System snapshot taken on 2/12/07 4:16:42 AM. *----> Summary/Overview <----* NSISDL.DLL attempted to read from memory that does not exist. It may be using an uninitialized variable, or it may be attempting to access memory after having freed it. Module Name: NSISDL.DLL Application Name: Debian-svn45063.exe -------------------- Windows 95/98 VMware SVGA Display Driver does not appear to be a Windows 95 Plug-and-Play compatible display driver. Module Name: vmx_svga.drv Description: Windows 95/98 VMware SVGA Display Driver Version: build-29996 Product: VMware SVGA II (FIFO) Manufacturer: VMware, Inc. User's Remarks: *----> System Information <----* Microsoft Windows 98 4.10.2222 A Clean install using Full OEM CD /T:C:\WININST0.400 /SrcDir=X:\WIN98 /IE /NF /IZ /IS /IQ /IT /II /NR /II /C /U:xxxxxxxxxxxxxxxxx IE 5 5.00.2614.3500 Uptime: 0:00:04:06 Normal mode On "WIN98" as "%NAME%" GenuineIntel x86 Family 15 Model 2 Stepping 4 192MB RAM 86% system resources free Windows-managed swap file on drive C (7931MB free) Temporary files on drive C (7931MB free) *----> Task list <----* Program Type Path ------------ 1. Kernel32.dll 4.10.2222 Microsoft Corporation 2. MSGSRV32.EXE 4.10.2222 Microsoft Corporation 3. Mprexe.exe 4.10.1998 Microsoft Corporation 4. Mstask.exe 4.71.1959.1 Microsoft Corporation 5. Vmwareservice.exe 1.0.1 build-29996 VMware, Inc. 6. Explorer.exe 4.72.3110.1 Microsoft Corporation 7. Taskmon.exe 4.10.1998 Microsoft Corporation 8. Systray.exe 4.10.2222 Microsoft Corporation 9. Vmwaretray.exe 1.0.1 build-29996 VMware, Inc. 10. Vmwareuser.exe 1.0.1 build-29996 VMware, Inc. 11. Debian-svn45063.exe 12. Drwatson.exe 4.03 Microsoft Corporation *----> Startup Items <----* Name Loaded from Command ------------------- 1. ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun 2. TaskMonitor Registry (Machine Run) C:\WINDOWS\taskmon.exe 3. SystemTray Registry (Machine Run) SysTray.Exe 4. LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 5. VMware Tools Registry (Machine Run) C:\Program Files\VMware\VMware Tools\VMwareTray.exe 6. VMware User Process Registry (Machine Run) C:\Program Files\VMware\VMware Tools\VMwareUser.exe 7. LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 8. SchedulingAgent Registry (Machine Service) C:\WINDOWS\SYSTEM\mstask.exe 9. VMTools Registry (Machine Service) C:\Program Files\VMware\VMware Tools\VMwareService.exe *----> System Hooks <----* Hook type Hooked by Application DLL path Application path ------------------------ 1. Mouse Hook.dll VMWAREUSER.EXE C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\Hook.dll C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\VMWAREUSER.EXE *----> Kernel Drivers <----* Driver Loaded from Type Likely path ------------------- 1. VMM Microsoft Corporation Virtual Machine Manager 2. MTRR Microsoft Corporation ? 3. VCACHE Microsoft Corporation Cache manager 4. PERF Microsoft Corporation System Monitor data collection driver 5. VFIXD 1.00.02 Intel Corporation Compatibility VxD 6. VPOWERD 4.10.2222 Microsoft Corporation VPOWERD Virtual Device (Version 4.0) 7. VPICD Microsoft Corporation Hardware interrupt manager 8. VrtwD 1.1.075.3 Intel Corporation Real-Time Clock VxD 9. VTD Microsoft Corporation Timer device driver 10. VWIN32 Microsoft Corporation Win32 subsystem driver 11. VXDLDR Microsoft Corporation Dynamic device driver loader 12. NTKERN Microsoft Corporation Windows Driver Model 13. CONFIGMG Microsoft Corporation Configuration manager 14. PCI 4.10.2222 Microsoft Corporation PCI Virtual Device (Version 4.0) 15. ISAPNP 4.10.1998 Microsoft Corporation ISAPNP Virtual Device (Version 4.0) 16. ACPI Microsoft Corporation ? 17. VCDFSD Microsoft Corporation CD-ROM filesystem driver 18. IOS Microsoft Corporation I/O Supervisor 19. PAGEFILE Microsoft Corporation Swapfile driver 20. PAGESWAP Microsoft Corporation Swapfile manager 21. PARITY Microsoft Corporation Memory parity driver 22. REBOOT Microsoft Corporation Ctrl+Alt+Del manager 23. EBIOS Microsoft Corporation Extended BIOS driver 24. VDD Microsoft Corporation Display driver 25. VMX_SVGA 26. VSD Microsoft Corporation Speaker driver 27. COMBUFF Microsoft Corporation Communications buffer driver 28. VCD Microsoft Corporation Communications port driver 29. VMOUSE Microsoft Corporation Mouse driver 30. MSMINI 4.10.1998 Microsoft Corporation MSMINI Virtual Device (Version 4.0) 31. ENABLE Microsoft Corporation Accessibility driver 32. VKD Microsoft Corporation Keyboard driver 33. VPD Microsoft Corporation Printer driver 34. INT13 Microsoft Corporation BIOS hard disk emulation driver 35. VMCPD Microsoft Corporation Math coprocessor driver 36. BIOSXLAT Microsoft Corporation BIOS emulation driver 37. VNETBIOS 4.10.1998 Microsoft Corporation VNETBIOS Virtual Device (Version 4.0) 38. NDIS 4.10.2222 Microsoft Corporation NDIS Virtual Device (Version 4.0) 39. PPPMAC 4.10.2222 Microsoft Corporation Windows Virtual PPP Driver 40. VTDI 4.10.1998 Microsoft Corporation Windows TDI Support Driver 41. WSOCK2 4.10.1998 Microsoft Corporation Windows Sockets Driver 2 TCP/IP only. 42. VIP 4.10.2222 Microsoft Corporation Windows IP Driver 43. MSTCP 4.10.2222 Microsoft Corporation Windows TCP Driver 44. VDHCP 4.10.2161 Microsoft Corporation DHCP VxD Driver 45. VNBT 4.10.2148 Microsoft Corporation VNBT VxD Driver 46. AFVXD 4.10.2222 Microsoft Corporation Windows Sockets VTDI Driver 47. DOSMGR Microsoft Corporation MS-DOS emulation manager 48. VMPOLL Microsoft Corporation System idle-time driver 49. JAVASUP 5.00.3167 Microsoft Corporation Microsoft® Virtual Machine Helper Device for Java 50. VCOMM Microsoft Corporation Communications port Plug and Play driver 51. VCOND Microsoft Corporation Console subsystem driver 52. VTDAPI Microsoft Corporation Multimedia timer driver 53. VFLATD Microsoft Corporation Linear aperture video driver 54. Display1 55. APIX 4.00.952 Microsoft Corporation APIX Virtual Device (Version 4.0) 56. CDTSD 4.10.1998 Microsoft Corporation CDTSD Virtual Device (Version 4.0) 57. CDVSD 4.10.2222 Microsoft Corporation CDVSD Virtual Device (Version 4.0) 58. DiskTSD 4.10.2222 Microsoft Corporation DiskTSD Virtual Device (Version 4.0) 59. scsi1hlp 4.10.1998 Microsoft Corporation scsi1hlp Virtual Device (Version 4.0) 60. voltrack 4.10.1998 Microsoft Corporation voltrack Virtual Device (Version 4.0) 61. BIGMEM 4.10.1998 Microsoft Corporation BIGMEM Virtual Device (Version 4.0) 62. SPAP 4.10.2222 Microsoft Corporation SPAP Virtual Device (Version 4.0) 63. HSFLOP 4.10.2222 Microsoft Corporation HSFLOP Virtual Device (Version 4.0) 64. SCSIPORT 4.10.2222 Microsoft Corporation SCSIPORT Virtual Device (Version 4.0) 65. ESDI_506 4.10.2222 Microsoft Corporation ESDI_506 Virtual Device (Version 4.0) 66. LPTENUM 4.10.1998 Microsoft Corporation LPTENUM Virtual Device (Version 4.0) 67. SERENUM 4.10.2222 Microsoft Corporation SERENUM Virtual Device (Version 4.0) 68. sage 4.71.1016 Microsoft Corporation sage Virtual Device (Version 4.0) 69. WSHTCP 4.10.1998 Microsoft Corporation Windows Sockets TCP helper Driver 70. FIOLOG 4.10.1998 Microsoft Corporation File I/O Logging VxD for Application Defrag 71. mmdevldr 4.10.1998 Microsoft Corporation mmdevldr Virtual Device (Version 4.0) 72. vjoyd 4.05.01.1998 Microsoft Corporation Joystick Virtual Device 73. VDMAD Microsoft Corporation Direct Memory Access controller driver 74. V86MMGR Microsoft Corporation MS-DOS memory manager 75. SPOOLER Microsoft Corporation Print spooler 76. UDF Microsoft Corporation ? 77. VFAT Microsoft Corporation FAT filesystem driver 78. VDEF Microsoft Corporation Default filesystem driver 79. CDFS 4.10.1998 Microsoft Corporation CDFS Virtual Device (Version 4.0) 80. IFSMGR Microsoft Corporation File system manager 81. VFBACKUP Microsoft Corporation Floppy backup helper driver 82. SHELL Microsoft Corporation Shell device driver 83. DRWATSON 4.03 Microsoft Corporation Dr. Watson for Windows 98 84. buslogic 5.01 BusLogic,Inc. Multimaster Adapter Miniport Driver 85. wmidrv 86. cmbatt 87. hidvkd 88. compbatt 89. BATTC 90. acpi Microsoft Corporation ? 91. swenum 92. ks 93. update 94. wdmfs *----> User-Mode Drivers <----* Driver Type Path ------------ 1. mmsystem.dll 4.03.1998 Microsoft Corporation 2. power.drv 4.10.1998 Microsoft Corporation *----> MS-DOS Drivers <----* Name Type ------------ 1. HIMEM Device driver 2. DBLBUFF Device driver 3. IFSHLP Device driver *----> 32-bit Modules <----* Name Date Address Path --------------- 1. NSISDL.DLL 2. WS2_32.DLL 4.10.2222 Microsoft Corporation Windows Socket 2.0 32-Bit DLL 3. WININET.DLL 5.00.2614.3500 Microsoft Corporation Internet Extensions for Win32 4. WS2HELP.DLL 4.10.1998 Microsoft Corporation Windows Socket 2.0 Helper for Windows 98 5. MSVCRT.DLL 6.00.8797.0 Microsoft Corporation Microsoft (R) C Runtime Library 6. RICHED20.DLL 5.30.23.1200 Microsoft Corporation Rich Text Edit Control, v3.0 7. HOOK.DLL 8. DEBIAN-SVN45063.EXE 9. VERSION.DLL 4.10.1998 Microsoft Corporation Win32 VERSION core component 10. SHELL32.DLL 4.72.3612.1700 Microsoft Corporation Windows Shell Common Dll 11. SHLWAPI.DLL 5.00.2614.3500 Microsoft Corporation Shell Light-weight Utility Library 12. OLE32.DLL 4.71.2900 Microsoft Corporation Microsoft OLE for Windows and Windows NT 13. COMCTL32.DLL 5.80 Microsoft Corporation Common Controls Library 14. USER32.DLL 4.10.2222 Microsoft Corporation Win32 USER32 core component 15. GDI32.DLL 4.10.1998 Microsoft Corporation Win32 GDI core component 16. ADVAPI32.DLL 4.80.1675 Microsoft Corporation Win32 ADVAPI32 core component 17. KERNEL32.DLL 4.10.2222 Microsoft Corporation Win32 Kernel core component *----> 16-bit Modules <----* Name Type Path ------------ 1. KERNEL 4.10.1998 Microsoft Corporation 2. SYSTEM 4.10.1998 Microsoft Corporation 3. KEYBOARD 4.10.2222 Microsoft Corporation 4. MOUSE 9.01.0.000 Microsoft Corporation 5. DISPLAY build-29996 VMware, Inc. 6. DIBENG 4.10.1998 Microsoft Corporation 7. SOUND 4.10.1998 Microsoft Corporation 8. COMM 4.10.1998 Microsoft Corporation 9. GDI 4.10.2222 Microsoft Corporation 10. USER 4.10.2222 Microsoft Corporation 11. DDEML 4.10.1998 Microsoft Corporation 12. MSPLUS 4.40.500 Microsoft Corporation 13. MSGSRV32 4.10.2222 Microsoft Corporation 14. MMSYSTEM 4.03.1998 Microsoft Corporation 15. POWER 4.10.1998 Microsoft Corporation 16. LZEXPAND 4.00.429 Microsoft Corporation 