; File Name : u:\startupscripts\work\hiddencode.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00003310 ( 13072.)
; Section size in file : 00003310 ( 13072.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 1001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_1001000 dd 77D982ACh dword_1001004 dd 77D92985h dword_1001008 dd 77D9858Eh dword_100100C dd 77D97D4Dh dword_1001010 dd 77D92C54h dword_1001014 dd 77DA9694h ; sub_1001DEB + 6B�r ...
dd 0
dword_100101C dd 77E7B0BBh dword_1001020 dd 77E74CA6h dword_1001024 dd 77E7C37Ah dword_1001028 dd 77F877E0h dword_100102C dd 77E7C4E4h ; sub_1002F31 + 1C3�r ...
dword_1001030 dd 77E6670Dh dword_1001034 dd 77E66F37h dword_1001038 dd 77E6668Ch ; sub_1001665:loc_1001762�r ...
dword_100103C dd 77E68778h ; sub_1001A91 + 1AB�r
dword_1001040 dd 77E6B217h ; sub_10018DB + B4�r ...
dword_1001044 dd 77E68D0Fh ; sub_10019F0 + 14�r ...
dword_1001048 dd 77E65304h dword_100104C dd 77F8AA7Dh ; sub_1001A91 + B5�r ...
dword_1001050 dd 77FC9C41h dword_1001054 dd 77E6A6C8h ; sub_1001E73 + 9E�r ...
dword_1001058 dd 77F8AA4Ch ; sub_1001A91 + 4E�r ...
dword_100105C dd 77E74A02h, 77E7E673h, 77FC976Bh, 77E7310Fh ; sub_1001A91 + 2C1�r ...
dword_100106C dd 77E64B74h ; sub_100205A + 4E�r
dword_1001070 dd 77F89789h dword_1001074 dd 77E7CFC6h dd 0
dword_100107C dd 78001DEAh dword_1001080 dd 78003E70h dword_1001084 dd 7800B426h dword_1001088 dd 78014EE9h dword_100108C dd 78014DABh dword_1001090 dd 7801D884h dword_1001094 dd 78001000h ; sub_100205A + 93�r ...
dword_1001098 dd 78001EC9h dword_100109C dd 78012188h dword_10010A0 dd 780010EDh ; sub_1001F54 + 47�r ...
dword_10010A4 dd 7802A875h ; sub_1001DEB + 8�r
dword_10010A8 dd 78017A09h dword_10010AC dd 7800C9ACh ; sub_10027E1 + 77�r ...
dword_10010B0 dd 78017E4Bh, 78022AA9h ; sub_1001665 + 1DB�r
dword_10010B8 dd 7802A38Bh ; sub_1001DEB + 19�r
dword_10010BC dd 78003C1Eh dword_10010C0 dd 7800F56Ah dword_10010C4 dd 78003E5Ah dword_10010C8 dd 78003E64h dword_10010CC dd 78003E6Ah dword_10010D0 dd 7803BB70h dword_10010D4 dd 78025147h dword_10010D8 dd 7800BB9Eh dword_10010DC dd 7800F7DCh, 7800B908hdword_10010E4 dd 7801D1CFh ; sub_100333A + 1B9�r
dword_10010E8 dd 78014B25h dword_10010EC dd 7800269Eh dd 0
dword_10010F4 dd 74FB1311h dword_10010F8 dd 74FB2B3Ch ; sub_1001A91 + 12B�r ...
dword_10010FC dd 74FB4A6Ah dword_1001100 dd 74FB5502h dword_1001104 dd 74FB2B57h ; sub_100230A + F�r ...
dword_1001108 dd 74FBD027h dword_100110C dd 74FB2B57h ; sub_1002A3D + 40�r ...
; ---------------------------------------------------------------------------
locret_1001110: ; DATA XREF: sub_1001A91 + 10F�r
retf
; ---------------------------------------------------------------------------
dword_1001114 dd 74FB125Ah dword_1001118 dd 74FB894Bh dword_100111C dd 74FB3284h ; sub_100205A + E7�r ...
dword_1001120 dd 74FB5413h ; sub_1002F31 + 64�r ...
dword_1001124 dd 74FB3A14h ; sub_1002F31 + 256�r ...
dword_1001128 dd 74FB90C0h dword_100112C dd 74FB3832h ; sub_100333A + 1EB�r
dword_1001130 dd 74FB306Fh ; sub_1002A3D + 65�r ...
align 8
dword_1001138 dd 77307866h dword_100113C dd 773025A3h dd 0
dword_1001144 dd 77F82A70h dword_1001148 dd 77F8A557h dword_100114C dd 77FB6307h dword_1001150 dd 77F92A89h ; sub_100333A + 95�r
dword_1001154 dd 77F97C81h ; sub_1002B5E + 114�r ...
dword_1001158 dd 77F816E4h ; sub_1002A3D + FD�r ...
dword_100115C dd 77F8F1D6h dword_1001160 dd 77F9431Dh ; sub_10023D8 + F2�r
dword_1001164 dd 77F936B1h dword_1001168 dd 77F912B1h ; sub_1002901 + 35�r
dword_100116C dd 77F8F73Ch dword_1001170 dd 77F979C8h dword_1001174 dd 77F8D7C7h ; sub_10018DB + D6�r
dword_1001178 dd 77F975A5h ; sub_1002F31 + 34D�r ...
