[讨论]DIE 查的结果大家看看-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (1)
wtscrystal 雪币： 22 活跃值： (32) 能力值： ( LV2，RANK：10 ) 在线值：发帖 43 回帖 158 粉丝 1 关注私信	wtscrystal 2 楼用IDA加载后得到开始部分： .text:003F1000 ; .text:003F1000 ; Input MD5 : 97BA9D06ED0C0640D511F9A22A7B528A .text:003F1000 .text:003F1000 ; File Name : C:\ROD.exe .text:003F1000 ; Format : Portable executable for 80386 (PE) .text:003F1000 ; Imagebase : 3F0000 .text:003F1000 ; Section 1. (virtual address 00001000) .text:003F1000 ; Virtual size : 000937A6 ( 604070.) .text:003F1000 ; Section size in file : 00093800 ( 604160.) .text:003F1000 ; Offset to raw data for section: 00000400 .text:003F1000 ; Flags 60000020: Text Executable Readable .text:003F1000 ; Alignment : default .text:003F1000 .text:003F1000 include uni.inc ; see unicode subdir of ida for info on unicode .text:003F1000 .text:003F1000 .686p .text:003F1000 .mmx .text:003F1000 .model flat .text:003F1000 .text:003F1000 ; =========================================================================== .text:003F1000 .text:003F1000 ; Segment type: Pure code .text:003F1000 ; Segment permissions: Read/Execute .text:003F1000 _text segment para public 'CODE' use32 .text:003F1000 assume cs:_text .text:003F1000 ;org 3F1000h .text:003F1000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .text:003F1000 __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_3F10A0 ; Import Name Table .text:003F1004 dd 0 ; Time stamp .text:003F1008 dd 0 ; Forwarder Chain .text:003F100C dd rva aKernel32_dll ; DLL Name .text:003F1010 dd rva VirtualProtect ; Import Address Table .text:003F1014 __IMPORT_DESCRIPTOR_USER32 dd rva off_3F12EC ; Import Name Table .text:003F1018 dd 0 ; Time stamp .text:003F101C dd 0 ; Forwarder Chain .text:003F1020 dd rva aUser32_dll ; DLL Name .text:003F1024 dd rva DialogBoxIndirectParamA ; Import Address Table .text:003F1028 __IMPORT_DESCRIPTOR_NETAPI32 dd rva off_3F1350 ; Import Name Table .text:003F102C dd 0 ; Time stamp .text:003F1030 dd 0 ; Forwarder Chain .text:003F1034 dd rva aNetapi32_dll ; DLL Name .text:003F1038 dd rva Netbios ; Import Address Table .text:003F103C __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_3F1358 ; Import Name Table .text:003F1040 dd 0 ; Time stamp .text:003F1044 dd 0 ; Forwarder Chain .text:003F1048 dd rva aAdvapi32_dll ; DLL Name .text:003F104C dd rva ReportEventA ; Import Address Table .text:003F1050 __IMPORT_DESCRIPTOR_COMDLG32 dd rva off_3F139C ; Import Name Table .text:003F1054 dd 0 ; Time stamp .text:003F1058 dd 0 ; Forwarder Chain .text:003F105C dd rva aComdlg32_dll ; DLL Name .text:003F1060 dd rva GetOpenFileNameA ; Import Address Table .text:003F1064 __IMPORT_DESCRIPTOR_COMCTL32 dd rva dword_3F13A4 ; Import Name Table .text:003F1068 dd 0 ; Time stamp .text:003F106C dd 0 ; Forwarder Chain .text:003F1070 dd rva aComctl32_dll ; DLL Name .text:003F1074 dd rva InitCommonControls ; Import Address Table .text:003F1078 __IMPORT_DESCRIPTOR_WSOCK32 dd rva dword_3F13AC ; Import Name Table .text:003F107C dd 0 ; Time stamp .text:003F1080 dd 0 ; Forwarder Chain .text:003F1084 dd rva aWsock32_dll ; DLL Name .text:003F1088 dd rva getsockname ; Import Address Table .text:003F108C dd 5 dup(0) .text:003F10A0 ; .text:003F10A0 ; Import names for KERNEL32.dll .text:003F10A0 ; .text:003F10A0 off_3F10A0 dd rva word_3F1780 ; DATA XREF: .text:__IMPORT_DESCRIPTOR_KERNEL32o .text:003F10A4 dd rva word_3F1791 .text:003F10A8 dd rva word_3F17A0 .text:003F10AC dd rva word_3F17B0 .text:003F10B0 dd rva word_537082 .text:003F10B4 dd rva word_537092 .text:003F10B8 dd rva word_5370A2 .text:003F10BC dd rva word_5370B4 .text:003F10C0 dd rva word_5370C8 .text:003F10C4 dd rva word_5370DC .text:003F10C8 dd rva word_5370EC .text:003F10CC dd rva word_537106 .text:003F10D0 dd rva word_537118 .text:003F10D4 dd rva word_53712A .text:003F10D8 dd rva word_53713A .text:003F10DC dd rva word_53714A .text:003F10E0 dd rva word_537156 .text:003F10E4 dd rva word_53716E .text:003F10E8 dd rva word_53717E .text:003F10EC dd rva word_53718E .text:003F10F0 dd rva word_53719C .text:003F10F4 dd rva word_5371AC .text:003F10F8 dd rva word_5371C2 .text:003F10FC dd rva word_5371CE .text:003F1100 dd rva word_5371DC .text:003F1104 dd rva word_5371E8 .text:003F1108 dd rva word_537202 .text:003F110C dd rva word_537214 .text:003F1110 dd rva word_53722C .text:003F1114 dd rva word_537244 .text:003F1118 dd rva word_537258 .text:003F111C dd rva word_537266 .text:003F1120 dd rva word_537272 .text:003F1124 dd rva word_537280 .text:003F1128 dd rva word_537298 .text:003F112C dd rva word_5372B2 .text:003F1130 dd rva word_5372C4 .text:003F1134 dd rva word_5372D6 .text:003F1138 dd rva word_5372E4 .text:003F113C dd rva word_5372F2 .text:003F1140 dd rva word_537302 .text:003F1144 dd rva word_53730E .text:003F1148 dd rva word_53731A .text:003F114C dd rva word_537330 .text:003F1150 dd rva word_53733E .text:003F1154 dd rva word_53734C .text:003F1158 dd rva word_53735C .text:003F115C dd rva word_53736C .text:003F1160 dd rva word_537380 .text:003F1164 dd rva word_53739C .text:003F1168 dd rva word_5373BA .text:003F116C dd rva word_5373CE .text:003F1170 dd rva word_5373E6 .text:003F1174 dd rva word_5373F6 .text:003F1178 dd rva word_537402 .text:003F117C dd rva word_537412 .text:003F1180 dd rva word_537424 .text:003F1184 dd rva word_537432 .text:003F1188 dd rva word_537440 .text:003F118C dd rva word_53744C .text:003F1190 dd rva word_53745C .text:003F1194 dd rva word_537472 .text:003F1198 dd rva word_537484 .text:003F119C dd rva word_537496 .text:003F11A0 dd rva word_537020 .text:003F11A4 dd rva word_537072 .text:003F11A8 dd rva word_5374DA .text:003F11AC dd rva word_5374F4 .text:003F11B0 dd rva word_53750E .text:003F11B4 dd rva word_53751C .text:003F11B8 dd rva word_537528 .text:003F11BC dd rva word_537536 .text:003F11C0 dd rva word_537540 .text:003F11C4 dd rva word_537558 .text:003F11C8 dd rva word_53756E .text:003F11CC dd rva word_537586 .text:003F11D0 dd rva word_53759A .text:003F11D4 dd rva word_5375B4 .text:003F11D8 dd rva word_5375CA .text:003F11DC dd rva word_5375E2 .text:003F11E0 dd rva word_5375F8 .text:003F11E4 dd rva word_537620 .text:003F11E8 dd rva word_537634 .text:003F11EC dd rva word_537640 .text:003F11F0 dd rva word_53764A .text:003F11F4 dd rva word_537656 .text:003F11F8 dd rva word_537668 .text:003F11FC dd rva word_537678 .text:003F1200 dd rva word_537688 .text:003F1204 dd rva word_53769C .text:003F1208 dd rva word_5376BA .text:003F120C dd rva word_5376CA .text:003F1210 dd rva word_5376D8 .text:003F1214 dd rva word_5376F0 .text:003F1218 dd rva word_537708 .text:003F121C dd rva word_537718 .text:003F1220 dd rva word_537726 .text:003F1224 dd rva word_53773C .text:003F1228 dd rva word_53774C .text:003F122C dd rva word_53775E .text:003F1230 dd rva word_537772 .text:003F1234 dd rva word_53778C .text:003F1238 dd rva word_5377A6 .text:003F123C dd rva word_5377B8 .text:003F1240 dd rva word_5377CA .text:003F1244 dd rva word_5377DA .text:003F1248 dd rva word_5377F0 .text:003F124C dd rva word_537800 .text:003F1250 dd rva word_53780C .text:003F1254 dd rva word_53781E .text:003F1258 dd rva word_537830 .text:003F125C dd rva word_537842 .text:003F1260 dd rva word_537854 .text:003F1264 dd rva word_537866 .text:003F1268 dd rva word_537878 .text:003F126C dd rva word_53788E .text:003F1270 dd rva word_5378A4 .text:003F1274 dd rva word_537006 .text:003F1278 dd rva word_536FF4 .text:003F127C dd rva word_537C1C .text:003F1280 dd rva word_537C02 .text:003F1284 dd rva word_537BF4 .text:003F1288 dd rva word_537BE6 .text:003F128C dd rva word_537BDA .text:003F1290 dd rva word_537BC6 .text:003F1294 dd rva word_537BB2 .text:003F1298 dd rva word_537B9E .text:003F129C dd rva word_537062 .text:003F12A0 dd rva word_53704A .text:003F12A4 dd rva word_5374C2 .text:003F12A8 dd rva word_53703A .text:003F12AC dd rva word_536FDE .text:003F12B0 dd rva word_536FC8 .text:003F12B4 dd rva word_536FBC .text:003F12B8 dd rva word_536FAC .text:003F12BC dd rva word_536F9E .text:003F12C0 dd rva word_536F88 .text:003F12C4 dd rva word_536F7A .text:003F12C8 dd rva word_536F72 .text:003F12CC dd rva word_536F64 .text:003F12D0 dd rva word_536F4C .text:003F12D4 dd rva word_536F3C .text:003F12D8 dd rva word_536F2C .text:003F12DC dd rva word_536F1A .text:003F12E0 dd rva word_5374A8 .text:003F12E4 dd rva word_536F0C .text:003F12E8 dd 0 .text:003F12EC ; .text:003F12EC ; Import names for USER32.dll .text:003F12EC ; .text:003F12EC off_3F12EC dd rva word_537A34 ; DATA XREF: .text:__IMPORT_DESCRIPTOR_USER32o .text:003F12F0 dd rva word_537A16 .text:003F12F4 dd rva word_537A0A .text:003F12F8 dd rva word_5379FA .text:003F12FC dd rva word_5379E8 .text:003F1300 dd rva word_5379DA .text:003F1304 dd rva word_5379CC .text:003F1308 dd rva word_5379BA .text:003F130C dd rva word_5379AE .text:003F1310 dd rva word_5379A2 .text:003F1314 dd rva word_537996 .text:003F1318 dd rva word_53798A .text:003F131C dd rva word_537978 .text:003F1320 dd rva word_537966 .text:003F1324 dd rva word_5378D0 .text:003F1328 dd rva word_5378E2 .text:003F132C dd rva word_5378F6 .text:003F1330 dd rva word_537906 .text:003F1334 dd rva word_537916 .text:003F1338 dd rva word_537924 .text:003F133C dd rva word_537934 .text:003F1340 dd rva word_537946 .text:003F1344 dd rva word_537954 .text:003F1348 dd rva word_5378C2 .text:003F134C dd 0 .text:003F1350 ; .text:003F1350 ; Import names for NETAPI32.dll .text:003F1350 ; .text:003F1350 off_3F1350 dd rva word_537A5A ; DATA XREF: .text:__IMPORT_DESCRIPTOR_NETAPI32o .text:003F1354 dd 0 .text:003F1358 ; .text:003F1358 ; Import names for ADVAPI32.dll .text:003F1358 ; .text:003F1358 off_3F1358 dd rva word_537C64 ; DATA XREF: .text:__IMPORT_DESCRIPTOR_ADVAPI32o .text:003F135C dd rva word_537A80 .text:003F1360 dd rva word_537A92 .text:003F1364 dd rva word_537AA2 .text:003F1368 dd rva word_537AB2 .text:003F136C dd rva word_537AC4 .text:003F1370 dd rva word_537AD8 .text:003F1374 dd rva word_537AEC .text:003F1378 dd rva word_537AFE .text:003F137C dd rva word_537B10 .text:003F1380 dd rva word_537B20 .text:003F1384 dd rva word_537B30 .text:003F1388 dd rva word_537B40 .text:003F138C dd rva word_537C34 .text:003F1390 dd rva word_537C4C .text:003F1394 dd rva word_537A72 .text:003F1398 dd 0 .text:003F139C ; .text:003F139C ; Import names for COMDLG32.dll .text:003F139C ; .text:003F139C off_3F139C dd rva word_537B62 ; DATA XREF: .text:__IMPORT_DESCRIPTOR_COMDLG32o .text:003F13A0 dd 0 .text:003F13A4 ; .text:003F13A4 ; Import names for COMCTL32.dll .text:003F13A4 ; .text:003F13A4 dword_3F13A4 dd 80000011h ; DATA XREF: .text:__IMPORT_DESCRIPTOR_COMCTL32o .text:003F13A8 dd 0 .text:003F13AC ; .text:003F13AC ; Import names for WSOCK32.dll .text:003F13AC ; .text:003F13AC dword_3F13AC dd 80000006h ; DATA XREF: .text:__IMPORT_DESCRIPTOR_WSOCK32o .text:003F13B0 dd 80000097h .text:003F13B4 dd 80000012h .text:003F13B8 dd 80000004h .text:003F13BC dd 80000017h .text:003F13C0 dd 80000009h .text:003F13C4 dd 80000035h .text:003F13C8 dd 80000003h .text:003F13CC dd 80000010h .text:003F13D0 dd 80000013h .text:003F13D4 dd 8000000Ch .text:003F13D8 dd 80000015h .text:003F13DC dd 8000000Fh .text:003F13E0 dd 80000074h .text:003F13E4 dd 8000000Ah .text:003F13E8 dd 8000000Bh .text:003F13EC dd 80000033h .text:003F13F0 dd 80000034h .text:003F13F4 dd 80000039h .text:003F13F8 dd 80000008h .text:003F13FC dd 8000000Eh .text:003F1400 dd 80000007h .text:003F1404 dd 80000073h .text:003F1408 dd 8000006Fh .text:003F140C dd 0 .text:003F140C _text ends .text:003F140C .idata:003F1410 ; .idata:003F1410 ; Imports from ADVAPI32.dll .idata:003F1410 ; .idata:003F1410 ; =========================================================================== .idata:003F1410 .idata:003F1410 ; Segment type: Externs .idata:003F1410 ; _idata .idata:003F1410 ; BOOL __stdcall ReportEventA(HANDLE hEventLog, WORD wType, WORD wCategory, DWORD dwEventID, PSID lpUserSid, WORD wNumStrings, DWORD dwDataSize, LPCSTR lpStrings, LPVOID lpRawData) .idata:003F1410 extrn ReportEventA:dword ; DATA XREF: .text:003F104Co .idata:003F1410 ; .text:00484732o ... .idata:003F1414 ; LSTATUS __stdcall RegDeleteValueA(HKEY hKey, LPCSTR lpValueName) .idata:003F1414 extrn RegDeleteValueA:dword ; DATA XREF: .text:0043C156o .idata:003F1414 ; .textidx:00488976o ... .idata:003F1418 ; LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) .idata:003F1418 extrn RegEnumValueA:dword ; DATA XREF: .text:0043C15Co .idata:003F1418 ; .textidx:004888E8o ... .idata:003F141C ; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult) .idata:003F141C extrn RegOpenKeyExA:dword ; DATA XREF: .text:0043C162o .idata:003F141C ; .textidx:0048884Eo ... .idata:003F1420 ; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition) .idata:003F1420 extrn RegCreateKeyExA:dword ; DATA XREF: .text:0043C168o .idata:003F1420 ; .textidx:0048BB21o ... .idata:003F1424 ; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) .idata:003F1424 extrn RegQueryValueExA:dword ; DATA XREF: .text:0043C16Eo .idata:003F1424 ; .textidx:004B5C08o ... .idata:003F1428 ; LSTATUS __stdcall RegQueryValueExW(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData) .idata:003F1428 extrn RegQueryValueExW:dword ; DATA XREF: .text:0043C174o .idata:003F1428 ; .textidx:004B6BE5o ... .idata:003F142C ; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE lpData, DWORD cbData) .idata:003F142C extrn RegSetValueExA:dword ; DATA XREF: .text:0043C17Ao .idata:003F142C ; .textidx:004B6DA9o ... .idata:003F1430 ; LSTATUS __stdcall RegSetValueExW(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE lpData, DWORD cbData) .idata:003F1430 extrn RegSetValueExW:dword ; DATA XREF: .text:0043C180o .idata:003F1430 ; .textidx:004B6EB1o .idata:003F1434 ; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer) .idata:003F1434 extrn GetUserNameA:dword ; DATA XREF: .text:0043C186o .idata:003F1434 ; .textidx:004B6FB4o ... .idata:003F1438 ; BOOL __stdcall GetUserNameW(LPWSTR lpBuffer, LPDWORD pcbBuffer) .idata:003F1438 extrn GetUserNameW:dword ; DATA XREF: .text:0043C18Co .idata:003F1438 ; .textidx:004B70D4o ... .idata:003F143C ; LSTATUS __stdcall RegEnumKeyExA(HKEY hKey, DWORD dwIndex, LPSTR lpName, LPDWORD lpcchName, LPDWORD lpReserved, LPSTR lpClass, LPDWORD lpcchClass, PFILETIME lpftLastWriteTime) .idata:003F143C extrn RegEnumKeyExA:dword ; DATA XREF: .text:0043C192o .idata:003F143C ; .textidx:0051052Co ... .idata:003F1440 ; LSTATUS __stdcall RegQueryInfoKeyA(HKEY hKey, LPSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime) .idata:003F1440 extrn RegQueryInfoKeyA:dword ; DATA XREF: .text:0043C198o .idata:003F1440 ; .textidx:00511325o .idata:003F1444 ; HANDLE __stdcall RegisterEventSourceA(LPCSTR lpUNCServerName, LPCSTR lpSourceName) .idata:003F1444 extrn RegisterEventSourceA:dword .idata:003F1444 ; DATA XREF: .text:00484726o .idata:003F1444 ; .textidx:00522DD1o .idata:003F1448 ; BOOL __stdcall DeregisterEventSource(HANDLE hEventLog) .idata:003F1448 extrn DeregisterEventSource:dword .idata:003F1448 ; DATA XREF: .text:0048472Co .idata:003F1448 ; .textidx:00522DB6o ... .idata:003F144C ; LSTATUS __stdcall RegCloseKey(HKEY hKey) .idata:003F144C extrn RegCloseKey:dword ; DATA XREF: .text:0043C150o .idata:003F144C ; .textidx:004889AEo ... .idata:003F1450 .idata:003F1454 ; .idata:003F1454 ; Imports from COMCTL32.dll .idata:003F1454 ; .idata:003F1454 ; void __stdcall InitCommonControls() .idata:003F1454 extrn InitCommonControls:dword ; DATA XREF: .text:003F1074o .idata:003F1454 ; .text:0043C1A4o ... .idata:003F1458 .idata:003F145C ; .idata:003F145C ; Imports from COMDLG32.dll .idata:003F145C ; .idata:003F145C ; BOOL __stdcall GetOpenFileNameA(LPOPENFILENAMEA) .idata:003F145C extrn GetOpenFileNameA:dword ; DATA XREF: .text:003F1060o .idata:003F145C ; .text:0043C19Eo ... .idata:003F1460 .idata:003F1464 ; .idata:003F1464 ; Imports from KERNEL32.dll .idata:003F1464 ; .idata:003F1464 ; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) .idata:003F1464 extrn VirtualProtect:dword ; CODE XREF: sub_3F1994+D2p .idata:003F1464 ; DATA XREF: .text:003F1010o ... .idata:003F1468 ; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength) .idata:003F1468 extrn VirtualQuery:dword ; CODE XREF: sub_3F1994+23p .idata:003F1468 ; DATA XREF: sub_3F1994+23r .idata:003F146C ; void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo) .idata:003F146C extrn GetSystemInfo:dword ; CODE XREF: sub_3F1901+20174p .idata:003F146C ; DATA XREF: sub_3F1901+20174r .idata:003F1470 ; void __stdcall OutputDebugStringA(LPCSTR lpOutputString) .idata:003F1470 extrn OutputDebugStringA:dword ; CODE XREF: sub_3F1901+13p .idata:003F1470 ; sub_3F1901+8Ap ... .idata:003F1474 ; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName) .idata:003F1474 extrn CreateMutexA:dword ; DATA XREF: .text:0043BE12o .idata:003F1474 ; .textidx:004B9165o ... .idata:003F1478 ; DWORD __stdcall GetTickCount() .idata:003F1478 