1 System snapshot taken on 2/12/07 4:16:42 AM. 2 3 *----> Summary/Overview <----* 4 5 NSISDL.DLL attempted to read from memory that does not exist. 6 It may be using an uninitialized variable, or it may be 7 attempting to access memory after having freed it. 8 9 Module Name: NSISDL.DLL 10 11 Application Name: Debian-svn45063.exe 12 13 -------------------- 14 Windows 95/98 VMware SVGA Display Driver does not appear to be 15 a Windows 95 Plug-and-Play compatible display driver. 16 17 Module Name: vmx_svga.drv 18 Description: Windows 95/98 VMware SVGA Display Driver 19 Version: build-29996 20 Product: VMware SVGA II (FIFO) 21 Manufacturer: VMware, Inc. 22 23 User's Remarks: 24 25 26 *----> System Information <----* 27 28 Microsoft Windows 98 4.10.2222 A 29 Clean install using Full OEM CD 30 /T:C:\WININST0.400 /SrcDir=X:\WIN98 /IE /NF /IZ /IS /IQ /IT /II /NR /II /C /U:xxxxxxxxxxxxxxxxx 31 IE 5 5.00.2614.3500 32 Uptime: 0:00:04:06 33 Normal mode 34 On "WIN98" as "%NAME%" 35 36 GenuineIntel x86 Family 15 Model 2 Stepping 4 37 192MB RAM 38 86% system resources free 39 Windows-managed swap file on drive C (7931MB free) 40 Temporary files on drive C (7931MB free) 41 42 *----> Task list <----* 43 44 Program 45 Type 46 Path 47 ------------ 48 49 1. Kernel32.dll 50 4.10.2222 51 Microsoft Corporation 52 53 2. MSGSRV32.EXE 54 4.10.2222 55 Microsoft Corporation 56 57 3. Mprexe.exe 58 4.10.1998 59 Microsoft Corporation 60 61 4. Mstask.exe 62 4.71.1959.1 63 Microsoft Corporation 64 65 5. Vmwareservice.exe 66 1.0.1 build-29996 67 VMware, Inc. 68 69 6. Explorer.exe 70 4.72.3110.1 71 Microsoft Corporation 72 73 7. Taskmon.exe 74 4.10.1998 75 Microsoft Corporation 76 77 8. Systray.exe 78 4.10.2222 79 Microsoft Corporation 80 81 9. Vmwaretray.exe 82 1.0.1 build-29996 83 VMware, Inc. 84 85 10. Vmwareuser.exe 86 1.0.1 build-29996 87 VMware, Inc. 88 89 11. Debian-svn45063.exe 90 91 92 93 12. Drwatson.exe 94 4.03 95 Microsoft Corporation 96 97 *----> Startup Items <----* 98 99 Name 100 Loaded from 101 Command 102 ------------------- 103 104 1. ScanRegistry 105 Registry (Machine Run) 106 C:\WINDOWS\scanregw.exe /autorun 107 108 2. TaskMonitor 109 Registry (Machine Run) 110 C:\WINDOWS\taskmon.exe 111 112 3. SystemTray 113 Registry (Machine Run) 114 SysTray.Exe 115 116 4. LoadPowerProfile 117 Registry (Machine Run) 118 Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 119 120 5. VMware Tools 121 Registry (Machine Run) 122 C:\Program Files\VMware\VMware Tools\VMwareTray.exe 123 124 6. VMware User Process 125 Registry (Machine Run) 126 C:\Program Files\VMware\VMware Tools\VMwareUser.exe 127 128 7. LoadPowerProfile 129 Registry (Machine Service) 130 Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 131 132 8. SchedulingAgent 133 Registry (Machine Service) 134 C:\WINDOWS\SYSTEM\mstask.exe 135 136 9. VMTools 137 Registry (Machine Service) 138 C:\Program Files\VMware\VMware Tools\VMwareService.exe 139 140 *----> System Hooks <----* 141 142 Hook type 143 Hooked by 144 Application 145 DLL path 146 Application path 147 ------------------------ 148 149 1. Mouse 150 Hook.dll 151 VMWAREUSER.EXE 152 C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\Hook.dll 153 C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\VMWAREUSER.EXE 154 155 *----> Kernel Drivers <----* 156 157 Driver 158 Loaded from 159 Type 160 Likely path 161 ------------------- 162 163 1. VMM 164 165 Microsoft Corporation 166 Virtual Machine Manager 167 168 2. MTRR 169 170 Microsoft Corporation 171 ? 172 173 3. VCACHE 174 175 Microsoft Corporation 176 Cache manager 177 178 4. PERF 179 180 Microsoft Corporation 181 System Monitor data collection driver 182 183 5. VFIXD 184 1.00.02 185 Intel Corporation 186 Compatibility VxD 187 188 6. VPOWERD 189 4.10.2222 190 Microsoft Corporation 191 VPOWERD Virtual Device (Version 4.0) 192 193 7. VPICD 194 195 Microsoft Corporation 196 Hardware interrupt manager 197 198 8. VrtwD 199 1.1.075.3 200 Intel Corporation 201 Real-Time Clock VxD 202 203 9. VTD 204 205 Microsoft Corporation 206 Timer device driver 207 208 10. VWIN32 209 210 Microsoft Corporation 211 Win32 subsystem driver 212 213 11. VXDLDR 214 215 Microsoft Corporation 216 Dynamic device driver loader 217 218 12. NTKERN 219 220 Microsoft Corporation 221 Windows Driver Model 222 223 13. CONFIGMG 224 225 Microsoft Corporation 226 Configuration manager 227 228 14. PCI 229 4.10.2222 230 Microsoft Corporation 231 PCI Virtual Device (Version 4.0) 232 233 15. ISAPNP 234 4.10.1998 235 Microsoft Corporation 236 ISAPNP Virtual Device (Version 4.0) 237 238 16. ACPI 239 240 Microsoft Corporation 241 ? 242 243 17. VCDFSD 244 245 Microsoft Corporation 246 CD-ROM filesystem driver 247 248 18. IOS 249 250 Microsoft Corporation 251 I/O Supervisor 252 253 19. PAGEFILE 254 255 Microsoft Corporation 256 Swapfile driver 257 258 20. PAGESWAP 259 260 Microsoft Corporation 261 Swapfile manager 262 263 21. PARITY 264 265 Microsoft Corporation 266 Memory parity driver 267 268 22. REBOOT 269 270 Microsoft Corporation 271 Ctrl+Alt+Del manager 272 273 23. EBIOS 274 275 Microsoft Corporation 276 Extended BIOS driver 277 278 24. VDD 279 280 Microsoft Corporation 281 Display driver 282 283 25. VMX_SVGA 284 285 286 287 288 26. VSD 289 290 Microsoft Corporation 291 Speaker driver 292 293 27. COMBUFF 294 295 Microsoft Corporation 296 Communications buffer driver 297 298 28. VCD 299 300 Microsoft Corporation 301 Communications port driver 302 303 29. VMOUSE 304 305 Microsoft Corporation 306 Mouse driver 307 308 30. MSMINI 309 4.10.1998 310 Microsoft Corporation 311 MSMINI Virtual Device (Version 4.0) 312 313 31. ENABLE 314 315 Microsoft Corporation 316 Accessibility driver 317 318 32. VKD 319 320 Microsoft Corporation 321 Keyboard driver 322 323 33. VPD 324 325 Microsoft Corporation 326 Printer driver 327 328 34. INT13 329 330 Microsoft Corporation 331 BIOS hard disk emulation driver 332 333 35. VMCPD 334 335 Microsoft Corporation 336 Math coprocessor driver 337 338 36. BIOSXLAT 339 340 Microsoft Corporation 341 BIOS emulation driver 342 343 37. VNETBIOS 344 4.10.1998 345 Microsoft Corporation 346 VNETBIOS Virtual Device (Version 4.0) 347 348 38. NDIS 349 4.10.2222 350 Microsoft Corporation 351 NDIS Virtual Device (Version 4.0) 352 353 39. PPPMAC 354 4.10.2222 355 Microsoft Corporation 356 Windows Virtual PPP Driver 357 358 40. VTDI 359 4.10.1998 360 Microsoft Corporation 361 Windows TDI Support Driver 362 363 41. WSOCK2 364 4.10.1998 365 Microsoft Corporation 366 Windows Sockets Driver 2 TCP/IP only. 367 368 42. VIP 369 4.10.2222 370 Microsoft Corporation 371 Windows IP Driver 372 373 43. MSTCP 374 4.10.2222 375 Microsoft Corporation 376 Windows TCP Driver 377 378 44. VDHCP 379 4.10.2161 380 Microsoft Corporation 381 DHCP VxD Driver 382 383 45. VNBT 384 4.10.2148 385 Microsoft Corporation 386 VNBT VxD Driver 387 388 46. AFVXD 389 4.10.2222 390 Microsoft Corporation 391 Windows Sockets VTDI Driver 392 393 47. DOSMGR 394 395 Microsoft Corporation 396 MS-DOS emulation manager 397 398 48. VMPOLL 399 400 Microsoft Corporation 401 System idle-time driver 402 403 49. JAVASUP 404 5.00.3167 405 Microsoft Corporation 406 Microsoft® Virtual Machine Helper Device for Java 407 408 50. VCOMM 409 410 Microsoft Corporation 411 Communications port Plug and Play driver 412 413 51. VCOND 414 415 Microsoft Corporation 416 Console subsystem driver 417 418 52. VTDAPI 419 420 Microsoft Corporation 421 Multimedia timer driver 422 423 53. VFLATD 424 425 Microsoft Corporation 426 Linear aperture video driver 427 428 54. Display1 429 430 431 432 433 55. APIX 434 4.00.952 435 Microsoft Corporation 436 APIX Virtual Device (Version 4.0) 437 438 56. CDTSD 439 4.10.1998 440 Microsoft Corporation 441 CDTSD Virtual Device (Version 4.0) 442 443 57. CDVSD 444 4.10.2222 445 Microsoft Corporation 446 CDVSD Virtual Device (Version 4.0) 447 448 58. DiskTSD 449 4.10.2222 450 Microsoft Corporation 451 DiskTSD Virtual Device (Version 4.0) 452 453 59. scsi1hlp 454 4.10.1998 455 Microsoft Corporation 456 scsi1hlp Virtual Device (Version 4.0) 457 458 60. voltrack 459 4.10.1998 460 Microsoft Corporation 461 voltrack Virtual Device (Version 4.0) 462 463 61. BIGMEM 464 4.10.1998 465 Microsoft Corporation 466 BIGMEM Virtual Device (Version 4.0) 467 468 62. SPAP 469 4.10.2222 470 Microsoft Corporation 471 SPAP Virtual Device (Version 4.0) 472 473 63. HSFLOP 474 4.10.2222 475 Microsoft Corporation 476 HSFLOP Virtual Device (Version 4.0) 477 478 64. SCSIPORT 479 4.10.2222 480 Microsoft Corporation 481 SCSIPORT Virtual Device (Version 4.0) 482 483 65. ESDI_506 484 4.10.2222 485 Microsoft Corporation 486 ESDI_506 Virtual Device (Version 4.0) 487 488 66. LPTENUM 489 4.10.1998 490 Microsoft Corporation 491 LPTENUM Virtual Device (Version 4.0) 492 493 67. SERENUM 494 4.10.2222 495 Microsoft Corporation 496 SERENUM Virtual Device (Version 4.0) 497 498 68. sage 499 4.71.1016 500 Microsoft Corporation 501 sage Virtual Device (Version 4.0) 502 503 69. WSHTCP 504 4.10.1998 505 Microsoft Corporation 506 Windows Sockets TCP helper Driver 507 508 70. FIOLOG 509 4.10.1998 510 Microsoft Corporation 511 File I/O Logging VxD for Application Defrag 512 513 71. mmdevldr 514 4.10.1998 515 Microsoft Corporation 516 mmdevldr Virtual Device (Version 4.0) 517 518 72. vjoyd 519 4.05.01.1998 520 Microsoft Corporation 521 Joystick Virtual Device 522 523 73. VDMAD 524 525 Microsoft Corporation 526 Direct Memory Access controller driver 527 528 74. V86MMGR 529 530 Microsoft Corporation 531 MS-DOS memory manager 532 533 75. SPOOLER 534 535 Microsoft Corporation 536 Print spooler 537 538 76. UDF 539 540 Microsoft Corporation 541 ? 542 543 77. VFAT 544 545 Microsoft Corporation 546 FAT filesystem driver 547 548 78. VDEF 549 550 Microsoft Corporation 551 Default filesystem driver 552 553 79. CDFS 554 4.10.1998 555 Microsoft Corporation 556 CDFS Virtual Device (Version 4.0) 557 558 80. IFSMGR 559 560 Microsoft Corporation 561 File system manager 562 563 81. VFBACKUP 564 565 Microsoft Corporation 566 Floppy backup helper driver 567 568 82. SHELL 569 570 Microsoft Corporation 571 Shell device driver 572 573 83. DRWATSON 574 4.03 575 Microsoft Corporation 576 Dr. Watson for Windows 98 577 578 84. buslogic 579 5.01 580 BusLogic,Inc. 581 Multimaster Adapter Miniport Driver 582 583 85. wmidrv 584 585 586 587 588 86. cmbatt 589 590 591 592 593 87. hidvkd 594 595 596 597 598 88. compbatt 599 600 601 602 603 89. BATTC 604 605 606 607 608 90. acpi 609 610 Microsoft Corporation 611 ? 