dd 2 dup(0)
dd 37ECADD7h, 0
dd 4, 110h, 0
dd 4C00h, 0
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
aOWritableFiles db ' o writable files keyname \"%s\"',0Ah,0 ; DATA XREF: _main + C4
aWritable db 'writable',0 ; DATA XREF: _main + BF
; sub_10037BF + 121
align 4
aOReadableFiles db ' o Readable files keyname \"%s\"',0Ah,0 ; DATA XREF: _main + B6
aReadable db 'readable',0 ; DATA XREF: _main + B1 sub_10037BF + F1
align 4
aOValidmastersK db ' o ValidMasters keyname \"%s\"',0Ah,0 ; DATA XREF: _main + A8
aMasters db 'masters',0 ; DATA XREF: _main + A3 sub_10037BF + C1
aOValidclientsK db ' o ValidClients keyname \"%s\"',0Ah,0 ; DATA XREF: _main + 9A
aClients db 'clients',0 ; DATA XREF: _main + 95 sub_10037BF + 8E
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: _main + 8D
align 4
aOStartdirector db ' o StartDirectory keyname \"%s\"',0Ah,0 ; DATA XREF: _main + 84
aDirectory db 'directory',0 ; DATA XREF: _main + 7F sub_10037BF + 5C
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: _main + 76
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: _main + 71 sub_10037BF + 13
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: _main + 68
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: _main + 63
; sub_1001665 + 1D6
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: _main + 5A
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: _main + 55 sub_1003910 + 1E
a? db ' - ?',0 ; DATA XREF: _main + 10
align 4
aA db 'a + ',0 ; DATA XREF: sub_1001665 + 1D1
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A + 31
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A + 2C
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: .data:01005CE0
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: .data:01005CDC
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: .data:01005CD8
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: .data:01005CD4
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: .data:01005CD0
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: .data:01005CCC
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: .data:01005CC8
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: .data:01005CC4
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: .data:off_1005CC0
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498
aBlksize db 'blksize',0 ; DATA XREF: sub_10023D8 + 4E
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D + D2
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197
; sub_100333A + 201 ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31 + 195
; sub_100333A + 1A0
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31 + 139
; sub_100333A + 159
aOctet db 'octet',0 ; DATA XREF: sub_1002F31 + D2
; sub_100333A:loc_100341F
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31 + 9F
; sub_100333A:loc_10033E1
align 4
asc_100155C: ; DATA XREF: sub_1003910 + 7F
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; int __cdecl main(int argc, const char
* * argv, const char
* envp)
_main proc near ; CODE XREF: start
+ FA
argc = dword ptr 4
argv = dword ptr 8
envp = dword ptr
0Ch
cmp [ esp
+ argc ], 1
push esi
jle loc_1001646
mov eax, [ esp
+ 4
+ argv ]
mov esi,
offset a? ; \"
- ?\"
mov eax, [ eax
+ 4 ]
loc_1001588: ; CODE XREF: _main
+ 34
mov dl, [ eax ]
mov cl, dl
cmp dl, [ esi ]
jnz short
loc_10015AA
test cl, cl
jz short
loc_10015A6
mov dl, [ eax
+ 1 ]
mov cl, dl
cmp dl, [ esi
+ 1 ]
jnz short
loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short
loc_1001588
loc_10015A6: ; CODE XREF: _main
+ 22
xor eax, eax
jmp short
loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: _main
+ 1E _main
+ 2C
sbb eax, eax
sbb eax,
0FFFFFFFFh
loc_10015AF: ; CODE XREF: _main
+ 38
test eax, eax
jnz loc_1001646
mov esi, ds:dword_10010D4
push offset asc_1005010 ; \" ======================================\"...
call esi ;
dword_10010D4
pop ecx
push offset aTftpdroot ; \"\\tftpdroot\\\"
push offset aTftpd_default_ ; \" TFTPD_DEFAULT_DIR is %s\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aTftpd_log ; \"tftpd.log\"
push offset aTftpd_logfileI ; \" TFTPD_LOGFILE is %s\n\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aSystemCurrentc ; \"System\\CurrentControlSet\\Services\\tftpd\"...
push offset aRegistryKeyNam ; \"Registry key names, all strings: HKEY_L\"...
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aDirectory ; \"directory\"
push offset aOStartdirector ; \" o StartDirectory keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aTheseKeysAreSh ; \"These keys are shell patterns with
* an\"...
call esi ;
dword_10010D4
pop ecx
push offset aClients ; \"clients\"
push offset aOValidclientsK ; \" o ValidClients keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aMasters ; \"masters\"
push offset aOValidmastersK ; \" o ValidMasters keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aReadable ; \"readable\"
push offset aOReadableFiles ; \" o Readable files keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push offset aWritable ; \"writable\"
push offset aOWritableFiles ; \" o writable files keyname \\"%s\\"\n\"
call esi ;
dword_10010D4
pop ecx
pop ecx
push 0FFFFFFFFh
call ds:
dword_10010EC
pop ecx
loc_1001646: ; CODE XREF: _main
+ 6 _main
+ 41
push offset off_1005CB0
call ds:
dword_1001004
test eax, eax
jnz short
loc_100165B
call ds:
dword_1001038
loc_100165B: ; CODE XREF: _main
+ E3
push 0
call ds:
dword_100101C
pop esi
retn
_main endp
sub_1001665 proc near ; DATA XREF: .data:01005CB4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset aTftpd ; \"Tftpd\"
mov dword_1006120,
30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138,
4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call ds:
dword_1001010
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, ds:dword_1001014
mov edi,
offset dword_1006120
push edi
push eax
call esi ;
dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, ds:dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ;
dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ;
dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short
loc_100171C
cmp eax, ebp
jz short
loc_100171C
push offset dword_1006140
push 101h
call ds:
dword_10010FC
cmp eax,
0FFFFFFFFh
jnz short
loc_1001735
call ds:
dword_10010F8
loc_100171C: ; CODE XREF: sub_1001665
+ 96
; sub_1001665
+ 9A ...
