp
+ var_4 ]
push eax
call dword_1001174 ;
RtlRegisterWait
mov eax, [ ebp
+ var_4 ]
locret_10018D7: ; CODE XREF: sub_100188E
+ 1E
leave
retn 0Ch
sub_100188E endp
sub_10018DB proc near ; CODE XREF: sub_1001665
+ 1FE
var_4 = dword ptr
- 4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, dword_1001044
push edi
push offset dword_1006080
call esi ;
dword_1001044
push offset dword_1006020
call esi ;
dword_1001044
mov eax,
offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax,
offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ ebp
+ var_4 ]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short
loc_1001957
mov eax, [ ebp
+ var_4 ]
xor ebx, ebx
cmp [ eax ], esi
jbe short
loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB
+ 72
mov ecx, [ eax
+ edi
+ 4 ]
cmp ecx, esi
jz short
loc_1001947
cmp ecx,
100007Fh
jz short
loc_1001947
push ecx
call sub_100205A
mov eax, [ ebp
+ var_4 ]
loc_1001947: ; CODE XREF: sub_10018DB
+ 59
; sub_10018DB
+ 61
inc ebx
add edi,
18h
cmp ebx, [ eax ]
jb short
loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB
+ 4F
push eax
call dword_10010A0 ;
free
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB
+ 46
push offset dword_10060A0
call dword_1001170 ;
RtlCreateTimerQueue
cmp eax, esi
jnz loc_10019EB
mov eax,
0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call dword_1001178 ;
RtlCreateTimer
push esi
push esi
push esi
push esi
mov edi, eax
call dword_1001040 ;
CreateEventA
cmp eax, esi
mov dword_1005DF8, eax
jnz short
loc_10019A2
mov eax, edi
jmp short
loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB
+ C1
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call dword_1001174 ;
RtlRegisterWait
cmp eax, esi
jnz short
loc_10019EB
mov ecx,
offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call sub_1003A44 ; NotifyAddrChange
cmp eax, esi
jz short
loc_10019E9
cmp eax,
3E5h
jnz short
loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB
+ 105
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB
+ 89
; sub_10018DB
+ C5 ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
sub_10019F0 proc near ; CODE XREF: sub_1001665
+ 203
mov eax,
offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call dword_1001044 ;
InitializeCriticalSection
push 0
push 0EFD1Ch
push 0
call dword_1001048 ;
HeapCreate
mov dword_1005DEC, eax
retn
sub_10019F0 endp
sub_1001A1F proc near ; CODE XREF: sub_10029BA
+ 79
push ebx
push esi
mov ebx,
offset dword_1006060
push edi
push ebx
xor esi, esi
call dword_1001058 ;
RtlEnterCriticalSection
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax,
0Ah
jbe short
loc_1001A46
shr eax, 1
mov esi, eax
jmp short
loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F
+ 1F
cmp eax, 3
jbe short
loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F
+ 25
; sub_1001A1F
+ 2A
test esi, esi
jbe short
loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F
+ 65
mov eax, dword_1006078
mov esi, eax
mov ecx, [ eax ]
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
push dword ptr [ esi
+ 30h ]
call dword_1001054 ;
CloseHandle
push esi
push 0
push dword_1005DEC
call dword_1001050 ;
RtlFreeHeap
dec dword_1005DF0
dec edi
jnz short
loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F
+ 31
push ebx
call dword_100104C ;
RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
sub_1001A91 proc near ; CODE XREF: seg000:01001DCC
; seg000:01001DE1
var_68 = byte ptr
- 68h
var_4C = dword ptr
- 4Ch
var_48 = dword ptr
- 48h
var_40 = dword ptr
- 40h
var_3C = dword ptr
- 3Ch
var_30 = byte ptr
- 30h
var_28 = dword ptr
- 28h
var_20 = dword ptr
- 20h
var_1C = dword ptr
- 1Ch
var_10 = byte ptr
- 10h
var_8 = dword ptr
- 8
arg_0 = dword ptr 4
arg_10 = byte ptr
14h
arg_FF9C = dword ptr
0FFA0h