612 613 91. swenum 614 615 616 617 618 92. ks 619 620 621 622 623 93. update 624 625 626 627 628 94. wdmfs 629 630 631 632 633 *----> User-Mode Drivers <----* 634 635 Driver 636 Type 637 Path 638 ------------ 639 640 1. mmsystem.dll 641 4.03.1998 642 Microsoft Corporation 643 644 2. power.drv 645 4.10.1998 646 Microsoft Corporation 647 648 *----> MS-DOS Drivers <----* 649 650 Name 651 Type 652 ------------ 653 654 1. HIMEM 655 Device driver 656 657 2. DBLBUFF 658 Device driver 659 660 3. IFSHLP 661 Device driver 662 663 *----> 32-bit Modules <----* 664 665 Name 666 Date 667 Address 668 Path 669 --------------- 670 671 1. NSISDL.DLL 672 673 674 675 676 2. WS2_32.DLL 677 4.10.2222 678 Microsoft Corporation 679 Windows Socket 2.0 32-Bit DLL 680 681 3. WININET.DLL 682 5.00.2614.3500 683 Microsoft Corporation 684 Internet Extensions for Win32 685 686 4. WS2HELP.DLL 687 4.10.1998 688 Microsoft Corporation 689 Windows Socket 2.0 Helper for Windows 98 690 691 5. MSVCRT.DLL 692 6.00.8797.0 693 Microsoft Corporation 694 Microsoft (R) C Runtime Library 695 696 6. RICHED20.DLL 697 5.30.23.1200 698 Microsoft Corporation 699 Rich Text Edit Control, v3.0 700 701 7. HOOK.DLL 702 703 704 705 706 8. DEBIAN-SVN45063.EXE 707 708 709 710 711 9. VERSION.DLL 712 4.10.1998 713 Microsoft Corporation 714 Win32 VERSION core component 715 716 10. SHELL32.DLL 717 4.72.3612.1700 718 Microsoft Corporation 719 Windows Shell Common Dll 720 721 11. SHLWAPI.DLL 722 5.00.2614.3500 723 Microsoft Corporation 724 Shell Light-weight Utility Library 725 726 12. OLE32.DLL 727 4.71.2900 728 Microsoft Corporation 729 Microsoft OLE for Windows and Windows NT 730 731 13. COMCTL32.DLL 732 5.80 733 Microsoft Corporation 734 Common Controls Library 735 736 14. USER32.DLL 737 4.10.2222 738 Microsoft Corporation 739 Win32 USER32 core component 740 741 15. GDI32.DLL 742 4.10.1998 743 Microsoft Corporation 744 Win32 GDI core component 745 746 16. ADVAPI32.DLL 747 4.80.1675 748 Microsoft Corporation 749 Win32 ADVAPI32 core component 750 751 17. KERNEL32.DLL 752 4.10.2222 753 Microsoft Corporation 754 Win32 Kernel core component 755 756 *----> 16-bit Modules <----* 757 758 Name 759 Type 760 Path 761 ------------ 762 763 1. KERNEL 764 4.10.1998 765 Microsoft Corporation 766 767 2. SYSTEM 768 4.10.1998 769 Microsoft Corporation 770 771 3. KEYBOARD 772 4.10.2222 773 Microsoft Corporation 774 775 4. MOUSE 776 9.01.0.000 777 Microsoft Corporation 778 779 5. DISPLAY 780 build-29996 781 VMware, Inc. 782 783 6. DIBENG 784 4.10.1998 785 Microsoft Corporation 786 787 7. SOUND 788 4.10.1998 789 Microsoft Corporation 790 791 8. COMM 792 4.10.1998 793 Microsoft Corporation 794 795 9. GDI 796 4.10.2222 797 Microsoft Corporation 798 799 10. USER 800 4.10.2222 801 Microsoft Corporation 802 803 11. DDEML 804 4.10.1998 805 Microsoft Corporation 806 807 12. MSPLUS 808 4.40.500 809 Microsoft Corporation 810 811 13. MSGSRV32 812 4.10.2222 813 Microsoft Corporation 814 815 14. MMSYSTEM 816 4.03.1998 817 Microsoft Corporation 818 819 15. POWER 820 4.10.1998 821 Microsoft Corporation 822 823 16. LZEXPAND 824 4.00.429 825 Microsoft Corporation 826 827 17. VER 828 4.10.1998 829 Microsoft Corporation 830 831 18. SHELL 832 4.10.1998 833 Microsoft Corporation 834 835 19. COMMCTRL 836 4.10.1998 837 Microsoft Corporation 838 839 20. COMMDLG 840 4.00.950 841 Microsoft Corporation 842 843 21. SYSTHUNK 844 4.10.1998 845 Microsoft Corporation 846 847 22. OLECLI 848 1.20.000 849 Microsoft Corporation 850 851 23. OLESVR 852 1.10.000 853 Microsoft Corporation 854 855 24. DCIMAN 856 4.03.1998 857 Intel(R) Corp., Microsoft Corp. 858 859 25. MSVIDEO 860 4.03.1998 861 Microsoft Corporation 862 863 26. AVICAP 864 4.03.1998 865 Microsoft Corporation 866 867 27. WIN87EM 868 869 870 871 28. PIFMGR 872 4.10.2222 873 Microsoft Corporation 874 875 29. TOOLHELP 876 4.10.1998 877 Microsoft Corporation 878 879 *----> Details <----* 880 881 Command line: "D:\debian-svn45063.exe" 882 883 Trap 0e 0000 - Invalid page fault 884 eax=00000041 ebx=012b0440 ecx=00000000 edx=ffffffff esi=00000000 edi=013aed90 885 eip=6ae47ce3 esp=013aece0 ebp=013aed38 -- -- -- nv up EI NG nz AC PE CF 886 cs=0167 ss=016f ds=016f es=016f fs=2ee7 gs=0000 887 NSISDL.DLL:.text+0x6ce3: 888 >0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 889 890 sel type base lim/bot 891 ---- ---- -------- -------- 892 cs 0167 r-x- 00000000 ffbfffff 893 ss 016f rw-e 00000000 000087a0 894 ds 016f rw-e 00000000 000087a0 895 es 016f rw-e 00000000 000087a0 896 fs 2ee7 rw-- 818359d0 00000037 897 gs 0000 ---- 898 899 stack base: 011b0000 900 TIB limits: 013ad000 - 013b0000 901 902 -- exception record -- 903 904 Exception Code: c0000005 (access violation) 905 Exception Address: 6ae47ce3 (NSISDL.DLL:.text+0x6ce3) 906 Exception Info: 00000000 907 012b0440 908 909 NSISDL.DLL:.text+0x6ce3: 910 >0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 911 912 0167:6ae47ccc 8d742600 lea esi,[esi] 913 0167:6ae47cd0 01c9 add ecx,ecx 914 0167:6ae47cd2 4a dec edx 915 0167:6ae47cd3 780e js 6ae47ce3 = NSISDL.DLL:.text+0x6ce3 916 0167:6ae47cd5 807c15a841 cmp byte ptr [ebp+edx-58],41 917 0167:6ae47cda 75f4 jnz 6ae47cd0 = NSISDL.DLL:.text+0x6cd0 918 0167:6ae47cdc 09cb or ebx,ecx 919 0167:6ae47cde 01c9 add ecx,ecx 920 0167:6ae47ce0 4a dec edx 921 0167:6ae47ce1 79f2 jns 6ae47cd5 = NSISDL.DLL:.text+0x6cd5 922 NSISDL.DLL:.text+0x6ce3: 923 *0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 924 0167:6ae47ce6 7507 jnz 6ae47cef = NSISDL.DLL:.text+0x6cef 925 0167:6ae47ce8 89d8 mov eax,ebx 926 0167:6ae47cea 8b5dfc mov ebx,dword ptr [ebp-04] 927 0167:6ae47ced c9 leave 928 0167:6ae47cee c3 retd 929 0167:6ae47cef 50 push eax 930 0167:6ae47cf0 68f7000000 push 000000f7 931 0167:6ae47cf5 6844a4e46a push 6ae4a444 932 0167:6ae47cfa 68bca4e46a push 6ae4a4bc 933 0167:6ae47cff e83c0f0000 call 6ae48c40 = MSVCRT.DLL!_assert 934 935 -------------------- 936 937 938 -- stack summary -- 939 940 016f:013aed38 0167:6ae47ce3 NSISDL.DLL:.text+0x6ce3 941 (00000000,00000000,00000000,00000000, 942 00000000,00000000,00000000,00000000) 943 016f:013aedf8 0167:6ae47f59 NSISDL.DLL:.text+0x6f59 944 (00000000,00000000,00000000,818342e4, 945 00000008,818359c8,013afcb8,6ae44429) 946 016f:013aee18 0167:6ae480c9 NSISDL.DLL:.text+0x70c9 947 (013aee7c,00000000,00000000,00000000, 948 00000000,00000000,00000000,00000000) 949 016f:013afcb8 0167:6ae44429 NSISDL.DLL:.text+0x3429 950 (00000404,00000400,0042d000,0040f840, 951 0040c000,0040f850,00000000,00000000) 952 016f:013aff38 0167:00403255 DEBIAN-SVN45063.EXE:.text+0x2255 953 (00441f5c,00000402,00002af8,00000000, 954 00000000,00000000,00000000,00000000) 955 016f:013aff68 0167:00401874 DEBIAN-SVN45063.EXE:.text+0x874 956 (000000dd,00000534,013affbc,bffc05b4, 957 bff79198,ffffffff,013affcc,00440318) 958 016f:013aff98 0167:00407bd7 DEBIAN-SVN45063.EXE:.text+0x6bd7 959 (00000534,818359c8,00000008,818342e4, 960 00000007,013affa4,013aeb10,ffffffff) 961 016f:013affcc 0167:bff88f20 KERNEL32!ThreadStartup 962 963 -- stack trace -- 964 965 016f:013aed38 0167:6ae47ce3 NSISDL.DLL:.text+0x6ce3 966 (00000000,00000000,00000000,00000000, 967 00000000,00000000,00000000,00000000) 968 0167:6ae47ccc 8d742600 lea esi,[esi] 969 0167:6ae47cd0 01c9 add ecx,ecx 970 0167:6ae47cd2 4a dec edx 971 0167:6ae47cd3 780e js 6ae47ce3 = NSISDL.DLL:.text+0x6ce3 972 0167:6ae47cd5 807c15a841 cmp byte ptr [ebp+edx-58],41 973 0167:6ae47cda 75f4 jnz 6ae47cd0 = NSISDL.DLL:.text+0x6cd0 974 0167:6ae47cdc 09cb or ebx,ecx 975 0167:6ae47cde 01c9 add ecx,ecx 976 0167:6ae47ce0 4a dec edx 977 0167:6ae47ce1 79f2 jns 6ae47cd5 = NSISDL.DLL:.text+0x6cd5 978 NSISDL.DLL:.text+0x6ce3: 979 *0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 980 0167:6ae47ce6 7507 jnz 6ae47cef = NSISDL.DLL:.text+0x6cef 981 0167:6ae47ce8 89d8 mov eax,ebx 982 0167:6ae47cea 8b5dfc mov ebx,dword ptr [ebp-04] 983 0167:6ae47ced c9 leave 984 0167:6ae47cee c3 retd 985 0167:6ae47cef 50 push eax 986 0167:6ae47cf0 68f7000000 push 000000f7 987 0167:6ae47cf5 6844a4e46a push 6ae4a444 988 0167:6ae47cfa 68bca4e46a push 6ae4a4bc 989 0167:6ae47cff e83c0f0000 call 6ae48c40 = MSVCRT.DLL!_assert 990 991 -------------------- 992 993 016f:013aedf8 0167:6ae47f59 NSISDL.DLL:.text+0x6f59 994 (00000000,00000000,00000000,818342e4, 995 00000008,818359c8,013afcb8,6ae44429) 996 0167:6ae47f35 57 push edi 997 0167:6ae47f36 e8350d0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA 998 0167:6ae47f3b 83c40c add esp,+0c 999 0167:6ae47f3e 25ffff0000 and eax,0000ffff 1000 0167:6ae47f43 e858fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 1001 0167:6ae47f48 83c410 add esp,+10 1002 0167:6ae47f4b 89c6 mov esi,eax 1003 0167:6ae47f4d eb0c jmp 6ae47f5b = NSISDL.DLL:.text+0x6f5b 1004 0167:6ae47f4f 25ffff0000 and eax,0000ffff 1005 0167:6ae47f54 e847fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 1006 NSISDL.DLL:.text+0x6f59: 1007 *0167:6ae47f59 89c6 mov esi,eax 1008 0167:6ae47f5b 8d4604 lea eax,[esi+04] 1009 0167:6ae47f5e 89358045e56a mov dword ptr [6ae54580],esi 1010 0167:6ae47f64 a37045e56a mov dword ptr [6ae54570],eax 1011 0167:6ae47f69 8d4608 lea eax,[esi+08] 1012 0167:6ae47f6c a39045e56a mov dword ptr [6ae54590],eax 1013 0167:6ae47f71 8d65f4 lea esp,[ebp-0c] 1014 0167:6ae47f74 5b pop ebx 1015 0167:6ae47f75 5e pop esi 1016 0167:6ae47f76 5f pop edi 1017 0167:6ae47f77 5d pop ebp 1018 1019 -------------------- 1020 1021 016f:013aee18 0167:6ae480c9 NSISDL.DLL:.text+0x70c9 1022 (013aee7c,00000000,00000000,00000000, 1023 00000000,00000000,00000000,00000000) 1024 0167:6ae480b4 8b4228 mov eax,dword ptr [edx+28] 1025 0167:6ae480b7 8907 mov dword ptr [edi],eax 1026 0167:6ae480b9 897a28 mov dword ptr [edx+28],edi 1027 0167:6ae480bc 8d65f4 lea esp,[ebp-0c] 1028 0167:6ae480bf 5b pop ebx 1029 0167:6ae480c0 5e pop esi 1030 0167:6ae480c1 5f pop edi 1031 0167:6ae480c2 5d pop ebp 1032 0167:6ae480c3 c3 retd 1033 0167:6ae480c4 e857fcffff call 6ae47d20 = NSISDL.DLL:.text+0x6d20 1034 NSISDL.DLL:.text+0x70c9: 1035 *0167:6ae480c9 8b158045e56a mov edx,dword ptr [6ae54580] 1036 0167:6ae480cf 8b422c mov eax,dword ptr [edx+2c] 1037 0167:6ae480d2 85c0 test eax,eax 1038 0167:6ae480d4 79d7 jns 6ae480ad = NSISDL.DLL:.text+0x70ad 1039 0167:6ae480d6 e825ffffff call 6ae48000 = NSISDL.DLL:.text+0x7000 1040 0167:6ae480db 8b158045e56a mov edx,dword ptr [6ae54580] 1041 0167:6ae480e1 8b722c mov esi,dword ptr [edx+2c] 1042 0167:6ae480e4 85f6 test esi,esi 1043 0167:6ae480e6 74cc jz 6ae480b4 = NSISDL.DLL:.text+0x70b4 1044 0167:6ae480e8 8b5a30 mov ebx,dword ptr [edx+30] 1045 0167:6ae480eb e8c00b0000 call 6ae48cb0 = KERNEL32.DLL!GetLastError 1046 1047 -------------------- 1048 1049 016f:013afcb8 0167:6ae44429 NSISDL.DLL:.text+0x3429 1050 (00000404,00000400,0042d000,0040f840, 1051 0040c000,0040f850,00000000,00000000) 1052 0167:6ae44407 f1 int 1 1053 0167:6ae44408 ff ?db ff 1054 0167:6ae44409 ff8d55e88910 dec dword ptr [ebp+1089e855] 1055 0167:6ae4440f ba454be46a mov edx,6ae44b45 1056 0167:6ae44414 895004 mov dword ptr [eax+04],edx 1057 0167:6ae44417 896008 mov dword ptr [eax+08],esp 1058 0167:6ae4441a 8d85c4f1ffff lea eax,[ebp-00000e3c] 1059 0167:6ae44420 83ec0c sub esp,+0c 1060 0167:6ae44423 50 push eax 1061 0167:6ae44424 e8673c0000 call 6ae48090 = NSISDL.DLL:.text+0x7090 1062 NSISDL.DLL:.text+0x3429: 1063 *0167:6ae44429 83c410 add esp,+10 1064 0167:6ae4442c c785e4f3ffff00000000 mov dword ptr [ebp-00000c1c],00000000 1065 0167:6ae44436 c785e0f3ffff30750000 mov dword ptr [ebp-00000c20],00007530 1066 0167:6ae44440 c785dcf3ffff01000000 mov dword ptr [ebp-00000c24],00000001 1067 0167:6ae4444a c785d8f3ffff00000000 mov dword ptr [ebp-00000c28],00000000 1068 0167:6ae44454 c785d4f3ffff00000000 mov dword ptr [ebp-00000c2c],00000000 1069 0167:6ae4445e 8b450c mov eax,dword ptr [ebp+0c] 1070 0167:6ae44461 a338c0e46a mov dword ptr [6ae4c038],eax 1071 0167:6ae44466 8b ?db 8b 1072 0167:6ae44467 45 inc ebp 1073 0167:6ae44468 14 ?db 14 1074 1075 -------------------- 1076 1077 016f:013aff38 0167:00403255 DEBIAN-SVN45063.EXE:.text+0x2255 1078 (00441f5c,00000402,00002af8,00000000, 1079 00000000,00000000,00000000,00000000) 1080 0167:00403230 8b459c mov eax,dword ptr [ebp-64] 1081 0167:00403233 8945a0 mov dword ptr [ebp-60],eax 1082 0167:00403236 83ec0c sub esp,+0c 1083 0167:00403239 6800c04000 push 0040c000 1084 0167:0040323e 6840f84000 push 0040f840 1085 0167:00403243 6800d04200 push 0042d000 1086 0167:00403248 6800040000 push 00000400 1087 0167:0040324d ff75dc push dword ptr [ebp-24] 1088 0167:00403250 8b45a0 mov eax,dword ptr [ebp-60] 1089 0167:00403253 ffd0 call eax 1090 DEBIAN-SVN45063.EXE:.text+0x2255: 1091 *0167:00403255 83c420 add esp,+20 1092 0167:00403258 eb13 jmp 0040326d = DEBIAN-SVN45063.EXE:.text+0x226d 1093 0167:0040325a 83ec08 sub esp,+08 1094 0167:0040325d ffb574ffffff push dword ptr [ebp-0000008c] 1095 0167:00403263 6af7 push -09 1096 0167:00403265 e8dc470000 call 00407a46 = DEBIAN-SVN45063.EXE:.text+0x6a46 1097 0167:0040326a 83c408 add esp,+08 1098 0167:0040326d 837dc800 cmp dword ptr [ebp-38],+00 1099 0167:00403271 752f jnz 004032a2 = DEBIAN-SVN45063.EXE:.text+0x22a2 1100 0167:00403273 83ec0c sub esp,+0c 1101 0167:00403276 ffb56cffffff push dword ptr [ebp-00000094] 1102 1103 -------------------- 1104 1105 016f:013aff68 0167:00401874 DEBIAN-SVN45063.EXE:.text+0x874 1106 (000000dd,00000534,013affbc,bffc05b4, 1107 bff79198,ffffffff,013affcc,00440318) 1108 0167:00401853 e9e4000000 jmp 0040193c = DEBIAN-SVN45063.EXE:.text+0x93c 1109 0167:00401858 83ec0c sub esp,+0c 1110 0167:0040185b 8b5508 mov edx,dword ptr [ebp+08] 1111 0167:0040185e 89d0 mov eax,edx 1112 0167:00401860 c1e003 shl eax,03 1113 0167:00401863 29d0 sub eax,edx 1114 0167:00401865 c1e002 shl eax,02 1115 0167:00401868 