extrn GetTickCount:dword ; DATA XREF: .text:0042A766o .idata:003F1478 ; .text:0043BE18o ... .idata:003F147C ; BOOL __stdcall GetProcessTimes(HANDLE hProcess, LPFILETIME lpCreationTime, LPFILETIME lpExitTime, LPFILETIME lpKernelTime, LPFILETIME lpUserTime) .idata:003F147C extrn GetProcessTimes:dword ; DATA XREF: .text:0043BE1Eo .idata:003F147C ; .textidx:004CAA12o .idata:003F1480 ; HANDLE __stdcall GetCurrentProcess() .idata:003F1480 extrn GetCurrentProcess:dword ; DATA XREF: .text:00421A6Do .idata:003F1480 ; .text:00424FDBo ... .idata:003F1484 ; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName) .idata:003F1484 extrn GetModuleHandleA:dword ; DATA XREF: .text:0043BE2Ao .idata:003F1484 ; .textidx:004D2565o .idata:003F1488 ; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime) .idata:003F1488 extrn GetLocalTime:dword ; DATA XREF: .text:0043BE30o .idata:003F1488 ; .textidx:004D3B3Bo .idata:003F148C ; DWORD __stdcall GetTimeZoneInformation(LPTIME_ZONE_INFORMATION lpTimeZoneInformation) .idata:003F148C extrn GetTimeZoneInformation:dword .idata:003F148C ; DATA XREF: .text:0042CCE8o .idata:003F148C ; .text:0043BE36o ... .idata:003F1490 ; HANDLE __stdcall FindFirstFileW(LPCWSTR lpFileName, LPWIN32_FIND_DATAW lpFindFileData) .idata:003F1490 extrn FindFirstFileW:dword ; DATA XREF: .text:00422F91o .idata:003F1490 ; .text:0043BE3Co ... .idata:003F1494 ; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData) .idata:003F1494 extrn FindFirstFileA:dword ; DATA XREF: .text:00420BDBo .idata:003F1494 ; .text:0042101Bo ... .idata:003F1498 ; BOOL __stdcall FindNextFileW(HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData) .idata:003F1498 extrn FindNextFileW:dword ; DATA XREF: .text:0043BE48o .idata:003F1498 ; .textidx:004E6488o .idata:003F149C ; BOOL __stdcall FindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData) .idata:003F149C extrn FindNextFileA:dword ; DATA XREF: .text:00420D0Bo .idata:003F149C ; .text:0043BE4Eo ... .idata:003F14A0 ; BOOL __stdcall FindClose(HANDLE hFindFile) .idata:003F14A0 extrn FindClose:dword ; DATA XREF: .text:00420B07o .idata:003F14A0 ; .text:00421369o ... .idata:003F14A4 ; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName, LPSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize) .idata:003F14A4 extrn GetVolumeInformationA:dword .idata:003F14A4 ; DATA XREF: .text:0043BE5Ao .idata:003F14A4 ; .textidx:004EA2AEo .idata:003F14A8 ; UINT __stdcall GetDriveTypeA(LPCSTR lpRootPathName) .idata:003F14A8 extrn GetDriveTypeA:dword ; DATA XREF: .text:0042107Fo .idata:003F14A8 ; .text:0043AC5Fo ... .idata:003F14AC ; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect) .idata:003F14AC extrn VirtualAlloc:dword ; DATA XREF: .text:00427DB7o .idata:003F14AC ; .text:00427E44o ... .idata:003F14B0 ; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType) .idata:003F14B0 extrn VirtualFree:dword ; DATA XREF: .text:004278B4o .idata:003F14B0 ; .text:00427C5Bo ... .idata:003F14B4 ; void __stdcall SetLastError(DWORD dwErrCode) .idata:003F14B4 extrn SetLastError:dword ; DATA XREF: .text:0042A3B8o .idata:003F14B4 ; .text:0042E4DAo ... .idata:003F14B8 ; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName) .idata:003F14B8 extrn GetFileAttributesA:dword ; DATA XREF: .text:0041A9E7o .idata:003F14B8 ; .text:0043BE78o .idata:003F14BC ; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem) .idata:003F14BC extrn HeapFree:dword ; DATA XREF: .text:0041B839o .idata:003F14BC ; .text:00427898o ... .idata:003F14C0 ; BOOL __stdcall DeleteFileA(LPCSTR lpFileName) .idata:003F14C0 extrn DeleteFileA:dword ; DATA XREF: .text:0041B867o .idata:003F14C0 ; .text:0043BE84o ... .idata:003F14C4 ; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes) .idata:003F14C4 extrn HeapAlloc:dword ; DATA XREF: .text:0041EB61o .idata:003F14C4 ; .text:0041EB91o ... .idata:003F14C8 ; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime) .idata:003F14C8 extrn GetSystemTimeAsFileTime:dword .idata:003F14C8 ; DATA XREF: .text:0041EFB8o .idata:003F14C8 ; .text:0042A74Ao ... .idata:003F14CC ; LPSTR __stdcall GetCommandLineA() .idata:003F14CC extrn GetCommandLineA:dword ; DATA XREF: .text:0041F100o .idata:003F14CC ; .text:0043BE96o .idata:003F14D0 ; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection) .idata:003F14D0 extrn EnterCriticalSection:dword .idata:003F14D0 ; DATA XREF: .text:0041FB1Ao .idata:003F14D0 ; .text:0041FB4Do ... .idata:003F14D4 ; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection) .idata:003F14D4 extrn LeaveCriticalSection:dword .idata:003F14D4 ; DATA XREF: .text:0041FBB8o .idata:003F14D4 ; .text:0042532Do ... .idata:003F14D8 ; HMODULE __stdcall GetModuleHandleW(LPCWSTR lpModuleName) .idata:003F14D8 extrn GetModuleHandleW:dword ; CODE XREF: .text:0041FBDBJ .idata:003F14D8 ; DATA XREF: .text:0041FBD4o ... .idata:003F14DC ; void __stdcall ExitProcess(UINT uExitCode) .idata:003F14DC extrn ExitProcess:dword ; DATA XREF: .text:0041FC55o .idata:003F14DC ; .text:0043BEAEo .idata:003F14E0 extrn RtlUnwind:dword ; DATA XREF: .text:0043BEB4o .idata:003F14E4 ; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes) .idata:003F14E4 extrn HeapReAlloc:dword ; DATA XREF: .text:00420707o .idata:003F14E4 ; .text:00420788o ... .idata:003F14E8 ; BOOL __stdcall FileTimeToSystemTime(const FILETIME lpFileTime, LPSYSTEMTIME lpSystemTime) .idata:003F14E8 extrn FileTimeToSystemTime:dword .idata:003F14E8 ; DATA XREF: .text:00420B52o .idata:003F14E8 ; .text:004211ABo ... .idata:003F14EC ; BOOL __stdcall FileTimeToLocalFileTime(const FILETIME lpFileTime, LPFILETIME lpLocalFileTime) .idata:003F14EC extrn FileTimeToLocalFileTime:dword .idata:003F14EC ; DATA XREF: .text:00420B40o .idata:003F14EC ; .text:0042118Fo ... .idata:003F14F0 ; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation) .idata:003F14F0 extrn CreateProcessA:dword ; DATA XREF: .text:00421C3Bo .idata:003F14F0 ; .text:00421DABo ... .idata:003F14F4 ; BOOL __stdcall DuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions) .idata:003F14F4 extrn DuplicateHandle:dword ; DATA XREF: .text:00421A9Bo .idata:003F14F4 ; .text:0043BED2o .idata:003F14F8 ; DWORD __stdcall GetFileType(HANDLE hFile) .idata:003F14F8 extrn GetFileType:dword ; DATA XREF: .text:00422569o .idata:003F14F8 ; .text:004296BBo ... .idata:003F14FC ; HANDLE __stdcall CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) .idata:003F14FC extrn CreateFileW:dword ; DATA XREF: .text:004224CFo .idata:003F14FC ; .text:00422983o ... .idata:003F1500 ; UINT __stdcall GetDriveTypeW(LPCWSTR lpRootPathName) .idata:003F1500 extrn GetDriveTypeW:dword ; DATA XREF: .text:00422FF5o .idata:003F1500 ; .text:0043BEE4o .idata:003F1504 ; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName) .idata:003F1504 extrn MoveFileA:dword ; DATA XREF: .text:00423305o .idata:003F1504 ; .text:0043BEEAo .idata:003F1508 ; BOOL __stdcall MoveFileW(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName) .idata:003F1508 extrn MoveFileW:dword ; DATA XREF: .text:00423338o .idata:003F1508 ; .text:0043BEF0o .idata:003F150C ; DWORD __stdcall GetFileAttributesW(LPCWSTR lpFileName) .idata:003F150C extrn GetFileAttributesW:dword ; DATA XREF: .text:0042339Do .idata:003F150C ; .text:0043BEF6o .idata:003F1510 ; BOOL __stdcall DeleteFileW(LPCWSTR lpFileName) .idata:003F1510 extrn DeleteFileW:dword ; DATA XREF: .text:0043BEFCo .idata:003F1514 ; void __stdcall ExitThread(DWORD dwExitCode) .idata:003F1514 extrn ExitThread:dword ; DATA XREF: .text:004238AFo .idata:003F1514 ; .text:00423929o ... .idata:003F1518 ; DWORD __stdcall ResumeThread(HANDLE hThread) .idata:003F1518 extrn ResumeThread:dword ; DATA XREF: .text:004239F2o .idata:003F1518 ; .text:0043BF08o .idata:003F151C ; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId) .idata:003F151C extrn CreateThread:dword ; DATA XREF: .text:004239E2o .idata:003F151C ; .text:0043BF0Eo ... .idata:003F1520 ; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode) .idata:003F1520 extrn TerminateProcess:dword ; DATA XREF: .text:00424FE2o .idata:003F1520 ; .text:004268DEo ... .idata:003F1524 ; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS ExceptionInfo) .idata:003F1524 extrn UnhandledExceptionFilter:dword .idata:003F1524 ; DATA XREF: .text:00424FC0o .idata:003F1524 ; .text:004268BBo ... .idata:003F1528 ; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter) .idata:003F1528 extrn SetUnhandledExceptionFilter:dword .idata:003F1528 ; DATA XREF: .text:00424FB3o .idata:003F1528 ; .text:004268B0o ... .idata:003F152C ; BOOL __stdcall IsDebuggerPresent() .idata:003F152C extrn IsDebuggerPresent:dword ; DATA XREF: .text:00424FA9o .idata:003F152C ; .text:0042689Bo ... .idata:003F1530 ; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection) .idata:003F1530 extrn DeleteCriticalSection:dword .idata:003F1530 ; DATA XREF: .text:004252CAo .idata:003F1530 ; .text:004297F1o ... .idata:003F1534 ; void __stdcall FatalAppExitA(UINT uAction, LPCSTR lpMessageText) .idata:003F1534 extrn FatalAppExitA:dword ; DATA XREF: .text:0042533Bo .idata:003F1534 ; .text:0043BF32o .idata:003F1538 ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped) .idata:003F1538 extrn WriteFile:dword ; DATA XREF: .text:00426D4Eo .idata:003F1538 ; .text:00426DA7o ... .idata:003F153C ; UINT __stdcall GetConsoleCP() .idata:003F153C extrn GetConsoleCP:dword ; DATA XREF: .text:00426C35o .idata:003F153C ; .text:0043BF3Eo .idata:003F1540 ; BOOL __stdcall GetConsoleMode(HANDLE hConsoleHandle, LPDWORD lpMode) .idata:003F1540 extrn GetConsoleMode:dword ; DATA XREF: .text:00426C15o .idata:003F1540 ; .text:0043BF44o .idata:003F1544 ; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize) .idata:003F1544 extrn HeapCreate:dword ; DATA XREF: .text:0042786Ao .idata:003F1544 ; .text:0043BF4Ao .idata:003F1548 ; BOOL __stdcall HeapDestroy(HANDLE hHeap) .idata:003F1548 extrn HeapDestroy:dword ; DATA XREF: .text:004278EBo .idata:003F1548 ; .text:0043BF50o .idata:003F154C ; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) .idata:003F154C extrn ReadFile:dword ; DATA XREF: .text:00428DB0o .idata:003F154C ; .text:00428E68o ... .idata:003F1550 ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle) .idata:003F1550 extrn GetStdHandle:dword ; DATA XREF: .text:00429465o .idata:003F1550 ; .text:00429745o ... .idata:003F1554 ; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize) .idata:003F1554 extrn GetModuleFileNameA:dword ; DATA XREF: .text:00429392o .idata:003F1554 ; .text:00429E93o ... .idata:003F1558 ; UINT __stdcall SetHandleCount(UINT uNumber) .idata:003F1558 extrn SetHandleCount:dword ; DATA XREF: .text:004297AFo .idata:003F1558 ; .text:0043BF68o .idata:003F155C ; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo) .idata:003F155C extrn GetStartupInfoA:dword ; DATA XREF: .text:00429591o .idata:003F155C ; .text:0043BF6Eo .idata:003F1560 ; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod) .idata:003F1560 extrn SetFilePointer:dword ; DATA XREF: .text:0042984Do .idata:003F1560 ; .text:00432CE5o ... .idata:003F1564 ; DWORD __stdcall GetEnvironmentVariableW(LPCWSTR lpName, LPWSTR lpBuffer, DWORD nSize) .idata:003F1564 extrn GetEnvironmentVariableW:dword .idata:003F1564 ; DATA XREF: .text:0043BDF4o .idata:003F1564 ; .textidx:004B7459o ... .idata:003F1568 ; DWORD __stdcall GetLastError() .idata:003F1568 extrn GetLastError:dword ; DATA XREF: .text:0041A9F2o .idata:003F1568 ; .text:0041B84Ao ... .idata:003F156C ; BOOL __stdcall FreeEnvironmentStringsW(LPWCH) .idata:003F156C extrn FreeEnvironmentStringsW:dword .idata:003F156C ; DATA XREF: .text:00429FEEo .idata:003F156C ; .text:0043B6E7o ... .idata:003F1570 ; LPWCH __stdcall GetEnvironmentStringsW() .idata:003F1570 extrn GetEnvironmentStringsW:dword .idata:003F1570 ; DATA XREF: .text:00429F31o .idata:003F1570 ; .text:0043B6ACo ... .idata:003F1574 ; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex) .idata:003F1574 extrn TlsGetValue:dword ; DATA XREF: .text:0042A0CBo .idata:003F1574 ; .text:0042A146o ... .idata:003F1578 ; DWORD __stdcall TlsAlloc() .idata:003F1578 extrn TlsAlloc:dword ; DATA XREF: .text:0042A1ACo .idata:003F1578 ; .text:0042A62Eo ... .idata:003F157C ; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue) .idata:003F157C extrn TlsSetValue:dword ; DATA XREF: .text:0042A1FFo .idata:003F157C ; .text:0042A572o ... .idata:003F1580 ; BOOL __stdcall TlsFree(DWORD dwTlsIndex) .idata:003F1580 extrn TlsFree:dword ; DATA XREF: .text:0042A251o .idata:003F1580 ; .text:0042A613o ... .idata:003F1584 ; LONG __stdcall InterlockedIncrement(volatile LONG lpAddend) .idata:003F1584 extrn InterlockedIncrement:dword .idata:003F1584 ; DATA XREF: .text:0042A2E8o .idata:003F1584 ; .text:0042EA57o ... .idata:003F1588 ; DWORD __stdcall GetCurrentThreadId() .idata:003F1588 extrn GetCurrentThreadId:dword ; DATA XREF: .text:0042A57Ao .idata:003F1588 ; .text:0042A75Eo ... .idata:003F158C ; LONG __stdcall InterlockedDecrement(volatile LONG lpAddend) .idata:003F158C extrn InterlockedDecrement:dword .idata:003F158C ; DATA XREF: .text:0042A47Bo .idata:003F158C ; .text:0042EA2Co ... .idata:003F1590 ; HANDLE __stdcall GetCurrentThread() .idata:003F1590 extrn GetCurrentThread:dword ; DATA XREF: .text:0042A580o .idata:003F1590 ; .text:0043BFBCo .idata:003F1594 ; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER lpPerformanceCount) .idata:003F1594 extrn QueryPerformanceCounter:dword .idata:003F1594 ; DATA XREF: .text:0042A772o .idata:003F1594 ; .text:0043BFC2o .idata:003F1598 ; DWORD __stdcall GetCurrentProcessId() .idata:003F1598 extrn GetCurrentProcessId:dword ; DATA XREF: .text:0042A756o .idata:003F1598 ; .text:0043BFC8o ... .idata:003F159C ; BOOL __stdcall SetConsoleCtrlHandler(PHANDLER_ROUTINE HandlerRoutine, BOOL Add) .idata:003F159C extrn SetConsoleCtrlHandler:dword .idata:003F159C ; DATA XREF: .text:0042DF0Ao .idata:003F159C ; .text:0043BFCEo .idata:003F15A0 ; LONG __stdcall InterlockedExchange(volatile LONG Target, LONG Value) .idata:003F15A0 extrn InterlockedExchange:dword ; DATA XREF: .text:0042E2BEo .idata:003F15A0 ; .text:004331FEo ... .idata:003F15A4 ; BOOL __stdcall InitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount) .idata:003F15A4 extrn InitializeCriticalSectionAndSpinCount:dword .idata:003F15A4 ; DATA XREF: .text:0042E4AAo .idata:003F15A4 ; .text:0043BFDAo .idata:003F15A8 ; BOOL __stdcall FlushFileBuffers(HANDLE hFile) .idata:003F15A8 extrn FlushFileBuffers:dword ; DATA XREF: .text:0042E580o .idata:003F15A8 ; .text:0043BFE0o .idata:003F15AC ; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo) .idata:003F15AC extrn GetCPInfo:dword ; DATA XREF: .text:0042E861o .idata:003F15AC ; .text:0042EB79o ... .idata:003F15B0 ; UINT __stdcall GetACP() .idata:003F15B0 extrn GetACP:dword ; DATA XREF: .text:0042EAC3o .idata:003F15B0 ; .text:0043A07Ao ... .idata:003F15B4 ; UINT __stdcall GetOEMCP() .idata:003F15B4 extrn GetOEMCP:dword ; DATA XREF: .text:0042EAA0o .idata:003F15B4 ; .text:0043BFF2o .idata:003F15B8 ; BOOL __stdcall IsValidCodePage(UINT CodePage) .idata:003F15B8 extrn IsValidCodePage:dword ; DATA XREF: .text:0042EB66o .idata:003F15B8 ; .text:0043BFF8o .idata:003F15BC ; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest) .idata:003F15BC extrn LCMapStringA:dword ; DATA XREF: .text:00430462o .idata:003F15BC ; .text:00430533o ... .idata:003F15C0 ; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest) .idata:003F15C0 extrn LCMapStringW:dword ; DATA XREF: .text:004301FDo .idata:003F15C0 ; .text:00430311o ... .idata:003F15C4 ; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName, DWORD nBufferLength, LPSTR lpBuffer, LPSTR lpFilePart) .idata:003F15C4 extrn GetFullPathNameA:dword ; DATA XREF: .text:00430F0Ao .idata:003F15C4 ; .text:0043AD18o ... .idata:003F15C8 ; BOOL __stdcall GetFileInformationByHandle(HANDLE hFile, LPBY_HANDLE_FILE_INFORMATION lpFileInformation) .idata:003F15C8 extrn GetFileInformationByHandle:dword .idata:003F15C8 ; DATA XREF: .text:004311A4o .idata:003F15C8 ; .text:0043C012o .idata:003F15CC ; BOOL __stdcall PeekNamedPipe(HANDLE hNamedPipe, LPVOID lpBuffer, DWORD nBufferSize, LPDWORD lpBytesRead, LPDWORD lpTotalBytesAvail, LPDWORD lpBytesLeftThisMessage) .idata:003F15CC extrn PeekNamedPipe:dword ; DATA XREF: .text:0043116Co .idata:003F15CC ; .text:0043C018o .idata:003F15D0 ; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) .idata:003F15D0 extrn CreateFileA:dword ; DATA XREF: .text:00431534o .idata:003F15D0 ; .text:004319E7o ... .idata:003F15D4 ; DWORD __stdcall GetCurrentDirectoryA(DWORD nBufferLength, LPSTR lpBuffer) .idata:003F15D4 extrn GetCurrentDirectoryA:dword .idata:003F15D4 ; DATA XREF: .text:00431C37o .idata:003F15D4 ; .text:0043C024o .idata:003F15D8 ; BOOL __stdcall SetCurrentDirectoryA(LPCSTR lpPathName) .idata:003F15D8 extrn SetCurrentDirectoryA:dword .idata:003F15D8 ; DATA XREF: .text:00431D45o .idata:003F15D8 ; .text:0043C02Ao .idata:003F15DC ; BOOL __stdcall SetStdHandle(DWORD nStdHandle, HANDLE hHandle) .idata:003F15DC extrn SetStdHandle:dword ; DATA XREF: .text:00431F77o .idata:003F15DC ; .text:00432000o ... .idata:003F15E0 ; BOOL __stdcall CreatePipe(PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize) .idata:003F15E0 extrn CreatePipe:dword ; DATA XREF: .text:00432767o .idata:003F15E0 ; .text:0043C036o .idata:003F15E4 ; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess, LPDWORD lpExitCode) .idata:003F15E4 extrn GetExitCodeProcess:dword ; DATA XREF: .text:00432984o .idata:003F15E4 ; .text:0043C03Co .idata:003F15E8 ; BOOL __stdcall SetEndOfFile(HANDLE hFile) .idata:003F15E8 extrn SetEndOfFile:dword ; DATA XREF: .text:00432F8Fo .idata:003F15E8 ; .text:0043C042o .idata:003F15EC ; HANDLE __stdcall GetProcessHeap() .idata:003F15EC extrn GetProcessHeap:dword ; DATA XREF: .text:00432EAAo .idata:003F15EC ; .text:00432F2Do ... .idata:003F15F0 ; DWORD __stdcall GetFullPathNameW(LPCWSTR lpFileName, DWORD nBufferLength, LPWSTR lpBuffer, LPWSTR lpFilePart) .idata:003F15F0 extrn GetFullPathNameW:dword ; DATA XREF: .text:00433542o .idata:003F15F0 ; .text:0043B0B1o ... .idata:003F15F4 ; BOOL __stdcall SetEnvironmentVariableA(LPCSTR lpName, LPCSTR lpValue) .idata:003F15F4 extrn SetEnvironmentVariableA:dword .idata:003F15F4 ; DATA XREF: .text:00434F89o .idata:003F15F4 ; .text:0043529Bo ... .idata:003F15F8 ; BOOL __stdcall SetEnvironmentVariableW(LPCWSTR lpName, LPCWSTR lpValue) .idata:003F15F8 extrn SetEnvironmentVariableW:dword .idata:003F15F8 ; DATA XREF: .text:00434EC3o .idata:003F15F8 ; .text:0043C05Ao .idata:003F15FC ; int __stdcall CompareStringA(LCID Locale, DWORD dwCmpFlags, LPCSTR lpString1, int cchCount1, LPCSTR lpString2, int cchCount2) .idata:003F15FC extrn CompareStringA:dword ; DATA XREF: .text:00435A97o .idata:003F15FC ; .text:0043C060o .idata:003F1600 ; int __stdcall CompareStringW(LCID Locale, DWORD dwCmpFlags, LPCWSTR lpString1, int cchCount1, LPCWSTR lpString2, int cchCount2) .idata:003F1600 extrn CompareStringW:dword ; DATA XREF: .text:0043578Eo .idata:003F1600 ; .text:004359DDo ... .idata:003F1604 ; BOOL __stdcall WriteConsoleA(HANDLE hConsoleOutput, const void lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved) .idata:003F1604 extrn WriteConsoleA:dword ; DATA XREF: .text:00436C4Bo .idata:003F1604 ; .text:0043C06Co .idata:003F1608 ; UINT __stdcall GetConsoleOutputCP() .idata:003F1608 extrn GetConsoleOutputCP:dword ; DATA XREF: .text:00436C28o .idata:003F1608 ; .text:0043C072o .idata:003F160C ; BOOL __stdcall WriteConsoleW(HANDLE hConsoleOutput, const void lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved) .idata:003F160C extrn WriteConsoleW:dword ; DATA XREF: .text:00436BF5o .idata:003F160C ; .text:0043C078o .idata:003F1610 ; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem) .idata:003F1610 extrn HeapSize:dword ; DATA XREF: .text:00437D1Co .idata:003F1610 ; .text:0043C07Eo .idata:003F1614 ; int __stdcall GetLocaleInfoW(LCID Locale, LCTYPE LCType, LPWSTR lpLCData, int cchData) .idata:003F1614 extrn GetLocaleInfoW:dword ; DATA XREF: .text:00437E8Fo .idata:003F1614 ; .text:00437EB6o ... .idata:003F1618 ; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData) .idata:003F1618 extrn GetLocaleInfoA:dword ; DATA XREF: .text:00437FF2o .idata:003F1618 ; .text:0043A029o ... .idata:003F161C ; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType) .idata:003F161C extrn GetStringTypeA:dword ; DATA XREF: .text:004381DAo .idata:003F161C ; .text:0043C090o .idata:003F1620 ; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType) .idata:003F1620 extrn GetStringTypeW:dword ; DATA XREF: .text:00438076o .idata:003F1620 ; .text:00438165o ... .idata:003F1624 ; int __stdcall GetTimeFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME lpTime, LPCSTR lpFormat, LPSTR lpTimeStr, int cchTime) .idata:003F1624 extrn GetTimeFormatA:dword ; DATA XREF: .text:004398E8o .idata:003F1624 ; .text:0043C09Co .idata:003F1628 ; int __stdcall GetDateFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME lpDate, LPCSTR lpFormat, LPSTR lpDateStr, int cchDate) .idata:003F1628 extrn GetDateFormatA:dword ; DATA XREF: .text:004398E0o .idata:003F1628 ; .text:0043C0A2o .idata:003F162C ; LCID __stdcall GetUserDefaultLCID() .idata:003F162C extrn GetUserDefaultLCID:dword ; DATA XREF: .text:00439FD1o .idata:003F162C ; .text:0043A648o ... .idata:003F1630 ; BOOL __stdcall EnumSystemLocalesA(LOCALE_ENUMPROCA lpLocaleEnumProc, DWORD dwFlags) .idata:003F1630 extrn EnumSystemLocalesA:dword ; DATA XREF: .text:0043A4AFo .idata:003F1630 ; .text:0043A507o ... .idata:003F1634 ; BOOL __stdcall IsValidLocale(LCID Locale, DWORD dwFlags) .idata:003F1634 extrn IsValidLocale:dword ; DATA XREF: .text:0043A6ACo .idata:003F1634 ; .text:0043C0B4o .idata:003F1638 ; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName, LPSTR lpBuffer, DWORD nSize) .idata:003F1638 extrn GetEnvironmentVariableA:dword .idata:003F1638 ; DATA XREF: .text:0043BDEEo .idata:003F1638 ; .textidx:004B7309o ... .idata:003F163C ; LPWSTR __stdcall GetCommandLineW() .idata:003F163C extrn GetCommandLineW:dword ; DATA XREF: .text:0043BDE8o .idata:003F163C ; .textidx:004B65A3o .idata:003F1640 ; BOOL __stdcall SystemTimeToFileTime(const SYSTEMTIME lpSystemTime, LPFILETIME lpFileTime) .idata:003F1640 extrn SystemTimeToFileTime:dword .idata:003F1640 ; DATA XREF: .text:004840CCo .idata:003F1640 ; .text:00484720o .idata:003F1644 ; BOOL __stdcall LocalFileTimeToFileTime(const FILETIME lpLocalFileTime, LPFILETIME lpFileTime) .idata:003F1644 extrn LocalFileTimeToFileTime:dword .idata:003F1644 ; DATA XREF: .text:004840F0o .idata:003F1644 ; .text:0048415Eo ... .idata:003F1648 ; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME lpCreationTime, const FILETIME lpLastAccessTime, const FILETIME lpLastWriteTime) .idata:003F1648 extrn SetFileTime:dword ; DATA XREF: .text:0048417Bo .idata:003F1648 ; .text:00484714o .idata:003F164C ; BOOL __stdcall UnlockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToUnlockLow, DWORD nNumberOfBytesToUnlockHigh) .idata:003F164C extrn UnlockFile:dword ; DATA XREF: .text:00483DE5o .idata:003F164C ; .text:0048470Eo .idata:003F1650 ; BOOL __stdcall LockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToLockLow, DWORD nNumberOfBytesToLockHigh) .idata:003F1650 extrn LockFile:dword ; DATA XREF: .text:00483DEDo .idata:003F1650 ; .text:00484708o .idata:003F1654 ; BOOL __stdcall ReleaseSemaphore(HANDLE hSemaphore, LONG lReleaseCount, LPLONG lpPreviousCount) .idata:003F1654 extrn ReleaseSemaphore:dword ; DATA XREF: .text:00457909o .idata:003F1654 ; .text:004579AAo ... .idata:003F1658 ; HANDLE __stdcall CreateSemaphoreA(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCSTR lpName) .idata:003F1658 extrn CreateSemaphoreA:dword ; DATA XREF: .text:004572B0o .idata:003F1658 ; .text:004846FCo .idata:003F165C ; BOOL __stdcall SetConsoleTitleA(LPCSTR lpConsoleTitle) .idata:003F165C extrn SetConsoleTitleA:dword ; DATA XREF: .text:0043E00Do .idata:003F165C ; .text:004846F6o .idata:003F1660 ; BOOL __stdcall ReleaseMutex(HANDLE hMutex) .idata:003F1660 extrn ReleaseMutex:dword ; DATA XREF: .text:0043BE06o .idata:003F1660 ; .text:0043CEE1o ... .idata:003F1664 ; BOOL __stdcall SetHandleInformation(HANDLE hObject, DWORD dwMask, DWORD dwFlags) .idata:003F1664 extrn SetHandleInformation:dword .idata:003F1664 ; DATA XREF: .text:0043BE00o .idata:003F1664 ; .textidx:004B879Bo .idata:003F1668 ; LPCH __stdcall GetEnvironmentStrings() .idata:003F1668 extrn GetEnvironmentStrings:dword .idata:003F1668 ; DATA XREF: .text:0042A001o .idata:003F1668 ; .text:0043BF80o .idata:003F166C ; UINT __stdcall SetErrorMode(UINT uMode) .idata:003F166C extrn SetErrorMode:dword ; DATA XREF: .text:0043BDFAo .idata:003F166C ; .textidx:004B7C8Do .idata:003F1670 ; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) .idata:003F1670 extrn WideCharToMultiByte:dword ; DATA XREF: .text:00425198o .idata:003F1670 ; .text:00426D25o ... .idata:003F1674 ; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) .idata:003F1674 extrn MultiByteToWideChar:dword ; DATA XREF: .text:004236EFo .idata:003F1674 ; .text:00428FACo ... .idata:003F1678 ; BOOL __stdcall SetEvent(HANDLE hEvent) .idata:003F1678 extrn SetEvent:dword ; DATA XREF: .text:0043BDD6o .idata:003F1678 ; .textidx:004B5AE9o .idata:003F167C ; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName) .idata:003F167C extrn CreateEventA:dword ; DATA XREF: .text:0043BDD0o .idata:003F167C ; .textidx:004B5AF9o .idata:003F1680 ; BOOL __stdcall ResetEvent(HANDLE hEvent) .idata:003F1680 extrn ResetEvent:dword ; DATA XREF: .text:0043BDCAo .idata:003F1680 ; .textidx:004B5A8Ao .idata:003F1684 ; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds) .idata:003F1684 extrn WaitForSingleObject:dword ; DATA XREF: .text:00432975o .idata:003F1684 ; .text:0043BDC4o ... .idata:003F1688 ; BOOL __stdcall CloseHandle(HANDLE hObject) .idata:003F1688 extrn CloseHandle:dword ; DATA XREF: .text:00421DD9o .idata:003F1688 ; .text:004225A0o ... .idata:003F168C ; void __stdcall Sleep(DWORD dwMilliseconds) .idata:003F168C extrn Sleep:dword ; DATA XREF: .text:0041FBCCo .idata:003F168C ; .text:0042D799o ... .idata:003F1690 ; DWORD __stdcall GetVersion() .idata:003F1690 extrn GetVersion:dword ; DATA XREF: .text:0043BDB2o .idata:003F1690 ; .text:00457338o ... .idata:003F1694 ; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize) .idata:003F1694 extrn GetWindowsDirectoryA:dword .idata:003F1694 ; DATA XREF: .text:0043BDACo .idata:003F1694 ; .text:0043C292o ... .idata:003F1698 ; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation) .idata:003F1698 extrn GetVersionExA:dword ; DATA XREF: .text:0043BDA6o .idata:003F1698 ; .textidx:0048AE5Eo ... .idata:003F169C ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName) .idata:003F169C extrn LoadLibraryA:dword ; DATA XREF: .text:00401093o .idata:003F169C ; .text:0042E23Co ... .idata:003F16A0 ; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName) .idata:003F16A0 extrn GetProcAddress:dword ; DATA XREF: .text:004010B6o .idata:003F16A0 ; .text:0041FC33o ... .idata:003F16A4 ; BOOL __stdcall FreeEnvironmentStringsA(LPCH) .idata:003F16A4 extrn FreeEnvironmentStringsA:dword .idata:003F16A4 ; DATA XREF: .text:0042A033o .idata:003F16A4 ; .text:0042A04Co ... .idata:003F16A8 ; BOOL __stdcall FreeLibrary(HMODULE hLibModule) .idata:003F16A8 extrn FreeLibrary:dword ; DATA XREF: .text:0040111Eo .idata:003F16A8 ; .text:0040124Bo ... .idata:003F16AC .idata:003F16B0 ; .idata:003F16B0 ; Imports from NETAPI32.dll .idata:003F16B0 ; .idata:003F16B0 ; UCHAR __stdcall Netbios(PNCB pncb) .idata:003F16B0 extrn Netbios:dword ; DATA XREF: .text:003F1038o .idata:003F16B0 ; .text:0043C14Ao .idata:003F16B4 .idata:003F16B8 ; .idata:003F16B8 ; Imports from USER32.dll .idata:003F16B8 ; .idata:003F16B8 ; INT_PTR __stdcall DialogBoxIndirectParamA(HINSTANCE hInstance, LPCDLGTEMPLATEA hDialogTemplate, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam) .idata:003F16B8 extrn DialogBoxIndirectParamA:dword .idata:003F16B8 ; DATA XREF: .text:003F1024o .idata:003F16B8 ; .text:0043C144o ... .idata:003F16BC ; HWND __stdcall CreateDialogIndirectParamA(HINSTANCE hInstance, LPCDLGTEMPLATEA lpTemplate, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam) .idata:003F16BC extrn CreateDialogIndirectParamA:dword .idata:003F16BC ; DATA XREF: .text:0043C13Eo .idata:003F16BC ; .textidx:005084E5o .idata:003F16C0 ; int wsprintfA(LPSTR, LPCSTR, ...) .idata:003F16C0 extrn wsprintfA:dword ; DATA XREF: .text:0043C138o .idata:003F16C0 ; .textidx:005081D4o ... .idata:003F16C4 ; BOOL __stdcall GetClientRect(HWND hWnd, LPRECT lpRect) .idata:003F16C4 extrn GetClientRect:dword ; DATA XREF: .text:0043C132o .idata:003F16C4 ; .textidx:004D2CA0o .idata:003F16C8 ; BOOL __stdcall ScreenToClient(HWND hWnd, LPPOINT lpPoint) .idata:003F16C8 extrn ScreenToClient:dword ; DATA XREF: .text:0043C12Co .idata:003F16C8 ; .textidx:004D2CC8o ... .idata:003F16CC ; BOOL __stdcall MoveWindow(HWND hWnd, int X, int Y, int nWidth, int nHeight, BOOL bRepaint) .idata:003F16CC extrn MoveWindow:dword ; DATA XREF: .text:0043C126o .idata:003F16CC ; .textidx:004D2D3Eo .idata:003F16D0 ; BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow) .idata:003F16D0 extrn ShowWindow:dword ; DATA XREF: .text:0043C120o .idata:003F16D0 ; .textidx:004D2B27o .idata:003F16D4 ; BOOL __stdcall SetWindowTextA(HWND hWnd, LPCSTR lpString) .idata:003F16D4 extrn SetWindowTextA:dword ; DATA XREF: .text:0043C11Ao .idata:003F16D4 ; .textidx:004D2C4Eo .idata:003F16D8 ; HWND __stdcall SetFocus(HWND hWnd) .idata:003F16D8 extrn SetFocus:dword ; DATA XREF: .text:0043C114o .idata:003F16D8 ; .textidx:004D2A5Bo .idata:003F16DC ; HWND __stdcall GetFocus() .idata:003F16DC extrn GetFocus:dword ; DATA XREF: .text:0043C10Eo .idata:003F16DC ; .textidx:004D25DBo ... .idata:003F16E0 ; HWND __stdcall GetParent(HWND hWnd) .idata:003F16E0 extrn GetParent:dword ; DATA XREF: .text:0043C108o .idata:003F16E0 ; .textidx:004D20B9o .idata:003F16E4 ; BOOL __stdcall EndDialog(HWND hDlg, INT_PTR nResult) .idata:003F16E4 extrn EndDialog:dword ; DATA XREF: .text:0043C102o .idata:003F16E4 ; .textidx:004D2164o ... .idata:003F16E8 ; UINT __stdcall GetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPSTR lpString, int cchMax) .idata:003F16E8 extrn GetDlgItemTextA:dword ; DATA XREF: .text:0043C0FCo .idata:003F16E8 ; .textidx:004D1BB0o .idata:003F16EC ; UINT __stdcall GetDlgItemTextW(HWND hDlg, int nIDDlgItem, LPWSTR lpString, int cchMax) .idata:003F16EC extrn GetDlgItemTextW:dword ; DATA XREF: .text:0043C0F6o .idata:003F16EC ; .textidx:004D1C46o .idata:003F16F0 ; HWND __stdcall GetActiveWindow() .idata:003F16F0 extrn GetActiveWindow:dword ; DATA XREF: .text:0043C0C0o .idata:003F16F0 ; .textidx:00493EA4o ... .idata:003F16F4 ; int __stdcall GetSystemMetrics(int nIndex) .idata:003F16F4 extrn GetSystemMetrics:dword ; DATA XREF: .text:0043C0C6o .idata:003F16F4 ; .textidx:004B92C4o .idata:003F16F8 ; BOOL __stdcall EnableWindow(HWND hWnd, BOOL bEnable) .idata:003F16F8 extrn EnableWindow:dword ; DATA XREF: .text:0043C0CCo .idata:003F16F8 ; .textidx:004D1410o ... .idata:003F16FC ; BOOL __stdcall GetWindowRect(HWND hWnd, LPRECT lpRect) .idata:003F16FC extrn GetWindowRect:dword ; DATA XREF: .text:0043C0D2o .idata:003F16FC ; .textidx:004D1404o ... .idata:003F1700 ; HWND __stdcall GetDlgItem(HWND hDlg, int nIDDlgItem) .idata:003F1700 extrn GetDlgItem:dword ; DATA XREF: .text:0043C0D8o .idata:003F1700 ; .textidx:004D13F3o ... .idata:003F1704 ; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) .idata:003F1704 extrn SendMessageA:dword ; DATA XREF: .text:0043C0DEo .idata:003F1704 ; .textidx:004D174Ao ... .idata:003F1708 ; LONG __stdcall GetWindowLongA(HWND hWnd, int nIndex) .idata:003F1708 extrn GetWindowLongA:dword ; DATA XREF: .text:0043C0E4o .idata:003F1708 ; .textidx:004D17E6o .idata:003F170C ; BOOL __stdcall MessageBeep(UINT uType) .idata:003F170C extrn MessageBeep:dword ; DATA XREF: .text:0043C0EAo .idata:003F170C ; .textidx:004D209Co .idata:003F1710 ; BOOL __stdcall SetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPCSTR lpString) .idata:003F1710 extrn SetDlgItemTextA:dword ; DATA XREF: .text:0043C0F0o .idata:003F1710 ; .textidx:004D1A6Co .idata:003F1714 ; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) .idata:003F1714 extrn MessageBoxA:dword ; DATA XREF: .text:0043C0BAo .idata:003F1714 ; .textidx:00493EABo ... .idata:003F1718 .idata:003F171C ; .idata:003F171C ; Imports from WSOCK32.dll .idata:003F171C ; .idata:003F171C ; int __stdcall getsockname(SOCKET s, struct sockaddr name, int namelen) .idata:003F171C extrn getsockname:dword ; DATA XREF: .text:003F1088o .idata:003F1720 ; int __stdcall _WSAFDIsSet(SOCKET fd, fd_set ) .idata:003F1720 extrn __WSAFDIsSet:dword .idata:003F1724 ; int __stdcall select(int nfds, fd_set readfds, fd_set writefds, fd_set exceptfds, const struct timeval timeout) .idata:003F1724 extrn select:dword ; DATA XREF: .text:0043C1F8o .idata:003F1728 ; int __stdcall connect(SOCKET s, const struct sockaddr name, int namelen) .idata:003F1728 extrn connect:dword ; DATA XREF: .text:0043C1FEo .idata:003F172C ; SOCKET __stdcall socket(int af, int type, int protocol) .idata:003F172C extrn socket:dword ; DATA XREF: .text:0043C204o .idata:003F1730 ; u_short __stdcall htons(u_short hostshort) .idata:003F1730 extrn htons:dword ; DATA XREF: .text:0043C20Ao .idata:003F1734 ; struct protoent __stdcall getprotobyname(const char name) .idata:003F1734 extrn getprotobyname:dword ; DATA XREF: .text:0043C210o .idata:003F1738 ; int __stdcall closesocket(SOCKET s) .idata:003F1738 extrn closesocket:dword ; DATA XREF: .text:0043C216o .idata:003F173C ; int __stdcall recv(SOCKET s, char buf, int len, int flags) .idata:003F173C extrn recv:dword ; DATA XREF: .text:0043C21Co .idata:003F1740 ; int __stdcall send(SOCKET s, const char buf, int len, int flags) .idata:003F1740 extrn send:dword ; DATA XREF: .text:0043C222o .idata:003F1744 ; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long argp) .idata:003F1744 extrn ioctlsocket:dword ; DATA XREF: .text:0043C228o .idata:003F1748 ; int __stdcall setsockopt(SOCKET s, int level, int optname, const char optval, int optlen) .idata:003F1748 extrn setsockopt:dword ; DATA XREF: .text:0043C22Eo .idata:003F174C ; u_short __stdcall ntohs(u_short netshort) .idata:003F174C extrn ntohs:dword ; DATA XREF: .text:0043C234o .idata:003F1750 ; int __stdcall WSACleanup() .idata:003F1750 extrn WSACleanup:dword ; DATA XREF: .text:0043C1DAo .idata:003F1754 ; unsigned __int32 __stdcall inet_addr(const char cp) .idata:003F1754 extrn inet_addr:dword ; DATA XREF: .text:0043C1D4o .idata:003F1758 ; char __stdcall inet_ntoa(struct in_addr in) .idata:003F1758 extrn inet_ntoa:dword ; DATA XREF: .text:0043C1CEo .idata:003F175C ; struct hostent __stdcall gethostbyaddr(const char addr, int len, int type) .idata:003F175C extrn gethostbyaddr:dword ; DATA XREF: .text:0043C1C8o .idata:003F1760 ; struct hostent __stdcall gethostbyname(const char name) .idata:003F1760 extrn gethostbyname:dword ; DATA XREF: .text:0043C1C2o .idata:003F1764 ; int __stdcall gethostname(char name, int namelen) .idata:003F1764 extrn gethostname:dword ; DATA XREF: .text:0043C1BCo .idata:003F1768 ; u_long __stdcall htonl(u_long hostlong) .idata:003F1768 extrn htonl:dword ; DATA XREF: .text:0043C1B6o .idata:003F176C ; u_long __stdcall ntohl(u_long netlong) .idata:003F176C extrn ntohl:dword ; DATA XREF: .text:0043C1B0o .idata:003F1770 ; int __stdcall getsockopt(SOCKET s, int level, int optname, char optval, int optlen) .idata:003F1770 extrn getsockopt:dword ; DATA XREF: .text:0043C1AAo .idata:003F1774 ; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData) .idata:003F1774 extrn WSAStartup:dword ; DATA XREF: .text:0043C1E6o .idata:003F1778 ; int __stdcall WSAGetLastError() .idata:003F1778 extrn WSAGetLastError:dword ; DATA XREF: .text:0043C1E0o .idata:003F177C .idata:003F177C .text:003F1780 ; =========================================================================== .text:003F1780 .text:003F1780 ; Segment type: Pure code .text:003F1780 ; Segment permissions: Read/Execute .text:003F1780 _text segment para public 'CODE' use32 .text:003F1780 assume cs:_text .text:003F1780 ;org 3F1780h .text:003F1780 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .text:003F1780 word_3F1780 dw 0 ; DATA XREF: .text:off_3F10A0o .text:003F1780 ; .text:00421354w ... .text:003F1782 db 'VirtualProtect',0 .text:003F1791 word_3F1791 dw 0 ; DATA XREF: .text:003F10A4o .text:003F1793 db 'VirtualQuery',0 .text:003F17A0 word_3F17A0 dw 0 ; DATA XREF: .text:003F10A8o .text:003F17A2 db 'GetSystemInfo',0 .text:003F17B0 word_3F17B0 dw 0 ; DATA XREF: .text:003F10ACo .text:003F17B2 db 'OutputDebugStringA',0 .text:003F17C5 db 2 dup(0), 56h .text:003F17C8 aIrtualprotect db 'irtualProtect',0 .text:003F17D6 align 4 .text:003F17D8 aVirtualquery db 'VirtualQuery',0 .text:003F17E5 db 2 dup(0), 47h .text:003F17E8 aEtsysteminfo db 'etSystemInfo',0 .text:003F17F5 db 2 dup(0), 4Fh .text:003F17F8 aUtputdebugstri db 'utputDebugStringA',0 .text:003F180A ; char OutputString[] .text:003F180A OutputString db '__page_permission_service invoked.',0 .text:003F180A ; DATA XREF: sub_3F1901+Eo .text:003F182D db 1Ah, 4 .text:003F182F a__page_permi_3 db '__page_permission_service VirtualQuery failed.',0 .text:003F182F ; DATA XREF: sub_3F1994:loc_41B0E1o .text:003F185E dw 2311h .text:003F1860 a__page_permi_4 db '__page_permission_service VirtualProtect failed.',0 .text:003F1860 ; DATA XREF: sub_3F1994:loc_43C566o .text:003F1891 db 45h, 9, 0B4h .text:003F1894 ; char a__page_permi_0[] .text:003F1894 a__page_permi_0 db '__page_permission_service running.',0 .text:003F1894 ; DATA XREF: sub_3F1901+83o .text:003F18B7 db 7Dh .text:003F18B8 ; char a__page_permi_1[] .text:003F18B8 a__page_permi_1 db '__page_permission_service success.',0 .text:003F18B8 ; DATA XREF: sub_3F1994:loc_4118D4o .text:003F18DB db 32h .text:003F18DC ; char a__page_permi_2[] .text:003F18DC a__page_permi_2 db '__page_permission_service exited.',0 .text:003F18DC ; DATA XREF: sub_3F1994:loc_41E500o .text:003F18FE dw 8B7Eh .text:003F1900 ; --------------------------------------------------------------------------- .text:003F1900 push ebp .text:003F1901 .text:003F1901 ; =============== S U B R O U T I N E ======================================= .text:003F1901 .text:003F1901 ; Attributes: bp-based frame .text:003F1901 .text:003F1901 sub_3F1901 proc near ; CODE XREF: start_0:loc_43CD06p .text:003F1901 ; DATA XREF: sub_3F1901:loc_3F191Do ... .text:003F1901 .text:003F1901 SystemInfo = _SYSTEM_INFO ptr -34h .text:003F1901 var_10 = dword ptr -10h .text:003F1901 var_C = byte ptr -0Ch .text:003F1901 var_8 = dword ptr -8 .text:003F1901 .text:003F1901 ; FUNCTION CHUNK AT .text:003F1945 SIZE 00000022 BYTES .text:003F1901 ; FUNCTION CHUNK AT .text:003F1981 SIZE 00000011 BYTES .text:003F1901 ; FUNCTION CHUNK AT .text:00411A71 SIZE 0000000F BYTES .text:003F1901 ; FUNCTION CHUNK AT .text:0041E621 SIZE 00000004 BYTES .text:003F1901 .text:003F1901 push ebp .text:003F1902 mov ebp, esp .text:003F1904 sub esp, 34h .text:003F1907 push esi .text:003F1908 push edi .text:003F1909 mov edi, ds:OutputDebugStringA .text:003F190F push offset OutputString ; "__page_permission_service invoked." .text:003F1914 call edi ; OutputDebugStringA .text:003F1916 jmp loc_3F191D .text:003F1916 ; --------------------------------------------------------------------------- .text:003F191B db 3Eh .text:003F191C db 0E9h .text:003F191D ; --------------------------------------------------------------------------- .text:003F191D .text:003F191D loc_3F191D: ; CODE XREF: sub_3F1901+15j .text:003F191D mov esi, offset sub_3F1901 .text:003F1922 sub esi, ds:off_41A98F .text:003F1928 add esi, ds:dword_41B368 .text:003F192E cmp ds:dword_41E4ED, 0 .text:003F1935 mov [ebp+var_10], esi .text:003F1938 jz loc_41E621 .text:003F193E jmp loc_411A71 .text:003F193E sub_3F1901 endp .text:003F193E .text:003F193E ; --------------------------------------------------------------------------- .text:003F1943 db 83h .text:003F1944 db 0C4h .text:003F1945 ; --------------------------------------------------------------------------- .text:003F1945 ; START OF FUNCTION CHUNK FOR sub_3F1901 .text:003F1945 .text:003F1945 loc_3F1945: ; CODE XREF: sub_3F1901+2017Aj .text:003F1945 mov eax, [ebp+SystemInfo.dwPageSize] .text:003F1948 dec eax .text:003F1949 push eax .text:003F194A push esi .text:003F194B call sub_3F1969 .text:003F1950 jmp $+5 .text:003F1955 mov [ebp+var_8], eax .text:003F1958 lea eax, [ebp+var_C] .text:003F195B push eax .text:003F195C push esi .text:003F195D call sub_3F1994 .text:003F1962 jmp loc_3F1981 .text:003F1962 ; END OF FUNCTION CHUNK FOR sub_3F1901 .text:003F1962 ; --------------------------------------------------------------------------- .text:003F1967 db 8Bh .text:003F1968 db 7Ch .text:003F1969 .text:003F1969 ; =============== S U B R O U T I N E ======================================= .text:003F1969 .text:003F1969 ; Attributes: bp-based frame .text:003F1969 .text:003F1969 sub_3F1969 proc near ; CODE XREF: sub_3F1901+4Ap .text:003F1969 ; sub_3F19E8+4Fp .text:003F1969 .text:003F1969 arg_4 = dword ptr 0Ch .text:003F1969 .text:003F1969 ; FUNCTION CHUNK AT .text:0041F26A SIZE 00000004 BYTES .text:003F1969 .text:003F1969 push ebp .text:003F196A mov ebp, esp .text:003F196C sub esp, 1Ch .text:003F196F cmp [ebp+arg_4], 0 .text:003F1973 jz loc_41F26A .text:003F1979 jmp loc_3F19AE .text:003F1979 sub_3F1969 endp .text:003F1979 .text:003F1979 ; --------------------------------------------------------------------------- .text:003F197E dw 754Ch .text:003F1980 db 0Ah .text:003F1981 ; --------------------------------------------------------------------------- .text:003F1981 ; START OF FUNCTION CHUNK FOR sub_3F1901 .text:003F1981 .text:003F1981 loc_3F1981: ; CODE XREF: sub_3F1901+61j .text:003F1981 add esp, 10h .text:003F1984 push offset a__page_permi_0 ; "__page_permission_service running." .text:003F1989 mov esi, eax .text:003F198B call edi ; OutputDebugStringA .text:003F198D jmp loc_3F19C5 .text:003F198D ; END OF FUNCTION CHUNK FOR sub_3F1901 .text:003F198D ; --------------------------------------------------------------------------- .text:003F1992 dw 8B87h .text:003F1994 .text:003F1994 ; =============== S U B R O U T I N E ======================================= .text:003F1994 .text:003F1994 .text:003F1994 sub_3F1994 proc near ; CODE XREF: sub_3F1901+5Cp .text:003F1994 .text:003F1994 arg_0 = dword ptr 4 .text:003F1994 arg_4 = dword ptr 8 .text:003F1994 .text:003F1994 ; FUNCTION CHUNK AT .text:003F1A02 SIZE 0000002C BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:003F1A58 SIZE 00000019 BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:00411485 SIZE 0000000B BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:004118D4 SIZE 0000000C BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:0041B0E1 SIZE 0000000A BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:0041E500 SIZE 0000000C BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:0041E5EE SIZE 0000000D BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:0041E78A SIZE 0000000D BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:004201C1 SIZE 00000005 BYTES .text:003F1994 ; FUNCTION CHUNK AT .text:0043C566 SIZE 0000000A BYTES .text:003F1994 .text:003F1994 mov eax, [esp+arg_0] .text:003F1998 mov ecx, [eax+3Ch] .text:003F199B lea eax, [ecx+eax+4] .text:003F199F test eax, eax .text:003F19A1 jnz loc_3F19D6 .text:003F19A7 jmp nullsub_1 .text:003F19A7 ; --------------------------------------------------------------------------- .text:003F19AC db 36h, 80h .text:003F19AE ; --------------------------------------------------------------------------- .text:003F19AE .text:003F19AE loc_3F19AE: ; CODE XREF: sub_3F1969+10j .text:003F19AE push 1Ch ; dwLength .text:003F19B0 lea eax, [ebp-1Ch] .text:003F19B3 push eax ; lpBuffer .text:003F19B4 push dword ptr [ebp+8] ; lpAddress .text:003F19B7 call ds:VirtualQuery .text:003F19BD jmp loc_41E5EE .text:003F19BD ; --------------------------------------------------------------------------- .text:003F19C2 dw 6675h .text:003F19C4 db 0B3h .text:003F19C5 ; --------------------------------------------------------------------------- .text:003F19C5 .text:003F19C5 loc_3F19C5: ; CODE XREF: sub_3F1901+8Cj .text:003F19C5 mov eax, [ebp-0Ch] .text:003F19C8 test eax, eax .text:003F19CA jbe loc_3F1A02 .text:003F19D0 jmp sub_3F19E8 .text:003F19D0 ; --------------------------------------------------------------------------- .text:003F19D5 db 7Dh .text:003F19D6 ; --------------------------------------------------------------------------- .text:003F19D6 .text:003F19D6 loc_3F19D6: ; CODE XREF: sub_3F1994+Dj .text:003F19D6 movzx ecx, word ptr [eax+2] .text:003F19DA mov edx, [esp+arg_4] .text:003F19DE mov [edx], ecx .text:003F19E0 mov ecx, [eax+70h] .text:003F19E3 lea eax, [eax+ecx*8+74h] .text:003F19E7 retn .text:003F19E7 sub_3F1994 endp .text:003F19E7 .text:003F19E8 .text:003F19E8 ; =============== S U B R O U T I N E ======================================= .text:003F19E8 .text:003F19E8 .text:003F19E8 sub_3F19E8 proc near ; CODE XREF: sub_3F1994+3Cj .text:003F19E8 .text:003F19E8 ; FUNCTION CHUNK AT .text:003F1A2F SIZE 00000027 BYTES .text:003F19E8 ; FUNCTION CHUNK AT .text:003F1A72 SIZE 00000012 BYTES .text:003F19E8 ; FUNCTION CHUNK AT .text:0041E62D SIZE 0000000C BYTES .text:003F19E8 ; FUNCTION CHUNK AT .text:0041EF8A SIZE 0000000A BYTES .text:003F19E8 .text:003F19E8 push ebx .text:003F19E9 lea ebx, [esi+8] .text:003F19EC lea edi, [esi+0Ch] .text:003F19EF add esi, 24h .text:003F19F2 push 28h .text:003F19F4 mov [ebp-4], esi .text:003F19F7 mov [ebp-0Ch], eax .text:003F19FA pop esi .text:003F19FB jmp loc_3F1A72 .text:003F19FB sub_3F19E8 endp .text:003F19FB .text:003F1A00 ; --------------------------------------------------------------------------- .text:003F1A00 cmp al, 3Dh .text:003F1A02 ; START OF FUNCTION CHUNK FOR sub_3F1994 .text:003F1A02 .text:003F1A02 loc_3F1A02: ; CODE XREF: sub_3F1994+36j .text:003F1A02 ; sub_3F19E8+2CC4Cj .text:003F1A02 and ds:dword_41E4ED, 0 .text:003F1A09 cmp dword ptr [ebp-8], 0 .text:003F1A0D jz loc_41E500 .text:003F1A13 jmp loc_4118D4 .text:003F1A18 ; --------------------------------------------------------------------------- .text:003F1A18 .text:003F1A18 loc_3F1A18: ; CODE XREF: sub_3F1994+2CC5Cj .text:003F1A18 mov eax, [ebp-8] .text:003F1A1B and eax, 0FFFFFF80h .text:003F1A1E test al, al .text:003F1A20 mov [ebp-8], eax .text:003F1A23 js loc_4201C1 .text:003F1A29 jmp loc_3F1A58 .text:003F1A29 ; END OF FUNCTION CHUNK FOR sub_3F1994 .text:003F1A2E ; --------------------------------------------------------------------------- .text:003F1A2E popa .text:003F1A2F ; START OF FUNCTION CHUNK FOR sub_3F19E8 .text:003F1A2F .text:003F1A2F loc_3F1A2F: ; CODE XREF: sub_3F19E8+97j .text:003F1A2F mov eax, [edi] .text:003F1A31 add eax, [ebp-10h] .text:003F1A34 push dword ptr [ebx] .text:003F1A36 push eax .text:003F1A37 call sub_3F1969 .text:003F1A3C jmp loc_41EF8A .text:003F1A41 ; --------------------------------------------------------------------------- .text:003F1A41 .text:003F1A41 loc_3F1A41: ; CODE XREF: sub_3F19E8+91j .text:003F1A41 ; sub_3F19E8+2D5A7j .text:003F1A41 add [ebp-4], esi .text:003F1A44 add edi, esi .text:003F1A46 add ebx, esi .text:003F1A48 dec dword ptr [ebp-0Ch] .text:003F1A4B jnz loc_3F1A72 .text:003F1A51 jmp loc_41E62D .text:003F1A51 ; END OF FUNCTION CHUNK FOR sub_3F19E8 .text:003F1A51 ; --------------------------------------------------------------------------- .text:003F1A56 dw 8D8Bh .text:003F1A58 ; --------------------------------------------------------------------------- .text:003F1A58 ; START OF FUNCTION CHUNK FOR sub_3F1994 .text:003F1A58 .text:003F1A58 loc_3F1A58: ; CODE XREF: sub_3F1994+95j .text:003F1A58 lea ecx, [ebp-8] .text:003F1A5B push ecx ; lpflOldProtect .text:003F1A5C or eax, 40h .text:003F1A5F push eax ; flNewProtect .text:003F1A60 push dword ptr [ebp+0Ch] ; dwSize .text:003F1A63 push dword ptr [ebp+8] ; lpAddress .text:003F1A66 call ds:VirtualProtect .text:003F1A6C jmp loc_41E78A .text:003F1A6C ; END OF FUNCTION CHUNK FOR sub_3F1994 .text:003F1A71 ; --------------------------------------------------------------------------- .text:003F1A71 cmpsd .text:003F1A72 ; START OF FUNCTION CHUNK FOR sub_3F19E8 .text:003F1A72 .text:003F1A72 loc_3F1A72: ; CODE XREF: sub_3F19E8+13j .text:003F1A72 ; sub_3F19E8+63j .text:003F1A72 mov eax, [ebp-4] .text:003F1A75 test byte ptr [eax+3], 10h .text:003F1A79 jnz loc_3F1A41 .text:003F1A7F jmp loc_3F1A2F .text:003F1A7F ; END OF FUNCTION CHUNK FOR sub_3F19E8 .text:003F1A7F ; --------------------------------------------------------------------------- .text:003F1A84 dd 3 dup(0) .text:003F1A90 dd 1000h, 1Ch, 3910390Bh, 3924391Eh, 3930392Ah, 39B93985h .text:003F1A90 dd 3A683A04h, 11000h, 358h, 3075300Fh, 309B3093h, 30B630AFh .text:003F1A90 dd 311E3105h, 31413125h, 31943174h, 31A831A1h, 320531B2h .text:003F1A90 dd 324B3239h, 32D03287h, 32DF32DAh, 330232F1h, 33B0334Bh .text:003F1A90 dd 33BF33BAh, 33E533D1h, 355834D7h, 363235DCh, 3642363Ch .text:003F1A90 dd 367D364Fh, 370336EAh, 3710370Bh, 371D3715h, 37273722h .text:003F1A90 dd 3734372Fh, 37413739h, 374B3746h, 37583753h, 3765375Dh .text:003F1A90 dd 376F376Ah, 377C3777h, 37893781h, 3793378Eh, 37A0379Bh .text:003F1A90 dd 37AD37A5h, 37B737B2h, 37C437BFh, 37D137C9h, 37DB37D6h .text:003F1A90 dd 37E837E3h, 37F537EDh, 37FF37FAh, 380C3807h, 38193811h .text:003F1A90 dd 3823381Eh, 3830382Bh, 383D3835h, 38473842h, 3854384Fh .text:003F1A90 dd 38613859h, 386B3866h, 38783873h, 3885387Dh, 388F388Ah .text:003F1A90 dd 389C3897h, 38A938A1h, 38B338AEh, 38C038BBh, 38CD38C5h .text:003F1A90 dd 38D738D2h, 38E438DFh, 38F138E9h, 38FB38F6h, 39083903h .text:003F1A90 dd 3915390Dh, 391F391Ah, 392C3927h, 39393931h, 3943393Eh .text:003F1A90 dd 3950394Bh, 395D3955h, 39673962h, 3974396Fh, 39813979h 如何让红色的部分数据正常显示？ 2011-4-10 17:11 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (1)

wtscrystal

雪币： 22

活跃值： (32)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

158

粉丝

关注

私信

wtscrystal: 2 楼

用IDA加载后得到开始部分：
.text:003F1000 ;
.text:003F1000 ; Input MD5 : 97BA9D06ED0C0640D511F9A22A7B528A
.text:003F1000
.text:003F1000 ; File Name : C:\ROD.exe
.text:003F1000 ; Format    : Portable executable for 80386 (PE)
.text:003F1000 ; Imagebase : 3F0000
.text:003F1000 ; Section 1. (virtual address 00001000)
.text:003F1000 ; Virtual size                : 000937A6 ( 604070.)
.text:003F1000 ; Section size in file       : 00093800 ( 604160.)