push 1Fh
call sub_1001E73
push 1
call ds:
dword_10010EC
pop ecx
loc_100172C: ; CODE XREF: sub_1001665
+ 218
; sub_1001665
+ 224
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665
+ AF
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ;
dword_1001014
cmp eax, ebp
jnz short
loc_100176A
loc_1001762: ; CODE XREF: sub_1001665
+ 57
; sub_1001665
+ 6E
call ds:
dword_1001038
jmp short
loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665
+ FB
push 9
pop ecx
xor eax, eax
mov edx,
offset dword_10060C0
mov edi, edx
rep stosd
push edx
call ds:
dword_10010A4
pop ecx
mov edx, [ esp
+ 10h + arg_0 ]
dec edx
mov ebx, (
offset dword_1005E07
+ 1)
jz short
loc_10017F3
mov eax, [ esp
+ 10h + arg_4 ]
lea eax, [ eax
+ edx
* 4 ]
mov [ esp
+ 10h + arg_0 ], eax
loc_1001797: ; CODE XREF: sub_1001665
+ 18C
mov eax, [ esp
+ 10h + arg_0 ]
mov eax, [ eax ]
cmp byte ptr [ eax ],
2Dh
jnz short
loc_10017F3
movsx ecx, byte ptr [ eax
+ 1 ]
sub ecx,
64h
jz short
loc_10017C9
dec ecx
jz short
loc_10017BD
dec ecx
jnz short
loc_10017E9
mov dword_1005DD8, 1
jmp short
loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665
+ 147
mov dword_1005DD4, 1
jmp short
loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665
+ 144
lea edi, [ eax
+ 2 ]
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665
+ 14A
; sub_1001665
+ 156 ...
sub [ esp
+ 10h + arg_0 ], 4
dec edx
cmp edx, ebp
ja short
loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665
+ 125
; sub_1001665
+ 13B
call sub_10037BF
call sub_1003910
mov esi, ds:dword_10010A8
push ebx
call esi ;
dword_10010A8
cmp eax,
0FFFFFFFFh
pop ecx
jnz short
loc_100182E
call ds:
dword_10010AC
push ebx
call ds:
dword_10010B0
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ;
dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665
+ 1A5
cmp dword_1005DD8, ebp
jz short
loc_1001857
push offset aA ; \"a
+ \"
push offset aTftpd_log ; \"tftpd.log\"
call ds:
+ 4>dword_10010B0 + 4
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short
loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665
+ 1CF
; sub_1001665
+ 1EA
push offset dword_10060C0
call ds:
dword_10010B8
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call ds:
dword_100103C
cmp eax, ebp
jz loc_100172C
call ds:
dword_1001038
jmp loc_100172C
sub_1001665 endp
sub_100188E proc near ; CODE XREF: sub_100205A
+ D5
; sub_1002F31
+ 2A8 ...
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
arg_4 = dword ptr
0Ch
arg_8 = byte ptr
10h
push ebp
mov ebp, esp
push ecx
push 3
push [ ebp
+ arg_4 ]
push [ ebp
+ arg_0 ]
call ds:
dword_1001100
test eax, eax
jz short
loc_10018AE
call ds:
dword_1001038
xor eax, eax
jmp short
locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E
+ 14
test [ ebp
+ arg_8 ], 1
push 0
push 0FFFFFFFFh
push [ ebp
+ arg_0 ]
jz short
loc_10018C2
push offset loc_1001D74
jmp short
loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E
+ 2B
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E
+ 32
push [ ebp
+ arg_4 ]
lea eax, [ ebp
+ var_4 ]
push eax
call ds:
dword_1001174
mov eax, [ ebp
+ var_4 ]
locret_10018D7: ; CODE XREF: sub_100188E
+ 1E
leave
retn 0Ch
sub_100188E endp
sub_10018DB proc near ; CODE XREF: sub_1001665
+ 1FE
var_4 = dword ptr
- 4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:dword_1001044
push edi
push offset dword_1006080
call esi ;
dword_1001044
push offset dword_1006020
call esi ;
dword_1001044
mov eax,
offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax,
offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ ebp
+ var_4 ]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short
loc_1001957
mov eax, [ ebp
+ var_4 ]
xor ebx, ebx
cmp [ eax ], esi
jbe short
loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB
+ 72
mov ecx, [ eax
+ edi
+ 4 ]
cmp ecx, esi
jz short
loc_1001947
cmp ecx,
100007Fh
jz short
loc_1001947
push ecx
call sub_100205A
mov eax, [ ebp
+ var_4 ]
loc_1001947: ; CODE XREF: sub_10018DB
+ 59
; sub_10018DB
+ 61
inc ebx
add edi,
18h
cmp ebx, [ eax ]
jb short
loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB
+ 4F
push eax
call ds:
dword_10010A0
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB
+ 46
push offset dword_10060A0
call ds:
dword_1001170
cmp eax, esi
jnz loc_10019EB
mov eax,
0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call ds:
dword_1001178
push esi
push esi
push esi
push esi
mov edi, eax
call ds:
dword_1001040
cmp eax, esi
mov dword_1005DF8, eax
jnz short
loc_10019A2
mov eax, edi
jmp short
loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB
+ C1
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call ds:
dword_1001174
cmp eax, esi
jnz short
loc_10019EB
mov ecx,
offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call sub_1003A44
cmp eax, esi
jz short
loc_10019E9
cmp eax,
3E5h
jnz short
loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB
+ 105
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB
+ 89
; sub_10018DB
+ C5 ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
sub_10019F0 proc near ; CODE XREF: sub_1001665
+ 203
mov eax,
offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call ds:
dword_1001044
push 0
push 0EFD1Ch
push 0
call ds:
dword_1001048
mov dword_1005DEC, eax
retn
sub_10019F0 endp
sub_1001A1F proc near ; CODE XREF: sub_10029BA
+ 79