0305a0944200 add eax,dword ptr [004294a0] 1116 0167:0040186e 50 push eax 1117 0167:0040186f e8e6020000 call 00401b5a = DEBIAN-SVN45063.EXE:.text+0xb5a 1118 DEBIAN-SVN45063.EXE:.text+0x874: 1119 *0167:00401874 83c40c add esp,+0c 1120 0167:00401877 8945fc mov dword ptr [ebp-04],eax 1121 0167:0040187a 817dfcffffff7f cmp dword ptr [ebp-04],7fffffff 1122 0167:00401881 750c jnz 0040188f = DEBIAN-SVN45063.EXE:.text+0x88f 1123 0167:00401883 c745f4ffffff7f mov dword ptr [ebp-0c],7fffffff 1124 0167:0040188a e9ad000000 jmp 0040193c = DEBIAN-SVN45063.EXE:.text+0x93c 1125 0167:0040188f 8b45fc mov eax,dword ptr [ebp-04] 1126 0167:00401892 8945f0 mov dword ptr [ebp-10],eax 1127 0167:00401895 837dfc00 cmp dword ptr [ebp-04],+00 1128 0167:00401899 791d jns 004018b8 = DEBIAN-SVN45063.EXE:.text+0x8b8 1129 0167:0040189b 83ec0c sub esp,+0c 1130 1131 -------------------- 1132 1133 016f:013aff98 0167:00407bd7 DEBIAN-SVN45063.EXE:.text+0x6bd7 1134 (00000534,818359c8,00000008,818342e4, 1135 00000007,013affa4,013aeb10,ffffffff) 1136 0167:00407bb9 8b45f4 mov eax,dword ptr [ebp-0c] 1137 0167:00407bbc 8b4008 mov eax,dword ptr [eax+08] 1138 0167:00407bbf 83e001 and eax,+01 1139 0167:00407bc2 85c0 test eax,eax 1140 0167:00407bc4 7420 jz 00407be6 = DEBIAN-SVN45063.EXE:.text+0x6be6 1141 0167:00407bc6 83ec08 sub esp,+08 1142 0167:00407bc9 ff75f8 push dword ptr [ebp-08] 1143 0167:00407bcc 8b45f4 mov eax,dword ptr [ebp-0c] 1144 0167:00407bcf ff700c push dword ptr [eax+0c] 1145 0167:00407bd2 e8499cffff call 00401820 = DEBIAN-SVN45063.EXE:.text+0x820 1146 DEBIAN-SVN45063.EXE:.text+0x6bd7: 1147 *0167:00407bd7 83c408 add esp,+08 1148 0167:00407bda 85c0 test eax,eax 1149 0167:00407bdc 7408 jz 00407be6 = DEBIAN-SVN45063.EXE:.text+0x6be6 1150 0167:00407bde ff053c944200 inc dword ptr [0042943c] 1151 0167:00407be4 eb0b jmp 00407bf1 = DEBIAN-SVN45063.EXE:.text+0x6bf1 1152 0167:00407be6 8d45f4 lea eax,[ebp-0c] 1153 0167:00407be9 810018040000 add dword ptr [eax],00000418 1154 0167:00407bef ebbd jmp 00407bae = DEBIAN-SVN45063.EXE:.text+0x6bae 1155 0167:00407bf1 83ec0c sub esp,+0c 1156 0167:00407bf4 6804040000 push 00000404 1157 0167:00407bf9 e8eddaffff call 004056eb = DEBIAN-SVN45063.EXE:.text+0x46eb 1158 1159 -------------------- 1160 1161 016f:013affcc 0167:bff88f20 KERNEL32!ThreadStartup 1162 1163 -- stack dump -- 1164 1165 013aece0 61616161 1166 013aece4 41616161 1167 013aece8 61416161 1168 013aecec 41416141 1169 013aecf0 61616161 1170 013aecf4 61614161 1171 ... 1172 013aecfc 61616161 1173 013aed00 42494c2d 1174 013aed04 57434347 1175 013aed08 452d3233 1176 013aed0c 2d332d48 1177 013aed10 4a4c4a53 1178 013aed14 4854472d 1179 013aed18 494d2d52 1180 013aed1c 3357474e 1181 013aed20 00000032 1182 013aed24 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 1183 013aed28 013aedf8 -> 18 ee 3a 01 c9 80 e4 6a 00 00 00 00 00 00 00 00 ..:....j........ 1184 013aed2c 6ae47dcc = NSISDL.DLL:.text+0x6dcc 1185 1186 -------------------- 1187 1188 0167:6ae47d9b 41 inc ecx 1189 0167:6ae47d9c c745a441414141 mov dword ptr [ebp-5c],41414141 1190 0167:6ae47da3 c745a841414141 mov dword ptr [ebp-58],41414141 1191 0167:6ae47daa c745ac41414141 mov dword ptr [ebp-54],41414141 1192 0167:6ae47db1 c745b041414141 mov dword ptr [ebp-50],41414141 1193 0167:6ae47db8 c745b441414141 mov dword ptr [ebp-4c],41414141 1194 0167:6ae47dbf 668945d8 mov word ptr [ebp-28],ax 1195 0167:6ae47dc3 8d7d98 lea edi,[ebp-68] 1196 0167:6ae47dc6 57 push edi 1197 0167:6ae47dc7 e8a40e0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA 1198 NSISDL.DLL:.text+0x6dcc: 1199 *0167:6ae47dcc 83c40c add esp,+0c 1200 0167:6ae47dcf 6685c0 test ax,ax 1201 0167:6ae47dd2 0f8577010000 jnz 6ae47f4f = NSISDL.DLL:.text+0x6f4f 1202 0167:6ae47dd8 83ec0c sub esp,+0c 1203 0167:6ae47ddb 6a54 push +54 1204 0167:6ae47ddd e80e0e0000 call 6ae48bf0 = MSVCRT.DLL!malloc 1205 0167:6ae47de2 83c410 add esp,+10 1206 0167:6ae47de5 89c6 mov esi,eax 1207 0167:6ae47de7 85c0 test eax,eax 1208 0167:6ae47de9 0f84a1010000 jz 6ae47f90 = NSISDL.DLL:.text+0x6f90 1209 0167:6ae47def 53 push ebx 1210 1211 -------------------- 1212 1213 1214 013aed30 80006dd8 -> 01 00 00 00 fc f3 00 bf 40 0e 00 00 00 00 0f 00 ........@....... 1215 013aed34 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 1216 013aed38 013aedf8 -> 18 ee 3a 01 c9 80 e4 6a 00 00 00 00 00 00 00 00 ..:....j........ 1217 013aed3c 6ae47f59 = NSISDL.DLL:.text+0x6f59 1218 1219 -------------------- 1220 1221 0167:6ae47f35 57 push edi 1222 0167:6ae47f36 e8350d0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA 1223 0167:6ae47f3b 83c40c add esp,+0c 1224 0167:6ae47f3e 25ffff0000 and eax,0000ffff 1225 0167:6ae47f43 e858fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 1226 0167:6ae47f48 83c410 add esp,+10 1227 0167:6ae47f4b 89c6 mov esi,eax 1228 0167:6ae47f4d eb0c jmp 6ae47f5b = NSISDL.DLL:.text+0x6f5b 1229 0167:6ae47f4f 25ffff0000 and eax,0000ffff 1230 0167:6ae47f54 e847fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 1231 NSISDL.DLL:.text+0x6f59: 1232 *0167:6ae47f59 89c6 mov esi,eax 1233 0167:6ae47f5b 8d4604 lea eax,[esi+04] 1234 0167:6ae47f5e 89358045e56a mov dword ptr [6ae54580],esi 1235 0167:6ae47f64 a37045e56a mov dword ptr [6ae54570],eax 1236 0167:6ae47f69 8d4608 lea eax,[esi+08] 1237 0167:6ae47f6c a39045e56a mov dword ptr [6ae54590],eax 1238 0167:6ae47f71 8d65f4 lea esp,[ebp-0c] 1239 0167:6ae47f74 5b pop ebx 1240 0167:6ae47f75 5e pop esi 1241 0167:6ae47f76 5f pop edi 1242 0167:6ae47f77 5d pop ebp 1243 1244 -------------------- 1245 1246 1247 013aed40 00000000 1248 ... 1249 013aed90 41414141 1250 ... 1251 013aedb0 42494c2d 1252 013aedb4 57434347 1253 013aedb8 452d3233 1254 013aedbc 2d332d48 1255 013aedc0 4a4c4a53 1256 013aedc4 4854472d 1257 013aedc8 494d2d52 1258 013aedcc 3357474e 1259 013aedd0 00000032 1260 013aedd4 00000000 1261 ... 1262 013aedec 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 1263 013aedf0 00000008 1264 013aedf4 013aee7c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1265 013aedf8 013aee18 -> b8 fc 3a 01 29 44 e4 6a 7c ee 3a 01 00 00 00 00 ..:.)D.j|.:..... 1266 013aedfc 6ae480c9 = NSISDL.DLL:.text+0x70c9 1267 1268 -------------------- 1269 1270 0167:6ae480b4 8b4228 mov eax,dword ptr [edx+28] 1271 0167:6ae480b7 8907 mov dword ptr [edi],eax 1272 0167:6ae480b9 897a28 mov dword ptr [edx+28],edi 1273 0167:6ae480bc 8d65f4 lea esp,[ebp-0c] 1274 0167:6ae480bf 5b pop ebx 1275 0167:6ae480c0 5e pop esi 1276 0167:6ae480c1 5f pop edi 1277 0167:6ae480c2 5d pop ebp 1278 0167:6ae480c3 c3 retd 1279 0167:6ae480c4 e857fcffff call 6ae47d20 = NSISDL.DLL:.text+0x6d20 1280 NSISDL.DLL:.text+0x70c9: 1281 *0167:6ae480c9 8b158045e56a mov edx,dword ptr [6ae54580] 1282 0167:6ae480cf 8b422c mov eax,dword ptr [edx+2c] 1283 0167:6ae480d2 85c0 test eax,eax 1284 0167:6ae480d4 79d7 jns 6ae480ad = NSISDL.DLL:.text+0x70ad 1285 0167:6ae480d6 e825ffffff call 6ae48000 = NSISDL.DLL:.text+0x7000 1286 0167:6ae480db 8b158045e56a mov edx,dword ptr [6ae54580] 1287 0167:6ae480e1 8b722c mov esi,dword ptr [edx+2c] 1288 0167:6ae480e4 85f6 test esi,esi 1289 0167:6ae480e6 74cc jz 6ae480b4 = NSISDL.DLL:.text+0x70b4 1290 0167:6ae480e8 8b5a30 mov ebx,dword ptr [edx+30] 1291 0167:6ae480eb e8c00b0000 call 6ae48cb0 = KERNEL32.DLL!GetLastError 1292 1293 -------------------- 1294 1295 1296 013aee00 00000000 1297 ... 1298 013aee0c 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 1299 013aee10 00000008 1300 013aee14 818359c8 -> 07 00 00 00 d0 46 4f c1 d8 ea 3a 01 00 00 3b 01 .....FO...:...;. 1301 013aee18 013afcb8 -> 38 ff 3a 01 55 32 40 00 04 04 00 00 00 04 00 00 8.:.U2@......... 1302 013aee1c 6ae44429 = NSISDL.DLL:.text+0x3429 1303 1304 -------------------- 1305 1306 0167:6ae44407 f1 int 1 1307 0167:6ae44408 ff ?db ff 1308 0167:6ae44409 ff8d55e88910 dec dword ptr [ebp+1089e855] 1309 0167:6ae4440f ba454be46a mov edx,6ae44b45 1310 0167:6ae44414 895004 mov dword ptr [eax+04],edx 1311 0167:6ae44417 896008 mov dword ptr [eax+08],esp 1312 0167:6ae4441a 8d85c4f1ffff lea eax,[ebp-00000e3c] 1313 0167:6ae44420 83ec0c sub esp,+0c 1314 0167:6ae44423 50 push eax 1315 0167:6ae44424 e8673c0000 call 6ae48090 = NSISDL.DLL:.text+0x7090 1316 NSISDL.DLL:.text+0x3429: 1317 *0167:6ae44429 83c410 add esp,+10 1318 0167:6ae4442c c785e4f3ffff00000000 mov dword ptr [ebp-00000c1c],00000000 1319 0167:6ae44436 c785e0f3ffff30750000 mov dword ptr [ebp-00000c20],00007530 1320 0167:6ae44440 c785dcf3ffff01000000 mov dword ptr [ebp-00000c24],00000001 1321 0167:6ae4444a c785d8f3ffff00000000 mov dword ptr [ebp-00000c28],00000000 1322 0167:6ae44454 c785d4f3ffff00000000 mov dword ptr [ebp-00000c2c],00000000 1323 0167:6ae4445e 8b450c mov eax,dword ptr [ebp+0c] 1324 0167:6ae44461 a338c0e46a mov dword ptr [6ae4c038],eax 1325 0167:6ae44466 8b ?db 8b 1326 0167:6ae44467 45 inc ebp 1327 0167:6ae44468 14 ?db 14 1328 1329 -------------------- 1330 1331 1332 013aee20 013aee7c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1333 013aee24 00000000 1334 ... 1335 013aee94 6ae45bb0 = NSISDL.DLL:.text+0x4bb0 1336 -> 55 89 e5 57 56 53 81 ec ac 00 00 00 8d 45 e8 89 U..WVS.......E.. 1337 013aee98 6ae48e54 = NSISDL.DLL:.text+0x7e54 1338 -> ff ff 01 02 00 00 00 00 ff 00 0d 01 04 00 00 01 ................ 1339 013aee9c 013afca0 -> 0b 94 f9 bf 00 50 e5 6a 00 00 00 00 e4 42 83 81 .....P.j.....B.. 1340 013aeea0 6ae44b45 = NSISDL.DLL:.text+0x3b45 1341 -> 8d 6d 18 8b 95 cc f1 ff ff 89 95 b0 f1 ff ff 8b .m.............. 1342 013aeea4 013aee30 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1343 013aeea8 00000000 1344 ... 1345 013af428 81d164d4 -> 09 04 00 00 e4 04 00 00 00 00 00 00 ce 93 d2 81 ................ 1346 013af42c 00000200 1347 013af430 00000000 1348 013af434 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 1349 013af438 00000000 1350 ... 1351 013af440 00000100 1352 013af444 013afa40 -> 67 a5 f7 bf 00 b0 80 81 40 00 00 00 00 00 00 00 g.......@....... 1353 013af448 000164d4 1354 013af44c 013af480 -> d8 f4 3a 01 44 ee 00 78 00 00 00 00 00 02 00 00 ..:.D..x........ 1355 013af450 bff7bd5f = KERNEL32.DLL:.text+0x2d5f 1356 1357 -------------------- 1358 1359 0167:bff7bd44 eb2b jmp bff7bd71 = KERNEL32.DLL:.text+0x2d71 1360 0167:bff7bd46 bf01000000 mov edi,00000001 1361 0167:bff7bd4b ff75fc push dword ptr [ebp-04] 1362 0167:bff7bd4e 57 push edi 1363 0167:bff7bd4f ff751c push dword ptr [ebp+1c] 1364 0167:bff7bd52 ff7518 push dword ptr [ebp+18] 1365 0167:bff7bd55 50 push eax 1366 0167:bff7bd56 ff7510 push dword ptr [ebp+10] 1367 0167:bff7bd59 56 push esi 1368 0167:bff7bd5a e81b000000 call bff7bd7a = KERNEL32.DLL:.text+0x2d7a 1369 KERNEL32.DLL:.text+0x2d5f: 1370 *0167:bff7bd5f eb10 jmp bff7bd71 = KERNEL32.DLL:.text+0x2d71 1371 0167:bff7bd61 68ec030000 push 000003ec 1372 0167:bff7bd66 eb02 jmp bff7bd6a = KERNEL32.DLL:.text+0x2d6a 1373 0167:bff7bd68 6a57 push +57 1374 0167:bff7bd6a e863420000 call bff7ffd2 = KERNEL32.DLL!SetLastError 1375 0167:bff7bd6f 33c0 xor eax,eax 1376 0167:bff7bd71 5f pop edi 1377 0167:bff7bd72 5e pop esi 1378 0167:bff7bd73 5b pop ebx 1379 0167:bff7bd74 8be5 mov esp,ebp 1380 0167:bff7bd76 5d pop ebp 1381 1382 -------------------- 1383 1384 1385 013af454 81d164d4 -> 09 04 00 00 e4 04 00 00 00 00 00 00 ce 93 d2 81 ................ 1386 013af458 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1387 013af45c 00000100 1388 013af460 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 1389 013af464 00000100 1390 013af468 00000000 1391 ... 