.text:003F1000 ; Offset to raw data for section: 00000400
.text:003F1000 ; Flags 60000020: Text Executable Readable
.text:003F1000 ; Alignment    : default
.text:003F1000
.text:003F1000                include uni.inc ; see unicode subdir of ida for info on unicode
.text:003F1000
.text:003F1000                .686p
.text:003F1000                .mmx
.text:003F1000                .model flat
.text:003F1000
.text:003F1000 ; ===========================================================================
.text:003F1000
.text:003F1000 ; Segment type: Pure code
.text:003F1000 ; Segment permissions: Read/Execute
.text:003F1000 _text          segment para public 'CODE' use32
.text:003F1000                assume cs:_text
.text:003F1000                ;org 3F1000h
.text:003F1000                assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:003F1000 __IMPORT_DESCRIPTOR_KERNEL32 dd rva off_3F10A0 ; Import Name Table
.text:003F1004                dd 0                   ; Time stamp
.text:003F1008                dd 0                   ; Forwarder Chain
.text:003F100C                dd rva aKernel32_dll ; DLL Name
.text:003F1010                dd rva VirtualProtect ; Import Address Table
.text:003F1014 __IMPORT_DESCRIPTOR_USER32 dd rva off_3F12EC ; Import Name Table
.text:003F1018                dd 0                   ; Time stamp
.text:003F101C                dd 0                   ; Forwarder Chain
.text:003F1020                dd rva aUser32_dll    ; DLL Name
.text:003F1024                dd rva DialogBoxIndirectParamA ; Import Address Table
.text:003F1028 __IMPORT_DESCRIPTOR_NETAPI32 dd rva off_3F1350 ; Import Name Table
.text:003F102C                dd 0                   ; Time stamp
.text:003F1030                dd 0                   ; Forwarder Chain
.text:003F1034                dd rva aNetapi32_dll ; DLL Name
.text:003F1038                dd rva Netbios       ; Import Address Table
.text:003F103C __IMPORT_DESCRIPTOR_ADVAPI32 dd rva off_3F1358 ; Import Name Table
.text:003F1040                dd 0                   ; Time stamp
.text:003F1044                dd 0                   ; Forwarder Chain
.text:003F1048                dd rva aAdvapi32_dll ; DLL Name
.text:003F104C                dd rva ReportEventA    ; Import Address Table
.text:003F1050 __IMPORT_DESCRIPTOR_COMDLG32 dd rva off_3F139C ; Import Name Table
.text:003F1054                dd 0                   ; Time stamp
.text:003F1058                dd 0                   ; Forwarder Chain
.text:003F105C                dd rva aComdlg32_dll ; DLL Name
.text:003F1060                dd rva GetOpenFileNameA ; Import Address Table
.text:003F1064 __IMPORT_DESCRIPTOR_COMCTL32 dd rva dword_3F13A4 ; Import Name Table
.text:003F1068                dd 0                   ; Time stamp
.text:003F106C                dd 0                   ; Forwarder Chain
.text:003F1070                dd rva aComctl32_dll ; DLL Name
.text:003F1074                dd rva InitCommonControls ; Import Address Table
.text:003F1078 __IMPORT_DESCRIPTOR_WSOCK32 dd rva dword_3F13AC ; Import Name Table
.text:003F107C                dd 0                   ; Time stamp
.text:003F1080                dd 0                   ; Forwarder Chain
.text:003F1084                dd rva aWsock32_dll    ; DLL Name
.text:003F1088                dd rva getsockname    ; Import Address Table
.text:003F108C                dd 5 dup(0)
.text:003F10A0 ;
.text:003F10A0 ; Import names for KERNEL32.dll
.text:003F10A0 ;
.text:003F10A0 off_3F10A0    dd rva word_3F1780    ; DATA XREF: .text:__IMPORT_DESCRIPTOR_KERNEL32o
.text:003F10A4                dd rva word_3F1791
.text:003F10A8                dd rva word_3F17A0
.text:003F10AC                dd rva word_3F17B0
.text:003F10B0                dd rva word_537082
.text:003F10B4                dd rva word_537092
.text:003F10B8                dd rva word_5370A2
.text:003F10BC                dd rva word_5370B4
.text:003F10C0                dd rva word_5370C8
.text:003F10C4                dd rva word_5370DC
.text:003F10C8                dd rva word_5370EC
.text:003F10CC                dd rva word_537106
.text:003F10D0                dd rva word_537118
.text:003F10D4                dd rva word_53712A
.text:003F10D8                dd rva word_53713A
.text:003F10DC                dd rva word_53714A
.text:003F10E0                dd rva word_537156
.text:003F10E4                dd rva word_53716E
.text:003F10E8                dd rva word_53717E
.text:003F10EC                dd rva word_53718E
.text:003F10F0                dd rva word_53719C
.text:003F10F4                dd rva word_5371AC
.text:003F10F8                dd rva word_5371C2
.text:003F10FC                dd rva word_5371CE
.text:003F1100                dd rva word_5371DC
.text:003F1104                dd rva word_5371E8
.text:003F1108                dd rva word_537202
.text:003F110C                dd rva word_537214
.text:003F1110                dd rva word_53722C
.text:003F1114                dd rva word_537244
.text:003F1118                dd rva word_537258
.text:003F111C                dd rva word_537266
.text:003F1120                dd rva word_537272
.text:003F1124                dd rva word_537280
.text:003F1128                dd rva word_537298
.text:003F112C                dd rva word_5372B2
.text:003F1130                dd rva word_5372C4
.text:003F1134                dd rva word_5372D6
.text:003F1138                dd rva word_5372E4
.text:003F113C                dd rva word_5372F2
.text:003F1140                dd rva word_537302
.text:003F1144                dd rva word_53730E
.text:003F1148                dd rva word_53731A
.text:003F114C                dd rva word_537330
.text:003F1150                dd rva word_53733E
.text:003F1154                dd rva word_53734C
.text:003F1158                dd rva word_53735C
.text:003F115C                dd rva word_53736C
.text:003F1160                dd rva word_537380
.text:003F1164                dd rva word_53739C
.text:003F1168                dd rva word_5373BA
.text:003F116C                dd rva word_5373CE
.text:003F1170                dd rva word_5373E6
.text:003F1174                dd rva word_5373F6
.text:003F1178                dd rva word_537402
.text:003F117C                dd rva word_537412
.text:003F1180                dd rva word_537424
.text:003F1184                dd rva word_537432
.text:003F1188                dd rva word_537440
.text:003F118C                dd rva word_53744C
.text:003F1190                dd rva word_53745C
.text:003F1194                dd rva word_537472
.text:003F1198                dd rva word_537484
.text:003F119C                dd rva word_537496
.text:003F11A0                dd rva word_537020
.text:003F11A4                dd rva word_537072
.text:003F11A8                dd rva word_5374DA
.text:003F11AC                dd rva word_5374F4
.text:003F11B0                dd rva word_53750E
.text:003F11B4                dd rva word_53751C
.text:003F11B8                dd rva word_537528
.text:003F11BC                dd rva word_537536
.text:003F11C0                dd rva word_537540
.text:003F11C4                dd rva word_537558
.text:003F11C8                dd rva word_53756E
.text:003F11CC                dd rva word_537586
.text:003F11D0                dd rva word_53759A
.text:003F11D4                dd rva word_5375B4
.text:003F11D8                dd rva word_5375CA
.text:003F11DC                dd rva word_5375E2
.text:003F11E0                dd rva word_5375F8
.text:003F11E4                dd rva word_537620
.text:003F11E8                dd rva word_537634
.text:003F11EC                dd rva word_537640
.text:003F11F0                dd rva word_53764A
.text:003F11F4                dd rva word_537656
.text:003F11F8                dd rva word_537668
.text:003F11FC                dd rva word_537678
.text:003F1200                dd rva word_537688
.text:003F1204                dd rva word_53769C
.text:003F1208                dd rva word_5376BA
.text:003F120C                dd rva word_5376CA
.text:003F1210                dd rva word_5376D8
.text:003F1214                dd rva word_5376F0
.text:003F1218                dd rva word_537708
.text:003F121C                dd rva word_537718
.text:003F1220                dd rva word_537726
.text:003F1224                dd rva word_53773C
.text:003F1228                dd rva word_53774C
.text:003F122C                dd rva word_53775E
.text:003F1230                dd rva word_537772
.text:003F1234                dd rva word_53778C
.text:003F1238                dd rva word_5377A6
.text:003F123C                dd rva word_5377B8
.text:003F1240                dd rva word_5377CA
.text:003F1244                dd rva word_5377DA
.text:003F1248                dd rva word_5377F0
.text:003F124C                dd rva word_537800
.text:003F1250                dd rva word_53780C
.text:003F1254                dd rva word_53781E
.text:003F1258                dd rva word_537830
.text:003F125C                dd rva word_537842
.text:003F1260                dd rva word_537854
.text:003F1264                dd rva word_537866
.text:003F1268                dd rva word_537878
.text:003F126C                dd rva word_53788E
.text:003F1270                dd rva word_5378A4
.text:003F1274                dd rva word_537006
.text:003F1278                dd rva word_536FF4
.text:003F127C                dd rva word_537C1C
.text:003F1280                dd rva word_537C02
.text:003F1284                dd rva word_537BF4
.text:003F1288                dd rva word_537BE6
.text:003F128C                dd rva word_537BDA
.text:003F1290                dd rva word_537BC6
.text:003F1294                dd rva word_537BB2
.text:003F1298                dd rva word_537B9E
.text:003F129C                dd rva word_537062
.text:003F12A0                dd rva word_53704A
.text:003F12A4                dd rva word_5374C2
.text:003F12A8                dd rva word_53703A
.text:003F12AC                dd rva word_536FDE
.text:003F12B0                dd rva word_536FC8
.text:003F12B4                dd rva word_536FBC
.text:003F12B8                dd rva word_536FAC
.text:003F12BC                dd rva word_536F9E
.text:003F12C0                dd rva word_536F88
.text:003F12C4                dd rva word_536F7A
.text:003F12C8                dd rva word_536F72
.text:003F12CC                dd rva word_536F64
.text:003F12D0                dd rva word_536F4C
.text:003F12D4                dd rva word_536F3C
.text:003F12D8                dd rva word_536F2C
.text:003F12DC                dd rva word_536F1A
.text:003F12E0                dd rva word_5374A8
.text:003F12E4                dd rva word_536F0C
.text:003F12E8                dd 0
.text:003F12EC ;
.text:003F12EC ; Import names for USER32.dll
.text:003F12EC ;
.text:003F12EC off_3F12EC    dd rva word_537A34    ; DATA XREF: .text:__IMPORT_DESCRIPTOR_USER32o
.text:003F12F0                dd rva word_537A16
.text:003F12F4                dd rva word_537A0A
.text:003F12F8                dd rva word_5379FA
.text:003F12FC                dd rva word_5379E8
.text:003F1300                dd rva word_5379DA
.text:003F1304                dd rva word_5379CC
.text:003F1308                dd rva word_5379BA
.text:003F130C                dd rva word_5379AE
.text:003F1310                dd rva word_5379A2
.text:003F1314                dd rva word_537996
.text:003F1318                dd rva word_53798A
.text:003F131C                dd rva word_537978
.text:003F1320                dd rva word_537966
.text:003F1324                dd rva word_5378D0
.text:003F1328                dd rva word_5378E2
.text:003F132C                dd rva word_5378F6
.text:003F1330                dd rva word_537906
.text:003F1334                dd rva word_537916
.text:003F1338                dd rva word_537924
.text:003F133C                dd rva word_537934
.text:003F1340                dd rva word_537946
.text:003F1344                dd rva word_537954
.text:003F1348                dd rva word_5378C2
.text:003F134C                dd 0
.text:003F1350 ;
.text:003F1350 ; Import names for NETAPI32.dll
.text:003F1350 ;
.text:003F1350 off_3F1350    dd rva word_537A5A    ; DATA XREF: .text:__IMPORT_DESCRIPTOR_NETAPI32o
.text:003F1354                dd 0
.text:003F1358 ;
.text:003F1358 ; Import names for ADVAPI32.dll
.text:003F1358 ;
.text:003F1358 off_3F1358    dd rva word_537C64    ; DATA XREF: .text:__IMPORT_DESCRIPTOR_ADVAPI32o
.text:003F135C                dd rva word_537A80
.text:003F1360                dd rva word_537A92
.text:003F1364                dd rva word_537AA2
.text:003F1368                dd rva word_537AB2
.text:003F136C                dd rva word_537AC4
.text:003F1370                dd rva word_537AD8
.text:003F1374                dd rva word_537AEC
.text:003F1378                dd rva word_537AFE
.text:003F137C                dd rva word_537B10
.text:003F1380                dd rva word_537B20
.text:003F1384                dd rva word_537B30
.text:003F1388                dd rva word_537B40
.text:003F138C                dd rva word_537C34
.text:003F1390                dd rva word_537C4C
.text:003F1394                dd rva word_537A72
.text:003F1398                dd 0
.text:003F139C ;
.text:003F139C ; Import names for COMDLG32.dll
.text:003F139C ;
.text:003F139C off_3F139C    dd rva word_537B62    ; DATA XREF: .text:__IMPORT_DESCRIPTOR_COMDLG32o
.text:003F13A0                dd 0
.text:003F13A4 ;
.text:003F13A4 ; Import names for COMCTL32.dll
.text:003F13A4 ;
.text:003F13A4 dword_3F13A4 dd 80000011h          ; DATA XREF: .text:__IMPORT_DESCRIPTOR_COMCTL32o
.text:003F13A8                dd 0
.text:003F13AC ;
.text:003F13AC ; Import names for WSOCK32.dll
.text:003F13AC ;
.text:003F13AC dword_3F13AC dd 80000006h          ; DATA XREF: .text:__IMPORT_DESCRIPTOR_WSOCK32o
.text:003F13B0                dd 80000097h
.text:003F13B4                dd 80000012h
.text:003F13B8                dd 80000004h
.text:003F13BC                dd 80000017h
.text:003F13C0                dd 80000009h
.text:003F13C4                dd 80000035h
.text:003F13C8                dd 80000003h
.text:003F13CC                dd 80000010h
.text:003F13D0                dd 80000013h
.text:003F13D4                dd 8000000Ch
.text:003F13D8                dd 80000015h
.text:003F13DC                dd 8000000Fh
.text:003F13E0                dd 80000074h
.text:003F13E4                dd 8000000Ah
.text:003F13E8                dd 8000000Bh
.text:003F13EC                dd 80000033h
.text:003F13F0                dd 80000034h
.text:003F13F4                dd 80000039h
.text:003F13F8                dd 80000008h
.text:003F13FC                dd 8000000Eh
.text:003F1400                dd 80000007h
.text:003F1404                dd 80000073h
.text:003F1408                dd 8000006Fh
.text:003F140C                dd 0
.text:003F140C _text          ends
.text:003F140C
.idata:003F1410 ;
.idata:003F1410 ; Imports from ADVAPI32.dll
.idata:003F1410 ;
.idata:003F1410 ; ===========================================================================
.idata:003F1410
.idata:003F1410 ; Segment type: Externs
.idata:003F1410 ; _idata
.idata:003F1410 ; BOOL __stdcall ReportEventA(HANDLE hEventLog, WORD wType, WORD wCategory, DWORD dwEventID, PSID lpUserSid, WORD wNumStrings, DWORD dwDataSize, LPCSTR *lpStrings, LPVOID lpRawData)
.idata:003F1410                extrn ReportEventA:dword ; DATA XREF: .text:003F104Co
.idata:003F1410                                        ; .text:00484732o ...
.idata:003F1414 ; LSTATUS __stdcall RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
.idata:003F1414                extrn RegDeleteValueA:dword ; DATA XREF: .text:0043C156o
.idata:003F1414                                        ; .textidx:00488976o ...
.idata:003F1418 ; LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
.idata:003F1418                extrn RegEnumValueA:dword ; DATA XREF: .text:0043C15Co
.idata:003F1418                                        ; .textidx:004888E8o ...
.idata:003F141C ; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
.idata:003F141C                extrn RegOpenKeyExA:dword ; DATA XREF: .text:0043C162o
.idata:003F141C                                        ; .textidx:0048884Eo ...
.idata:003F1420 ; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
.idata:003F1420                extrn RegCreateKeyExA:dword ; DATA XREF: .text:0043C168o
.idata:003F1420                                        ; .textidx:0048BB21o ...
.idata:003F1424 ; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
.idata:003F1424                extrn RegQueryValueExA:dword ; DATA XREF: .text:0043C16Eo
.idata:003F1424                                        ; .textidx:004B5C08o ...
.idata:003F1428 ; LSTATUS __stdcall RegQueryValueExW(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
.idata:003F1428                extrn RegQueryValueExW:dword ; DATA XREF: .text:0043C174o
.idata:003F1428                                        ; .textidx:004B6BE5o ...
.idata:003F142C ; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
.idata:003F142C                extrn RegSetValueExA:dword ; DATA XREF: .text:0043C17Ao
.idata:003F142C                                        ; .textidx:004B6DA9o ...
.idata:003F1430 ; LSTATUS __stdcall RegSetValueExW(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
.idata:003F1430                extrn RegSetValueExW:dword ; DATA XREF: .text:0043C180o
.idata:003F1430                                        ; .textidx:004B6EB1o
.idata:003F1434 ; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer)
.idata:003F1434                extrn GetUserNameA:dword ; DATA XREF: .text:0043C186o
.idata:003F1434                                        ; .textidx:004B6FB4o ...
.idata:003F1438 ; BOOL __stdcall GetUserNameW(LPWSTR lpBuffer, LPDWORD pcbBuffer)
.idata:003F1438                extrn GetUserNameW:dword ; DATA XREF: .text:0043C18Co
.idata:003F1438                                        ; .textidx:004B70D4o ...
.idata:003F143C ; LSTATUS __stdcall RegEnumKeyExA(HKEY hKey, DWORD dwIndex, LPSTR lpName, LPDWORD lpcchName, LPDWORD lpReserved, LPSTR lpClass, LPDWORD lpcchClass, PFILETIME lpftLastWriteTime)
.idata:003F143C                extrn RegEnumKeyExA:dword ; DATA XREF: .text:0043C192o
.idata:003F143C                                        ; .textidx:0051052Co ...
.idata:003F1440 ; LSTATUS __stdcall RegQueryInfoKeyA(HKEY hKey, LPSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
.idata:003F1440                extrn RegQueryInfoKeyA:dword ; DATA XREF: .text:0043C198o
.idata:003F1440                                        ; .textidx:00511325o
.idata:003F1444 ; HANDLE __stdcall RegisterEventSourceA(LPCSTR lpUNCServerName, LPCSTR lpSourceName)
.idata:003F1444                extrn RegisterEventSourceA:dword
.idata:003F1444                                        ; DATA XREF: .text:00484726o
.idata:003F1444                                        ; .textidx:00522DD1o
.idata:003F1448 ; BOOL __stdcall DeregisterEventSource(HANDLE hEventLog)
.idata:003F1448                extrn DeregisterEventSource:dword
.idata:003F1448                                        ; DATA XREF: .text:0048472Co
.idata:003F1448                                        ; .textidx:00522DB6o ...
.idata:003F144C ; LSTATUS __stdcall RegCloseKey(HKEY hKey)
.idata:003F144C                extrn RegCloseKey:dword ; DATA XREF: .text:0043C150o
.idata:003F144C                                        ; .textidx:004889AEo ...
.idata:003F1450
.idata:003F1454 ;
.idata:003F1454 ; Imports from COMCTL32.dll
.idata:003F1454 ;
.idata:003F1454 ; void __stdcall InitCommonControls()
.idata:003F1454                extrn InitCommonControls:dword ; DATA XREF: .text:003F1074o
.idata:003F1454                                        ; .text:0043C1A4o ...
.idata:003F1458
.idata:003F145C ;
.idata:003F145C ; Imports from COMDLG32.dll
.idata:003F145C ;
.idata:003F145C ; BOOL __stdcall GetOpenFileNameA(LPOPENFILENAMEA)
.idata:003F145C                extrn GetOpenFileNameA:dword ; DATA XREF: .text:003F1060o
.idata:003F145C                                        ; .text:0043C19Eo ...
.idata:003F1460
.idata:003F1464 ;
.idata:003F1464 ; Imports from KERNEL32.dll
.idata:003F1464 ;
.idata:003F1464 ; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
.idata:003F1464                extrn VirtualProtect:dword ; CODE XREF: sub_3F1994+D2p
.idata:003F1464                                        ; DATA XREF: .text:003F1010o ...
.idata:003F1468 ; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
.idata:003F1468                extrn VirtualQuery:dword ; CODE XREF: sub_3F1994+23p
.idata:003F1468                                        ; DATA XREF: sub_3F1994+23r
.idata:003F146C ; void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)
.idata:003F146C                extrn GetSystemInfo:dword ; CODE XREF: sub_3F1901+20174p
.idata:003F146C                                        ; DATA XREF: sub_3F1901+20174r
.idata:003F1470 ; void __stdcall OutputDebugStringA(LPCSTR lpOutputString)
.idata:003F1470                extrn OutputDebugStringA:dword ; CODE XREF: sub_3F1901+13p
.idata:003F1470                                        ; sub_3F1901+8Ap ...
.idata:003F1474 ; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
.idata:003F1474                extrn CreateMutexA:dword ; DATA XREF: .text:0043BE12o
.idata:003F1474                                        ; .textidx:004B9165o ...
.idata:003F1478 ; DWORD __stdcall GetTickCount()
.idata:003F1478                extrn GetTickCount:dword ; DATA XREF: .text:0042A766o
.idata:003F1478                                        ; .text:0043BE18o ...
.idata:003F147C ; BOOL __stdcall GetProcessTimes(HANDLE hProcess, LPFILETIME lpCreationTime, LPFILETIME lpExitTime, LPFILETIME lpKernelTime, LPFILETIME lpUserTime)
.idata:003F147C                extrn GetProcessTimes:dword ; DATA XREF: .text:0043BE1Eo
.idata:003F147C                                        ; .textidx:004CAA12o
.idata:003F1480 ; HANDLE __stdcall GetCurrentProcess()
.idata:003F1480                extrn GetCurrentProcess:dword ; DATA XREF: .text:00421A6Do
.idata:003F1480                                        ; .text:00424FDBo ...