push ebx
push esi
mov ebx,
offset dword_1006060
push edi
push ebx
xor esi, esi
call ds:
dword_1001058
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax,
0Ah
jbe short
loc_1001A46
shr eax, 1
mov esi, eax
jmp short
loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F
+ 1F
cmp eax, 3
jbe short
loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F
+ 25
; sub_1001A1F
+ 2A
test esi, esi
jbe short
loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F
+ 65
mov eax, dword_1006078
mov esi, eax
mov ecx, [ eax ]
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
push dword ptr [ esi
+ 30h ]
call ds:
dword_1001054
push esi
push 0
push dword_1005DEC
call ds:
dword_1001050
dec dword_1005DF0
dec edi
jnz short
loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F
+ 31
push ebx
call ds:
dword_100104C
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
sub_1001A91 proc near ; CODE XREF: .text:01001DCC
; .text:01001DE1
var_68 = byte ptr
- 68h
var_4C = dword ptr
- 4Ch
var_48 = dword ptr
- 48h
var_40 = dword ptr
- 40h
var_3C = dword ptr
- 3Ch
var_30 = byte ptr
- 30h
var_28 = dword ptr
- 28h
var_20 = dword ptr
- 20h
var_1C = dword ptr
- 1Ch
var_10 = byte ptr
- 10h
var_8 = dword ptr
- 8
arg_0 = dword ptr 4
arg_10 = byte ptr
14h
arg_FF9C = dword ptr
0FFA0h
arg_FFA0 = dword ptr
0FFA4h
arg_FFA4 = dword ptr
0FFA8h
arg_FFA8 = dword ptr
0FFACh
arg_FFD4 = dword ptr
0FFD8h
arg_FFD8 = dword ptr
0FFDCh
arg_10004 = dword ptr
10008h
mov eax,
10004h
call sub_1003A3E
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [ esp
+ 10h ], ebp
mov ebx,
offset dword_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91
+ 291
lea eax, [ esp
+ 10h + arg_0 ]
push eax
push 4004667Fh
push [ esp
+ 18h + arg_10004 ]
call ds:
dword_1001114
cmp eax, ebp
jnz loc_1001D27
cmp [ esp
+ 1Ch + var_8 ], ebp
jz loc_1001D65
xor eax, eax
lea edi, [ esp
+ 1Ch + arg_10 ]
stosd
stosd
stosd
stosd
push ebx
stosd
call ds:
dword_1001058
mov eax, dword_1006078
inc dword_1005DF4
cmp eax,
offset dword_1006078
jz short
loc_1001B11
mov ecx, [ eax ]
mov esi, eax
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
push dword ptr [ esi
+ 30h ]
call ds:
+ 0Ch>dword_100105C + 0Ch
mov eax, [ esi
+ 30h ]
jmp short
loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91
+ 64
inc dword_1005DF0
push 2FF6Ch
push 8
push dword_1005DEC
call ds:
+ 8>dword_100105C + 8
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp
push ebp
push ebp
push ebp
call ds:
dword_1001040
mov [ esi
+ 30h ], eax
loc_1001B41: ; CODE XREF: sub_1001A91
+ 7E
push ebx
mov [ esp
+ 40h + arg_0 ], eax
call ds:
dword_100104C
lea ebp, [ esi
+ 34h ]
mov ecx,
3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [ esp
+ 40h + arg_FFD8 ]
mov [ esp
+ 40h + var_1C ], ebp
mov [ esp
+ 40h + var_20 ],
0FFBDh
mov [ esp
+ 40h + var_28 ],
10h
mov [ esi
+ 1Ch ], eax
lea eax, [ esp
+ 40h + var_10 ]
push 0
push eax
lea eax, [ esp
+ 48h + var_28 ]
lea edi, [ esi
+ 2Ch ]
push eax
lea eax, [ esi
+ 0Ch ]
push eax
lea eax, [ esp
+ 50h + var_30 ]
push eax
push edi
lea eax, [ esp
+ 58h + var_20 ]
push 1
push eax
push [ esp
+ 60h + arg_FFD4 ]
call dword ptr ds:locret_1001110
mov [ esp
+ 64h + var_48 ], eax
mov ax, [ esi
+ 0Eh ]
push eax
call ds:
dword_100110C
cmp [ esp
+ 68h + var_4C ], 0
jz short
loc_1001C34
call ds:
dword_10010F8
cmp eax,
3E5h
jnz loc_1001D2F
mov eax, dword_1005DDC
push 0FFFFFFFFh
mov [ esp
+ 6Ch + var_40 ], eax
mov eax, [ esp
+ 6Ch + var_28 ]
mov [ esp
+ 6Ch + var_3C ], eax
lea eax, [ esp
+ 6Ch + var_40 ]
push 0
push eax
push 2
call ds:
+ 4>dword_100105C + 4
cmp eax,
0FFFFFFFFh
jz loc_1001D2F
cmp eax,
102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [ esp
+ 78h + var_68 ]
push eax
push 0
lea eax, [ esp
+ 80h + var_48 ]
push edi
push eax
push [ esp
+ 88h + arg_FF9C ]
call ds:
dword_1001108
test eax, eax
jnz short
loc_1001C34
call ds:
dword_10010F8
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91
+ 129
; sub_1001A91
+ 196
push 0
push dword_1005DDC
call ds:
dword_100103C
test eax, eax
jz loc_1001D2F
cmp dword ptr [ edi ], 2
jl loc_1001CEA
xor edi, edi
cmp [ esp
+ 70h + arg_FFA8 ], edi
jz short
loc_1001CDA
mov ax, [ ebp
+ 0 ]
push eax
call ds:
dword_1001104
movzx ecx, ax
test ecx, ecx
jle short
loc_1001CB8
cmp ecx, 2
jle short
loc_1001C81
cmp ecx, 4
jz short
loc_1001CB8
cmp ecx, 5
jnz short
loc_1001CB8
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91
+ 1E2
cmp ax, 1
jnz short
loc_1001C94
inc dword_10060C4
mov edi,
offset sub_1002F31
jmp short
loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91
+ 1F4
cmp ax, 2
jnz short
loc_1001CA5
inc dword_10060C8
mov edi,
offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91
+ 201
; sub_1001A91
+ 207
mov eax, [ esp
+ 74h + arg_FFA0 ]
test edi, edi
mov [ esi
+ 8 ], eax
jz short
loc_1001CEA
push esi
call edi ;
sub_1002F31
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91
+ 1DD
; sub_1001A91
+ 1E7 ...
push 0
push 4
push [ esp
+ 7Ch + arg_FFA0 ]
inc dword_10060CC
lea eax, [ esp
+ 80h + var_20 ]
push eax
lea eax, [ esp
+ 84h + var_30 ]
push eax
call sub_100230A
jmp short
loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91
+ 1CB
mov eax, [ esp
+ 70h + arg_FFA4 ]
push esi
mov [ esi
+ 8 ], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91
+ 19E
; sub_1001A91
+ 1BC ...