17. VER 4.10.1998 Microsoft Corporation 18. SHELL 4.10.1998 Microsoft Corporation 19. COMMCTRL 4.10.1998 Microsoft Corporation 20. COMMDLG 4.00.950 Microsoft Corporation 21. SYSTHUNK 4.10.1998 Microsoft Corporation 22. OLECLI 1.20.000 Microsoft Corporation 23. OLESVR 1.10.000 Microsoft Corporation 24. DCIMAN 4.03.1998 Intel(R) Corp., Microsoft Corp. 25. MSVIDEO 4.03.1998 Microsoft Corporation 26. AVICAP 4.03.1998 Microsoft Corporation 27. WIN87EM 28. PIFMGR 4.10.2222 Microsoft Corporation 29. TOOLHELP 4.10.1998 Microsoft Corporation *----> Details <----* Command line: "D:\debian-svn45063.exe" Trap 0e 0000 - Invalid page fault eax=00000041 ebx=012b0440 ecx=00000000 edx=ffffffff esi=00000000 edi=013aed90 eip=6ae47ce3 esp=013aece0 ebp=013aed38 -- -- -- nv up EI NG nz AC PE CF cs=0167 ss=016f ds=016f es=016f fs=2ee7 gs=0000 NSISDL.DLL:.text+0x6ce3: >0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 sel type base lim/bot ---- ---- -------- -------- cs 0167 r-x- 00000000 ffbfffff ss 016f rw-e 00000000 000087a0 ds 016f rw-e 00000000 000087a0 es 016f rw-e 00000000 000087a0 fs 2ee7 rw-- 818359d0 00000037 gs 0000 ---- stack base: 011b0000 TIB limits: 013ad000 - 013b0000 -- exception record -- Exception Code: c0000005 (access violation) Exception Address: 6ae47ce3 (NSISDL.DLL:.text+0x6ce3) Exception Info: 00000000 012b0440 NSISDL.DLL:.text+0x6ce3: >0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 0167:6ae47ccc 8d742600 lea esi,[esi] 0167:6ae47cd0 01c9 add ecx,ecx 0167:6ae47cd2 4a dec edx 0167:6ae47cd3 780e js 6ae47ce3 = NSISDL.DLL:.text+0x6ce3 0167:6ae47cd5 807c15a841 cmp byte ptr [ebp+edx-58],41 0167:6ae47cda 75f4 jnz 6ae47cd0 = NSISDL.DLL:.text+0x6cd0 0167:6ae47cdc 09cb or ebx,ecx 0167:6ae47cde 01c9 add ecx,ecx 0167:6ae47ce0 4a dec edx 0167:6ae47ce1 79f2 jns 6ae47cd5 = NSISDL.DLL:.text+0x6cd5 NSISDL.DLL:.text+0x6ce3: *0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 0167:6ae47ce6 7507 jnz 6ae47cef = NSISDL.DLL:.text+0x6cef 0167:6ae47ce8 89d8 mov eax,ebx 0167:6ae47cea 8b5dfc mov ebx,dword ptr [ebp-04] 0167:6ae47ced c9 leave 0167:6ae47cee c3 retd 0167:6ae47cef 50 push eax 0167:6ae47cf0 68f7000000 push 000000f7 0167:6ae47cf5 6844a4e46a push 6ae4a444 0167:6ae47cfa 68bca4e46a push 6ae4a4bc 0167:6ae47cff e83c0f0000 call 6ae48c40 = MSVCRT.DLL!_assert -------------------- -- stack summary -- 016f:013aed38 0167:6ae47ce3 NSISDL.DLL:.text+0x6ce3 (00000000,00000000,00000000,00000000, 00000000,00000000,00000000,00000000) 016f:013aedf8 0167:6ae47f59 NSISDL.DLL:.text+0x6f59 (00000000,00000000,00000000,818342e4, 00000008,818359c8,013afcb8,6ae44429) 016f:013aee18 0167:6ae480c9 NSISDL.DLL:.text+0x70c9 (013aee7c,00000000,00000000,00000000, 00000000,00000000,00000000,00000000) 016f:013afcb8 0167:6ae44429 NSISDL.DLL:.text+0x3429 (00000404,00000400,0042d000,0040f840, 0040c000,0040f850,00000000,00000000) 016f:013aff38 0167:00403255 DEBIAN-SVN45063.EXE:.text+0x2255 (00441f5c,00000402,00002af8,00000000, 00000000,00000000,00000000,00000000) 016f:013aff68 0167:00401874 DEBIAN-SVN45063.EXE:.text+0x874 (000000dd,00000534,013affbc,bffc05b4, bff79198,ffffffff,013affcc,00440318) 016f:013aff98 0167:00407bd7 DEBIAN-SVN45063.EXE:.text+0x6bd7 (00000534,818359c8,00000008,818342e4, 00000007,013affa4,013aeb10,ffffffff) 016f:013affcc 0167:bff88f20 KERNEL32!ThreadStartup -- stack trace -- 016f:013aed38 0167:6ae47ce3 NSISDL.DLL:.text+0x6ce3 (00000000,00000000,00000000,00000000, 00000000,00000000,00000000,00000000) 0167:6ae47ccc 8d742600 lea esi,[esi] 0167:6ae47cd0 01c9 add ecx,ecx 0167:6ae47cd2 4a dec edx 0167:6ae47cd3 780e js 6ae47ce3 = NSISDL.DLL:.text+0x6ce3 0167:6ae47cd5 807c15a841 cmp byte ptr [ebp+edx-58],41 0167:6ae47cda 75f4 jnz 6ae47cd0 = NSISDL.DLL:.text+0x6cd0 0167:6ae47cdc 09cb or ebx,ecx 0167:6ae47cde 01c9 add ecx,ecx 0167:6ae47ce0 4a dec edx 0167:6ae47ce1 79f2 jns 6ae47cd5 = NSISDL.DLL:.text+0x6cd5 NSISDL.DLL:.text+0x6ce3: *0167:6ae47ce3 833b54 cmp dword ptr [ebx],+54 0167:6ae47ce6 7507 jnz 6ae47cef = NSISDL.DLL:.text+0x6cef 0167:6ae47ce8 89d8 mov eax,ebx 0167:6ae47cea 8b5dfc mov ebx,dword ptr [ebp-04] 0167:6ae47ced c9 leave 0167:6ae47cee c3 retd 0167:6ae47cef 50 push eax 0167:6ae47cf0 68f7000000 push 000000f7 0167:6ae47cf5 6844a4e46a push 6ae4a444 0167:6ae47cfa 68bca4e46a push 6ae4a4bc 0167:6ae47cff e83c0f0000 call 6ae48c40 = MSVCRT.DLL!_assert -------------------- 016f:013aedf8 0167:6ae47f59 NSISDL.DLL:.text+0x6f59 (00000000,00000000,00000000,818342e4, 00000008,818359c8,013afcb8,6ae44429) 0167:6ae47f35 57 push edi 0167:6ae47f36 e8350d0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA 0167:6ae47f3b 83c40c add esp,+0c 0167:6ae47f3e 25ffff0000 and eax,0000ffff 0167:6ae47f43 e858fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 0167:6ae47f48 83c410 add esp,+10 0167:6ae47f4b 89c6 mov esi,eax 0167:6ae47f4d eb0c jmp 6ae47f5b = NSISDL.DLL:.text+0x6f5b 0167:6ae47f4f 25ffff0000 and eax,0000ffff 0167:6ae47f54 e847fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 NSISDL.DLL:.text+0x6f59: *0167:6ae47f59 89c6 mov esi,eax 0167:6ae47f5b 8d4604 lea eax,[esi+04] 0167:6ae47f5e 89358045e56a mov dword ptr [6ae54580],esi 0167:6ae47f64 a37045e56a mov dword ptr [6ae54570],eax 0167:6ae47f69 8d4608 lea eax,[esi+08] 0167:6ae47f6c a39045e56a mov dword ptr [6ae54590],eax 0167:6ae47f71 8d65f4 lea esp,[ebp-0c] 0167:6ae47f74 5b pop ebx 0167:6ae47f75 5e pop esi 0167:6ae47f76 5f pop edi 0167:6ae47f77 5d pop ebp -------------------- 016f:013aee18 0167:6ae480c9 NSISDL.DLL:.text+0x70c9 (013aee7c,00000000,00000000,00000000, 00000000,00000000,00000000,00000000) 0167:6ae480b4 8b4228 mov eax,dword ptr [edx+28] 0167:6ae480b7 8907 mov dword ptr [edi],eax 0167:6ae480b9 897a28 mov dword ptr [edx+28],edi 0167:6ae480bc 8d65f4 lea esp,[ebp-0c] 0167:6ae480bf 5b pop ebx 0167:6ae480c0 5e pop esi 0167:6ae480c1 5f pop edi 0167:6ae480c2 5d pop ebp 0167:6ae480c3 c3 retd 0167:6ae480c4 e857fcffff call 6ae47d20 = NSISDL.DLL:.text+0x6d20 NSISDL.DLL:.text+0x70c9: *0167:6ae480c9 8b158045e56a mov edx,dword ptr [6ae54580] 0167:6ae480cf 8b422c mov eax,dword ptr [edx+2c] 0167:6ae480d2 85c0 test eax,eax 0167:6ae480d4 79d7 jns 6ae480ad = NSISDL.DLL:.text+0x70ad 0167:6ae480d6 e825ffffff call 6ae48000 = NSISDL.DLL:.text+0x7000 0167:6ae480db 8b158045e56a mov edx,dword ptr [6ae54580] 0167:6ae480e1 8b722c mov esi,dword ptr [edx+2c] 0167:6ae480e4 85f6 test esi,esi 0167:6ae480e6 74cc jz 6ae480b4 = NSISDL.DLL:.text+0x70b4 0167:6ae480e8 8b5a30 mov ebx,dword ptr [edx+30] 0167:6ae480eb e8c00b0000 call 6ae48cb0 = KERNEL32.DLL!GetLastError -------------------- 016f:013afcb8 0167:6ae44429 NSISDL.DLL:.text+0x3429 (00000404,00000400,0042d000,0040f840, 0040c000,0040f850,00000000,00000000) 0167:6ae44407 f1 int 1 0167:6ae44408 ff ?db ff 0167:6ae44409 ff8d55e88910 dec dword ptr [ebp+1089e855] 0167:6ae4440f ba454be46a mov edx,6ae44b45 0167:6ae44414 895004 mov dword ptr [eax+04],edx 0167:6ae44417 896008 mov dword ptr [eax+08],esp 0167:6ae4441a 8d85c4f1ffff lea eax,[ebp-00000e3c] 0167:6ae44420 83ec0c sub esp,+0c 0167:6ae44423 50 push eax 0167:6ae44424 e8673c0000 call 6ae48090 = NSISDL.DLL:.text+0x7090 NSISDL.DLL:.text+0x3429: *0167:6ae44429 83c410 add esp,+10 0167:6ae4442c c785e4f3ffff00000000 mov dword ptr [ebp-00000c1c],00000000 0167:6ae44436 c785e0f3ffff30750000 mov dword ptr [ebp-00000c20],00007530 0167:6ae44440 c785dcf3ffff01000000 mov dword ptr [ebp-00000c24],00000001 0167:6ae4444a c785d8f3ffff00000000 mov dword ptr [ebp-00000c28],00000000 0167:6ae44454 c785d4f3ffff00000000 mov dword ptr [ebp-00000c2c],00000000 0167:6ae4445e 8b450c mov eax,dword ptr [ebp+0c] 0167:6ae44461 a338c0e46a mov dword ptr [6ae4c038],eax 0167:6ae44466 8b ?db 8b 0167:6ae44467 45 inc ebp 0167:6ae44468 14 ?db 14 -------------------- 016f:013aff38 0167:00403255 DEBIAN-SVN45063.EXE:.text+0x2255 (00441f5c,00000402,00002af8,00000000, 00000000,00000000,00000000,00000000) 0167:00403230 8b459c mov eax,dword ptr [ebp-64] 0167:00403233 8945a0 mov dword ptr [ebp-60],eax 0167:00403236 83ec0c sub esp,+0c 0167:00403239 6800c04000 push 0040c000 0167:0040323e 6840f84000 push 0040f840 0167:00403243 6800d04200 push 0042d000 0167:00403248 6800040000 push 00000400 0167:0040324d ff75dc push dword ptr [ebp-24] 0167:00403250 8b45a0 mov eax,dword ptr [ebp-60] 0167:00403253 ffd0 call eax DEBIAN-SVN45063.EXE:.text+0x2255: *0167:00403255 83c420 add esp,+20 0167:00403258 eb13 jmp 0040326d = DEBIAN-SVN45063.EXE:.text+0x226d 0167:0040325a 83ec08 sub esp,+08 0167:0040325d ffb574ffffff push dword ptr [ebp-0000008c] 0167:00403263 6af7 push -09 0167:00403265 e8dc470000 call 00407a46 = DEBIAN-SVN45063.EXE:.text+0x6a46 0167:0040326a 83c408 add esp,+08 0167:0040326d 837dc800 cmp dword ptr [ebp-38],+00 0167:00403271 752f jnz 004032a2 = DEBIAN-SVN45063.EXE:.text+0x22a2 0167:00403273 83ec0c sub esp,+0c 0167:00403276 ffb56cffffff push dword ptr [ebp-00000094] -------------------- 016f:013aff68 0167:00401874 DEBIAN-SVN45063.EXE:.text+0x874 (000000dd,00000534,013affbc,bffc05b4, bff79198,ffffffff,013affcc,00440318) 0167:00401853 e9e4000000 jmp 0040193c = DEBIAN-SVN45063.EXE:.text+0x93c 0167:00401858 83ec0c sub esp,+0c 0167:0040185b 8b5508 mov edx,dword ptr [ebp+08] 0167:0040185e 89d0 mov eax,edx 0167:00401860 c1e003 shl eax,03 0167:00401863 29d0 sub eax,edx 0167:00401865 c1e002 shl eax,02 0167:00401868 0305a0944200 add eax,dword ptr [004294a0] 0167:0040186e 50 push eax 0167:0040186f e8e6020000 call 00401b5a = DEBIAN-SVN45063.EXE:.text+0xb5a DEBIAN-SVN45063.EXE:.text+0x874: *0167:00401874 83c40c add esp,+0c 0167:00401877 8945fc mov dword ptr [ebp-04],eax 0167:0040187a 817dfcffffff7f cmp dword ptr [ebp-04],7fffffff 0167:00401881 750c jnz 0040188f = DEBIAN-SVN45063.EXE:.text+0x88f 0167:00401883 c745f4ffffff7f mov dword ptr [ebp-0c],7fffffff 0167:0040188a e9ad000000 jmp 0040193c = DEBIAN-SVN45063.EXE:.text+0x93c 0167:0040188f 8b45fc mov eax,dword ptr [ebp-04] 0167:00401892 8945f0 mov dword ptr [ebp-10],eax 0167:00401895 837dfc00 cmp dword ptr [ebp-04],+00 0167:00401899 791d jns 004018b8 = DEBIAN-SVN45063.EXE:.text+0x8b8 0167:0040189b 83ec0c sub esp,+0c -------------------- 016f:013aff98 0167:00407bd7 DEBIAN-SVN45063.EXE:.text+0x6bd7 (00000534,818359c8,00000008,818342e4, 00000007,013affa4,013aeb10,ffffffff) 0167:00407bb9 8b45f4 mov eax,dword ptr [ebp-0c] 0167:00407bbc 8b4008 mov eax,dword ptr [eax+08] 0167:00407bbf 83e001 and eax,+01 0167:00407bc2 85c0 test eax,eax 0167:00407bc4 7420 jz 00407be6 = DEBIAN-SVN45063.EXE:.text+0x6be6 0167:00407bc6 83ec08 sub esp,+08 0167:00407bc9 ff75f8 push dword ptr [ebp-08] 0167:00407bcc 8b45f4 mov eax,dword ptr [ebp-0c] 0167:00407bcf ff700c push dword ptr [eax+0c] 0167:00407bd2 e8499cffff call 00401820 = DEBIAN-SVN45063.EXE:.text+0x820 DEBIAN-SVN45063.EXE:.text+0x6bd7: *0167:00407bd7 83c408 add esp,+08 0167:00407bda 85c0 test eax,eax 0167:00407bdc 7408 jz 00407be6 = DEBIAN-SVN45063.EXE:.text+0x6be6 0167:00407bde ff053c944200 inc dword ptr [0042943c] 0167:00407be4 eb0b jmp 00407bf1 = DEBIAN-SVN45063.EXE:.text+0x6bf1 0167:00407be6 8d45f4 lea eax,[ebp-0c] 0167:00407be9 810018040000 add dword ptr [eax],00000418 0167:00407bef ebbd jmp 00407bae = DEBIAN-SVN45063.EXE:.text+0x6bae 0167:00407bf1 83ec0c sub esp,+0c 0167:00407bf4 6804040000 push 00000404 0167:00407bf9 e8eddaffff call 004056eb = DEBIAN-SVN45063.EXE:.text+0x46eb -------------------- 016f:013affcc 0167:bff88f20 KERNEL32!ThreadStartup -- stack dump -- 013aece0 61616161 013aece4 41616161 013aece8 61416161 013aecec 41416141 013aecf0 61616161 013aecf4 61614161 ... 