1392 013af474 00000100 1393 013af478 000004e4 1394 013af47c 00000000 1395 013af480 013af4d8 -> 54 fa 3a 01 67 42 00 78 00 00 00 00 00 02 00 00 T.:.gB.x........ 1396 013af484 7800ee44 = MSVCRT.DLL:.text+0xde44 1397 1398 -------------------- 1399 1400 0167:7800ee1b 747d jz 7800ee9a = MSVCRT.DLL:.text+0xde9a 1401 0167:7800ee1d c705e0ab037802000000 mov dword ptr [7803abe0],00000002 1402 0167:7800ee27 e9e254ffff jmp 7800430e = MSVCRT.DLL:.text+0x330e 1403 0167:7800ee2c ff751c push dword ptr [ebp+1c] 1404 0167:7800ee2f ff7518 push dword ptr [ebp+18] 1405 0167:7800ee32 ff7514 push dword ptr [ebp+14] 1406 0167:7800ee35 ff7510 push dword ptr [ebp+10] 1407 0167:7800ee38 ff750c push dword ptr [ebp+0c] 1408 0167:7800ee3b ff7508 push dword ptr [ebp+08] 1409 0167:7800ee3e ff1500110378 call dword ptr [78031100] -> KERNEL32.DLL!LCMapStringA 1410 MSVCRT.DLL:.text+0xde44: 1411 *0167:7800ee44 e90056ffff jmp 78004449 = MSVCRT.DLL:.text+0x3449 1412 0167:7800ee49 a154a10378 mov eax,dword ptr [7803a154] 1413 0167:7800ee4e 894520 mov dword ptr [ebp+20],eax 1414 0167:7800ee51 e9ed54ffff jmp 78004343 = MSVCRT.DLL:.text+0x3343 1415 0167:7800ee56 6a01 push +01 1416 0167:7800ee58 58 pop eax 1417 0167:7800ee59 c3 retd 1418 0167:7800ee5a 8b65e8 mov esp,dword ptr [ebp-18] 1419 0167:7800ee5d 33ff xor edi,edi 1420 0167:7800ee5f 897ddc mov dword ptr [ebp-24],edi 1421 0167:7800ee62 834dfcff or dword ptr [ebp-04],-01 1422 1423 -------------------- 1424 1425 1426 013af488 00000000 1427 013af48c 00000200 1428 013af490 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1429 013af494 00000100 1430 013af498 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 1431 013af49c 00000100 1432 013af4a0 7803a9bc = MSVCRT.DLL:.data+0x29bc 1433 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1434 013af4a4 00000100 1435 013af4a8 000004e4 1436 013af4ac 00000100 1437 013af4b0 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1438 013af4b4 00000100 1439 013af4b8 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 1440 013af4bc 00000100 1441 013af4c0 013af4a0 -> bc a9 03 78 00 01 00 00 e4 04 00 00 00 01 00 00 ...x............ 1442 013af4c4 00000100 1443 013af4c8 013afc4c -> 01 00 00 00 b4 05 fc bf 0c 5a 83 81 00 00 00 00 .........Z...... 1444 013af4cc 7800e9bc = MSVCRT.DLL!_except_handler3 1445 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 1446 013af4d0 780313c8 = MSVCRT.DLL:.rdata+0x3c8 1447 -> ff ff ff ff 56 ee 00 78 5a ee 00 78 ff ff ff ff ....V..xZ..x.... 1448 013af4d4 ffffffff 1449 013af4d8 013afa54 -> 00 fc 82 81 84 fa 3a 01 cc 2a f9 bf f0 6e 83 81 ......:..*...n.. 1450 013af4dc 78004267 = MSVCRT.DLL:.text+0x3267 1451 1452 -------------------- 1453 1454 0167:78004241 8d85ecfcffff lea eax,[ebp-00000314] 1455 0167:78004247 ff35a8a90378 push dword ptr [7803a9a8] 1456 0167:7800424d 56 push esi 1457 0167:7800424e 50 push eax 1458 0167:7800424f 8d85ecfeffff lea eax,[ebp-00000114] 1459 0167:78004255 56 push esi 1460 0167:78004256 50 push eax 1461 0167:78004257 6800020000 push 00000200 1462 0167:7800425c ff35c4aa0378 push dword ptr [7803aac4] 1463 0167:78004262 e851000000 call 780042b8 = MSVCRT.DLL!__crtLCMapStringA 1464 MSVCRT.DLL:.text+0x3267: 1465 *0167:78004267 83c45c add esp,+5c 1466 0167:7800426a 33c0 xor eax,eax 1467 0167:7800426c 8d8decfaffff lea ecx,[ebp-00000514] 1468 0167:78004272 eb2b jmp 7800429f = MSVCRT.DLL:.text+0x329f 1469 0167:78004274 8088c1a9037810 or byte ptr [eax+7803a9c1],10 1470 0167:7800427b 8a9405ecfdffff mov dl,byte ptr [ebp+eax-00000214] 1471 0167:78004282 eb0e jmp 78004292 = MSVCRT.DLL:.text+0x3292 1472 0167:78004284 8088c1a9037820 or byte ptr [eax+7803a9c1],20 1473 0167:7800428b 8a9405ecfcffff mov dl,byte ptr [ebp+eax-00000314] 1474 0167:78004292 8890e0aa0378 mov byte ptr [eax+7803aae0],dl 1475 0167:78004298 40 inc eax 1476 1477 -------------------- 1478 1479 1480 013af4e0 00000000 1481 013af4e4 00000200 1482 013af4e8 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1483 013af4ec 00000100 1484 013af4f0 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 1485 013af4f4 00000100 1486 013af4f8 000004e4 1487 013af4fc 00000000 1488 ... 1489 013af504 00000100 1490 013af508 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1491 013af50c 00000100 1492 013af510 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 1493 013af514 00000100 1494 013af518 000004e4 1495 013af51c 00000000 1496 013af520 00000001 1497 013af524 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 1498 013af528 00000100 1499 013af52c 013af540 -> 48 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 H. . . . . . . . 1500 013af530 000004e4 1501 013af534 00000000 1502 ... 1503 013af53c 00000001 1504 013af540 00200048 1505 013af544 00200020 1506 ... 1507 013af550 00680020 1508 013af554 00280028 1509 ... 1510 013af55c 00200020 1511 ... 1512 013af580 00100048 1513 013af584 7629de2d = WININET.DLL!InternetSetOptionW 1514 -> 55 8b ec 51 51 8b 45 0c 53 56 57 33 db 33 ff 33 U..QQ.E.SVW3.3.3 1515 013af588 000000fa 1516 013af58c 013af7e0 -> 00 00 06 60 e2 13 f7 bf 81 62 07 00 6c f8 3a 01 ...`.....b..l.:. 1517 013af590 00000011 1518 013af594 00000000 1519 013af598 bff86b28 = KERNEL32.DLL:.text+0xdb28 1520 1521 -------------------- 1522 1523 0167:bff86b0b 50 push eax 1524 0167:bff86b0c e8cda6feff call bff711de = KERNEL32.DLL:_FREQASM+0x1de 1525 0167:bff86b11 eb0a jmp bff86b1d = KERNEL32.DLL:.text+0xdb1d 1526 0167:bff86b13 8b45f8 mov eax,dword ptr [ebp-08] 1527 0167:bff86b16 3818 cmp byte ptr [eax],bl 1528 0167:bff86b18 7503 jnz bff86b1d = KERNEL32.DLL:.text+0xdb1d 1529 0167:bff86b1a 8858ff mov byte ptr [eax-01],bl 1530 0167:bff86b1d a1109dfcbf mov eax,dword ptr [bffc9d10] 1531 0167:bff86b22 50 push eax 1532 0167:bff86b23 e88cd6feff call bff741b4 = KERNEL32.DLL!97 1533 KERNEL32.DLL:.text+0xdb28: 1534 *0167:bff86b28 8d85ecfeffff lea eax,[ebp-00000114] 1535 0167:bff86b2e 50 push eax 1536 0167:bff86b2f e87d74ffff call bff7dfb1 = KERNEL32.DLL:.text+0x4fb1 1537 0167:bff86b34 50 push eax 1538 0167:bff86b35 e8f16effff call bff7da2b = KERNEL32.DLL:.text+0x4a2b 1539 0167:bff86b3a 8bf0 mov esi,eax 1540 0167:bff86b3c a1109dfcbf mov eax,dword ptr [bffc9d10] 1541 0167:bff86b41 50 push eax 1542 0167:bff86b42 e8a6d6feff call bff741ed = KERNEL32.DLL!98 1543 0167:bff86b47 85f6 test esi,esi 1544 0167:bff86b49 7507 jnz bff86b52 = KERNEL32.DLL:.text+0xdb52 1545 1546 -------------------- 1547 1548 1549 013af59c 013af6e0 -> bf ed 29 76 d4 f0 2d 76 01 00 00 00 01 00 00 00 ..)v..-v........ 1550 013af5a0 bff7dfbf = KERNEL32.DLL:.text+0x4fbf 1551 1552 -------------------- 1553 1554 0167:bff7dfab 85c0 test eax,eax 1555 0167:bff7dfad 75f4 jnz bff7dfa3 = KERNEL32.DLL:.text+0x4fa3 1556 0167:bff7dfaf ebb1 jmp bff7df62 = KERNEL32.DLL:.text+0x4f62 1557 0167:bff7dfb1 53 push ebx 1558 0167:bff7dfb2 56 push esi 1559 0167:bff7dfb3 8b5c240c mov ebx,dword ptr [esp+0c] 1560 0167:bff7dfb7 57 push edi 1561 0167:bff7dfb8 55 push ebp 1562 0167:bff7dfb9 53 push ebx 1563 0167:bff7dfba e8b131ffff call bff71170 = KERNEL32.DLL:_FREQASM+0x170 1564 KERNEL32.DLL:.text+0x4fbf: 1565 *0167:bff7dfbf 8bd0 mov edx,eax 1566 0167:bff7dfc1 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 1567 0167:bff7dfc6 8b08 mov ecx,dword ptr [eax] 1568 0167:bff7dfc8 8b414c mov eax,dword ptr [ecx+4c] 1569 0167:bff7dfcb 85c0 test eax,eax 1570 0167:bff7dfcd 0f8493000000 jz bff7e066 = KERNEL32.DLL:.text+0x5066 1571 0167:bff7dfd3 8b35249cfcbf mov esi,dword ptr [bffc9c24] 1572 0167:bff7dfd9 0fbf4810 movsx ecx,word ptr [eax+10] 1573 0167:bff7dfdd 8b2c8e mov ebp,dword ptr [esi+ecx*4] 1574 0167:bff7dfe0 0fb74d16 movzx ecx,word ptr [ebp+16] 1575 0167:bff7dfe4 3bca cmp ecx,edx 1576 1577 -------------------- 1578 1579 1580 013af5a4 013af5cc -> 4b 45 52 4e 45 4c 33 32 2e 44 4c 4c 00 01 01 01 KERNEL32.DLL.... 1581 013af5a8 013af6e0 -> bf ed 29 76 d4 f0 2d 76 01 00 00 00 01 00 00 00 ..)v..-v........ 1582 013af5ac 00000000 1583 013af5b0 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 1584 1585 -------------------- 1586 1587 0167:bff741dd 51 push ecx 1588 0167:bff741de 52 push edx 1589 0167:bff741df 681d002a00 push 002a001d 1590 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 1591 0167:bff741e9 59 pop ecx 1592 0167:bff741ea 5a pop edx 1593 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 1594 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 1595 0167:bff741f1 50 push eax 1596 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb 1597 KERNEL32.DLL:_FREQASM+0x31f7: 1598 *0167:bff741f7 58 pop eax 1599 0167:bff741f8 c20400 retd 0004 1600 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 1601 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 1602 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 1603 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 1604 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 1605 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 1606 0167:bff74212 ff4a04 dec dword ptr [edx+04] 1607 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 1608 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 1609 1610 -------------------- 1611 1612 1613 013af5b4 bffc9490 = KERNEL32.DLL:.data+0x490 1614 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1615 013af5b8 bff86b47 = KERNEL32.DLL:.text+0xdb47 1616 1617 -------------------- 1618 1619 0167:bff86b23 e88cd6feff call bff741b4 = KERNEL32.DLL!97 1620 0167:bff86b28 8d85ecfeffff lea eax,[ebp-00000114] 1621 0167:bff86b2e 50 push eax 1622 0167:bff86b2f e87d74ffff call bff7dfb1 = KERNEL32.DLL:.text+0x4fb1 1623 0167:bff86b34 50 push eax 1624 0167:bff86b35 e8f16effff call bff7da2b = KERNEL32.DLL:.text+0x4a2b 1625 0167:bff86b3a 8bf0 mov esi,eax 1626 0167:bff86b3c a1109dfcbf mov eax,dword ptr [bffc9d10] 1627 0167:bff86b41 50 push eax 1628 0167:bff86b42 e8a6d6feff call bff741ed = KERNEL32.DLL!98 1629 KERNEL32.DLL:.text+0xdb47: 1630 *0167:bff86b47 85f6 test esi,esi 1631 0167:bff86b49 7507 jnz bff86b52 = KERNEL32.DLL:.text+0xdb52 1632 0167:bff86b4b 6a7e push +7e 1633 0167:bff86b4d e84e5effff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 1634 0167:bff86b52 85ff test edi,edi 1635 0167:bff86b54 7416 jz bff86b6c = KERNEL32.DLL:.text+0xdb6c 1636 0167:bff86b56 53 push ebx 1637 0167:bff86b57 ff75fc push dword ptr [ebp-04] 1638 0167:bff86b5a e8a16c0100 call bff9d800 = KERNEL32.DLL:.text+0x24800 1639 0167:bff86b5f a1e09cfcbf mov eax,dword ptr [bffc9ce0] 1640 0167:bff86b64 8b08 mov ecx,dword ptr [eax] 1641 1642 -------------------- 1643 1644 1645 013af5bc bffc9490 = KERNEL32.DLL:.data+0x490 1646 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1647 013af5c0 00000001 1648 013af5c4 bff842b1 = KERNEL32.DLL!InitializeCriticalSection 1649 1650 -------------------- 1651 1652 0167:bff84297 75e8 jnz bff84281 = KERNEL32.DLL:.text+0xb281 1653 0167:bff84299 b801000000 mov eax,00000001 1654 0167:bff8429e c60700 mov byte ptr [edi],00 1655 0167:bff842a1 eb09 jmp bff842ac = KERNEL32.DLL:.text+0xb2ac 1656 0167:bff842a3 6a57 push +57 1657 0167:bff842a5 e828bdffff call bff7ffd2 = KERNEL32.DLL!SetLastError 1658 0167:bff842aa 33c0 xor eax,eax 1659 0167:bff842ac 5f pop edi 1660 0167:bff842ad 5e pop esi 1661 0167:bff842ae c20800 retd 0008 1662 KERNEL32.DLL!InitializeCriticalSection: 1663 *0167:bff842b1 55 push ebp 1664 0167:bff842b2 8bec mov ebp,esp 1665 0167:bff842b4 56 push esi 1666 0167:bff842b5 8b4508 mov eax,dword ptr [ebp+08] 1667 0167:bff842b8 8b10 mov edx,dword ptr [eax] 1668 0167:bff842ba 8910 mov dword ptr [eax],edx 1669 0167:bff842bc a1109dfcbf mov eax,dword ptr [bffc9d10] 1670 0167:bff842c1 50 push eax 1671 0167:bff842c2 e8edfefeff call bff741b4 = KERNEL32.DLL!97 1672 0167:bff842c7 ff7508 push dword ptr [ebp+08] 1673 0167:bff842ca e892d0ffff call bff81361 = KERNEL32.DLL:.text+0x8361 1674 1675 -------------------- 1676 1677 1678 013af5c8 00000000 1679 013af5cc 4e52454b 1680 013af5d0 32334c45 1681 013af5d4 4c4c442e 1682 013af5d8 01010100 1683 013af5dc 01010101 1684 ... 1685 013af5f4 00100101 1686 013af5f8 00100010 1687 ... 1688 013af600 01820010 1689 013af604 01820182 1690 ... 