arg_FFA0 = dword ptr
0FFA4h
arg_FFA4 = dword ptr
0FFA8h
arg_FFA8 = dword ptr
0FFACh
arg_FFD4 = dword ptr
0FFD8h
arg_FFD8 = dword ptr
0FFDCh
arg_10004 = dword ptr
10008h
mov eax,
10004h
call sub_1003A3E ; _chkstk
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [ esp
+ 10h ], ebp
mov ebx,
offset dword_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91
+ 291
lea eax, [ esp
+ 10h + arg_0 ]
push eax
push 4004667Fh
push [ esp
+ 18h + arg_10004 ]
call + 4>dword_1001110 + 4
cmp eax, ebp
jnz loc_1001D27
cmp [ esp
+ 1Ch + var_8 ], ebp
jz loc_1001D65
xor eax, eax
lea edi, [ esp
+ 1Ch + arg_10 ]
stosd
stosd
stosd
stosd
push ebx
stosd
call dword_1001058 ;
RtlEnterCriticalSection
mov eax, dword_1006078
inc dword_1005DF4
cmp eax,
offset dword_1006078
jz short
loc_1001B11
mov ecx, [ eax ]
mov esi, eax
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
push dword ptr [ esi
+ 30h ]
call + 0Ch>dword_100105C + 0Ch
mov eax, [ esi
+ 30h ]
jmp short
loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91
+ 64
inc dword_1005DF0
push 2FF6Ch
push 8
push dword_1005DEC
call + 8>dword_100105C + 8
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp
push ebp
push ebp
push ebp
call dword_1001040 ;
CreateEventA
mov [ esi
+ 30h ], eax
loc_1001B41: ; CODE XREF: sub_1001A91
+ 7E
push ebx
mov [ esp
+ 40h + arg_0 ], eax
call dword_100104C ;
RtlLeaveCriticalSection
lea ebp, [ esi
+ 34h ]
mov ecx,
3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [ esp
+ 40h + arg_FFD8 ]
mov [ esp
+ 40h + var_1C ], ebp
mov [ esp
+ 40h + var_20 ],
0FFBDh
mov [ esp
+ 40h + var_28 ],
10h
mov [ esi
+ 1Ch ], eax
lea eax, [ esp
+ 40h + var_10 ]
push 0
push eax
lea eax, [ esp
+ 48h + var_28 ]
lea edi, [ esi
+ 2Ch ]
push eax
lea eax, [ esi
+ 0Ch ]
push eax
lea eax, [ esp
+ 50h + var_30 ]
push eax
push edi
lea eax, [ esp
+ 58h + var_20 ]
push 1
push eax
push [ esp
+ 60h + arg_FFD4 ]
call dword_1001110 ;
WSARecvFrom
mov [ esp
+ 64h + var_48 ], eax
mov ax, [ esi
+ 0Eh ]
push eax
call dword_100110C ;
ntohs
cmp [ esp
+ 68h + var_4C ], 0
jz short
loc_1001C34
call dword_10010F8 ;
WSAGetLastError
cmp eax,
3E5h
jnz loc_1001D2F
mov eax, dword_1005DDC
push 0FFFFFFFFh
mov [ esp
+ 6Ch + var_40 ], eax
mov eax, [ esp
+ 6Ch + var_28 ]
mov [ esp
+ 6Ch + var_3C ], eax
lea eax, [ esp
+ 6Ch + var_40 ]
push 0
push eax
push 2
call + 4>dword_100105C + 4
cmp eax,
0FFFFFFFFh
jz loc_1001D2F
cmp eax,
102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [ esp
+ 78h + var_68 ]
push eax
push 0
lea eax, [ esp
+ 80h + var_48 ]
push edi
push eax
push [ esp
+ 88h + arg_FF9C ]
call dword_1001108 ;
WSAGetOverlappedResult
test eax, eax
jnz short
loc_1001C34
call dword_10010F8 ;
WSAGetLastError
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91
+ 129
; sub_1001A91
+ 196
push 0
push dword_1005DDC
call dword_100103C ;
WaitForSingleObject
test eax, eax
jz loc_1001D2F
cmp dword ptr [ edi ], 2
jl loc_1001CEA
xor edi, edi
cmp [ esp
+ 70h + arg_FFA8 ], edi
jz short
loc_1001CDA
mov ax, [ ebp
+ 0 ]
push eax
call dword_1001104 ;
ntohs
movzx ecx, ax
test ecx, ecx
jle short
loc_1001CB8
cmp ecx, 2
jle short
loc_1001C81
cmp ecx, 4
jz short
loc_1001CB8
cmp ecx, 5
jnz short
loc_1001CB8
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91
+ 1E2
cmp ax, 1
jnz short
loc_1001C94
inc dword_10060C4
mov edi,
offset sub_1002F31
jmp short
loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91
+ 1F4
cmp ax, 2
jnz short
loc_1001CA5
inc dword_10060C8
mov edi,
offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91
+ 201
; sub_1001A91
+ 207
mov eax, [ esp
+ 74h + arg_FFA0 ]
test edi, edi
mov [ esi
+ 8 ], eax
jz short
loc_1001CEA
push esi
call edi ;
sub_1002F31
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91
+ 1DD
; sub_1001A91
+ 1E7 ...