013aecfc 61616161 013aed00 42494c2d 013aed04 57434347 013aed08 452d3233 013aed0c 2d332d48 013aed10 4a4c4a53 013aed14 4854472d 013aed18 494d2d52 013aed1c 3357474e 013aed20 00000032 013aed24 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 013aed28 013aedf8 -> 18 ee 3a 01 c9 80 e4 6a 00 00 00 00 00 00 00 00 ..:....j........ 013aed2c 6ae47dcc = NSISDL.DLL:.text+0x6dcc -------------------- 0167:6ae47d9b 41 inc ecx 0167:6ae47d9c c745a441414141 mov dword ptr [ebp-5c],41414141 0167:6ae47da3 c745a841414141 mov dword ptr [ebp-58],41414141 0167:6ae47daa c745ac41414141 mov dword ptr [ebp-54],41414141 0167:6ae47db1 c745b041414141 mov dword ptr [ebp-50],41414141 0167:6ae47db8 c745b441414141 mov dword ptr [ebp-4c],41414141 0167:6ae47dbf 668945d8 mov word ptr [ebp-28],ax 0167:6ae47dc3 8d7d98 lea edi,[ebp-68] 0167:6ae47dc6 57 push edi 0167:6ae47dc7 e8a40e0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA NSISDL.DLL:.text+0x6dcc: *0167:6ae47dcc 83c40c add esp,+0c 0167:6ae47dcf 6685c0 test ax,ax 0167:6ae47dd2 0f8577010000 jnz 6ae47f4f = NSISDL.DLL:.text+0x6f4f 0167:6ae47dd8 83ec0c sub esp,+0c 0167:6ae47ddb 6a54 push +54 0167:6ae47ddd e80e0e0000 call 6ae48bf0 = MSVCRT.DLL!malloc 0167:6ae47de2 83c410 add esp,+10 0167:6ae47de5 89c6 mov esi,eax 0167:6ae47de7 85c0 test eax,eax 0167:6ae47de9 0f84a1010000 jz 6ae47f90 = NSISDL.DLL:.text+0x6f90 0167:6ae47def 53 push ebx -------------------- 013aed30 80006dd8 -> 01 00 00 00 fc f3 00 bf 40 0e 00 00 00 00 0f 00 ........@....... 013aed34 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 013aed38 013aedf8 -> 18 ee 3a 01 c9 80 e4 6a 00 00 00 00 00 00 00 00 ..:....j........ 013aed3c 6ae47f59 = NSISDL.DLL:.text+0x6f59 -------------------- 0167:6ae47f35 57 push edi 0167:6ae47f36 e8350d0000 call 6ae48c70 = KERNEL32.DLL!FindAtomA 0167:6ae47f3b 83c40c add esp,+0c 0167:6ae47f3e 25ffff0000 and eax,0000ffff 0167:6ae47f43 e858fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 0167:6ae47f48 83c410 add esp,+10 0167:6ae47f4b 89c6 mov esi,eax 0167:6ae47f4d eb0c jmp 6ae47f5b = NSISDL.DLL:.text+0x6f5b 0167:6ae47f4f 25ffff0000 and eax,0000ffff 0167:6ae47f54 e847fdffff call 6ae47ca0 = NSISDL.DLL:.text+0x6ca0 NSISDL.DLL:.text+0x6f59: *0167:6ae47f59 89c6 mov esi,eax 0167:6ae47f5b 8d4604 lea eax,[esi+04] 0167:6ae47f5e 89358045e56a mov dword ptr [6ae54580],esi 0167:6ae47f64 a37045e56a mov dword ptr [6ae54570],eax 0167:6ae47f69 8d4608 lea eax,[esi+08] 0167:6ae47f6c a39045e56a mov dword ptr [6ae54590],eax 0167:6ae47f71 8d65f4 lea esp,[ebp-0c] 0167:6ae47f74 5b pop ebx 0167:6ae47f75 5e pop esi 0167:6ae47f76 5f pop edi 0167:6ae47f77 5d pop ebp -------------------- 013aed40 00000000 ... 013aed90 41414141 ... 013aedb0 42494c2d 013aedb4 57434347 013aedb8 452d3233 013aedbc 2d332d48 013aedc0 4a4c4a53 013aedc4 4854472d 013aedc8 494d2d52 013aedcc 3357474e 013aedd0 00000032 013aedd4 00000000 ... 013aedec 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 013aedf0 00000008 013aedf4 013aee7c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013aedf8 013aee18 -> b8 fc 3a 01 29 44 e4 6a 7c ee 3a 01 00 00 00 00 ..:.)D.j|.:..... 013aedfc 6ae480c9 = NSISDL.DLL:.text+0x70c9 -------------------- 0167:6ae480b4 8b4228 mov eax,dword ptr [edx+28] 0167:6ae480b7 8907 mov dword ptr [edi],eax 0167:6ae480b9 897a28 mov dword ptr [edx+28],edi 0167:6ae480bc 8d65f4 lea esp,[ebp-0c] 0167:6ae480bf 5b pop ebx 0167:6ae480c0 5e pop esi 0167:6ae480c1 5f pop edi 0167:6ae480c2 5d pop ebp 0167:6ae480c3 c3 retd 0167:6ae480c4 e857fcffff call 6ae47d20 = NSISDL.DLL:.text+0x6d20 NSISDL.DLL:.text+0x70c9: *0167:6ae480c9 8b158045e56a mov edx,dword ptr [6ae54580] 0167:6ae480cf 8b422c mov eax,dword ptr [edx+2c] 0167:6ae480d2 85c0 test eax,eax 0167:6ae480d4 79d7 jns 6ae480ad = NSISDL.DLL:.text+0x70ad 0167:6ae480d6 e825ffffff call 6ae48000 = NSISDL.DLL:.text+0x7000 0167:6ae480db 8b158045e56a mov edx,dword ptr [6ae54580] 0167:6ae480e1 8b722c mov esi,dword ptr [edx+2c] 0167:6ae480e4 85f6 test esi,esi 0167:6ae480e6 74cc jz 6ae480b4 = NSISDL.DLL:.text+0x70b4 0167:6ae480e8 8b5a30 mov ebx,dword ptr [edx+30] 0167:6ae480eb e8c00b0000 call 6ae48cb0 = KERNEL32.DLL!GetLastError -------------------- 013aee00 00000000 ... 013aee0c 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 013aee10 00000008 013aee14 818359c8 -> 07 00 00 00 d0 46 4f c1 d8 ea 3a 01 00 00 3b 01 .....FO...:...;. 013aee18 013afcb8 -> 38 ff 3a 01 55 32 40 00 04 04 00 00 00 04 00 00 8.:.U2@......... 013aee1c 6ae44429 = NSISDL.DLL:.text+0x3429 -------------------- 0167:6ae44407 f1 int 1 0167:6ae44408 ff ?db ff 0167:6ae44409 ff8d55e88910 dec dword ptr [ebp+1089e855] 0167:6ae4440f ba454be46a mov edx,6ae44b45 0167:6ae44414 895004 mov dword ptr [eax+04],edx 0167:6ae44417 896008 mov dword ptr [eax+08],esp 0167:6ae4441a 8d85c4f1ffff lea eax,[ebp-00000e3c] 0167:6ae44420 83ec0c sub esp,+0c 0167:6ae44423 50 push eax 0167:6ae44424 e8673c0000 call 6ae48090 = NSISDL.DLL:.text+0x7090 NSISDL.DLL:.text+0x3429: *0167:6ae44429 83c410 add esp,+10 0167:6ae4442c c785e4f3ffff00000000 mov dword ptr [ebp-00000c1c],00000000 0167:6ae44436 c785e0f3ffff30750000 mov dword ptr [ebp-00000c20],00007530 0167:6ae44440 c785dcf3ffff01000000 mov dword ptr [ebp-00000c24],00000001 0167:6ae4444a c785d8f3ffff00000000 mov dword ptr [ebp-00000c28],00000000 0167:6ae44454 c785d4f3ffff00000000 mov dword ptr [ebp-00000c2c],00000000 0167:6ae4445e 8b450c mov eax,dword ptr [ebp+0c] 0167:6ae44461 a338c0e46a mov dword ptr [6ae4c038],eax 0167:6ae44466 8b ?db 8b 0167:6ae44467 45 inc ebp 0167:6ae44468 14 ?db 14 -------------------- 013aee20 013aee7c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013aee24 00000000 ... 013aee94 6ae45bb0 = NSISDL.DLL:.text+0x4bb0 -> 55 89 e5 57 56 53 81 ec ac 00 00 00 8d 45 e8 89 U..WVS.......E.. 013aee98 6ae48e54 = NSISDL.DLL:.text+0x7e54 -> ff ff 01 02 00 00 00 00 ff 00 0d 01 04 00 00 01 ................ 013aee9c 013afca0 -> 0b 94 f9 bf 00 50 e5 6a 00 00 00 00 e4 42 83 81 .....P.j.....B.. 013aeea0 6ae44b45 = NSISDL.DLL:.text+0x3b45 -> 8d 6d 18 8b 95 cc f1 ff ff 89 95 b0 f1 ff ff 8b .m.............. 013aeea4 013aee30 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013aeea8 00000000 ... 013af428 81d164d4 -> 09 04 00 00 e4 04 00 00 00 00 00 00 ce 93 d2 81 ................ 013af42c 00000200 013af430 00000000 013af434 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 013af438 00000000 ... 013af440 00000100 013af444 013afa40 -> 67 a5 f7 bf 00 b0 80 81 40 00 00 00 00 00 00 00 g.......@....... 013af448 000164d4 013af44c 013af480 -> d8 f4 3a 01 44 ee 00 78 00 00 00 00 00 02 00 00 ..:.D..x........ 013af450 bff7bd5f = KERNEL32.DLL:.text+0x2d5f -------------------- 0167:bff7bd44 eb2b jmp bff7bd71 = KERNEL32.DLL:.text+0x2d71 0167:bff7bd46 bf01000000 mov edi,00000001 0167:bff7bd4b ff75fc push dword ptr [ebp-04] 0167:bff7bd4e 57 push edi 0167:bff7bd4f ff751c push dword ptr [ebp+1c] 0167:bff7bd52 ff7518 push dword ptr [ebp+18] 0167:bff7bd55 50 push eax 0167:bff7bd56 ff7510 push dword ptr [ebp+10] 0167:bff7bd59 56 push esi 0167:bff7bd5a e81b000000 call bff7bd7a = KERNEL32.DLL:.text+0x2d7a KERNEL32.DLL:.text+0x2d5f: *0167:bff7bd5f eb10 jmp bff7bd71 = KERNEL32.DLL:.text+0x2d71 0167:bff7bd61 68ec030000 push 000003ec 0167:bff7bd66 eb02 jmp bff7bd6a = KERNEL32.DLL:.text+0x2d6a 0167:bff7bd68 6a57 push +57 0167:bff7bd6a e863420000 call bff7ffd2 = KERNEL32.DLL!SetLastError 0167:bff7bd6f 33c0 xor eax,eax 0167:bff7bd71 5f pop edi 0167:bff7bd72 5e pop esi 0167:bff7bd73 5b pop ebx 0167:bff7bd74 8be5 mov esp,ebp 0167:bff7bd76 5d pop ebp -------------------- 013af454 81d164d4 -> 09 04 00 00 e4 04 00 00 00 00 00 00 ce 93 d2 81 ................ 013af458 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af45c 00000100 013af460 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 013af464 00000100 013af468 00000000 ... 013af474 00000100 013af478 000004e4 013af47c 00000000 013af480 013af4d8 -> 54 fa 3a 01 67 42 00 78 00 00 00 00 00 02 00 00 T.:.gB.x........ 013af484 7800ee44 = MSVCRT.DLL:.text+0xde44 -------------------- 0167:7800ee1b 747d jz 7800ee9a = MSVCRT.DLL:.text+0xde9a 0167:7800ee1d c705e0ab037802000000 mov dword ptr [7803abe0],00000002 0167:7800ee27 e9e254ffff jmp 7800430e = MSVCRT.DLL:.text+0x330e 0167:7800ee2c ff751c push dword ptr [ebp+1c] 0167:7800ee2f ff7518 push dword ptr [ebp+18] 0167:7800ee32 ff7514 push dword ptr [ebp+14] 0167:7800ee35 ff7510 push dword ptr [ebp+10] 0167:7800ee38 ff750c push dword ptr [ebp+0c] 0167:7800ee3b ff7508 push dword ptr [ebp+08] 0167:7800ee3e ff1500110378 call dword ptr [78031100] -> KERNEL32.DLL!LCMapStringA MSVCRT.DLL:.text+0xde44: *0167:7800ee44 e90056ffff jmp 78004449 = MSVCRT.DLL:.text+0x3449 0167:7800ee49 a154a10378 mov eax,dword ptr [7803a154] 0167:7800ee4e 894520 mov dword ptr [ebp+20],eax 0167:7800ee51 e9ed54ffff jmp 78004343 = MSVCRT.DLL:.text+0x3343 0167:7800ee56 6a01 push +01 0167:7800ee58 58 pop eax 0167:7800ee59 c3 retd 0167:7800ee5a 8b65e8 mov esp,dword ptr [ebp-18] 0167:7800ee5d 33ff xor edi,edi 0167:7800ee5f 897ddc mov dword ptr [ebp-24],edi 0167:7800ee62 834dfcff or dword ptr [ebp-04],-01 -------------------- 013af488 00000000 013af48c 00000200 013af490 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af494 00000100 013af498 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 013af49c 00000100 013af4a0 7803a9bc = MSVCRT.DLL:.data+0x29bc -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af4a4 00000100 013af4a8 000004e4 013af4ac 00000100 013af4b0 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af4b4 00000100 013af4b8 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 013af4bc 00000100 013af4c0 013af4a0 -> bc a9 03 78 00 01 00 00 e4 04 00 00 00 01 00 00 ...x............ 013af4c4 00000100 013af4c8 013afc4c -> 01 00 00 00 b4 05 fc bf 0c 5a 83 81 00 00 00 00 .........Z...... 013af4cc 7800e9bc = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 013af4d0 780313c8 = MSVCRT.DLL:.rdata+0x3c8 -> ff ff ff ff 56 ee 00 78 5a ee 00 78 ff ff ff ff ....V..xZ..x.... 013af4d4 ffffffff 013af4d8 013afa54 -> 00 fc 82 81 84 fa 3a 01 cc 2a f9 bf f0 6e 83 81 ......:..