1691 013af60c bff713ee = KERNEL32.DLL:_FREQASM+0x3ee 1692 1693 -------------------- 1694 1695 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 1696 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1697 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1698 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1699 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1700 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 1701 0167:bff713d8 8f0424 pop dword ptr [esp] 1702 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1703 0167:bff713e2 b801000100 mov eax,00010001 1704 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1705 KERNEL32.DLL:_FREQASM+0x3ee: 1706 *0167:bff713ee b843002a00 mov eax,002a0043 1707 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1708 0167:bff713fa 83c414 add esp,+14 1709 0167:bff713fd 0fb7c8 movzx ecx,ax 1710 0167:bff71400 0fa4d310 shld ebx,edx,10 1711 0167:bff71404 c0e302 shl bl,02 1712 0167:bff71407 6681ea0010 sub dx,1000 1713 0167:bff7140c 0fbfc2 movsx eax,dx 1714 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 1715 0167:bff71414 55 push ebp 1716 0167:bff71415 53 push ebx 1717 1718 -------------------- 1719 1720 1721 013af610 00000167 1722 013af614 bff7eaf9 = KERNEL32.DLL:.text+0x5af9 1723 1724 -------------------- 1725 1726 0167:bff7eade c1e710 shl edi,10 1727 0167:bff7eae1 015dfc add dword ptr [ebp-04],ebx 1728 0167:bff7eae4 097dfc or dword ptr [ebp-04],edi 1729 0167:bff7eae7 015df8 add dword ptr [ebp-08],ebx 1730 0167:bff7eaea ff7518 push dword ptr [ebp+18] 1731 0167:bff7eaed ff75fc push dword ptr [ebp-04] 1732 0167:bff7eaf0 56 push esi 1733 0167:bff7eaf1 6a01 push +01 1734 0167:bff7eaf3 ff75f8 push dword ptr [ebp-08] 1735 0167:bff7eaf6 ff551c call dword ptr [ebp+1c] 1736 KERNEL32.DLL:.text+0x5af9: 1737 *0167:bff7eaf9 5f pop edi 1738 0167:bff7eafa 5e pop esi 1739 0167:bff7eafb 5b pop ebx 1740 0167:bff7eafc 8be5 mov esp,ebp 1741 0167:bff7eafe 5d pop ebp 1742 0167:bff7eaff c21800 retd 0018 1743 0167:bff7eb02 8b442404 mov eax,dword ptr [esp+04] 1744 0167:bff7eb06 8b4c2408 mov ecx,dword ptr [esp+08] 1745 0167:bff7eb0a 3bc1 cmp eax,ecx 1746 0167:bff7eb0c 7308 jnc bff7eb16 = KERNEL32.DLL:.text+0x5b16 1747 0167:bff7eb0e 8b10 mov edx,dword ptr [eax] 1748 1749 -------------------- 1750 1751 1752 013af618 000762e1 1753 013af61c bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 1754 1755 -------------------- 1756 1757 0167:bff713c5 c20400 retd 0004 1758 0167:bff713c8 33c0 xor eax,eax 1759 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 1760 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1761 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1762 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1763 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1764 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 1765 0167:bff713d8 8f0424 pop dword ptr [esp] 1766 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1767 KERNEL32.DLL:_FREQASM+0x3e2: 1768 *0167:bff713e2 b801000100 mov eax,00010001 1769 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1770 0167:bff713ee b843002a00 mov eax,002a0043 1771 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1772 0167:bff713fa 83c414 add esp,+14 1773 0167:bff713fd 0fb7c8 movzx ecx,ax 1774 0167:bff71400 0fa4d310 shld ebx,edx,10 1775 0167:bff71404 c0e302 shl bl,02 1776 0167:bff71407 6681ea0010 sub dx,1000 1777 0167:bff7140c 0fbfc2 movsx eax,dx 1778 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 1779 1780 -------------------- 1781 1782 1783 013af620 00000167 1784 013af624 bff916bb = KERNEL32.DLL:.text+0x186bb 1785 1786 -------------------- 1787 1788 0167:bff91699 8d4e14 lea ecx,[esi+14] 1789 0167:bff9169c c745f480000000 mov dword ptr [ebp-0c],00000080 1790 0167:bff916a3 50 push eax 1791 0167:bff916a4 51 push ecx 1792 0167:bff916a5 6a00 push +00 1793 0167:bff916a7 6a00 push +00 1794 0167:bff916a9 688094f7bf push bff79480 1795 0167:bff916ae ff75f8 push dword ptr [ebp-08] 1796 0167:bff916b1 681a000100 push 0001001a 1797 0167:bff916b6 e819fdfdff call bff713d4 = KERNEL32.DLL!1 1798 KERNEL32.DLL:.text+0x186bb: 1799 *0167:bff916bb ff75f8 push dword ptr [ebp-08] 1800 0167:bff916be 6813000100 push 00010013 1801 0167:bff916c3 85c0 test eax,eax 1802 0167:bff916c5 7464 jz bff9172b = KERNEL32.DLL:.text+0x1872b 1803 0167:bff916c7 e808fdfdff call bff713d4 = KERNEL32.DLL!1 1804 0167:bff916cc 6a00 push +00 1805 0167:bff916ce 8d4614 lea eax,[esi+14] 1806 0167:bff916d1 6880000000 push 00000080 1807 0167:bff916d6 50 push eax 1808 0167:bff916d7 e855fafdff call bff71131 = KERNEL32.DLL:_FREQASM+0x131 1809 0167:bff916dc 813e9c000000 cmp dword ptr [esi],0000009c 1810 1811 -------------------- 1812 1813 1814 013af628 c29e5320 -> 00 00 00 00 00 00 00 00 a0 13 9a c2 06 00 00 00 ................ 1815 013af62c bff79480 = KERNEL32.DLL:.text+0x480 1816 -> 53 75 62 56 65 72 73 69 6f 6e 4e 75 6d 62 65 72 SubVersionNumber 1817 013af630 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 1818 1819 -------------------- 1820 1821 0167:bff713c5 c20400 retd 0004 1822 0167:bff713c8 33c0 xor eax,eax 1823 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 1824 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1825 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1826 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1827 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 1828 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 1829 0167:bff713d8 8f0424 pop dword ptr [esp] 1830 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1831 KERNEL32.DLL:_FREQASM+0x3e2: 1832 *0167:bff713e2 b801000100 mov eax,00010001 1833 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1834 0167:bff713ee b843002a00 mov eax,002a0043 1835 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 1836 0167:bff713fa 83c414 add esp,+14 1837 0167:bff713fd 0fb7c8 movzx ecx,ax 1838 0167:bff71400 0fa4d310 shld ebx,edx,10 1839 0167:bff71404 c0e302 shl bl,02 1840 0167:bff71407 6681ea0010 sub dx,1000 1841 0167:bff7140c 0fbfc2 movsx eax,dx 1842 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 1843 1844 -------------------- 1845 1846 1847 013af634 013af674 -> 00 00 44 00 90 0a f8 00 40 00 00 00 00 00 00 00 ..D.....@....... 1848 013af638 000d314c 1849 013af63c 81836e94 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 1850 013af640 00000024 1851 013af644 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 1852 1853 -------------------- 1854 1855 0167:bff7a385 2bfb sub edi,ebx 1856 0167:bff7a387 57 push edi 1857 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 1858 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 1859 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 1860 0167:bff7a391 895004 mov dword ptr [eax+04],edx 1861 0167:bff7a394 8d041e lea eax,[esi+ebx] 1862 0167:bff7a397 50 push eax 1863 0167:bff7a398 ff7508 push dword ptr [ebp+08] 1864 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 1865 KERNEL32.DLL:.text+0x13a0: 1866 *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 1867 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 1868 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 1869 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 1870 0167:bff7a3ac 50 push eax 1871 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 1872 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 1873 0167:bff7a3b3 50 push eax 1874 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 1875 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 1876 0167:bff7a3bc 85c0 test eax,eax 1877 1878 -------------------- 1879 1880 1881 013af648 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 1882 013af64c 013af68c -> b4 f6 3a 01 50 a5 f7 bf 00 00 44 00 67 a5 f7 bf ..:.P.....D.g... 1883 013af650 00000020 1884 013af654 00f80a90 -> 40 00 00 a0 c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff @.....-v..-v.... 1885 013af658 00000040 1886 013af65c bff7a3a0 = KERNEL32.DLL:.text+0x13a0 1887 1888 -------------------- 1889 1890 0167:bff7a385 2bfb sub edi,ebx 1891 0167:bff7a387 57 push edi 1892 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 1893 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 1894 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 1895 0167:bff7a391 895004 mov dword ptr [eax+04],edx 1896 0167:bff7a394 8d041e lea eax,[esi+ebx] 1897 0167:bff7a397 50 push eax 1898 0167:bff7a398 ff7508 push dword ptr [ebp+08] 1899 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 1900 KERNEL32.DLL:.text+0x13a0: 1901 *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 1902 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 1903 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 1904 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 1905 0167:bff7a3ac 50 push eax 1906 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 1907 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 1908 0167:bff7a3b3 50 push eax 1909 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 1910 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 1911 0167:bff7a3bc 85c0 test eax,eax 1912 1913 -------------------- 1914 1915 1916 013af660 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 1917 013af664 00f80ad0 -> 21 00 00 a0 1c 00 44 00 4c 03 54 00 00 00 00 00 !.....D.L.T..... 1918 013af668 00000020 1919 013af66c 00000000 1920 013af670 0044000c -> 01 00 00 a0 ec 0f 54 00 e8 47 45 00 80 00 00 00 ......T..GE..... 1921 013af674 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 1922 013af678 00f80a90 -> 40 00 00 a0 c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff @.....-v..-v.... 1923 013af67c 00000040 1924 013af680 00000000 1925 013af684 00000f80 1926 013af688 00000f81 1927 013af68c 013af6b4 -> d8 f6 3a 01 98 b4 f7 bf 00 00 44 00 d5 b4 f7 bf ..:.......D..... 1928 013af690 bff7a550 = KERNEL32.DLL:.text+0x1550 1929 1930 -------------------- 1931 1932 0167:bff7a532 8b4604 mov eax,dword ptr [esi+04] 1933 0167:bff7a535 8b4dfc mov ecx,dword ptr [ebp-04] 1934 0167:bff7a538 894104 mov dword ptr [ecx+04],eax 1935 0167:bff7a53b 894e04 mov dword ptr [esi+04],ecx 1936 0167:bff7a53e e953ffffff jmp bff7a496 = KERNEL32.DLL:.text+0x1496 1937 0167:bff7a543 ff7510 push dword ptr [ebp+10] 1938 0167:bff7a546 ff750c push dword ptr [ebp+0c] 1939 0167:bff7a549 53 push ebx 1940 0167:bff7a54a 56 push esi 1941 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 1942 KERNEL32.DLL:.text+0x1550: 1943 *0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 1944 0167:bff7a553 85c0 test eax,eax 1945 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 1946 0167:bff7a557 ff7510 push dword ptr [ebp+10] 1947 0167:bff7a55a 56 push esi 1948 0167:bff7a55b 0d000000a0 or eax,a0000000 1949 0167:bff7a560 8903 mov dword ptr [ebx],eax 1950 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 1951 0167:bff7a567 8d4304 lea eax,[ebx+04] 1952 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 1953 0167:bff7a56c 6a08 push +08 1954 1955 -------------------- 1956 1957 1958 013af694 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 1959 013af698 bff7a567 = KERNEL32.DLL:.text+0x1567 1960 1961 -------------------- 1962 1963 0167:bff7a54a 56 push esi 1964 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 1965 0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 1966 0167:bff7a553 85c0 test eax,eax 1967 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 1968 0167:bff7a557 ff7510 push dword ptr [ebp+10] 1969 0167:bff7a55a 56 push esi 1970 0167:bff7a55b 0d000000a0 or eax,a0000000 1971 0167:bff7a560 8903 mov dword ptr [ebx],eax 1972 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 1973 KERNEL32.DLL:.text+0x1567: 1974 *0167:bff7a567 8d4304 lea eax,[ebx+04] 1975 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 1976 0167:bff7a56c 6a08 push +08 1977 0167:bff7a56e e82d240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 1978 0167:bff7a573 eb18 jmp bff7a58d = KERNEL32.DLL:.text+0x158d 1979 0167:bff7a575 6a08 push +08 1980 0167:bff7a577 e824240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 1981 0167:bff7a57c eb0f jmp bff7a58d = KERNEL32.DLL:.text+0x158d 1982 0167:bff7a57e 6a10 push +10 1983 0167:bff7a580 ff75fc push dword ptr [ebp-04] 1984 0167:bff7a583 680a000100 push 0001000a 1985 1986 -------------------- 1987 1988 1989 013af69c 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 1990 013af6a0 00000041 1991 ... 1992 013af6a8 00000000 1993 ... 1994 013af6b0 013af6dc -> 94 0a f8 00 bf ed 29 76 d4 f0 2d 76 01 00 00 00 ......)v..-v.... 1995 013af6b4 013af6d8 -> 98 6e 83 81 94 0a f8 00 bf ed 29 76 d4 f0 2d 76 .n........)v..