push 0
push 4
push [ esp
+ 7Ch + arg_FFA0 ]
inc dword_10060CC
lea eax, [ esp
+ 80h + var_20 ]
push eax
lea eax, [ esp
+ 84h + var_30 ]
push eax
call sub_100230A
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91
+ 1CB
mov eax, [ esp
+ 70h + arg_FFA4 ]
push esi
mov [ esi
+ 8 ], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91
+ 19E
; sub_1001A91
+ 1BC ...
push ebx
call dword_1001058 ;
RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [ esi
+ 4 ],
offset dword_1006078
mov [ esi ], eax
push offset dword_1005DE8
mov [ eax
+ 4 ], esi
mov dword_1006078, esi
call dword_100105C ;
InterlockedIncrement
dec dword_1005DF4
push ebx
call dword_100104C ;
RtlLeaveCriticalSection
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91
+ 32
call dword_10010F8 ;
WSAGetLastError
jmp short
loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91
+ 136
; sub_1001A91
+ 161 ...
push ebx
call dword_1001058 ;
RtlEnterCriticalSection
mov eax, dword_1006078
mov dword ptr [ esi
+ 4 ],
offset dword_1006078
mov [ esi ], eax
push offset dword_1005DE8
mov [ eax
+ 4 ], esi
mov dword_1006078, esi
call dword_100105C ;
InterlockedIncrement
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91
+ 9D
push ebx
call dword_100104C ;
RtlLeaveCriticalSection
loc_1001D65: ; CODE XREF: sub_1001A91
+ 3C
; sub_1001A91
+ 29C
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp,
10004h
retn 8
sub_1001A91 endp
; sp - analysis failed
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E + 2D
push ecx
push ebx
push ebp
push esi
mov esi, offset dword_1006020
push edi
mov edi, dword_1001070
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; dword_1001070
loc_1001D8B: ; CODE XREF: seg000:01001DA1
test eax, eax
jnz short loc_1001DA7
push 0C8h
call dword_100106C ; Sleep
push esi
call edi ; dword_1001070
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: seg000:01001D8D
lea eax, [ esp + 10h ]
push eax
push dword ptr [ esp + 1Ch ]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [ esp + 10h ]
mov ebp, [ eax + 0Ch ]
loc_1001DC0: ; CODE XREF: seg000:01001DB7
push esi
call dword_100104C ; RtlLeaveCriticalSection
push ebp
push dword ptr [ esp + 1Ch ]
call sub_1001A91
loc_1001DD1: ; CODE XREF: seg000:01001DA5
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2
push 0
push dword ptr [ esp + 8 ]
call sub_1001A91
xor eax, eax
retn 8
sub_1001DEB proc near ; DATA XREF: sub_1001665
+ 6
var_4 = byte ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ ebp
+ var_4 ]
push eax
call dword_10010A4 ;
time
inc dword_1006134
pop ecx
lea eax, [ ebp
+ var_4 ]
push eax
call dword_10010B8 ;
ctime
mov eax, [ ebp
+ arg_0 ]
pop ecx
dec eax
jz short
loc_1001E68
dec eax
jz short
loc_1001E35
dec eax
jz short
loc_1001E1D
dec eax
dec eax
jz short
loc_1001E68
jmp short
loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB
+ 2A
push dword_1006040
call dword_1001034 ;
ResumeThread
mov dword_1006124, 4
jmp short
loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB
+ 27
push dword_1006040
call dword_1001074 ;
SuspendThread
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB
+ 30
; sub_1001DEB
+ 48
push offset dword_1006120
push dword_1006044
call dword_1001014 ;
SetServiceStatus
test eax, eax
jnz short
locret_1001E6F
call dword_1001038 ;
RtlGetLastWin32Error
jmp short
locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB
+ 24
; sub_1001DEB
+ 2E
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB
+ 73
; sub_1001DEB
+ 7B
leave
retn 4
sub_1001DEB endp
sub_1001E73 proc near ; CODE XREF: sub_1001665
+ B9
; sub_1001DEB
+ 7F
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, dword_1001014
push edi
mov edi,
offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ;
dword_1001014
mov ebp, dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short
loc_1001EA3
call ebp ;
dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73
+ 2C
push dword_1005DDC
call dword_1001030 ;
SetEvent
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [ esp
+ 10h + arg_0 ]
mov dword_1006138, ebx
cmp eax, ebx
jnz short
loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short
loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73
+ 58
cmp eax,
834h
jb short
loc_1001EF3
cmp eax,
16A7h
mov dword_100612C,
42Ah
jbe short
loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73
+ 6D
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73
+ 7E
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73
+ 66
push edi
push dword_1006044
call esi ;
dword_1001014
cmp eax, ebx
jnz short
loc_1001F0C
call ebp ;
dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73
+ 95
mov eax, dword_1005DE0
mov esi, dword_1001054
cmp eax, ebx
jz short
loc_1001F24
push eax
call esi ;
dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73
+ A6
mov eax, dword_1005DDC
cmp eax, ebx
jz short
loc_1001F36
push eax
call esi ;
dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73
+ B8
mov eax, dword_1005DD0
cmp eax, ebx
jz short
loc_1001F4D
push eax
call dword_100109C ;
fclose
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73
+ CA
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
sub_1001F54 proc near ; CODE XREF: sub_1002182
+ 1C
; sub_1002219
+ B7
arg_0 = dword ptr 4
push esi
mov esi, [ esp
+ 4
+ arg_0 ]
push 0FFFFFFFFh
push dword ptr [ esi
+ 10h ]
call dword_1001168 ;
RtlDeregisterWaitEx
push dword ptr [ esi
+ 8 ]
call dword_100111C ;
closesocket
push dword ptr [ esi
+ 14h ]
call dword_1001118 ;
WSACloseEvent
mov eax, [ esi ]
mov ecx, [ esi
+ 4 ]
cmp eax, ecx
jnz short
loc_1001F90
mov eax, dword_1006038
mov ecx, [ eax ]
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
jmp short
loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54
+ 29
mov [ ecx ], eax
mov eax, [ esi ]
mov ecx, [ esi
+ 4 ]
mov [ eax
+ 4 ], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54
+ 3A
push esi
call dword_10010A0 ;
free
pop ecx
pop esi
retn 4
sub_1001F54 endp
sub_1001FA6 proc near ; CODE XREF: sub_10018DB
+ 3D
; sub_1002219
+ 1D
var_8 = dword ptr
- 8
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ ebp
+ arg_0 ]
push esi
push edi
xor edi, edi
lea eax, [ ebp
+ var_4 ]
push edi
push eax
push edi
mov [ ebp
+ var_4 ], edi
mov [ ebp
+ var_8 ],
0C0000017h
mov [ ebx ], edi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short
loc_1001FD3
cmp eax,
7Ah
jnz short
loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6
+ 26
push [ ebp
+ var_4 ]
call dword_1001094 ;
malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short
loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6
+ 63
lea eax, [ ebp
+ var_4 ]
push edi
push eax
push esi
call sub_1003A4A ; GetIpAddrTable
cmp eax, edi
jz short
loc_1002015
cmp eax,
7Ah
jnz short
loc_100201A
push [ ebp
+ var_4 ]
push esi
call dword_1001098 ;
realloc
pop ecx
cmp eax, edi
pop ecx
jz short
loc_100200B
mov esi, eax
jmp short
loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6
+ 5F
push esi
call dword_10010A0 ;
free
pop ecx
jmp short
loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6
+ 4A
mov [ ebp
+ var_8 ], edi
mov [ ebx ], esi
loc_100201A: ; CODE XREF: sub_1001FA6
+ 2B
; sub_1001FA6
+ 3B ...
mov eax, [ ebp
+ var_8 ]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
sub_1002024 proc near ; CODE XREF: sub_100205A
+ B7
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [ esp
+ arg_0 ]
call dword_1001120 ;
inet_ntoa
test eax, eax
jz short
locret_1002057
push edi
mov edi, eax
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [ esp
+ 8
+ arg_4 ]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024
+ C
retn 8
sub_1002024 endp
sub_100205A proc near ; CODE XREF: sub_10018DB
+ 64
; sub_1002219
+ 65 ...