*...n.. 013af4dc 78004267 = MSVCRT.DLL:.text+0x3267 -------------------- 0167:78004241 8d85ecfcffff lea eax,[ebp-00000314] 0167:78004247 ff35a8a90378 push dword ptr [7803a9a8] 0167:7800424d 56 push esi 0167:7800424e 50 push eax 0167:7800424f 8d85ecfeffff lea eax,[ebp-00000114] 0167:78004255 56 push esi 0167:78004256 50 push eax 0167:78004257 6800020000 push 00000200 0167:7800425c ff35c4aa0378 push dword ptr [7803aac4] 0167:78004262 e851000000 call 780042b8 = MSVCRT.DLL!__crtLCMapStringA MSVCRT.DLL:.text+0x3267: *0167:78004267 83c45c add esp,+5c 0167:7800426a 33c0 xor eax,eax 0167:7800426c 8d8decfaffff lea ecx,[ebp-00000514] 0167:78004272 eb2b jmp 7800429f = MSVCRT.DLL:.text+0x329f 0167:78004274 8088c1a9037810 or byte ptr [eax+7803a9c1],10 0167:7800427b 8a9405ecfdffff mov dl,byte ptr [ebp+eax-00000214] 0167:78004282 eb0e jmp 78004292 = MSVCRT.DLL:.text+0x3292 0167:78004284 8088c1a9037820 or byte ptr [eax+7803a9c1],20 0167:7800428b 8a9405ecfcffff mov dl,byte ptr [ebp+eax-00000314] 0167:78004292 8890e0aa0378 mov byte ptr [eax+7803aae0],dl 0167:78004298 40 inc eax -------------------- 013af4e0 00000000 013af4e4 00000200 013af4e8 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af4ec 00000100 013af4f0 013af740 -> 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 0c 0d 0e 0f X_..l_...1O..... 013af4f4 00000100 013af4f8 000004e4 013af4fc 00000000 ... 013af504 00000100 013af508 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af50c 00000100 013af510 013af840 -> 00 00 00 00 20 9b c0 70 c4 00 00 00 f0 f8 3a 01 .... ..p......:. 013af514 00000100 013af518 000004e4 013af51c 00000000 013af520 00000001 013af524 013af940 -> 00 00 00 76 00 00 00 00 77 69 6e 69 6e 65 74 2e ...v....wininet. 013af528 00000100 013af52c 013af540 -> 48 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 H. . . . . . . . 013af530 000004e4 013af534 00000000 ... 013af53c 00000001 013af540 00200048 013af544 00200020 ... 013af550 00680020 013af554 00280028 ... 013af55c 00200020 ... 013af580 00100048 013af584 7629de2d = WININET.DLL!InternetSetOptionW -> 55 8b ec 51 51 8b 45 0c 53 56 57 33 db 33 ff 33 U..QQ.E.SVW3.3.3 013af588 000000fa 013af58c 013af7e0 -> 00 00 06 60 e2 13 f7 bf 81 62 07 00 6c f8 3a 01 ...`.....b..l.:. 013af590 00000011 013af594 00000000 013af598 bff86b28 = KERNEL32.DLL:.text+0xdb28 -------------------- 0167:bff86b0b 50 push eax 0167:bff86b0c e8cda6feff call bff711de = KERNEL32.DLL:_FREQASM+0x1de 0167:bff86b11 eb0a jmp bff86b1d = KERNEL32.DLL:.text+0xdb1d 0167:bff86b13 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff86b16 3818 cmp byte ptr [eax],bl 0167:bff86b18 7503 jnz bff86b1d = KERNEL32.DLL:.text+0xdb1d 0167:bff86b1a 8858ff mov byte ptr [eax-01],bl 0167:bff86b1d a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff86b22 50 push eax 0167:bff86b23 e88cd6feff call bff741b4 = KERNEL32.DLL!97 KERNEL32.DLL:.text+0xdb28: *0167:bff86b28 8d85ecfeffff lea eax,[ebp-00000114] 0167:bff86b2e 50 push eax 0167:bff86b2f e87d74ffff call bff7dfb1 = KERNEL32.DLL:.text+0x4fb1 0167:bff86b34 50 push eax 0167:bff86b35 e8f16effff call bff7da2b = KERNEL32.DLL:.text+0x4a2b 0167:bff86b3a 8bf0 mov esi,eax 0167:bff86b3c a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff86b41 50 push eax 0167:bff86b42 e8a6d6feff call bff741ed = KERNEL32.DLL!98 0167:bff86b47 85f6 test esi,esi 0167:bff86b49 7507 jnz bff86b52 = KERNEL32.DLL:.text+0xdb52 -------------------- 013af59c 013af6e0 -> bf ed 29 76 d4 f0 2d 76 01 00 00 00 01 00 00 00 ..)v..-v........ 013af5a0 bff7dfbf = KERNEL32.DLL:.text+0x4fbf -------------------- 0167:bff7dfab 85c0 test eax,eax 0167:bff7dfad 75f4 jnz bff7dfa3 = KERNEL32.DLL:.text+0x4fa3 0167:bff7dfaf ebb1 jmp bff7df62 = KERNEL32.DLL:.text+0x4f62 0167:bff7dfb1 53 push ebx 0167:bff7dfb2 56 push esi 0167:bff7dfb3 8b5c240c mov ebx,dword ptr [esp+0c] 0167:bff7dfb7 57 push edi 0167:bff7dfb8 55 push ebp 0167:bff7dfb9 53 push ebx 0167:bff7dfba e8b131ffff call bff71170 = KERNEL32.DLL:_FREQASM+0x170 KERNEL32.DLL:.text+0x4fbf: *0167:bff7dfbf 8bd0 mov edx,eax 0167:bff7dfc1 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff7dfc6 8b08 mov ecx,dword ptr [eax] 0167:bff7dfc8 8b414c mov eax,dword ptr [ecx+4c] 0167:bff7dfcb 85c0 test eax,eax 0167:bff7dfcd 0f8493000000 jz bff7e066 = KERNEL32.DLL:.text+0x5066 0167:bff7dfd3 8b35249cfcbf mov esi,dword ptr [bffc9c24] 0167:bff7dfd9 0fbf4810 movsx ecx,word ptr [eax+10] 0167:bff7dfdd 8b2c8e mov ebp,dword ptr [esi+ecx*4] 0167:bff7dfe0 0fb74d16 movzx ecx,word ptr [ebp+16] 0167:bff7dfe4 3bca cmp ecx,edx -------------------- 013af5a4 013af5cc -> 4b 45 52 4e 45 4c 33 32 2e 44 4c 4c 00 01 01 01 KERNEL32.DLL.... 013af5a8 013af6e0 -> bf ed 29 76 d4 f0 2d 76 01 00 00 00 01 00 00 00 ..)v..-v........ 013af5ac 00000000 013af5b0 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013af5b4 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af5b8 bff86b47 = KERNEL32.DLL:.text+0xdb47 -------------------- 0167:bff86b23 e88cd6feff call bff741b4 = KERNEL32.DLL!97 0167:bff86b28 8d85ecfeffff lea eax,[ebp-00000114] 0167:bff86b2e 50 push eax 0167:bff86b2f e87d74ffff call bff7dfb1 = KERNEL32.DLL:.text+0x4fb1 0167:bff86b34 50 push eax 0167:bff86b35 e8f16effff call bff7da2b = KERNEL32.DLL:.text+0x4a2b 0167:bff86b3a 8bf0 mov esi,eax 0167:bff86b3c a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff86b41 50 push eax 0167:bff86b42 e8a6d6feff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:.text+0xdb47: *0167:bff86b47 85f6 test esi,esi 0167:bff86b49 7507 jnz bff86b52 = KERNEL32.DLL:.text+0xdb52 0167:bff86b4b 6a7e push +7e 0167:bff86b4d e84e5effff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff86b52 85ff test edi,edi 0167:bff86b54 7416 jz bff86b6c = KERNEL32.DLL:.text+0xdb6c 0167:bff86b56 53 push ebx 0167:bff86b57 ff75fc push dword ptr [ebp-04] 0167:bff86b5a e8a16c0100 call bff9d800 = KERNEL32.DLL:.text+0x24800 0167:bff86b5f a1e09cfcbf mov eax,dword ptr [bffc9ce0] 0167:bff86b64 8b08 mov ecx,dword ptr [eax] -------------------- 013af5bc bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af5c0 00000001 013af5c4 bff842b1 = KERNEL32.DLL!InitializeCriticalSection -------------------- 0167:bff84297 75e8 jnz bff84281 = KERNEL32.DLL:.text+0xb281 0167:bff84299 b801000000 mov eax,00000001 0167:bff8429e c60700 mov byte ptr [edi],00 0167:bff842a1 eb09 jmp bff842ac = KERNEL32.DLL:.text+0xb2ac 0167:bff842a3 6a57 push +57 0167:bff842a5 e828bdffff call bff7ffd2 = KERNEL32.DLL!SetLastError 0167:bff842aa 33c0 xor eax,eax 0167:bff842ac 5f pop edi 0167:bff842ad 5e pop esi 0167:bff842ae c20800 retd 0008 KERNEL32.DLL!InitializeCriticalSection: *0167:bff842b1 55 push ebp 0167:bff842b2 8bec mov ebp,esp 0167:bff842b4 56 push esi 0167:bff842b5 8b4508 mov eax,dword ptr [ebp+08] 0167:bff842b8 8b10 mov edx,dword ptr [eax] 0167:bff842ba 8910 mov dword ptr [eax],edx 0167:bff842bc a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff842c1 50 push eax 0167:bff842c2 e8edfefeff call bff741b4 = KERNEL32.DLL!97 0167:bff842c7 ff7508 push dword ptr [ebp+08] 0167:bff842ca e892d0ffff call bff81361 = KERNEL32.DLL:.text+0x8361 -------------------- 013af5c8 00000000 013af5cc 4e52454b 013af5d0 32334c45 013af5d4 4c4c442e 013af5d8 01010100 013af5dc 01010101 ... 013af5f4 00100101 013af5f8 00100010 ... 013af600 01820010 013af604 01820182 ... 013af60c bff713ee = KERNEL32.DLL:_FREQASM+0x3ee -------------------- 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3ee: *0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 0167:bff71414 55 push ebp 0167:bff71415 53 push ebx -------------------- 013af610 00000167 013af614 bff7eaf9 = KERNEL32.DLL:.text+0x5af9 -------------------- 0167:bff7eade c1e710 shl edi,10 0167:bff7eae1 015dfc add dword ptr [ebp-04],ebx 0167:bff7eae4 097dfc or dword ptr [ebp-04],edi 0167:bff7eae7 015df8 add dword ptr [ebp-08],ebx 0167:bff7eaea ff7518 push dword ptr [ebp+18] 0167:bff7eaed ff75fc push dword ptr [ebp-04] 0167:bff7eaf0 56 push esi 0167:bff7eaf1 6a01 push +01 0167:bff7eaf3 ff75f8 push dword ptr [ebp-08] 0167:bff7eaf6 ff551c call dword ptr [ebp+1c] KERNEL32.DLL:.text+0x5af9: *0167:bff7eaf9 5f pop edi 0167:bff7eafa 5e pop esi 0167:bff7eafb 5b pop ebx 0167:bff7eafc 8be5 mov esp,ebp 0167:bff7eafe 5d pop ebp 0167:bff7eaff c21800 retd 0018 0167:bff7eb02 8b442404 mov eax,dword ptr [esp+04] 0167:bff7eb06 8b4c2408 mov ecx,dword ptr [esp+08] 0167:bff7eb0a 3bc1 cmp eax,ecx 0167:bff7eb0c 7308 jnc bff7eb16 = KERNEL32.DLL:.text+0x5b16 0167:bff7eb0e 8b10 mov edx,dword ptr [eax] -------------------- 013af618 000762e1 013af61c bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 0167:bff713c5 c20400 retd 0004 0167:bff713c8 33c0 xor eax,eax 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3e2: *0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 013af620 00000167 013af624 bff916bb = KERNEL32.DLL:.text+0x186bb -------------------- 0167:bff91699 8d4e14 lea ecx,[esi+14] 0167:bff9169c c745f480000000 mov dword ptr [ebp-0c],00000080 0167:bff916a3 50 push eax 0167:bff916a4 51 push ecx 0167:bff916a5 6a00 push +00 0167:bff916a7 6a00 push +00 0167:bff916a9 688094f7bf push bff79480 0167:bff916ae ff75f8 push dword ptr [ebp-08] 0167:bff916b1 681a000100 push 0001001a 0167:bff916b6 e819fdfdff call bff713d4 = KERNEL32.DLL!1 KERNEL32.DLL:.text+0x186bb: *0167:bff916bb ff75f8 push dword ptr [ebp-08] 0167:bff916be 6813000100 push 00010013 0167:bff916c3 85c0 test eax,eax 0167:bff916c5 7464 jz bff9172b = KERNEL32.DLL:.text+0x1872b 0167:bff916c7 e808fdfdff call bff713d4 = KERNEL32.DLL!1 0167:bff916cc 6a00 push +00 0167:bff916ce 8d4614 lea eax,[esi+14] 0167:bff916d1 6880000000 push 00000080 0167:bff916d6 50 push eax 0167:bff916d7 e855fafdff call bff71131 = KERNEL32.DLL:_FREQASM+0x131 0167:bff916dc 813e9c000000 cmp dword ptr [esi],0000009c -------------------- 013af628 c29e5320 -> 00 00 00 00 00 00 00 00 a0 13 9a c2 06 00 00 00 ................ 