.idata:003F1484 ; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
.idata:003F1484                extrn GetModuleHandleA:dword ; DATA XREF: .text:0043BE2Ao
.idata:003F1484                                        ; .textidx:004D2565o
.idata:003F1488 ; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
.idata:003F1488                extrn GetLocalTime:dword ; DATA XREF: .text:0043BE30o
.idata:003F1488                                        ; .textidx:004D3B3Bo
.idata:003F148C ; DWORD __stdcall GetTimeZoneInformation(LPTIME_ZONE_INFORMATION lpTimeZoneInformation)
.idata:003F148C                extrn GetTimeZoneInformation:dword
.idata:003F148C                                        ; DATA XREF: .text:0042CCE8o
.idata:003F148C                                        ; .text:0043BE36o ...
.idata:003F1490 ; HANDLE __stdcall FindFirstFileW(LPCWSTR lpFileName, LPWIN32_FIND_DATAW lpFindFileData)
.idata:003F1490                extrn FindFirstFileW:dword ; DATA XREF: .text:00422F91o
.idata:003F1490                                        ; .text:0043BE3Co ...
.idata:003F1494 ; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData)
.idata:003F1494                extrn FindFirstFileA:dword ; DATA XREF: .text:00420BDBo
.idata:003F1494                                        ; .text:0042101Bo ...
.idata:003F1498 ; BOOL __stdcall FindNextFileW(HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData)
.idata:003F1498                extrn FindNextFileW:dword ; DATA XREF: .text:0043BE48o
.idata:003F1498                                        ; .textidx:004E6488o
.idata:003F149C ; BOOL __stdcall FindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData)
.idata:003F149C                extrn FindNextFileA:dword ; DATA XREF: .text:00420D0Bo
.idata:003F149C                                        ; .text:0043BE4Eo ...
.idata:003F14A0 ; BOOL __stdcall FindClose(HANDLE hFindFile)
.idata:003F14A0                extrn FindClose:dword ; DATA XREF: .text:00420B07o
.idata:003F14A0                                        ; .text:00421369o ...
.idata:003F14A4 ; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName, LPSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize)
.idata:003F14A4                extrn GetVolumeInformationA:dword
.idata:003F14A4                                        ; DATA XREF: .text:0043BE5Ao
.idata:003F14A4                                        ; .textidx:004EA2AEo
.idata:003F14A8 ; UINT __stdcall GetDriveTypeA(LPCSTR lpRootPathName)
.idata:003F14A8                extrn GetDriveTypeA:dword ; DATA XREF: .text:0042107Fo
.idata:003F14A8                                        ; .text:0043AC5Fo ...
.idata:003F14AC ; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
.idata:003F14AC                extrn VirtualAlloc:dword ; DATA XREF: .text:00427DB7o
.idata:003F14AC                                        ; .text:00427E44o ...
.idata:003F14B0 ; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
.idata:003F14B0                extrn VirtualFree:dword ; DATA XREF: .text:004278B4o
.idata:003F14B0                                        ; .text:00427C5Bo ...
.idata:003F14B4 ; void __stdcall SetLastError(DWORD dwErrCode)
.idata:003F14B4                extrn SetLastError:dword ; DATA XREF: .text:0042A3B8o
.idata:003F14B4                                        ; .text:0042E4DAo ...
.idata:003F14B8 ; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
.idata:003F14B8                extrn GetFileAttributesA:dword ; DATA XREF: .text:0041A9E7o
.idata:003F14B8                                        ; .text:0043BE78o
.idata:003F14BC ; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
.idata:003F14BC                extrn HeapFree:dword ; DATA XREF: .text:0041B839o
.idata:003F14BC                                        ; .text:00427898o ...
.idata:003F14C0 ; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
.idata:003F14C0                extrn DeleteFileA:dword ; DATA XREF: .text:0041B867o
.idata:003F14C0                                        ; .text:0043BE84o ...
.idata:003F14C4 ; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
.idata:003F14C4                extrn HeapAlloc:dword ; DATA XREF: .text:0041EB61o
.idata:003F14C4                                        ; .text:0041EB91o ...
.idata:003F14C8 ; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
.idata:003F14C8                extrn GetSystemTimeAsFileTime:dword
.idata:003F14C8                                        ; DATA XREF: .text:0041EFB8o
.idata:003F14C8                                        ; .text:0042A74Ao ...
.idata:003F14CC ; LPSTR __stdcall GetCommandLineA()
.idata:003F14CC                extrn GetCommandLineA:dword ; DATA XREF: .text:0041F100o
.idata:003F14CC                                        ; .text:0043BE96o
.idata:003F14D0 ; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
.idata:003F14D0                extrn EnterCriticalSection:dword
.idata:003F14D0                                        ; DATA XREF: .text:0041FB1Ao
.idata:003F14D0                                        ; .text:0041FB4Do ...
.idata:003F14D4 ; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
.idata:003F14D4                extrn LeaveCriticalSection:dword
.idata:003F14D4                                        ; DATA XREF: .text:0041FBB8o
.idata:003F14D4                                        ; .text:0042532Do ...
.idata:003F14D8 ; HMODULE __stdcall GetModuleHandleW(LPCWSTR lpModuleName)
.idata:003F14D8                extrn GetModuleHandleW:dword ; CODE XREF: .text:0041FBDBJ
.idata:003F14D8                                        ; DATA XREF: .text:0041FBD4o ...
.idata:003F14DC ; void __stdcall ExitProcess(UINT uExitCode)
.idata:003F14DC                extrn ExitProcess:dword ; DATA XREF: .text:0041FC55o
.idata:003F14DC                                        ; .text:0043BEAEo
.idata:003F14E0                extrn RtlUnwind:dword ; DATA XREF: .text:0043BEB4o
.idata:003F14E4 ; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
.idata:003F14E4                extrn HeapReAlloc:dword ; DATA XREF: .text:00420707o
.idata:003F14E4                                        ; .text:00420788o ...
.idata:003F14E8 ; BOOL __stdcall FileTimeToSystemTime(const FILETIME *lpFileTime, LPSYSTEMTIME lpSystemTime)
.idata:003F14E8                extrn FileTimeToSystemTime:dword
.idata:003F14E8                                        ; DATA XREF: .text:00420B52o
.idata:003F14E8                                        ; .text:004211ABo ...
.idata:003F14EC ; BOOL __stdcall FileTimeToLocalFileTime(const FILETIME *lpFileTime, LPFILETIME lpLocalFileTime)
.idata:003F14EC                extrn FileTimeToLocalFileTime:dword
.idata:003F14EC                                        ; DATA XREF: .text:00420B40o
.idata:003F14EC                                        ; .text:0042118Fo ...
.idata:003F14F0 ; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
.idata:003F14F0                extrn CreateProcessA:dword ; DATA XREF: .text:00421C3Bo
.idata:003F14F0                                        ; .text:00421DABo ...
.idata:003F14F4 ; BOOL __stdcall DuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions)
.idata:003F14F4                extrn DuplicateHandle:dword ; DATA XREF: .text:00421A9Bo
.idata:003F14F4                                        ; .text:0043BED2o
.idata:003F14F8 ; DWORD __stdcall GetFileType(HANDLE hFile)
.idata:003F14F8                extrn GetFileType:dword ; DATA XREF: .text:00422569o
.idata:003F14F8                                        ; .text:004296BBo ...
.idata:003F14FC ; HANDLE __stdcall CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
.idata:003F14FC                extrn CreateFileW:dword ; DATA XREF: .text:004224CFo
.idata:003F14FC                                        ; .text:00422983o ...
.idata:003F1500 ; UINT __stdcall GetDriveTypeW(LPCWSTR lpRootPathName)
.idata:003F1500                extrn GetDriveTypeW:dword ; DATA XREF: .text:00422FF5o
.idata:003F1500                                        ; .text:0043BEE4o
.idata:003F1504 ; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)
.idata:003F1504                extrn MoveFileA:dword ; DATA XREF: .text:00423305o
.idata:003F1504                                        ; .text:0043BEEAo
.idata:003F1508 ; BOOL __stdcall MoveFileW(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName)
.idata:003F1508                extrn MoveFileW:dword ; DATA XREF: .text:00423338o
.idata:003F1508                                        ; .text:0043BEF0o
.idata:003F150C ; DWORD __stdcall GetFileAttributesW(LPCWSTR lpFileName)
.idata:003F150C                extrn GetFileAttributesW:dword ; DATA XREF: .text:0042339Do
.idata:003F150C                                        ; .text:0043BEF6o
.idata:003F1510 ; BOOL __stdcall DeleteFileW(LPCWSTR lpFileName)
.idata:003F1510                extrn DeleteFileW:dword ; DATA XREF: .text:0043BEFCo
.idata:003F1514 ; void __stdcall ExitThread(DWORD dwExitCode)
.idata:003F1514                extrn ExitThread:dword  ; DATA XREF: .text:004238AFo
.idata:003F1514                                        ; .text:00423929o ...
.idata:003F1518 ; DWORD __stdcall ResumeThread(HANDLE hThread)
.idata:003F1518                extrn ResumeThread:dword ; DATA XREF: .text:004239F2o
.idata:003F1518                                        ; .text:0043BF08o
.idata:003F151C ; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
.idata:003F151C                extrn CreateThread:dword ; DATA XREF: .text:004239E2o
.idata:003F151C                                        ; .text:0043BF0Eo ...
.idata:003F1520 ; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
.idata:003F1520                extrn TerminateProcess:dword ; DATA XREF: .text:00424FE2o
.idata:003F1520                                        ; .text:004268DEo ...
.idata:003F1524 ; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
.idata:003F1524                extrn UnhandledExceptionFilter:dword
.idata:003F1524                                        ; DATA XREF: .text:00424FC0o
.idata:003F1524                                        ; .text:004268BBo ...
.idata:003F1528 ; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
.idata:003F1528                extrn SetUnhandledExceptionFilter:dword
.idata:003F1528                                        ; DATA XREF: .text:00424FB3o
.idata:003F1528                                        ; .text:004268B0o ...
.idata:003F152C ; BOOL __stdcall IsDebuggerPresent()
.idata:003F152C                extrn IsDebuggerPresent:dword ; DATA XREF: .text:00424FA9o
.idata:003F152C                                        ; .text:0042689Bo ...
.idata:003F1530 ; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
.idata:003F1530                extrn DeleteCriticalSection:dword
.idata:003F1530                                        ; DATA XREF: .text:004252CAo
.idata:003F1530                                        ; .text:004297F1o ...
.idata:003F1534 ; void __stdcall FatalAppExitA(UINT uAction, LPCSTR lpMessageText)
.idata:003F1534                extrn FatalAppExitA:dword ; DATA XREF: .text:0042533Bo
.idata:003F1534                                        ; .text:0043BF32o
.idata:003F1538 ; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
.idata:003F1538                extrn WriteFile:dword ; DATA XREF: .text:00426D4Eo
.idata:003F1538                                        ; .text:00426DA7o ...
.idata:003F153C ; UINT __stdcall GetConsoleCP()
.idata:003F153C                extrn GetConsoleCP:dword ; DATA XREF: .text:00426C35o
.idata:003F153C                                        ; .text:0043BF3Eo
.idata:003F1540 ; BOOL __stdcall GetConsoleMode(HANDLE hConsoleHandle, LPDWORD lpMode)
.idata:003F1540                extrn GetConsoleMode:dword ; DATA XREF: .text:00426C15o
.idata:003F1540                                        ; .text:0043BF44o
.idata:003F1544 ; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
.idata:003F1544                extrn HeapCreate:dword  ; DATA XREF: .text:0042786Ao
.idata:003F1544                                        ; .text:0043BF4Ao
.idata:003F1548 ; BOOL __stdcall HeapDestroy(HANDLE hHeap)
.idata:003F1548                extrn HeapDestroy:dword ; DATA XREF: .text:004278EBo
.idata:003F1548                                        ; .text:0043BF50o
.idata:003F154C ; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
.idata:003F154C                extrn ReadFile:dword ; DATA XREF: .text:00428DB0o
.idata:003F154C                                        ; .text:00428E68o ...
.idata:003F1550 ; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
.idata:003F1550                extrn GetStdHandle:dword ; DATA XREF: .text:00429465o
.idata:003F1550                                        ; .text:00429745o ...
.idata:003F1554 ; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
.idata:003F1554                extrn GetModuleFileNameA:dword ; DATA XREF: .text:00429392o
.idata:003F1554                                        ; .text:00429E93o ...
.idata:003F1558 ; UINT __stdcall SetHandleCount(UINT uNumber)
.idata:003F1558                extrn SetHandleCount:dword ; DATA XREF: .text:004297AFo
.idata:003F1558                                        ; .text:0043BF68o
.idata:003F155C ; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
.idata:003F155C                extrn GetStartupInfoA:dword ; DATA XREF: .text:00429591o
.idata:003F155C                                        ; .text:0043BF6Eo
.idata:003F1560 ; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
.idata:003F1560                extrn SetFilePointer:dword ; DATA XREF: .text:0042984Do
.idata:003F1560                                        ; .text:00432CE5o ...
.idata:003F1564 ; DWORD __stdcall GetEnvironmentVariableW(LPCWSTR lpName, LPWSTR lpBuffer, DWORD nSize)
.idata:003F1564                extrn GetEnvironmentVariableW:dword
.idata:003F1564                                        ; DATA XREF: .text:0043BDF4o
.idata:003F1564                                        ; .textidx:004B7459o ...
.idata:003F1568 ; DWORD __stdcall GetLastError()
.idata:003F1568                extrn GetLastError:dword ; DATA XREF: .text:0041A9F2o
.idata:003F1568                                        ; .text:0041B84Ao ...
.idata:003F156C ; BOOL __stdcall FreeEnvironmentStringsW(LPWCH)
.idata:003F156C                extrn FreeEnvironmentStringsW:dword
.idata:003F156C                                        ; DATA XREF: .text:00429FEEo
.idata:003F156C                                        ; .text:0043B6E7o ...
.idata:003F1570 ; LPWCH __stdcall GetEnvironmentStringsW()
.idata:003F1570                extrn GetEnvironmentStringsW:dword
.idata:003F1570                                        ; DATA XREF: .text:00429F31o
.idata:003F1570                                        ; .text:0043B6ACo ...
.idata:003F1574 ; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
.idata:003F1574                extrn TlsGetValue:dword ; DATA XREF: .text:0042A0CBo
.idata:003F1574                                        ; .text:0042A146o ...
.idata:003F1578 ; DWORD __stdcall TlsAlloc()
.idata:003F1578                extrn TlsAlloc:dword ; DATA XREF: .text:0042A1ACo
.idata:003F1578                                        ; .text:0042A62Eo ...
.idata:003F157C ; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
.idata:003F157C                extrn TlsSetValue:dword ; DATA XREF: .text:0042A1FFo
.idata:003F157C                                        ; .text:0042A572o ...
.idata:003F1580 ; BOOL __stdcall TlsFree(DWORD dwTlsIndex)
.idata:003F1580                extrn TlsFree:dword    ; DATA XREF: .text:0042A251o
.idata:003F1580                                        ; .text:0042A613o ...
.idata:003F1584 ; LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)
.idata:003F1584                extrn InterlockedIncrement:dword
.idata:003F1584                                        ; DATA XREF: .text:0042A2E8o
.idata:003F1584                                        ; .text:0042EA57o ...
.idata:003F1588 ; DWORD __stdcall GetCurrentThreadId()
.idata:003F1588                extrn GetCurrentThreadId:dword ; DATA XREF: .text:0042A57Ao
.idata:003F1588                                        ; .text:0042A75Eo ...
.idata:003F158C ; LONG __stdcall InterlockedDecrement(volatile LONG *lpAddend)
.idata:003F158C                extrn InterlockedDecrement:dword
.idata:003F158C                                        ; DATA XREF: .text:0042A47Bo
.idata:003F158C                                        ; .text:0042EA2Co ...
.idata:003F1590 ; HANDLE __stdcall GetCurrentThread()
.idata:003F1590                extrn GetCurrentThread:dword ; DATA XREF: .text:0042A580o
.idata:003F1590                                        ; .text:0043BFBCo
.idata:003F1594 ; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount)
.idata:003F1594                extrn QueryPerformanceCounter:dword
.idata:003F1594                                        ; DATA XREF: .text:0042A772o
.idata:003F1594                                        ; .text:0043BFC2o
.idata:003F1598 ; DWORD __stdcall GetCurrentProcessId()
.idata:003F1598                extrn GetCurrentProcessId:dword ; DATA XREF: .text:0042A756o
.idata:003F1598                                        ; .text:0043BFC8o ...
.idata:003F159C ; BOOL __stdcall SetConsoleCtrlHandler(PHANDLER_ROUTINE HandlerRoutine, BOOL Add)
.idata:003F159C                extrn SetConsoleCtrlHandler:dword
.idata:003F159C                                        ; DATA XREF: .text:0042DF0Ao
.idata:003F159C                                        ; .text:0043BFCEo
.idata:003F15A0 ; LONG __stdcall InterlockedExchange(volatile LONG *Target, LONG Value)
.idata:003F15A0                extrn InterlockedExchange:dword ; DATA XREF: .text:0042E2BEo
.idata:003F15A0                                        ; .text:004331FEo ...
.idata:003F15A4 ; BOOL __stdcall InitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount)
.idata:003F15A4                extrn InitializeCriticalSectionAndSpinCount:dword
.idata:003F15A4                                        ; DATA XREF: .text:0042E4AAo
.idata:003F15A4                                        ; .text:0043BFDAo
.idata:003F15A8 ; BOOL __stdcall FlushFileBuffers(HANDLE hFile)
.idata:003F15A8                extrn FlushFileBuffers:dword ; DATA XREF: .text:0042E580o
.idata:003F15A8                                        ; .text:0043BFE0o
.idata:003F15AC ; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
.idata:003F15AC                extrn GetCPInfo:dword ; DATA XREF: .text:0042E861o
.idata:003F15AC                                        ; .text:0042EB79o ...
.idata:003F15B0 ; UINT __stdcall GetACP()
.idata:003F15B0                extrn GetACP:dword    ; DATA XREF: .text:0042EAC3o
.idata:003F15B0                                        ; .text:0043A07Ao ...
.idata:003F15B4 ; UINT __stdcall GetOEMCP()
.idata:003F15B4                extrn GetOEMCP:dword ; DATA XREF: .text:0042EAA0o
.idata:003F15B4                                        ; .text:0043BFF2o
.idata:003F15B8 ; BOOL __stdcall IsValidCodePage(UINT CodePage)
.idata:003F15B8                extrn IsValidCodePage:dword ; DATA XREF: .text:0042EB66o
.idata:003F15B8                                        ; .text:0043BFF8o
.idata:003F15BC ; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
.idata:003F15BC                extrn LCMapStringA:dword ; DATA XREF: .text:00430462o
.idata:003F15BC                                        ; .text:00430533o ...
.idata:003F15C0 ; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
.idata:003F15C0                extrn LCMapStringW:dword ; DATA XREF: .text:004301FDo
.idata:003F15C0                                        ; .text:00430311o ...
.idata:003F15C4 ; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName, DWORD nBufferLength, LPSTR lpBuffer, LPSTR *lpFilePart)
.idata:003F15C4                extrn GetFullPathNameA:dword ; DATA XREF: .text:00430F0Ao
.idata:003F15C4                                        ; .text:0043AD18o ...
.idata:003F15C8 ; BOOL __stdcall GetFileInformationByHandle(HANDLE hFile, LPBY_HANDLE_FILE_INFORMATION lpFileInformation)
.idata:003F15C8                extrn GetFileInformationByHandle:dword
.idata:003F15C8                                        ; DATA XREF: .text:004311A4o
.idata:003F15C8                                        ; .text:0043C012o
.idata:003F15CC ; BOOL __stdcall PeekNamedPipe(HANDLE hNamedPipe, LPVOID lpBuffer, DWORD nBufferSize, LPDWORD lpBytesRead, LPDWORD lpTotalBytesAvail, LPDWORD lpBytesLeftThisMessage)
.idata:003F15CC                extrn PeekNamedPipe:dword ; DATA XREF: .text:0043116Co
.idata:003F15CC                                        ; .text:0043C018o
.idata:003F15D0 ; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
.idata:003F15D0                extrn CreateFileA:dword ; DATA XREF: .text:00431534o
.idata:003F15D0                                        ; .text:004319E7o ...
.idata:003F15D4 ; DWORD __stdcall GetCurrentDirectoryA(DWORD nBufferLength, LPSTR lpBuffer)
.idata:003F15D4                extrn GetCurrentDirectoryA:dword
.idata:003F15D4                                        ; DATA XREF: .text:00431C37o
.idata:003F15D4                                        ; .text:0043C024o
.idata:003F15D8 ; BOOL __stdcall SetCurrentDirectoryA(LPCSTR lpPathName)
.idata:003F15D8                extrn SetCurrentDirectoryA:dword
.idata:003F15D8                                        ; DATA XREF: .text:00431D45o
.idata:003F15D8                                        ; .text:0043C02Ao
.idata:003F15DC ; BOOL __stdcall SetStdHandle(DWORD nStdHandle, HANDLE hHandle)
.idata:003F15DC                extrn SetStdHandle:dword ; DATA XREF: .text:00431F77o
.idata:003F15DC                                        ; .text:00432000o ...