var_28 = byte ptr
- 28h
var_14 = word ptr
- 14h
var_12 = word ptr
- 12h
var_10 = dword ptr
- 10h
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp,
28h
push ebx
push esi
xor esi, esi
push edi
mov [ ebp
+ var_4 ], esi
loc_1002068: ; CODE XREF: sub_100205A
+ 5D
push 1
push esi
push esi
push esi
push 2
push 2
call dword_10010F4 ;
WSASocketA
mov ebx, eax
cmp ebx,
0FFFFFFFFh
jz short
loc_100209D
xor eax, eax
lea edi, [ ebp
+ var_14 ]
stosd
stosd
stosd
push offset aUdp ; \"udp\"
push offset aTftp ; \"tftp\"
stosd
call dword_1001128 ;
getservbyname
cmp eax, esi
jnz short
loc_10020B9
jmp short
loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A
+ 22
call dword_10010F8 ;
WSAGetLastError
push 2EEh
call dword_100106C ;
Sleep
inc [ ebp
+ var_4 ]
loc_10020B1: ; CODE XREF: sub_100205A
+ 41
cmp [ ebp
+ var_4 ],
0Ah
jge short
loc_10020E6
jmp short
loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A
+ 3F
mov [ ebp
+ var_14 ], 2
mov ax, [ eax
+ 8 ]
mov [ ebp
+ var_12 ], ax
mov eax, [ ebp
+ arg_0 ]
mov [ ebp
+ var_10 ], eax
lea eax, [ ebp
+ var_14 ]
push 10h
push eax
push ebx
call dword_1001124 ;
bind
test eax, eax
jz short
loc_10020E6
call dword_1001038 ;
RtlGetLastWin32Error
jmp short
loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A
+ 5B
; sub_100205A
+ 82
cmp ebx,
0FFFFFFFFh
jz short
loc_100215E
push 20h
call dword_1001094 ;
malloc
mov esi, eax
pop ecx
test esi, esi
jz short
loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ ebp
+ arg_0 ]
lea ecx, [ ebp
+ var_28 ]
push ecx
push eax
mov [ esi
+ 8 ], ebx
mov [ esi
+ 0Ch ], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call dword_1001040 ;
CreateEventA
mov edi, eax
test edi, edi
jz short
loc_1002140
push 1
push edi
push ebx
mov [ esi
+ 14h ], edi
call sub_100188E
test eax, eax
mov [ esi
+ 10h ], eax
jnz short
loc_1002162
jmp short
loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A
+ 9E
mov edi, [ ebp
+ arg_0 ]
loc_1002140: ; CODE XREF: sub_100205A
+ CC
; sub_100205A
+ E1
push ebx
call dword_100111C ;
closesocket
test edi, edi
jz short
loc_1002152
push edi
call dword_1001054 ;
CloseHandle
loc_1002152: ; CODE XREF: sub_100205A
+ EF
test esi, esi
jz short
loc_100215E
push esi
call dword_10010A0 ;
free
pop ecx
loc_100215E: ; CODE XREF: sub_100205A
+ 8A
; sub_100205A
+ 8F ...