-v 1996 013af6b8 bff7b498 = KERNEL32.DLL:.text+0x2498 1997 1998 -------------------- 1999 2000 0167:bff7b476 8d7e02 lea edi,[esi+02] 2001 0167:bff7b479 c70700000000 mov dword ptr [edi],00000000 2002 0167:bff7b47f eb42 jmp bff7b4c3 = KERNEL32.DLL:.text+0x24c3 2003 0167:bff7b481 83cf01 or edi,+01 2004 0167:bff7b484 8b0de49cfcbf mov ecx,dword ptr [bffc9ce4] 2005 0167:bff7b48a 57 push edi 2006 0167:bff7b48b 8b11 mov edx,dword ptr [ecx] 2007 0167:bff7b48d ff750c push dword ptr [ebp+0c] 2008 0167:bff7b490 ff7218 push dword ptr [edx+18] 2009 0167:bff7b493 e8b2efffff call bff7a44a = KERNEL32.DLL:.text+0x144a 2010 KERNEL32.DLL:.text+0x2498: 2011 *0167:bff7b498 8bf8 mov edi,eax 2012 0167:bff7b49a 85ff test edi,edi 2013 0167:bff7b49c 7525 jnz bff7b4c3 = KERNEL32.DLL:.text+0x24c3 2014 0167:bff7b49e 8b75fc mov esi,dword ptr [ebp-04] 2015 0167:bff7b4a1 85db test ebx,ebx 2016 0167:bff7b4a3 741c jz bff7b4c1 = KERNEL32.DLL:.text+0x24c1 2017 0167:bff7b4a5 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2018 0167:bff7b4aa 8b08 mov ecx,dword ptr [eax] 2019 0167:bff7b4ac 8b5158 mov edx,dword ptr [ecx+58] 2020 0167:bff7b4af 895602 mov dword ptr [esi+02],edx 2021 0167:bff7b4b2 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2022 2023 -------------------- 2024 2025 2026 013af6bc 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 2027 013af6c0 bff7b4d5 = KERNEL32.DLL:.text+0x24d5 2028 2029 -------------------- 2030 2031 0167:bff7b4b2 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2032 0167:bff7b4b7 8b08 mov ecx,dword ptr [eax] 2033 0167:bff7b4b9 897158 mov dword ptr [ecx+58],esi 2034 0167:bff7b4bc 66c7064653 mov word ptr [esi],5346 2035 0167:bff7b4c1 33ff xor edi,edi 2036 0167:bff7b4c3 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2037 0167:bff7b4c8 8b08 mov ecx,dword ptr [eax] 2038 0167:bff7b4ca 8b5118 mov edx,dword ptr [ecx+18] 2039 0167:bff7b4cd ff724c push dword ptr [edx+4c] 2040 0167:bff7b4d0 e8198effff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee 2041 KERNEL32.DLL:.text+0x24d5: 2042 *0167:bff7b4d5 8bc7 mov eax,edi 2043 0167:bff7b4d7 5f pop edi 2044 0167:bff7b4d8 5e pop esi 2045 0167:bff7b4d9 5b pop ebx 2046 0167:bff7b4da 8be5 mov esp,ebp 2047 0167:bff7b4dc 5d pop ebp 2048 0167:bff7b4dd c20800 retd 0008 2049 0167:bff7b4e0 33d2 xor edx,edx 2050 0167:bff7b4e2 8b442404 mov eax,dword ptr [esp+04] 2051 0167:bff7b4e6 803830 cmp byte ptr [eax],30 2052 0167:bff7b4e9 7c17 jl bff7b502 = KERNEL32.DLL:.text+0x2502 2053 2054 -------------------- 2055 2056 2057 013af6c4 81834b84 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2058 013af6c8 762df0d4 = WININET.DLL:.data+0xd4 2059 -> 04 00 00 00 98 6e 83 81 00 00 00 00 00 00 00 00 .....n.......... 2060 013af6cc 00000000 2061 013af6d0 762df0c8 = WININET.DLL:.data+0xc8 2062 -> 94 0a f8 00 94 0a f8 00 01 00 00 00 04 00 00 00 ................ 2063 013af6d4 bff7b9c5 = KERNEL32.DLL:.text+0x29c5 2064 2065 -------------------- 2066 2067 0167:bff7b9a9 e81389ffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1 2068 0167:bff7b9ae 5e pop esi 2069 0167:bff7b9af c20400 retd 0004 2070 0167:bff7b9b2 56 push esi 2071 0167:bff7b9b3 8b742408 mov esi,dword ptr [esp+08] 2072 0167:bff7b9b7 8a06 mov al,byte ptr [esi] 2073 0167:bff7b9b9 3c04 cmp al,04 2074 0167:bff7b9bb 7508 jnz bff7b9c5 = KERNEL32.DLL:.text+0x29c5 2075 0167:bff7b9bd ff7604 push dword ptr [esi+04] 2076 0167:bff7b9c0 e82989ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee 2077 KERNEL32.DLL:.text+0x29c5: 2078 *0167:bff7b9c5 5e pop esi 2079 0167:bff7b9c6 c20400 retd 0004 2080 0167:bff7b9c9 64a100000000 mov eax,dword ptr fs:[00000000] 2081 0167:bff7b9cf 55 push ebp 2082 0167:bff7b9d0 8bec mov ebp,esp 2083 0167:bff7b9d2 6aff push -01 2084 0167:bff7b9d4 685092f7bf push bff79250 2085 0167:bff7b9d9 68b405fcbf push bffc05b4 2086 0167:bff7b9de 50 push eax 2087 0167:bff7b9df 8b4508 mov eax,dword ptr [ebp+08] 2088 0167:bff7b9e2 64892500000000 mov dword ptr fs:[00000000],esp 2089 2090 -------------------- 2091 2092 2093 013af6d8 81836e98 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2094 013af6dc 00f80a94 -> c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff 00 00 00 00 ..-v..-v........ 2095 013af6e0 7629edbf = WININET.DLL:.text+0x1ddbf 2096 2097 -------------------- 2098 2099 0167:7629ed94 8192000057ff15581128 adc dword ptr [edx+ff570000],28115815 2100 0167:7629ed9e 76a1 jbe 7629ed41 = WININET.DLL:.text+0x1dd41 2101 0167:7629eda0 c8f02d76 enter 2df0,76 2102 0167:7629eda4 895e04 mov dword ptr [esi+04],ebx 2103 0167:7629eda7 8906 mov dword ptr [esi],eax 2104 0167:7629eda9 57 push edi 2105 0167:7629edaa 897004 mov dword ptr [eax+04],esi 2106 0167:7629edad ff05d0f02d76 inc dword ptr [762df0d0] 2107 0167:7629edb3 8935c8f02d76 mov dword ptr [762df0c8],esi 2108 0167:7629edb9 ff1550112876 call dword ptr [76281150] -> KERNEL32.DLL!LeaveCriticalSection 2109 WININET.DLL:.text+0x1ddbf: 2110 *0167:7629edbf 8bc6 mov eax,esi 2111 0167:7629edc1 5f pop edi 2112 0167:7629edc2 5e pop esi 2113 0167:7629edc3 5d pop ebp 2114 0167:7629edc4 5b pop ebx 2115 0167:7629edc5 c20400 retd 0004 2116 0167:7629edc8 57 push edi 2117 0167:7629edc9 891dccf02d76 mov dword ptr [762df0cc],ebx 2118 0167:7629edcf 891dc8f02d76 mov dword ptr [762df0c8],ebx 2119 0167:7629edd5 ff1598112876 call dword ptr [76281198] -> KERNEL32.DLL!InitializeCriticalSection 2120 0167:7629eddb 2135d0f02d76 and dword ptr [762df0d0],esi 2121 2122 -------------------- 2123 2124 2125 013af6e4 762df0d4 = WININET.DLL:.data+0xd4 2126 -> 04 00 00 00 98 6e 83 81 00 00 00 00 00 00 00 00 .....n.......... 2127 013af6e8 00000001 2128 ... 2129 013af6f0 013af71c -> f7 41 f7 bf 08 00 00 00 8b 69 f7 bf c0 94 fc bf .A.......i...... 2130 013af6f4 00000000 2131 013af6f8 762813f4 = WININET.DLL:.text+0x3f4 2132 2133 -------------------- 2134 2135 0167:762813c4 f38b442404 ? rep mov eax,dword ptr [esp+04] 2136 0167:762813c9 6838f02d76 push 762df038 2137 0167:762813ce a310f02d76 mov dword ptr [762df010],eax 2138 0167:762813d3 e84ac60100 call 7629da22 = WININET.DLL:.text+0x1ca22 2139 0167:762813d8 6818f02d76 push 762df018 2140 0167:762813dd a30cf02d76 mov dword ptr [762df00c],eax 2141 0167:762813e2 ff1598112876 call dword ptr [76281198] -> KERNEL32.DLL!InitializeCriticalSection 2142 0167:762813e8 e877c60100 call 7629da64 = WININET.DLL:.text+0x1ca64 2143 0167:762813ed 6a01 push +01 2144 0167:762813ef e840d90100 call 7629ed34 = WININET.DLL:.text+0x1dd34 2145 WININET.DLL:.text+0x3f4: 2146 *0167:762813f4 85c0 test eax,eax 2147 0167:762813f6 74c3 jz 762813bb = WININET.DLL:.text+0x3bb 2148 0167:762813f8 ebbe jmp 762813b8 = WININET.DLL:.text+0x3b8 2149 0167:762813fa 33c0 xor eax,eax 2150 0167:762813fc 394c240c cmp dword ptr [esp+0c],ecx 2151 0167:76281400 c70508f02d7601000000 mov dword ptr [762df008],00000001 2152 0167:7628140a 0f94c0 setz al 2153 0167:7628140d 3bc1 cmp eax,ecx 2154 0167:7628140f a33cf02d76 mov dword ptr [762df03c],eax 2155 0167:76281414 7512 jnz 76281428 = WININET.DLL:.text+0x428 2156 0167:76281416 e864e40100 call 7629f87f = WININET.DLL:.text+0x1e87f 2157 2158 -------------------- 2159 2160 2161 013af6fc 00000001 2162 013af700 7628134f = WININET.DLL:.text+0x34f 2163 2164 -------------------- 2165 2166 0167:76281336 56 push esi 2167 0167:76281337 ff7508 push dword ptr [ebp+08] 2168 0167:7628133a e807010000 call 76281446 = WININET.DLL:.text+0x446 2169 0167:7628133f 8bf8 mov edi,eax 2170 0167:76281341 85ff test edi,edi 2171 0167:76281343 740c jz 76281351 = WININET.DLL:.text+0x351 2172 0167:76281345 53 push ebx 2173 0167:76281346 56 push esi 2174 0167:76281347 ff7508 push dword ptr [ebp+08] 2175 0167:7628134a e858000000 call 762813a7 = WININET.DLL:.text+0x3a7 2176 WININET.DLL:.text+0x34f: 2177 *0167:7628134f 8bf8 mov edi,eax 2178 0167:76281351 85f6 test esi,esi 2179 0167:76281353 7416 jz 7628136b = WININET.DLL:.text+0x36b 2180 0167:76281355 83fe03 cmp esi,+03 2181 0167:76281358 7411 jz 7628136b = WININET.DLL:.text+0x36b 2182 0167:7628135a 8bc7 mov eax,edi 2183 0167:7628135c 5f pop edi 2184 0167:7628135d 5e pop esi 2185 0167:7628135e 5b pop ebx 2186 0167:7628135f 5d pop ebp 2187 0167:76281360 c20c00 retd 000c 2188 2189 -------------------- 2190 2191 2192 013af704 76280000 = WININET.DLL+0x0 2193 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 2194 013af708 00000001 2195 013af70c 00000000 2196 ... 2197 013af714 76280000 = WININET.DLL+0x0 2198 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 2199 013af718 81835a0c -> 08 00 00 00 03 01 00 00 e7 2e 00 00 00 00 00 00 ................ 2200 013af71c bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 2201 2202 -------------------- 2203 2204 0167:bff741dd 51 push ecx 2205 0167:bff741de 52 push edx 2206 0167:bff741df 681d002a00 push 002a001d 2207 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 2208 0167:bff741e9 59 pop ecx 2209 0167:bff741ea 5a pop edx 2210 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 2211 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 2212 0167:bff741f1 50 push eax 2213 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb 2214 KERNEL32.DLL:_FREQASM+0x31f7: 2215 *0167:bff741f7 58 pop eax 2216 0167:bff741f8 c20400 retd 0004 2217 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 2218 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 2219 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 2220 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 2221 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 2222 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 2223 0167:bff74212 ff4a04 dec dword ptr [edx+04] 2224 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 2225 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 2226 2227 -------------------- 2228 2229 2230 013af720 00000008 2231 013af724 bff7698b = KERNEL32.DLL:_FREQASM+0x598b 2232 2233 -------------------- 2234 2235 0167:bff76969 7512 jnz bff7697d = KERNEL32.DLL:_FREQASM+0x597d 2236 0167:bff7696b a801 test al,01 2237 0167:bff7696d 7520 jnz bff7698f = KERNEL32.DLL:_FREQASM+0x598f 2238 0167:bff7696f 8b15bca0fcbf mov edx,dword ptr [bffca0bc] 2239 0167:bff76975 8911 mov dword ptr [ecx],edx 2240 0167:bff76977 890dbca0fcbf mov dword ptr [bffca0bc],ecx 2241 0167:bff7697d a804 test al,04 2242 0167:bff7697f 75d6 jnz bff76957 = KERNEL32.DLL:_FREQASM+0x5957 2243 0167:bff76981 68c094fcbf push bffc94c0 2244 0167:bff76986 e862d8ffff call bff741ed = KERNEL32.DLL!98 2245 KERNEL32.DLL:_FREQASM+0x598b: 2246 *0167:bff7698b c9 leave 2247 0167:bff7698c c20400 retd 0004 2248 0167:bff7698f 50 push eax 2249 0167:bff76990 51 push ecx 2250 0167:bff76991 e8f1640000 call bff7ce87 = KERNEL32.DLL:.text+0x3e87 2251 0167:bff76996 58 pop eax 2252 0167:bff76997 ebe4 jmp bff7697d = KERNEL32.DLL:_FREQASM+0x597d 2253 0167:bff76999 64ff3500000000 push dword ptr fs:[00000000] 2254 0167:bff769a0 55 push ebp 2255 0167:bff769a1 8d4c2404 lea ecx,[esp+04] 2256 0167:bff769a5 16 push ss 2257 2258 -------------------- 2259 2260 2261 013af728 bffc94c0 = KERNEL32.DLL:.data+0x4c0 2262 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2263 013af72c 013af8e4 -> 14 f9 3a 01 a0 c8 f7 bf 88 5f 81 81 d1 00 00 00 ..:......_...... 2264 013af730 bff769d5 = KERNEL32.DLL:_FREQASM+0x59d5 2265 2266 -------------------- 2267 2268 0167:bff769b3 e8e1ffffff call bff76999 = KERNEL32.DLL:_FREQASM+0x5999 2269 0167:bff769b8 a1e09cfcbf mov eax,dword ptr [bffc9ce0] 2270 0167:bff769bd 8b00 mov eax,dword ptr [eax] 2271 0167:bff769bf 8b4878 mov ecx,dword ptr [eax+78] 2272 0167:bff769c2 e304 jecxz bff769c8 = KERNEL32.DLL:_FREQASM+0x59c8 2273 0167:bff769c4 83490420 or dword ptr [ecx+04],+20 2274 0167:bff769c8 c3 retd 2275 0167:bff769c9 a1e09cfcbf mov eax,dword ptr [bffc9ce0] 2276 0167:bff769ce ff30 push dword ptr [eax] 2277 0167:bff769d0 e875ffffff call bff7694a = KERNEL32.DLL:_FREQASM+0x594a 2278 KERNEL32.DLL:_FREQASM+0x59d5: 2279 *0167:bff769d5 c3 retd 2280 0167:bff769d6 cc int 3 2281 0167:bff769d7 cc int 3 2282 0167:bff769d8 55 push ebp 2283 0167:bff769d9 8bec mov ebp,esp 2284 0167:bff769db 57 push edi 2285 0167:bff769dc 53 push ebx 2286 0167:bff769dd ff35109dfcbf push dword ptr [bffc9d10] 2287 0167:bff769e3 e8ccd7ffff call bff741b4 = KERNEL32.DLL!97 2288 0167:bff769e8 8b7d08 mov edi,dword ptr [ebp+08] 2289 0167:bff769eb b904000000 mov ecx,00000004 2290 2291 -------------------- 2292 2293 2294 013af734 818359c8 -> 07 00 00 00 d0 46 4f c1 d8 ea 3a 01 00 00 3b 01 .....FO...:...;. 