.idata:003F15E0 ; BOOL __stdcall CreatePipe(PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize)
.idata:003F15E0                extrn CreatePipe:dword  ; DATA XREF: .text:00432767o
.idata:003F15E0                                        ; .text:0043C036o
.idata:003F15E4 ; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess, LPDWORD lpExitCode)
.idata:003F15E4                extrn GetExitCodeProcess:dword ; DATA XREF: .text:00432984o
.idata:003F15E4                                        ; .text:0043C03Co
.idata:003F15E8 ; BOOL __stdcall SetEndOfFile(HANDLE hFile)
.idata:003F15E8                extrn SetEndOfFile:dword ; DATA XREF: .text:00432F8Fo
.idata:003F15E8                                        ; .text:0043C042o
.idata:003F15EC ; HANDLE __stdcall GetProcessHeap()
.idata:003F15EC                extrn GetProcessHeap:dword ; DATA XREF: .text:00432EAAo
.idata:003F15EC                                        ; .text:00432F2Do ...
.idata:003F15F0 ; DWORD __stdcall GetFullPathNameW(LPCWSTR lpFileName, DWORD nBufferLength, LPWSTR lpBuffer, LPWSTR *lpFilePart)
.idata:003F15F0                extrn GetFullPathNameW:dword ; DATA XREF: .text:00433542o
.idata:003F15F0                                        ; .text:0043B0B1o ...
.idata:003F15F4 ; BOOL __stdcall SetEnvironmentVariableA(LPCSTR lpName, LPCSTR lpValue)
.idata:003F15F4                extrn SetEnvironmentVariableA:dword
.idata:003F15F4                                        ; DATA XREF: .text:00434F89o
.idata:003F15F4                                        ; .text:0043529Bo ...
.idata:003F15F8 ; BOOL __stdcall SetEnvironmentVariableW(LPCWSTR lpName, LPCWSTR lpValue)
.idata:003F15F8                extrn SetEnvironmentVariableW:dword
.idata:003F15F8                                        ; DATA XREF: .text:00434EC3o
.idata:003F15F8                                        ; .text:0043C05Ao
.idata:003F15FC ; int __stdcall CompareStringA(LCID Locale, DWORD dwCmpFlags, LPCSTR lpString1, int cchCount1, LPCSTR lpString2, int cchCount2)
.idata:003F15FC                extrn CompareStringA:dword ; DATA XREF: .text:00435A97o
.idata:003F15FC                                        ; .text:0043C060o
.idata:003F1600 ; int __stdcall CompareStringW(LCID Locale, DWORD dwCmpFlags, LPCWSTR lpString1, int cchCount1, LPCWSTR lpString2, int cchCount2)
.idata:003F1600                extrn CompareStringW:dword ; DATA XREF: .text:0043578Eo
.idata:003F1600                                        ; .text:004359DDo ...
.idata:003F1604 ; BOOL __stdcall WriteConsoleA(HANDLE hConsoleOutput, const void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved)
.idata:003F1604                extrn WriteConsoleA:dword ; DATA XREF: .text:00436C4Bo
.idata:003F1604                                        ; .text:0043C06Co
.idata:003F1608 ; UINT __stdcall GetConsoleOutputCP()
.idata:003F1608                extrn GetConsoleOutputCP:dword ; DATA XREF: .text:00436C28o
.idata:003F1608                                        ; .text:0043C072o
.idata:003F160C ; BOOL __stdcall WriteConsoleW(HANDLE hConsoleOutput, const void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved)
.idata:003F160C                extrn WriteConsoleW:dword ; DATA XREF: .text:00436BF5o
.idata:003F160C                                        ; .text:0043C078o
.idata:003F1610 ; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem)
.idata:003F1610                extrn HeapSize:dword ; DATA XREF: .text:00437D1Co
.idata:003F1610                                        ; .text:0043C07Eo
.idata:003F1614 ; int __stdcall GetLocaleInfoW(LCID Locale, LCTYPE LCType, LPWSTR lpLCData, int cchData)
.idata:003F1614                extrn GetLocaleInfoW:dword ; DATA XREF: .text:00437E8Fo
.idata:003F1614                                        ; .text:00437EB6o ...
.idata:003F1618 ; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
.idata:003F1618                extrn GetLocaleInfoA:dword ; DATA XREF: .text:00437FF2o
.idata:003F1618                                        ; .text:0043A029o ...
.idata:003F161C ; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
.idata:003F161C                extrn GetStringTypeA:dword ; DATA XREF: .text:004381DAo
.idata:003F161C                                        ; .text:0043C090o
.idata:003F1620 ; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
.idata:003F1620                extrn GetStringTypeW:dword ; DATA XREF: .text:00438076o
.idata:003F1620                                        ; .text:00438165o ...
.idata:003F1624 ; int __stdcall GetTimeFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCSTR lpFormat, LPSTR lpTimeStr, int cchTime)
.idata:003F1624                extrn GetTimeFormatA:dword ; DATA XREF: .text:004398E8o
.idata:003F1624                                        ; .text:0043C09Co
.idata:003F1628 ; int __stdcall GetDateFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpDate, LPCSTR lpFormat, LPSTR lpDateStr, int cchDate)
.idata:003F1628                extrn GetDateFormatA:dword ; DATA XREF: .text:004398E0o
.idata:003F1628                                        ; .text:0043C0A2o
.idata:003F162C ; LCID __stdcall GetUserDefaultLCID()
.idata:003F162C                extrn GetUserDefaultLCID:dword ; DATA XREF: .text:00439FD1o
.idata:003F162C                                        ; .text:0043A648o ...
.idata:003F1630 ; BOOL __stdcall EnumSystemLocalesA(LOCALE_ENUMPROCA lpLocaleEnumProc, DWORD dwFlags)
.idata:003F1630                extrn EnumSystemLocalesA:dword ; DATA XREF: .text:0043A4AFo
.idata:003F1630                                        ; .text:0043A507o ...
.idata:003F1634 ; BOOL __stdcall IsValidLocale(LCID Locale, DWORD dwFlags)
.idata:003F1634                extrn IsValidLocale:dword ; DATA XREF: .text:0043A6ACo
.idata:003F1634                                        ; .text:0043C0B4o
.idata:003F1638 ; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName, LPSTR lpBuffer, DWORD nSize)
.idata:003F1638                extrn GetEnvironmentVariableA:dword
.idata:003F1638                                        ; DATA XREF: .text:0043BDEEo
.idata:003F1638                                        ; .textidx:004B7309o ...
.idata:003F163C ; LPWSTR __stdcall GetCommandLineW()
.idata:003F163C                extrn GetCommandLineW:dword ; DATA XREF: .text:0043BDE8o
.idata:003F163C                                        ; .textidx:004B65A3o
.idata:003F1640 ; BOOL __stdcall SystemTimeToFileTime(const SYSTEMTIME *lpSystemTime, LPFILETIME lpFileTime)
.idata:003F1640                extrn SystemTimeToFileTime:dword
.idata:003F1640                                        ; DATA XREF: .text:004840CCo
.idata:003F1640                                        ; .text:00484720o
.idata:003F1644 ; BOOL __stdcall LocalFileTimeToFileTime(const FILETIME *lpLocalFileTime, LPFILETIME lpFileTime)
.idata:003F1644                extrn LocalFileTimeToFileTime:dword
.idata:003F1644                                        ; DATA XREF: .text:004840F0o
.idata:003F1644                                        ; .text:0048415Eo ...
.idata:003F1648 ; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
.idata:003F1648                extrn SetFileTime:dword ; DATA XREF: .text:0048417Bo
.idata:003F1648                                        ; .text:00484714o
.idata:003F164C ; BOOL __stdcall UnlockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToUnlockLow, DWORD nNumberOfBytesToUnlockHigh)
.idata:003F164C                extrn UnlockFile:dword  ; DATA XREF: .text:00483DE5o
.idata:003F164C                                        ; .text:0048470Eo
.idata:003F1650 ; BOOL __stdcall LockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToLockLow, DWORD nNumberOfBytesToLockHigh)
.idata:003F1650                extrn LockFile:dword ; DATA XREF: .text:00483DEDo
.idata:003F1650                                        ; .text:00484708o
.idata:003F1654 ; BOOL __stdcall ReleaseSemaphore(HANDLE hSemaphore, LONG lReleaseCount, LPLONG lpPreviousCount)
.idata:003F1654                extrn ReleaseSemaphore:dword ; DATA XREF: .text:00457909o
.idata:003F1654                                        ; .text:004579AAo ...
.idata:003F1658 ; HANDLE __stdcall CreateSemaphoreA(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCSTR lpName)
.idata:003F1658                extrn CreateSemaphoreA:dword ; DATA XREF: .text:004572B0o
.idata:003F1658                                        ; .text:004846FCo
.idata:003F165C ; BOOL __stdcall SetConsoleTitleA(LPCSTR lpConsoleTitle)
.idata:003F165C                extrn SetConsoleTitleA:dword ; DATA XREF: .text:0043E00Do
.idata:003F165C                                        ; .text:004846F6o
.idata:003F1660 ; BOOL __stdcall ReleaseMutex(HANDLE hMutex)
.idata:003F1660                extrn ReleaseMutex:dword ; DATA XREF: .text:0043BE06o
.idata:003F1660                                        ; .text:0043CEE1o ...
.idata:003F1664 ; BOOL __stdcall SetHandleInformation(HANDLE hObject, DWORD dwMask, DWORD dwFlags)
.idata:003F1664                extrn SetHandleInformation:dword
.idata:003F1664                                        ; DATA XREF: .text:0043BE00o
.idata:003F1664                                        ; .textidx:004B879Bo
.idata:003F1668 ; LPCH __stdcall GetEnvironmentStrings()
.idata:003F1668                extrn GetEnvironmentStrings:dword
.idata:003F1668                                        ; DATA XREF: .text:0042A001o
.idata:003F1668                                        ; .text:0043BF80o
.idata:003F166C ; UINT __stdcall SetErrorMode(UINT uMode)
.idata:003F166C                extrn SetErrorMode:dword ; DATA XREF: .text:0043BDFAo
.idata:003F166C                                        ; .textidx:004B7C8Do
.idata:003F1670 ; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
.idata:003F1670                extrn WideCharToMultiByte:dword ; DATA XREF: .text:00425198o
.idata:003F1670                                        ; .text:00426D25o ...
.idata:003F1674 ; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
.idata:003F1674                extrn MultiByteToWideChar:dword ; DATA XREF: .text:004236EFo
.idata:003F1674                                        ; .text:00428FACo ...
.idata:003F1678 ; BOOL __stdcall SetEvent(HANDLE hEvent)
.idata:003F1678                extrn SetEvent:dword ; DATA XREF: .text:0043BDD6o
.idata:003F1678                                        ; .textidx:004B5AE9o
.idata:003F167C ; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName)
.idata:003F167C                extrn CreateEventA:dword ; DATA XREF: .text:0043BDD0o
.idata:003F167C                                        ; .textidx:004B5AF9o
.idata:003F1680 ; BOOL __stdcall ResetEvent(HANDLE hEvent)
.idata:003F1680                extrn ResetEvent:dword  ; DATA XREF: .text:0043BDCAo
.idata:003F1680                                        ; .textidx:004B5A8Ao
.idata:003F1684 ; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
.idata:003F1684                extrn WaitForSingleObject:dword ; DATA XREF: .text:00432975o
.idata:003F1684                                        ; .text:0043BDC4o ...
.idata:003F1688 ; BOOL __stdcall CloseHandle(HANDLE hObject)
.idata:003F1688                extrn CloseHandle:dword ; DATA XREF: .text:00421DD9o
.idata:003F1688                                        ; .text:004225A0o ...
.idata:003F168C ; void __stdcall Sleep(DWORD dwMilliseconds)
.idata:003F168C                extrn Sleep:dword    ; DATA XREF: .text:0041FBCCo
.idata:003F168C                                        ; .text:0042D799o ...
.idata:003F1690 ; DWORD __stdcall GetVersion()
.idata:003F1690                extrn GetVersion:dword  ; DATA XREF: .text:0043BDB2o
.idata:003F1690                                        ; .text:00457338o ...
.idata:003F1694 ; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
.idata:003F1694                extrn GetWindowsDirectoryA:dword
.idata:003F1694                                        ; DATA XREF: .text:0043BDACo
.idata:003F1694                                        ; .text:0043C292o ...
.idata:003F1698 ; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
.idata:003F1698                extrn GetVersionExA:dword ; DATA XREF: .text:0043BDA6o
.idata:003F1698                                        ; .textidx:0048AE5Eo ...
.idata:003F169C ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
.idata:003F169C                extrn LoadLibraryA:dword ; DATA XREF: .text:00401093o
.idata:003F169C                                        ; .text:0042E23Co ...
.idata:003F16A0 ; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
.idata:003F16A0                extrn GetProcAddress:dword ; DATA XREF: .text:004010B6o
.idata:003F16A0                                        ; .text:0041FC33o ...
.idata:003F16A4 ; BOOL __stdcall FreeEnvironmentStringsA(LPCH)
.idata:003F16A4                extrn FreeEnvironmentStringsA:dword
.idata:003F16A4                                        ; DATA XREF: .text:0042A033o
.idata:003F16A4                                        ; .text:0042A04Co ...
.idata:003F16A8 ; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
.idata:003F16A8                extrn FreeLibrary:dword ; DATA XREF: .text:0040111Eo
.idata:003F16A8                                        ; .text:0040124Bo ...
.idata:003F16AC
.idata:003F16B0 ;
.idata:003F16B0 ; Imports from NETAPI32.dll
.idata:003F16B0 ;
.idata:003F16B0 ; UCHAR __stdcall Netbios(PNCB pncb)
.idata:003F16B0                extrn Netbios:dword    ; DATA XREF: .text:003F1038o
.idata:003F16B0                                        ; .text:0043C14Ao
.idata:003F16B4
.idata:003F16B8 ;
.idata:003F16B8 ; Imports from USER32.dll
.idata:003F16B8 ;
.idata:003F16B8 ; INT_PTR __stdcall DialogBoxIndirectParamA(HINSTANCE hInstance, LPCDLGTEMPLATEA hDialogTemplate, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
.idata:003F16B8                extrn DialogBoxIndirectParamA:dword
.idata:003F16B8                                        ; DATA XREF: .text:003F1024o
.idata:003F16B8                                        ; .text:0043C144o ...
.idata:003F16BC ; HWND __stdcall CreateDialogIndirectParamA(HINSTANCE hInstance, LPCDLGTEMPLATEA lpTemplate, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
.idata:003F16BC                extrn CreateDialogIndirectParamA:dword
.idata:003F16BC                                        ; DATA XREF: .text:0043C13Eo
.idata:003F16BC                                        ; .textidx:005084E5o
.idata:003F16C0 ; int wsprintfA(LPSTR, LPCSTR, ...)
.idata:003F16C0                extrn wsprintfA:dword ; DATA XREF: .text:0043C138o
.idata:003F16C0                                        ; .textidx:005081D4o ...
.idata:003F16C4 ; BOOL __stdcall GetClientRect(HWND hWnd, LPRECT lpRect)
.idata:003F16C4                extrn GetClientRect:dword ; DATA XREF: .text:0043C132o
.idata:003F16C4                                        ; .textidx:004D2CA0o
.idata:003F16C8 ; BOOL __stdcall ScreenToClient(HWND hWnd, LPPOINT lpPoint)
.idata:003F16C8                extrn ScreenToClient:dword ; DATA XREF: .text:0043C12Co
.idata:003F16C8                                        ; .textidx:004D2CC8o ...
.idata:003F16CC ; BOOL __stdcall MoveWindow(HWND hWnd, int X, int Y, int nWidth, int nHeight, BOOL bRepaint)
.idata:003F16CC                extrn MoveWindow:dword  ; DATA XREF: .text:0043C126o
.idata:003F16CC                                        ; .textidx:004D2D3Eo
.idata:003F16D0 ; BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)
.idata:003F16D0                extrn ShowWindow:dword  ; DATA XREF: .text:0043C120o
.idata:003F16D0                                        ; .textidx:004D2B27o
.idata:003F16D4 ; BOOL __stdcall SetWindowTextA(HWND hWnd, LPCSTR lpString)
.idata:003F16D4                extrn SetWindowTextA:dword ; DATA XREF: .text:0043C11Ao
.idata:003F16D4                                        ; .textidx:004D2C4Eo
.idata:003F16D8 ; HWND __stdcall SetFocus(HWND hWnd)
.idata:003F16D8                extrn SetFocus:dword ; DATA XREF: .text:0043C114o
.idata:003F16D8                                        ; .textidx:004D2A5Bo
.idata:003F16DC ; HWND __stdcall GetFocus()
.idata:003F16DC                extrn GetFocus:dword ; DATA XREF: .text:0043C10Eo
.idata:003F16DC                                        ; .textidx:004D25DBo ...
.idata:003F16E0 ; HWND __stdcall GetParent(HWND hWnd)
.idata:003F16E0                extrn GetParent:dword ; DATA XREF: .text:0043C108o
.idata:003F16E0                                        ; .textidx:004D20B9o
.idata:003F16E4 ; BOOL __stdcall EndDialog(HWND hDlg, INT_PTR nResult)
.idata:003F16E4                extrn EndDialog:dword ; DATA XREF: .text:0043C102o
.idata:003F16E4                                        ; .textidx:004D2164o ...
.idata:003F16E8 ; UINT __stdcall GetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPSTR lpString, int cchMax)
.idata:003F16E8                extrn GetDlgItemTextA:dword ; DATA XREF: .text:0043C0FCo
.idata:003F16E8                                        ; .textidx:004D1BB0o
.idata:003F16EC ; UINT __stdcall GetDlgItemTextW(HWND hDlg, int nIDDlgItem, LPWSTR lpString, int cchMax)
.idata:003F16EC                extrn GetDlgItemTextW:dword ; DATA XREF: .text:0043C0F6o
.idata:003F16EC                                        ; .textidx:004D1C46o
.idata:003F16F0 ; HWND __stdcall GetActiveWindow()
.idata:003F16F0                extrn GetActiveWindow:dword ; DATA XREF: .text:0043C0C0o
.idata:003F16F0                                        ; .textidx:00493EA4o ...
.idata:003F16F4 ; int __stdcall GetSystemMetrics(int nIndex)
.idata:003F16F4                extrn GetSystemMetrics:dword ; DATA XREF: .text:0043C0C6o
.idata:003F16F4                                        ; .textidx:004B92C4o
.idata:003F16F8 ; BOOL __stdcall EnableWindow(HWND hWnd, BOOL bEnable)
.idata:003F16F8                extrn EnableWindow:dword ; DATA XREF: .text:0043C0CCo
.idata:003F16F8                                        ; .textidx:004D1410o ...
.idata:003F16FC ; BOOL __stdcall GetWindowRect(HWND hWnd, LPRECT lpRect)
.idata:003F16FC                extrn GetWindowRect:dword ; DATA XREF: .text:0043C0D2o
.idata:003F16FC                                        ; .textidx:004D1404o ...
.idata:003F1700 ; HWND __stdcall GetDlgItem(HWND hDlg, int nIDDlgItem)
.idata:003F1700                extrn GetDlgItem:dword  ; DATA XREF: .text:0043C0D8o
.idata:003F1700                                        ; .textidx:004D13F3o ...
.idata:003F1704 ; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
.idata:003F1704                extrn SendMessageA:dword ; DATA XREF: .text:0043C0DEo
.idata:003F1704                                        ; .textidx:004D174Ao ...
.idata:003F1708 ; LONG __stdcall GetWindowLongA(HWND hWnd, int nIndex)
.idata:003F1708                extrn GetWindowLongA:dword ; DATA XREF: .text:0043C0E4o
.idata:003F1708                                        ; .textidx:004D17E6o
.idata:003F170C ; BOOL __stdcall MessageBeep(UINT uType)
.idata:003F170C                extrn MessageBeep:dword ; DATA XREF: .text:0043C0EAo
.idata:003F170C                                        ; .textidx:004D209Co
.idata:003F1710 ; BOOL __stdcall SetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPCSTR lpString)
.idata:003F1710                extrn SetDlgItemTextA:dword ; DATA XREF: .text:0043C0F0o
.idata:003F1710                                        ; .textidx:004D1A6Co
.idata:003F1714 ; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
.idata:003F1714                extrn MessageBoxA:dword ; DATA XREF: .text:0043C0BAo
.idata:003F1714                                        ; .textidx:00493EABo ...