xor eax, eax
jmp short
loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A
+ DF
mov eax, dword_1006038
mov dword ptr [ esi
+ 4 ],
offset dword_1006038
mov [ esi ], eax
mov [ eax
+ 4 ], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A
+ 106
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298
mov ecx, dword_1006038
push esi
mov esi,
offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short
loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182
+ 2E
cmp dword ptr [ ecx
+ 18h ], 0
mov edi, [ ecx ]
jnz short
loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short
loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182
+ 19
and dword ptr [ ecx
+ 18h ], 0
loc_10021AC: ; CODE XREF: sub_1002182
+ 24
cmp edi, esi
mov ecx, edi
jnz short
loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182
+ 10
pop esi
retn
sub_1002182 endp
sub_10021B5 proc near ; CODE XREF: sub_1002219
+ 43
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [ esp
+ arg_4 ]
push esi
mov ecx,
offset dword_1006038
and dword ptr [ edx ], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5
+ 21
cmp eax, ecx
jz short
loc_10021DF
mov esi, [ eax
+ 0Ch ]
cmp esi, [ esp
+ 4
+ arg_0 ]
jz short
loc_10021D8
mov eax, [ eax ]
jmp short
loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5
+ 1D
push 1
mov [ edx ], eax
pop eax
jmp short
loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5
+ 14
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5
+ 28
pop esi
retn 8
sub_10021B5 endp
sub_10021E5 proc near ; CODE XREF: seg000:01001DB0
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [ esp
+ arg_4 ]
push esi
mov ecx,
offset dword_1006038
and dword ptr [ edx ], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5
+ 21
cmp eax, ecx
jz short
loc_100220A
mov esi, [ eax
+ 8 ]
cmp esi, [ esp
+ 4
+ arg_0 ]
jz short
loc_1002208
mov eax, [ eax ]
jmp short
loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5
+ 1D
mov [ edx ], eax
loc_100220A: ; CODE XREF: sub_10021E5
+ 14
mov eax, [ edx ]
pop esi
neg eax
sbb eax, eax
and al,
0A9h
add eax,
57h
retn 8
sub_10021E5 endp
sub_1002219 proc near ; DATA XREF: sub_10018DB
+ CB
var_C = dword ptr
- 0Ch
var_8 = dword ptr
- 8
var_4 = dword ptr
- 4
push ebp
mov ebp, esp
sub esp,
0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ ebp
+ var_C ], esi
call dword_1001058 ;
RtlEnterCriticalSection
lea eax, [ ebp
+ var_4 ]
push eax
call sub_1001FA6
test eax, eax
jnz short
loc_10022A9
mov eax, [ ebp
+ var_4 ]
xor ebx, ebx
cmp [ eax ], esi
jbe short
loc_1002298
loc_1002248: ; CODE XREF: sub_1002219
+ 7D
mov eax, [ eax
+ esi
+ 4 ]
test eax, eax
jz short
loc_100228D
cmp eax,
100007Fh
jz short
loc_100228D
lea ecx, [ ebp
+ var_8 ]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short
loc_1002271
mov eax, [ ebp
+ var_8 ]
mov dword ptr [ eax
+ 18h ], 1
jmp short
loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219
+ 4A
mov eax, [ ebp
+ var_4 ]
push 1
pop edi
push dword ptr [ eax
+ esi
+ 4 ]
mov [ ebp
+ var_C ], edi
call sub_100205A
test eax, eax
mov [ ebp
+ var_8 ], eax
jz short
loc_100228D
mov [ eax
+ 18h ], edi
loc_100228D: ; CODE XREF: sub_1002219
+ 35
; sub_1002219
+ 3C ...
mov eax, [ ebp
+ var_4 ]
inc ebx
add esi,
18h
cmp ebx, [ eax ]
jb short
loc_1002248
loc_1002298: ; CODE XREF: sub_1002219
+ 2D
call sub_1002182
push [ ebp
+ var_4 ]
mov esi, eax
call dword_10010A0 ;
free
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219
+ 24
cmp [ ebp
+ var_C ], 0
jnz short
loc_10022E9
test esi, esi
jnz short
loc_10022E9
mov eax, dword_1006038
mov edi,
offset dword_1006038
cmp eax, edi
jz short
loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219
+ CE
mov [ ebp
+ var_8 ], eax
mov ebx, [ eax ]
test byte ptr [ eax
+ 1Ch ], 1
jnz short
loc_10022E3
mov esi, [ eax
+ 0Ch ]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short
loc_10022E3
or dword ptr [ eax
+ 1Ch ], 1
loc_10022E3: ; CODE XREF: sub_1002219
+ B1
; sub_1002219
+ C4
cmp ebx, edi
mov eax, ebx
jnz short
loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219
+ 94
; sub_1002219
+ 98 ...
push offset dword_1006100
push offset dword_1005E00
call sub_1003A44 ; NotifyAddrChange
push offset dword_1006020
call dword_100104C ;
RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
sub_100230A proc near ; CODE XREF: sub_1001A91
+ 242
; sub_10023D8
+ 23C ...