2295 013af738 bff7de32 = KERNEL32.DLL:.text+0x4e32 2296 2297 -------------------- 2298 2299 0167:bff7de07 ff75d8 push dword ptr [ebp-28] 2300 0167:bff7de0a e825fd0100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter 2301 0167:bff7de0f c3 retd 2302 0167:bff7de10 8b65e8 mov esp,dword ptr [ebp-18] 2303 0167:bff7de13 c745e401000000 mov dword ptr [ebp-1c],00000001 2304 0167:bff7de1a 8d8564feffff lea eax,[ebp-0000019c] 2305 0167:bff7de20 50 push eax 2306 0167:bff7de21 e836d00200 call bffaae5c = KERNEL32.DLL:.text+0x31e5c 2307 0167:bff7de26 c745fcffffffff mov dword ptr [ebp-04],ffffffff 2308 0167:bff7de2d e8978bffff call bff769c9 = KERNEL32.DLL:_FREQASM+0x59c9 2309 KERNEL32.DLL:.text+0x4e32: 2310 *0167:bff7de32 8b45dc mov eax,dword ptr [ebp-24] 2311 0167:bff7de35 8020ef and byte ptr [eax],ef 2312 0167:bff7de38 8b45e4 mov eax,dword ptr [ebp-1c] 2313 0167:bff7de3b eb02 jmp bff7de3f = KERNEL32.DLL:.text+0x4e3f 2314 0167:bff7de3d 33c0 xor eax,eax 2315 0167:bff7de3f 8b4df0 mov ecx,dword ptr [ebp-10] 2316 0167:bff7de42 5f pop edi 2317 0167:bff7de43 64890d00000000 mov dword ptr fs:[00000000],ecx 2318 0167:bff7de4a 5e pop esi 2319 0167:bff7de4b 5b pop ebx 2320 0167:bff7de4c 8be5 mov esp,ebp 2321 2322 -------------------- 2323 2324 2325 013af73c 81835f84 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 2326 013af740 81835f58 -> 00 58 83 81 cc 57 83 81 70 c1 82 81 00 00 00 00 .X...W..p....... 2327 013af744 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 2328 013af748 c14f31f0 -> 01 00 00 00 c8 59 83 81 e4 42 83 81 00 24 4f c1 .....Y...B...$O. 2329 013af74c 0f0e0d0c 2330 013af750 13121110 2331 013af754 17161514 2332 013af758 1b1a1918 2333 013af75c 1f1e1d1c 2334 013af760 23222120 2335 013af764 27262524 2336 013af768 00000001 2337 013af76c 00000000 2338 013af770 013af78c -> a4 f7 3a 01 28 b8 f7 bf ee 13 f7 bf 67 01 00 00 ..:.(.......g... 2339 013af774 bff7b77b = KERNEL32.DLL:.text+0x277b 2340 2341 -------------------- 2342 2343 0167:bff7b75c a1109dfcbf mov eax,dword ptr [bffc9d10] 2344 0167:bff7b761 8bec mov ebp,esp 2345 0167:bff7b763 56 push esi 2346 0167:bff7b764 50 push eax 2347 0167:bff7b765 e84a8affff call bff741b4 = KERNEL32.DLL!97 2348 0167:bff7b76a ff7514 push dword ptr [ebp+14] 2349 0167:bff7b76d ff7510 push dword ptr [ebp+10] 2350 0167:bff7b770 ff750c push dword ptr [ebp+0c] 2351 0167:bff7b773 ff7508 push dword ptr [ebp+08] 2352 0167:bff7b776 e890fdffff call bff7b50b = KERNEL32.DLL:.text+0x250b 2353 KERNEL32.DLL:.text+0x277b: 2354 *0167:bff7b77b 8bf0 mov esi,eax 2355 0167:bff7b77d 85f6 test esi,esi 2356 0167:bff7b77f 740a jz bff7b78b = KERNEL32.DLL:.text+0x278b 2357 0167:bff7b781 f6451380 test byte ptr [ebp+13],80 2358 0167:bff7b785 7404 jz bff7b78b = KERNEL32.DLL:.text+0x278b 2359 0167:bff7b787 66ff4602 inc word ptr [esi+02] 2360 0167:bff7b78b a1109dfcbf mov eax,dword ptr [bffc9d10] 2361 0167:bff7b790 50 push eax 2362 0167:bff7b791 e8578affff call bff741ed = KERNEL32.DLL!98 2363 0167:bff7b796 8bc6 mov eax,esi 2364 0167:bff7b798 5e pop esi 2365 2366 -------------------- 2367 2368 2369 013af778 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 2370 2371 -------------------- 2372 2373 0167:bff741dd 51 push ecx 2374 0167:bff741de 52 push edx 2375 0167:bff741df 681d002a00 push 002a001d 2376 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 2377 0167:bff741e9 59 pop ecx 2378 0167:bff741ea 5a pop edx 2379 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 2380 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 2381 0167:bff741f1 50 push eax 2382 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb 2383 KERNEL32.DLL:_FREQASM+0x31f7: 2384 *0167:bff741f7 58 pop eax 2385 0167:bff741f8 c20400 retd 0004 2386 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 2387 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 2388 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 2389 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 2390 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 2391 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 2392 0167:bff74212 ff4a04 dec dword ptr [edx+04] 2393 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 2394 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 2395 2396 -------------------- 2397 2398 2399 013af77c bffc9490 = KERNEL32.DLL:.data+0x490 2400 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2401 013af780 bff7b796 = KERNEL32.DLL:.text+0x2796 2402 2403 -------------------- 2404 2405 0167:bff7b776 e890fdffff call bff7b50b = KERNEL32.DLL:.text+0x250b 2406 0167:bff7b77b 8bf0 mov esi,eax 2407 0167:bff7b77d 85f6 test esi,esi 2408 0167:bff7b77f 740a jz bff7b78b = KERNEL32.DLL:.text+0x278b 2409 0167:bff7b781 f6451380 test byte ptr [ebp+13],80 2410 0167:bff7b785 7404 jz bff7b78b = KERNEL32.DLL:.text+0x278b 2411 0167:bff7b787 66ff4602 inc word ptr [esi+02] 2412 0167:bff7b78b a1109dfcbf mov eax,dword ptr [bffc9d10] 2413 0167:bff7b790 50 push eax 2414 0167:bff7b791 e8578affff call bff741ed = KERNEL32.DLL!98 2415 KERNEL32.DLL:.text+0x2796: 2416 *0167:bff7b796 8bc6 mov eax,esi 2417 0167:bff7b798 5e pop esi 2418 0167:bff7b799 5d pop ebp 2419 0167:bff7b79a c21000 retd 0010 2420 0167:bff7b79d 55 push ebp 2421 0167:bff7b79e 8bec mov ebp,esp 2422 0167:bff7b7a0 53 push ebx 2423 0167:bff7b7a1 56 push esi 2424 0167:bff7b7a2 57 push edi 2425 0167:bff7b7a3 33ff xor edi,edi 2426 0167:bff7b7a5 837d1801 cmp dword ptr [ebp+18],+01 2427 2428 -------------------- 2429 2430 2431 013af784 bffc9490 = KERNEL32.DLL:.data+0x490 2432 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2433 013af788 00000000 2434 013af78c 013af7a4 -> 01 00 00 00 08 00 00 00 02 00 b8 00 00 00 06 60 ...............` 2435 013af790 bff7b828 = KERNEL32.DLL:.text+0x2828 2436 2437 -------------------- 2438 2439 0167:bff7b80b 5b pop ebx 2440 0167:bff7b80c c20800 retd 0008 2441 0167:bff7b80f 55 push ebp 2442 0167:bff7b810 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2443 0167:bff7b815 8bec mov ebp,esp 2444 0167:bff7b817 ff742410 push dword ptr [esp+10] 2445 0167:bff7b81b ff750c push dword ptr [ebp+0c] 2446 0167:bff7b81e ff7508 push dword ptr [ebp+08] 2447 0167:bff7b821 ff30 push dword ptr [eax] 2448 0167:bff7b823 e833ffffff call bff7b75b = KERNEL32.DLL:.text+0x275b 2449 KERNEL32.DLL:.text+0x2828: 2450 *0167:bff7b828 5d pop ebp 2451 0167:bff7b829 c20c00 retd 000c 2452 0167:bff7b82c 55 push ebp 2453 0167:bff7b82d 8bec mov ebp,esp 2454 0167:bff7b82f 50 push eax 2455 0167:bff7b830 a1109dfcbf mov eax,dword ptr [bffc9d10] 2456 0167:bff7b835 50 push eax 2457 0167:bff7b836 e87989ffff call bff741b4 = KERNEL32.DLL!97 2458 0167:bff7b83b ff7508 push dword ptr [ebp+08] 2459 0167:bff7b83e e8d1fdffff call bff7b614 = KERNEL32.DLL:.text+0x2614 2460 0167:bff7b843 a1109dfcbf mov eax,dword ptr [bffc9d10] 2461 2462 -------------------- 2463 2464 2465 013af794 bff713ee = KERNEL32.DLL:_FREQASM+0x3ee 2466 2467 -------------------- 2468 2469 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 2470 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2471 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2472 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2473 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2474 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 2475 0167:bff713d8 8f0424 pop dword ptr [esp] 2476 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2477 0167:bff713e2 b801000100 mov eax,00010001 2478 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2479 KERNEL32.DLL:_FREQASM+0x3ee: 2480 *0167:bff713ee b843002a00 mov eax,002a0043 2481 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2482 0167:bff713fa 83c414 add esp,+14 2483 0167:bff713fd 0fb7c8 movzx ecx,ax 2484 0167:bff71400 0fa4d310 shld ebx,edx,10 2485 0167:bff71404 c0e302 shl bl,02 2486 0167:bff71407 6681ea0010 sub dx,1000 2487 0167:bff7140c 0fbfc2 movsx eax,dx 2488 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 2489 0167:bff71414 55 push ebp 2490 0167:bff71415 53 push ebx 2491 2492 -------------------- 2493 2494 2495 013af798 00000167 2496 013af79c bff7ead5 = KERNEL32.DLL:.text+0x5ad5 2497 2498 -------------------- 2499 2500 0167:bff7eab8 8b354c95fcbf mov esi,dword ptr [bffc954c] 2501 0167:bff7eabe b801000000 mov eax,00000001 2502 0167:bff7eac3 85db test ebx,ebx 2503 0167:bff7eac5 740e jz bff7ead5 = KERNEL32.DLL:.text+0x5ad5 2504 0167:bff7eac7 ff7518 push dword ptr [ebp+18] 2505 0167:bff7eaca ff75fc push dword ptr [ebp-04] 2506 0167:bff7eacd 56 push esi 2507 0167:bff7eace 53 push ebx 2508 0167:bff7eacf ff75f8 push dword ptr [ebp-08] 2509 0167:bff7ead2 ff551c call dword ptr [ebp+1c] 2510 KERNEL32.DLL:.text+0x5ad5: 2511 *0167:bff7ead5 85c0 test eax,eax 2512 0167:bff7ead7 7420 jz bff7eaf9 = KERNEL32.DLL:.text+0x5af9 2513 0167:bff7ead9 83e707 and edi,+07 2514 0167:bff7eadc 741b jz bff7eaf9 = KERNEL32.DLL:.text+0x5af9 2515 0167:bff7eade c1e710 shl edi,10 2516 0167:bff7eae1 015dfc add dword ptr [ebp-04],ebx 2517 0167:bff7eae4 097dfc or dword ptr [ebp-04],edi 2518 0167:bff7eae7 015df8 add dword ptr [ebp-08],ebx 2519 0167:bff7eaea ff7518 push dword ptr [ebp+18] 2520 0167:bff7eaed ff75fc push dword ptr [ebp-04] 2521 0167:bff7eaf0 56 push esi 2522 2523 -------------------- 2524 2525 2526 013af7a0 00076281 2527 013af7a4 00000001 2528 013af7a8 00000008 2529 013af7ac 00b80002 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2530 013af7b0 60060000 2531 013af7b4 00000000 2532 013af7b8 76281000 = WININET.DLL:.text+0x0 2533 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 2534 013af7bc 81816080 -> 2e 74 65 78 74 00 00 00 68 d3 05 00 00 10 00 00 .text...h....... 2535 013af7c0 00076281 2536 013af7c4 00b80002 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2537 013af7c8 013af818 -> c4 00 00 00 4c f8 3a 01 02 00 00 00 00 00 00 00 ....L.:......... 2538 013af7cc bff88698 = KERNEL32.DLL:.text+0xf698 2539 2540 -------------------- 2541 2542 0167:bff8867e 8b4324 mov eax,dword ptr [ebx+24] 2543 0167:bff88681 0d00000080 or eax,80000000 2544 0167:bff88686 50 push eax 2545 0167:bff88687 51 push ecx 2546 0167:bff88688 8b4314 mov eax,dword ptr [ebx+14] 2547 0167:bff8868b 0345f8 add eax,dword ptr [ebp-08] 2548 0167:bff8868e 50 push eax 2549 0167:bff8868f 56 push esi 2550 0167:bff88690 ff7508 push dword ptr [ebp+08] 2551 0167:bff88693 e88f63ffff call bff7ea27 = KERNEL32.DLL:.text+0x5a27 2552 KERNEL32.DLL:.text+0xf698: 2553 *0167:bff88698 85c0 test eax,eax 2554 0167:bff8869a 7409 jz bff886a5 = KERNEL32.DLL:.text+0xf6a5 2555 0167:bff8869c c745fc01000000 mov dword ptr [ebp-04],00000001 2556 0167:bff886a3 eb07 jmp bff886ac = KERNEL32.DLL:.text+0xf6ac 2557 0167:bff886a5 c745fc00000000 mov dword ptr [ebp-04],00000000 2558 0167:bff886ac 85ff test edi,edi 2559 0167:bff886ae 7418 jz bff886c8 = KERNEL32.DLL:.text+0xf6c8 2560 0167:bff886b0 837dfc00 cmp dword ptr [ebp-04],+00 2561 0167:bff886b4 740c jz bff886c2 = KERNEL32.DLL:.text+0xf6c2 2562 0167:bff886b6 6800100000 push 00001000 2563 0167:bff886bb 57 push edi 2564 2565 -------------------- 2566 2567 2568 013af7d0 c14f0017 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2569 013af7d4 76281000 = WININET.DLL:.text+0x0 2570 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 2571 013af7d8 013afa69 -> 00 00 00 cc 6e 83 81 f7 41 f7 bf 90 94 fc bf 3d ....n...A......