.idata:003F1718
.idata:003F171C ;
.idata:003F171C ; Imports from WSOCK32.dll
.idata:003F171C ;
.idata:003F171C ; int __stdcall getsockname(SOCKET s, struct sockaddr *name, int *namelen)
.idata:003F171C                extrn getsockname:dword ; DATA XREF: .text:003F1088o
.idata:003F1720 ; int __stdcall _WSAFDIsSet(SOCKET fd, fd_set *)
.idata:003F1720                extrn __WSAFDIsSet:dword
.idata:003F1724 ; int __stdcall select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout)
.idata:003F1724                extrn select:dword    ; DATA XREF: .text:0043C1F8o
.idata:003F1728 ; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
.idata:003F1728                extrn connect:dword    ; DATA XREF: .text:0043C1FEo
.idata:003F172C ; SOCKET __stdcall socket(int af, int type, int protocol)
.idata:003F172C                extrn socket:dword    ; DATA XREF: .text:0043C204o
.idata:003F1730 ; u_short __stdcall htons(u_short hostshort)
.idata:003F1730                extrn htons:dword    ; DATA XREF: .text:0043C20Ao
.idata:003F1734 ; struct protoent *__stdcall getprotobyname(const char *name)
.idata:003F1734                extrn getprotobyname:dword ; DATA XREF: .text:0043C210o
.idata:003F1738 ; int __stdcall closesocket(SOCKET s)
.idata:003F1738                extrn closesocket:dword ; DATA XREF: .text:0043C216o
.idata:003F173C ; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
.idata:003F173C                extrn recv:dword       ; DATA XREF: .text:0043C21Co
.idata:003F1740 ; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
.idata:003F1740                extrn send:dword       ; DATA XREF: .text:0043C222o
.idata:003F1744 ; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long *argp)
.idata:003F1744                extrn ioctlsocket:dword ; DATA XREF: .text:0043C228o
.idata:003F1748 ; int __stdcall setsockopt(SOCKET s, int level, int optname, const char *optval, int optlen)
.idata:003F1748                extrn setsockopt:dword  ; DATA XREF: .text:0043C22Eo
.idata:003F174C ; u_short __stdcall ntohs(u_short netshort)
.idata:003F174C                extrn ntohs:dword    ; DATA XREF: .text:0043C234o
.idata:003F1750 ; int __stdcall WSACleanup()
.idata:003F1750                extrn WSACleanup:dword  ; DATA XREF: .text:0043C1DAo
.idata:003F1754 ; unsigned __int32 __stdcall inet_addr(const char *cp)
.idata:003F1754                extrn inet_addr:dword ; DATA XREF: .text:0043C1D4o
.idata:003F1758 ; char *__stdcall inet_ntoa(struct in_addr in)
.idata:003F1758                extrn inet_ntoa:dword ; DATA XREF: .text:0043C1CEo
.idata:003F175C ; struct hostent *__stdcall gethostbyaddr(const char *addr, int len, int type)
.idata:003F175C                extrn gethostbyaddr:dword ; DATA XREF: .text:0043C1C8o
.idata:003F1760 ; struct hostent *__stdcall gethostbyname(const char *name)
.idata:003F1760                extrn gethostbyname:dword ; DATA XREF: .text:0043C1C2o
.idata:003F1764 ; int __stdcall gethostname(char *name, int namelen)
.idata:003F1764                extrn gethostname:dword ; DATA XREF: .text:0043C1BCo
.idata:003F1768 ; u_long __stdcall htonl(u_long hostlong)
.idata:003F1768                extrn htonl:dword    ; DATA XREF: .text:0043C1B6o
.idata:003F176C ; u_long __stdcall ntohl(u_long netlong)
.idata:003F176C                extrn ntohl:dword    ; DATA XREF: .text:0043C1B0o
.idata:003F1770 ; int __stdcall getsockopt(SOCKET s, int level, int optname, char *optval, int *optlen)
.idata:003F1770                extrn getsockopt:dword  ; DATA XREF: .text:0043C1AAo
.idata:003F1774 ; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
.idata:003F1774                extrn WSAStartup:dword  ; DATA XREF: .text:0043C1E6o
.idata:003F1778 ; int __stdcall WSAGetLastError()
.idata:003F1778                extrn WSAGetLastError:dword ; DATA XREF: .text:0043C1E0o
.idata:003F177C
.idata:003F177C
.text:003F1780 ; ===========================================================================
.text:003F1780
.text:003F1780 ; Segment type: Pure code
.text:003F1780 ; Segment permissions: Read/Execute
.text:003F1780 _text          segment para public 'CODE' use32
.text:003F1780                assume cs:_text
.text:003F1780                ;org 3F1780h
.text:003F1780                assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:003F1780 word_3F1780    dw 0                   ; DATA XREF: .text:off_3F10A0o
.text:003F1780                                        ; .text:00421354w ...
.text:003F1782                db 'VirtualProtect',0
.text:003F1791 word_3F1791    dw 0                   ; DATA XREF: .text:003F10A4o
.text:003F1793                db 'VirtualQuery',0
.text:003F17A0 word_3F17A0    dw 0                   ; DATA XREF: .text:003F10A8o
.text:003F17A2                db 'GetSystemInfo',0
.text:003F17B0 word_3F17B0    dw 0                   ; DATA XREF: .text:003F10ACo
.text:003F17B2                db 'OutputDebugStringA',0
.text:003F17C5                db 2 dup(0), 56h
.text:003F17C8 aIrtualprotect  db 'irtualProtect',0
.text:003F17D6                align 4
.text:003F17D8 aVirtualquery db 'VirtualQuery',0
.text:003F17E5                db 2 dup(0), 47h
.text:003F17E8 aEtsysteminfo db 'etSystemInfo',0
.text:003F17F5                db 2 dup(0), 4Fh
.text:003F17F8 aUtputdebugstri db 'utputDebugStringA',0
.text:003F180A ; char OutputString[]
.text:003F180A OutputString db '__page_permission_service invoked.',0
.text:003F180A                                        ; DATA XREF: sub_3F1901+Eo
.text:003F182D                db 1Ah, 4
.text:003F182F a__page_permi_3 db '__page_permission_service VirtualQuery failed.',0
.text:003F182F                                        ; DATA XREF: sub_3F1994:loc_41B0E1o
.text:003F185E                dw 2311h
.text:003F1860 a__page_permi_4 db '__page_permission_service VirtualProtect failed.',0
.text:003F1860                                        ; DATA XREF: sub_3F1994:loc_43C566o
.text:003F1891                db 45h, 9, 0B4h
.text:003F1894 ; char a__page_permi_0[]
.text:003F1894 a__page_permi_0 db '__page_permission_service running.',0
.text:003F1894                                        ; DATA XREF: sub_3F1901+83o
.text:003F18B7                db 7Dh
.text:003F18B8 ; char a__page_permi_1[]
.text:003F18B8 a__page_permi_1 db '__page_permission_service success.',0
.text:003F18B8                                        ; DATA XREF: sub_3F1994:loc_4118D4o
.text:003F18DB                db 32h
.text:003F18DC ; char a__page_permi_2[]
.text:003F18DC a__page_permi_2 db '__page_permission_service exited.',0
.text:003F18DC                                        ; DATA XREF: sub_3F1994:loc_41E500o
.text:003F18FE                dw 8B7Eh
.text:003F1900 ; ---------------------------------------------------------------------------
.text:003F1900                push ebp
.text:003F1901
.text:003F1901 ; =============== S U B R O U T I N E =======================================
.text:003F1901
.text:003F1901 ; Attributes: bp-based frame
.text:003F1901
.text:003F1901 sub_3F1901    proc near             ; CODE XREF: start_0:loc_43CD06p
.text:003F1901                                        ; DATA XREF: sub_3F1901:loc_3F191Do ...
.text:003F1901
.text:003F1901 SystemInfo    = _SYSTEM_INFO ptr -34h
.text:003F1901 var_10       = dword ptr -10h
.text:003F1901 var_C          = byte ptr -0Ch
.text:003F1901 var_8          = dword ptr -8
.text:003F1901
.text:003F1901 ; FUNCTION CHUNK AT .text:003F1945 SIZE 00000022 BYTES
.text:003F1901 ; FUNCTION CHUNK AT .text:003F1981 SIZE 00000011 BYTES
.text:003F1901 ; FUNCTION CHUNK AT .text:00411A71 SIZE 0000000F BYTES
.text:003F1901 ; FUNCTION CHUNK AT .text:0041E621 SIZE 00000004 BYTES
.text:003F1901
.text:003F1901                push ebp
.text:003F1902                mov    ebp, esp
.text:003F1904                sub    esp, 34h
.text:003F1907                push esi
.text:003F1908                push edi
.text:003F1909                mov    edi, ds:OutputDebugStringA
.text:003F190F                push offset OutputString ; "__page_permission_service invoked."
.text:003F1914                call edi ; OutputDebugStringA
.text:003F1916                jmp    loc_3F191D
.text:003F1916 ; ---------------------------------------------------------------------------
.text:003F191B                db 3Eh
.text:003F191C                db 0E9h
.text:003F191D ; ---------------------------------------------------------------------------
.text:003F191D
.text:003F191D loc_3F191D:                            ; CODE XREF: sub_3F1901+15j
.text:003F191D                mov    esi, offset sub_3F1901
.text:003F1922                sub    esi, ds:off_41A98F
.text:003F1928                add    esi, ds:dword_41B368
.text:003F192E                cmp    ds:dword_41E4ED, 0
.text:003F1935                mov    [ebp+var_10], esi
.text:003F1938                jz    loc_41E621
.text:003F193E                jmp    loc_411A71
.text:003F193E sub_3F1901    endp
.text:003F193E
.text:003F193E ; ---------------------------------------------------------------------------
.text:003F1943                db 83h
.text:003F1944                db 0C4h
.text:003F1945 ; ---------------------------------------------------------------------------
.text:003F1945 ; START OF FUNCTION CHUNK FOR sub_3F1901
.text:003F1945
.text:003F1945 loc_3F1945:                            ; CODE XREF: sub_3F1901+2017Aj
.text:003F1945                mov    eax, [ebp+SystemInfo.dwPageSize]
.text:003F1948                dec    eax
.text:003F1949                push eax
.text:003F194A                push esi
.text:003F194B                call sub_3F1969
.text:003F1950                jmp    $+5
.text:003F1955                mov    [ebp+var_8], eax
.text:003F1958                lea    eax, [ebp+var_C]
.text:003F195B                push eax
.text:003F195C                push esi
.text:003F195D                call sub_3F1994
.text:003F1962                jmp    loc_3F1981
.text:003F1962 ; END OF FUNCTION CHUNK FOR sub_3F1901
.text:003F1962 ; ---------------------------------------------------------------------------
.text:003F1967                db 8Bh
.text:003F1968                db 7Ch
.text:003F1969
.text:003F1969 ; =============== S U B R O U T I N E =======================================
.text:003F1969
.text:003F1969 ; Attributes: bp-based frame
.text:003F1969
.text:003F1969 sub_3F1969    proc near             ; CODE XREF: sub_3F1901+4Ap
.text:003F1969                                        ; sub_3F19E8+4Fp
.text:003F1969
.text:003F1969 arg_4          = dword ptr  0Ch
.text:003F1969
.text:003F1969 ; FUNCTION CHUNK AT .text:0041F26A SIZE 00000004 BYTES
.text:003F1969
.text:003F1969                push ebp
.text:003F196A                mov    ebp, esp
.text:003F196C                sub    esp, 1Ch
.text:003F196F                cmp    [ebp+arg_4], 0
.text:003F1973                jz    loc_41F26A
.text:003F1979                jmp    loc_3F19AE
.text:003F1979 sub_3F1969    endp
.text:003F1979
.text:003F1979 ; ---------------------------------------------------------------------------
.text:003F197E                dw 754Ch
.text:003F1980                db 0Ah
.text:003F1981 ; ---------------------------------------------------------------------------
.text:003F1981 ; START OF FUNCTION CHUNK FOR sub_3F1901
.text:003F1981
.text:003F1981 loc_3F1981:                            ; CODE XREF: sub_3F1901+61j
.text:003F1981                add    esp, 10h
.text:003F1984                push offset a__page_permi_0 ; "__page_permission_service running."
.text:003F1989                mov    esi, eax
.text:003F198B                call edi ; OutputDebugStringA
.text:003F198D                jmp    loc_3F19C5
.text:003F198D ; END OF FUNCTION CHUNK FOR sub_3F1901
.text:003F198D ; ---------------------------------------------------------------------------
.text:003F1992                dw 8B87h
.text:003F1994
.text:003F1994 ; =============== S U B R O U T I N E =======================================
.text:003F1994
.text:003F1994
.text:003F1994 sub_3F1994    proc near             ; CODE XREF: sub_3F1901+5Cp
.text:003F1994
.text:003F1994 arg_0          = dword ptr  4
.text:003F1994 arg_4          = dword ptr  8
.text:003F1994
.text:003F1994 ; FUNCTION CHUNK AT .text:003F1A02 SIZE 0000002C BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:003F1A58 SIZE 00000019 BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:00411485 SIZE 0000000B BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:004118D4 SIZE 0000000C BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:0041B0E1 SIZE 0000000A BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:0041E500 SIZE 0000000C BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:0041E5EE SIZE 0000000D BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:0041E78A SIZE 0000000D BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:004201C1 SIZE 00000005 BYTES
.text:003F1994 ; FUNCTION CHUNK AT .text:0043C566 SIZE 0000000A BYTES
.text:003F1994
.text:003F1994                mov    eax, [esp+arg_0]
.text:003F1998                mov    ecx, [eax+3Ch]
.text:003F199B                lea    eax, [ecx+eax+4]
.text:003F199F                test eax, eax
.text:003F19A1                jnz    loc_3F19D6
.text:003F19A7                jmp    nullsub_1
.text:003F19A7 ; ---------------------------------------------------------------------------
.text:003F19AC                db 36h, 80h
.text:003F19AE ; ---------------------------------------------------------------------------
.text:003F19AE
.text:003F19AE loc_3F19AE:                            ; CODE XREF: sub_3F1969+10j
.text:003F19AE                push 1Ch          ; dwLength
.text:003F19B0                lea    eax, [ebp-1Ch]
.text:003F19B3                push eax          ; lpBuffer
.text:003F19B4                push dword ptr [ebp+8] ; lpAddress
.text:003F19B7                call ds:VirtualQuery
.text:003F19BD                jmp    loc_41E5EE
.text:003F19BD ; ---------------------------------------------------------------------------
.text:003F19C2                dw 6675h
.text:003F19C4                db 0B3h
.text:003F19C5 ; ---------------------------------------------------------------------------
.text:003F19C5
.text:003F19C5 loc_3F19C5:                            ; CODE XREF: sub_3F1901+8Cj
.text:003F19C5                mov    eax, [ebp-0Ch]
.text:003F19C8                test eax, eax
.text:003F19CA                jbe    loc_3F1A02
.text:003F19D0                jmp    sub_3F19E8
.text:003F19D0 ; ---------------------------------------------------------------------------
.text:003F19D5                db 7Dh
.text:003F19D6 ; ---------------------------------------------------------------------------
.text:003F19D6
.text:003F19D6 loc_3F19D6:                            ; CODE XREF: sub_3F1994+Dj
.text:003F19D6                movzx ecx, word ptr [eax+2]
.text:003F19DA                mov    edx, [esp+arg_4]
.text:003F19DE                mov    [edx], ecx
.text:003F19E0                mov    ecx, [eax+70h]
.text:003F19E3                lea    eax, [eax+ecx*8+74h]
.text:003F19E7                retn
.text:003F19E7 sub_3F1994    endp
.text:003F19E7
.text:003F19E8
.text:003F19E8 ; =============== S U B R O U T I N E =======================================
.text:003F19E8
.text:003F19E8
.text:003F19E8 sub_3F19E8    proc near             ; CODE XREF: sub_3F1994+3Cj
.text:003F19E8
.text:003F19E8 ; FUNCTION CHUNK AT .text:003F1A2F SIZE 00000027 BYTES
.text:003F19E8 ; FUNCTION CHUNK AT .text:003F1A72 SIZE 00000012 BYTES
.text:003F19E8 ; FUNCTION CHUNK AT .text:0041E62D SIZE 0000000C BYTES
.text:003F19E8 ; FUNCTION CHUNK AT .text:0041EF8A SIZE 0000000A BYTES
.text:003F19E8
.text:003F19E8                push ebx
.text:003F19E9                lea    ebx, [esi+8]
.text:003F19EC                lea    edi, [esi+0Ch]
.text:003F19EF                add    esi, 24h
.text:003F19F2                push 28h
.text:003F19F4                mov    [ebp-4], esi
.text:003F19F7                mov    [ebp-0Ch], eax
.text:003F19FA                pop    esi
.text:003F19FB                jmp    loc_3F1A72
.text:003F19FB sub_3F19E8    endp
.text:003F19FB
.text:003F1A00 ; ---------------------------------------------------------------------------
.text:003F1A00                cmp    al, 3Dh
.text:003F1A02 ; START OF FUNCTION CHUNK FOR sub_3F1994
.text:003F1A02
.text:003F1A02 loc_3F1A02:                            ; CODE XREF: sub_3F1994+36j
.text:003F1A02                                        ; sub_3F19E8+2CC4Cj
.text:003F1A02                and    ds:dword_41E4ED, 0
.text:003F1A09                cmp    dword ptr [ebp-8], 0
.text:003F1A0D                jz    loc_41E500
.text:003F1A13                jmp    loc_4118D4
.text:003F1A18 ; ---------------------------------------------------------------------------
.text:003F1A18
.text:003F1A18 loc_3F1A18:                            ; CODE XREF: sub_3F1994+2CC5Cj
.text:003F1A18                mov    eax, [ebp-8]
.text:003F1A1B                and    eax, 0FFFFFF80h
.text:003F1A1E                test al, al
.text:003F1A20                mov    [ebp-8], eax
.text:003F1A23                js    loc_4201C1
.text:003F1A29                jmp    loc_3F1A58
.text:003F1A29 ; END OF FUNCTION CHUNK FOR sub_3F1994
.text:003F1A2E ; ---------------------------------------------------------------------------
.text:003F1A2E                popa
.text:003F1A2F ; START OF FUNCTION CHUNK FOR sub_3F19E8
.text:003F1A2F
.text:003F1A2F loc_3F1A2F:                            ; CODE XREF: sub_3F19E8+97j
.text:003F1A2F                mov    eax, [edi]
.text:003F1A31                add    eax, [ebp-10h]
.text:003F1A34                push dword ptr [ebx]
.text:003F1A36                push eax
.text:003F1A37                call sub_3F1969
.text:003F1A3C                jmp    loc_41EF8A
.text:003F1A41 ; ---------------------------------------------------------------------------
.text:003F1A41
.text:003F1A41 loc_3F1A41:                            ; CODE XREF: sub_3F19E8+91j
.text:003F1A41                                        ; sub_3F19E8+2D5A7j
.text:003F1A41                add    [ebp-4], esi
.text:003F1A44                add    edi, esi
.text:003F1A46                add    ebx, esi
.text:003F1A48                dec    dword ptr [ebp-0Ch]
.text:003F1A4B                jnz    loc_3F1A72
.text:003F1A51                jmp    loc_41E62D
.text:003F1A51 ; END OF FUNCTION CHUNK FOR sub_3F19E8
.text:003F1A51 ; ---------------------------------------------------------------------------
.text:003F1A56                dw 8D8Bh
.text:003F1A58 ; ---------------------------------------------------------------------------
.text:003F1A58 ; START OF FUNCTION CHUNK FOR sub_3F1994
.text:003F1A58
.text:003F1A58 loc_3F1A58:                            ; CODE XREF: sub_3F1994+95j
.text:003F1A58                lea    ecx, [ebp-8]
.text:003F1A5B                push ecx          ; lpflOldProtect
.text:003F1A5C                or    eax, 40h
.text:003F1A5F                push eax          ; flNewProtect
.text:003F1A60                push dword ptr [ebp+0Ch] ; dwSize
.text:003F1A63                push dword ptr [ebp+8] ; lpAddress
.text:003F1A66                call ds:VirtualProtect
.text:003F1A6C                jmp    loc_41E78A
.text:003F1A6C ; END OF FUNCTION CHUNK FOR sub_3F1994
.text:003F1A71 ; ---------------------------------------------------------------------------
.text:003F1A71                cmpsd
.text:003F1A72 ; START OF FUNCTION CHUNK FOR sub_3F19E8
.text:003F1A72
.text:003F1A72 loc_3F1A72:                            ; CODE XREF: sub_3F19E8+13j
.text:003F1A72                                        ; sub_3F19E8+63j
.text:003F1A72                mov    eax, [ebp-4]
.text:003F1A75                test byte ptr [eax+3], 10h
.text:003F1A79                jnz    loc_3F1A41
.text:003F1A7F                jmp    loc_3F1A2F
.text:003F1A7F ; END OF FUNCTION CHUNK FOR sub_3F19E8
.text:003F1A7F ; ---------------------------------------------------------------------------
.text:003F1A84                dd 3 dup(0)
.text:003F1A90                dd 1000h, 1Ch, 3910390Bh, 3924391Eh, 3930392Ah, 39B93985h
.text:003F1A90                dd 3A683A04h, 11000h, 358h, 3075300Fh, 309B3093h, 30B630AFh
.text:003F1A90                dd 311E3105h, 31413125h, 31943174h, 31A831A1h, 320531B2h
.text:003F1A90                dd 324B3239h, 32D03287h, 32DF32DAh, 330232F1h, 33B0334Bh
.text:003F1A90                dd 33BF33BAh, 33E533D1h, 355834D7h, 363235DCh, 3642363Ch
.text:003F1A90                dd 367D364Fh, 370336EAh, 3710370Bh, 371D3715h, 37273722h
.text:003F1A90                dd 3734372Fh, 37413739h, 374B3746h, 37583753h, 3765375Dh
.text:003F1A90                dd 376F376Ah, 377C3777h, 37893781h, 3793378Eh, 37A0379Bh
.text:003F1A90                dd 37AD37A5h, 37B737B2h, 37C437BFh, 37D137C9h, 37DB37D6h
.text:003F1A90                dd 37E837E3h, 37F537EDh, 37FF37FAh, 380C3807h, 38193811h
.text:003F1A90                dd 3823381Eh, 3830382Bh, 383D3835h, 38473842h, 3854384Fh
.text:003F1A90                dd 38613859h, 386B3866h, 38783873h, 3885387Dh, 388F388Ah
.text:003F1A90                dd 389C3897h, 38A938A1h, 38B338AEh, 38C038BBh, 38CD38C5h
.text:003F1A90                dd 38D738D2h, 38E438DFh, 38F138E9h, 38FB38F6h, 39083903h
.text:003F1A90                dd 3915390Dh, 391F391Ah, 392C3927h, 39393931h, 3943393Eh
.text:003F1A90                dd 3950394Bh, 395D3955h, 39673962h, 3974396Fh, 39813979h

如何让红色的部分数据正常显示？

2011-4-10 17:11