013af62c bff79480 = KERNEL32.DLL:.text+0x480 -> 53 75 62 56 65 72 73 69 6f 6e 4e 75 6d 62 65 72 SubVersionNumber 013af630 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 0167:bff713c5 c20400 retd 0004 0167:bff713c8 33c0 xor eax,eax 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3e2: *0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 013af634 013af674 -> 00 00 44 00 90 0a f8 00 40 00 00 00 00 00 00 00 ..D.....@....... 013af638 000d314c 013af63c 81836e94 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 013af640 00000024 013af644 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 013af648 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 013af64c 013af68c -> b4 f6 3a 01 50 a5 f7 bf 00 00 44 00 67 a5 f7 bf ..:.P.....D.g... 013af650 00000020 013af654 00f80a90 -> 40 00 00 a0 c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff @.....-v..-v.... 013af658 00000040 013af65c bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 013af660 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 013af664 00f80ad0 -> 21 00 00 a0 1c 00 44 00 4c 03 54 00 00 00 00 00 !.....D.L.T..... 013af668 00000020 013af66c 00000000 013af670 0044000c -> 01 00 00 a0 ec 0f 54 00 e8 47 45 00 80 00 00 00 ......T..GE..... 013af674 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 013af678 00f80a90 -> 40 00 00 a0 c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff @.....-v..-v.... 013af67c 00000040 013af680 00000000 013af684 00000f80 013af688 00000f81 013af68c 013af6b4 -> d8 f6 3a 01 98 b4 f7 bf 00 00 44 00 d5 b4 f7 bf ..:.......D..... 013af690 bff7a550 = KERNEL32.DLL:.text+0x1550 -------------------- 0167:bff7a532 8b4604 mov eax,dword ptr [esi+04] 0167:bff7a535 8b4dfc mov ecx,dword ptr [ebp-04] 0167:bff7a538 894104 mov dword ptr [ecx+04],eax 0167:bff7a53b 894e04 mov dword ptr [esi+04],ecx 0167:bff7a53e e953ffffff jmp bff7a496 = KERNEL32.DLL:.text+0x1496 0167:bff7a543 ff7510 push dword ptr [ebp+10] 0167:bff7a546 ff750c push dword ptr [ebp+0c] 0167:bff7a549 53 push ebx 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 KERNEL32.DLL:.text+0x1550: *0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 -------------------- 013af694 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 013af698 bff7a567 = KERNEL32.DLL:.text+0x1567 -------------------- 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x1567: *0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 0167:bff7a56e e82d240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a573 eb18 jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a575 6a08 push +08 0167:bff7a577 e824240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a57c eb0f jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a57e 6a10 push +10 0167:bff7a580 ff75fc push dword ptr [ebp-04] 0167:bff7a583 680a000100 push 0001000a -------------------- 013af69c 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 013af6a0 00000041 ... 013af6a8 00000000 ... 013af6b0 013af6dc -> 94 0a f8 00 bf ed 29 76 d4 f0 2d 76 01 00 00 00 ......)v..-v.... 013af6b4 013af6d8 -> 98 6e 83 81 94 0a f8 00 bf ed 29 76 d4 f0 2d 76 .n........)v..-v 013af6b8 bff7b498 = KERNEL32.DLL:.text+0x2498 -------------------- 0167:bff7b476 8d7e02 lea edi,[esi+02] 0167:bff7b479 c70700000000 mov dword ptr [edi],00000000 0167:bff7b47f eb42 jmp bff7b4c3 = KERNEL32.DLL:.text+0x24c3 0167:bff7b481 83cf01 or edi,+01 0167:bff7b484 8b0de49cfcbf mov ecx,dword ptr [bffc9ce4] 0167:bff7b48a 57 push edi 0167:bff7b48b 8b11 mov edx,dword ptr [ecx] 0167:bff7b48d ff750c push dword ptr [ebp+0c] 0167:bff7b490 ff7218 push dword ptr [edx+18] 0167:bff7b493 e8b2efffff call bff7a44a = KERNEL32.DLL:.text+0x144a KERNEL32.DLL:.text+0x2498: *0167:bff7b498 8bf8 mov edi,eax 0167:bff7b49a 85ff test edi,edi 0167:bff7b49c 7525 jnz bff7b4c3 = KERNEL32.DLL:.text+0x24c3 0167:bff7b49e 8b75fc mov esi,dword ptr [ebp-04] 0167:bff7b4a1 85db test ebx,ebx 0167:bff7b4a3 741c jz bff7b4c1 = KERNEL32.DLL:.text+0x24c1 0167:bff7b4a5 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff7b4aa 8b08 mov ecx,dword ptr [eax] 0167:bff7b4ac 8b5158 mov edx,dword ptr [ecx+58] 0167:bff7b4af 895602 mov dword ptr [esi+02],edx 0167:bff7b4b2 a1e49cfcbf mov eax,dword ptr [bffc9ce4] -------------------- 013af6bc 00440000 -> 00 10 10 00 00 00 78 00 20 00 00 00 01 00 00 a0 ......x. ....... 013af6c0 bff7b4d5 = KERNEL32.DLL:.text+0x24d5 -------------------- 0167:bff7b4b2 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff7b4b7 8b08 mov ecx,dword ptr [eax] 0167:bff7b4b9 897158 mov dword ptr [ecx+58],esi 0167:bff7b4bc 66c7064653 mov word ptr [esi],5346 0167:bff7b4c1 33ff xor edi,edi 0167:bff7b4c3 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff7b4c8 8b08 mov ecx,dword ptr [eax] 0167:bff7b4ca 8b5118 mov edx,dword ptr [ecx+18] 0167:bff7b4cd ff724c push dword ptr [edx+4c] 0167:bff7b4d0 e8198effff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee KERNEL32.DLL:.text+0x24d5: *0167:bff7b4d5 8bc7 mov eax,edi 0167:bff7b4d7 5f pop edi 0167:bff7b4d8 5e pop esi 0167:bff7b4d9 5b pop ebx 0167:bff7b4da 8be5 mov esp,ebp 0167:bff7b4dc 5d pop ebp 0167:bff7b4dd c20800 retd 0008 0167:bff7b4e0 33d2 xor edx,edx 0167:bff7b4e2 8b442404 mov eax,dword ptr [esp+04] 0167:bff7b4e6 803830 cmp byte ptr [eax],30 0167:bff7b4e9 7c17 jl bff7b502 = KERNEL32.DLL:.text+0x2502 -------------------- 013af6c4 81834b84 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af6c8 762df0d4 = WININET.DLL:.data+0xd4 -> 04 00 00 00 98 6e 83 81 00 00 00 00 00 00 00 00 .....n.......... 013af6cc 00000000 013af6d0 762df0c8 = WININET.DLL:.data+0xc8 -> 94 0a f8 00 94 0a f8 00 01 00 00 00 04 00 00 00 ................ 013af6d4 bff7b9c5 = KERNEL32.DLL:.text+0x29c5 -------------------- 0167:bff7b9a9 e81389ffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1 0167:bff7b9ae 5e pop esi 0167:bff7b9af c20400 retd 0004 0167:bff7b9b2 56 push esi 0167:bff7b9b3 8b742408 mov esi,dword ptr [esp+08] 0167:bff7b9b7 8a06 mov al,byte ptr [esi] 0167:bff7b9b9 3c04 cmp al,04 0167:bff7b9bb 7508 jnz bff7b9c5 = KERNEL32.DLL:.text+0x29c5 0167:bff7b9bd ff7604 push dword ptr [esi+04] 0167:bff7b9c0 e82989ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee KERNEL32.DLL:.text+0x29c5: *0167:bff7b9c5 5e pop esi 0167:bff7b9c6 c20400 retd 0004 0167:bff7b9c9 64a100000000 mov eax,dword ptr fs:[00000000] 0167:bff7b9cf 55 push ebp 0167:bff7b9d0 8bec mov ebp,esp 0167:bff7b9d2 6aff push -01 0167:bff7b9d4 685092f7bf push bff79250 0167:bff7b9d9 68b405fcbf push bffc05b4 0167:bff7b9de 50 push eax 0167:bff7b9df 8b4508 mov eax,dword ptr [ebp+08] 0167:bff7b9e2 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 013af6d8 81836e98 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af6dc 00f80a94 -> c8 f0 2d 76 c8 f0 2d 76 cb 0e fc ff 00 00 00 00 ..-v..-v........ 013af6e0 7629edbf = WININET.DLL:.text+0x1ddbf -------------------- 0167:7629ed94 8192000057ff15581128 adc dword ptr [edx+ff570000],28115815 0167:7629ed9e 76a1 jbe 7629ed41 = WININET.DLL:.text+0x1dd41 0167:7629eda0 c8f02d76 enter 2df0,76 0167:7629eda4 895e04 mov dword ptr [esi+04],ebx 0167:7629eda7 8906 mov dword ptr [esi],eax 0167:7629eda9 57 push edi 0167:7629edaa 897004 mov dword ptr [eax+04],esi 0167:7629edad ff05d0f02d76 inc dword ptr [762df0d0] 0167:7629edb3 8935c8f02d76 mov dword ptr [762df0c8],esi 0167:7629edb9 ff1550112876 call dword ptr [76281150] -> KERNEL32.DLL!LeaveCriticalSection WININET.DLL:.text+0x1ddbf: *0167:7629edbf 8bc6 mov eax,esi 0167:7629edc1 5f pop edi 0167:7629edc2 5e pop esi 0167:7629edc3 5d pop ebp 0167:7629edc4 5b pop ebx 0167:7629edc5 c20400 retd 0004 0167:7629edc8 57 push edi 0167:7629edc9 891dccf02d76 mov dword ptr [762df0cc],ebx 0167:7629edcf 891dc8f02d76 mov dword ptr [762df0c8],ebx 0167:7629edd5 ff1598112876 call dword ptr [76281198] -> KERNEL32.DLL!InitializeCriticalSection 0167:7629eddb 2135d0f02d76 and dword ptr [762df0d0],esi -------------------- 013af6e4 762df0d4 = WININET.DLL:.data+0xd4 -> 04 00 00 00 98 6e 83 81 00 00 00 00 00 00 00 00 .....n.......... 013af6e8 00000001 ... 013af6f0 013af71c -> f7 41 f7 bf 08 00 00 00 8b 69 f7 bf c0 94 fc bf .A.......i...... 013af6f4 00000000 013af6f8 762813f4 = WININET.DLL:.text+0x3f4 -------------------- 0167:762813c4 f38b442404 ? rep mov eax,dword ptr [esp+04] 0167:762813c9 6838f02d76 push 762df038 0167:762813ce a310f02d76 mov dword ptr [762df010],eax 0167:762813d3 e84ac60100 call 7629da22 = WININET.DLL:.text+0x1ca22 0167:762813d8 6818f02d76 push 762df018 0167:762813dd a30cf02d76 mov dword ptr [762df00c],eax 0167:762813e2 ff1598112876 call dword ptr [76281198] -> KERNEL32.DLL!InitializeCriticalSection 0167:762813e8 e877c60100 call 7629da64 = WININET.DLL:.text+0x1ca64 0167:762813ed 6a01 push +01 0167:762813ef e840d90100 call 7629ed34 = WININET.DLL:.text+0x1dd34 WININET.DLL:.text+0x3f4: *0167:762813f4 85c0 test eax,eax 0167:762813f6 74c3 jz 762813bb = WININET.DLL:.text+0x3bb 0167:762813f8 ebbe jmp 762813b8 = WININET.DLL:.text+0x3b8 0167:762813fa 33c0 xor eax,eax 0167:762813fc 394c240c cmp dword ptr [esp+0c],ecx 0167:76281400 c70508f02d7601000000 mov dword ptr [762df008],00000001 0167:7628140a 0f94c0 setz al 0167:7628140d 3bc1 cmp eax,ecx 0167:7628140f a33cf02d76 mov dword ptr [762df03c],eax 0167:76281414 7512 jnz 76281428 = WININET.DLL:.text+0x428 0167:76281416 e864e40100 call 7629f87f = WININET.DLL:.text+0x1e87f -------------------- 013af6fc 00000001 013af700 7628134f = WININET.DLL:.text+0x34f -------------------- 0167:76281336 56 push esi 0167:76281337 ff7508 push dword ptr [ebp+08] 0167:7628133a e807010000 call 76281446 = WININET.DLL:.text+0x446 0167:7628133f 8bf8 mov edi,eax 0167:76281341 85ff test edi,edi 0167:76281343 740c jz 76281351 = WININET.DLL:.text+0x351 0167:76281345 53 push ebx 0167:76281346 56 push esi 0167:76281347 ff7508 push dword ptr [ebp+08] 0167:7628134a e858000000 call 762813a7 = WININET.DLL:.text+0x3a7 WININET.DLL:.text+0x34f: *0167:7628134f 8bf8 mov edi,eax 0167:76281351 85f6 test esi,esi 0167:76281353 7416 jz 7628136b = WININET.DLL:.text+0x36b 0167:76281355 83fe03 cmp esi,+03 0167:76281358 7411 jz 7628136b = WININET.DLL:.text+0x36b 0167:7628135a 8bc7 mov eax,edi 0167:7628135c 5f pop edi 0167:7628135d 5e pop esi 0167:7628135e 5b pop ebx 0167:7628135f 5d pop ebp 0167:76281360 c20c00 retd 000c -------------------- 013af704 76280000 = WININET.