= 2572 013af7dc 0000005f 2573 013af7e0 60060000 2574 013af7e4 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 2575 2576 -------------------- 2577 2578 0167:bff713c5 c20400 retd 0004 2579 0167:bff713c8 33c0 xor eax,eax 2580 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 2581 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2582 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2583 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2584 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2585 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 2586 0167:bff713d8 8f0424 pop dword ptr [esp] 2587 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2588 KERNEL32.DLL:_FREQASM+0x3e2: 2589 *0167:bff713e2 b801000100 mov eax,00010001 2590 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2591 0167:bff713ee b843002a00 mov eax,002a0043 2592 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2593 0167:bff713fa 83c414 add esp,+14 2594 0167:bff713fd 0fb7c8 movzx ecx,ax 2595 0167:bff71400 0fa4d310 shld ebx,edx,10 2596 0167:bff71404 c0e302 shl bl,02 2597 0167:bff71407 6681ea0010 sub dx,1000 2598 0167:bff7140c 0fbfc2 movsx eax,dx 2599 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 2600 2601 -------------------- 2602 2603 2604 013af7e8 00076281 2605 013af7ec 013af86c -> dd 62 07 00 81 62 07 00 00 00 00 00 00 00 00 00 .b...b.......... 2606 013af7f0 00076281 2607 013af7f4 76281000 = WININET.DLL:.text+0x0 2608 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 2609 013af7f8 76280000 = WININET.DLL+0x0 2610 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 2611 013af7fc 00000001 2612 013af800 00061000 2613 013af804 00001000 2614 013af808 00000004 2615 013af80c 00020000 2616 013af810 00000000 2617 013af814 762dd390 = WININET.DLL:.text+0x5c390 2618 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2619 013af818 000000c4 2620 013af81c 013af84c -> f0 f8 3a 01 01 00 00 00 7c 3b 81 81 0f 3b f8 bf ..:.....|;...;.. 2621 013af820 00000002 2622 013af824 00000000 2623 ... 2624 013af844 70c09b20 = SHLWAPI.DLL:.text+0x38b20 2625 -> 00 00 00 00 91 20 17 37 00 00 00 00 ea ac 03 00 ..... .7........ 2626 013af848 000000c4 2627 013af84c 013af8f0 -> d1 00 00 00 e4 42 83 81 00 00 00 00 00 00 28 76 .....B........(v 2628 013af850 00000001 2629 013af854 81813b7c -> 50 45 00 00 4c 01 04 00 3e 63 17 37 00 00 00 00 PE..L...>c.7.... 2630 013af858 bff83b0f = KERNEL32.DLL:.text+0xab0f 2631 2632 -------------------- 2633 2634 0167:bff83aee 8945d8 mov dword ptr [ebp-28],eax 2635 0167:bff83af1 0f86a1010000 jbe bff83c98 = KERNEL32.DLL:.text+0xac98 2636 0167:bff83af7 8b4508 mov eax,dword ptr [ebp+08] 2637 0167:bff83afa 83c01c add eax,+1c 2638 0167:bff83afd 8945b4 mov dword ptr [ebp-4c],eax 2639 0167:bff83b00 8b45b4 mov eax,dword ptr [ebp-4c] 2640 0167:bff83b03 8b30 mov esi,dword ptr [eax] 2641 0167:bff83b05 668b4e10 mov cx,word ptr [esi+10] 2642 0167:bff83b09 51 push ecx 2643 0167:bff83b0a e803a4ffff call bff7df12 = KERNEL32.DLL:.text+0x4f12 2644 KERNEL32.DLL:.text+0xab0f: 2645 *0167:bff83b0f 8945e0 mov dword ptr [ebp-20],eax 2646 0167:bff83b12 8b45e4 mov eax,dword ptr [ebp-1c] 2647 0167:bff83b15 83c004 add eax,+04 2648 0167:bff83b18 8945c0 mov dword ptr [ebp-40],eax 2649 0167:bff83b1b 8b00 mov eax,dword ptr [eax] 2650 0167:bff83b1d 85c0 test eax,eax 2651 0167:bff83b1f 7424 jz bff83b45 = KERNEL32.DLL:.text+0xab45 2652 0167:bff83b21 8b4de0 mov ecx,dword ptr [ebp-20] 2653 0167:bff83b24 394108 cmp dword ptr [ecx+08],eax 2654 0167:bff83b27 751c jnz bff83b45 = KERNEL32.DLL:.text+0xab45 2655 0167:bff83b29 8b0d249cfcbf mov ecx,dword ptr [bffc9c24] 2656 2657 -------------------- 2658 2659 2660 013af85c 00000003 2661 013af860 81835f58 -> 00 58 83 81 cc 57 83 81 70 c1 82 81 00 00 00 00 .X...W..p....... 2662 013af864 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 2663 013af868 00000004 2664 013af86c 000762dd 2665 013af870 00076281 2666 013af874 00000000 2667 ... 2668 013af894 00076281 2669 013af898 81834b30 -> c8 4a 83 81 f8 4a 83 81 5c 4e 82 81 78 6a 83 81 .J...J..\N..xj.. 2670 013af89c 81835f74 -> 30 4b 83 81 00 4a 83 81 24 4a 83 81 9c 4a 83 81 0K...J..$J...J.. 2671 013af8a0 81810f08 -> 00 00 00 00 88 5f 81 81 ff ff ff ff 48 0f 81 81 ....._......H... 2672 013af8a4 81835f84 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 2673 013af8a8 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 2674 013af8ac 70be0a9c = SHLWAPI.DLL!StrCatBuffA 2675 -> 55 8b ec 56 8b 75 08 33 c9 8b c6 38 0e 74 08 40 U..V.u.3...8.t.@ 2676 013af8b0 762dffff = WININET.DLL:.data+0xfff 2677 -> 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ................ 2678 013af8b4 76281304 = WININET.DLL:.text+0x304 2679 -> 55 8b ec 53 56 8b 75 0c 57 6a 01 5f 3b f7 74 4f U..SV.u.Wj._;.tO 2680 013af8b8 00000001 2681 013af8bc 81815fbc -> 00 00 28 76 00 10 00 00 00 10 00 00 05 00 00 00 ..(v............ 2682 013af8c0 81835a0c -> 08 00 00 00 03 01 00 00 e7 2e 00 00 00 00 00 00 ................ 2683 013af8c4 00000000 2684 ... 2685 013af8cc 013af73c -> 84 5f 83 81 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 ._..X_..l_...1O. 2686 013af8d0 8180ce74 -> 50 45 00 00 4c 01 05 00 cd a1 20 37 00 00 00 00 PE..L..... 7.... 2687 013af8d4 013afc4c -> 01 00 00 00 b4 05 fc bf 0c 5a 83 81 00 00 00 00 .........Z...... 2688 013af8d8 bffc05b4 = KERNEL32.DLL:.text+0x475b4 2689 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 2690 013af8dc 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 2691 ... 2692 013af8e4 013af914 -> 90 fa 3a 01 f7 41 f7 bf 44 43 83 81 ec 03 f8 bf ..:..A..DC...... 2693 013af8e8 bff7c8a0 = KERNEL32.DLL:.text+0x38a0 2694 2695 -------------------- 2696 2697 0167:bff7c883 5d pop ebp 2698 0167:bff7c884 c20c00 retd 000c 2699 0167:bff7c887 8b45ec mov eax,dword ptr [ebp-14] 2700 0167:bff7c88a 8b75fc mov esi,dword ptr [ebp-04] 2701 0167:bff7c88d 8b55f8 mov edx,dword ptr [ebp-08] 2702 0167:bff7c890 0fbf0470 movsx eax,word ptr [eax+esi*2] 2703 0167:bff7c894 034210 add eax,dword ptr [edx+10] 2704 0167:bff7c897 50 push eax 2705 0167:bff7c898 ff7508 push dword ptr [ebp+08] 2706 0167:bff7c89b e85ffdffff call bff7c5ff = KERNEL32.DLL:.text+0x35ff 2707 KERNEL32.DLL:.text+0x38a0: 2708 *0167:bff7c8a0 ebdc jmp bff7c87e = KERNEL32.DLL:.text+0x387e 2709 0167:bff7c8a2 ff74240c push dword ptr [esp+0c] 2710 0167:bff7c8a6 ff74240c push dword ptr [esp+0c] 2711 0167:bff7c8aa ff74240c push dword ptr [esp+0c] 2712 0167:bff7c8ae e853d20100 call bff99b06 = KERNEL32.DLL:.text+0x20b06 2713 0167:bff7c8b3 3d01000040 cmp eax,40000001 2714 0167:bff7c8b8 74e8 jz bff7c8a2 = KERNEL32.DLL:.text+0x38a2 2715 0167:bff7c8ba c20c00 retd 000c 2716 0167:bff7c8bd 6a00 push +00 2717 0167:bff7c8bf ff74240c push dword ptr [esp+0c] 2718 0167:bff7c8c3 ff74240c push dword ptr [esp+0c] 2719 2720 -------------------- 2721 2722 2723 013af8ec 81815f88 -> 50 45 00 00 4c 01 04 00 2f a2 20 37 00 00 00 00 PE..L.../. 7.... 2724 013af8f0 000000d1 2725 013af8f4 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 2726 013af8f8 00000000 2727 013af8fc 76280000 = WININET.DLL+0x0 2728 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 2729 013af900 762dbed0 = WININET.DLL:.text+0x5aed0 2730 -> 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 ................ 2731 013af904 762dbb90 = WININET.DLL:.text+0x5ab90 2732 -> cd c0 05 00 e2 c0 05 00 f7 c0 05 00 10 c1 05 00 ................ 2733 013af908 0000005f 2734 013af90c 762db800 = WININET.DLL:.text+0x5a800 2735 -> 00 00 00 00 a3 28 17 37 00 00 00 00 70 c0 05 00 .....(.7....p... 2736 013af910 0000005f 2737 013af914 013afa90 -> b2 30 00 76 f7 41 f7 bf c9 59 83 81 f3 68 f7 bf .0.v.A...Y...h.. 2738 013af918 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 2739 2740 -------------------- 2741 2742 0167:bff741dd 51 push ecx 2743 0167:bff741de 52 push edx 2744 0167:bff741df 681d002a00 push 002a001d 2745 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 2746 0167:bff741e9 59 pop ecx 2747 0167:bff741ea 5a pop edx 2748 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 2749 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 2750 0167:bff741f1 50 push eax 2751 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb 2752 KERNEL32.DLL:_FREQASM+0x31f7: 2753 *0167:bff741f7 58 pop eax 2754 0167:bff741f8 c20400 retd 0004 2755 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 2756 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 2757 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 2758 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 2759 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 2760 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 2761 0167:bff74212 ff4a04 dec dword ptr [edx+04] 2762 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 2763 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 2764 2765 -------------------- 2766 2767 2768 013af91c 81834344 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2769 013af920 bff803ec = KERNEL32.DLL:.text+0x73ec 2770 2771 -------------------- 2772 2773 0167:bff803cf 740b jz bff803dc = KERNEL32.DLL:.text+0x73dc 2774 0167:bff803d1 85f6 test esi,esi 2775 0167:bff803d3 7507 jnz bff803dc = KERNEL32.DLL:.text+0x73dc 2776 0167:bff803d5 6a7f push +7f 2777 0167:bff803d7 e8c4c5ffff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 2778 0167:bff803dc a1e49cfcbf mov eax,dword ptr [bffc9ce4] 2779 0167:bff803e1 8b00 mov eax,dword ptr [eax] 2780 0167:bff803e3 83c060 add eax,+60 2781 0167:bff803e6 50 push eax 2782 0167:bff803e7 e8013effff call bff741ed = KERNEL32.DLL!98 2783 KERNEL32.DLL:.text+0x73ec: 2784 *0167:bff803ec 8bc6 mov eax,esi 2785 0167:bff803ee 5f pop edi 2786 0167:bff803ef 5e pop esi 2787 0167:bff803f0 5b pop ebx 2788 0167:bff803f1 c20800 retd 0008 2789 0167:bff803f4 56 push esi 2790 0167:bff803f5 57 push edi 2791 0167:bff803f6 68a095fcbf push bffc95a0 2792 0167:bff803fb e8b43dffff call bff741b4 = KERNEL32.DLL!97 2793 0167:bff80400 833db098fcbf00 cmp dword ptr [bffc98b0],+00 2794 0167:bff80407 7523 jnz bff8042c = KERNEL32.DLL:.text+0x742c 2795 2796 -------------------- 2797 2798 2799 013af924 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 2800 2801 -------------------- 2802 2803 0167:bff713c5 c20400 retd 0004 2804 0167:bff713c8 33c0 xor eax,eax 2805 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 2806 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2807 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2808 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2809 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 2810 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 2811 0167:bff713d8 8f0424 pop dword ptr [esp] 2812 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2813 KERNEL32.DLL:_FREQASM+0x3e2: 2814 *0167:bff713e2 b801000100 mov eax,00010001 2815 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2816 0167:bff713ee b843002a00 mov eax,002a0043 2817 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 2818 0167:bff713fa 83c414 add esp,+14 2819 0167:bff713fd 0fb7c8 movzx ecx,ax 2820 0167:bff71400 0fa4d310 shld ebx,edx,10 2821 0167:bff71404 c0e302 shl bl,02 2822 0167:bff71407 6681ea0010 sub dx,1000 2823 0167:bff7140c 0fbfc2 movsx eax,dx 2824 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 2825 2826 -------------------- 2827 2828 2829 013af928 00000167 2830 013af92c bfe8165f = ADVAPI32.DLL:.text+0x65f 2831 2832 -------------------- 2833 2834 0167:bfe81641 c21800 retd 0018 2835 0167:bfe81644 56 push esi 2836 0167:bfe81645 8b742408 mov esi,dword ptr [esp+08] 2837 0167:bfe81649 56 push esi 2838 0167:bfe8164a e8defcffff call bfe8132d = ADVAPI32.DLL:.text+0x32d 2839 0167:bfe8164f 85c0 test eax,eax 2840 0167:bfe81651 740e jz bfe81661 = ADVAPI32.DLL:.text+0x661 2841 0167:bfe81653 56 push esi 2842 0167:bfe81654 6813000100 push 00010013 2843 0167:bfe81659 ff15d8d0e8bf call dword ptr [bfe8d0d8] -> KERNEL32.DLL!1 2844 ADVAPI32.DLL:.text+0x65f: 2845 *0167:bfe8165f eb18 jmp bfe81679 = ADVAPI32.DLL:.text+0x679 2846 0167:bfe81661 6894c0e8bf push bfe8c094 2847 0167:bfe81666 e8dcfcffff call bfe81347 = ADVAPI32.DLL:.text+0x347 2848 0167:bfe8166b 85c0 test eax,eax 2849 0167:bfe8166d 7405 jz bfe81674 = ADVAPI32.DLL:.text+0x674 2850 0167:bfe8166f 56 push esi 2851 0167:bfe81670 ffd0 call eax 2852 0167:bfe81672 eb05 jmp bfe81679 = ADVAPI32.DLL:.text+0x679 2853 0167:bfe81674 b85a040000 mov eax,0000045a 2854 0167:bfe81679 5e pop esi 2855 0167:bfe8167a c20400 retd 0004 2856 2857 -------------------- 2858 2859 2860 013af930 c29e54c0 -> 00 00 00 00 00 00 00 00 a0 13 9a c2 b0 0a 00 00 ................ 2861 013af934 bff773a9 = KERNEL32.DLL!lstrlen 2862 2863 -------------------- 2864 2865 0167:bff7738d ff7024 push dword ptr [eax+24] 2866 0167:bff77390 ff7020 push dword ptr [eax+20] 2867 0167:bff77393 e8469effff call bff711de = KERNEL32.DLL:_FREQASM+0x1de 2868 0167:bff77398 648f0500000000 pop dword ptr fs:[00000000] 2869 0167:bff7739f 83c408 add esp,+08 2870 0167:bff773a2 5d pop ebp 2871 0167:bff773a3 5f pop edi 2872 0167:bff773a4 5e pop esi 2873 0167:bff773a5 5b