push ebx
call ds:
dword_1001058
mov eax, dword_1006078
mov dword ptr [ esi
+ 4 ],
offset dword_1006078
mov [ esi ], eax
push offset dword_1005DE8
mov [ eax
+ 4 ], esi
mov dword_1006078, esi
call ds:
dword_100105C
dec dword_1005DF4
push ebx
call ds:
dword_100104C
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91
+ 32
call ds:
dword_10010F8
jmp short
loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91
+ 136
; sub_1001A91
+ 161 ...
push ebx
call ds:
dword_1001058
mov eax, dword_1006078
mov dword ptr [ esi
+ 4 ],
offset dword_1006078
mov [ esi ], eax
push offset dword_1005DE8
mov [ eax
+ 4 ], esi
mov dword_1006078, esi
call ds:
dword_100105C
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91
+ 9D
push ebx
call ds:
dword_100104C
loc_1001D65: ; CODE XREF: sub_1001A91
+ 3C
; sub_1001A91
+ 29C
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp,
10004h
retn 8
sub_1001A91 endp
; sp - analysis failed
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E + 2D
push ecx
push ebx
push ebp
push esi
mov esi, offset dword_1006020
push edi
mov edi, ds:dword_1001070
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; dword_1001070
loc_1001D8B: ; CODE XREF: .text:01001DA1
test eax, eax
jnz short loc_1001DA7
push 0C8h
call ds:dword_100106C
push esi
call edi ; dword_1001070
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: .text:01001D8D
lea eax, [ esp + 10h ]
push eax
push dword ptr [ esp + 1Ch ]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [ esp + 10h ]
mov ebp, [ eax + 0Ch ]
loc_1001DC0: ; CODE XREF: .text:01001DB7
push esi
call ds:dword_100104C
push ebp
push dword ptr [ esp + 1Ch ]
call sub_1001A91
loc_1001DD1: ; CODE XREF: .text:01001DA5
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2
push 0
push dword ptr [ esp + 8 ]
call sub_1001A91
xor eax, eax
retn 8
sub_1001DEB proc near ; DATA XREF: sub_1001665
+ 6
var_4 = byte ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ ebp
+ var_4 ]
push eax
call ds:
dword_10010A4
inc dword_1006134
pop ecx
lea eax, [ ebp
+ var_4 ]
push eax
call ds:
dword_10010B8
mov eax, [ ebp
+ arg_0 ]
pop ecx
dec eax
jz short
loc_1001E68
dec eax
jz short
loc_1001E35
dec eax
jz short
loc_1001E1D
dec eax
dec eax
jz short
loc_1001E68
jmp short
loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB
+ 2A
push dword_1006040
call ds:
dword_1001034
mov dword_1006124, 4
jmp short
loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB
+ 27
push dword_1006040
call ds:
dword_1001074
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB
+ 30
; sub_1001DEB
+ 48
push offset dword_1006120
push dword_1006044
call ds:
dword_1001014
test eax, eax
jnz short
locret_1001E6F
call ds:
dword_1001038
jmp short
locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB
+ 24
; sub_1001DEB
+ 2E
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB
+ 73
; sub_1001DEB
+ 7B
leave
retn 4
sub_1001DEB endp
sub_1001E73 proc near ; CODE XREF: sub_1001665
+ B9
; sub_1001DEB
+ 7F
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, ds:dword_1001014
push edi
mov edi,
offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ;
dword_1001014
mov ebp, ds:dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short
loc_1001EA3
call ebp ;
dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73
+ 2C
push dword_1005DDC
call ds:
dword_1001030
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [ esp
+ 10h + arg_0 ]
mov dword_1006138, ebx
cmp eax, ebx
jnz short
loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short
loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73
+ 58
cmp eax,
834h
jb short
loc_1001EF3
cmp eax,
16A7h
mov dword_100612C,
42Ah
jbe short
loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73
+ 6D
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73
+ 7E
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73
+ 66
push edi
push dword_1006044
call esi ;
dword_1001014
cmp eax, ebx
jnz short
loc_1001F0C
call ebp ;
dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73
+ 95
mov eax, dword_1005DE0
mov esi, ds:dword_1001054
cmp eax, ebx
jz short
loc_1001F24
push eax
call esi ;
dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73
+ A6
mov eax, dword_1005DDC
cmp eax, ebx
jz short
loc_1001F36
push eax
call esi ;
dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73
+ B8
mov eax, dword_1005DD0
cmp eax, ebx
jz short
loc_1001F4D
push eax
call ds:
dword_100109C
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73
+ CA
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
sub_1001F54 proc near ; CODE XREF: sub_1002182
+ 1C
; sub_1002219
+ B7
arg_0 = dword ptr 4
push esi
mov esi, [ esp
+ 4
+ arg_0 ]
push 0FFFFFFFFh
push dword ptr [ esi
+ 10h ]
call ds:
dword_1001168
push dword ptr [ esi
+ 8 ]
call ds:
dword_100111C
push dword ptr [ esi
+ 14h ]
call ds:
dword_1001118
mov eax, [ esi ]
mov ecx, [ esi
+ 4 ]
cmp eax, ecx
jnz short
loc_1001F90
mov eax, dword_1006038
mov ecx, [ eax ]
mov eax, [ eax
+ 4 ]
mov [ eax ], ecx
mov [ ecx
+ 4 ], eax
jmp short
loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54
+ 29
mov [ ecx ], eax
mov eax, [ esi ]
mov ecx, [ esi
+ 4 ]
mov [ eax
+ 4 ], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54
+ 3A
push esi
call ds:
dword_10010A0
pop ecx
pop esi
retn 4
sub_1001F54 endp
sub_1001FA6 proc near ; CODE XREF: sub_10018DB
+ 3D
; sub_1002219
+ 1D
var_8 = dword ptr
- 8
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ ebp
+ arg_0 ]
push esi
push edi
xor edi, edi
lea eax, [ ebp
+ var_4 ]
push edi
push eax
push edi
mov [ ebp
+ var_4 ], edi
mov [ ebp
+ var_8 ],
0C0000017h
mov [ ebx ], edi
call sub_1003A4A
cmp eax, edi
jz short
loc_1001FD3
cmp eax,
7Ah
jnz short
loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6
+ 26
push [ ebp
+ var_4 ]
call ds:
dword_1001094
mov esi, eax
pop ecx
cmp esi, edi
jz short
loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6
+ 63
lea eax, [ ebp
+ var_4 ]
push edi
push eax
push esi
call sub_1003A4A
cmp eax, edi
jz short
loc_1002015
cmp eax,
7Ah
jnz short
loc_100201A
push [ ebp
+ var_4 ]
push esi
call ds:
dword_1001098
pop ecx
cmp eax, edi
pop ecx
jz short
loc_100200B
mov esi, eax
jmp short
loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6
+ 5F
push esi
call ds:
dword_10010A0
pop ecx
jmp short
loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6
+ 4A
mov [ ebp
+ var_8 ], edi
mov [ ebx ], esi
loc_100201A: ; CODE XREF: sub_1001FA6
+ 2B
; sub_1001FA6
+ 3B ...