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013af708 00000001 013af70c 00000000 ... 013af714 76280000 = WININET.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013af718 81835a0c -> 08 00 00 00 03 01 00 00 e7 2e 00 00 00 00 00 00 ................ 013af71c bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013af720 00000008 013af724 bff7698b = KERNEL32.DLL:_FREQASM+0x598b -------------------- 0167:bff76969 7512 jnz bff7697d = KERNEL32.DLL:_FREQASM+0x597d 0167:bff7696b a801 test al,01 0167:bff7696d 7520 jnz bff7698f = KERNEL32.DLL:_FREQASM+0x598f 0167:bff7696f 8b15bca0fcbf mov edx,dword ptr [bffca0bc] 0167:bff76975 8911 mov dword ptr [ecx],edx 0167:bff76977 890dbca0fcbf mov dword ptr [bffca0bc],ecx 0167:bff7697d a804 test al,04 0167:bff7697f 75d6 jnz bff76957 = KERNEL32.DLL:_FREQASM+0x5957 0167:bff76981 68c094fcbf push bffc94c0 0167:bff76986 e862d8ffff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:_FREQASM+0x598b: *0167:bff7698b c9 leave 0167:bff7698c c20400 retd 0004 0167:bff7698f 50 push eax 0167:bff76990 51 push ecx 0167:bff76991 e8f1640000 call bff7ce87 = KERNEL32.DLL:.text+0x3e87 0167:bff76996 58 pop eax 0167:bff76997 ebe4 jmp bff7697d = KERNEL32.DLL:_FREQASM+0x597d 0167:bff76999 64ff3500000000 push dword ptr fs:[00000000] 0167:bff769a0 55 push ebp 0167:bff769a1 8d4c2404 lea ecx,[esp+04] 0167:bff769a5 16 push ss -------------------- 013af728 bffc94c0 = KERNEL32.DLL:.data+0x4c0 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af72c 013af8e4 -> 14 f9 3a 01 a0 c8 f7 bf 88 5f 81 81 d1 00 00 00 ..:......_...... 013af730 bff769d5 = KERNEL32.DLL:_FREQASM+0x59d5 -------------------- 0167:bff769b3 e8e1ffffff call bff76999 = KERNEL32.DLL:_FREQASM+0x5999 0167:bff769b8 a1e09cfcbf mov eax,dword ptr [bffc9ce0] 0167:bff769bd 8b00 mov eax,dword ptr [eax] 0167:bff769bf 8b4878 mov ecx,dword ptr [eax+78] 0167:bff769c2 e304 jecxz bff769c8 = KERNEL32.DLL:_FREQASM+0x59c8 0167:bff769c4 83490420 or dword ptr [ecx+04],+20 0167:bff769c8 c3 retd 0167:bff769c9 a1e09cfcbf mov eax,dword ptr [bffc9ce0] 0167:bff769ce ff30 push dword ptr [eax] 0167:bff769d0 e875ffffff call bff7694a = KERNEL32.DLL:_FREQASM+0x594a KERNEL32.DLL:_FREQASM+0x59d5: *0167:bff769d5 c3 retd 0167:bff769d6 cc int 3 0167:bff769d7 cc int 3 0167:bff769d8 55 push ebp 0167:bff769d9 8bec mov ebp,esp 0167:bff769db 57 push edi 0167:bff769dc 53 push ebx 0167:bff769dd ff35109dfcbf push dword ptr [bffc9d10] 0167:bff769e3 e8ccd7ffff call bff741b4 = KERNEL32.DLL!97 0167:bff769e8 8b7d08 mov edi,dword ptr [ebp+08] 0167:bff769eb b904000000 mov ecx,00000004 -------------------- 013af734 818359c8 -> 07 00 00 00 d0 46 4f c1 d8 ea 3a 01 00 00 3b 01 .....FO...:...;. 013af738 bff7de32 = KERNEL32.DLL:.text+0x4e32 -------------------- 0167:bff7de07 ff75d8 push dword ptr [ebp-28] 0167:bff7de0a e825fd0100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter 0167:bff7de0f c3 retd 0167:bff7de10 8b65e8 mov esp,dword ptr [ebp-18] 0167:bff7de13 c745e401000000 mov dword ptr [ebp-1c],00000001 0167:bff7de1a 8d8564feffff lea eax,[ebp-0000019c] 0167:bff7de20 50 push eax 0167:bff7de21 e836d00200 call bffaae5c = KERNEL32.DLL:.text+0x31e5c 0167:bff7de26 c745fcffffffff mov dword ptr [ebp-04],ffffffff 0167:bff7de2d e8978bffff call bff769c9 = KERNEL32.DLL:_FREQASM+0x59c9 KERNEL32.DLL:.text+0x4e32: *0167:bff7de32 8b45dc mov eax,dword ptr [ebp-24] 0167:bff7de35 8020ef and byte ptr [eax],ef 0167:bff7de38 8b45e4 mov eax,dword ptr [ebp-1c] 0167:bff7de3b eb02 jmp bff7de3f = KERNEL32.DLL:.text+0x4e3f 0167:bff7de3d 33c0 xor eax,eax 0167:bff7de3f 8b4df0 mov ecx,dword ptr [ebp-10] 0167:bff7de42 5f pop edi 0167:bff7de43 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:bff7de4a 5e pop esi 0167:bff7de4b 5b pop ebx 0167:bff7de4c 8be5 mov esp,ebp -------------------- 013af73c 81835f84 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 013af740 81835f58 -> 00 58 83 81 cc 57 83 81 70 c1 82 81 00 00 00 00 .X...W..p....... 013af744 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 013af748 c14f31f0 -> 01 00 00 00 c8 59 83 81 e4 42 83 81 00 24 4f c1 .....Y...B...$O. 013af74c 0f0e0d0c 013af750 13121110 013af754 17161514 013af758 1b1a1918 013af75c 1f1e1d1c 013af760 23222120 013af764 27262524 013af768 00000001 013af76c 00000000 013af770 013af78c -> a4 f7 3a 01 28 b8 f7 bf ee 13 f7 bf 67 01 00 00 ..:.(.......g... 013af774 bff7b77b = KERNEL32.DLL:.text+0x277b -------------------- 0167:bff7b75c a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff7b761 8bec mov ebp,esp 0167:bff7b763 56 push esi 0167:bff7b764 50 push eax 0167:bff7b765 e84a8affff call bff741b4 = KERNEL32.DLL!97 0167:bff7b76a ff7514 push dword ptr [ebp+14] 0167:bff7b76d ff7510 push dword ptr [ebp+10] 0167:bff7b770 ff750c push dword ptr [ebp+0c] 0167:bff7b773 ff7508 push dword ptr [ebp+08] 0167:bff7b776 e890fdffff call bff7b50b = KERNEL32.DLL:.text+0x250b KERNEL32.DLL:.text+0x277b: *0167:bff7b77b 8bf0 mov esi,eax 0167:bff7b77d 85f6 test esi,esi 0167:bff7b77f 740a jz bff7b78b = KERNEL32.DLL:.text+0x278b 0167:bff7b781 f6451380 test byte ptr [ebp+13],80 0167:bff7b785 7404 jz bff7b78b = KERNEL32.DLL:.text+0x278b 0167:bff7b787 66ff4602 inc word ptr [esi+02] 0167:bff7b78b a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff7b790 50 push eax 0167:bff7b791 e8578affff call bff741ed = KERNEL32.DLL!98 0167:bff7b796 8bc6 mov eax,esi 0167:bff7b798 5e pop esi -------------------- 013af778 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013af77c bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af780 bff7b796 = KERNEL32.DLL:.text+0x2796 -------------------- 0167:bff7b776 e890fdffff call bff7b50b = KERNEL32.DLL:.text+0x250b 0167:bff7b77b 8bf0 mov esi,eax 0167:bff7b77d 85f6 test esi,esi 0167:bff7b77f 740a jz bff7b78b = KERNEL32.DLL:.text+0x278b 0167:bff7b781 f6451380 test byte ptr [ebp+13],80 0167:bff7b785 7404 jz bff7b78b = KERNEL32.DLL:.text+0x278b 0167:bff7b787 66ff4602 inc word ptr [esi+02] 0167:bff7b78b a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff7b790 50 push eax 0167:bff7b791 e8578affff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x2796: *0167:bff7b796 8bc6 mov eax,esi 0167:bff7b798 5e pop esi 0167:bff7b799 5d pop ebp 0167:bff7b79a c21000 retd 0010 0167:bff7b79d 55 push ebp 0167:bff7b79e 8bec mov ebp,esp 0167:bff7b7a0 53 push ebx 0167:bff7b7a1 56 push esi 0167:bff7b7a2 57 push edi 0167:bff7b7a3 33ff xor edi,edi 0167:bff7b7a5 837d1801 cmp dword ptr [ebp+18],+01 -------------------- 013af784 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af788 00000000 013af78c 013af7a4 -> 01 00 00 00 08 00 00 00 02 00 b8 00 00 00 06 60 ...............` 013af790 bff7b828 = KERNEL32.DLL:.text+0x2828 -------------------- 0167:bff7b80b 5b pop ebx 0167:bff7b80c c20800 retd 0008 0167:bff7b80f 55 push ebp 0167:bff7b810 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff7b815 8bec mov ebp,esp 0167:bff7b817 ff742410 push dword ptr [esp+10] 0167:bff7b81b ff750c push dword ptr [ebp+0c] 0167:bff7b81e ff7508 push dword ptr [ebp+08] 0167:bff7b821 ff30 push dword ptr [eax] 0167:bff7b823 e833ffffff call bff7b75b = KERNEL32.DLL:.text+0x275b KERNEL32.DLL:.text+0x2828: *0167:bff7b828 5d pop ebp 0167:bff7b829 c20c00 retd 000c 0167:bff7b82c 55 push ebp 0167:bff7b82d 8bec mov ebp,esp 0167:bff7b82f 50 push eax 0167:bff7b830 a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff7b835 50 push eax 0167:bff7b836 e87989ffff call bff741b4 = KERNEL32.DLL!97 0167:bff7b83b ff7508 push dword ptr [ebp+08] 0167:bff7b83e e8d1fdffff call bff7b614 = KERNEL32.DLL:.text+0x2614 0167:bff7b843 a1109dfcbf mov eax,dword ptr [bffc9d10] -------------------- 013af794 bff713ee = KERNEL32.DLL:_FREQASM+0x3ee -------------------- 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3ee: *0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 0167:bff71414 55 push ebp 0167:bff71415 53 push ebx -------------------- 013af798 00000167 013af79c bff7ead5 = KERNEL32.DLL:.text+0x5ad5 -------------------- 0167:bff7eab8 8b354c95fcbf mov esi,dword ptr [bffc954c] 0167:bff7eabe b801000000 mov eax,00000001 0167:bff7eac3 85db test ebx,ebx 0167:bff7eac5 740e jz bff7ead5 = KERNEL32.DLL:.text+0x5ad5 0167:bff7eac7 ff7518 push dword ptr [ebp+18] 0167:bff7eaca ff75fc push dword ptr [ebp-04] 0167:bff7eacd 56 push esi 0167:bff7eace 53 push ebx 0167:bff7eacf ff75f8 push dword ptr [ebp-08] 0167:bff7ead2 ff551c call dword ptr [ebp+1c] KERNEL32.DLL:.text+0x5ad5: *0167:bff7ead5 85c0 test eax,eax 0167:bff7ead7 7420 jz bff7eaf9 = KERNEL32.DLL:.text+0x5af9 0167:bff7ead9 83e707 and edi,+07 0167:bff7eadc 741b jz bff7eaf9 = KERNEL32.DLL:.text+0x5af9 0167:bff7eade c1e710 shl edi,10 0167:bff7eae1 015dfc add dword ptr [ebp-04],ebx 0167:bff7eae4 097dfc or dword ptr [ebp-04],edi 0167:bff7eae7 015df8 add dword ptr [ebp-08],ebx 0167:bff7eaea ff7518 push dword ptr [ebp+18] 0167:bff7eaed ff75fc push dword ptr [ebp-04] 0167:bff7eaf0 56 push esi -------------------- 013af7a0 00076281 013af7a4 00000001 013af7a8 00000008 013af7ac 00b80002 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af7b0 60060000 013af7b4 00000000 013af7b8 76281000 = WININET.DLL:.text+0x0 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 013af7bc 81816080 -> 2e 74 65 78 74 00 00 00 68 d3 05 00 00 10 00 00 .text...h....... 013af7c0 00076281 013af7c4 00b80002 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af7c8 013af818 -> c4 00 00 00 4c f8 3a 01 02 00 00 00 00 00 00 00 ....L.:......... 013af7cc bff88698 = KERNEL32.DLL:.text+0xf698 -------------------- 0167:bff8867e 8b4324 mov eax,dword ptr [ebx+24] 0167:bff88681 0d00000080 or eax,80000000 0167:bff88686 50 push eax 0167:bff88687 51 push ecx 0167:bff88688 8b4314 mov eax,dword ptr [ebx+14] 0167:bff8868b 0345f8 add eax,dword ptr [ebp-08] 0167:bff8868e 50 push eax 0167:bff8868f 56 push esi 0167:bff88690 ff7508 push dword ptr [ebp+08] 0167:bff88693 e88f63ffff call bff7ea27 = KERNEL32.DLL:.text+0x5a27 KERNEL32.DLL:.text+0xf698: *0167:bff88698 85c0 test eax,eax 0167:bff8869a 7409 jz bff886a5 = KERNEL32.DLL:.text+0xf6a5 0167:bff8869c c745fc01000000 mov dword ptr [ebp-04],00000001 0167:bff886a3 eb07 jmp bff886ac = KERNEL32.DLL:.text+0xf6ac 0167:bff886a5 c745fc00000000 mov dword ptr [ebp-04],00000000 0167:bff886ac 85ff test edi,edi 0167:bff886ae 7418 jz bff886c8 = KERNEL32.DLL:.text+0xf6c8 0167:bff886b0 837dfc00 cmp dword ptr [ebp-04],+00 0167:bff886b4 740c jz bff886c2 = KERNEL32.DLL:.text+0xf6c2 0167:bff886b6 6800100000 push 00001000 0167:bff886bb 57 push edi -------------------- 013af7d0 c14f0017 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af7d4 76281000 = WININET.DLL:.text+0x0 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 013af7d8 013afa69 -> 00 00 00 cc 6e 83 81 f7 41 f7 bf 90 94 fc bf 3d ....n...A......