var_FFBC = word ptr
- 0FFBCh
var_FFBA = word ptr
- 0FFBAh
var_FFB8 = byte ptr
- 0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr
10h
arg_C = dword ptr
14h
arg_10 = dword ptr
18h
push ebp
mov ebp, esp
mov eax,
0FFBCh
call sub_1003A3E ; _chkstk
push ebx
push esi
mov esi, dword_1001104
push edi
push 5
call esi ;
dword_1001104
mov edi, [ ebp
+ arg_C ]
mov [ ebp
+ var_FFBC ], ax
push edi
call esi ;
dword_1001104
cmp [ ebp
+ arg_10 ], 0
mov [ ebp
+ var_FFBA ], ax
jz short
loc_1002369
mov edi, [ ebp
+ arg_10 ]
or ecx,
0FFFFFFFFh
xor eax, eax
lea edx, [ ebp
+ var_FFB8 ]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ ebp
+ arg_10 ]
jmp short
loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A
+ 32
cmp di, 9
jb short
loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A
+ 63
movzx eax, di
or ecx,
0FFFFFFFFh
lea ebx, [ ebp
+ var_FFB8 ]
mov edx, off_1005CC0[ eax
* 4 ]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A
+ 5D
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ ebp
+ arg_0 ]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ ebp
+ var_FFBC ]
push ecx
push eax
push [ ebp
+ arg_8 ]
call dword_1001130 ;
sendto
cmp eax,
0FFFFFFFFh
jnz short
loc_10023D1
call dword_10010F8 ;
WSAGetLastError
loc_10023D1: ; CODE XREF: sub_100230A
+ BF
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
sub_10023D8 proc near ; CODE XREF: sub_1002F31
+ 302
; sub_100333A
+ 26D
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr
0Ch
arg_C = dword ptr
10h
arg_10 = dword ptr
14h
arg_14 = dword ptr
18h
mov eax, [ esp
+ arg_0 ]
push ebx
push ebp
push esi
mov esi, [ esp
+ 0Ch + arg_10 ]
mov dword ptr [ eax
+ 20h ],
200h
mov dword ptr [ eax
+ 28h ],
0Ah
mov eax, [ esp
+ 0Ch + arg_14 ]
push edi
mov ecx,
3FEFh
and dword ptr [ eax ], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call dword_1001104 ;
ntohs
mov [ esi ], ax
lea ebx, [ esi
+ 2 ]
mov ebp, [ esp
+ 10h + arg_4 ]
cmp byte ptr [ ebp
+ 0 ], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8
+ 202
mov esi, dword_100115C
push offset aBlksize ; \"blksize\"
push ebp
call esi ;
dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short
loc_1002498
mov edi, ebp
or ecx,
0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call dword_1001160 ;
atoi
pop ecx
cmp eax, esi
mov ecx, [ esp
+ 10h + arg_0 ]
mov [ ecx
+ 20h ], eax
jb loc_10025FD
cmp eax,
0FFB8h
ja loc_10025FD
cmp eax,
5B0h
jnz short
loc_100248F
mov dword ptr [ ecx
+ 20h ],
200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8
+ A7
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8
+ 5A
push offset aTimeout_0 ; \"timeout\"
push ebp
call esi ;
dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short
loc_100251A
mov edi, ebp
or ecx,
0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call dword_1001160 ;
atoi
pop ecx
mov ecx, [ esp
+ 10h + arg_0 ]
push 1
pop edx
cmp eax, edx
mov [ ecx
+ 28h ], eax
jl loc_1002602
cmp eax,
0FFh
jg loc_1002602
mov eax, [ esp
+ 10h + arg_14 ]
mov edi, ebp
or ecx,
0FFFFFFFFh
mov [ eax ], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8
+ CC
push offset aTsize ; \"tsize\"
push ebp
call esi ;
dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx,
0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [ esp
+ 10h + arg_8 ], 2
rep movsb
jnz short
loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ ebx
+ ecx
+ 1 ]
mov ecx, edx
jmp short
loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8
+ 180
mov eax, [ esp
+ 10h + arg_0 ]
push 0Ah
push ebx
push dword ptr [ eax
+ 24h ]
loc_1002597: ; CODE XREF: sub_10023D8
+ BB
call dword_1001164 ;
_itoa
add esp,
0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8
+ 13D
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ ebx
+ ecx
+ 1 ]
jmp short
loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8
+ 150
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ ebp
+ ecx
+ 1 ], al
lea ebp, [ ebp
+ ecx
+ 1 ]
jz short
loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8
+ B2
; sub_10023D8
+ 1D8
mov edi, ebp
or ecx,
0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8
+ 1B3
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ ebp
+ ecx
+ 1 ], al
lea ebp, [ ebp
+ ecx
+ 1 ]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8
+ 1