mov eax, [ ebp
+ var_8 ]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
sub_1002024 proc near ; CODE XREF: sub_100205A
+ B7
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [ esp
+ arg_0 ]
call ds:
dword_1001120
test eax, eax
jz short
locret_1002057
push edi
mov edi, eax
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [ esp
+ 8
+ arg_4 ]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024
+ C
retn 8
sub_1002024 endp
sub_100205A proc near ; CODE XREF: sub_10018DB
+ 64
; sub_1002219
+ 65 ...
var_28 = byte ptr
- 28h
var_14 = word ptr
- 14h
var_12 = word ptr
- 12h
var_10 = dword ptr
- 10h
var_4 = dword ptr
- 4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp,
28h
push ebx
push esi
xor esi, esi
push edi
mov [ ebp
+ var_4 ], esi
loc_1002068: ; CODE XREF: sub_100205A
+ 5D
push 1
push esi
push esi
push esi
push 2
push 2
call ds:
dword_10010F4
mov ebx, eax
cmp ebx,
0FFFFFFFFh
jz short
loc_100209D
xor eax, eax
lea edi, [ ebp
+ var_14 ]
stosd
stosd
stosd
push offset aUdp ; \"udp\"
push offset aTftp ; \"tftp\"
stosd
call ds:
dword_1001128
cmp eax, esi
jnz short
loc_10020B9
jmp short
loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A
+ 22
call ds:
dword_10010F8
push 2EEh
call ds:
dword_100106C
inc [ ebp
+ var_4 ]
loc_10020B1: ; CODE XREF: sub_100205A
+ 41
cmp [ ebp
+ var_4 ],
0Ah
jge short
loc_10020E6
jmp short
loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A
+ 3F
mov [ ebp
+ var_14 ], 2
mov ax, [ eax
+ 8 ]
mov [ ebp
+ var_12 ], ax
mov eax, [ ebp
+ arg_0 ]
mov [ ebp
+ var_10 ], eax
lea eax, [ ebp
+ var_14 ]
push 10h
push eax
push ebx
call ds:
dword_1001124
test eax, eax
jz short
loc_10020E6
call ds:
dword_1001038
jmp short
loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A
+ 5B
; sub_100205A
+ 82
cmp ebx,
0FFFFFFFFh
jz short
loc_100215E
push 20h
call ds:
dword_1001094
mov esi, eax
pop ecx
test esi, esi
jz short
loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ ebp
+ arg_0 ]
lea ecx, [ ebp
+ var_28 ]
push ecx
push eax
mov [ esi
+ 8 ], ebx
mov [ esi
+ 0Ch ], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call ds:
dword_1001040
mov edi, eax
test edi, edi
jz short
loc_1002140
push 1
push edi
push ebx
mov [ esi
+ 14h ], edi
call sub_100188E
test eax, eax
mov [ esi
+ 10h ], eax
jnz short
loc_1002162
jmp short
loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A
+ 9E
mov edi, [ ebp
+ arg_0 ]
loc_1002140: ; CODE XREF: sub_100205A
+ CC
; sub_100205A
+ E1
push ebx
call ds:
dword_100111C
test edi, edi
jz short
loc_1002152
push edi
call ds:
dword_1001054
loc_1002152: ; CODE XREF: sub_100205A
+ EF
test esi, esi
jz short
loc_100215E
push esi
call ds:
dword_10010A0
pop ecx
loc_100215E: ; CODE XREF: sub_100205A
+ 8A
; sub_100205A
+ 8F ...