= 013af7dc 0000005f 013af7e0 60060000 013af7e4 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 0167:bff713c5 c20400 retd 0004 0167:bff713c8 33c0 xor eax,eax 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3e2: *0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 013af7e8 00076281 013af7ec 013af86c -> dd 62 07 00 81 62 07 00 00 00 00 00 00 00 00 00 .b...b.......... 013af7f0 00076281 013af7f4 76281000 = WININET.DLL:.text+0x0 -> b2 a3 bd 70 00 2b be 70 f6 1c bd 70 af 43 bd 70 ...p.+.p...p.C.p 013af7f8 76280000 = WININET.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013af7fc 00000001 013af800 00061000 013af804 00001000 013af808 00000004 013af80c 00020000 013af810 00000000 013af814 762dd390 = WININET.DLL:.text+0x5c390 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af818 000000c4 013af81c 013af84c -> f0 f8 3a 01 01 00 00 00 7c 3b 81 81 0f 3b f8 bf ..:.....|;...;.. 013af820 00000002 013af824 00000000 ... 013af844 70c09b20 = SHLWAPI.DLL:.text+0x38b20 -> 00 00 00 00 91 20 17 37 00 00 00 00 ea ac 03 00 ..... .7........ 013af848 000000c4 013af84c 013af8f0 -> d1 00 00 00 e4 42 83 81 00 00 00 00 00 00 28 76 .....B........(v 013af850 00000001 013af854 81813b7c -> 50 45 00 00 4c 01 04 00 3e 63 17 37 00 00 00 00 PE..L...>c.7.... 013af858 bff83b0f = KERNEL32.DLL:.text+0xab0f -------------------- 0167:bff83aee 8945d8 mov dword ptr [ebp-28],eax 0167:bff83af1 0f86a1010000 jbe bff83c98 = KERNEL32.DLL:.text+0xac98 0167:bff83af7 8b4508 mov eax,dword ptr [ebp+08] 0167:bff83afa 83c01c add eax,+1c 0167:bff83afd 8945b4 mov dword ptr [ebp-4c],eax 0167:bff83b00 8b45b4 mov eax,dword ptr [ebp-4c] 0167:bff83b03 8b30 mov esi,dword ptr [eax] 0167:bff83b05 668b4e10 mov cx,word ptr [esi+10] 0167:bff83b09 51 push ecx 0167:bff83b0a e803a4ffff call bff7df12 = KERNEL32.DLL:.text+0x4f12 KERNEL32.DLL:.text+0xab0f: *0167:bff83b0f 8945e0 mov dword ptr [ebp-20],eax 0167:bff83b12 8b45e4 mov eax,dword ptr [ebp-1c] 0167:bff83b15 83c004 add eax,+04 0167:bff83b18 8945c0 mov dword ptr [ebp-40],eax 0167:bff83b1b 8b00 mov eax,dword ptr [eax] 0167:bff83b1d 85c0 test eax,eax 0167:bff83b1f 7424 jz bff83b45 = KERNEL32.DLL:.text+0xab45 0167:bff83b21 8b4de0 mov ecx,dword ptr [ebp-20] 0167:bff83b24 394108 cmp dword ptr [ecx+08],eax 0167:bff83b27 751c jnz bff83b45 = KERNEL32.DLL:.text+0xab45 0167:bff83b29 8b0d249cfcbf mov ecx,dword ptr [bffc9c24] -------------------- 013af85c 00000003 013af860 81835f58 -> 00 58 83 81 cc 57 83 81 70 c1 82 81 00 00 00 00 .X...W..p....... 013af864 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 013af868 00000004 013af86c 000762dd 013af870 00076281 013af874 00000000 ... 013af894 00076281 013af898 81834b30 -> c8 4a 83 81 f8 4a 83 81 5c 4e 82 81 78 6a 83 81 .J...J..\N..xj.. 013af89c 81835f74 -> 30 4b 83 81 00 4a 83 81 24 4a 83 81 9c 4a 83 81 0K...J..$J...J.. 013af8a0 81810f08 -> 00 00 00 00 88 5f 81 81 ff ff ff ff 48 0f 81 81 ....._......H... 013af8a4 81835f84 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 013af8a8 81835f6c -> 08 02 04 00 e4 42 83 81 30 4b 83 81 00 4a 83 81 .....B..0K...J.. 013af8ac 70be0a9c = SHLWAPI.DLL!StrCatBuffA -> 55 8b ec 56 8b 75 08 33 c9 8b c6 38 0e 74 08 40 U..V.u.3...8.t.@ 013af8b0 762dffff = WININET.DLL:.data+0xfff -> 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ................ 013af8b4 76281304 = WININET.DLL:.text+0x304 -> 55 8b ec 53 56 8b 75 0c 57 6a 01 5f 3b f7 74 4f U..SV.u.Wj._;.tO 013af8b8 00000001 013af8bc 81815fbc -> 00 00 28 76 00 10 00 00 00 10 00 00 05 00 00 00 ..(v............ 013af8c0 81835a0c -> 08 00 00 00 03 01 00 00 e7 2e 00 00 00 00 00 00 ................ 013af8c4 00000000 ... 013af8cc 013af73c -> 84 5f 83 81 58 5f 83 81 6c 5f 83 81 f0 31 4f c1 ._..X_..l_...1O. 013af8d0 8180ce74 -> 50 45 00 00 4c 01 05 00 cd a1 20 37 00 00 00 00 PE..L..... 7.... 013af8d4 013afc4c -> 01 00 00 00 b4 05 fc bf 0c 5a 83 81 00 00 00 00 .........Z...... 013af8d8 bffc05b4 = KERNEL32.DLL:.text+0x475b4 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 013af8dc 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... ... 013af8e4 013af914 -> 90 fa 3a 01 f7 41 f7 bf 44 43 83 81 ec 03 f8 bf ..:..A..DC...... 013af8e8 bff7c8a0 = KERNEL32.DLL:.text+0x38a0 -------------------- 0167:bff7c883 5d pop ebp 0167:bff7c884 c20c00 retd 000c 0167:bff7c887 8b45ec mov eax,dword ptr [ebp-14] 0167:bff7c88a 8b75fc mov esi,dword ptr [ebp-04] 0167:bff7c88d 8b55f8 mov edx,dword ptr [ebp-08] 0167:bff7c890 0fbf0470 movsx eax,word ptr [eax+esi*2] 0167:bff7c894 034210 add eax,dword ptr [edx+10] 0167:bff7c897 50 push eax 0167:bff7c898 ff7508 push dword ptr [ebp+08] 0167:bff7c89b e85ffdffff call bff7c5ff = KERNEL32.DLL:.text+0x35ff KERNEL32.DLL:.text+0x38a0: *0167:bff7c8a0 ebdc jmp bff7c87e = KERNEL32.DLL:.text+0x387e 0167:bff7c8a2 ff74240c push dword ptr [esp+0c] 0167:bff7c8a6 ff74240c push dword ptr [esp+0c] 0167:bff7c8aa ff74240c push dword ptr [esp+0c] 0167:bff7c8ae e853d20100 call bff99b06 = KERNEL32.DLL:.text+0x20b06 0167:bff7c8b3 3d01000040 cmp eax,40000001 0167:bff7c8b8 74e8 jz bff7c8a2 = KERNEL32.DLL:.text+0x38a2 0167:bff7c8ba c20c00 retd 000c 0167:bff7c8bd 6a00 push +00 0167:bff7c8bf ff74240c push dword ptr [esp+0c] 0167:bff7c8c3 ff74240c push dword ptr [esp+0c] -------------------- 013af8ec 81815f88 -> 50 45 00 00 4c 01 04 00 2f a2 20 37 00 00 00 00 PE..L.../. 7.... 013af8f0 000000d1 013af8f4 818342e4 -> 06 00 06 00 c0 23 4f c1 00 00 00 00 00 00 00 00 .....#O......... 013af8f8 00000000 013af8fc 76280000 = WININET.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013af900 762dbed0 = WININET.DLL:.text+0x5aed0 -> 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 ................ 013af904 762dbb90 = WININET.DLL:.text+0x5ab90 -> cd c0 05 00 e2 c0 05 00 f7 c0 05 00 10 c1 05 00 ................ 013af908 0000005f 013af90c 762db800 = WININET.DLL:.text+0x5a800 -> 00 00 00 00 a3 28 17 37 00 00 00 00 70 c0 05 00 .....(.7....p... 013af910 0000005f 013af914 013afa90 -> b2 30 00 76 f7 41 f7 bf c9 59 83 81 f3 68 f7 bf .0.v.A...Y...h.. 013af918 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013af91c 81834344 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af920 bff803ec = KERNEL32.DLL:.text+0x73ec -------------------- 0167:bff803cf 740b jz bff803dc = KERNEL32.DLL:.text+0x73dc 0167:bff803d1 85f6 test esi,esi 0167:bff803d3 7507 jnz bff803dc = KERNEL32.DLL:.text+0x73dc 0167:bff803d5 6a7f push +7f 0167:bff803d7 e8c4c5ffff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff803dc a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff803e1 8b00 mov eax,dword ptr [eax] 0167:bff803e3 83c060 add eax,+60 0167:bff803e6 50 push eax 0167:bff803e7 e8013effff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:.text+0x73ec: *0167:bff803ec 8bc6 mov eax,esi 0167:bff803ee 5f pop edi 0167:bff803ef 5e pop esi 0167:bff803f0 5b pop ebx 0167:bff803f1 c20800 retd 0008 0167:bff803f4 56 push esi 0167:bff803f5 57 push edi 0167:bff803f6 68a095fcbf push bffc95a0 0167:bff803fb e8b43dffff call bff741b4 = KERNEL32.DLL!97 0167:bff80400 833db098fcbf00 cmp dword ptr [bffc98b0],+00 0167:bff80407 7523 jnz bff8042c = KERNEL32.DLL:.text+0x742c -------------------- 013af924 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2 -------------------- 0167:bff713c5 c20400 retd 0004 0167:bff713c8 33c0 xor eax,eax 0167:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3 0167:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8 0167:bff713d4 8b442404 mov eax,dword ptr [esp+04] 0167:bff713d8 8f0424 pop dword ptr [esp] 0167:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734] KERNEL32.DLL:_FREQASM+0x3e2: *0167:bff713e2 b801000100 mov eax,00010001 0167:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713ee b843002a00 mov eax,002a0043 0167:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734] 0167:bff713fa 83c414 add esp,+14 0167:bff713fd 0fb7c8 movzx ecx,ax 0167:bff71400 0fa4d310 shld ebx,edx,10 0167:bff71404 c0e302 shl bl,02 0167:bff71407 6681ea0010 sub dx,1000 0167:bff7140c 0fbfc2 movsx eax,dx 0167:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5 -------------------- 013af928 00000167 013af92c bfe8165f = ADVAPI32.DLL:.text+0x65f -------------------- 0167:bfe81641 c21800 retd 0018 0167:bfe81644 56 push esi 0167:bfe81645 8b742408 mov esi,dword ptr [esp+08] 0167:bfe81649 56 push esi 0167:bfe8164a e8defcffff call bfe8132d = ADVAPI32.DLL:.text+0x32d 0167:bfe8164f 85c0 test eax,eax 0167:bfe81651 740e jz bfe81661 = ADVAPI32.DLL:.text+0x661 0167:bfe81653 56 push esi 0167:bfe81654 6813000100 push 00010013 0167:bfe81659 ff15d8d0e8bf call dword ptr [bfe8d0d8] -> KERNEL32.DLL!1 ADVAPI32.DLL:.text+0x65f: *0167:bfe8165f eb18 jmp bfe81679 = ADVAPI32.DLL:.text+0x679 0167:bfe81661 6894c0e8bf push bfe8c094 0167:bfe81666 e8dcfcffff call bfe81347 = ADVAPI32.DLL:.text+0x347 0167:bfe8166b 85c0 test eax,eax 0167:bfe8166d 7405 jz bfe81674 = ADVAPI32.DLL:.text+0x674 0167:bfe8166f 56 push esi 0167:bfe81670 ffd0 call eax 0167:bfe81672 eb05 jmp bfe81679 = ADVAPI32.DLL:.text+0x679 0167:bfe81674 b85a040000 mov eax,0000045a 0167:bfe81679 5e pop esi 0167:bfe8167a c20400 retd 0004 -------------------- 013af930 c29e54c0 -> 00 00 00 00 00 00 00 00 a0 13 9a c2 b0 0a 00 00 ................ 