xor eax, eax
jmp short
loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A
+ DF
mov eax, dword_1006038
mov dword ptr [ esi
+ 4 ],
offset dword_1006038
mov [ esi ], eax
mov [ eax
+ 4 ], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A
+ 106
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298
mov ecx, dword_1006038
push esi
mov esi,
offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short
loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182
+ 2E
cmp dword ptr [ ecx
+ 18h ], 0
mov edi, [ ecx ]
jnz short
loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short
loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182
+ 19
and dword ptr [ ecx
+ 18h ], 0
loc_10021AC: ; CODE XREF: sub_1002182
+ 24
cmp edi, esi
mov ecx, edi
jnz short
loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182
+ 10
pop esi
retn
sub_1002182 endp
sub_10021B5 proc near ; CODE XREF: sub_1002219
+ 43
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [ esp
+ arg_4 ]
push esi
mov ecx,
offset dword_1006038
and dword ptr [ edx ], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5
+ 21
cmp eax, ecx
jz short
loc_10021DF
mov esi, [ eax
+ 0Ch ]
cmp esi, [ esp
+ 4
+ arg_0 ]
jz short
loc_10021D8
mov eax, [ eax ]
jmp short
loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5
+ 1D
push 1
mov [ edx ], eax
pop eax
jmp short
loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5
+ 14
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5
+ 28
pop esi
retn 8
sub_10021B5 endp
sub_10021E5 proc near ; CODE XREF: .text:01001DB0
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [ esp
+ arg_4 ]
push esi
mov ecx,
offset dword_1006038
and dword ptr [ edx ], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5
+ 21
cmp eax, ecx
jz short
loc_100220A
mov esi, [ eax
+ 8 ]
cmp esi, [ esp
+ 4
+ arg_0 ]
jz short
loc_1002208
mov eax, [ eax ]
jmp short
loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5
+ 1D
mov [ edx ], eax
loc_100220A: ; CODE XREF: sub_10021E5
+ 14
mov eax, [ edx ]
pop esi
neg eax
sbb eax, eax
and al,
0A9h
add eax,
57h
retn 8
sub_10021E5 endp
sub_1002219 proc near ; DATA XREF: sub_10018DB
+ CB
var_C = dword ptr
- 0Ch
var_8 = dword ptr
- 8
var_4 = dword ptr
- 4
push ebp
mov ebp, esp
sub esp,
0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ ebp
+ var_C ], esi
call ds:
dword_1001058
lea eax, [ ebp
+ var_4 ]
push eax
call sub_1001FA6
test eax, eax
jnz short
loc_10022A9
mov eax, [ ebp
+ var_4 ]
xor ebx, ebx
cmp [ eax ], esi
jbe short
loc_1002298
loc_1002248: ; CODE XREF: sub_1002219
+ 7D
mov eax, [ eax
+ esi
+ 4 ]
test eax, eax
jz short
loc_100228D
cmp eax,
100007Fh
jz short
loc_100228D
lea ecx, [ ebp
+ var_8 ]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short
loc_1002271
mov eax, [ ebp
+ var_8 ]
mov dword ptr [ eax
+ 18h ], 1
jmp short
loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219
+ 4A
mov eax, [ ebp
+ var_4 ]
push 1
pop edi
push dword ptr [ eax
+ esi
+ 4 ]
mov [ ebp
+ var_C ], edi
call sub_100205A
test eax, eax
mov [ ebp
+ var_8 ], eax
jz short
loc_100228D
mov [ eax
+ 18h ], edi
loc_100228D: ; CODE XREF: sub_1002219
+ 35
; sub_1002219
+ 3C ...
mov eax, [ ebp
+ var_4 ]
inc ebx
add esi,
18h
cmp ebx, [ eax ]
jb short
loc_1002248
loc_1002298: ; CODE XREF: sub_1002219
+ 2D
call sub_1002182
push [ ebp
+ var_4 ]
mov esi, eax
call ds:
dword_10010A0
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219
+ 24
cmp [ ebp
+ var_C ], 0
jnz short
loc_10022E9
test esi, esi
jnz short
loc_10022E9
mov eax, dword_1006038
mov edi,
offset dword_1006038
cmp eax, edi
jz short
loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219
+ CE
mov [ ebp
+ var_8 ], eax
mov ebx, [ eax ]
test byte ptr [ eax
+ 1Ch ], 1
jnz short
loc_10022E3
mov esi, [ eax
+ 0Ch ]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short
loc_10022E3
or dword ptr [ eax
+ 1Ch ], 1
loc_10022E3: ; CODE XREF: sub_1002219
+ B1
; sub_1002219
+ C4
cmp ebx, edi
mov eax, ebx
jnz short
loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219
+ 94
; sub_1002219
+ 98 ...
push offset dword_1006100
push offset dword_1005E00
call sub_1003A44
push offset dword_1006020
call ds:
dword_100104C
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
sub_100230A proc near ; CODE XREF: sub_1001A91
+ 242
; sub_10023D8
+ 23C ...
var_FFBC = word ptr
- 0FFBCh
var_FFBA = word ptr
- 0FFBAh
var_FFB8 = byte ptr
- 0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr
10h
arg_C = dword ptr
14h
arg_10 = dword ptr
18h
push ebp
mov ebp, esp
mov eax,
0FFBCh
call sub_1003A3E
push ebx
push esi
mov esi, ds:dword_1001104
push edi
push 5
call esi ;
dword_1001104
mov edi, [ ebp
+ arg_C ]
mov [ ebp
+ var_FFBC ], ax
push edi
call esi ;
dword_1001104
cmp [ ebp
+ arg_10 ], 0
mov [ ebp
+ var_FFBA ], ax
jz short
loc_1002369
mov edi, [ ebp
+ arg_10 ]
or ecx,
0FFFFFFFFh
xor eax, eax
lea edx, [ ebp
+ var_FFB8 ]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ ebp
+ arg_10 ]
jmp short
loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A
+ 32
cmp di, 9
jb short
loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A
+ 63
movzx eax, di
or ecx,
0FFFFFFFFh
lea ebx, [ ebp
+ var_FFB8 ]
mov edx, off_1005CC0[ eax
* 4 ]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A
+ 5D
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ ebp
+ arg_0 ]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ ebp
+ var_FFBC ]
push ecx
push eax
push [ ebp
+ arg_8 ]
call ds:
dword_1001130
cmp eax,
0FFFFFFFFh
jnz short
loc_10023D1
call ds:
dword_10010F8
loc_10023D1: ; CODE XREF: sub_100230A
+ BF
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
sub_10023D8 proc near ; CODE XREF: sub_1002F31
+ 302
; sub_100333A
+ 26D
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr
0Ch
arg_C = dword ptr
10h
arg_10 = dword ptr
14h
arg_14 = dword ptr
18h
mov eax, [ esp
+ arg_0 ]
push ebx
push ebp
push esi
mov esi, [ esp
+ 0Ch + arg_10 ]
mov dword ptr [ eax
+ 20h ],
200h
mov dword ptr [ eax
+ 28h ],
0Ah
mov eax, [ esp
+ 0Ch + arg_14 ]
push edi
mov ecx,
3FEFh
and dword ptr [ eax ], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call ds:
dword_1001104
mov [ esi ], ax
lea ebx, [ esi
+ 2 ]
mov ebp, [ esp
+ 10h + arg_4 ]
cmp byte ptr [ ebp
+ 0 ], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8
+ 202
mov esi, ds:dword_100115C
push offset aBlksize ; \"blksize\"
push ebp
call esi ;
dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short
loc_1002498
mov edi, ebp
or ecx,
0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call ds:
dword_1001160
pop ecx
cmp eax, esi
mov ecx, [ esp
+ 10h + arg_0 ]
mov [ ecx
+ 20h ], eax
jb loc_10025FD
cmp eax,
0FFB8h
ja loc_10025FD
cmp eax,
5B0h
jnz short
loc_100248F
mov dword ptr [ ecx
+ 20h ],
200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8
+ A7
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8
+ 5A
push offset aTimeout_0 ; \"timeout\"
push ebp
call esi ;
dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short
loc_100251A
mov edi, ebp
or ecx,
0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call ds:
dword_1001160
pop ecx
mov ecx, [ esp
+ 10h + arg_0 ]
push 1
pop edx
cmp eax, edx
mov [ ecx
+ 28h ], eax
jl loc_1002602
cmp eax,
0FFh
jg loc_1002602
mov eax, [ esp
+ 10h + arg_14 ]
mov edi, ebp
or ecx,
0FFFFFFFFh
mov [ eax ], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8
+ CC
push offset aTsize ; \"tsize\"
push ebp
call esi ;
dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx,
0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [ esp
+ 10h + arg_8 ], 2
rep movsb
jnz short
loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ ebx
+ ecx
+ 1 ]
mov ecx, edx
jmp short
loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8
+ 180
mov eax, [ esp
+ 10h + arg_0 ]
push 0Ah
push ebx
push dword ptr [ eax
+ 24h ]
loc_1002597: ; CODE XREF: sub_10023D8
+ BB
call ds:
dword_1001164
add esp,
0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8
+ 13D
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ ebx
+ ecx
+ 1 ]
jmp short
loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8
+ 150
or ecx,
0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ ebp
+ ecx
+ 1 ], al
lea ebp, [ ebp
+ ecx
+ 1 ]
jz short
loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8
+ B2
; sub_10023D8
+ 1D8
mov edi, ebp
or ecx,
0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8
+ 1B3
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ ebp
+ ecx
+ 1 ], al
lea ebp, [ ebp
+ ecx
+ 1 ]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8
+ 1EC
mov esi, [ esp
+ 10h + arg_10 ]
loc_10025E4: ; CODE XREF: sub_10023D8
+ 42
mov eax, [ esp
+ 10h + arg_C ]
sub ebx, esi
cmp ebx, 2
mov [ eax ], ebx
jnz short
loc_10025F4
and dword ptr [ eax ], 0
loc_10025F4: ; CODE XREF: sub_10023D8
+ 217
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8
+ 244
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8
+ 91
; sub_10023D8
+ 9C
push 0
push esi
jmp short
loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8
+ 105
; sub_10023D8
+ 110
push 0
push 8
loc_1002606: ; CODE XREF: sub_10023D8
+ 228
push dword ptr [ ecx
+ 8 ]
lea eax, [ ecx
+ 0FFF1h ]
add ecx,
0Ch
push eax
push ecx
call sub_100230A
or eax,
0FFFFFFFFh
jmp short
loc_10025F6
sub_10023D8 endp
sub_100261E proc near ; CODE XREF: sub_1002F31
+ 130
; sub_100333A
+ 150
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ ebp
+ arg_0 ]
push esi
push edi
mov al, [ ebx ]
mov ecx, ebx
mov esi, ebx
mov [ ebp
+ arg_0 ], ebx
loc_1002630: ; CODE XREF: sub_100261E
+ 22
test al, al
jz short
loc_1002642
cmp al,
5Ch
jz short
loc_100263C
cmp al,
2Fh
jnz short
loc_1002642
loc_100263C: ; CODE XREF: sub_100261E
+ 18
mov al, [ ecx
+ 1 ]
inc ecx
jmp short
loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E
+ 14
; sub_100261E
+ 1C ...
mov al, [ ecx ]
test al, al
jz loc_10026E4
cmp al,
2Eh
jnz loc_100271C
mov dl, [ ecx
+ 1 ]
lea edi, [ ecx
+ 1 ]
cmp dl,
5Ch
jz loc_1002718
cmp dl,
2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ ecx
+ 2 ]
lea edi, [ ecx
+ 2 ]
cmp dl,
5Ch
jz short
loc_1002684
cmp dl,
2Fh
jnz short
loc_1002703
loc_1002684: ; CODE XREF: sub_100261E
+ 5F
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short
loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E
+ 7B
mov al, [ esi ]
cmp al,
5Ch
jz short
loc_100269B
cmp al,
2Fh
jz short
loc_100269B
dec esi
cmp esi, ebx
jnb short
loc_100268C
loc_100269B: ; CODE XREF: sub_100261E
+ 72
; sub_100261E
+ 76
inc esi
loc_100269C: ; CODE XREF: sub_100261E
+ 8E
; sub_100261E
+ EE ...
cmp esi, [ ebp
+ arg_0 ]
jbe short
loc_10026AE
cmp byte ptr [ esi
- 1 ],
20h
lea eax, [ esi
- 1 ]
jnz short
loc_10026AE
mov esi, eax
jmp short
loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E
+ 81
; sub_100261E
+ 8A
mov al, [ ecx ]
cmp al,
5Ch
jz short
loc_10026B8
cmp al,
2Fh
jnz short
loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E
+ 94
cmp esi, ebx
jz short
loc_10026CB
mov al, [ esi
- 1 ]
cmp al,
5Ch
jz short
loc_10026CB
cmp al,
2Fh
jz short
loc_10026CB
mov byte ptr [ esi ],
5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E
+ 9C
; sub_100261E
+ A3 ...
inc ecx
jz short
loc_10026D8
mov al, [ ecx ]
cmp al,
5Ch
jz short
loc_10026CB
cmp al,
2Fh
jz short
loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E
+ AE
mov [ ebp
+ arg_0 ], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E
+ 6C
xor eax, eax
jmp short
loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E
+ 28
mov cl, [ esi
- 1 ]
lea eax, [ esi
- 1 ]
cmp cl,
5Ch
jz short
loc_10026F4
cmp cl,
2Fh
jnz