013af934 bff773a9 = KERNEL32.DLL!lstrlen -------------------- 0167:bff7738d ff7024 push dword ptr [eax+24] 0167:bff77390 ff7020 push dword ptr [eax+20] 0167:bff77393 e8469effff call bff711de = KERNEL32.DLL:_FREQASM+0x1de 0167:bff77398 648f0500000000 pop dword ptr fs:[00000000] 0167:bff7739f 83c408 add esp,+08 0167:bff773a2 5d pop ebp 0167:bff773a3 5f pop edi 0167:bff773a4 5e pop esi 0167:bff773a5 5b pop ebx 0167:bff773a6 c20800 retd 0008 KERNEL32.DLL!lstrlen: *0167:bff773a9 53 push ebx 0167:bff773aa 56 push esi 0167:bff773ab 57 push edi 0167:bff773ac 55 push ebp 0167:bff773ad 68f1000000 push 000000f1 0167:bff773b2 68671dfabf push bffa1d67 0167:bff773b7 64ff3500000000 push dword ptr fs:[00000000] 0167:bff773be 64892500000000 mov dword ptr fs:[00000000],esp 0167:bff773c5 8bc4 mov eax,esp 0167:bff773c7 ff7020 push dword ptr [eax+20] 0167:bff773ca e8a19dffff call bff71170 = KERNEL32.DLL:_FREQASM+0x170 -------------------- 013af938 76002233 = WS2_32.DLL:.text+0x1233 -------------------- 0167:76002212 1588f20076 adc eax,7600f288 0167:76002217 3bc7 cmp eax,edi 0167:76002219 a304d40076 mov dword ptr [7600d404],eax 0167:7600221e 7405 jz 76002225 = WS2_32.DLL:.text+0x1225 0167:76002220 6a01 push +01 0167:76002222 5f pop edi 0167:76002223 eb05 jmp 7600222a = WS2_32.DLL:.text+0x122a 0167:76002225 e80f000000 call 76002239 = WS2_32.DLL:.text+0x1239 0167:7600222a ff75fc push dword ptr [ebp-04] 0167:7600222d ff151cf20076 call dword ptr [7600f21c] -> ADVAPI32.DLL!RegCloseKey WS2_32.DLL:.text+0x1233: *0167:76002233 5e pop esi 0167:76002234 8bc7 mov eax,edi 0167:76002236 5f pop edi 0167:76002237 c9 leave 0167:76002238 c3 retd 0167:76002239 a100d40076 mov eax,dword ptr [7600d400] 0167:7600223e 85c0 test eax,eax 0167:76002240 7415 jz 76002257 = WS2_32.DLL:.text+0x1257 0167:76002242 50 push eax 0167:76002243 ff154cf20076 call dword ptr [7600f24c] -> KERNEL32.DLL!FreeLibrary 0167:76002249 832500d4007600 and dword ptr [7600d400],+00 -------------------- 013af93c c29e54c0 -> 00 00 00 00 00 00 00 00 a0 13 9a c2 b0 0a 00 00 ................ 013af940 76000000 = WS2_32.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013af944 00000000 013af948 696e6977 013af94c 2e74656e 013af950 006c6c64 013af954 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013af958 00000000 013af95c 00000004 013af960 0000c000 013af964 4e52454b 013af968 32334c45 013af96c 4c4c442e 013af970 33323100 013af974 37363534 013af978 3b3a3938 013af97c 3f3e3d3c 013af980 43424140 013af984 47464544 013af988 4b4a4948 013af98c 4f4e4d4c 013af990 53525150 013af994 57565554 013af998 5b5a5958 013af99c 5f5e5d5c 013af9a0 63626160 013af9a4 013af9e4 -> c8 6e 83 81 24 00 00 00 a0 a3 f7 bf 00 b0 80 81 .n..$........... 013af9a8 013afa50 -> f7 41 f7 bf 00 fc 82 81 84 fa 3a 01 cc 2a f9 bf .A........:..*.. 013af9ac 00000b65 013af9b0 ce9d5222 -> 20 07 20 07 20 07 20 07 20 07 20 07 20 07 20 07 . . . . . . . . 013af9b4 b2f147b6 013af9b8 00002327 013af9bc 00000001 013af9c0 013af9e4 -> c8 6e 83 81 24 00 00 00 a0 a3 f7 bf 00 b0 80 81 .n..$........... 013af9c4 bff9e539 = KERNEL32.DLL:.text+0x25539 -------------------- 0167:bff9e519 ff750c push dword ptr [ebp+0c] 0167:bff9e51c 52 push edx 0167:bff9e51d 8945f8 mov dword ptr [ebp-08],eax 0167:bff9e520 ff75f8 push dword ptr [ebp-08] 0167:bff9e523 e82485fdff call bff76a4c = KERNEL32.DLL!72 0167:bff9e528 6810270000 push 00002710 0167:bff9e52d 8945f8 mov dword ptr [ebp-08],eax 0167:bff9e530 52 push edx 0167:bff9e531 ff75f8 push dword ptr [ebp-08] 0167:bff9e534 e8c385fdff call bff76afc = KERNEL32.DLL!78 KERNEL32.DLL:.text+0x25539: *0167:bff9e539 8b4d10 mov ecx,dword ptr [ebp+10] 0167:bff9e53c 8901 mov dword ptr [ecx],eax 0167:bff9e53e 895104 mov dword ptr [ecx+04],edx 0167:bff9e541 8be5 mov esp,ebp 0167:bff9e543 5d pop ebp 0167:bff9e544 c20c00 retd 000c 0167:bff9e547 55 push ebp 0167:bff9e548 8b4c2408 mov ecx,dword ptr [esp+08] 0167:bff9e54c 668b01 mov ax,word ptr [ecx] 0167:bff9e54f 8bec mov ebp,esp 0167:bff9e551 668b5102 mov dx,word ptr [ecx+02] -------------------- 013af9c8 e661a17c 013af9cc 00000ba7 013af9d0 00002710 013af9d4 e661a17c 013af9d8 00000000 013af9dc 013afa1c -> 00 b0 80 81 ec 6e 83 81 40 00 00 00 00 00 00 00 .....n..@....... 013af9e0 000d3118 013af9e4 81836ec8 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 013af9e8 00000024 013af9ec bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 013af9f0 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 013af9f4 013afa34 -> f0 31 4f c1 5c fa 3a 01 0e a1 f7 bf 67 a5 f7 bf .1O.\.:.....g... 013af9f8 000d3108 013af9fc 81836eec -> 10 00 00 a0 00 fc 82 81 00 fc 82 81 00 fc 82 81 ................ 013afa00 00000010 013afa04 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 013afa08 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 013afa0c 81836efc -> 2c 02 00 a0 07 00 00 00 10 95 4c c1 ec fb 77 00 ,.........L...w. 013afa10 000d3108 013afa14 00000000 013afa18 8180b00c -> 01 00 00 a0 1c b0 80 81 14 74 83 81 80 00 00 00 .........t...... 013afa1c 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 013afa20 81836eec -> 10 00 00 a0 00 fc 82 81 00 fc 82 81 00 fc 82 81 ................ 013afa24 00000040 013afa28 00000000 013afa2c 8180b050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013afa30 8180b00c -> 01 00 00 a0 1c b0 80 81 14 74 83 81 80 00 00 00 .........t...... 013afa34 c14f31f0 -> 01 00 00 00 c8 59 83 81 e4 42 83 81 00 24 4f c1 .....Y...B...$O. 013afa38 013afa5c -> cc 2a f9 bf f0 6e 83 81 00 fc 82 81 00 00 00 00 .*...n.......... 013afa3c bff7a10e = KERNEL32.DLL:.text+0x110e -------------------- 0167:bff7a0ea fa cli 0167:bff7a0eb bf4ec3fabf mov edi,bffac34e 0167:bff7a0f0 8b442404 mov eax,dword ptr [esp+04] 0167:bff7a0f4 0fb64870 movzx ecx,byte ptr [eax+70] 0167:bff7a0f8 0b4c2408 or ecx,dword ptr [esp+08] 0167:bff7a0fc f6c101 test cl,01 0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e 0167:bff7a101 ff704c push dword ptr [eax+4c] 0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee 0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c KERNEL32.DLL:.text+0x110e: *0167:bff7a10e c20800 retd 0008 0167:bff7a111 53 push ebx 0167:bff7a112 56 push esi 0167:bff7a113 8b742410 mov esi,dword ptr [esp+10] 0167:bff7a117 57 push edi 0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18] 0167:bff7a11c 55 push ebp 0167:bff7a11d ba00001000 mov edx,00100000 0167:bff7a122 8d1c3e lea ebx,[esi+edi] 0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a127 a801 test al,01 -------------------- 013afa40 bff7a567 = KERNEL32.DLL:.text+0x1567 -------------------- 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x1567: *0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 0167:bff7a56e e82d240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a573 eb18 jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a575 6a08 push +08 0167:bff7a577 e824240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a57c eb0f jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a57e 6a10 push +10 0167:bff7a580 ff75fc push dword ptr [ebp-04] 0167:bff7a583 680a000100 push 0001000a -------------------- 013afa44 8180b000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 013afa48 00000040 013afa4c 00000000 013afa50 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013afa54 8182fc00 -> 00 00 00 00 00 00 00 00 e4 42 83 81 00 00 00 00 .........B...... 013afa58 013afa84 -> 5c fc 3a 01 49 16 00 76 01 00 00 00 b2 30 00 76 \.:.I..v.....0.v 013afa5c bff92acc = KERNEL32.DLL:.text+0x19acc -------------------- 0167:bff92aac e843d9feff call bff803f4 = KERNEL32.DLL:.text+0x73f4 0167:bff92ab1 8bf0 mov esi,eax 0167:bff92ab3 85f6 test esi,esi 0167:bff92ab5 7415 jz bff92acc = KERNEL32.DLL:.text+0x19acc 0167:bff92ab7 ff742410 push dword ptr [esp+10] 0167:bff92abb 56 push esi 0167:bff92abc ff742410 push dword ptr [esp+10] 0167:bff92ac0 8b442418 mov eax,dword ptr [esp+18] 0167:bff92ac4 894608 mov dword ptr [esi+08],eax 0167:bff92ac7 e88ed9feff call bff8045a = KERNEL32.DLL:.text+0x745a KERNEL32.DLL:.text+0x19acc: *0167:bff92acc 8bc6 mov eax,esi 0167:bff92ace 5e pop esi 0167:bff92acf c20c00 retd 000c 0167:bff92ad2 ff742404 push dword ptr [esp+04] 0167:bff92ad6 e80c16ffff call bff840e7 = KERNEL32.DLL:.text+0xb0e7 0167:bff92adb 85c0 test eax,eax 0167:bff92add 7406 jz bff92ae5 = KERNEL32.DLL:.text+0x19ae5 0167:bff92adf 50 push eax 0167:bff92ae0 e8e0c8feff call bff7f3c5 = KERNEL32.DLL:.text+0x63c5 0167:bff92ae5 c20400 retd 0004 0167:bff92ae8 55 push ebp -------------------- 013afa60 81836ef0 -> 00 fc 82 81 00 fc 82 81 00 fc 82 81 2c 02 00 a0 ............,... 013afa64 8182fc00 -> 00 00 00 00 00 00 00 00 e4 42 83 81 00 00 00 00 .........B...... 013afa68 00000000 013afa6c 81836ecc -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013afa70 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 013afa74 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013afa78 bff8433d = KERNEL32.DLL:.text+0xb33d -------------------- 0167:bff8431f c60004 mov byte ptr [eax],04 0167:bff84322 8b4508 mov eax,dword ptr [ebp+08] 0167:bff84325 89461c mov dword ptr [esi+1c],eax 0167:bff84328 eb08 jmp bff84332 = KERNEL32.DLL:.text+0xb332 0167:bff8432a 56 push esi 0167:bff8432b e82b4f0000 call bff8925b = KERNEL32.DLL:.text+0x1025b 0167:bff84330 33f6 xor esi,esi 0167:bff84332 a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff84337 50 push eax 0167:bff84338 e8b0fefeff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:.text+0xb33d: *0167:bff8433d 33c0 xor eax,eax 0167:bff8433f 85f6 test esi,esi 0167:bff84341 750d jnz bff84350 = KERNEL32.DLL:.text+0xb350 0167:bff84343 50 push eax 0167:bff84344 50 push eax 0167:bff84345 50 push eax 0167:bff84346 68050000c0 push c0000005 0167:bff8434b e88324ffff call bff767d3 = KERNEL32.DLL:_FREQASM+0x57d3 0167:bff84350 5e pop esi 0167:bff84351 5d pop ebp 0167:bff84352 c20400 retd 0004 -------------------- 013afa7c bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 013afa80 76000000 = WS2_32.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 013afa84 013afc5c -> 00 00 00 00 d0 fa 3a 01 90 94 fc bf bc ff 3a 01 ......:.......:. 013afa88 76001649 = WS2_32.DLL:.text+0x649 -------------------- 0167:7600162c 8bc3 mov eax,ebx 0167:7600162e 5f pop edi 0167:7600162f 5e pop esi 0167:76001630 5b pop ebx 0167:76001631 c9 leave 0167:76001632 c20c00 retd 000c 0167:76001635 8b442404 mov eax,dword ptr [esp+04] 0167:76001639 68d8e30076 push 7600e3d8 0167:7600163e a3fce30076 mov dword ptr [7600e3fc],eax 0167:76001643 ff1538f20076 call dword ptr [7600f238] -> KERNEL32.DLL!InitializeCriticalSection WS2_32.DLL:.text+0x649: *0167:76001649 6a01 push +01 0167:7600164b 58 pop eax 0167:7600164c c3 retd 0167:7600164d 68d8e30076 push 7600e3d8 0167:76001652 ff153cf20076 call dword ptr [7600f23c] -> KERNEL32.DLL!DeleteCriticalSection 0167:76001658 c3 retd 0167:76001659 51 push ecx 0167:7600165a 51 push ecx 0167:7600165b 53 push ebx 0167:7600165c 33db xor ebx,ebx 0167:7600165e 391df0e30076 cmp dword ptr [7600e3f0],ebx -------------------- 013afa8c 00000001 013afa90 760030b2 = WS2_32.DLL:.text+0x20b2 -------------------- 0167:7